bob on June 25th, 2008
Here is the set of directories which let you install mod_perl onto a cpanel server.
* You can go to your existing account or create new account where you will install mod_perl. You may select either the rvskin admin account or fantastico admin account. Suppose if you’ve install it in the rvadmin account then you can proceed as below.
* SSH into the server, and go to:
cd /home/rvadmin/ directory
* Get the mod_perl-1.29.tar.gz
wget http://perl.apache.org/dist/mod_perl-1.0-current.tar.gz
* Unpack the file:
tar xzf mod_perl-1.29.tar.gz
* Move to the mod_perl directoy:
cd mod_perl-1.29
* Configure
perl Makefile.PL USE_APXS=1 WITH_APXS=/usr/local/apache/bin/apxs EVERYTHING=1
* Run Make
make
Run Install
make install
* Activate Mod Perl
/usr/local/apache/bin/apxs -a -n perl -i libperl.so
#########
Now Create the script as shown below, and add it to the root directory of the mod_perl account holder (for this case rvadmin), and modify the permissions (chmod +x add-mod-perl.sh), so to add mod_perl back into apache, you just require to run the script, and then confirm that apache restarted with mod perl in it, you can then check in WHM/News to see if mod_perl is listed .
#########
Now you will need to run if you re-compile Apache. The mod_perl binary is at
/home/rvadmin/mod_perl-1.29/apaci/libperl.so, to make it more simple just put the following lines in a file:
— cut here —
#!/bin/sh
libperl=/home/rvadmin/mod_perl-1.29/apaci/libperl.so
apxs=/usr/local/apache/bin/apxs
$apxs -a -n perl -i $libperl
/etc/init.d/httpd stop
/etc/init.d/httpd start
— cut here —
Name the file add-mod-perl.sh and execute “chmod +x add-mod-perl.sh”. after compiling apache run the script (”./add-mod-perl.sh”) and it should now work.
bob on May 19th, 2008
mod_rewrite simple tutorial
The potential of mod_rewrite is enormous that have many functionalities on Apache web server, It also help if you to hide the structure of your website and the script which passes the arguments. Here is the simple mod_rewrite tutorial.
This is your website www.domain.com
and you have a script which passes the arguments.
So your url look like this:
www.domain.com/index.php?query=xxx&id=yyy
mod rewrite enables you to change that into:
www.domain.com/xxx/yyy/
First of all make sure that mod_rewrite is available on your server and turned on.
You can check that out by creating a file (let’s call it phpinfo.php) with the following content:
PHP Code:
<? phpinfo(); ?>
Go to that page and search for mod_rewrite. If you find it you’re good to go.
If not, contact your host.
OK, now create a .htaccess file with this content:
Code:
Options +FollowSymLinks
RewriteEngine On
RewriteRule ^(.*)/(.*)/$ index.php?query=$1&id=$2 [L]
Upload the file to your server into the folder that contains the script.
Now when someone requests “something” on your server, it automatically gets transcribed to index.php?query=something&id=something
In case if you want your site to look like this:
www.domain.com/xxx-yyy.html
Follow this;
This is the setup for the .htaccess file:
Code:
Options +FollowSymLinks
RewriteEngine On
RewriteRule ^(.*)-(.*).html$ index.php?q=$1&id=$2 [L]
Now, you need to just update the links in your website and your site is SEO friendly and will hard to hack.
If you have static links you have no problems, but for instance if your script is generating the urls based on various conditions.
So here’s the old code:
PHP Code:
<html>
<body>
…
…
<?
echo ‘<a href=”$siteurl/index.php?query=type&id=$id”>Link</a>’;
?>
You’d change it to:
PHP Code:
<html>
<body>
…
…
<?
echo ‘<a href=”$siteurl/type/$id/”>Link</a>’;
?>
for the first type of url rewrite.
Or:
PHP Code:
<html>
<body>
…
…
<?
echo ‘<a href=”$siteurl/type-$id.html”>Link</a>’;
?>
for the second type.
Hope it helps.
bob on April 29th, 2008
Here is the method by which you can secure & optimize VPS/VDS
Checking for formmail:
Form mail is used generally by hackers to send out spam email, by relay and injection methods. If you are using matts script or a version of it, you may be in threat.
