Installing and configuring Bareos (Bacula fork) with web front-end on Debian Wheezy.

And taking nice backups easy to be restored.

The story is quiet simple: some times ago I would have liked to have a kind of 8 months old backup for a friend of mine, but it was too late. So now, I want backups with a decent retention. So I can go “back in time” and recover files. Another choice could have been Subversion, but I’m going to backup images as well so, for this reason I’ll not take Subversion into consideration.
Continue reading “Installing and configuring Bareos (Bacula fork) with web front-end on Debian Wheezy.”

Incoming search terms:

  • bareos (20)
  • BAREOS TUTORIAL (3)
  • 22VW (1)
  • bareos jobdefs (1)
(Visited 38,966 times, 1 visits today)

Exploring Open Source CMS: Hippo

Hippo-cms-logoI’m going to test out some relevant Content Management System from the Open Source planet. This time i will try to install and configure Hippo Cms. Since I already tried almost all famous CMS written in php, this time we will take a look to this one, written in Java.

About Java: first time i came to speak about Java, a tremendous miskate was made. In fact while my interlocutor was speaking about Java as a Server-sided tech, i was speaking about the client part, the one i don’t like at all, and actually all considered, is slow, subject of contiuous updates, quiet bothering i mean. And my recentest memory about this is the callcenter dudes who had to manage oracle forms through a java web GUI: a nightmare!.

Anyway, as we all know, “the good is oft(en) interred with their bones“… so let it be with java for clients and let’s start seeing what do I need in order to start serving jsp from my machine. Continue reading “Exploring Open Source CMS: Hippo”

(Visited 1,059 times, 1 visits today)

My latest crash under the snow

Here you are my latest crash during a heavy snowing.

I had some damages: one motor with bended shaft, an arm of the Q450 was slightly broken and rubber band philosophy always wins. In fact thanks to the rubber bands both the cameras simply detatched from the platform falling on theur own weight, avoiding sustaining the entire platform weight, as at the opposite, the poor motor #4 did. Continue reading “My latest crash under the snow”

Incoming search terms:

  • @mwc com sa (22)
  • mail learnway net (18)
  • 12UR (1)
(Visited 1,506 times, 1 visits today)

[Solved] Apache2 access log browserToolbarGetData?v=2

Nagios3 as sentinel for your servers and clientsAs I wrote in a previous article, someone is buzzing my server with continuous requests for inexistent resources, just like /browserToolbarGetData?v=2. This could be related with a new ip address i just boght, i don’t know yet but there is no trace of this io address history, so i think i’m the first using it, so io’m prone to belive it is just a remote possibility… anyway let’s tale some countermeasures.
Continue reading “[Solved] Apache2 access log browserToolbarGetData?v=2”

(Visited 181 times, 1 visits today)

Apache2 access.log problem mapi?query= cmd getCounters jsonPrefix _PHJSONPCallback_1046 &rnd=

fail2ban-in-action-for-wordpress-security-and-performancesThis webpage http://file.oboz.ua/files/vf4f51401192c57_20123223481.mail%5B1%5D is trying to make a fishing attack using this page to serve unprocessed html code in order to make something with user of mail.ru.
if you see a log entry like this:

37.147.118.211 - - [02/Jan/2013:08:53:31 +0000] "GET /mapi?query=%7B%22cmd%22%3A%22getCounters%22%2C%22jsonPrefix%22%3A%22__PHJSONPCallback_47%22%7D&rnd=1357116906112 HTTP/1.1" 403 507 "http://my.mail.ru/friends?" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.12 (KHTML, like Gecko) Maxthon/3.0 Chrome/18.0.966.0 Safari/535.12"

Continue reading “Apache2 access.log problem mapi?query= cmd getCounters jsonPrefix _PHJSONPCallback_1046 &rnd=”

Incoming search terms:

  • odnoklassniki ru/mapi?query={cmd:getcounters jsonprefix:__phjsonpcallback_2} (684)
  • odnoklassniki ru/mapi?query={cmd:getcounters} (258)
  • https://ok ru/mapi?query={\cmd\:\getCounters\} (24)
  • odnoklassniki ru/mapi?query={cmd:getCounters jsonPrefix:__PHJSONPCallback_3} (15)
  • odnoklassniki ru/mapi?query={cmd:getCounters jsonPrefix:__PHJSONPCallback_4} (10)
  • growthhyh (1)
(Visited 2,287 times, 1 visits today)

Securing WordPress (or any site) with fail2ban: prevent vuln scanners, flood and bruteforce attack

fail2ban-stopping-scannersHow to secure WordPress using advanced tools like fail2ban.

