Categories
Blog: My thoughts Operating System PHP Server Configuration

Linux Upgrade from 12.04 to 14.04: Save the day

So, this fine sunday, I think I wake with “lets spoil the day” mood. I start by checking my server to see how it is doing. A regular log view and updates I perform on my VPS. all was good, until I realise an update is available for my billing software. I decide to purchase an update for it. Before buying I forgot to check system requirement. Well it is just an update, and we install it every here and there for other things. So, I have updated copy of my billing software, which I follow the steps of upgrade and upload to my live server. All went well until I reach for software to suggest install PHP 5.6 instead of version I had. Well no problem how hard it is to update PHP in ubuntu 12.04, just matter of running apt-get.

Soon, I realise PHP 5.6 was never release for OS, and I need to use PPA. Found an old tutorial teaching me how to use PPA as it is my first time for it, the blog explain everything good, found couple more article but they are nearly the same. So, I went on and install the PPA and update the PHP 5.6. I run a command line to see what version of PHP is there and it correctly shows 5.6. So far so good, but suddenly “If anything goes wrong will go wrong” statement hit me. It only update CLI PHP not apache version. Damn, what is wrong with it.

PPA on Ubuntu 12.04 LTS need Apache 2.4 and Apache 2.4 never makes to Ubuntu 12.04. So, again there is PPA for apache but that doesn’t work for me well. I mean it does update few things, but cannot make PHP’s Lib for Apache to get installed. At this very moment, I have two options. Either I rollback all updates to my Backup Copy, or I move ahead to upgrade OS to 14.04 LTS. I choose later one.

Simply run “do-release-upgrade” and follow the course of stream. but it stuck as VestaCP’s APT repo didn’t work with upgrade. Not sure why, I just remove them from APT repo’ List and all goes well. All updated nothing is broken but Apache. It is broken because my previous attempt of PPA apache upgrade leave it broken and in conflicting state.

I remove and try reinstall apache without PPA, but that cause more conflict. After hit and trial with PPA and non PPA apache, I end up getting it upgrade and everything running.

There is no technical details shared in this post, as this post is not for Step on how to do it, but what not to do it. And that is only one thing, never miss reading about what upgrades you are going to do, never miss system requirement before paying someone. It only took me 4 hrs to get it all going, and frankly it turns out to be Positive for me, as it get my pending upgrade of OS done. But, I would have save my day if I read the simple requirement before buying the upgrade for billing software. I would have avoided unnecessary upgrade path, and reduce the down time to say 1 hr at most instead of 4 hrs. Good thing my blog is not a business, but never try that at client server.

Categories
Operating System PHP Server Configuration

.htaccess Hack

Today, I got another wordpress that stop working and start giving 404 error. Previously client got it fixed by removing .htaccess from his installation and get it working. I thought he might mess his wordpress himself. But when we got similar error today I search and little and find that in .htaccess there is a php injected to wordpress which reside at  “/tmp/25454b22bf39c75795851f39d5e347c4”, after opening the file it looks like professional white script. But knowing computer programmer, only a hacker or idiot can place an important file in /tmp folder. Anyways, I don’t know the cause of hack yet, but I saw following pattern:

1.  Hack is known for wordpress and OsCommerce as of now. [I personnely see only wordpress below 3.0.5 been hacked, rather more specific to 3.0.4 version]

2. Hack need .htaccess file and /tmp folder, so only Linux [can they use windows temp? not know] and surely for Apache user it is an issue.

I cannot say wordpress or oscommerce is broken, but definately there is a control upload script that copy file to /tmp folder which is usually public readable. and then getting .htaccess is problem.

So if you are on Linux/apache and your software does the .htaccess read/write then you need to be beware.

Precaution

1. Make your .htaccess read only by user and group at most not for public

2. Create a empty non writable file /tmp/25454b22bf39c75795851f39d5e347c4 so in case someone try to copy it fails as file already exists.

3. Change your Passwords

4. Upgrade your software to latest version

5. Do not upload any theme or plugin which is not from known or tested source.

6. Look for vendor recommendation before installing any plugin.

Phew, so far my wordpress is safe, been on windows hosting I am sure the hack will be different if any, lets wait and see.

