Upgrade PHP and MySQL Centos 6.x

Standard

The method I found most simple is:

wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
rpm -ivh remi-release-6.rpm
vim /etc/yum.repos.d/remi.repo     (you need to enable the parts you want in this file)
yum -y upgrade php*
yum -y update
reboot

done.

Sentora virtual domains SSL setup – Let’s Encrypt Certificates

Standard

I won’t discuss here why you would want to use Let’s Encrypt Certificates, but 3 of the main reasons for me are:

  1. Certificates are free
  2. Certificates are automatically updated. So it becomes a set and forget affair. No more fiddling around every 1, 2 or 3 years.
  3. Automatic updates are done every 3 months. So the certificates are always fresh.

And now for the setup on a fully up-to-date Sentora Centos 6.7 server

Run

yum -y install mod_ssl wget nc netcat; wget -O - https://get.acme.sh | sh

This will install the stand alone certificate management software, that will get and update your certificates from Let’s Encrypt

This is how you use it (issue a certificate for example.com where the http site files are actually located in /home/wwwroot/example.com):

/root/.acme.sh/acme.sh --issue -d example.com -w /home/wwwroot/example.com

There will be an output containing a variety of information you will need to configure APACHE. Keep it.

Then just add this to your crontab:
So your certificates will be automatically updated/renewed

vim /etc/crontab
34 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null

 

Now the APACHE setup

If you have SSL enabled on your Sentora admin panel disable it and see below how to integrate it again.

Add this to

# Custom SSL Apache config
Include /etc/zpanel/configs/apache/httpd-ssl-vhosts.conf

to:

vim /etc/sentora/configs/apache/httpd.conf

create the file:

vim /etc/zpanel/configs/apache/httpd-ssl-vhosts.conf

And fill it with the details for your sites like this (Hint: You will find this in /etc/zpanel/configs/apache/httpd-vhosts.conf):

# This is need only once for multiple SSL/https virtual hosts
NameVirtualHost *:443

# DOMAIN: example.com
<virtualhost *:443>
ServerName example.com
ServerAdmin admin@example.com
DocumentRoot "/var/sentora/hostdata/zadmin/public_html/example_com"
php_admin_value open_basedir "/var/sentora/hostdata/zadmin/public_html/example_com:/var/sentora/temp/"
php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec"
ErrorLog "/var/sentora/logs/domains/zadmin/example.com-error.log"
CustomLog "/var/sentora/logs/domains/zadmin/example.com-access.log" combined
CustomLog "/var/sentora/logs/domains/zadmin/example.com-bandwidth.log" common
<Directory "/var/sentora/hostdata/zadmin/public_html/example_com">
Options +FollowSymLinks -Indexes
AllowOverride All
Order Allow,Deny
Allow from all
</Directory>
AddType application/x-httpd-php .php3 .php
ErrorDocument 500 /_errorpages/500.html
ErrorDocument 403 /_errorpages/403.html
ErrorDocument 510 /_errorpages/510.html
ErrorDocument 404 /_errorpages/404.html
DirectoryIndex index.html index.htm index.php index.asp index.aspx index.jsp index.jspa index.shtml index.shtm
# Custom Global Settings (if any exist)
RewriteEngine on
RewriteOptions inherit

# Custom VH settings (if any exist)
SSLEngine On
SSLCertificateFile /etc/ssl/certs/domain_name.com/domain_name_com.crt
SSLCertificateKeyFile /etc/ssl/certs/domain_name.com/domain_name_com.key
SSLCACertificateFile /etc/ssl/certs/domain_name.com/gs_root.pem
SSLCertificateChainFile /etc/ssl/certs/domain_name.com/gs_intermediate_ca.crt
 
</virtualhost>
# END DOMAIN: example.com



And now you can add the details for Sentora panel again and re-enable the redirection to ssl for the panel:

