Admins eHow SysAdmin Tips & Tricks

May 4, 2011

Backup Files or MySQL DBs to a remote FTP server with compression and encryption

Filed under: CentOS,Debian,General,linux,Security — Tags: , , , , , , , — admin @ 6:30 pm

After my previous article which explained how to backup MySQL DBs to an email address , I am going to provide a more perfect solution in this article 🙂
The previous solution had some drawbacks and some advantages but the biggest problem was about the size of backup. although we compress the data with bzip2 algorithm which provides a high level of compression but in many cases, the attachment size will exceed 25MB or the limit of your email box. so it can not be used with public email services or will need a personal email server.
a better solution is to backup the data to a remote FTP server. in this case we will have almost no limit on file size (depending on your remote FTP server).
A perfect place to backup your files is fileserve.com , it offers 500GB of space for free and FTP access to it ! it is awesome ! I would recommend to upgrade to their premium service.
click on this link to signup for your free account : FileServe.com Free Account
also we will employ encryption to make sure our data is safe in transmit and in remote location.
to use this solution make sure bzip2, mcrypt and ncftp are installed on your server. I am not going into the details of installing each package, Google is your friend 🙂
so lets say you want to backup /var/www folder, use the following command :

tar jcf - /var/www | mcrypt -k 'SOME_LONG_COMPLEX_KEY' |  ncftpput -c -u FTP_USER -p FTP_PASS FTP_HOST /PREFIX-`date +%Y%m%d`

this only command will compress the whole /var/www folder by tar and bzip2 at the same time encrypt it by your key and at the same time will upload it to remote FTP server !
omg ! thats why I love Linux ! you can put it in your crontab to create automatic backups.
now lets say you want to backup all MySQL DBs , you can use the following command :

mysqldump --user=USERNAME --password=PASSWORD -A | bzip2 | mcrypt -k 'SOME_LONG_COMPLEX_KEY' |  ncftpput -c -u FTP_USER -p FTP_PASS FTP_HOST /PREFIX-`date +%Y%m%d`

the combinations and possibilities are limitless !
I just gave you the idea and showed you the power, use your own brain to make your perfect solution 😉
Just something else , if you needed to decrypt the file , you can use the following command :

mcrypt -d FILE_NAME -k 'YOUR_LONG_COMPLEX_KEY' > NEW_FILE_NAME

April 29, 2011

Backup all MySQL DBs and Compress and Email the backup

Filed under: CentOS,Debian,General,linux,MySQL — Tags: , , , , , , — admin @ 1:28 pm

Make sure mutt & bzip2 are installed on your server.
Change USERNAME & PASSWORD to your MySQL login credentials.
Change email@domain.com to your email which can accept large attachments (gmail is recommended, currently it accepts attachments up to 25MBs)
Put the following line in your crontab. you can access crontab by this command : crontab -e

0 0 * * * mysqldump --user=USERNAME --password=PASSWORD -A | bzip2 > ~/AllDBsBackup.bz2 && echo | mutt -a ~/AllDBsBackup.bz2 -s "All DBs Daily Backup" -- email@domain.com

April 27, 2011

Block BitTorrent traffic on your Linux firewall using iptables

Filed under: Debian,linux,Security — Tags: , , , , , — admin @ 7:25 pm

The following script will block and log un-encrypted BitTorrent & DHT traffic on your Linux firewall.
I have personally tested it on debian 5 lenny , but I am almost sure it should work pretty well on any new Linux distros.

iptables -N LOGDROP > /dev/null 2> /dev/null 
iptables -F LOGDROP 
iptables -A LOGDROP -j LOG --log-prefix "LOGDROP " 
iptables -A LOGDROP -j DROP

#Torrent
iptables -A FORWARD -m string --algo bm --string "BitTorrent" -j LOGDROP 
iptables -A FORWARD -m string --algo bm --string "BitTorrent protocol" -j LOGDROP
iptables -A FORWARD -m string --algo bm --string "peer_id=" -j LOGDROP
iptables -A FORWARD -m string --algo bm --string ".torrent" -j LOGDROP
iptables -A FORWARD -m string --algo bm --string "announce.php?passkey=" -j LOGDROP 
iptables -A FORWARD -m string --algo bm --string "torrent" -j LOGDROP
iptables -A FORWARD -m string --algo bm --string "announce" -j LOGDROP
iptables -A FORWARD -m string --algo bm --string "info_hash" -j LOGDROP 

# DHT keyword
iptables -A FORWARD -m string --string "get_peers" --algo bm -j LOGDROP
iptables -A FORWARD -m string --string "announce_peer" --algo bm -j LOGDROP
iptables -A FORWARD -m string --string "find_node" --algo bm -j LOGDROP

April 9, 2011

How to optimize MySQL server configuration ?

