Friday, 16 September 2011

Installing VMWARE server on CentOS 5 or Red hat enterprise Linux 64 bit version

VMware virtualization software is an excllent choice for x86-compatible computers. They have both commercial and free version. I received few email regarding VMWARE on 64 bit Linux. Installing VMWARE server on CentOS 5 or Red hat enterprise Linux 64 bit version is a tricky business. In this small howto I will explain vmware installation on 64 bit Linux server without facing any dependencies problem.

Following instructions are tested on both RHEL 5 and CentOS 5 running 64 bit Intel / AMD hardware and software. My kernel:

$ uname -mrs
Output:
Linux 2.6.18-8.1.6.el5 x86_64

My RHEL 5 release (same kernel for CentOS):
$ cat /etc/redhat-release
Output:
Red Hat Enterprise Linux Server release 5 (Tikanga)

Make sure you have following software installed:

  • Full gcc compiler and development environment

  • Kernel headers and devel packages for current kernel (i.e. kernel-headers and kernel-devel)


 

Step # 1: Download vmware server


You can download VMWARE server here. Use wget command to download:
$ wget http://download3...

Step # 2: Install vmware server


Once downloaded use RPM command to install vmware sever, enter:
# rpm -ivh VMware-server-1.0.3-44356.i386.rpm
Output:
Preparing...                ########################################### [100%]
1:VMware-server ########################################### [100%]

Step # 3:Install required files / libraries


You need to install following development package / files on server:

  1. libXtst-devel : X.Org X11 libXtst development package

  2. libXrender-devel : X.Org X11 libXrender development package


Simply use yum command to install packages:
# yum install libXtst-devel libXrender-devel kernel-devel
Output:
Loading "rhnplugin" plugin
Loading "installonlyn" plugin
Setting up Install Process
Setting up repositories
rhel-x86_64-server-vt-5 100% |=========================| 1.2 kB 00:00
rhel-x86_64-server-5 100% |=========================| 1.2 kB 00:00
Reading repository metadata in from local files
Parsing package install arguments
...........
....
...
Running Transaction
Installing: libXtst ######################### [1/8]
Installing: libXau-devel ######################### [2/8]
Installing: xorg-x11-proto-devel ######################### [3/8]
Installing: libX11-devel ######################### [4/8]
Installing: libXdmcp-devel ######################### [5/8]
Installing: libXtst-devel ######################### [6/8]
Installing: libXtst-devel ######################### [7/8]
Installing: mesa-libGL-devel ######################### [8/8]

Installed: libXtst-devel.x86_64 0:1.0.1-3.1 libXtst-devel.i386 0:1.0.1-3.1
Dependency Installed: libX11-devel.x86_64 0:1.0.3-8.0.1.el5 libXau-devel.x86_64 0:1.0.1-3.1 libXdmcp-devel.x86_64 0:1.0.1-2.1 libXtst.i386 0:1.0.1-3.1 mesa-libGL-devel.x86_64 0:6.5.1-7.2.el5 xorg-x11-proto-devel.x86_64 0:7.1-9.fc6
Complete!

Step # 4: Install xinetd


You need xinetd the extended Internet services daemon / service in order to use VMWARE console from remote computer. Use yum command to install xinetd:
# yum install xinetd

Step # 5: Configure VMWARE server


Use vmware-config.pl script to configure VMWARE networking and other aspects.
# vmware-config.pl
Output (make sure you setup VMWARE as per your requirments, following is just a sample output):
Making sure services for VMware Server are stopped.

Stopping VMware services:
Virtual machine monitor [ OK ]

You must read and accept the End User License Agreement to continue.
Press enter to display it.
......
......
will provide you with a copy of our
distribution agreement for your signature.

Do you accept? (yes/no) yes

Thank you.

Configuring fallback GTK+ 2.4 libraries.

In which directory do you want to install the mime type icons?
[/usr/share/icons]

What directory contains your desktop menu entry files? These files have a
.desktop file extension. [/usr/share/applications]
In which directory do you want to install the application's icon?
[/usr/share/pixmaps]

Trying to find a suitable vmmon module for your running kernel.

