DNSstuff.com
Jun
3rd

Update a file in multiple home directories

A few times now I’ve had to update a file in multiple home directories. I did a lot of searching and using tips and examples from several sites, plus the little bit of experience I had with shell scripts (hey, I may be a geek but I’m not a bash geek! 🙂 ), I wrote this little script. It looks through all the home directories for a specific file, updates it with a new version and then changes the permissions to the correct owner for that home directory. Cool eh?

In this case I was updating wordpress’s rss.php file for a bunch of hosting accounts. Here’s the script:

========== 8< ========================

#!/bin/sh

# These next 3 lines should be on a single line.
for file in $(find /home -name "rss.php" | 
grep 'wp-includes/rss.php' | xargs ls -l | 
grep 'rss.php' | awk '{print $9}')
# Followed by this line and the rest of the script
do
    owner=$(ls -al $file | awk '{print $3}');
    mv $file ${file}.bak.php
    cp /updates/new_wp_rss.php $file
    chown $owner $file
    chgrp $owner $file
    echo "Changed owner to $owner for $file"
done

=================== >8 ================

The script backs up the existing file and copies a new one from the /updates directory. It then changes the ownership on the new file so that it is correct for the home directory that it is currently in. I also have it print that out to screen … that’s just a bit of paranoia – I like to see what’s happening :).

You may be wondering about the second ‘grep’ on the first line of the script. It’s in there because I use this script fairly regularly and in some cases I had a mix of old and new files. I only wanted to update the old files, so I was grepping the size of the file in that second grep. Instead of grep ‘rss.php’ it was something like grep’15347′ so that it would find all of the files named in the first grep, but only update them if they were a specific size.

May
5th

Spring Hosting Special – $4.95/mo Unlimited ‘Everything’

Lunarpages have a spring special on at the moment – $4.95 per month for unlimited ‘everything’, plus you get a free domain included. The hosting account has unlimited bandwidth and unlimited storage AND you can add as many domains to the account as you like.

Lunarpages have always been in my personal top 5 hosting providers and for shared hosting they’re right up the top. My own experience has been that they have provided fast, reliable hosting and their support team are always quick to respond. If you’re thinking of getting a new hosting account or moving from your current provider then Lunarpages would be an excellent choice.


Lunarpages Spring Hosting Special

Apr
21st

Simple Security Checks For Your Dedicated Server

We’ve all heard the saying ‘prevention is better than cure’. This is especially relevant to server security. The best way to prevent an attack is to make sure the opportunity isn’t provided. There’s no way to be totally safe from internet criminals but it’s important to make sure you have a strong, well configured firewall and that you aren’t running any scripts or services that aren’t required.

It’s also important to check regularly for signs of an attempted attack or break in. Here are some of things you can do. You will need to have SSH access to your server.

1. Run rkhunter regularly. I set up a cron job on the servers I manage which runs rkhunter every day and emails me the output. It checks for rootkits, changed files and other anomolies that may lead to an insecure server. You can download it from http://www.rootkit.nl/projects/rootkit_hunter.html

2. Check your server’s /tmp folder. The tmp folder is the preferred location for many exploits … particularly web based .. as it is where PHP stores uploaded files temporarily. If you have suPHP enabled you will also be able to see who the owner of the temporary files is. For the most part there shouldn’t be a whole lot in the /tmp directory. Probably some session files and a handful of other files and folders. Sometimes the name of the file will cause immediate suspicion, but some may be just randomly named. You should ‘cat’  or ‘more’ these files and examine the contents. Also, make sure that your /tmp folder is set so that it doesn’t allow executable files to be run.

If you have CPanel/WHM installed you can run this script from the command line (you will need to be logged in as root)

/scripts/securetmp

If you aren’t running CPanel then these are the commands you will need to use:

Edit /etc/fstab and change your /tmp entry so it looks like this:

LABEL=/tmp /tmp ext3 noexec,nosuid,nodev,rw 1 2

then remount it with this:

mount -o remount /tmp

These are just two steps you can take in preventing a server break-in.

Nov
21st

Disaster 1: All My Files Are Gone!

Filed under Webmasters | Leave a Comment

This is probably one of the scariest scenarios that any website owner can face. You open your browser to your website URL and you get ‘Page Not Found’. Your heart starts pounding and you hit the ‘refresh’ button a few times but there’s no change. It’s right about then that you start to feel ill … all those files … squeeze pages, sales pages, your membership site .. custom graphics…all gone!

After a few minutes you start to think straight again. Surely your hosting provider does regular backups. I mean, it doesn’t say anything about backups in the list of hosting features .. but SURELY they keep a backup! So, you put a support ticket in, mark it URGENT and wait for the reply. The minutes go by as you refresh the ticket status page … then the minutes turn to hours. Finally you get a response from the Host.

“Unfortunately we had a hard drive failure earlier today. Your domain was offline for approximately one hour. We backup all hosting account information and have restored your hosting server. It is the responsibility of the customer to keep a back up of their website and database files.”

Oh s%^t! The database! All my customer information … membership information … gone.

Golden Rule Number 1

Most people will tell you that all ‘good’ hosts back up all of their servers. What I will tell you is never, NEVER assume that your host has your files and databases backed up. Always make a regular backup of all of your website files AND databases. If you use CPanel, you will note that it has a backup feature. I tend not to use it though, because it will either backup to the server hard drive (and possibly get lost in a hard drive crash) or you can ftp it to another server. Unless you download and check those files though, how are you going to know that your backup is working?

See the Tools section for recommended backup software.

Nov
21st

10 Webmaster Disasters (And How To Avoid Them)

Filed under Webmasters | Leave a Comment

Whilst the focus at Dedicated Server Doc is mainly about the technical and admin side of operating a server. as a sysadmin you need to be an accomplished web master as well. Over the next couple of weeks I’ll be posting about some of the most common problems that webmasters face and how to avoid having a really bad day! This information is for anyone who operates a web site – not just the tech heads.

The fact is that most disasters can be avoided if we take a little time (and I do mean little) to make sure we have everything covered. I’m sure that, like me, you feel a lot better knowing that everything works and you’re not going to wake up one morning to find that half your life’s work has just been lost … or you’ve been losing money for the past 6 months. You know the saying – ‘better safe than sorry!’.