EDIT

This rules can cut out search engines from your server and they can affects all the sites hosted on the machine you are working on. I’m writing this because at the end it turned out that a better solution to prevent distribuited flooding is to use iptables with custom rules.

Fail2ban is one of my favourite server securing software, because it not only protects against several consequences deriving from being attacked by some script kiddy, but it saves a lot of system resources otherwise wasted serving pages to bots or similar.
I just discovered an annoying and repeated access log entry on my access logs wich leads to a 403/404 (i faked a little tso it makes sense for this article) error page (forbidden) and then i decided to let a specialized software do the job instead of using wordpress plugin, wich ,would act at a php/mysql level having to generate each time server headers, and here again, wasting server resources.

Some of these log entries looked loke this: Continue reading “Securing WordPress (or any site) with fail2ban: prevent vuln scanners, flood and bruteforce attack”

(Visited 4,364 times, 1 visits today)

Free SSL Certificate to Ispconfig websites with Startssl – How to

ispconfiglogostartssl_logo
This article will go through the complete process in order to obtain, install and run an SSL Webserver Certificate for free with ISPConfig3 and Startssl dot com.
Some years ago i discovered this useful service for generating Class 2 webserver certificates, very useful to offer your user a secure, encrypted connection over wich they can send their data reducing the risks of being sniffed (i’ll write something about sniffing).
Continue reading “Free SSL Certificate to Ispconfig websites with Startssl – How to”

Incoming search terms:

  • ispconfig startssl (32)
  • ispconfig ssl certificate (23)
  • ispconfig website ssl Certificate (22)
  • instalar ssl in ispconfig (17)
  • where is folder www https ispconfig (16)
  • shared ssl ispconfig (15)
(Visited 36,593 times, 1 visits today)

Shineisp Installation Log / mini How to

Shineisp is an italian open source WHM (Web Hosing Management) and we are going to give it a try. I recall i alredy installed it last year, but the machine had a poor hardware and shineisp is a greedy MVC phpmysql program. For this “instalfiguration” we assume we are on Debian Squeeze and we will cover the steps needed to get shineisp up and running in 10 minutes.

Continue reading “Shineisp Installation Log / mini How to”

(Visited 2,294 times, 1 visits today)

WordPress and “ALERT – configured POST variable limit exceeded – dropped variable” issue

ICustom Grunge WordPress Logot may happen in several hosting environments to discover this line in your webserver error log:

ALERT - configured POST variable limit exceeded - dropped variable 'name_of_dropped_variable' (attacker '20.2.26.212', file '/several dirs..../wp-admin/post.php'), referer: http://sitename.tld/wp-admin/post.php?post=181&action=edit

Well i discovered and solved this situation:

Cause: It is caused by PHP suhosin

you can “locate” it on your disk it using the “locate” command as follows

(if it is first time you use locate) type:

# updatedb

then type:

# locate suhosin

for my machine (debian) it is located within /etc/php5/conf.d/suhosin.ini

so you can edit it by typing:

#nano /etc/php5/conf.d/suhosin.ini

Now, look into your suhosin.ini fìle until you see the followings vars:

suhosin.post.max_vars

suhosin.request.max_vars

You want to remove the comment symbol “;” from the very beginning of these two lines and the increase the default value (it should be 200) to at least 500 in order to make complex wordpress themes working properly.

Remember to kick apache2 typing

#/etc/init.d/apache2 restart

Incoming search terms:

  • alert - configured post variable limit exceeded - dropped variable (12)
  • balloonzom (1)
(Visited 2,882 times, 1 visits today)