None of the pre-built vmmon modules for VMware Server is suitable for your
running kernel. Do you want this program to try to build the vmmon module for
your system (you need to have a C compiler installed on your system)? [yes]

Using compiler "/usr/bin/gcc". Use environment variable CC to override.

What is the location of the directory of C header files that match your running
kernel? [/lib/modules/2.6.18-8.1.6.el5/build/include]

Extracting the sources of the vmmon module.

Building the vmmon module.

Using 2.6.x kernel build system.
make: Entering directory `/tmp/vmware-config0/vmmon-only'
make -C /lib/modules/2.6.18-8.1.6.el5/build/include/.. SUBDIRS=$PWD SRCROOT=$PWD/. modules
make[1]: Entering directory `/usr/src/kernels/2.6.18-8.1.6.el5-x86_64'
CC [M] /tmp/vmware-config0/vmmon-only/linux/driver.o
CC [M] /tmp/vmware-config0/vmmon-only/linux/hostif.o
CC [M] /tmp/vmware-config0/vmmon-only/common/cpuid.o
CC [M] /tmp/vmware-config0/vmmon-only/common/hash.o
CC [M] /tmp/vmware-config0/vmmon-only/common/memtrack.o
CC [M] /tmp/vmware-config0/vmmon-only/common/phystrack.o
CC [M] /tmp/vmware-config0/vmmon-only/common/task.o
CC [M] /tmp/vmware-config0/vmmon-only/common/vmx86.o
CC [M] /tmp/vmware-config0/vmmon-only/vmcore/moduleloop.o
LD [M] /tmp/vmware-config0/vmmon-only/vmmon.o
Building modules, stage 2.
MODPOST
CC /tmp/vmware-config0/vmmon-only/vmmon.mod.o
LD [M] /tmp/vmware-config0/vmmon-only/vmmon.ko
make[1]: Leaving directory `/usr/src/kernels/2.6.18-8.1.6.el5-x86_64'
cp -f vmmon.ko ./../vmmon.o
make: Leaving directory `/tmp/vmware-config0/vmmon-only'
The module loads perfectly in the running kernel.

Do you want networking for your virtual machines? (yes/no/help) [yes]

Configuring a bridged network for vmnet0.

Your computer has multiple ethernet network interfaces available: eth0, eth1.
Which one do you want to bridge to vmnet0? [eth0] eth1

The following bridged networks have been defined:

. vmnet0 is bridged to eth1

Do you wish to configure another bridged network? (yes/no) [no]

Do you want to be able to use NAT networking in your virtual machines? (yes/no)
[yes] no

Do you want to be able to use host-only networking in your virtual machines?
[no]

Extracting the sources of the vmnet module.

Building the vmnet module.

Using 2.6.x kernel build system.
make: Entering directory `/tmp/vmware-config0/vmnet-only'
make -C /lib/modules/2.6.18-8.1.6.el5/build/include/.. SUBDIRS=$PWD SRCROOT=$PWD/. modules
make[1]: Entering directory `/usr/src/kernels/2.6.18-8.1.6.el5-x86_64'
CC [M] /tmp/vmware-config0/vmnet-only/driver.o
CC [M] /tmp/vmware-config0/vmnet-only/hub.o
CC [M] /tmp/vmware-config0/vmnet-only/userif.o
CC [M] /tmp/vmware-config0/vmnet-only/netif.o
CC [M] /tmp/vmware-config0/vmnet-only/bridge.o
CC [M] /tmp/vmware-config0/vmnet-only/procfs.o
CC [M] /tmp/vmware-config0/vmnet-only/smac_compat.o
SHIPPED /tmp/vmware-config0/vmnet-only/smac_linux.x86_64.o
LD [M] /tmp/vmware-config0/vmnet-only/vmnet.o
Building modules, stage 2.
MODPOST
WARNING: could not find /tmp/vmware-config0/vmnet-only/.smac_linux.x86_64.o.cmd for /tmp/vmware-config0/vmnet-only/smac_linux.x86_64.o
CC /tmp/vmware-config0/vmnet-only/vmnet.mod.o
LD [M] /tmp/vmware-config0/vmnet-only/vmnet.ko
make[1]: Leaving directory `/usr/src/kernels/2.6.18-8.1.6.el5-x86_64'
cp -f vmnet.ko ./../vmnet.o
make: Leaving directory `/tmp/vmware-config0/vmnet-only'
The module loads perfectly in the running kernel.

