Archive for the “Webserver” Category

Somedays it’s really hard to come along with Linux, it’s apps and tools. Recently I’ve tried to use AuthMySQL for authentication within a certain webfolder. To reach this, many trails and even more errors were needed :( .

The first point was to configure the module correctly, which isn’t that easy, as no post tells which version of AuthMySQL is used nor that there are two of them out, additionally it seems that the module can handle at least partially both directives, but later more.
I’ve searched quickly for some resources about how to configure AuthMySQL, some of the commands worked other didn’t. After several tries with extensive watching the apache error.log I finally managed to get the authentication running, upto the point of the used Encryption. The first try was to use MD5, but sadly the module did not support that value, although somewhere was talked about it (later I encountered it was for the other module). No Problem there’s another MD5 Setting, let’s switch to that one (Crypt_MD5), now AuthMySQL was working, but didn’t accepted the login details. A google search later I discovered that Crypt_MD5 uses a default Salt of 12 signs (or so) to encrypt the passwords, but my password is encrypted with md5, so no way to get it working. After a few searches why md5 isn’t working with my version of the module I found that forum entry which revealed that there are two modules out, which offer Authentication through MySQL.
But as I already supposed Debian doesn’t offer a package for the other module or I didn’t find it, anyway I got to the website of the other module and downloaded it’s source code. A fast lookup on howto compile and install modules for apache showed that I need to run apxs. But for my debian install the application wasn’t installed, you need to get some apache-dev package to install apxs. A few minutes later I’ve got a matching package and installed it. Next problem: while compiling apxs throws an error 65536, but luckily I found soon an patch, in this blog entry a patch is supplied so that the module was successful compiled under my linux installation.
The needed renaming of the module directives was done quickly and finally I got the authentication through MySQL working.
Alltogether it took a few hours to get that simple job working, anyway I’ve increased my knowledge about Apache and Linux, which isn’t that bad :)
Maybe this post will help the one or other to solve his problems quicker, as it contains quite well condensed errors and their solution.
If you want to use AuthMySQL get this version as it supplies in my eyes the best functionality. The easiest way to differ both versions is that one requires underlines within the directives and the other one doesn’t (the one which is linked).

Tags: none

Tags: apache, apxs, authentication, authMySQL, error 65536

Comments 1 Comment »

If you need to extract all mails from a single mbox file to seperate .eml files, take a look at this tool. I had recently the need to do so, and this tool was just perfect for it. It lets you choose which files to extract from mbox to .eml. In order to import a normal GNU/Linux (any *nix?) mbox into the tool, you need to set as file-ending .mbx. The Only restriction is that it can only handle western character sets, but not sure if that’s a big problem, aren’t most Emails still in latin?
To run the tool you need to have installed JavaRuntime 1.2 or higher

Tags: none
Tags: converter, eml, howto, mbox

Comments No Comments »

That’s maybe some common Error you’re receiving, when you’re new to find and the exec parameter. So I encountered the Problem as well.
After a short research within the man page of find the problem was found: ‘;‘ needs to be escaped with a Backslash ‘\‘. The look over to my commandline just showed that this was already the case. Now the internet was asked and most results just reveal the same thing: escape the ; with a Backslash.

Some hits later I found a german page where they told that it’s even required that the ‘\;‘ is separated from the previous commands with a space ‘ \;‘. So it’s not enough to write -exec command ‘{}\;‘ it needs to be -exec command ‘{} \;‘ . Well from my point of view some mistake which can be fast overseen, even more if you suppose that ‘{}\;‘ should work out nicely as it’s something which occurs often or everytime within the exec(at least these groups of signs).

Just something new learnt, and hopefully for a few people less headache.

Tags: none
Tags: -exec, find

Comments 3 Comments »

As you surely recognized from php-ids.org and BlogSecurity.net already I made a new release of WPIDS. This release fixes several problems with the usability of WordPress, further it fixes some internal bugs and WPIDs comes now with HTML Purifier.

At least one minor release is supposed to happen before entering v.2.0 of WPIDS, as some Problems were reported for the current version. The upcoming Version .2 will be completely rewritten. It will offer more granular Option settings than before, it will give you more information and a much better Documentation will take place as well.

If someone is interested into Beta Testing the latest Version feel free to contact me.

Tags: none
Tags: WPIDS

Comments 2 Comments »

I never thought about such an step by myself, maybe as I never encountered such a thing upto date.
But if you run your own Webspace you should never steal any ones content or bandwidth. Then as soon as he notice it you can get some real problems, maybe he starts a lawsuite against yours(you maybe ignored some copyright laws, you caused some additional costs for him(bandwidth)). What does happen if he simply replaces the content/redirects your website to something which does harm your visitors, or does blame you?

On the Following WordPress Topic you’ll can read that someone linked to some JS of Website_A. This JS is the Output of some public free available WP Plugin, the JS code even mentions that it’s generated by some Plugin. But somehow the owner of Website_B was too lazy, or wanted to save some bandwidth that he simply linked to this JS file, on Website_A.
After the owner of Website_A recognized that someone was stealing his Bandwidth he created some mod_Rewrite Rule which redirected the Request from this JS to some other JS file, which contained an alertbox which appeared in front of the Visitor and told him that this Website steals some Traffic from another one. After one month the owner of Website_B discovered that JS change and removed the JS.

But it’s important to say that theoretically the owner of Website_A could have written any JS code into that file. So he could steal some Cookies of the Users of Website_B or anything else he would like, he could even start some Phishing attack.
The owner of Website_B made his website vulnerable because he was to lazy to get the script itself.

Every good Webmaster/Site owner does not steal any content, as this is unethical and maybe more important dangerous!

Tags: none
Tags: mod_Rewrite, Steal, Webmaster, Wordpress

Comments 1 Comment »

It taked me ages to get my server updated to PHP5. I’ve tried multiple ways to get it working as well compiling the sources itself…(Yeah I’m quite new to Linux and it’s install behaves and blame me if you like, but I like the easy way not the hard one)
But I got none working except I found today that post, it’s quite short but it is totally enough. I’ve got everything I need to run my PHP now under the Version 5.
Ok it wasn’t exactly as in the Post stated, I had to install as well php5-mysql, to get the database running again and I didn’t needed to create softlinks to php5.conf & php5.load, but it still was quite easy no need to compile the source code yourself…
With that post I’m adding as well some New Category Webserver where I take notes for everyone Public, but mostly they’re for my personal usage for the case that I should need them again.

Tags: none
Tags: Debian 3.1, dummies, install, PHP5

Comments No Comments »

Bad Behavior has blocked 1250 access attempts in the last 7 days.