Thursday, 6 October 2011

Manually Override Cache-Control Directives Using ARR

Configure Cache Control Rules




ARR allows for multiple cache control rules, including rules to only cache content based on URL patterns or host names, or to not cache certain content. The cache control rules are processed in the list from top to bottom.

To configure cache control rules

  1. Open IIS Manager.

  2. In the Connections pane, expand the server node.

  3. In the Server pane, double-click Application Request Routing Cache.

  4. On the Application Request Routing Cache page, in the Actions pane, click Cache Control Rules….

  5. On the Cache Control Rules page, in the Actions pane, click Add….

  6. In the Add Cache Control Rule dialog box, follow these steps:

    • In the Apply rule list, select when you want to apply the cache control rule:When no cache control directive exists or Always.

    • Select Do not cache or Cache.

    • If you selected Cache, enter the duration in the Cache duration (minutes) box.

    • In the Host name box, optionally enter the name of your host site.

    • In the URL box, optionally enter the URL.



  7. Click OK.


Posted by at No comments:

How to fix yum install perl-DBI No package perl-DBI available. Nothing to do

I wanted to install perl-DBI which is a dependency of git-1.7.3.4-1.el5.rf.i386.rpm

when I wanted to install git-1.7.3.4-1.el5.rf.i386.rpm by running

yum install git-core
or even running
rpm -i git-1.7.3.4-1.el5.rf.i386.rpm
it prompted me with a notice that
Error: Missing Dependency: perl(DBI) is needed by package git-1.7.3-1.el4.rf.i386 (rpmforge)

THe fix is so easy
just go to the file /etc/yum.conf using a text editor such as nano

nano /etc/yum.conf



then remove perl*
save the file by existing using CTRL+x and confirming to save changes
run yum install git-core again

finally you should see this notification
Total download size: 6.1 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): perl-Git-1.7.3.4-1.el5.rf.i386.rpm                                                                                                        |  24 kB     00:00
(2/2): git-1.7.3.4-1.el5.rf.i386.rpm                                                                                                             | 6.1 MB     00:01
---------------------------------------------------------------------------------------------------------------
Total                                                                                                                                   2.3 MB/s | 6.1 MB     00:02
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing     : git                                                                                                                                              1/2
Installing     : perl-Git                                                                                                                                         2/2

Installed:
git.i386 0:1.7.3.4-1.el5.rf

Dependency Installed:
perl-Git.i386 0:1.7.3.4-1.el5.rf

Complete!


Posted by at No comments:

Email protocols

What is POP3?

Post Office Protocol version 3 (POP3) is a standard mail protocol used to receive emails from a remote server to a local email client. POP3 allows you to download email messages on your local computer and read them even when you are offline.

What is IMAP?

The Internet Message Access Protocol (IMAP) is a mail protocol used for accessing email on a remote web server from a local client. IMAP and POP3 are the two most commonly used Internet mail protocols for retrieving emails. Both protocols are supported by all modern email clients and web servers.

Main difference between IMAP and POP3:

The POP3 protocol assumes that there is only one client connected to the mailbox. In contrast, the IMAP protocol allows simultaneous access by multiple clients. IMAP is suitable for you if your mailbox is about to be managed by multiple users.

What is SMTP?

Simple Mail Transfer Protocol (SMTP) is the standard protocol for sending emails across the Internet. SMTP uses TCP port 25 or 2525 and sometimes you can have problems to send your messages in case your ISP has closed port 25 (How to check if port 25 is open?). To determine the SMTP server for a given domain name, the MX (Mail eXchange) DNS record is used.
Posted by at No comments:

How to change my MX record?

How to change my MX record?

It is possible to change the MX records for your domain. For this purpose you should log in cPanel and click on MX Entry.
Posted by at No comments:

How to check whether the email ports are open?

You may experience issues with the non-standard http ports Webmail works with. Usually Webmail can be opened from:

  • https://mydomain.com:2096

  • http://mydomain.com:2095

  • http://webmail.servername.com


You may check the name of your server via your Customers Area. Please review the DNS Change article - the server name is the DNS server name without the ns1 infront of it.

Sometimes local firewalls allow access only to sites on port 80. In such cases, please use the 3rd URL. Note that the address "3" is a web based proxy which provides you with the option to access your cPanel via the default http port 80. We have set this extra service for our Customers whose Internet Service Providers have blocked ports 2096 and 2095.

You may check if the ports are blocked executing the following commands:

If you are running Windows do the following:



  • Click Start

  • Click Run

  • Type cmd

  • Type telnet mydomain.com 2095

  • Type telnet mydomain.com 2096


If you are running Linux do the following:



  • Start your Linux/Mac OS console terminal

  • Type telnet mydomain.com 2095

  • Type telnet mydomain.com 2096


If the port is not blocked the results should look like the above Trying IP_of_the_server ( 10.10.10.10 for an example )...

