WordPress or phpBB not Sending Email? Try this fix.

Okay, for anybody who just upgraded Wordpress, only to realize you’re not getting notification emails anymore, or the PHP mail() function isn’t working, or SMTP isn’t working, here is your solution. Yes, this is guaranteed to work, even if you’re using Gmail.

Method 1

If you are using c-panel and if you have signed up with google mail application then login to your C-panel and find the option MX Entry.

Make sure that your setting is same as shown in image below

Click image to Zoome it

Method 2

1. Go to your hosting cpanel and create this email account: wordpress@yourdomain.com. Replace “yourdomain.com” with whatever your domain name is. Make sure that if you have a .net, that you use .net instead of .com in that email. Set up your username and password and remember it.

2. Download WP-Mail-SMTP or Cimy Swift SMTP. Just pick one of these and install and activate the plugin.

3a. Configure your SMTP plugin under Settings or Tools in your sidebar. This is the most important step! Do not fill in this info with what Gmail tells you to put in. Do the following instead:
3b. Sender e-mail must be: the new email account you created in your hosting cpanel. Put in the full wordpress@yourdomain.com in there.
3c. If there is a checkbox to use SMTP, check it.
3d. SMTP server address will be: mail.yourdomain.com. Replace “yourdomain.com” with your domain name again.
3e. Port will be 25 or 26. Try those before trying 456 for gmail. Contact your hosting provider if neither works. The chances of neither of these working are small.
3f. Username would be: wordpress@yourdomain.com. Replace “yourdomain.com” with your domain name again.
3g. Password is the password for that account.
3h. Set SSL or TLS to no or no encryption. Try these before using TLS for gmail. Contact your hosting provider in case they require encryption, if this doesn’t work.

4. Wordpress@yourdomain.com will now send the email to your personal account. Make sure that the email on your profile is correct, whether it’s yahoo, hotmail, gmail or any other account. If you are using a contact form, make sure that the email is set to your personal account, as well. The emails should now go to your spam or inbox.

If it still doesn’t work, you can have your wordpress@yourdomain.com send the email to itself and have your personal account pop forward it. Read the following if you are still having problems. Gmail is used as an example because most people have problems getting it to agree with their wordpress/hosting.

5a. Make sure that the email on your profile is changed to the wordpress@yourdomain.com email. If you are using a contact form, make sure that the emails are sent to the wordpress@yourdomain.com email. *This is important because wordpress and Gmail conflict and this is the only workaround I’ve come up with.
5b. Now, wordpress is set up to use SMTP to send emails out with your wordpress@yourdomain.com email. Step 5a makes sure that all the emails are sent to that same account. So basically, wordpress@yourdomain.com will send emails to itself.
5c. Now login to Gmail and go to Settings.
5d. Under Settings, go to Accounts.
5e. Under “Get mail from other accounts,” go to “Add a mail account you own”.
5f. Username is wordpress@yourdomain.com. Replace “yourdomain.com” with your domain name.
5g. Password is wordpress@yourdomain.com’s password.
5h. POP Server should be mail.yourdomain.com. Replace “yourdomain.com” with your domain name.
5i. Port should be 110.
5j. Click Save Changes.

6. Now, Wordpress will send the emails to the hosting server email account. And Gmail will fetch them. You could also create a Yahoo or Hotmail account and skip step 5 entirely, and then have Yahoo or Hotmail forward those emails to Gmail.

If you are still having problems, or need assistance, leave a comment. And good luck.

Create user in mysql

The mysql user information is kept inside USER table under mysql database. So creation of new user will affect the USER table of mysql database. In order to know a list of mysql users according with user table's description issue,

Here test is the root account password.
mysql -u root -ptest
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.1.30-community MySQL Community Server (GPL)

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> use mysql;
Database changed

mysql> desc user;
+-----------------------+-----------------------------------+------+-----+---------+-------+
| Field                 | Type                              | Null | Key | Default | Extra |
+-----------------------+-----------------------------------+------+-----+---------+-------+
| Host                  | char(60)                          | NO   | PRI |         |       |
| User                  | char(16)                          | NO   | PRI |         |       |
| Password              | char(41)                          | NO   |     |         |       |
| Select_priv           | enum('N','Y')                     | NO   |     | N       |       |
| Insert_priv           | enum('N','Y')                     | NO   |     | N       |       |
| Update_priv           | enum('N','Y')                     | NO   |     | N       |       |
| Delete_priv           | enum('N','Y')                     | NO   |     | N       |       |
| Create_priv           | enum('N','Y')                     | NO   |     | N       |       |
| Drop_priv             | enum('N','Y')                     | NO   |     | N       |       |
| Reload_priv           | enum('N','Y')                     | NO   |     | N       |       |
| Shutdown_priv         | enum('N','Y')                     | NO   |     | N       |       |
| Process_priv          | enum('N','Y')                     | NO   |     | N       |       |
| File_priv             | enum('N','Y')                     | NO   |     | N       |       |
| Grant_priv            | enum('N','Y')                     | NO   |     | N       |       |
| References_priv       | enum('N','Y')                     | NO   |     | N       |       |
| Index_priv            | enum('N','Y')                     | NO   |     | N       |       |
| Alter_priv            | enum('N','Y')                     | NO   |     | N       |       |
| Show_db_priv          | enum('N','Y')                     | NO   |     | N       |       |
| Super_priv            | enum('N','Y')                     | NO   |     | N       |       |
| Create_tmp_table_priv | enum('N','Y')                     | NO   |     | N       |       |
| Lock_tables_priv      | enum('N','Y')                     | NO   |     | N       |       |
| Execute_priv          | enum('N','Y')                     | NO   |     | N       |       |
| Repl_slave_priv       | enum('N','Y')                     | NO   |     | N       |       |
| Repl_client_priv      | enum('N','Y')                     | NO   |     | N       |       |
| Create_view_priv      | enum('N','Y')                     | NO   |     | N       |       |
| Show_view_priv        | enum('N','Y')                     | NO   |     | N       |       |
| Create_routine_priv   | enum('N','Y')                     | NO   |     | N       |       |
| Alter_routine_priv    | enum('N','Y')                     | NO   |     | N       |       |
| Create_user_priv      | enum('N','Y')                     | NO   |     | N       |       |
| Event_priv            | enum('N','Y')                     | NO   |     | N       |       |
| Trigger_priv          | enum('N','Y')                     | NO   |     | N       |       |
| ssl_type              | enum('','ANY','X509','SPECIFIED') | NO   |     |         |       |
| ssl_cipher            | blob                              | NO   |     | NULL    |       |
| x509_issuer           | blob                              | NO   |     | NULL    |       |
| x509_subject          | blob                              | NO   |     | NULL    |       |
| max_questions         | int(11) unsigned                  | NO   |     | 0       |       |
| max_updates           | int(11) unsigned                  | NO   |     | 0       |       |
| max_connections       | int(11) unsigned                  | NO   |     | 0       |       |
| max_user_connections  | int(11) unsigned                  | NO   |     | 0       |       |
+-----------------------+-----------------------------------+------+-----+---------+-------+
39 rows in set (0.14 sec)

mysql> select host, user from user;
+-----------+---------+
| host      | user    |
+-----------+---------+
| %         | magento |
| 127.0.0.1 | root    |
| localhost |         |
| localhost | magento |
| localhost | pma     |
| localhost | root    |
+-----------+---------+
6 rows in set (0.00 sec)

By query the Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv etc you can check whether user has certain types of privilege or not.

There are several ways to create user in mysql which is described below.

Way 01: With the CREATE USER statement
1)Connect to mysql database as a user who must have the global CREATE USER privilege or the INSERT privilege for the mysql database. You can use root because by default root has privilege to create user.

2)In fact CREATE USER statement creates a new record in the mysql.user table that has no privileges assigned by default.

mysql> create user arju;
Query OK, 0 rows affected (0.13 sec)

mysql> select  user,password, host, select_priv, insert_priv from mysql.user where user='arju';
+------+----------+------+-------------+-------------+
| user | password | host | select_priv | insert_priv |
+------+----------+------+-------------+-------------+
| arju |          | %    | N           | N           |
+------+----------+------+-------------+-------------+
1 row in set (0.00 sec)

Notice that if you specify only the user name part of the account name while creating user, a host name part of '%' is used.