Command to find pesky form mails:
find / -name “[Ff]orm[mM]ai*”
CGIemail is also a security risk:
find / -name “[Cc]giemai*”
Command to disable form mails:
chmod a-rwx /path/to/filename
(a-rwx translates to all types, no read, write or execute permissions).
(this disables all form mail)
If someone on your vps installs form mail, you will have to let them know you are disabling their script and give them an alternative.
Root kit Checker (rkhunter or chkrootkit)
Check for a root kits via a cron job, by doing this you will regularly check if your server is comprised, and you will be sent regular reports.
To install chkrootkit, login to the server as root and on the command line interface type:
cd /root/
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar xvzf chkrootkit.tar.gz
cd chkrootkit-0.47
make sense
To run chkrootkit, type the following on the CLI:
/root/chkrootkit-0.47/chkrootkit
To ensure the highest level of security setup a cronjob that emails you the results on a regular basis.
Setup Email on Root Login (to detect breaches)
If an some one unauthorized gains access to root, you want to be notified - you can do so by doing the following while logged into root:
cd /root
vi .bash_profile
Add the following line:
echo ‘ALERT - Root Shell Access on:’ `date` `who` | mail -s “Alert: Root Access from `who | awk ‘{print $6}’`” your@email.com
Where your@email.com is your email address.
Save an exit vi: :wq
To change the SSH Legal Message (displayed when you login via SSH), edit /etc/motd to display the message you wish to show.
Securing WHM and cPanel:
By default cPanel/WHM is not setup securely and efficiently, so you will want to optimize the cPanel/WHM settings by doing the following:
Go to: Server Setup -> Tweak Settings
Under Domains tick:
· Prevent users from parking/adding common internet domains (hotmail.com, aol.com, etc)
Under Mail tick:
· Attempt to prevent pop3 connection floods
· Default catch-all/default address behavior for new accounts - set this to FAIL
Under System tick:
· Use jailshell as default on new accounts
Go to: Server Setup -> Tweak Security
· Enable php open_basedir protection
· Enable mod_userdir protection
· Disable compilers for unprivileged users
Go to: Server Setup -> Shell Fork Bomb Protection
· Enable shell bomb/memory protection
When creating reseller packages, be sure to:
· Disallow creation of packages with shell acces
· Disallow creation of packages with full root access
Go to: Service Configuration -> FTP Configuration
· Disable anonymous FTP access
Go to: Account functions -> Manage Shell Acess
· Disable shell access for all users (except yourself)
Go to: MySQL -> Manage Root Password
· Change Root Password for MySQL
Go to: Security -> Quick Security Scan for Trojan Horses, and make sure you don’t have any of the following infected:
· /sbin/depmod
· /sbin/insmod
· /sbin/insmod.static
· /sbin/modinfo
· /sbin/modprobe
· /sbin/rmmod
Update OS and Software:
If you are running cPanel:
· Update cPanel: /scripts/upcp
· Update Apache: /scripts/easyapache
If you are not running cPanel:
· Update OS and software: yum upgrade
General OS Security (do not need to be running cPanel):
Restict SSH access:
For improved security
bob on March 28th, 2008
Here are the list of shopping cart software both in open source and paid service;
ABC Estore
AbleCommerce
AbleCommerce
AbleCommerce (ASP.NET)
AbleCommerce (Cold Fusion)
A-CART Pro
Actinic Business
Actinic Catalog
Actinic Developer software
Actinic Order Manager
Advanced Cart
AFCommerce
Affiliate Guerrilla
Agora Cart
ampleShop
AShop Deluxe
AShop Deluxe 3-Domain License
ASPCart
AspDotNetStorefront ML
AspDotNetStorefront Pro
AspDotNetStorefront Standard