EDIT:  After few days of writing this article I found few instance where I can safely says that it is not a wordpress or OsCommerce hack, but rather a hack related to either Linux Operating System, or Apache Web server or Plesk Control panel. For sites I see this hack only those three are in common. All those site I saw get hacked in above way are not written by one developer, not belong to one server [except they all use plesk and apache], not using only Mysql [do you really thing mysql query can create ,htaccess?]  So, I give Clean chit to any Open source software as of now from this hack. This is indeed a server hack, Still no reason known to me.

Good luck guys !!!


Categories
Joyous Operating System Server Configuration

Apache and IIS 7

Been a web development company, my company need to setup a local server that allow developers to work on centralized server for ease of use and development. For this we got one Physical server. Our requirements are simple, we need IIS 7 to let the development on ASP.NET take place and we need Apache to have support for .htaccess files. Though we can do URL rewrite and more other things with IIS 7 but some of our clients have Linux hosting only, so we have to technology that our clients use.

Now I have two options, I create a Virtual Machine one over other, where one machine is Linux and other is Windows. My company got Windows 2008 Web edition License through Microsoft WebSpark program. So I decide to without Virtual machine, as I don’t like virtual machine for development purpose, they are just too much overhead. So what I did is, I install windows 2008 as Operating system, with IIS 7. Install the Web Platform using Microsoft Web Platform, which also installed ASP.NET 2.0 and ASP.NET 4.0 and SQL Server which is good enough for small scale development.

Now, it is time to configure server for PHP team, well quite a simple stuff, I download the MySQL Community edition and install it. Easy and neat. Now Download the Apache HTTPD server and install it. However I just change it’s Listen Port from 80 to 700 [just any random port] and we are done. Web Installer already install and configure PHP on IIS 7, and I use PHP-cgi from its folder to run as Apache CGI application. Hope that is decently good platform until we get our second server for development.

Our server is now become a host for:

IIS 7

Apache HTTPD server

MySQL

SQL Server

Visual SVN

Yeah it does all those, and you will get surprised to know that it runs on regular PC configuration with core2duo 2.0 GHz on intel Desktop board without RAID. It servers 1 SQL server per second per stats and have more than 20 GB of data as Web application scripts with more than 100 website configured to run on this server. And Mind it the server runs 24×7 and used only 9 hrs of production, rest of other time it just serve for Demo to client.

Isn’t it that nice little server.

Categories
.NET ASP.NET Blog: My thoughts PHP

Make Web Not War

This is what Microsoft has to say through it’s WEB portal (http://www.microsoft.com/web ), where it distribute one of leading platform for Web application development and deployment.

Well this message can be a direct/indirect attack on those who thing Microsoft is up again only making $$$ and not services. Well guys you are wrong, check this website out. You will find PHP and hence any software made on PHP works fine on Windows server and that to with easy. I am using PHP on Windows from IIS 5.5 and it always work fine for me, but with IIS 7 and MS WEB it is really getting much easier to install PHP and any application on it.

I like the concept and idea, love to see same thing from Apache when they start support for .NET framework ?

Categories
Server Configuration

SELinux and Apache Permission Denied

Hi,

Today I have new problem with my apache 2.0 installation. It stop Picking document root files and give Permission denied Error in Apache Error log for those folders … Seems strange to me.

I give FULL permission to that folder, try each and every combination of permission and owner that I think should work, but no use.

Why … as this is first time I was running apache on SELinux enable system. It is “Extended Security for Linux”

Thanks to this post in Experts Exchange I got the solution
http://www.experts-exchange.com/Web/Web_Servers/Apache/Q_21171001.html

Last comment by kbensch is correct solution

It says to check the object Permission in extended mode with

ls -Z /dir/where/www/root/will/be

and than change it to permit httpd service to use it as its own data rather than users data using

chcon -R -h -t httpd_sys_content_t /dir/where/www/root/will/be
Though not sure what effect it has on user accessing this data … as i am still new to linux and it has Extended Security now …

Thanks to Experts exchange to bank that question for me 🙂

Sumit Gupta
(My Experts Exchange UserName is VIkasumit :o) )