The default port : 902 is not free. We have selected a suitable alternative
port for VMware Server use. You may override this value now.
Remember to use this port when connecting to this server.
Please specify a port for remote console connections to use [904]

WARNING: VMware Server has been configured to run on a port different from the
default port. Remember to use this port when connecting to this server.
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
Configuring the VMware VmPerl Scripting API.

Building the VMware VmPerl Scripting API.

Using compiler "/usr/bin/gcc". Use environment variable CC to override.

Installing the VMware VmPerl Scripting API.

The installation of the VMware VmPerl Scripting API succeeded.

Generating SSL Server Certificate

In which directory do you want to keep your virtual machine files?
[/var/lib/vmware/Virtual Machines]

The path "/var/lib/vmware/Virtual Machines" does not exist currently. This
program is going to create it, including needed parent directories. Is this
what you want? [yes]

Please enter your 20-character serial number.

Type XXXXX-XXXXX-XXXXX-XXXXX or 'Enter' to cancel: XYZZZ-XYZZZ-XYZZZ-ABC91

Starting VMware services:
Virtual machine monitor [ OK ]
Virtual ethernet [ OK ]
Bridged networking on /dev/vmnet0 [ OK ]

The configuration of VMware Server 1.0.3 build-44356 for Linux for this running
kernel completed successfully.

How to make backups with Linux and Rsync?

1. Purpose 

As a web host, we needed an automated mechanism for generating snapshot of server filesystems on the Linux based systems. There are a number of ways to achieve backups on Linux systems including Remote backup using Linux tar/ssh/cron and incremental tar backups on a local file system. One of the drawback of using tar to perform an entire filesystem backup is that some systems do not have an ability to create a compressed tarball greater than 2GB in size. 

Rsync offers a reliable mechanism for synchronizing files and directories from one location to another while minimizing data transfer by only transferring deltas. Rsync is included in most Linux distributions, and installation is very easy. Properly configured rsync that performs system backups can protect against hard disk failures and system compromises. 

2. What is Rsync? 

Rsync is a little Linux utility that synchronizes filesystems from one place to another by only copying diffs (deltas) of files that have changed. Rsync optionally compresses the files ont-the-fly before transfer (to save transfer time) and may be used in conjunction with rsh or ssh to perform remote file transfers. Rsync may be used as a backup or mirroring utility. 

The advantage of using rsync over other archive and copy utilities such as tar, dump and rcp are that rsync (1) can use ssh as a secure channel to transfer files over the network, (2) provides an ability to retain ownership and permission of files being transferred, (3) enables files and directories to be synchronized (deleted files are deleted from the last replication), and (4) transfers only "delta" files that are changed from last replication making transfer much faster. If Rysnc is used without the ssh, it uses the TCP port 873. 

3. How does Rsync work? 

Rsync can be used in standalone or a client/server mode, with client/server mode a little more common. 

In a standalone mode, you may use rsync to copy files and directories by running the rsynccommand on the command-line. This is useful when replicating files and directories on a same machine, or replicating between two machines using rsh/ssh channel. By using ssh, you're using TCP port 22 instead of TCP port 873 (rsync). To use ssh without supplying a password (in automated backup), you're required to setup a trusted environment between the two machines by generating private/public pair of keys and installing them on the machines. Instructions on setting up the private/public key pairs is described in Setting up trusted ssh environment with public/private key pair article. 

In a client/server mode, one machine becomes a "Rsync Server" by running the rsync in a daemon mode, and one or more client machine(s) may then synchronize the files to and from the server. Setting up a rsync server requires customizing a rsync configuration file, which resides in /etc/rsyncd.conf (or similar location). Running rsync in client/server mode does not require rsh/ssh transport channel, and hence uses the TCP port 873 designated for rsync protocol. 