# This is need only once for multiple SSL/https virtual hosts
NameVirtualHost *:443

#Configuration for Sentora control panel.
 <VirtualHost *:443>
 ServerAdmin admin@blue.net.au
 DocumentRoot "/etc/sentora/panel/"
 ServerName sentorapanel.example.com
 ErrorLog "/var/sentora/logs/sentora-error.log"
 CustomLog "/var/sentora/logs/sentora-access.log" combined
 CustomLog "/var/sentora/logs/sentora-bandwidth.log" common
 AddType application/x-httpd-php .php
 <Directory "/etc/sentora/panel/">
 Options +FollowSymLinks -Indexes
 AllowOverride All
 Order allow,deny
 Allow from all
 </Directory>
# Custom settings are loaded below this line (if any exist)
SSLEngine On
SSLCertificateFile /root/.acme.sh/sentorapanel.example.com/sentorapanel.example.com.cer
SSLCertificateKeyFile /root/.acme.sh/sentorapanel.example.com/sentorapanel.example.com.key
SSLCACertificateFile /root/.acme.sh/sentorapanel.example.com/ca.cer
SSLCertificateChainFile /root/.acme.sh/sentorapanel.example.com/fullchain.cer

 </VirtualHost>
# END Configuration for Sentora control panel.


# DOMAIN: example.com
<virtualhost *:443>
ServerName example.com
ServerAdmin admin@example.com
DocumentRoot "/var/sentora/hostdata/zadmin/public_html/example_com"
php_admin_value open_basedir "/var/sentora/hostdata/zadmin/public_html/example_com:/var/sentora/temp/"
php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec"
ErrorLog "/var/sentora/logs/domains/zadmin/example.com-error.log"
CustomLog "/var/sentora/logs/domains/zadmin/example.com-access.log" combined
CustomLog "/var/sentora/logs/domains/zadmin/example.com-bandwidth.log" common
<Directory "/var/sentora/hostdata/zadmin/public_html/example_com">
Options +FollowSymLinks -Indexes
AllowOverride All
Order Allow,Deny
Allow from all
</Directory>
AddType application/x-httpd-php .php3 .php
ErrorDocument 500 /_errorpages/500.html
ErrorDocument 403 /_errorpages/403.html
ErrorDocument 510 /_errorpages/510.html
ErrorDocument 404 /_errorpages/404.html
DirectoryIndex index.html index.htm index.php index.asp index.aspx index.jsp index.jspa index.shtml index.shtm
# Custom Global Settings (if any exist)
RewriteEngine on
RewriteOptions inherit

# Custom VH settings (if any exist)
SSLEngine On
SSLCertificateFile /etc/ssl/certs/domain_name.com/domain_name_com.crt
SSLCertificateKeyFile /etc/ssl/certs/domain_name.com/domain_name_com.key
SSLCACertificateFile /etc/ssl/certs/domain_name.com/gs_root.pem
SSLCertificateChainFile /etc/ssl/certs/domain_name.com/gs_intermediate_ca.crt
 
</virtualhost>
# END DOMAIN: example.com

 

You might also want to redirect all traffic to your https now.

Put this into your .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

 

 

 

 

 

Chocolatey – a software management system for Windows

Standard

Chocolatey (https://chocolatey.org/) is a software manager for Windows. There are almost 5000 packages. The one you use are certainly in there. All mine are.

Install choco from an administrator command line:

@powershell -NoProfile -ExecutionPolicy Bypass -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))" && SET "PATH=%PATH%;%ALLUSERSPROFILE%chocolateybin"

Then run installs like:

choco install -y ccleaner

https://chocolatey.org/packages contains a list  of all the packages

I recommend the GUI:

choco install -y chocolateygui chocolatey-core.extension

But I like the command line, too.

And I like, that you can update all your installed packages at once (yes they need to be installed by choc first):

choco upgrade -y

Sysadmin

windirstat winrar treesizefree TeraCopy Recuva nmap lockhunter ccleaner autoruns

User

sublimetext3 vlc WhatsApp XnView WindowsLiveInstaller WindowsLiveWriter PDFXchangeEditor paint.net notepadplusplus.install libreoffice lastpass irfanview GoogleChrome-AllUsers Firefox dropbox ditto

 

 

robots.txt prevent certain spiders / bots to scan your site.

