Admins eHow SysAdmin Tips & Tricks

May 4, 2011

Backup Files or MySQL DBs to a remote FTP server with compression and encryption

Filed under: CentOS,Debian,General,linux,Security — Tags: , , , , , , , — admin @ 6:30 pm

After my previous article which explained how to backup MySQL DBs to an email address , I am going to provide a more perfect solution in this article 🙂
The previous solution had some drawbacks and some advantages but the biggest problem was about the size of backup. although we compress the data with bzip2 algorithm which provides a high level of compression but in many cases, the attachment size will exceed 25MB or the limit of your email box. so it can not be used with public email services or will need a personal email server.
a better solution is to backup the data to a remote FTP server. in this case we will have almost no limit on file size (depending on your remote FTP server).
A perfect place to backup your files is fileserve.com , it offers 500GB of space for free and FTP access to it ! it is awesome ! I would recommend to upgrade to their premium service.
click on this link to signup for your free account : FileServe.com Free Account
also we will employ encryption to make sure our data is safe in transmit and in remote location.
to use this solution make sure bzip2, mcrypt and ncftp are installed on your server. I am not going into the details of installing each package, Google is your friend 🙂
so lets say you want to backup /var/www folder, use the following command :

tar jcf - /var/www | mcrypt -k 'SOME_LONG_COMPLEX_KEY' |  ncftpput -c -u FTP_USER -p FTP_PASS FTP_HOST /PREFIX-`date +%Y%m%d`

this only command will compress the whole /var/www folder by tar and bzip2 at the same time encrypt it by your key and at the same time will upload it to remote FTP server !
omg ! thats why I love Linux ! you can put it in your crontab to create automatic backups.
now lets say you want to backup all MySQL DBs , you can use the following command :

mysqldump --user=USERNAME --password=PASSWORD -A | bzip2 | mcrypt -k 'SOME_LONG_COMPLEX_KEY' |  ncftpput -c -u FTP_USER -p FTP_PASS FTP_HOST /PREFIX-`date +%Y%m%d`

the combinations and possibilities are limitless !
I just gave you the idea and showed you the power, use your own brain to make your perfect solution 😉
Just something else , if you needed to decrypt the file , you can use the following command :

mcrypt -d FILE_NAME -k 'YOUR_LONG_COMPLEX_KEY' > NEW_FILE_NAME

April 4, 2010

Configure Powerdns to use MVPS.org Hosts file

Filed under: General — Tags: , , , — admin @ 4:20 pm

One of the solutions to increase your PC security and block ads, counters, malwares and etc is to use a HOSTS file on your windows so the DNS address of such sites is resolved to localhost (127.0.0.1) instead of correct address.
Simply using a HOSTS file is not a cure-all against all the dangers on the Internet, but it does provide another very effective “Layer of Protection”.
The original idea is explained on this link : http://www.mvps.org/winhelp2002/hosts.htm
As the above link explains , you can put HOSTS file inside your windows system files and it will do the trick , but this solution has its own complexities and downsides , a better solution is to have a DNS server which uses MVPS HOSTS file to block malware sites and then point your PC DNS entries to it.
like 1 year ago I explained how to install PowerDNS as a caching DNS server – HERE – now I want to explain how you can configure it to use MVPS HOSTS file to block malware site and update it automatically.
Please note you should have perl installed on your server for this script to work.

Go to /etc/powerdns folder and create the following files :

null.zone.file :

; BIND db file for ad servers - point all addresses to localhost
;
; This file comes from:
;
;       http://adminsehow.com

$TTL    86400   ; one day

@       IN      SOA     ns0.example.net.      hostmaster.example.net. (
                        2002061000       ; serial number YYMMDDNN
                        28800   ; refresh  8 hours
                        7200    ; retry    2 hours
                        864000  ; expire  10 days
                        86400 ) ; min ttl  1 day
                NS      ns0.example.net.
                NS      ns1.example.net.

                A       127.0.0.1

*               IN      A       127.0.0.1

auth-zone.pl :

local $/=undef;
open FILE, "hosts.txt" or die "Couldn't open file: $!";
binmode FILE;
$subject = <FILE>;
close FILE;

$a='auth-zones=';

while ($subject =~ m/127\.0\.0\.1[ ]+(([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,4})/ixg) {
  $a=$a.$1."=null.zone.file,";
}

print "$a";

update-auth-zone :

cd /etc/powerdns
rm -f hosts.txt
wget -q "http://www.mvps.org/winhelp2002/hosts.txt"
perl auth-zone.pl > auth.zone
sed -i "/auth-zones=/d" recursor.conf
cat auth.zone >> recursor.conf
/etc/init.d/pdns-recursor restart > /dev/null 2>&1
rm -f hosts.txt
rm -f auth.zone

make update-auth-zone executable :

chmod +x update-auth-zone

execute update-auth-zone once :

./update-auth-zone

open crontab by “crontab -e” command and add the following line to it :

@weekly /etc/powerdns/update-auth-zone

this cron job will automatically update your powerdns configuration based on MVPS HOSTS file weekly.

Currently I have configured my own DNS server 216.155.148.9 to use MVPS HOSTS file , feel free to use it as your primary DNS Server if you like 🙂

May 13, 2009

How to block access to a file using .htaccess

Filed under: General,Security — Tags: , , , — admin @ 1:33 pm

If you have a file in your web directory which you want to keep secure , you can block the access to it by following lines in your .htaccess file:

<Files FILENAME>
deny from all
</Files>

Powered by WordPress