4. Running the Rsync in a standalone mode? 

If you intend to replicate a filesystem on a local machine or use rsh/ssh as the secure channel to transfer files from one machine to another, you can use Rsync in standalone mode. 

To copy files from one directory structure to another, you may simply run rsync command. The -a switch retains owner and permission information of the files being copied. This must be executed by 'root' user in order to change user and permission data. 



bash# rsync -a source destination



The command above is similar to "cp -r from to/, where {to} directory must already exists. Similarly, replicating filesystem from one machine to another may be done by running: 



bash# rsync -a -e ssh source username@remote_host:/path/to/destination



It should be noted that rsync does care about trailing slash in the source argument. If trailing slash ("/") is supplied in the source argument, the contents of the directory is copied whereas if no trailing slash ("/") is supplied, the entire directory is copied. The trailing slash in the destination has no significance as it is always expected as a directory. 

For example, "rsync -a a b" copies directory a inside the b and hence the files are copied to the b/a/ directory. If, however, "rsync -a a/ b" is used, the files are stored in b/ directory without the directory a. 

5. Running the Rsync in a client/server mode? 

To use rsync in client/server mode, we must setup a Rsync Server. Setting a rsync server involves two steps (A) customizing /etc/rsyncd.conf configuration file, and (B) running the rsync command in daemon mode. 

A. Configuring /etc/rsyncd.conf configuration file. 

The Rsync configuration file looks very similar to Samba configuration file as the rsync is co-authored by Andrew Tridgell, an author of Simba. The detailed description of rsyncd.conf can be found in Linux manpage. A example of rsync configuration file may look something like this: 



motd file = /etc/rsyncd.motd
log file = /var/log/rsyncd.log
secrets file = /etc/rsyncd.screts

[target]
path = /home
comment = User home directories
uid = nobody
gid = nobody
auth users = scott, michael
host allow = 192.168.0.0/24
host deny = *
list = false



Important: It should be noted that Rsync will NOT grant access to a protected share if the secret (password) file noted above (/etc/rsyncd.secrets) is world-readable. 

In the configuration settings worth noting above include "target", a name used to refer a particular rsync target. In a target block, a number of configuration options may be defined. The "path" option specifies the files/directories to be rsync'ed, and "auth users" restricts access to a pre-defined users that are specified in the secrets file. The "uid" and "gid" are user/group pair that will be running the rsync backup. "auth users" need not be system users. "host allow" and "host deny" restricts hosts that can transfer file to/from the server. It is stronly advised that "host allow" and "host deny" options be setup as without those options, the target is world-readable. 

We need to create a secrets file, /etc/rsyncd.secrets, with the contents: 



scott:helloworld



The secrets file above contains a user, "scott", with a password "helloworld". Since the password is stored in plain text, the file must be owned by the root, and readable only by the root (permission 400 or 600). Otherwise, the rsync will simply not start at all. 

B. Running rsync daemon 

You may launch rsync daemon in one of two methods: via the xinetd or as a standalone. When ran from the inetd, the following two files need to be edited. 



bash# nano /etc/services
...
rsync 873/tcp
...

bash# nano /etc/xinetd.d/rsync
service rsync
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/bin/rsync
server_args = --daemon
log_on_failure += USERID
}

bash# service xinetd restart



The example above allows rsync to be run via the xinetd daemon. To restart rsync daemon, you may restart the xinet daemon. 

Alternatively, you may run rsync in a daemon mode from the command-line. 



bash# rsync --daemon



Once we have rsync server setup, we can run rsync client from a client machine. To run a particular target defined in the /etc/rsyncd.conf configuration file, you will run rsync in the following manner: 



bash# rsync -a scott@rsync_server::target /opt/rsync/backup

Password: ******



Notice that we do NOT specify a source path in the command above, but instead a target name ("target") is specified after :: separator. The rsync configuration file describes the target with access control in detail. Enter the password defined in the secrets file. 