Filed under: MySQL — Tags: , , , — admin @ 7:23 pm

There are already many guides on the Internet on how to optimize MySQL server, MySQL is a very popular opensource database engine.
but most of such guides are too technical or too general or too specific which will not fit for any configuration.
What I have found and seems very promising, is a perl script which analyses your MySQL server and makes some recommendations regarding how to change your configuration to optimize the performance.
I tried it on a production hosting server and results were satisfactory, I am sure such scripts still can not beat database engineers, but if you dont have enough money to hire a a database engineer. they can be handful 😉

Here is the explanation from its website :

MySQLTuner is a script written in Perl that allows you to review a MySQL installation quickly and make adjustments to increase performance and stability. The current configuration variables and status data is retrieved and presented in a brief format along with some basic performance suggestions.

You can find the script and guide on this link : http://mysqltuner.com/

March 31, 2011

Disable WordPress Commenting System to prevent spam

Filed under: General,Security,WordPress — Tags: , , , , , — admin @ 11:01 am

It is a few days that I have installed Disqus wordpress plugin and I am quite impressed by it. I am receiving no more spam/bot messages through Disqus commenting system , but still bots are able to send spam to wordpress own commenting system ! so I was looking for a solution to disable wordpress comments and I found the following link :

http://beta.beantin.se/wordpress-comment-spam-disqus/

it provides 2 solutions to get rid of wordpress commenting system , but I prefer the neat one ! delete the whole thing ! lol
simply delete wp-comments-post.php from your wordpress root installation folder. then bots can go to hell 😉

March 29, 2011

A response to ComodoHacker

Filed under: General,Security — Tags: , , — admin @ 5:03 am

I was following up the news regarding the recent attacks to Comodo and gaining access to their cert signing system. Today I found out he has posted some comments regarding his attack and claimed some nonsense , so I decided to write a response to him , here it goes :

First of all you have claimed you are only a 21 years kid , are you kidding ? the aim of the attack has been to create certs signed by Comodo CAs for mail.google.com and login.yahoo.com and etc which can only be used to do man-in-middle type of attack. in fact if you do not have access to internet infrastructure in Iran , these certs have no use ! why would a 21 years old kid want to do that ? if you are interested in some signed certs which can not be used anywhere , next time send an email to me , I will sign some certs myself and send it back to you 🙂 it is very clear that this attack has been done with cooperation of Iran’s government and Iranian revolutionary guards and their cyber army who have access to Iran’s IT infrastructure.

Second I agree what you have done is impressive. it shows your budget and the size of your criminal organization to find security holes in internet. but you have not compromised anything fundamental or serious on internet ! do you think the same trick which you use on Iranian people ( I mean bragging about your power ) will work on the world either ? in fact when I was 21 I could do better than you ( your whole criminal organization ). lol , I can send you some proofs if you like.
because you have signed fake certs for yahoo and google, many people think you have hacked their systems and compromised their security ! but pro people know it has nothing to do with google or yahoo or the security of their systems. everything is intact and secure.
The only companies who should be blamed are Comodo and their Italian partner because of  weak security system and I am sure they are already in a lot of trouble by authorities 🙂

Third you talk about breaking RSA 2048 keys and so on , it just makes me laugh. you can not even break the security of RSA 16 bit ! lol
If you had the power to do that , there were no need to generate fake certs from Comodo , you generated these fake certs because you can not decrypt the SSL traffic in Iran ! you need fake signed certs to do man-in-middle attack. it itself shows how weak you are. so come on , do not brag about your power. we all know thats a big lie.

Fourth lets assume you gain access to Comodo root CAs so you can sign the certs yourself , I dont think there is any bigger achievement for you ! you know what happens ? in less than 24 hours all major browsers will update their software and revoke the certificate. as simple as that. so I recommend you to waste your time on better solutions.

Fifth I would like to thank you guys for doing this personally , what you did had no gains for you and showed your real face to the world. I am not going to get political on this post 🙂 but it had a lot of benefits to the security of the internet. I am sure authorities are already working on implementing more secure and safe procedures to generate certificates and check for revoked certs. Thank You.