Standard

Put this into robots.txt in the root of your site:

User-agent: Rogerbot 
User-agent: Exabot 
User-agent: MJ12bot 
User-agent: Dotbot 
User-agent: Gigabot 
User-agent: AhrefsBot 
User-agent: BlackWidow 
User-agent: Bot [EMAIL="craftbot@yahoo.com"]mailto:craftbot@yahoo.com[/EMAIL] 
User-agent: ChinaClaw 
User-agent: Custo 
User-agent: DISCo 
User-agent: Download Demon 
User-agent: eCatch 
User-agent: EirGrabber 
User-agent: EmailSiphon 
User-agent: EmailWolf 
User-agent: Express WebPictures 
User-agent: ExtractorPro 
User-agent: EyeNetIE 
User-agent: FlashGet 
User-agent: GetRight 
User-agent: GetWeb! 
User-agent: Go!Zilla 
User-agent: Go-Ahead-Got-It 
User-agent: GrabNet 
User-agent: Grafula 
User-agent: HMView 
User-agent: HTTrack 
User-agent: Image Stripper 
User-agent: Image Sucker 
User-agent: Indy Library
User-agent: InterGET 
User-agent: Internet Ninja 
User-agent: JetCar 
User-agent: JOC Web Spider 
User-agent: larbin 
User-agent: LeechFTP 
User-agent: Mass Downloader 
User-agent: MIDown tool 
User-agent: Mister PiX 
User-agent: Navroad 
User-agent: NearSite 
User-agent: NetAnts 
User-agent: NetSpider 
User-agent: Net Vampire 
User-agent: NetZIP 
User-agent: Octopus 
User-agent: Offline Explorer 
User-agent: Offline Navigator 
User-agent: PageGrabber 
User-agent: Papa Foto 
User-agent: pavuk 
User-agent: pcBrowser 
User-agent: RealDownload 
User-agent: ReGet 
User-agent: SiteSnagger 
User-agent: SmartDownload 
User-agent: SuperBot 
User-agent: SuperHTTP 
User-agent: Surfbot 
User-agent: tAkeOut 
User-agent: Teleport Pro 
User-agent: VoidEYE 
User-agent: Web Image Collector 
User-agent: Web Sucker 
User-agent: WebAuto 
User-agent: WebCopier 
User-agent: WebFetch 
User-agent: WebGo IS 
User-agent: WebLeacher 
User-agent: WebReaper 
User-agent: WebSauger 
User-agent: Website eXtractor 
User-agent: Website Quester 
User-agent: WebStripper 
User-agent: WebWhacker 
User-agent: WebZIP 
User-agent: Wget 
User-agent: Widow 
User-agent: WWWOFFLE 
User-agent: Xaldon WebSpider 
User-agent: Zeus
Disallow: /

Passwords – Longer is better

Standard

The choice of passwords is often a source of plenty of deliberation. Make it too simple and you will get hacked (check your password for safety here: https://howsecureismypassword.net/) make it too complicated and you cannot remember it and have to write it down.

There are some basic NO NO rules:

  1. NEVER write your passwords down
  2. NEVER use the same password for different things
  3. NEVER simply use your name or date of birth or any other easy to guess passwords (https://nakedsecurity.sophos.com/2010/12/15/the-top-50-passwords-you-should-never-use/)

When you follow these 3 simple rules you are starting to get into the safer zone for online security.

So how do you get a secure AND easy to remember password? 

Here are some ways to do this:

  • You pick a sentense you can remember (Just make sure it is not a simple phrase or a phrase taken from existing literature, because that would make it insecure again.) and only use the first 2 characters of each word:

    The chicken is riding on the roof of the bus = Thchisrionthroofthbu

You could also replace o with 0 (zero), e with 3, b with 8 or & and i with 1
Thch1sr10nthr00fth8u

and this looks like a very secure password. And when you add some special characters !@#$%^&*()_-+= you are getting really save.

cugobuco90
xocivazu85
tudovike47
Xepnym82
etc

  • Password card (http://www.passwordcard.org/en) is a card with random passwords. You can use the passwords on it in any combination. Forwards, backwards, diagonally, every second character, start 3 characters in on the 5th row then diagonally up and right or any other way you can think up and remember.

This way you don’t need to remember your passwords. You just need to remember which way your password is written on the card and it is secure because nobody knows how you are using that card, as long as you NOT simply use them line by line as they are printed on the card. That would be too easy and the only danger with this method. SO AVOID IT.

  • Password manager. I personally use and recommend https://www.lastpass.com/ . I generate passwords very long and randomly with Lastpass and then safe them in there to be kept save with only the one master password I need to remember to access the password manager.