FAQ: How to you bypass password prompt? 
If you wish to automate rsync with cron, you must bypass password prompt. If you're running rsync on TCP port 873, you may use RSYNC_PASSWORD environment variable. Just write a simple bash script that sets the RSYNC_PASSWORD variable just before invoking the rsync command as shown below. When you're supplying clear-text password in a file, it's important to protect your file with a permission mode of (chmod 600) so that no one except for you (an root) can see it. 



#!/bin/bash
RSYNC="/usr/bin/rsync -a --delete"
export RSYNC_PASSWORD=helloworld

$RSYNC scott@192.168.0.2::target /path/to/local/filesystem



If you're using ssh channel, you'll have to setup a trusted environment with public/private key pair. To learn how to setup trusted ssh environment, please review Setting up trusted ssh environment


6. Some useful command-line options 

--delete When rsync is used to replicate one filesystem to another, the --delete option can be used to delete the file in destination filesystem if source filesystem file is deleted. Otherwise, the deleted file will continue to reside in the destination filesystem. The default behavior of rsync keeps the deleted copy in the destination filesystem. Some of the rsync examples can be found in http://rsync.samba.org/examples.html.

HOWTO: GRANT privileges in MySQL

   Overview


Since Plesk does not allow GRANT privileges to users via the Plesk Control Panel, you will need to create those permissions via the command line.

   Requirements



  • You must have SSH access set up for root or a sudo user.

    • Connecting via SSH to your server

    • How do I enable root access to my (dv)?

    • Disabling SSH login for root user




Instructions


For the purpose of this article, we are going to use the 'SELECT' privilege. All code provided are examples. You will want to make sure that you change:

  • database to the database name you are using.

  • username to your database user.

  • password to a strong password unique to that user. Please read our article: Strong Password Guidelines.


Start by logging into your server via SSH and logging into MySQL entering the following:
 mysql -u admin -p`cat /etc/psa/.psa.shadow` 

The prompt should now look like this:
mysql>

Enter the following if the database user already exists.:
 GRANT SELECT ON database.* TO user@'localhost'; 

If you intend to create a brand new user, then run this:
 GRANT SELECT ON database.* TO user@'localhost' IDENTIFIED BY 'password'; 

To enable more options, you would separate them with a comma. So to enable SELECT, INSERT, and DELETE your syntax would look like this:
 GRANT SELECT, INSERT, DELETE ON database TO username@'localhost' IDENTIFIED BY 'password'; 

Once you have given the desired privileges for your user, you will need to run this command within the MySQL command prompt:
 FLUSH PRIVILEGES; 

To see a list of the privileges that have been granted to a specific user:
 select * from mysql.user where User='username'; 

This is a list of privileges that you can grant:



































































































PrivilegeMeaning
ALL [PRIVILEGES]Sets all simple privileges except GRANT OPTION
ALTEREnables use of ALTER TABLE
CREATEEnables use of CREATE TABLE
CREATE TEMPORARY TABLESEnables use of CREATE TEMPORARY TABLE
DELETEEnables use of DELETE
DROPEnables use of DROP TABLE
EXECUTENot implemented
FILEEnables use of SELECT ... INTO OUTFILE and LOAD DATA INFILE
INDEXEnables use of CREATE INDEX and DROP INDEX
INSERTEnables use of INSERT
LOCK TABLESEnables use of LOCK TABLES on tables for which you have the SELECT privilege
PROCESSEnables the user to see all processes with SHOW PROCESSLIST
REFERENCESNot implemented
RELOADEnables use of FLUSH
REPLICATION CLIENTEnables the user to ask where slave or master servers are
REPLICATION SLAVENeeded for replication slaves (to read binary log events from the master)
SELECTEnables use of SELECT
SHOW DATABASESSHOW DATABASES shows all databases
SHUTDOWNEnables use of MySQLadmin shutdown
SUPEREnables use of CHANGE MASTER, KILL, PURGE MASTER LOGS, and SET GLOBAL statements, the MySQLadmin debug command; allows you to connect (once) even if max_connections is reached
UPDATEEnables use of UPDATE
USAGESynonym for privileges
GRANT OPTIONEnables privileges to be granted

How to Block Countries on A Site-by-Site Basis




The Threat Control Panel allows you to block countries across all your CloudFlare-enabled websites by simply typing the name of the country in the "Add custom rule" box. However, at times, you may want to block a particular country for only some of your sites, because some of your sites happen to have legitimate visitors from that country. How to do that?