And at last I would like to talk to Iranian people , they are just trying to frighten you. they have not compromised anything serious on internet. this attack shows they have nothing in hand. these fake certs CAN NOT be used the decrypt SSL traffic. always use VPN encrypted connections and for emails use SSL connections , Gmail is the best. also always use the latest versions of Google Chrome and Firefox for browsing the web. NEVER USE INTERNET EXPLORER ! not even version 9. and you will be safe 🙂

Here is the link to hacker speech : http://pastebin.com/74KXCaEZ

March 28, 2011

Windows 7 32 bit PAE Patch

Filed under: Windows — Tags: , , , , , , , — admin @ 2:19 pm

A lot of people still prefer to use 32 bit version of windows 7 , but 32 bit version of windows doesn’t allow you to use more than 3GB ( 4GB theoretically , 3GB practically ) of your RAM.
In fact there is a workaround for this problem on 32 bit OSes , it is know as PAE ( Physical Address Extension ) which already exists on Windows too but Microsoft has disabled it on purpose, my guess is to push 64 bit OS and some incompatibility problems with some drivers.

By the way for the people who are still in love with 32 bit windows but have more than 3GB of RAM installed on their PC. they can use the PAE patch for windows 7.

it is tested on Windows Vista SP2, Windows 7 SP0 and Windows 7 SP1.

Download it here : PatchPae

After you install it , it is how it looks like :

and resource monitor :

Cracking the credit card code

Filed under: General — admin @ 7:08 am

If you think Credit Card number is something random , then you are quite wrong. every number in a credit card is meaningful.

How to fix “Starting httpd: httpd: apr_sockaddr_info_get() failed”

Filed under: Apache,General,linux — Tags: , — admin @ 5:49 am

This error is caused by the improper configuration of hostname of server. to fix it follow the steps below :
Change HOST.DOMAIN.com to your own hostname.

echo HOST.DOMAIN.com > /etc/hostname
/bin/hostname -F /etc/hostname
/etc/init.d/httpd restart

March 26, 2011

Mac or Windows ? What is the right choice ?

Filed under: Windows — Tags: , , , — admin @ 7:33 am

People who know me closely know I am not a fan of Microsoft and its products at all , as a professional IT system administrator , I have been against Microsoft for my whole life and supported open source operating systems like Linux. You know the big fight between opensource softwares and Microsoft softwares has been going on for a long time. if you don’t remember anything , I can remind you of FireFox just as an example, competing against IE.

Until 5 months ago, I had almost tried every single OS for my desktop usage except Mac OS X , so I decided to go with Apple this time and got an Intel iMac with latest version of Mac OS X on it.
As you can see in the following image , it is very classy like other Apple appliances.

From hardware point of view I can say Apple has done a brilliant job.
As a professional user, it was not hard for me to get started using mac. I learned very fast how to install and use applications in Mac.
Apple has tried to invent its own way usage of operating system , for example window system buttons ( minimize , maximize , close ) are located in top left side of window except right side ! or when you press enter on a file, it renames the file instead of executing the file !
If you want my idea it is stupid , it is very clear that apple just wants to be different. even in a non sense way ! who does expect the Enter key to be used for renaming files !? there are many many differences too , but I bore with them , I said myself it is a different OS , so there is no reason for it to operate like others , I should get used to it.
But days after days , I found out how limiting is using Mac OS X. A lot of applications are missing and poorly developed for Mac OS X. you only have a few options to choose from.
I guess if I had used Mac from the first day of my computer life , I was a chef now instead of system administrator ! I don’t want to live in Apple’s jail named Mac OS X ! thats what Apple does to you. thats why many people try to jail break their iPhones 😀
Hopefully my iMac was Intel based and I installed windows 7 on it and I am posting this writing from windows now.
I am so glad that I am back to windows 🙂
but with the money which I paid for my iMac , I could buy a PC 16x more powerful and  faster than this.

Conclusion :

If you are a rich guy and your usage of PC is browsing the web , chatting with friends and watching movies. then Mac could be an option for you.
But if price matters to you or you are a professional user , forget about Mac , it is just a waste money. buy or make your own powerful PC yourself and install windows on it and enjoy it.

« Newer PostsOlder Posts »

Powered by WordPress