User arju is not assigned any password in this way as you see password is null. To assign password to user arju issue,

mysql> set password for 'arju'=password('test');
Query OK, 0 rows affected (0.03 sec)

mysql> select  user,password, host, select_priv, insert_priv from mysql.user where user='arju';
+------+-------------------------------------------+------+-------------+-------------+
| user | password                                  | host | select_priv | insert_priv |
+------+-------------------------------------------+------+-------------+-------------+
| arju | *94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29 | %    | N           | N           |
+------+-------------------------------------------+------+-------------+-------------+
1 row in set (0.00 sec)

In one command you can set password while creating user. The following command will crate a user arju2 and password is test in the host localhost. Both password, username and hostname should be within single quote.

mysql> create user 'arju2'@'localhost' identified by 'test';
Query OK, 0 rows affected (0.00 sec)

mysql> select  user,password, host, select_priv, insert_priv from mysql.user where user='arju2';
+-------+-------------------------------------------+-----------+-------------+-------------+
| user  | password                                  | host      | select_priv | insert_priv |
+-------+-------------------------------------------+-----------+-------------+-------------+
| arju2 | *94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29 | localhost | N           | N           |
+-------+-------------------------------------------+-----------+-------------+-------------+
1 row in set (0.00 sec)

If you don't put username, host name and password within single quote syntax error will be resulted.

mysql> create user 'arju2'@'localhost' identified by test;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'test' at line 1

An equivalent statement of setting password is issuing update statement.

mysql> UPDATE mysql.user SET Password=PASSWORD('test')
-> WHERE User='arju' AND Host='%';
Query OK, 0 rows affected (0.05 sec)
Rows matched: 1 Changed: 0 Warnings: 0

Changing via update and insert of the user table, it is necessary to use FLUSH PRIVILEGES to tell the server to reload the grant tables. Otherwise, the changes go unnoticed until you restart the server.

mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.08 sec)

mysql> select  user,password, host, select_priv, insert_priv from mysql.user where user='arju';
+------+-------------------------------------------+------+-------------+-------------+
| user | password                                  | host | select_priv | insert_priv |
+------+-------------------------------------------+------+-------------+-------------+
| arju | *94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29 | %    | N           | N           |
+------+-------------------------------------------+------+-------------+-------------+
1 row in set (0.00 sec)

Now, have a look that connecting to mysql database as user arju will fail but arju2 will be successful.
D:\xampp\mysql\bin>mysql -u arju -ptest
ERROR 1045 (28000): Access denied for user 'arju'@'localhost' (using password: YES)

D:\xampp\mysql\bin>mysql -u arju2 -ptest
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 18
Server version: 5.1.30-community MySQL Community Server (GPL)

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> select user();
+-----------------+
| user()          |
+-----------------+
| arju2@localhost |
+-----------------+
1 row in set (0.00 sec)

Note that the 'arju'@'localhost' account can be used only when connecting from the local host. The 'arju'@'%' account uses the '%' wildcard for the host part, so it can be used to connect from any host.

You can check the privilege assigned for a user by issuing,

mysql> show grants for arju;
+-----------------------------------------------------------------------------------------------------+
| Grants for arju@%                                                                                   |
+-----------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'arju'@'%' IDENTIFIED BY PASSWORD '*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29' |
+-----------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)

mysql> show grants for arju2;
ERROR 1141 (42000): There is no such grant defined for user 'arju2' on host '%'
mysql> show grants for arju2@localhost;
+--------------------------------------------------------------------------------------------------------------+
| Grants for arju2@localhost                                                                                   |
+--------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'arju2'@'localhost' IDENTIFIED BY PASSWORD '*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29' |
+--------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)

By default it is search for host '%'.

Way 02: With the grant option
To create a user named momin with password test2 and all privileges for a particular database called ecommerce issue,
mysql> grant ALL PRIVILEGES on ecommerce.* to 'momin'@'localhost' identified by 'test2';
Query OK, 0 rows affected (0.00 sec)

mysql> use mysql;
Database changed

mysql> select host, user from user where user='momin';
+-----------+-------+
| host      | user  |
+-----------+-------+
| localhost | momin |
+-----------+-------+
1 row in set (0.00 sec)

D:\xampp\mysql\bin>mysql -u momin -ptest2
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 32
Server version: 5.1.30-community MySQL Community Server (GPL)

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| ecommerce          |
| test               |
+--------------------+
3 rows in set (0.00 sec)

Here ecommerce database is shown as we have given permission.

Way 03: Using INSERT statement into Table mysql.user
You can also create user in mysql by simply INSERT a new row into mysql.user table. Note that creating user through INSERT statement needs to use FLUSH PRIVILEGES to tell the server to reload the grant tables. If we don't do that the changes go unnoticed until you restart the server. This restriction is not applicable in CREATE USER statement.
Insert statement can be issued in two ways. One way to create user robert,

mysql> use mysql;
Database changed

mysql> INSERT INTO user SET Host='localhost',User='robert', Password=password('test');
Query OK, 1 row affected, 3 warnings (0.00 sec)

Alternative way of creating user richard is,

mysql> INSERT INTO user (Host,User,Password)
-> VALUES('localhost','richard',password('test'));
Query OK, 1 row affected, 3 warnings (0.00 sec)

mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)

Check by,

mysql> select user, host, password from user where user in('robert','richard');
+---------+-----------+-------------------------------------------+
| user    | host      | password                                  |
+---------+-----------+-------------------------------------------+
| robert  | localhost | *94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29 |
| richard | localhost | *94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29 |
+---------+-----------+-------------------------------------------+
2 rows in set (0.01 sec)

See that while setting password we used the PASSWORD() function with INSERT in order to encrypt the password. But with the CREATE USER statement it was unnecessary as create user statement automatically encrypts the password.

How to Fix Cpanel/WHM quota

To Fix Common reasons for quota problems

Run the following command as root user.

/scripts/fixquotas

Try finding other files owned by the user.

find -user username > /tmp/username.txt

This will list all files owned by this user that could be affecting the quota reported by Cpanel.

Cpanel/WHM sometimes has problems with the user quota files causing all users accounts to have unlimited disk space available or 0 megs of disk space in use.

*To enable user quota support on a file system, add "usrquota" to the fourth field containing the word "defaults".

If you need both user quota and group quota support on a file system?, then edit /etc/fstab

...
/dev/hda2 /home ext3 defaults,usrquota,grpquota 1 1

touch /partition/aquota.user

chmod 600 /partition/aquota.user

Re-boot or re-mount file partition with quotas.

From the Linux Man Pages:

quotacheck - scan a filesystem for disk usage, create, check and repair quota files.

quotacheck -vgum /partition
or
quotacheck -vguma

-v, --verbose
quotacheck reports its operation as it progresses. Normally it operates silently. If the option is specified twice, also the current directory is printed (note that printing can slow down the scan measurably).

-u, --user
Only user quotas listed in /etc/mtab or on the filesystems specified are to be checked. This is the default action.

-g, --group
Only group quotas listed in /etc/mtab or on the filesystems specified are to be checked.

-m, --no-remount
Don't try to remount filesystem read-only. See comment with option -M.

-a, --all
Check all mounted non-NFS filesystems in /etc/mtab

NOTE
quotacheck should only be run by super-user. Non-privileged users are presumably not allowed to read all the directories on the given filesystem.

FILES

aquota.user or aquota.group : located at filesystem root with quotas (version 2 quota, non-XFS filesystems)

quota.user or quota.group :located at filesystem root with quotas (version 1 quota, non-XFS filesystems)
/etc/mtab names and locations of mounted filesystems

Example Steps for /home partition:

1. First check whether quota is enabled for /home partition.

# vi /etc/fstab

LABEL=/home /home ext3 defaults,usrquota 1 2

2. Remount the /home partition

# mount -o remount /home

3. Create a file called aquota.user for which we need to run quotacheck.

# quotacheck -c /home

4. Enable quota

# quotaon /home

This will enable quota on /home. Now you can edit the quota of a user using.

# edquota

5) Run /scripts/fixquotas this will solve the quota issue of cpanel accounts.

# /scripts/fixquotas

6) After this `repquota -a` should print out the soft/hard limits with grace periods for all users. If quotas are still not reporting anything in WHM and/or CPanel, check

# repquota -a

7) /var/cpanel/cpanel.config for disablequotacache=0

If that is set to 0, try setting it to 1 and see if that fixes it.

# vi /var/cpanel/cpanel.config ; /scripts/fixquotas

8) If a user’s quota shows more space being used than is in their home directory chances are there are stray files on the system owned by their UID. To find these files, run the following as root:

# find -user username > /tmp/username.txt

Hope this helps.

Mod_Rewrite - Hide index.php

This article follows Mod_Rewrite and .htaccess which explains how an .htaccess file can be used to prevent search engines from indexing non-www web pages that contain exactly the same content as those with-www in front. By hiding the 'duplicate content' we avoid the risk of a 'downgrading' effect by Google and other search engines.

Exactly the same principle applies to web page addresses like:

http://www.mysite.com/index.php
http://www.mysite.com/subfolder/index.php

when we want the content to be displayed only on:

http://www.mysite.com/
http://www.mysite.com/subfolder/

This can be done by using ModRewrite to permanently redirect (eg):

http://www.mysite.com/index.php
to
http://www.mysite.com/

The file index.php continues to exist on the website but there's no need for 'index.php' to appear in the page address for its content to be displayed. The same applies to 'index.html', 'default.html' (etc) and to 'index' pages located in sub-folders, eg '/subfolder/index.php' or '/subfolder/another/index.php'. Those filenames should never normally be displayed to the visitor. The process of hiding them is sometimes referred to as the canonicalization of index pages.
The .htaccess file

For websites running on Apache web server (most websites do), a Mod_Rewrite module can be enabled to allow an .htaccess file to be installed in the root folder, containing rules on how web page requests should be rewritten 'behind the scenes' by the 'rewriting engine'. The Mod_Rewrite rules to achieve the effect we want here are:

#
Options +FollowSymLinks
RewriteEngine On
#
# REDIRECT /folder/index.php to /folder/
RewriteCond %{THE_REQUEST}
(on same line) ^[A-Z]{3,9}\ /([^/]+/)*index\.php\ HTTP/
RewriteRule ^(([^/]+/)*)index\.php$
(on same line) http://www.mysite.com/$1 [R=301,L]
#

Piece by piece…

A line beginning with hash (#) is ignored by the web server and is useful to split up the rules visually, and to add comments.

Options +FollowSymLinks
RewriteEngine On

For the rewriting engine to work, we need to enable Options FollowSymLinks and set RewriteEngine On (this is for security).