At the moment (September 2010), you cannot do that through the Threat control Panel. But you can easily implement the feature if you feel comfortable changing your server configuration files, in particular the file called ".htaccess".

When CloudFlare passes on a request to your server, it inserts a variable in the header: "CF-IPCountry". This variable (CF-IPCountry) contains the standard internet two-letter country code: "US" for USA, "CN" for China, and so on.

To block a country only for some of your sites, you can add directives in your Apache files.

The following technique is easy to implement as it touches only one file. Suppose you would like to block countries XX and YY from one of your sites. Edit ".htaccess" at the root of each website where you want to block these countries. At the top of the file, just below the "AddHandler" directives (if any), paste these lines:

SetEnvIf CF-IPCountry XX UnwantedCountry=1

SetEnvIf CF-IPCountry YY UnwantedCountry=1

Order allow,deny

Allow from all

Deny from env=UnwantedCountry

That's all! Remember to change "XX" and "YY" to the internet country codes of your choice. You can see how this is beautifully easy to customize: if you do not want to block YY for one of your sites, leave out the YY line.

You may want to test the set-up by blocking your own country on one of your sites. Just make sure you have a back door to change ".htaccess" back again!

If you have access to your server's httpd.conf file (usually not the case on shared hosts), you have access to a wider range of implementations, such as thecountry-blocking techniques in this article.



Thursday, 15 September 2011

Blocking IPs and Visitors by Country

Before we start, one word about orientation. On the right, you will notice links to the multiple pages in this series about website optimization. If you haven't done so yet, I suggest you also visit my main page about website optimization. 

Blocking IPs and Visitors by Country

If you inspect your web traffic, you may have noticed a surprising number of visitors from countries such as China, Russia, Poland, India and Brazil. Maybe your website only offers local information about your small town in Louisiana. Can that many people from overseas can be interested in your local news?

The answers hides in your website's error logs. There, you will see that many of these visitors are trying to access files and folders that do not exist, hoping to hack into your site, perhaps to turn your server into a spamming zombie.

Some webmasters decide to block all traffic from a number of handpicked countries, sacrificing the few legitimate visitors from China who were looking at your site because they planned to fly in next week to catch a movie at the community hall.

There are several ways to deny traffic from a particular country. To my knowledge, all these methods rely on matching the visitor's IP address to some kind of IP geolocation table.

None of the solutions are perfect: determined visitors will be able to access your site through proxies.

Method 1: Maintaining a List on Your Server

To preface, let me state that this is by far my least favorite method.

There are several sites with free lists of IPs for specific countries, ready to download, sites such as Okean for Chinese and Korean IPs, Wizcrafts for Chinese, Russian and Nigerian IPs, Country IP Blocks for a full list of countries, and BlockACountry for another huge list of countries. I don't know how well any of these lists is maintained.

Once you have a list, you can block the IPs in htaccess or httpd.conf. In my view, this is a cumbersome way of blocking visitors from certain countries, because IPs change all the time. Do you want to update your IP country table all the time?

If you did want to use this method, you might add lines like these to your .htaccess:

Order allow,deny Allow from all Deny from 58.14.0.0/15 Deny from 58.16.0.0/16 … etc. (huge list of IP addresses or ranges)

Method 2: Custom Rule in CloudFlare

Update: I do not recommend this method anymore. Click the link to read why I no longer use CloudFlare. I will leave this material here for reference.

On my page about how to block traffic from certain IPs, I explain the free CloudFlare service, in Beta as of Q3 2010.

On a CloudFlare-enabled site, you can add custom rules to block specific IPs or even specific countries. It is fast to implement, and it is extremely convenient because you don't need to update the list of IPs for the countries that you want to block. CloudFlare does that for you.

