UnixServerAdmin

Server Administration & Management

Mod_Security: Access denied eror code 403

You may get the following error in Apache logs:-

===================================================
mod_security: Access denied with code 403. Error reading request body, error code 70007:
The timeout specified has expired
===================================================

Fix:-

1. Open the Apache configuration file

# vi /usr/local/apache/conf/httpd.conf

2. Change the  Timeout value to 300

3. Restart Apache service.

# /etc/init.d/httpd restart

Issue will be fixed.

June 30, 2011 Posted by | Mod_Security | | 1 Comment

Customizing a rule regarding Mod_Security

If you need to customize a rule do not change the asl*conf files. These files will be overwritten by updates. If you need to change a rule because it is incorrectly blocking something we recommend you report it to use as a False Postive, using the Reporting_False_Positives procedure. If you simply want to modify a rule to perform different actions, then copy the entire rule into your own rule file, and make sure you tell mod_security not to enable the original ASL rule. You can do that by using the mod_security action SecRuleRemoveById. Here is a simple example:

If you had an original rule like this:

 SecRule REQUEST_URI “/foo” “t:normalisePath,id:9000000,rev:1,severity:2,msg:’Atomicorp.com WAF Rules: Block /foo'”

And you want it to block “bar” instead of “foo”, then you would copy the entire rule into your own custom rule file. If you are using our rules we recommend you use the filename 99_asl_zzz_custom.confm and change the id: field to an unused ID.

 SecRuleRemoveById 9000000
 SecRule REQUEST_URI “/bar” “t:normalisePath,id:9999999,rev:1,severity:2,msg:’Atomicorp.com WAF Rules: Block /foo'”

These are the reserved ranges:

*     1-99,999; reserved for local (internal) use. Use as you see fit but do not use this range for rules that are distributed to others.
*     100,000-199,999; reserved for internal use of the engine, to assign to rules that do not have explicit IDs.
*     200,000-299,999; reserved for rules published at modsecurity.org.
*     300,000-399,999; reserved for rules published at gotroot.com.
*     400,000-419,999; unused (available for reservation).
*     420,000-429,999; reserved for ScallyWhack.
*     430,000-699,999; unused (available for reservation).
*     700,000-799,999; reserved for Ivan Ristic.
*     900,000-999,999; reserved for the Core Rules project.
*     1,000,000 and above; unused (available for reservation).

June 29, 2011 Posted by | Mod_Security | | Leave a comment

How to disable USP Port in Windows

To disable the access to USB port, in windows XP and 2000, follow the steps below :-

1. Click Start, and then click Run.

2. In the Open box, type regedit, and then click OK.

3. Locate, and then click the following registry key:

HKEY_LOCAL_MACHINE –> SYSTEM –> CurrentControlSet –> Services –> UsbStor

4. In the right pane, double-click Start.

5. In the Value data box, type 4, click Hexadecimal (if it is not already selected), and then click OK.

6. Quit Registry Editor.

To re-enable a disabled port, follow these steps below :-

1. Click Start, and then click Run.

2. In the Open box, type regedit, and then click OK.

3. Locate, and then click the following registry key:

HKEY_LOCAL_MACHINE –> SYSTEM –> CurrentControlSet –> Services –> UsbStor

4. In the right pane, double-click Start.

5. In the Value data box, type 3, click Hexadecimal (if it is not already selected), and then click OK.

6. Quit Registry Editor.

June 28, 2011 Posted by | Windows | , , | 1 Comment

How to connect BSNL EVDO Connection in CentOS/RHEL

Here’s how you can configure a BSNL CDMA data modem to work in Linux. The device I have is a HUAWEI EC325 meant for the 144 Kb/s connection, but this guide should work fine for other BSNL devices as well (2 Mb/s device, for eg.) Let’s start off by installing the software. We’ll be needing wvdial and gnome-ppp. So let’s install that.

# yum update

# yum install wvdial gnome-ppp

The next step is to setup wvdial. Follow these steps:

1. Make sure the device is plugged in.

2. Type the following command (as root)

# lsusb

3. You’ll see a bunch of lines of the form:
Bus XYZ Device XYZ: ID AAAA:BBBB [Name of Device]

4. Note down the AAAA and BBBB part of your BSNL device. In case no such device is listed, unplug all USB devices except your data card and run the command again. All entries except one will have AAAA and BBBB values of 0. Note this down.