# REDIRECT /folder/index.php to /folder/
RewriteCond %{THE_REQUEST}
(on same line) ^[A-Z]{3,9}\ /([^/]+/)*index\.php\ HTTP/
RewriteRule ^(([^/]+/)*)index\.php$
(on same line) http://www.mysite.com/$1 [R=301,L]

The .htaccess file is eliminating the duplicate content problem by redirecting the visitor (and Google) from all the site's web page addresses that contain the superfluous index.php to the folder name (directory) in which they reside. Exactly the same content is presented as if the index.php file itself was being viewed, but index.php doesn't appear in the browser's address bar.
How the Mod_Rewrite works

(1) RewriteCond

Looking first at RewriteCond, we need to specify the conditions under which the RewriteRule will be processed by the server, and here, we want our rule to apply to any 'index.php' page requested on the domain. This prevents the .htaccess file from triggering an 'infinite loop' on the server, in which the RewriteRule keeps repeating itself. If the request contains 'index.php' (as in the condition we've referenced), it has not yet been rewritten. If it has been rewritten, it won't contain 'index.php' and the RewriteRule won't be applied.

%{THE_REQUEST}

In this part, {THE_REQUEST}, is a standard server variable, in this instance the page requested by the visitor, because that's what we're going to try to match in the second part. In RewriteCond, a server variable is preceded by $ to denote an Apache variable.

^[A-Z]{3,9}\ /([^/]+/)*index\.php\ HTTP/

This second part is known as the 'condition'. The ^ caret defines the start, and is followed by a regular expression. Looking at the regular expression in detail:

[A-Z]{3,9}\ matches from 3 to 9 occurences of any uppercase letter (eg 'GET') followed by an \ escaped space.

/([^/]+/)* matches a forward slash followed by any quantity of [one or more characters not preceded by a forward slash but ending with a forward slash], eg '/subfolder1/subfolder2/'.

index\.php\ matches 'index.php' - the backslashes are required to 'escape' (i) the dot metacharacter (to make it into a real dot) and (ii) the space before 'HTTP/'.

HTTP/ matches 'HTTP/'.

Why do we need all this? Because we're testing our condition against {THE_REQUEST} - the entire client request header for an 'index' page, which is typically something like:

GET /index.php HTTP/1.1
or
GET /subfolder1/index.php HTTP/1.1

(2) RewriteRule

Looking now at the RewriteRule, it contains three essential parts.

^(([^/]+/)*)index\.php$

This first part is the 'thing' that we want to be re-written by the web server. The ^ caret symbol defines the start, (([^/]+/)*) is a designated variable (using brackets) containing a regular expression that matches a forward slash followed by any quantity of [one or more characters not preceded by a forward slash but ending with a forward slash], eg '/subfolder1/subfolder2/', index\.php matches 'index.php', and the $ symbol defines the end.

http://www.mysite.com/$1

This second part is what we want the server to process behind the scenes. It consists of the domain's root folder (homepage) plus the designated variable from the first part, expressed as $1.

In the above example, the designated variable (([^/]+/)*) is added by the server, after the page has been requested, as $1 to the end of http://www.mysite.com/. If the requested 'index' page is the site's homepage, the $1 variable will be empty and the server will simply process http://www.mysite.com/. If the requested 'index' page is in a subfolder and the designated variable's value is '/folder1/', the server will process http://www.mysite.com/folder1/.

[R=301,L]

This third part, the flag, designates any special instructions that might be needed, in this instance R=301 for redirect permanently and L for 'last rule' so that no other rules are processed for the specified rewrite condition.

The full rewrite rule is thus:

RewriteRule ^(([^/]+/)*)index\.php$
(on same line) http://www.mysite.com/$1 [R=301,L]

The RewriteRule in action

Here, again, is the full .htaccess file:

#
Options +FollowSymLinks
RewriteEngine On
#
# REDIRECT /folder/index.php to /folder/
RewriteCond %{THE_REQUEST}
(on same line) ^[A-Z]{3,9}\ /([^/]+/)*index\.php\ HTTP/
RewriteRule ^(([^/]+/)*)index\.php$
(on same line) http://www.mysite.com/$1 [R=301,L]
#

In plain English, it's saying that "if someone tries to open a folder's 'index.php' page, redirect them to a version of the folder without 'index.php', and if the visitor is Google(bot), mention the fact that this is permanent."

See this in action by typing http://www.patricktaylor.com/index.php into an HTTP viewer. The first receiving header is HTTP/1.1 301 Moved Permanently and the second receiving header is HTTP/1.1 200 OK. And of course it can be tested by attempting to view http://www.patricktaylor.com/index.php in your browser.

Mod_Rewrite and .htaccess

Grabbing code snippets off the web and re-using them on one's own websites is easy enough to do. Every web designer solves a problem this way at one time or another. Having done so, why not take a little trouble to understand what the code is doing? This article looks at a simple example of a code snippet and attempts to demystify some of the so-called voodoo surrounding rewriting URLs with .htaccess.

Mod_Rewrite is an Apache web server module that is often installed on shared web hosting packages. If the module is available, a special file named .htaccess can be uploaded to the server, containing rules on how web page requests should be handled 'behind the scenes' by the 'rewriting engine'. The .htaccess file is normally placed in a website's root folder to apply its effect to all pages on the domain.
Why have an .htaccess file?

An .htaccess file is important to any webmaster who is interested in a good ranking in search engines, especially Google. It has many uses, the most basic being to prevent search engines from indexing different pages (URLs) that contain exactly the same content.
A simple .htaccess example: the canonical URL

Consider two web pages:

http://www.mysite.com/
http://mysite.com/

Technically, these two URLs are different pages, but they contain exactly the same content when viewed. If Google indexes both, there's a risk that one, or the other, or both, will be 'downgraded' by Google as 'duplicate content'. With the .htaccess file, this can be prevented by nominating only one as the 'canonical' homepage. Here's an example of what to put in the file:

#
Options +FollowSymLinks
RewriteEngine On
#
# REDIRECT to canonical url
RewriteCond %{HTTP_HOST} ^mysite\.com [NC]
RewriteRule ^(.*)$ http://www.mysite.com/$1 [R=301,L]
#

Piece by piece…

A line beginning with hash (#) is ignored by the web server and is useful to split up the rules visually, and to add comments.

Options +FollowSymLinks
RewriteEngine On

For the rewriting engine to work, we need to enable Options FollowSymLinks and set RewriteEngine On (this is for security).

# REDIRECT to canonical url
RewriteCond %{HTTP_HOST} ^mysite\.com [NC]
RewriteRule ^(.*)$ http://www.mysite.com/$1 [R=301,L]

The 'canonical URL' is the preferred internet address for a web page, and in the above instance is any page at http://www.mysite.com/. The .htaccess file is removing the duplicate content problem by redirecting the visitor (and Google) from the non-www version to the with-www version. This means that only canonical URLs will ever be accessible - for all the pages on the domain, not just the homepage.
How the Mod_Rewrite works

(1) RewriteCond

Looking firstly at RewriteCond, we need to specify the conditions under which the RewriteRule will be processed by the server, and here, we want our rule to apply only when a visitor (or Google) attempts to view http://mysite.com/any-page (without www).

%{HTTP_HOST}

In this first part, {HTTP_HOST}, is a standard server variable, in this instance the site's host (domain name), because that's what we're going to try to match in the second part. In RewriteCond, a server variable is preceded by $ to denote an Apache variable.

^mysite\.com

This second part is known as the 'condition'. The ^ caret symbol defines the start and mysite\.com is the pattern to be matched, in this instance http://mysite.com without www. The backslash before the dot is required to 'escape' it, because in a regular expression, the dot is a special 'metacharacter'. Escaping the dot converts it back to a normal character - a plain dot.

[NC]

This third part is known as the flag. [NC] stands for no case (case-insensitive).

The full rewrite condition is thus:

RewriteCond %{HTTP_HOST} ^mysite\.com [NC]

(2) RewriteRule

Looking now at the RewriteRule, it contains three essential parts.

^(.*)$

This first part is the 'thing' that we want to be re-written by the web server. The ^ caret symbol defines the start, (.*) is a designated variable (using brackets) containing a regular expression that matches any combination of characters, and the $ symbol defines the end.

http://www.mysite.com/$1

This second part is what we want the server to process behind the scenes. It consists of the canonical URL, plus the designated variable from the first part, expressed as $1. If we had two designated variables we could use $1 and $2.

In the above example, the (.*) (any combination of characters, eg: 'about-us.html') is added by the server, after the page has been requested, as $1 to the end of http://www.mysite.com/ to make http://www.mysite.com/about-us.html.

[R=301,L]

This third part, the flag, is an integral part of the rule writing process because it designates any special instructions that might be needed, in this instance R=301 for redirect permanently and L for 'last rule' so that no other rules are processed for the specified rewrite condition.

The full rewrite rule is thus:

RewriteRule ^(.*)$ http://www.mysite.com/$1 [R=301,L]

The RewriteRule in action

Here, again, is the full .htaccess file:

#
Options +FollowSymLinks
RewriteEngine On
#
# REDIRECT to canonical url
RewriteCond %{HTTP_HOST} ^mysite\.com [NC]
RewriteRule ^(.*)$ http://www.mysite.com/$1 [R=301,L]
#

In plain English, it's saying that "if someone tries to open any page on our website without entering www at the front, redirect them to a version of the page with the www, and if the visitor is Google(bot), mention the fact that this is permanent."

The redirect can be tested by typing a web page address like http://patricktaylor.com/mod_rewrite-htaccess into an HTTP viewer. The first receiving header is HTTP/1.1 301 Moved Permanently and the second receiving header is HTTP/1.1 200 OK. And of course the addition of www can be tested by pasting http://patricktaylor.com/ into your browser's address bar.

