-
Older versions of debian and updates
We have come across several users who run older versions of debian. This is usually fine, sometimes for some reasons users are unable to update for some time but require a package to be installed. This is where the fun begins…
-
Exploited VPS? phpmyadmin?
Currently we are being inundated with scans and exploits looking for new machines to take over, most of these are using insecure phpmyadmin installs. If you are unsure if your box has been hacked then the things to look for are similar to this…
-
WordPress Mass Upgrade Script 3.0.1
This script will search /var/www (changeable in a variable) for any wordpress installs and make sure its upgraded to the latest version. It will run a backup to /root/wp_upgrade/ of all files and database before doing anything with the site in case of major catastrophe. It pays to check each site after the upgrade to…
-
Easy Peasy Linux Firewalling – iptables
A lot of our customers have asked for firewalls, and since this is a common theme, i decided that I would help them out. Of course it can be a mission to learn how to make your own and what to do or not do, and some of the pre-made ones can be confusing. So…
-
Keeping things going over the holiday season
Well its that time of year again, and you do NOT want to be dealing with broken servers over Xmas. Heres a few tips to make sure things stay honkey dory over the Xmas period. Upgrades: Dont upgrade anything, do not do a new release, do not change anything at all. Sometimes even something that’s…
-
Unsure who is sending spam? Try this
Anyone who has hosted peoples websites before, has had either a blog hacked, or some guy thinking he is going to send mass mailouts using PHP or similar happen. Its extremely hard to trackdown and deal with, and yet it can get your server listed at spam service denying legitimate email from getting through. This…
-
Does your VPS have MD5 enabled for passwords?
We recently discovered that the way we install a VPS differs slightly from the usual CD install. This is not something we do specifically but something that can be improved on in the set-ups of CentOS5.3. When you install from a CD it automatically enables MD5 encryption in passwords (which should be the norm), however…
-
Safe rm prevents accidents! try it!
I found this the today http://www.safe-rm.org.nz/ , and having had the odd accident im most definitely going to be installing this on my own server! What is safe-rm? Safe-rm is a safety tool intended to prevent the accidental deletion of important files by replacing /bin/rm with a wrapper, which checks the given arguments against a…
-
nginx hacking using proxy
It sucks getting hacked Every now and then servers get hacked. Often because of an exploitable webapp, or because (most commonly) a weak, easily guessable password was used on a well known user account (like ‘root’ or ‘info’ or ‘test’). Once hackers gain access they often install some kind of malware. e.g. something that goes…
-
WordPress Upgrade Script
Heres a little Shell Script I wrote which, if run, will check your entire server for insecure versions of wordpress. If it finds any, it will give you the option to upgrade. If you say yes it will backup the existing sites file and database in /root/wp_upgrade and upgrade it. Please Note: This has not…