Avactis Shopping Cart
Avetti Commerce
BakeSale
Bizar Shop
BlueCart
BugMall
BusyBeeCart
BVC 2004 Enterprise
BVC 2004 Express
CactuShop
CandyPress Store Administration
CandyPress™ Store Administration
CandyPress™ Store Frontend
Captures
Cart Genie
Cart32 Enterprise Edition
Cart32 Free Edition
Cart32 Small Business Edition
CartIt Commerce System
Cartweaver 2
Cartweaver2 (Cold Fusion)
CATALooK.net Store Pro
cf_ezcart
CFWebstore
Charon Cart 3
Cigtek
ClearCart
ClickCart
ClickCartPro
clicshop
Clockwatchers Free
Clover Shop Lite
Clover Shop Pro
Clover Shop Ultralite
Clover Shop Ultrapro
Comersus Cart
CometMall e-Store
Commerce.cgi
CommerceV3
CRE Loaded
CS-Cart shopping cart software
CubeCart
CyberOffice (CyberShop)
CyberStrong eShop
Dansie
digiSHOP
EasyCart
eCart Professional
Ecommerce Templates (ASP)
Ecommerce Templates (PHP)
Ecommercemax Online Retail Store
Edit-X Ecommerce
EROL
EShoppingPro
Evolve eCart
Evolve Merchant
Ezimerchant Professional
fipsShop light
Fortune3 E-Commerce Wizard
Free PayPal Shopping Cart
FreeWebshop.org
GetPaid
GoECart
Hassan Consulting’s Shopping Cart
Hazel Enterprise
Heavy Metal
iisCART2000
Interchange
IntLink E-commerce
Kickasp Delux Shopping Cart
KonaKart
LetMeShop
Lite Commerce
LoadedAU
Magento
MagicWay Shopping Cart
Mal’s e-commerce Shopping Cart
Mcart 2005
MetaCart e-Shop V-8
MetaCart Free
MetaCart2
MetaCart2 for SQL Server
Midicart ASP Complete
Midicart ASP Designer
Midicart ASP Plus
Midicart PHP
Midicart PHP Complete
Midicart PHP Designer
MiniShop
MIVA Merchant 5
MMK Cart Affiliate e-commerce Suite
Mountain Commerce
MX Kart
NOP’s Free Shopping Cart
OpenCart
oscMall
osCommerce
PayPal Shopping Cart
PDG Commerce
PDG Shopping Cart
PDshop Asp.Net Edition
PDshopPro Advanced
PDshopPro Plus
PDshopPro Standard
PepperCart
PepperCart Basic
PHP Shop
PHP Simple Shop
PHPBasket
phpCart
Pinnacle Cart
ProductCart
ProductCart Build To Order
Q-Shop Pro
Quick.Cart
QuickEStore
QuikStore
RealCart
SalesCart PRO
SearchFit
SecureNetShop
Shop a la Cart
ShopDotNet
Shopping Cart
Shop-Script FREE
Shop-Script PREMIUM
Shop-Script PRO
ShopSite
ShopZone Professional
SiteDirector
Smilehouse Workspace Small Business
SoftSlate Commerce
Squirrelcart
StaticCart
StoreFront Advanced Edition (AE) Software
SunShop
SurfShopPRO
TopShopper Classic
Tradingeye
Trolleyed Lite
uShop
uStorekeeper
VevoCart
ViArt Shop
ViArt Shop Free
VIP Cart
Volusion Ecommerce Licensed Version
VP-ASP
Web+Shop
WebCart
WebGenie Shopping Cart Professional
WEBMASTERCART
WebStores 2000
X-Cart Gold
X-Cart Pro
XSE
Zen Cart
Feel free to add more shopping Cart..
bob on March 28th, 2008
Since, MySQL tables have a way of corrupting themselves. However MySQL offers a quick and easy method of repairing those tables.
Check how you can repair the corrupt MySQL tables;
Login to your VDS via SSH and change directories to the database that is having problems.
cd /usr/local/mysql/var/[DBNAME]/
You will need to replace [DBNAME] with the actual name of your database.
Stop the MySQL server:
/etc/rc.d/init.d/mysql stop
NOTE: Accounts created before July 7th, 2003 will want to use:
/etc/rc.d/init.d/mysqld stop
To check the tables:
myisamchk *.MYI
To repair tables:
myisamchk -r *.MYI
Restart MySQL:
/etc/rc.d/init.d/mysql start
NOTE: Accounts created before July 7th, 2003 will want to use:
/etc/rc.d/init.d/mysqld start
Alternatively, if you do not want to shut down MySQL, you can use mysqlcheck.
mysqlcheck [DBNAME]
To repair the database tables:
mysqlcheck -r [DBNAME]
You will need to replace [DBNAME] with the actual name of your database.
For additional help and documentation you can check here:
http://dev.mysql.com/doc/mysql/en/Table_maintenance.html
http://dev.mysql.com/doc/mysql/en/Using_mysqlcheck.html
