Running PHP+MSSQL on IIS

Recently I got a requirement to run a php application which is using MSSQL extension.  I have done to configure IIS to work with Php files and enabled MSSQL extensions on PHP. But the real thing is that I had not luck with able to run the site.  Got the error “canot establish the database connection” After a while search I found that “freetds” library wasn’t enabled on the php to use MSSQL connectivity.

You can download the freetds dll from the noodle repository from here http://download.moodle.org/download.php/dblib/php52/DBLIB_NOTS.zip

This zip containing two files and copy both zip files in “c:\php” and “c:\php\ext” directory.  C”\php has already added in my system path. Then find the proper php.ini and add the following line

“extension=php_dblib.dll “

After restarting IIS service  it’s  starts to work correctly

Before

After,

Cheers

Openfire : Login failure after the installation

I’m using Centos5.4 64 bit OS and installed openfire (open source widely used chat server) rpm distribution. While I’m login to the admin console after the very first login it doesn’t accept my password which I set it there during the installation time. I’m getting the same error and re-installed the rpm again and gain.

How do I sort this out ?????

It’s a very really amazing hack I ever seen before. Just reboot the server and after that everything will be work as it’s designed for

how do I open a port in apf firewall and add my ip trusted.

Apf is a policy based iptable firewall which is very useful for blocking DDoS attack on heavily traffic servers. The issue is when we developrs/testers are using the same server which will deny all the traffic from their static Ip given. This is a major headache in most cases.

1. Opening port in apf firewall
Edit the file "/etc/apf/conf.apf" and find the entry of "IG_TCP_CPORTS" and added the ports to be opened in it.

A sample entry like this, I add the port ’9091″ in it
# Common inbound (ingress) TCP ports
IG_TCP_CPORTS="20,21,22,25,53,80,110,143,443,465,993,995,2082,2083,2084,2086,2087,2095,2096,3306,6666,7786,9091,5222"
Then restart the firewall
[root@host.mydomain.com] ~ >> apf -r

2. Trusting our ip’s on Apf firewall
Add our ip information on ” /etc/apf/allow_hosts.rules“. A sample entry like this
# inbound to destination port 22 from 192.168.2.1
# tcp:in:d=22:s=192.168.2.1#
# outbound to destination port 23 to destination host 192.168.2.1
# out:d=23:d=192.168.2.1#
# inbound to destination port 3306 from 192.168.5.0/24
# d=3306:s=192.168.5.0/24
# my IP ranges
69.16.222.0/24
64.91.239.0/26
187.68.0.0/16
129.16.23.96

Godaddy site hacked : ninoplas Base64

I sudently called, some of developers are complaining that their sites are redirect to somewhere (Open a search link on Bing) and landing pages taking very lone time to load.

Sooner I found that index page is infected with a script and header page was modified also While after deleting the encoded/Unicode which is starting the string “base64_decode” and continues for long lines and found that same is happend all the php files on the same hosting. Suppose if a programmer is remove first line virus affected code and iit will appear a script injected on the output html page which is redirecting to something like “klkskdskjdks.com” which is registered domain on March 15th 2015.
Actions,
1. I changed the hosting to other server restored with a backup copy.
2. I reset the password of all ftp users immediately
3. Restore the file permission with 644 or 754 permission.
4. Executed the following command to remove the first line entry of unicode line from all the .php files.

find . -type f -name “*.php” -exec sed -i ‘/base64_decode/d’ {} \;

Same also useful for removing malicious code inserted on all the html, js files.
ssh to the documentroot directory,

$find . -type f -name "*.html" -exec sed -i '/BDJSDJDS/d' {} \;

$find . -type f -name "*.js" -exec sed -i '/BDJSDJDS/d' {} \;

You can also use this scripts to identify the infected files which containing malicious scripts.

#grep -H -r "var sSecureQ='';var aV=function(){};var checkL;var" html/ -R | cut -d: -f1

Where,
“var sSecureQ=”;var aV=function(){};var checkL;va is a first lines of that code.
html = the path where search will occur.

This time that script is no longer appear on the index page and we escaped temporarily.
5. Review the webserver access logs but noting found on it. I also noticed that some of the html pages were affected at the same time.

I found site was hacked because one of the add one domain/ ftp users account was compromised or hacked. Since the Godaddy using virual ftp user alias name which means an alias name is mapped to a web location and each read/write operation done by the alias user is executed on behalf of actual primary ftp user.

So if a hacker knows about the location of the web files placed on the same hosting, he can easily able to access the files and executed the code using the privileges of the primary ftp user name.

How do I clone the MAC ID on windows

1. Identify the new mac ID to be cloned and write it down.
2. Go through “Local area Connection properties” (execute “ncpa.cpl” on Run command window)–> properties –> Configure –> General–>Advanced–>. Then select the ” Network address” from the list box and add the hexadecimal MAC ID (Value) which you copied from the source machine. Enter it without using hypen (-) in between them and save it.

2. Now you can see the MAC ID has changed to the new one you given.

This little hack works for me to get internet connection both on my Desktop and Laptop during the switching time Especially my ISP service is Asianetindia.com

Follows the screenshots shown below,

How do I remove older backup automatically both for Linux and Windows

This is really helpful to Sys-Admin who is managing various backup on different geographical locations.