A general note: on some shared web hosting accounts, the .htaccess file can't be seen when the root folder is opened in an FTP client. This can often be corrected by enabling server side filtering in the FTP client program and setting the remote filter as -rtaF. The precise details of how to do this will vary from one program to another.

Generate CSR for Red Hat Linux Apache / SSL Server

Step 1: Generating the Private Key

1. Use the cd command to move to the /etc/httpd/conf directory.

2. As root, type in one of the following three commands to generate your key:

3. If you're using Official Red Hat Linux Professional and you want to use the included password feature, type in the following command: make genkey

4. Your key will be generated and you will be asked to enter and confirm a password. Please note that you will need to remember and enter this password every time you start your secure Web server, so don't forget it.

5. If you're using Official Red Hat Linux Professional and you don't want to be required to type in a password every time you start your secure Web server, use the following command instead of make genkey to create your key (note that the following command should be typed in all on one line):

/usr/sbin/sslgenrsa -rand /dev/urandom -out ssl.key/server.key 1024


6. Then use the following command to set the correct permissions on your key:

chmod go-rwx ssl.key/server.key


7. If you use the above commands to create your key, you will not need to use a password to start your secure Web server. However, we don't recommend that you disable the password feature for your secure Web server, since it decreases the level of security for your server.

8. Your key will be created and saved to a file named server.key. If you're using Official Red Hat Linux Professional, server.key will be located in the /etc/httpd/conf/ssl.key directory. If you're using Official Red Hat Linux Professional, International Edition, server.key will be located in /etc/httpd/conf.

Step 2: Create the Certificate Signing Request

1. In the /etc/httpd/conf directory, become root and type in one of the following two commands:

2. If you're using Official Red Hat Linux Professional, type in the following command:
make certreq

3. If you're using Official Red Hat Linux Professional, International Edition, type in the following single command (all on one line):
/usr/bin/openssl req -new -key /etc/httpd/conf/server.key -out /etc/httpd/conf/server.csr

4. You will be prompted for your password (if you used a password when you generated your key). Type in the password, if necessary.

5. You'll see some instructions and you will be prompted for responses. Your inputs will be incorporated into the CSR.

6. When you've finished entering your information, a file named server.csr will be created. If you're using Official Red Hat Linux Professional, server.csr will be located in the /etc/httpd/conf/ssl.csr directory.

7. You have just created a key pair and a CSR.

8. The server.csr file contains your certificate request. To copy and paste the information into the orderform, open the file in a text editor that does not add extra characters (Notepad or Vi are recommended).

9. Go to our website ssl.nu for the SSL Certicate request

Terms defined:
Country Name (C):
Use the two-letter code without punctuation for country, for example: US or CA.

State or Province (S):
Spell out the state completely; do not abbreviate the state or province name, for example: California

Locality or City (L):
The Locality field is the city or town name, for example: Berkeley.

Organization (O):
If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll. Example: XYZ Corporation

Organizational Unit (OU):
This field is optional; but can be used to help identify certificates registered to an organization. The Organizational Unit (OU) field is the name of the department or organization unit making the request.

Common Name (CN):
The Common Name is the Host + Domain Name. It looks like "www.company.com" or "company.com".
Note: When prompted for your "first- and lastname", enter the desired Common Name.

SSL Certificates can only be used on Web servers using the Common Name specified during enrollment. For example, a certificate for the domain "domain.com" will receive a warning if accessing a site named "www.domain.com" or "secure.domain.com", because "www.domain.com" and "secure.domain.com" are different from "domain.com".

Networking4all certificates can only be used on Web servers using the Common Name specified during enrollment. For example, a certificate for the domain "domain.com" will receive a warning if accessing a site named "www.domain.com" or "secure.domain.com", because "www.domain.com" and "secure.domain.com" are different from "domain.com".


Please do not enter your email address, challenge password or an optional company name when generating the CSR.

Create a Certificate Signing Request using the RSA private key

Create a Certificate Signing Request using the RSA private key

openssl req -new -key domain.com.key -out domain.com.csr

Use following script for generating CSR

#/scripts/gencrt

This script will ask you all the information like email address , domain name, Ip Address country code , Locality , Company , company Divison etc.

enter the proper information as per the request and the certificate will get generated under directory /usr/share/ssl/Certs/ as www.tuks123.com.csr

Generate csr and install SSL through shell

You can generate a csr through the shell using the following command:
root@server1[/]# /scripts/gencsr
This will ask you all the information like email address, domain name, country code, City, Company etc; fill the values and it generates a csr certificate and a private key.Use the following steps to install an ssl certificate:

Please check the domain name for which the ssl certificate is issued means www.domainname.com or domainname.com. Suppose you have to install an ssl certificate for domainname.com. You already generate csr for the domainname.com. Check following steps.

1)
Go to directory /usr/share/ssl/certs

root@server1[/]# cd /usr/share/ssl/certs

Please check domainname.com.csr file is present already.

root@server1[/usr/share/ssl/certs]# ls –l | grep domainname.com.csr

Create the .crt file and paste the ssl certificate into a .crt file as per below

root@server1 [/usr/share/ssl/certs]# vi domainname.com.crt

paste ssl certificate
save the file.

If cabundle is provided by the client then add it in the domainname.com.cabundle file under the directory /usr/share/ssl/certs

root@server1 [/usr/share/ssl/certs]# vi domainname.com.cabundle

paste the cabundle key and save the file.

2)

Go to directory /usr/share/ssl/private and check to see if the file domainname.com.key is already present.

root@server1[/]# cd /usr/share/ssl/private
root@server1[/usr/share/ssl/private]# ls –l | grep domainname.com.key

3)
Go to the file /etc/httpd/conf/httpd.conf and copy the virtual host entry for the domainname.com in notepad and add the following line above the end of the tag

SSLEnable
SSLCertificateFile /usr/share/ssl/certs/domainname.com.crt
SSLCertificateKeyFile /usr/share/ssl/private/domainname.com.key
SSLCACertificateFile /usr/share/ssl/certs/domainname.com.cabundle
SSLLogFile /usr/local/apache/domlogs/shop.discdudes.com-ssl_data_log
SetEnvIf User-Agent “.*MSIE.*” nokeepalive ssl-unclean-shutdown

Add the following line above the virtual host entry.

add the following line at the end of the virtualhost tag.

Now your sslVH entry should look like as per below. Please check the sample sslVH entry.

ServerAlias domainname.com
ServerAdmin webmaster@domainname.com
DocumentRoot /home/username/public_html
BytesLog domlogs/domainname.com-bytes_log
ServerName domainname.com

User username
Group username

CustomLog /usr/local/apache/domlogs/domainname.com combined
ScriptAlias /cgi-bin/ /home/username/public_html/cgi-bin/

SSLEnable
SSLCertificateFile /usr/share/ssl/certs/domainname.com.crt
SSLCertificateKeyFile /usr/share/ssl/private/domainname.com.key
SSLCACertificateFile /usr/share/ssl/certs/domainname.com.cabundle
SSLLogFile /usr/local/apache/domlogs/shop.discdudes.com-ssl_data_log
SetEnvIf User-Agent “.*MSIE.*” nokeepalive ssl-unclean-shutdown

4)
If cabundle is not given by the client then remove the following line from the sslVH entry

SSLCACertificateFile /usr/share/ssl/certs/domainname.com.cabundle

5)
Add the sslVH entry in httpd.conf file and restart the httpd service.

Now you are able to access site https://domainname.com

Please check the file paths are correctly specified for .crt, .key and .cabundle file. If the file paths are incorrect in the sslVH entry then the httpd service won’t started.

Processes listening on a particular port

Inorder to find out the process listening on a particula port you can use the following command

lsof -i TCP:portnumber

eg: lsof -i TCP:80

httpd 31969 linux 3u IPv6 8152068 TCP *:http (LISTEN)
httpd 31971 linux 3u IPv6 8152068 TCP *:http (LISTEN)
httpd 31972 linux 3u IPv6 8152068 TCP *:http (LISTEN)

Fixing corrupted RPM db

Remove /var/lib/rpm/__db* files to avoid stale locks:

cd /var/lib/rpm
rm -rf __db*

Rebuild RPM database

# rpm --rebuilddb
# rpmdb_verify Packages

If you are still getting errors, then try your luck with following commands:

# mv Packages Packages-BAKUP
# db_dump Packages-BAKUP | db_load Packages
# rpm -qa
# rpm --rebuilddb

password protecting directories using .htaccess

If you want to protect /home/username/publlic_html do as follows

cd /home/username/publlic_html
touch .htaccess [if it is already there you can use it no need to create]

Add the following line to the .htaccess file

AuthUserFile /home/username/public_html/.htpasswd
AuthName "Title for Protected Site"
AuthType Basic
Require valid-user

The next stage is creating the .htpasswd file create it in the same directory as .htaccess

cd /home/username/public_html [same place where your .htaccess is]

touch .htpasswd
htpasswd -c .htpasswd test
New password:
Re-type new password:
Adding password for user test

Thats it dont forget to change ownership and permission

How to enable and disable ping request

To disable ping

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

To enable ping
echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all

WHAT IS RSYNC

RSYNC


rsync utility is used for synchronising files one of the major adavantage of rsync is that rsync can preserve permissions and ownership information, copy symbolic links, and generally is designed to intelligently handle your files

The basic syntax for rsync is simple enough -- just run
rsync [options] source destination

If you want to rsync the contents from /home/mabin/ to /var/www/html/ the command

rsync -a /home/mabin /var/www/html

Whe doing rsync there is a big meaning in the ending '/' because if I rsync /home/mabin/ then only the contents inside the folder mabin will be copied.....but if didn't used the '/' ie /home/mabin then the entire directory will be taken ..that is a directory named mabin will be created at the destination

some switches with rsync
-----------------------------
-a --> archive option, which actually combines several rsync options. It combines the recursive and copy symlinks options, preserves group and owner, and generally makes rsync suitable for making archive copies. Note that it doesn't preserve hardlinks

-H --> Copies hard link

-v --> verbose mode

-z --> Compress option, will compress the data during transfer

--delete --> For deleting the already transferred data from source (a dangerous option, try to avoid it)

--exclude=".*/" --> To avoid copying hidden files. With this option you can avoid copying any particular file( If you dont want to copy .php files then pot it like this --exclude="*.php/"

sample command for local copying
----------------------------------------

rsync -avh /home/mabin/ /var/www/html


Rsync for remote copying
------------------------------------------------------------

rsync -avhe ssh /home/user/dir/ user@remote.host.com:dir/

If you want to know how fast the transfer is going use the --progress option

rsync --progress -avhe ssh /home/user/dir/ user@remote.host.com:dir/

How do I export and import a mysql db using PHPMyAdmin?