All these are good ways to make you safer online. Good luck.

 

Amazon web services AWS Cloudwatch – difference between Maximum and Average metrics in cloudwatch.

Standard

I asked myself why has my cloudwatch monitoring such a big difference between maximum and average.

Lets just look at some facts first:

Cloudwatch can either monitor every 5 minutes, which is the default or you can select detailed monitoring then it is every 1 minute.

For the sake of this explanation we assume 5 minutes monitoring and we are graphing 1 hour.

So average would do this:

( 2 + 3 + 5 + 7+ 4 + 6 + 3 + 8 + 9 + 4 + 10 + 1) / 12 = 5.1666

So 5.1666 would be shown on the graph

On maximum it would show the highest number 10

And SUM of course would be

2 + 3 + 5 + 7+ 4 + 6 + 3 + 8 + 9 + 4 + 10 + 1 = 62

 

 

 

Get rid of / cancel / delete / don’t show recommended posts from your Tumblr dashboard

Standard

I am unbelievably annoyed about the recommended posts in my own tumblr dashboard.

Here is what to you do to get rid of / cancel / delete / don’t show the recommended posts in tumblr dashboard.

  1. Install Adblock Plus (available for Firefox and Google Chrome)
  2. Click Options
  3. Click Add your own filters
  4. Add the following filter:
    tumblr.com##[data-is_recommended=”1″]

That’s it.

Change WordPress admin password without email access

Standard

There is a multitude of ways to change the admin password for a wordpress installation. Do a Google search, if you don’t like this one.

I find the easiest  to change it directly in the database (database details can be looked up, if you have FTP access and can look at wp-config.php)

  1. Create an MD5 encrypted password – http://www.miraclesalad.com/webtools/md5.php
  2. Log in to your database : Home > Database Management > phpMyAdmin
  3. Credentials can be found on Home > Database Management > MySQL User
  4. Once logged in, find the wp_users table in your database
  5. Select the user you want to change by clicking on the pencil icon
  6. Change the user_pass field by copying the MD5 password created above into the field. Make sure MD5 is selected for the changes to reflect.

Then you can log in again.

Firefox & Downthemall increase number of segments, maximum concurrent downloads

Standard

refer also:

https://bugs.downthemall.net/ticket/1614

This has never been a bug. You can adjust these setting by going into about:config on your Firefox

Then finding

extensions.dta.ntask //for max concurrent downloads

extensions.dta.serverlimit.perserver //for max concurrent downloads per server

extensions.dta.maxchunks //for max segments per download

And setting them to the number you think most appropriate. I used 100 on each of those, but that may be too much for you. Experiment a little bit. You can always lower the settings from within the Down them All interface once you set them really high here.

How to turn off the existing Junk mail filter in Outlook, Windows Mail, and Windows Live Mail

Standard

 

Running more than one spam filter at a time can cause both filters to become ineffective, thus it is only necessary to run Cloudmark’s filter. To disable the Junk filter, follow the instructions below.

 

To turn off Junk filtering in Outlook, Windows Mail, and Windows Live Mail:

For Outlook 2010:

  1. Click on the Home tab.
  2. In the “Delete” section of the task bar, click on the “Junk” icon.
  3. From the drop down menu, select “Junk mail options.”?
  4. Select “No automatic filtering.”
  5. Click “Apply” then “OK.”

For Outlook:

  1. Open Outlook.
  2. Click on the Tools menu.
  3. Choose Options from the drop-down menu.
  4. Click the Preferences tab on the window that appears.
  5. Under “E-mail”, click the Junk E-mail button.
  6. Choose “No Automatic Filtering”, then click Apply, then OK to accept the change.
  7. Restart Outlook.

For Windows Mail:

  1. Open Windows Mail.
  2. Click on the Tools menu
  3. Choose Junk E-mail Options from the drop-down menu.
  4. Click the Options tab on the window that appears.
  5. Choose “No Automatic Filtering” then click Apply, then OK to accept the change.
  6. Restart Windows Mail.

For Windows Live Mail:

  1. Open Windows Live Mail.
  2. Click the Actions menu.
  3. Choose Junk e-mail, then safety options from the drop-down menu.
  4. Choose “No Automatic Filtering” then click Apply, then OK to accept the change.
  5. Restart Windows Live Mail.