5. Alright, now we have the vendor and product ID of the device. Type the following command:
#modprobe usbserial vendor=0xAAAA product=0xBBBB
(Here replace AAAA and BBBB with the ID you wrote down earlier)

6. Now we can configure wvdial. We’ll need to edit the wvdial.conf file. So do this:

#  vim /etc/wvdial.conf

7. Edit it so that the [Dialer Defaults] section looks like this:

[Dialer Defaults]
Init1 = ATZ
Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
Stupid Mode = 1
Modem Type = USB Modem
ISDN = 0
Phone = #777
New PPPD = yes
Modem = /dev/ttyUSB0
Username = Your BSNL username here
Password = Your BSNL Password
Baud = 460800

Here, replace username and password with the ones provided to you by BSNL.

8. Let’s test if everything’s working. Type:

# wvdial

9. If everything’s configured properly, you should see a series of lines in the terminal and the connection should be successful. You might want to fire up the browser and visit a site to check if it’s working…

10. Now let’s configure gnome-ppp. Start it up by running Run -> ‘gksudo gnome-ppp’

11. Click Setup

12. In the Modem page, set Device to “/tty/USB0”, Type -> USB Modem, Speed -> 460800, Volume -> Off, Wait for Dialtone -> Checked.

13. Leave the Networking page as it is. The Options page should look something like this:

gppp Options

14. Close the Setup page, type your username and password in the respective boxes and click connect. If you did everything right, the connection should get established.

15. All done! Now you can create a shortcut to ‘gksudo gnome-ppp’ and configure it to start at system startup (using Sessions manager in Gnome/KDE).

June 27, 2011 Posted by | Windows | , , | Leave a comment

Changing Remote Desktop Port in Windows

How to change Remote Desktop port from default TCP 3386 to any port number you want as according to your requirement. This might be needed if the default port is already used by other application on your network.

1) Let me use Windows 7 as example here: Go to Start and run registry editor program (regedit)

2) Registry editor window will appear, browse and locate following registry subkey – PortNumber. Right click to modify it.

–> HKEY_LOCAL_MACHINE –> SYSTEM –> CurrentControlSet –> Control –> TerminalServer –> WinStations –> RDP-Tcp –> PortNumber

3) Change to decimal mode, after that key in new port number. As an example, I change it to port 20000. Click OK and close registry program finally.

Note: Please note that if you have enabled firewall on this Remote Desktop enabled computer, you need to configure firewall to permit Remote Desktop traffic on new port. If not, other users will face problem to connect to this computer.

4) Restart you computer or Remote Desktop program for the change to take effect. From now on other user can only connect to this Remote Desktop enabled computer by using client program in this format: IP-address:port-number (example: 192.168.1.100:20000)

June 26, 2011 Posted by | Windows | | 5 Comments

IP Forwarding – How to make Windows as a Router

Router (Windows XP Professional)

Network Card A (connect to network A):
IP: 10.10.10.1
Netmask: 255.255.255.0
Gateway (GW): [leave it blank]

Network Card B (connect to network B):
IP: 192.168.20.1
Netmask: 255.255.255.0
Gateway (GW): [leave it blank]

Network Card C (connect to Internet via cable/dsl connection)
This information will be based on the Internet connection service which you have subscribed.
IP: 192.168.1.1
Netmask: 255.255.255.0
Gateway (GW): 192.168.1.1

Configure all the computers in network A with following information.

Network A
IP: 10.10.10.2-254
Netmask: 255.255.255.0
Gateway (GW): 10.10.10.1

Configure all the computers in network B with following information.

Network B
IP: 192.168.20.2-254
Netmask: 255.255.255.0
Gateway: 192.168.20.1

Ok.. Now it’s the time to configure IP forwarding on that router…

1) Go to Start and click Run, then type in regedit to run registry editor.

2) Registry editor window will appear. Browse for the following registry key at the left hand side window:

–> HKEY_LOCAL_MACHINE –> SYSTEM –> CurrentControlSet –> Services –> Tcpip –> Parameters –> IPEnableRouter

Right click IPEnableRouter registry object, and click Modify.

Note: Be extra careful when you deal with registry editor, wrong editing will crash you Windows OS.

3) The IPEnableRouter window will appear. Type 1 as Value data and click OK.

4) Close the regisrty editor and reboot the computer. After rebooting, all the computers should be able to access Internet and also share the file/printer between network A and B.

Note: When I did the test, IP forwarding will only work after rebooting the computer. So don’t forget to do it.

June 25, 2011 Posted by | Windows | | Leave a comment

Quick Way to Solve Page Cannot be Displayed Problem in Internet Explorer in Windows

If you encounter the page cannot be displayed in Internet Explorer in Windows XP, and you have actually configured network setting on this computer correctly, managed to ping gateway IP and could resolve domain name/URL with no problem by using nslookup, then most likely the problem is caused by unregistered dll files.