Step 1: Open phpMyAdmin and select the database from where you want to export data and/or structure. Go to the tab with "Export". Select the table(s) you want to save.

Select the option you need: Data only or data and structure or structure only:

--> if you only want to update a table on another server, which has a table with the same structure, then you choose data only

--> if you want to create a new table on another server (for instance, if you have a development environment and you now want to put your application in production) then choose structure only

--> if you are moving a complete table, choose data and structure Select "save as file" Hit "go" You can now enter a filename and specify where the file needs to be saved. It's recommended to choose a meaningful filename that includes the date. Like "shop_05_07_03.sql" This creates the dumpfile. If you open it in notepad or any other texteditor, it looks something like: Quote:

# phpMyAdmin MySQL-Dump # version 2.4.0 # http://www.phpmyadmin.net/ (download page) # # Host: thehostname would be here # Generation Time: Apr 04, 2004 at 02:39 PM # Server version: 4.0.13 # PHP Version: 4.2.3 # Database : `db-name would be here` # -------------------------------------------------------- # # Table structure for table `test` # CREATE TABLE test ( siteID int(6) NOT NULL auto_increment, uname tinytext NOT NULL, upwd tinytext NOT NULL, nick tinytext NOT NULL, sitename text NOT NULL, regdate date NOT NULL default '9999-01-01', numtrial int(7) unsigned NOT NULL default '0', PRIMARY KEY (siteID) ) TYPE=MyISAM COMMENT='Table with userinfo'; # # Dumping data for table `useradmin` # INSERT INTO test VALUES (1, 'mytest', 'testt', 'myteste', 'www.mysite.com/site/test.html', '0000-00-00', 0);

This is the dumpfile for table 'test' that contains one record. As you can see, it's just a series of sql statements to recreate the table and insert all records.

Step 2: If necessary, can can upload this file to a server or move it to another PC (on a disk or whatever)

Step 3: Open phpMyAdmin. Select the database you want to import the table(s) in. Go to the SQL tab. Look at the bottom for "Or location of the textfile" and browse to the dumpfile. Doubleclick on it so that the fileadress appears in the textbox. Then hit "go" All sql-statement will be executed and you will get a notification after the file is processed.

Quota error on vps while starting a particular node

vzquota drop VE ID
Vzctl start VE ID

Apache not starting:(No space left on device: mod_rewrite)

The error specifies that there is no more space left in Semaphore Arrays for Apache.
Please run this through shell

for ipsemId in $(ipcs -s | grep apache | cut -f 2 -d ' '); do ipcrm $ipsemId; done

VPS related issues

Please visit this link for vps related issues:

http://forum.openvz.org/index.php?t=thread&frm_id=2&

Adding ssh key-passwordless login

On the source server do the following

ssh-keygen -t dsa -f filename

It will prompt for a passphrace, it is desirable to leave it empty.
Two files will be created

filename
filename.pub

copy the filename.pub file to the destination server to the location /root/.ssh add the public key entry into authorized_keys as follows

cat filename.pub >> authorized_keys

/etc/init.d/sshd restart

Disk quota error in VPS

This error occurs due to 2 reasons: DISKINODES or DISKSPACE configuration in VPS
solution: This worked for me as the DISKINODES did nto have much space assigned.
Try changing it to : DISKINODES="1000000:1200000" and restart vps

Ip tables

Iptables is a packet filtering tool which allows system administrator to define incoming and outgoing packets to a system using certain rules. Iptables can be confusing it's pretty straightforward once you get the hang of it.

Iptables is in short a Linux based packet filtering firewall. Iptables interfaces to the Linux netfilter module to perform filtering of network packets. This can be to deny/allow traffic filter or perform Network Address Translation (NAT). With careful configuration iptables can be a very cost effective, powerful and flexible firewall or gateway solution. Iptables is available from http://www.netfilter.org/ or via your Linux distribution.

Rules, Chains, and Tables

Iptables rules are grouped into chains. A chain is a set of rules used to determine what to do with a packet. These chains are grouped into tables. Iptables has three built in tables filter, NAT, mangle. More tables can be added through iptables extensions.

Filter Table

The filter table is used to allow and block traffic, and contains three chains INPUT, OUTPUT, FORWARD. The input chain is used to filter packets destined for the local system. The output chain is used to filter packets created by the local system. The forward chain is used for packets passing through the system, mainly used for gateways/routers.

There are three real "chains" which iptables uses:

* INPUT
Which is used to grant or deny incoming connections to your machine.
* OUTPUT
Which is used to grant or deny outgoing connections from your machine.
* FORWARD
Which is used for forwarding packages across interfaces, only really needed (in general) when you're setting up a gateway machine.

NAT Table

The NAT table is used to setup the rules to rewrite packets allowing NAT to happen. This table also has 3 chains, PREROUTING, POSTROUTING, and OUTPUT. The prerouting chain is where packets come to prior to being parsed by the local routing table. The postrouting chain is where packets are sent after going through the local routing table. The output chain

The general form of an IP tables command is:

iptables -A CHAIN -p tcp/udp [options] -j ACTION

The CHAIN we've briefly covered before, "INPUT", "OUTPUT", "FORWARD", etc. Here "-A INPUT" means "append this rule to the input chain".

The "-p tcp" means this rule applies only to TCP connections, not UDP. (To specify UDP connections you'd use "-p udp" instead.)

"[options]" is where you specify what you wish to match against.

Finally "-j ACTION" is used to specify what to do to packets which match your rule. Usually an action will be one of "-j DROP" to drop the package, "-j ACCEPT", to accept the packet or "-j LOG" to log it.

Commands

The first step is to know iptables commands.

Main commands

* -A --append : Add the rule a the end of the specified chain

Code:
iptables -A INPUT ...


* -D --delete : Allow to delete a chain.
There's 2 way to use it, you can specify the number of the chain to delete or specify the rule to delete

Code:
iptables -D INPUT 1
iptables -D INPUT --dport 80 -j DROP

* -R --replace : Allow to replace the specified chain

Code:
iptables -R INPUT 1 -s 192.168.0.1 -j DROP

* -I --insert : Allow to add a chain in a specific area of the global chain

Code:
iptables -I INPUT 1 --dport 80 -j ACCEPT

* -L --list : Display the rules

Code:
iptables -L # Display all the rules of the FILTER chains
iptables -L INPUT # Display all the INPUT rules (FILTER)

* -F --flush : Delete all the rules of a chain

Code:
iptables -F INPUT # Delete all the rules of the INPUT chain
iptables -F # Delete all the rules

* -N --new-chain : Allow to create a new chain

Code:
iptables -N LOG_DROP

* -X --delete-chain : Allow to delete a chain

Code:
iptables -X LOG_DROP # Delete the LOG_DROP chain
iptables -X # Delete the chains

* -P --policy : Allow to specify to the kernel the default policy of a chain ACCEPT, REJECT, DROP ...
Code:
iptables -P INPUT DROP

Basic Uses

The most common use of iptables is to simply block and allow traffic.

Allow Traffic

Iptables allows you to allow traffic based on a number of different conditions such as Ethernet adapter, IP Address, port, and protocol.

Allow incoming TCP traffic on port 22 (ssh) for adapter eth0
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT

Allow incoming TCP traffic on port 80 (HTTP) for the IP range 192.168.0.1 – 192.168.0.254.
iptables -A INPUT -s 192.168.0.0/24 -p tcp -m tcp --dport 80 -j ACCEPT

Block Traffic

Iptables can block traffic on the same conditions that traffic can be allowed.

Blocks inbound TCP traffic port 22 (ssh)
iptables -A INPUT -p tcp -m tcp --dport 22 -j DRROP

Blocks inbound TCP traffic on port 80 (HTTP) from the IP 192.168.1.100
iptables -A INPUT -s 192.168.1.100 -p tcp -m tcp --dport 80 -j DRROP

Limit Traffic

Along with allowing and denying traffic IP tables can be used to limit the number of connections allowed over time thresholds.

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m sshbrute --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m sshbrute --update --seconds 60 --hitcount 4 -j DRROP

[:p:] this is a common set of rules used to block brute force ssh attacks. The first rule makes sure the IP connecting is added to the sshbrute list. The second rule tells iptables to check the sshbrute list and if the packet threshold is exceeded to drrop the traffic.