Connected to servername.com.
Escape character is '^]'.

Different result will means that the port is blocked and you should use the web proxy link provided above.

Please, find the default POP3, IMAP and SMTP ports values at the POP3, IMAP, SMTP and Email clients article.
Posted by at No comments:

How to configure email clients

You can use either the webmail interface or an email client. Check our tutorial on how to use cPanel webmail. If you decide to use an email client, such as Microsoft Outlook Express, MS Outlook, Mozilla Thunderbird and Eudora, here are the settings you need:

Incoming mail server (POP3/IMAP server): mail.yourdomain.com
Outgoing mail server (SMTP server): mail.yourdomain.com Or Host: mail.yourdomain.com
Username: the full e-mail address. Example: you@yourdomain.com instead of you.
Password: Assigned in cPanel -> Email -> Manage/Add/Remove Accounts.
SMTP authentication must be enabled for the login to be successful.*

If you have your domain pointed to an external server and the MX record is resolving to one of the SiteGround servers use the server name as  the Incoming/Outgoing mail server.

You can also use secure authentication to your mail server.

Email ports



  • The POP3 port for inbound emails is 110 (995 if you want to use secured POP3)

  • And the IMAP port for inbound emails is 143 (993 if you want to use secured IMAP)

  • The SMTP port for outbound emails is 25 or 2525 (465 if you want to use secured SMTP)


 
Posted by at No comments:

Wednesday, 5 October 2011

Protect your /tmp Directory - Tutorial

lately there has been a lot of DOS (Denial of Services) Attacks happening, and one of the main causes of these attacks of because of insecure /tmp directories.

Your /tmp directory is very dangerious, since it allows every single user the ability to write to it, so should you have an upload script on your site that may be exploitable, or even if there is an vulnerability in a program which allows for remote code execution, it will allow the person to upload a file into your /tmp directory or even use remote code execution to take control of something like wget and download something into your /tmp directory (this is usually how DOS trojans and rootkits end up on your server)

But there something you can do to help protect your /tmp directory:
===============================================

Firstly you need to stop all processes that are using your /tmp so you can work with it.

# lsof | grep /tmp

you should see something like this:
root@carine [/]# lsof | grep /tmp
screen     2599      root  cwd       DIR                8,8    2863104          2 /tmp
php        7577  greatpho    3u      REG                8,8          0       1194 /tmp/session_mm_cgi759.sem (deleted)
php        7577  greatpho    5u      REG                8,8          0         59 /tmp/sess_658bbc19e47f720c2210f3f0339ec6dd (deleted)
mysqld    22603     mysql    5u      REG                7,0          0         87 /tmp/ibQZkUsh (deleted)
mysqld    22603     mysql    6u      REG                7,0       1017         90 /tmp/ibE6blca (deleted)
mysqld    22603     mysql    7u      REG                7,0          0         91 /tmp/ibXQhMV2 (deleted)
mysqld    22603     mysql    8u      REG                7,0       8602         92 /tmp/ibbZcCFV (deleted)
mysqld    22603     mysql   12u      REG                7,0          0         93 /tmp/ibvUZEqO (deleted)
php       29509  greatpho    3u      REG                8,8          0         95 /tmp/session_mm_cgi759.sem (deleted)
php       29509  greatpho    5uW     REG                8,8          0         59 /tmp/sess_658bbc19e47f720c2210f3f0339ec6dd (deleted)
php       32685  aclubber    3u      REG                7,0          0      17861 /tmp/session_mm_cgi533.sem
php       32692  salesdna    3u      REG                7,0          0      17858 /tmp/session_mm_cgi3098.sem
php       32692  salesdna    5uW     REG                7,0          0      17918 /tmp/sess_dbc01a315bbdad2eba7d761b94fb3f04
stop those processes which are using your /tmp directory,
then copy and paste the following this into your terminal window:
cd /
dd if=/dev/zero of=/tmpdir bs=1024 count=200000
mkfs.ext3 -F /tmpdir
mv /tmp /tmp.backup
mkdir /tmp
mount -o loop,noexec,nosuid,rw /tmpdir /tmp
chmod 0777 /tmp
if ! grep -qai tmpdir /etc/fstab ; then
echo "/tmpdir /tmp ext3 loop,noexec,nosuid,rw 0 0" >> /etc/fstab
fi
mount -a
cp /bin/ls /tmp/
/tmp/ls
it should return something like this:
-bash: /tmp/ls: Permission denied
If you see that, then you know everything has gone according to plan.

What the above will do, is create a storage medium (so call it) on /tmpdir, and then mount /tmpdir to /tmp, but it will mount it with loop,noexec,nosuid,rw

Still won't stop the rootkits or DOS files from being uploaded or downloaded into ur /tmp directory, but I will sure as hell stop them from being executed.

Hope this helps
Posted by at No comments:
Subscribe to: Posts (Atom)