Please follow simple steps here to register dll files and test again:

1) Go to Start and click Run.

2) Run window will appear. Type cmd and click OK.

3) Command prompt window will appear, after that type following 2 commands.

regsvr32 urlmon.dll
regsvr32 actxprxy.dll

4) Continue to register following 6 dll also.

regsvr32 scrrun.dll
regsvr32 msxml.dll
regsvr32 mshtml.dll
regsvr32 shdocvw.dll
regsvr32 browseui.dll
regsvr32 msjava.dll

5) Reboot computer and open Internet Explorer to test again.

Note: Please also check whether you have enabled personal firewall (Windows firewall, antivirus firewall, etc) on this computer. Sometimes personal firewall with wrong configuration would block the IE from connecting to Internet, so you are advised to disable firewall temporary and test again.

June 24, 2011 Posted by | Windows | | Leave a comment

How to connect eth0 to ppp0 in linux

How to connect eth0 to ppp0 in linux              “OR”

How to Setup Linux as router for ppp dial up (PSTN/ISDN) connections

Step –> 1 Turn on ip forwarding in kernel

# vi /etc/sysctl.conf

Step –> 2 Add/modify following line

net.ipv4.ip_forward = 1

Step –> 3 Restart network

# /etc/init.d/network restart

(Note first dial to ISP using wvdial or similar program )

Step –> 4 Setup IP forwarding and Masquerading (to act as router), you need to use NAT option of iptables as follows:

# iptables –table nat –append POSTROUTING –out-interface ppp0 -j MASQUERADE

# iptables –append FORWARD –in-interface eth0 -j ACCEPT

# /etc/init.d/iptables save

# chkconfig iptables on

Step –> 5 You are done! Test it with ping or dig:

# ping google.com
# dig google.com

Step –> 6 Point all client to your eth0 IP address as Router/Gateway.

June 23, 2011 Posted by | Tips & Tricks, Unix/Linux | , , | Leave a comment

How to connect Tata Photon Connection in CentOS/RHEL

1. Remove other usb storage devices such as pen or external hard disk and remove usb-storage driver

# rmmod usb_storage

2. Display information about USB buses in the system and the devices connected to them

# lsusb

3. Detects your modem, its maximum baud rate, and a good initialization string and generates or updates the wvdial configuration file based on this information.

# wvdialconf /etc/wvdial.conf

4. Edit /etc/wvdial.conf File

# vim /etc/wvdial.conf

[Dialer Defaults]
Init1 = ATZ
Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
Stupid Mode = 1
Modem Type = USB Modem
ISDN = 0
Phone = #777
New PPPD = yes
Modem = /dev/ttyUSB0
Username = internet
Password = internet

5. Connect the Internet

# wvdial

June 22, 2011 Posted by | Tips & Tricks, Unix/Linux | , , , | Leave a comment

How to use wget with username and password

There are some sites that ask you to provide a login identity in order to access the restricted section of its filesystem.

The command line with wget is something like this:

# wget –http-user=the-username –http-password=the-passwordhttp://any.valid.url/and_path/and_file’

So you are mostly using wget as in its simple way, which is: wget http://url/path/filename

But with the options

–http-user: Where you specify a valid user to access the restricted area in the remote site
–http-password: Where you specify the password of the above mentioned user.

June 21, 2011 Posted by | Tips & Tricks, Unix/Linux | , , , | Leave a comment

aria2c :- Utility for Downloading files

aria2 is a utility for downloading files.

The supported protocols are HTTP(S), FTP, BitTorrent and Metalink. It has a powerful segmented
downloading ability, downloading a file from multiple sources and multiple protocols and utilizing
your download bandwidth to the maximum. It supports downloading a file from HTTP(S)/FTP and BitTorrent
at the same time, while the data downloaded from HTTP(S)/FTP is uploaded to the BitTorrent swarm. Using
Metalinks chunk checksums, aria2 automatically validates chunks of data while downloading a file like BitTorrent.

Download link :-

# wget http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/aria2-1.3.1-1.el5.rf.i386.rpm

Installation :-

# rpm -ivh aria2-1.3.1-1.el5.rf.i386.rpm

Other Options :-

-d, –dir=DIR [The directory to store the downloaded file.]

–http-user=USER [Set HTTP user. This affects all URLs.]

–http-passwd=PASSWD [Set HTTP password. This affects all URLs.]

