Racker Hacker

Okay, so you’ve verified that the correct admin password is being used, but you still can’t login? Most likely the account has been locked out. You can reset the account by running the following SQL statement:

echo “use psa; truncate lockout;” | mysql -u root -p`cat /etc/psa/.psa.shadow`

Need to know which Spamassassin modules are being loaded? Look no further:

spamassassin –lint -D 2>&1 | less

First, check max_upload_size in php.ini, but if that doesn’t work, look for “LimitRequestBody” in /etc/httpd/conf.d/php.conf and comment it out. Restart apache and you’re all set.

If you have a ton of files in a directory and you need to remove them, but rm says that the “argument list [is] too long”, just use find and xargs:

find . -name ‘filename*’ | xargs rm -vf

If you need to remove subdomains from the URL that users enter to visit your website, toss this into your VirtualHost directive:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^www.domain.com$ [NC]
RewriteRule ^(.*)$ http://domain.com/$1 [R=301,L]

Of course, you can tack on a subdomain too, if that’s what you need:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^domain.com$ [NC]
RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L]

If you’re not a fan of scientific notation, use this to calculate the apache bandwidth used from log files in MB:

cat /var/log/httpd/access_log | awk ‘{ SUM += $5} END { print SUM/1024/1024 }’

There’s three main things to remember when it comes to the qmail queue:

1. Don’t mess with the qmail queue while qmail is running.
2. Don’t mess with the qmail queue while qmail is stopped.
3. Don’t mess with the qmail queue ever.

The qmail application keeps a database (sort of) of the pieces of mail it expects to be in the queue (and on the filesystem). Many python scripts (like mailRemove.py) claim they will speed up your qmail queue by removing failure notices and tidying up the queue files. Most of the time, these scripts work just fine, but sometimes they remove something they shouldn’t and then qmail can’t find the file.

What does qmail do when it can’t find the file that corresponds to an item in the queue? It stops delivering mail, eats the CPU, and cranks the load average up. Impressive, isn’t it?

Should you find yourself with an impressively hosed qmail queue, do the following (and say goodbye to every e-mail in your queue):

/etc/init.d/qmail stop
cd /var/qmail/queue
rm -rf info intd local mess remote todo
mkdir mess
for i in `seq 0 22`; do
mkdir mess/$i
done
cp -r mess info
cp -r mess intd
cp -r mess local
cp -r mess remote
cp -r mess todo
chmod -R 750 mess todo
chown -R qmailq:qmail mess todo
chmod -R 700 info intd local remote
chown -R qmailq:qmail intd
chown -R qmails:qmail info local remote
/etc/init.d/qmail start

Just in case you missed it, this will delete all mail messages that exist in your queue. But, then again, you’re not going to get those messages anyways (thanks qmail!), so repairing the queue is your only option.

If you work on enough servers, you discover that a lot of people put the security of their MySQL server on the back burner. With the importance of databases for dynamic sites, MySQL’s security is arguably more important than anything else on the server. If someone were able to shut off the server, or worse, steal sensitive data, the entire server - and possibly the owner - could be in jeopardy.

Here are some basic tips to secure a MySQL server on any distribution:

Create a strong root password
By default on almost all distributions, MySQL comes with an empty root password. Sometimes the root logins are restricted to the localhost only, which will help somewhat, but anyone with shell access or a knack for writing PHP scripts can do anything to the MySQL server. However you set the root password, set it and make it strong.

Cut off network access
As with any daemon, the more exposure it has to the internet, the higher the chance of it being hacked and brute forced. If your users need network access to MySQL, then restrict it by at least altering the MySQL permissions to their IP only. The better solution would be to restrict it via a firewall and permissions. If you users don’t need any network access to MySQL, add the following to your my.cnf:

listen = 127.0.0.1

Restart MySQL and it shouldn’t be listening on any network addresses except the localhost. This won’t affect any PHP scripts on your server.

Force the use of named pipes
Removing MySQL’s ability to even bind to the network is a great security measure. All access to MySQL will be done through a filesystem socket, which is /var/lib/mysql/mysql.sock on most systems. This will require your PHP scripts to refer to your host as “localhost” and not “127.0.0.1″.

Review your user list often
Every once in a while, check the list of users authorized to log into your MySQL server and be sure that when the list changes, the changes are valid. Be careful when allowing GRANT access to certain users.

Backup often
How often should you backup your MySQL databases? Well, ask yourself how important your data is to you. If your MySQL server is generally busy all of the time, you may want to run a slave server and do backups from that server to reduce the amount of table-locking that mysqldump requires. If your MySQL server is not terribly busy, then you can run mysqldumps pretty often on the server.

As most folks know, by default, MySQL limits the size of a MyISAM table at 4GB. Where does this limit come from? It’s the maximum of a 32-bit address:

2³² = 4,294,967,296 bytes = 4GB

How is this 4GB allocated? Well here’s the math:

row count X row length = 4GB max

Basically, if your rows don’t contain much information, you can cram a lot of rows into a table. On the flip side, if you don’t plan on having too many rows, you can cram a lot of information in each row.

Here’s where things get ugly. If you have a MyISAM table and you exceed the maximum data length for the table, it may or may not tell you that you’ve exceeded the limit (depending on the version). If it doesn’t tell you, your data will actually become corrupt.

So, how can you find out what a table’s limit is? Run show table status like 'tablename' and check the value for Max_data_length. The default, of course, is 4294967295.

How can the Max_data_length be increased? Just run something like alter table tablename max_rows = 200000000000 avg_row_length = 50. This example would increase your Max_data_length to 1,099,511,627,775.