For Linux,

The following commands will help you to remove your old backup which cost disk usage. I used this script to remove the older backup using a cronjob.

[root@ip-8-11-50-231 database]# crontab -l
00 04 1,16 * * /usr/bin/find /home/remoteftp/database/* -mtime +30 -exec rm {} \;

This cron job will check and delete the files which are older than 30 days.

For Windows,

I uses the command “forfiles” to do.
FORFILES [/P pathname] [/M searchmask] [/S] [/C command] [/D [+ | -] {MM/dd/yyyy | dd}]
Description: Selects a file (or set of files) and executes a command on that file. This is helpful for batch jobs.

Parameter List:
/P : pathname, Indicates the path to start searching. The default folder is the current working directory (.).
/M : searchmask, Searches files according to a searchmask. The default searchmask is ‘*’ .
/S : Instructs forfiles to recurse into subdirectories. Like “DIR /S”.
/C : command Indicates the command to execute for each file. Command strings should be wrapped in double
/D : date, Selects files with a last modified date greater than or equal to (+), or less than or equal to (-), the specified date using the “MM/dd/yyyy” format; or selects files with a last modified date greater than or equal to (+) the current date plus “dd” days, or less than or equal to (-) the current date minus “dd” days. A valid “dd” number of days can be any number in the range of 0 – 32768. “+” is taken as default sign if not specified.

I have create batch file and add the following line in to it. I added some other location on the same server to delete other backup also using the same batch file. I use the ftp to push the backup to this location ( >zip files)and set a scheduler to execute this batch file once in every month.

Here is my batch file content and I uses Windows 2003 server.

rem " removing Web backup which is older thant 30 days
forfiles /P D:\FTP\LocalUser\svrbkp\live\webfiles /s /D -30 /M *.zip /C " cmd /c del @path"
forfiles /P D:\FTP\LocalUser\svrbkp\live\database /s /D -30 /M *.zip /C " cmd /c del @path "
</code>

How do I add route on Mac OS or Disable internet on MaC for testing offline application

I have created two scripts which is added on sudo list. One is for removing default gateway and another one is adding the gateway.

1. # vi en_web.sh and add the following line
/sbin/route add -net 0.0.0.0/0 192.168.0.9
2. vi dis_web.sh and add the following lines
/sbin/route delete -net 0.0.0.0/0

3. Add the sudo entry for the user
# visudo , add the lines,save and quit

# Sys-admin added the following lines
User_Alias DEVTEAM = jomon
Cmnd_Alias USERCMD = /Users/jomon/en_web.sh, /Users/jomon/dis_web.sh
DEVTEAM ALL = NOPASSWD : USERCMD

rc-140:~ jomon$ sudo /Users/jomon/dis_web.sh
delete net 0.0.0.0
rc-140:~ jomon$ ping google.com
PING google.com (209.85.231.104): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
ping: sendto: No route to host
ping: sendto: No route to host
^C
— google.com ping statistics —
4 packets transmitted, 0 packets received, 100% packet loss
rc-140:~ jomon$ sudo /Users/jomon/en_web.sh
add net 0.0.0.0: gateway 192.168.0.9
rc-140:~ jomon$ ping google.com
PING google.com (209.85.231.104): 56 data bytes
64 bytes from 209.85.231.104: icmp_seq=0 ttl=55 time=305.435 ms
64 bytes from 209.85.231.104: icmp_seq=1 ttl=55 time=86.583 ms
^C
— google.com ping statistics —
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 86.583/196.009/305.435/109.426 ms

-njoy

MySQL : Passwordless root login

How do I skip asking mysql root password every time I logged as  system “root” account ?

1. Create a “.my.cnf” in root user home directory.
2. add the following entry on it and save and quit.

[client]

user=”root”

pass=”HdfH8%KS9s”

3.  Change the file permission to 700.
[root@rc-040 ~vi ~/.my.cnf
[root@rc-040 ~]# chmod 700 .my.cnf
[root@rc-040 ~]# ls -la  .my.cnf
-rwx------ 1 root root 37 Apr 11 22:20 .my.cnf

Same can be done for each users. But don’t forget to change the file permission.

Disabling sending cronjob mails

I faced an issue with disk quota with a user accounts. After checking, it’s noticed that he has set few cronjobs which run every 3 minutes and sending log emails to the same user’s email as well caused such trouble.

Solution is,

I have added a line for stopping cron to send log messages and routed the output of said task to /dev/null.

MAILTO=”"
1. */3 * * * * /usr/bin/php /var/www/cron_send_alert.php &> /dev/null

-njoy

Hacking – Internet explorer saved passwords

Here is some tricks to hack all the saved password on IE. I want to hack the email account password of of user in order to check the official emails which he/she has been saved on IE.

Method,
1. I have a portable Firefox installed on my USB storage drive. I asked his/her permission to copy some files from it to somewhere on the network.

2. I just copied the Firefox installation directory to HDD and open the launcher ( firefox.exe)

3. Here is the trick, It’s asking for the first time to import “settings” from IE and I just forward the window quickly. Now I have everyting she/he saved on the IE on firefox. I copied the “Mozzilla” folder from user profile directory and replaced it with my ‘desktop” on the same path.

4. Open the firefox
Tools–> Options– Security—>
We can see a button for “Show all saved password” click on it Now I can see all the saved password of her/him

–Cheers. Do such thing only for good purpose