–ftp-user=USER [Set FTP user. This affects all URLs. Default: anonymous]

–ftp-passwd=PASSWD [Set FTP password. This affects all URLs. Default: ARIA2USER@]

–ftp-type=TYPE [Set FTP transfer type. TYPE is either binary or ascii. Default: binary]

–file-allocation=METHOD [Specify file allocation method. METHOD is either none or prealloc. none doesnot pre-allocate file space. prealloc pre-allocates file space before download begins. This may take some time depending on the size of the file. Default: prealloc]

-T, –torrent-file=TORRENT_FILE [The path to the .torrent file.]

–max-upload-limit [specifies the max of upload rate]

# aria2c -j 5 –file-allocation=none http://unixserveradmin.com/unixserv_backup.zip

# aria2c –max-upload-limit=40K -Tfile.torrent

June 20, 2011 Posted by | Tips & Tricks, Unix/Linux | , , | Leave a comment

SoftException in Application.cpp:303 UID of script is small than min_uid

If you see the below error in your logs then that means that the script is owned by a user (generally root) instead of the actual user.

SoftException in Application.cpp:303: UID of script “/location/path/.php” is smaller than min_uid

You can receive similar error when you have a wrong group name, in this case instead of UID, you  will have GID in the error.

To fix this issue, make sure you have correct user and group ownership for the file that you are trying to access. Ownership can be changed using the below:

# chown usernmame:groupname filename.php

June 19, 2011 Posted by | PHP | | 1 Comment

How to take backup of a account without its home diretcory in cPanel

What if you want to generate the account backup without the home diretcory, Here is the command to exclude/skip home diretcory

# /scripts/pkgacct –skiphomedir username

Note :: Here username is  actual cPanel username.

June 18, 2011 Posted by | cPanel | , , | Leave a comment

Core Files in pache/php

You may come across core files which gets generated within your accounts. The possible reason for the core files getting generated is when a php process is killed, apache creates core files under your account. On phpSuexec servers this may cause due to incorrect php.ini file placed in your account and if it is caused due to php/apache then you can get rid off those core files by editing the httpd startup file on the server end.

Follow the steps below to stop the core file creation on the server.

# vi /etc/init.d/httpd

Search for ulimit lines. For eg : you can see these lines

ulimit -n 1024
ulimit -n 4096
ulimit -n 8192
ulimit -n 16384

You need to add ulimit -c 0 at the end. Which will look like :

ulimit -n 1024
ulimit -n 4096
ulimit -n 8192
ulimit -n 16384
ulimit -c 0

Save changes and quit. Now kill / stop apache service and then start apache service on the server .

# service httpd stop

# service httpd start

June 17, 2011 Posted by | Apache, PHP | , | Leave a comment

How to Manually install Apache

Apache can install manually with the help of following steps.

# cd /usr/local/src

# wget http://archive.apache.org/dist/httpd/httpd-2.2.15.tar.gz

# tar xvfz httpd-2.2.15.tar.gz

# cd httpd-2.2.15

# ./configure –prefix=/usr/local/apache2

# make

# make install

# cp /usr/local/apache2/bin/apachectl /etc/init.d/httpd

Now, Just you need to configure the apache modules which you want to install on the server.

# ./configure –with-layout=Apache –add-module=../mod_frontpage.c –enable-module=so –enable-module=ssl –enable-module=rewrite –enable-module=info –enable-module=expires –enable-module=headers –enable-module=proxy –enable-module=unique_id –enable-suexec –logfiledir=/usr/local/apache/logs –prefix=/usr/local/apache –suexec-caller=nobody –suexec-docroot=/ –suexec-gidmin=100 –suexec-logfile=/usr/local/apache/logs/suexec_log –suexec-uidmin=100 –suexec-userdir=public_html –sysconfdir=/usr/local/apache/conf

June 16, 2011 Posted by | Apache | , | 1 Comment

How to recreate files in /var/cpanel/userdata

You can create /var/cpanel/userdata by one of the main directory replaced is /var/cpanel/userdata. This contains the username/main and username/main.cache file which has the client domain in it. This is following way to recreate it :-

1. Take the backup of /var/cpanel/userdata

# cp /var/cpanel/userdata /var/cpanel/userdata.bak

2. Run /usr/local/cpanel/bin/userdata_update –reset so that /var/cpanel/userdata can be regenerated.

# /usr/local/cpanel/bin/userdata_update –reset

3. Move the required files from new /var/cpanel/userdata to old one.

4. Move the old /var/cpanel/userdata back after copying the required files.

5. Rebuild Apache conf

# /usr/local/cpanel/bin/build_apache_conf

6. Restart Apache.

# /etc/init.d/httpd stop

# /etc/init.d/httpd start

June 15, 2011 Posted by | cPanel | , | Leave a comment

How to install the LWP perl module (libwww-perl) for CSF Firewall

If you want to install CSF Firewal in New Linux Server, On installing CSF firewall, you got following error :-

