University of Oregon

sh script to update multiple .htaccess files

I have a couple of personal sites that I don’t use much but they have been getting pounded by hackers or at least hacker’s scripts.
So I grown tired of watching the same IP addresses bombard my different sites looking for vulnerabilities. They usually generate about 100 404’s at a time and those are only the attempts that failed. So to stop repeat offenders I wrote this script.
Many thanks to some code examples at cyberciti.biz and gabeanderson.com.

Here’s my file called blockip:
#!/bin/sh

if [ $# -lt 1 ] ; then
echo
echo Wrong number of params.
echo Try again using the following format:
echo "./blockip 91.121.83.100"
echo
exit 1
fi

FILES="$HOME/URL1.com/.htaccess
$HOME/URL2.com/.htaccess
$HOME/sub.URL3.com/.htaccess"

echo updating the following files:
for f in $FILES
do
echo "$f"
done

IFS=$'n'

for i in $FILES
do
echo "working on " "$i"
cp "$i" "$i.blockip_saved"
sed "s##Deny from $1n#g" "$i.blockip_saved" > "$i"

rm $i.blockip_saved #comment this line to save backup.
done

So it takes the ip address I pass it and looks in each of the .htaccess files for the tag: prepending that with “Deny from _ipaddress_” and we’re good to go.

So now I just have to type the offending ip address in once and it propagates across my sites.
It works for multiple ip’s as well; for ex: ./blockip “91.121.83.100, 91.121.160.160”

This method seems to work OK for now. I still get 404’s when the repeat offender returns but this time they are denied access before they might find a vulnerability.

It’s not a perfect solution. I would be nice to detect the hack attempt while it’s happening and block them dynamically while sending an abuse notification email to their ISP, but I haven’t stumbled across any scripts that will get me there yet.

sh script to update multiple .htaccess files

I have a couple of personal sites that I don’t use much but they have been getting pounded by hackers or at least hacker’s scripts.
So I grown tired of watching the same IP addresses bombard my different sites looking for vulnerabilities. They usually generate about 100 404’s at a time and those are only the attempts that failed. So to stop repeat offenders I wrote this script.
Many thanks to some code examples at cyberciti.biz and gabeanderson.com.

Here’s my file called blockip:
#!/bin/sh

if [ $# -lt 1 ] ; then
echo
echo Wrong number of params.
echo Try again using the following format:
echo "./blockip 91.121.83.100"
echo
exit 1
fi

FILES="$HOME/URL1.com/.htaccess
$HOME/URL2.com/.htaccess
$HOME/sub.URL3.com/.htaccess"

echo updating the following files:
for f in $FILES
do
echo "$f"
done

IFS=$'n'

for i in $FILES
do
echo "working on " "$i"
cp "$i" "$i.blockip_saved"
sed "s##Deny from $1n#g" "$i.blockip_saved" > "$i"

rm $i.blockip_saved #comment this line to save backup.
done

So it takes the ip address I pass it and looks in each of the .htaccess files for the tag: prepending that with “Deny from _ipaddress_” and we’re good to go.

So now I just have to type the offending ip address in once and it propagates across my sites.
It works for multiple ip’s as well; for ex: ./blockip “91.121.83.100, 91.121.160.160”

This method seems to work OK for now. I still get 404’s when the repeat offender returns but this time they are denied access before they might find a vulnerability.

It’s not a perfect solution. I would be nice to detect the hack attempt while it’s happening and block them dynamically while sending an abuse notification email to their ISP, but I haven’t stumbled across any scripts that will get me there yet.

Reestablish an external network connection in a Parallels VM

I couldn’t get an external network connection in my recently imported Red Hat Enterprise Linux 6 image.

This was really difficult to troubleshoot. The “Network settings” preference GUI was missing (perhaps because of the network failure on startup. and the CMD Line version (system-config-network) wasn’t very helpful either.

So this morning I open another copy of the VM to start with a clean slate.

This time I notice an error message icon at the bottom of the login screen. I looked through the log and saw a couple of failures. The first one caught my eye: “Bringing up interface eth0; Device eth0 does not seem to be present, delaying initialization.” [failure]

I searched Google for that sentence and found this post that outlined the exact fix I needed: http://kezhong.wordpress.com/2011/02/04/solving-the-problem-unable-to-activate-nics-after-moved-the-hard-driver-from-a-machine-to-another/
So I confirmed that the OS changed eth0 to eth3 on startup and wasn’t able to get a dhcp. Here are the steps I used (Note: # are comments).

Cmds:

#Verify Error:
$ sudo service network restart
#note any ‘eth’ related errors
$ dmesg | grep eth
## Note: use the results of this command to determine the old and new eth names.
## Result: “udev: renamed network interface eth0 to eth3″
## So in this case I will move ifcfg-eth0 to ifcfg-eth3
$ cd /etc/sysconfig/network-scripts;
$ sudo mv ifcfg-eth0 ifcfg-eth3
$ sudo vim ifcfg-eth3
## Change: DEVICE=”eth0″ to DEVICE=”eth3”
## Save: :wq
$ sudo service network restart
## Result: “Bringing up interface eth3: Device eth3 has different MAC address than expected, ignoring.”
## Get the MAC addresses, and append it to ifcfg-eth3 files.
$ sudo cat /sys/class/net/eth3/address >> ifcfg-eth3
## If you get permission denied you can either su as root or just hand type the mac address; which can be found in the Parallels VM config GUI
$ su root
## Failed. Password isn’t known…
$ sudo passwd root
## set the root password… (Who knew you could sudo set the root password. Pretty handy!)
$ su root
$ cat /sys/class/net/eth3/address >> ifcfg-eth3
$ exit
$ sudo vim ifcfg-eth3
## Change: HWADDR=”… to match the appended mac address and delete appended text.
## Save: :wq
$ sudo service network restart

Success!
Now I have internet connectivity for the VM!