Common Options and Switches
-A -- adds a rule at the end of the chain
-I -- inserts the rule at the given rule number. If no rule number is given the rule is inserted at the head of the chain.
-p -- protocol of the rule
--dport the destination port to check on the rule
-i -- interface on which the packet was received.
-j -- what to do if the rule matches
-s -- source IP address of packet
-d -- destination IP address of packet

Examples :

Drop all inbound telnet traffic
iptables -I INPUT -p tcp --dport 23 -j DRrOP

Drop all outbound web traffic
iptables -I OUTPUT -p tcp --dport 80 -j DRROP

Drop all outbound traffic to 192.168.0.1
iptables -I OUTPUT -p tcp --dest 192.168.0.1 -j DRROP

Allow all inbound web traffic
iptables -I INPUT -p tcp --dport 80 -j ACCEPT

Allow inbound HTTPS traffic from 10.2.2.4
iptables -I INPUT -s 10.2.2.4 -p tcp -m tcp --dport 443 -j DRROP

Deny outbound traffic to 192.2.4.0-192.2.4.255
iptables -I OUTPUT -d 192.2.4.6.0/24 -j DRROP

Allow incoming connections to port 21 from one IP address 11.22.33.44
iptables -A INPUT -p tcp -m state --state NEW --dport 21 --source 11.22.33.44

Deny all other incoming connections to port 21.
iptables -A INPUT -p tcp -m state --state NEW --dport 21 -j DROP

We used the "-m state --state NEW --dport 21" to match against new connections to port 21. Other options allow you to match against different things.

Squirrel mail login prompting repeatedly

Sometimes these issue is found in cpanel servers.
If you are facing any such issues. Please restart the following services

/scripts/restartsrv_exim
/scripts/restartsrv_cppop
/scripts/restartsrv_imap

Log File Paths

The first place you should go when trying to debug a problem is the log file for that program.

The list of Log Files are as follows:

DirectAdmin:
/var/log/directadmin/error.log
/var/log/directadmin/errortaskq.log
/var/log/directadmin/system.log
/var/log/directadmin/security.log

Apache:
/var/log/httpd/error_log
/var/log/httpd/access_log
/var/log/httpd/suexec_log
/var/log/httpd/fpexec_log
/var/log/httpd/domains/domain.com.error.log
/var/log/httpd/domains/domain.com.log
/var/log/messages (generic errors)

Proftpd:
/var/log/proftpd/access.log
/var/log/proftpd/auth.log
/var/log/messages (generic errors)

vm-pop3d:
/var/log/maillog
/var/log/messages

named (bind):
/var/log/messages

exim:
/var/log/exim/mainlog
/var/log/exim/paniclog
/var/log/exim/processlog
/var/log/exim/rejectlog
(on FreeBSD, they have "exim_" in front of the filenames)

mysqld:

RedHat:
/var/lib/mysql/server.hostname.com.err
FreeBSD:
/usr/local/mysql/data/server.hostname.com.err

crond:
/var/log/cron

To view a log file, run:

less /var/log/filename
Where /var/log/filename is the path of the log you wish to view. If the log is too large you can use the "tail" command:

tail -n 30 /var/log/filename
Where 30 is the number of lines from the end you wish to view.

Basic commands in Exim

Print a count of the messages in the queue:

root@localhost# exim -bpc

Print a listing of the messages in the queue (time queued, size, message-id, sender, recipient):

root@localhost# exim -bp

Print a summary of messages in the queue (count, volume, oldest, newest, domain, and totals):

root@localhost# exim -bp | exiqsumm


Print what Exim is doing right now:

root@localhost# exiwhat

Test how exim will route a given address:

root@localhost# exim -bt alias@localdomain.com
user@thishost.com
<-- alias@localdomain.com
router = localuser, transport = local_delivery

root@localhost# exim -bt user@thishost.com
user@thishost.com
router = localuser, transport = local_delivery
root@localhost# exim -bt user@remotehost.com
router = lookuphost, transport = remote_smtp
host mail.remotehost.com [1.2.3.4] MX=0

Run a pretend SMTP transaction from the command line, as if it were coming from the given IP address. This will display Exim's checks, ACLs, and filters as they are applied. The message will NOT actually be delivered.

root@localhost# exim -bh 192.168.11.22

Display all of Exim's configuration settings:

root@localhost# exim -bP

Searching the queue with exiqgrep

Exim includes a utility that is quite nice for grepping through the queue, called exiqgrep. Learn it. Know it. Live it. If you're not using this, and if you're not familiar with the various flags it uses, you're probably doing things the hard way, like piping `exim -bp` into awk, grep, cut, or `wc -l`. Don't make life harder than it already is.

First, various flags that control what messages are matched. These can be combined to come up with a very particular search.

Use -f to search the queue for messages from a specific sender:

root@localhost# exiqgrep -f [luser]@domain

Use -r to search the queue for messages for a specific recipient/domain:

root@localhost# exiqgrep -r [luser]@domain

Use -o to print messages older than the specified number of seconds. For example, messages older than 1 day:

root@localhost# exiqgrep -o 86400 [...]

Use -y to print messages that are younger than the specified number of seconds. For example, messages less than an hour old:

root@localhost# exiqgrep -y 3600 [...]

Use -s to match the size of a message with a regex. For example, 700-799 bytes:

root@localhost# exiqgrep -s '^7..$' [...]

Use -z to match only frozen messages, or -x to match only unfrozen messages.

There are also a few flags that control the display of the output.

Use -i to print just the message-id as a result of one of the above two searches:

root@localhost# exiqgrep -i [ -r | -f ] ...

Use -c to print a count of messages matching one of the above searches:

root@localhost# exiqgrep -c ...

Print just the message-id of the entire queue:

root@localhost# exiqgrep -i

Managing the queue

The main exim binary (/usr/sbin/exim) is used with various flags to make things happen to messages in the queue. Most of these require one or more message-IDs to be specified in the command line, which is where `exiqgrep -i` as described above really comes in handy.

Start a queue run:

root@localhost# exim -q -v

Start a queue run for just local deliveries:

root@localhost# exim -ql -v

Remove a message from the queue:

root@localhost# exim -Mrm [ ... ]


Freeze a message:

root@localhost# exim -Mf [ ... ]

Thaw a message:

root@localhost# exim -Mt [ ... ]

Deliver a message:

root@localhost# exim -M [ ... ]

Force a message to fail and bounce as "cancelled by administrator":

root@localhost# exim -Mg [ ... ]

Remove all frozen messages:

root@localhost# exiqgrep -z -i | xargs exim -Mrm


Remove all messages older than five days (86400 * 5 = 432000 seconds):

root@localhost# exiqgrep -o 432000 -i | xargs exim -Mrm

Freeze all queued mail from a given sender:

root@localhost# exiqgrep -i -f luser@example.tld | xargs exim -Mf


View a message's headers:

root@localhost# exim -Mvh

View a message's body:

root@localhost# exim -Mvb

View a message's logs:

root@localhost# exim -Mvl

Add a recipient to a message:

root@localhost# exim -Mar
[
... ]

Edit the sender of a message:

root@localhost# exim -Mes


Access control

Exim allows you to apply access control lists at various points of the SMTP transaction by specifying an ACL to use and defining its conditions in exim.conf. You could start with the HELO string.

# Specify the ACL to use after HELO
acl_smtp_helo = check_helo

# Conditions for the check_helo ACL:
check_helo:

deny message = Gave HELO/EHLO as "friend"
log_message = HELO/EHLO friend
condition = ${if eq {$sender_helo_name} }

deny message = Gave HELO/EHLO as our IP address
log_message = HELO/EHLO our IP address
condition = ${if eq {$sender_helo_name}{$interface_address} }

accept

NOTE: Pursue HELO checking at your own peril. The HELO is fairly unimportant in the grand scheme of SMTP these days, so don't put too much faith in whatever it contains. Some spam might seem to use a telltale HELO string, but you might be surprised at how many legitimate messages start off with a questionable HELO as well. Anyway, it's just as easy for a spammer to send a proper HELO than it is to send HELO im.a.spammer, so consider yourself lucky if you're able to stop much spam this way.

Next, you can perform a check on the sender address or remote host. This shows how to do that after the RCPT TO command; if you reject here, as opposed to rejecting after the MAIL FROM, you'll have better data to log, such as who the message was intended for.

# Specify the ACL to use after RCPT TO
acl_smtp_rcpt = check_recipient

# Conditions for the check_recipient ACL
check_recipient:

# [...]

drop hosts = /etc/exim_reject_hosts
drop senders = /etc/exim_reject_senders

# [ Probably a whole lot more... ]

This example uses two plain text files as blacklists. Add appropriate entries to these files - hostnames/IP addresses to /etc/exim_reject_hosts, addresses to /etc/exim_reject_senders, one entry per line.

It is also possible to perform content scanning using a regex against the body of a message, though obviously this can cause Exim to use more CPU than it otherwise would need to, especially on large messages.

# Specify the ACL to use after DATA
acl_smtp_data = check_message

# Conditions for the check_messages ACL
check_message:

deny message = "Sorry, Charlie: $regex_match_string"
regex = ^Subject:: .*Lower your self-esteem by becoming a sysadmin

accept

Fix SMTP-Auth for Pine

If pine can't use SMTP authentication on an Exim host and just returns an "unable to authenticate" message without even asking for a password, add the following line to exim.conf:

begin authenticators

fixed_plain:
driver = plaintext
public_name = PLAIN
server_condition = "${perl{$1}{$2}{$3}}"
server_set_id = $2
> server_prompts = :

This was a problem on CPanel Exim builds awhile ago, but they seem to have added this line to their current stock configuration.
Log the subject line

This is one of the most useful configuration tweaks I've ever found for Exim. Add this to exim.conf, and you can log the subject lines of messages that pass through your server. This is great for troubleshooting, and for getting a very rough idea of what messages may be spam.

log_selector = +subject

Reducing or increasing what is logged.
Disable identd lookups

Frankly, I don't think identd has been useful for a long time, if ever. Identd relies on the connecting host to confirm the identity (system UID) of the remote user who owns the process that is making the network connection. This may be of some use in the world of shell accounts and IRC users, but it really has no place on a high-volume SMTP server, where the UID is often simply "mail" or whatever the remote MTA runs as, which is useless to know. It's overhead, and results in nothing but delays while the identd query is refused or times out. You can stop your Exim server from making these queries by setting the timeout to zero seconds in exim.conf:

rfc1413_query_timeout = 0s

Disable Attachment Blocking

To disable the executable-attachment blocking that many Cpanel servers do by default but don't provide any controls for on a per-domain basis, add the following block to the beginning of the /etc/antivirus.exim file:

if $header_to: matches "example\.com|example2\.com"
then
finish
endif

It is probably possible to use a separate file to list these domains, but I haven't had to do this enough times to warrant setting such a thing up.
Searching the logs with exigrep

The exigrep utility (not to be confused with exiqgrep) is used to search an exim log for a string or pattern. It will print all log entries with the same internal message-id as those that matched the pattern, which is very handy since any message will take up at least three lines in the log. exigrep will search the entire content of a log entry, not just particular fields.

One can search for messages sent from a particular IP address:

root@localhost# exigrep '<= .* \[12.34.56.78\] ' /path/to/exim_log

Search for messages sent to a particular IP address:

root@localhost# exigrep '=> .* \[12.34.56.78\]' /path/to/exim_log

This example searches for outgoing messages, which have the "=>" symbol, sent to "user@domain.tld". The pipe to grep for the "<=" symbol will match only the lines with information on the sender - the From address, the sender's IP address, the message size, the message ID, and the subject line if you have enabled logging the subject. The purpose of doing such a search is that the desired information is not on the same log line as the string being searched for.

root@localhost# exigrep '=> .*user@domain.tld' /path/to/exim_log | fgrep '<='


Generate and display Exim stats from a logfile:

root@localhost# eximstats /path/to/exim_mainlog

Same as above, with less verbose output:

root@localhost# eximstats -ne -nr -nt /path/to/exim_mainlog

Same as above, for one particular day:

root@localhost# fgrep YYYY-MM-DD /path/to/exim_mainlog | eximstats

Bonus!

To delete all queued messages containing a certain string in the body:

root@localhost# grep -lr 'a certain string' /var/spool/exim/input/ | \
sed -e 's/^.*\/\([a-zA-Z0-9-]*\)-[DH]$/\1/g' | xargs exim -Mrm

Note that the above only delves into /var/spool/exim in order to grep for queue files with the given string, and that's just because exiqgrep doesn't have a feature to grep the actual bodies of messages. If you are deleting these files directly, YOU ARE DOING IT WRONG! Use the appropriate exim command to properly deal with the queue.

If you have to feed many, many message-ids (such as the output of an `exiqgrep -i` command that returns a lot of matches) to an exim command, you may exhaust the limit of your shell's command line arguments. In that case, pipe the listing of message-ids into xargs to run only a limited number of them at once. For example, to remove thousands of messages sent from joe@example.com:

root@localhost# exiqgrep -i -f '' | xargs exim -Mrm

How to enable“Update Now” Button in Cpanel Awstats

Tired of bugging your host to update Cpanel awstats? You can generate stats, update it by your own by clicking the ‘update now’ link at the top of the main page in the awstats. You can place this “update now” by yourself .
Find out how to change the configuration file for Awstats to re-enable the ‘update now’ button.

Follow these steps:
1. login into cPanel
1a. Open File Manager
2. navigate to /home/username/tmp/awstats/
3. edit the .conf file (e.g. awstats.yourdomain.com.conf)
4. look for this line: AllowToUpdateStatsFromBrowser, set the value to 1 (AllowToUpdateStatsFromBrowser=1)
5. Save the .conf file. When you refresh your statistics page. you will get ‘update now’ link at the top of the page.

Managing mail queue

If mail queue have more then 10000 mails client is unable to send the mails, you may need to clear out frozen mails.

exim -bpru|grep frozen | wc -l --- This will list the number of frozen mails


exim -bpru|grep frozen|awk {'print $3'}|xargs exim -Mrm --- Remove the frozen messages.

Please check mail queue properly and observer which account is sending the mask mails.
run following command to delete mails of that account.
Example:

grep -lr account@yourdomain.com /var/spool/exim/input/* | xargs rm -rf

Do the following things to delete mail from perticuler domains.

grep -lr domainname.com /var/spool/exim/input/* |xargs rm -rf

Cannot login to Horde

Hope you would have got this issue often. The client cannot able to login to his Horde account to check his mail. He would have reached till the login screen and if he click "Login" it will stay back in the same screen instead of going to his inbox. Here is the fix for it,

Check the following first,

1. goto " cd var/lib/mysql/horde " and check if there is a file named " horde_sessionhandler.frm "

2. move all the file named "horde_sessionhandler" with other name

3. Or you can goto mysql and can drop the table "horde_sessionhandler". It will show error message some times. If so use the step 2, so that the table gets moved automatically.(Remember that if you are using step2 skip the step 3)

4. Now type in shell "mysql"

5. It will take to mysql prompt . type "use horde";

6. copy this command and paste there :

CREATE TABLE horde_sessionhandler (session_id VARCHAR(32) NOT NULL, session_lastmodified INT NOT NULL, session_data LONGBLOB, PRIMARY KEY (session_id)) ENGINE = InnoDB;

7. quit from mysql and restart mysql.

8. Try now... Your issue is fixed!!!!!

Important Vps commands

Following are some important commands which are normally used while working on a Hardware Node.

1) vzlist -a : Shows list of all the VPS’s hosted on the Node.
2) vzctl start VPS_ID: To start the VPS.
3) vzctl stop VPS_ID : To stop (Shut Down) the VPS
4) vzctl status VPS_ID : To view the status of the particular VPS
5) vzctl stop VPS_ID –-fast : to stop the VPS quickly and forcefully
6) vzctl enter VPS_ID : To enter in a particular VPS

Configuration Commands

1) vzctl set VPS_ID –hostname vps.domain.com –save: To set the Hostname of a VPS.
2) vzctl set VPS_ID –ipadd 1.2.3.4 –save : To add a new IP to the VPS.
3) vzctl set VPS_ID –ipdel 1.2.3.4 –save : To delete the IP from VPS.
4) vzctl set VPS_ID –userpasswd root:new_password –save : to reset root password of a VPS.
5) vzctl set VPS_ID –nameserver 1.2.3.4 –save : To add the nameserver IP’s to the VPS.
6) vzctl exec VPS_ID command : To run any command on a VPS from Node.
6) vzyum VPS_ID install package_name : To install any package/Software on a VPS from Node.

Here VPS_ID refers to the ID of the Particular VPS

Adding Reverse Dns

Adding reverse dns on a DC's resolvers need much care and attention you should ensure that you are going through the right path always. Any error in that may cause a down time to the resolvers.
Inoredr add reverse entries please follow the steps given below

1.) Ensure that the hostname resolves to the IP that the client is requesting prior to inserting the reverse DNS record. This can be done by pinging the hostname

2.) Login to the resolver server

3.) Edit the correct file for the IP address of the reverse DNS record. For example, if a client requested "please add abc.domain.com -> 205.64.34.142" then we will need to edit the file for c-class 205.64.142.1. The command would be as follows: ee /etc/namedb/master/34.64.205.in-addr.arpa
5. You will then need to insert a reverse DNS entry like: 142 IN PTR abc.domain.com.
6. Once inserted, you need to change the serial number in the file.
7. Save the file, and exit.
8. Reload named to reflect the new changes by executing the command: /etc/rc.d/named reload

Reset Mysql Root Password:

Stop mysql server

/etc/init.d/mysql.server stop

Start mysql in safe mode

/usr/local/mysql/bin/mysqld_safe --user=root --skip-grant-tables --skip-networking &

NOw the mysql will be running in the background in safe mode. You will be able to klogin as root by just using

mysql -u root

Once you got in you can use the following commands to reset the root password.

UPDATE mysql.user SET Password=PASSWORD('qwert123') WHERE User='root'; //Here password is qwert123

FLUSH PRIVILEGES;

Now just quit from the mysql prompt and try using the new password

mysql -u root -p

When it ask for passwprd, provide the new password. It will work.

Some useful commands

mkdir - make directories

Usage

mkdir [OPTION] DIRECTORY

Options

Create the DIRECTORY(ies), if they do not already exist.

Mandatory arguments to long options are mandatory for short options too.

-m, mode=MODE set permission mode (as in chmod), not rwxrwxrwx - umask

-p, parents no error if existing, make parent directories as needed

-v, verbose print a message for each created directory

-help display this help and exit

-version output version information and exit




cd - change directories

Use cd to change directories. Type cd followed by the name of a directory to access that directory.Keep in mind that you are always in a directory and can navigate to directories hierarchically above or below.



mv- change the name of a directory

Type mv followed by the current name of a directory and the new name of the directory.