This method is perfect if you want to use the same rules across all sites. However, it may be that you want to block Russia across most sites, but that one of your sites happens to have many legitimate visitors from Russia. For such situations, you can use Method 3.

Method 3: CloudFlare plus Apache Configuration

If you have several sites and need greater control over which countries you block for each site, you can take advantage of a feature of CloudFlare: the CF-IPCountry variable it inserts in request headers, a variable that contains the geolocation data looked up by CloudFlare.

You can then tweak Apache configuration files to block visitors based on CF-IPCountry.

Flavor 1: Simplest Technique on Shared Hosts
For this technique, you only edit the ".htaccess" file at the root of your web pages. Paste the following at the top of htaccess, just below the "AddHandler" line if any:

SetEnvIf CF-IPCountry CN BuzzOff=1
SetEnvIf CF-IPCountry RU BuzzOff=1
SetEnvIf CF-IPCountry IN BuzzOff=1
Order allow,deny
Allow from all
Deny from env=BuzzOff

In this example, notice "CN", "RU" and "IN" in the first three lines. These stand for China, Russia and India. Edit those to suit your needs (and add or remove as many lines as you like) by consulting the list of internet country abbreviations.

Depending on your needs, you can create different htaccess code for each of your sites.

I suggest you test the implementation by blocking your own country on one of your sites (but make sure you have FTP access to remove the block from your htaccess!)

Flavor 2: Simple Technique for Many Countries on Multiple Sites (Private Hosts only)
Here is an implementation that works great when you maintain a large list of countries that you want to block on multiple sites. For this implementation, you need access to httpd.conf, which is rarely the case on shared hosts.

First, in httpd.conf, paste something like the following before the VirtualHost section, editing the example to add whichever countries you want to block and remove whichever countries you do not want to block. To choose which countries to ban, visit a list of country abbreviations.

SetEnvIf CF-IPCountry BD BuzzOff=1
SetEnvIf CF-IPCountry CN BuzzOff=1
SetEnvIf CF-IPCountry HR BuzzOff=1
SetEnvIf CF-IPCountry HU BuzzOff=1
SetEnvIf CF-IPCountry ID BuzzOff=1
SetEnvIf CF-IPCountry IN BuzzOff=1
SetEnvIf CF-IPCountry LU BuzzOff=1
SetEnvIf CF-IPCountry LV BuzzOff=1
SetEnvIf CF-IPCountry PH BuzzOff=1
SetEnvIf CF-IPCountry PK BuzzOff=1
SetEnvIf CF-IPCountry PL BuzzOff=1
SetEnvIf CF-IPCountry RO BuzzOff=1
SetEnvIf CF-IPCountry RU BuzzOff=1
SetEnvIf CF-IPCountry SI BuzzOff=1
SetEnvIf CF-IPCountry SK BuzzOff=1
SetEnvIf CF-IPCountry TH BuzzOff=1
SetEnvIf CF-IPCountry TW BuzzOff=1
SetEnvIf CF-IPCountry UA BuzzOff=1
SetEnvIf CF-IPCountry VN BuzzOff=1

Then, for each of the websites for which you want to block these countries, open your .htaccess and paste these lines near the top, right below the "AddHandler" line if any:

Order allow,deny
Allow from all
Deny from env=BuzzOff

Below, there is a more complex example for situations where a country is not always blocked.

Don't forget to restart Apache! Here's a tutorial on SetEnvIf if you'd like to tweak the code. And here's some reading on the Order allow,deny directive.

Flavor 3: Blocking a Country on All Sites Except One
Let's say you want to block Russia on all sites except one.

Using "Flavor 2" from above, in httpd.conf, instead of the above, you would have something like:

SetEnvIf CF-IPCountry RU IsRussia=1
SetEnvIf CF-IPCountry CN BuzzOff=1
SetEnvIf CF-IPCountry IN BuzzOff=1
… (other countries to be blocked)

For sites where you don't want to block Russia, your .htaccess would look like this:

Order allow,deny
Allow from all
Deny from env=BuzzOff

For sites where you do want to block Russia, your .htaccess would look like this:

Order allow,deny
Allow from all
Deny from env=IsRussia
Deny from env=BuzzOff

This example should give you an idea of how to further customize country blocking for each site.