# ./install.sh

=====================================================================
Configuring for OS

Checking for perl modulesfailed
You need to install the LWP perl module (libwww-perl) and then install csf
=====================================================================

To fix the error, install LWP perl module (libwww-perl)

# yum install perl-libwww-perl

“OR”

# cpan
cpan>
cpan> h [Obtaining help]
cpan> install Bundle::LWP [Installing LWP]

June 14, 2011 Posted by | CSF, Firewall | , , , , | 4 Comments

How to edit name server in Helm

1) login to helm
2) system settings > servers
3) select the server where the dns services running
4) services > primary/secondary DNs
5) add name server

settings at user end
1) login to helm
2) search domain > click on user: xyz > user’s reseller: abc > account setting > global settings > personal DNS:
3) yourdomain.com > save

If user what to set golbal dns then
1) login to helm
2) search domain –> click on user: xyz –> user’s reseller: abc –> account setting –> global DNs settings –> add new –> abc : 12.12.12.12 –> save

–> Home –> System Settings –> Servers –> window –> MSDns

June 13, 2011 Posted by | Helm | , | 3 Comments

How to add resources under resellers and enduser in Helm

1) Login into helm control panel.
2) Open Home –> Reseller Plans –> 50 Domains DNS Hosting –> Plan Resources –> Mail Resources
3) Fill the resources
4)  Now Open Home –> Users –> UNIXSERV –> Packages –> 50 Domains DNS Hosting –> Package Resources –> Mail Resources
5) Fill the Resources
6) Now Open Home –> Users –> UNIXSERV –> Packages –> UNIXSERV(Internal) –> Package Resources –> Mail Resources
* All things are corrected here

After doing the all above steps try to create email account and update us if problem persist.

June 12, 2011 Posted by | Helm | , | 4 Comments

cPanel with RVSkin not able to list file from file manager

cPanel with RVSkin could not list file and folder from file manager feature, I have immediately seek from RVSkin support and get the fix. Below is the error from cPanel’s error_log.

Error:
[2010-10-22 11:56:11 +0800] warn [jsprint::jsprint] Encountered error in jsprint::jsprint: jsprint::$abshomedir failed: Undefined subroutine &Cpanel::jsprint::jsprint_jsprint called at (eval 56) line 1.

[2010-10-22 11:56:11 +0800] warn [jsprint::jsprint] Encountered error in jsprint::jsprint: jsprint::$FORM{‘dir’} failed: Undefined subroutine &Cpanel::jsprint::jsprint_jsprint called at (eval 57) line 1.

[2010-10-22 11:56:11 +0800] warn [jsprint::jsprint] Encountered error in jsprint::jsprint: jsprint::$FORM{‘showhidden’} failed: Undefined subroutine &Cpanel::jsprint::jsprint_jsprint called at (eval 58) line 1.

[2010-10-22 11:56:11 +0800] warn [jsprint::jsprint] Encountered error in jsprint::jsprint: jsprint::$CPDATA{‘RS’} failed: Undefined subroutine &Cpanel::jsprint::jsprint_jsprint called at (eval 59) line 1.

[2010-10-22 11:56:11 +0800] warn [jsprint::jsprint] Encountered error in jsprint::jsprint: jsprint::$CPDATA{‘DNS’} failed: Undefined subroutine &Cpanel::jsprint::jsprint_jsprint called at (eval 60) line 1.

[2010-10-22 11:56:11 +0800] warn [jsprint::jsprint] Encountered error in jsprint::jsprint: jsprint::$ENV{‘cp_security_token’} failed: Undefined subroutine &Cpanel::jsprint::jsprint_jsprint called at (eval 63) line 1.

[2010-10-22 11:56:11 +0800] warn [jsprint::jsprint] Encountered error in jsprint::jsprint: jsprint::$ENV{‘cp_security_token’} failed: Undefined subroutine &Cpanel::jsprint::jsprint_jsprint called at (eval 64) line 1.

You can fix the issue by running 2 command from SSH only.

# rm -f /usr/local/cpanel/Cpanel/rvversion

# perl /root/rvadmin/auto_rvskin.pl

June 11, 2011 Posted by | cPanel | , | 3 Comments