Ex: mv testdir newnamedir



pwd - print working directory

will show you the full path to the directory you are currently in. This is very handy to use, especially when performing some of the other commands on this page



rmdir - Remove an existing directory

rm -r

Removes directories and files within the directories recursively.

chown - change file owner and group

Usage

chown [OPTION] OWNER[:[GROUP]] FILE

chown [OPTION] :GROUP FILE

chown [OPTION] --reference=RFILE FILE

Options

Change the owner and/or group of each FILE to OWNER and/or GROUP. With --reference, change the owner and group of each FILE to those of RFILE.

-c, changes like verbose but report only when a change is made

-dereference affect the referent of each symbolic link, rather than the symbolic link itself

-h, no-dereference affect each symbolic link instead of any referenced file (useful only on systems that can change the ownership of a symlink)

-from=CURRENT_OWNER:CURRENT_GROUP

change the owner and/or group of each file only if its current owner and/or group match those specified here. Either may be omitted, in which case a match is not required for the omitted attribute.

-no-preserve-root do not treat `/' specially (the default)

-preserve-root fail to operate recursively on `/'

-f, -silent, -quiet suppress most error messages

-reference=RFILE use RFILE's owner and group rather than the specifying OWNER:GROUP values

-R, -recursive operate on files and directories recursively

-v, -verbose output a diagnostic for every file processed

The following options modify how a hierarchy is traversed when the -R option is also specified. If more than one is specified, only the final one takes effect.

-H if a command line argument is a symbolic link to a directory, traverse it

-L traverse every symbolic link to a directory encountered

-P do not traverse any symbolic links (default)





chmod - change file access permissions

Usage

chmod [-r] permissions filenames

r Change the permission on files that are in the subdirectories of the directory that you are currently in. permission Specifies the rights that are being granted. Below is the different rights that you can grant in an alpha numeric format.filenames File or directory that you are associating the rights with Permissions

u - User who owns the file.

g - Group that owns the file.

o - Other.

a - All.

r - Read the file.

w - Write or edit the file.

x - Execute or run the file as a program.

Numeric Permissions:

CHMOD can also to attributed by using Numeric Permissions:

400 read by owner

040 read by group

004 read by anybody (other)

200 write by owner

020 write by group

002 write by anybody

100 execute by owner

010 execute by group

001 execute by anybody





ls - Short listing of directory contents

-a list hidden files

-d list the name of the current directory

-F show directories with a trailing '/'

executable files with a trailing '*'

-g show group ownership of file in long listing

-i print the inode number of each file

-l long listing giving details about files and directories

-R list all subdirectories encountered

-t sort by time modified instead of name





cp - Copy files

cp myfile yourfile

Copy the files "myfile" to the file "yourfile" in the current working directory. This command will create the file "yourfile" if it doesn't exist. It will normally overwrite it without warning if it exists.

cp -i myfile yourfile

With the "-i" option, if the file "yourfile" exists, you will be prompted before it is overwritten.

cp -i /data/myfile

Copy the file "/data/myfile" to the current working directory and name it "myfile". Prompt before overwriting the file.

cp -dpr srcdir destdir

Copy all files from the directory "srcdir" to the directory "destdir" preserving links (-poption), file attributes (-p option), and copy recursively (-r option). With these options, a directory and all it contents can be copied to another dir

ln - Creates a symbolic link to a file.

ln -s test symlink

Creates a symbolic link named symlink that points to the file test Typing "ls -i test symlink" will show the two files are different with different inodes. Typing "ls -l test symlink" will show that symlink points to the file test.

locate - A fast database driven file locator.

slocate -u

This command builds the slocate database. It will take several minutes to complete this command.This command must be used before searching for files, however cron runs this command periodically on most systems.locate whereis Lists all files whose names contain the string "whereis". directory.

more - Allows file contents or piped output to be sent to the screen one page at a time

less - Opposite of the more command

cat - Sends file contents to standard output. This is a way to list the contents of short files to the screen. It works well with piping.

whereis - Report all known instances of a command
wc - Print byte, word, and line counts

bg

bg jobs Places the current job (or, by using the alternative form, the specified jobs) in the background, suspending its execution so that a new user prompt appears immediately. Use the jobs command to discover the identities of background jobs.

cal month year - Prints a calendar for the specified month of the specified year.

cat files - Prints the contents of the specified files.

clear - Clears the terminal screen.

cmp file1 file2 - Compares two files, reporting all discrepancies. Similar to the diff command, though the output format differs.

diff file1 file2 - Compares two files, reporting all discrepancies. Similar to the cmp command, though the output format differs.

dmesg - Prints the messages resulting from the most recent system boot.

fg

fg jobs - Brings the current job (or the specified jobs) to the foreground.

file files - Determines and prints a description of the type of each specified file.

find path -name pattern -print

Searches the specified path for files with names matching the specified pattern (usually enclosed in single quotes) and prints their names. The find command has many other arguments and functions; see the online documentation.

finger users - Prints descriptions of the specified users.

free - Displays the amount of used and free system memory.

ftp hostname

Opens an FTP connection to the specified host, allowing files to be transferred. The FTP program provides subcommands for accomplishing file transfers; see the online documentation.

head files - Prints the first several lines of each specified file.

ispell files - Checks the spelling of the contents of the specified files.

kill process_ids

kill - signal process_ids

kill -l

Kills the specified processes, sends the specified processes the specified signal (given as a number or name), or prints a list of available signals.

killall program

killall - signal program

Kills all processes that are instances of the specified program or sends the specified signal to all processes that are instances of the specified program.

mail - Launches a simple mail client that permits sending and receiving email messages.

man title

man section title - Prints the specified man page.

ping host - Sends an echo request via TCP/IP to the specified host. A response confirms that the host is operational.

reboot - Reboots the system (requires root privileges).

shutdown minutes

shutdown -r minutes

Shuts down the system after the specified number of minutes elapses (requires root privileges). The -r option causes the system to be rebooted once it has shut down.

sleep time - Causes the command interpreter to pause for the specified number of seconds.

sort files - Sorts the specified files. The command has many useful arguments; see the online documentation.

split file - Splits a file into several smaller files. The command has many arguments; see the online documentation

sync - Completes all pending input/output operations (requires root privileges).

telnet host - Opens a login session on the specified host.

top - Prints a display of system processes that's continually updated until the user presses the q key.

traceroute host - Uses echo requests to determine and print a network path to the host.

uptime - Prints the system uptime.

w - Prints the current system users.

wall - Prints a message to each user except those who've disabled message reception. Type Ctrl-D to end the message.

Get mysql root password from

Get mysql root password from
If you forgot your mysql root password you can get it from
/root/.my.cnf

Some useful Mysql Queries

Mysql query to delete a user

mysql> delete from user where user='username';
mysql> FLUSH PRIVILEGES;

Setting Privileges

grant all privileges on DB.* to 'username'@'localhost' identified by 'pass';

SET PASSWORD FOR @localhost = OLD_PASSWORD('passwd');

To see Tables:

mysql> use DB;
mysql> show tables;

To see fields

mysql> desc tablename;

To View The contents of the table

mysql> select * from ;

UPDATE Query

mysql> update ='' where ;

Eg :update wp_users set user_pass=md5('one') where user_login='cee';

How to disable direct root login

Inorder to disable direct root login on a linux server, you need to do the following things

1. vi /etc/ssh/sshd_config in that file make
Permitrootlogin no then save it

2. Restart sshd service
/etc/init.d/sshd restart

3. Now create a new user and set password for that user.

4. Add that user to the wheel group
vi /etc/groups // add that user to the group of wheel

5. Now logon to the server using the username and password and then do
su - and provide the root password



Inorder to work this properly you should have the following permission settings

chmod 4755 /bin/su
chmod 1700 /etc/passwd
chmod 1700 /etc/shadow
chmod 1755 /etc/groups

If there is anything wrong with this permission, you may get permission denied or incorrect password errors.

Subscribe to: Posts (Atom)

Followers

Blog Archive

• ►  2010 (5)
  • ►  August (1)
  • ►  May (3)
  • ►  April (1)

• ▼  2009 (38)
  • ▼  September (1)
    • WordPress or phpBB not Sending Email? Try this fix.
  • ►  August (2)
    • Create user in mysql
    • How to Fix Cpanel/WHM quota
  • ►  July (30)
    • Mod_Rewrite - Hide index.php
    • Mod_Rewrite and .htaccess
    • Generate CSR for Red Hat Linux Apache / SSL Server
    • Create a Certificate Signing Request using the RSA...
    • Generate csr and install SSL through shell
    • Processes listening on a particular port
    • Fixing corrupted RPM db
    • password protecting directories using .htaccess
    • How to enable and disable ping request
    • WHAT IS RSYNC
    • How do I export and import a mysql db using PHPMyA...
    • Quota error on vps while starting a particular node
    • Apache not starting:(No space left on device: mod_...
    • VPS related issues
    • Adding ssh key-passwordless login
    • Disk quota error in VPS
    • Ip tables
    • Squirrel mail login prompting repeatedly
    • Log File Paths
    • Basic commands in Exim
    • How to enable“Update Now” Button in Cpanel Awstats
    • Managing mail queue
    • Cannot login to Horde
    • Important Vps commands
    • Adding Reverse Dns
    • Reset Mysql Root Password:
    • Some useful commands
    • Get mysql root password from
    • Some useful Mysql Queries
    • How to disable direct root login
  • ►  June (5)

About Me

Nazeem S

View my complete profile

 

MONEY FOR CLICK