China (Russia, etc) is Still Showing in my CloudFlare Threats!
If you have used Method 3, it is normal that your blocked countries will still appear in the list of threats of your CloudFlare dashboard. Why? CloudFlare is your first line of defense. Visitors from China first go to the CloudFlare DNS. There, they may be challenged (and show in your Threats Panel).

The visitors that CloudFlare doesn't block are routed to your server, where they should be blocked by the techniques shown above. Therefore, such visitors should not show in stats reports of pages actually seen, such as those produced by Google Analytics.

The dmesg Command

The dmesg command is used to write the kernel messages in Linux and other Unix-like operating systems to standard output(which by default is the display screen).


kernel is the core of an operating system. It is the first part of the operating system that is loaded into memory when a computerboots up (i.e., starts up), and it controls virtually everything on a system. The numerous messages generated by the kernel that appear on the display screen as a computer boots up show the hardware devices that the kernel detects and indicate whether it is able to configure them.

dmesg obtains its data by reading the kernel ring buffer. A buffer is a portion of a computer's memory that is set aside as a temporary holding place for data that is being sent to or received from an external device, such as a hard disk drive (HDD), printer or keyboard. A ring buffer is a buffer of fixed size for which any new data added to it overwrites the oldest data in it.

dmesg can be very useful when troubleshooting or just trying to obtain information about the hardware on a system. Its basic syntax is
dmesg [options]

Invoking dmesg without any of its options (which are rarely used) causes it to write all the kernel messages to standard output. This usually produces far too many lines to fit into the display screen all at once, and thus only the final messages are visible. However, the output can be redirected to the less command through the use of a pipe (designated by the vertical bar character), thereby allowing the startup messages to be viewed one screenful at a time:
dmesg | less

less allows the output to be moved forward one screenful at a time by pressing the SPACE bar, backward by pressing the b key and removed by pressing the q key. (The more command could have been used here instead of the less command; however, lessis newer than more and has additional functions, including the ability to return to previous pages of the output.)

When a user encounters a problem with the system, it can be convenient to write the output of dmesg to a file and then send that file by e-mail to a system administrator or other knowledgeable person for assistance. For example, the output could be redirected to a file named boot_messages using the output redirection operator (designated by a rightward facing angle bracket) as follows:
dmesg > boot_messages

Because of the length of the output of dmesg, it can be convenient to pipe its output to grep, a filter which searches for any lines that contain the string (i.e., sequence of characters) following it. The -i option can be used to tell grep to ignore the case (i.e.,lower case or upper case) of the letters in the string. For example, the following command lists all references to USB (universal serial bus) devices in the kernel messages:
dmesg | grep -i usb

And the following tells dmesg to show all serial ports (which are represented by the string tty):
dmesg | grep -i tty

The dmesg and grep combination can also be used to show how much physical memory (i.e., RAM) is available on the system:
dmesg | grep -i memory

The following command checks to confirm that the HDD(s) is running in DMA (direct memory access) mode:
dmesg | grep -i dma

The output of dmesg is maintained in the log file /var/log/dmesg, and it can thus also be easily viewed by reading that file with atext editor, such as vi or gedit, or with a command such as cat, e.g.,
cat /var/log/dmesg | less

How to fix the jftp error in joomla JFTP::store: Bad response – Warning! – Failed to move file.

While trying to upload/install some components or modules  in Joomla , you may get the following error!
ERROR:

JFTP::store: Bad response. Warning! – Failed to move

Dont get panic!. There is a simple work around for this issue. This happens when the ftp of Joomla doesn’t work properly. You may fix this issue by just disabling the ftp in the file ‘configuration.php’

Open the configuration.php file using  an editor like VI

root@ssages [/home/indisage/www]# vi configuration.php

Then search for the following line :

var $ftp_enable = ’1?;

change 1 to 0 to fix the issue.

Alternatevily you can disable it from the global configuration option–> server in Joomla