*This worked for the 2nd copy of the vm I imported as well but in that case eth0 was changed to eth1.

Php on UO Shell the bare minimum

I wanted to redirect a shell site to a new WPMU site on the UO’s Web Site Lite setup. http://sites.uoregon.edu/. Web Site Lite is great, but it has limitations. Since I wanted to redirect all the old links to the new site I set up a .htaccess file that bounces all requests from the old site to the new site.
To do just that I could use:

Redirect 301 /~oa/ http://oa.uoregon.edu/ #works but I'd like to remove .php and .html

But I wanted to remove the file extensions before redirecting.
For that I needed to use Mod Rewrite. Which means I needed to enable php on shell.
There used to be a post: Easy PHP on shell by Tristan but that page is down so I looked at my other domain on shell and it turns out, all I needed to do is put a php.cgi file in the public_html folder and add some lines to the top of my .htaccess file. Now the mod_rewrite script can run! (more…)

linux: change file groups conditionally with find and chown

I had been using chown -R :hr /home/vid to change the ownership group of a directory recursively (AKA To all files with in as well)

$ chown -R vid:hr /home/vid

but this is quite dangerous!
So instead, I’ve went looking for a conditional way of changing the owner or group.
It’s pretty simple too. Using this syntax: find /DIR -group FindGroupName -print -exec chown -hR user:group {} ; will change ownership of a directory recursively only for certain groups permissions in the following case vid becomes hr

$ find /var/www/html/hr_drupal6 -group vid -print -exec chown -hR :hr {} ;

*This is the safer option for changing owners or groups recursively.
It seems to be working nicely!

Migrating shell from uoregon.edu/~user to pages.uoregon.edu/user with .htaccess

We are transitioning to a new url for personal pages and I wanted to make sure old links go to the new pages.

Here’s the .htaccess code I used to make it work:


# from http://uoregon.edu/~user/
# to
# http://pages.uoregon.edu/user/
RewriteEngine ON
RewriteCond %{HTTP_HOST} !^pages.uoregon.edu$ [NC]
RewriteRule ^(.*)$ http://pages.uoregon.edu/vid/$1 [R=301,L]

xlsx and docx files open as zip files in IE7 & IE8

We’re serving up some xlxs and docx files on the hr server and I’ve found out that IE7 & 8 don’t recognize their own brethren, saving the files as zip files instead.

It turns out the default behavior of these browsers is to save / open files based on content and not extension. This is configurable, but requiring all the IE users to update their browsers is unreasonable.
The solution is to add those mime types to the server, so it’s serves them up right.
For Apache we need to use AddType to add the document types to mod_mime.
I found some apache docs (http://httpd.apache.org/docs/1.3/mod/mod_mime.html#addtype) on the topic but I’m in uncharted territory so I don’t want to break anything.

In the meantime, I got it working by adding this to our root .htaccess file:
AddType application/vnd.ms-word.document.macroEnabled.12 .docm
AddType application/vnd.openxmlformats-officedocument.wordprocessingml.document docx
AddType application/vnd.openxmlformats-officedocument.wordprocessingml.template dotx
AddType application/vnd.ms-powerpoint.template.macroEnabled.12 potm
AddType application/vnd.openxmlformats-officedocument.presentationml.template potx
AddType application/vnd.ms-powerpoint.addin.macroEnabled.12 ppam
AddType application/vnd.ms-powerpoint.slideshow.macroEnabled.12 ppsm
AddType application/vnd.openxmlformats-officedocument.presentationml.slideshow ppsx
AddType application/vnd.ms-powerpoint.presentation.macroEnabled.12 pptm
AddType application/vnd.openxmlformats-officedocument.presentationml.presentation pptx
AddType application/vnd.ms-excel.addin.macroEnabled.12 xlam
AddType application/vnd.ms-excel.sheet.binary.macroEnabled.12 xlsb
AddType application/vnd.ms-excel.sheet.macroEnabled.12 xlsm
AddType application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx
AddType application/vnd.ms-excel.template.macroEnabled.12 xltm
AddType application/vnd.openxmlformats-officedocument.spreadsheetml.template xltx

Thanks to http://windowsnerd.com/2009/04/17/xlsx-and-docx-are-being-saved-as-a-zip-file-in-explorer/ for the solution.

Now the files opens correctly for all browsers including IE.

Protected: Adding Shibboleth SSO to your drupal site

This content is password protected. To view it please enter your password below:

Screen Sharing in OSX VNC/Remote Desktop

VNC is native to OSX 10.5+ you just have to enable it.

Here are two great articles on the topic:
Fast Screen Sharing with Quicksilver
MacFixit Tutorial: Screen Sharing in Leopard (Mac OS X 10.5): How it works and how it doesn’t

My favorite part of the MacFixit article: (more…)

Protected: Changing file names on the server (step by step)

This content is password protected. To view it please enter your password below: