cPanel – Remove FrontPage for All Accounts

FrontPage Extension in cPanel is consider deprecated and there are many security holes reported in this. Microsoft has discontinued FrontPage extension support for the Unix platform since end of 2006. It is good thing to remove this extension which sometimes being installed without your acknowledgement.

You can use many way to remove FrontPage extension, since cPanel already have built-in scripts to remove FrontPage extension which is /scripts/unsetupfp4. Following BASH script has been tested in cPanel 11.28.93 running on CentOS 5.5. It will detect users from /var/cpanel/users directory and try to search for vti directory, if found, the cPanel’s FrontPage uninstaller will execute the domain name found in .htaccess.

Lets do this. Firstly, create a new file by using text editor which, I will use nano:

[[email protected] ~]# nano /root/removefp

2. Copy and paste following scripts:

#!/bin/bash
# Remove Frontpage Extension for all accounts in cPanel server
 
USERDIR='/var/cpanel/users'
 
read -p "Are you sure you remove FP extension for all domains? <y/N> " prompt
if [[ $prompt == "y" || $prompt == "Y" || $prompt == "yes" || $prompt == "Yes" ]]
then
 
u=`ls -l $USERDIR | egrep '^-' | wc -l`
 
for (( i=1; i<=$u; i++ ))
do
        user=`ls -l $USERDIR | egrep '^-' | awk {'print $9'} | head -$i | tail -1`
        echo "Checking user $user FrontPage status.."
        homedir=`cat $USERDIR/$user | grep HOMEDIRPATHS | sed 's/HOMEDIRPATHS=//'`
 
        if [ -d $homedir/public_html/_vti_pvt ]; then
                domain=`cat $homedir/public_html/.htaccess | grep AuthName | awk {'print $2'}`
                echo "FrontPage found. Removing FrontPage for $domain.."
                /scripts/unsetupfp4 $domain
        else
                echo "FrontPage not found for $user"
        fi
done
echo "Process completed"
 
else
  exit 0
fi

(Press ‘Ctrl-X’ then ‘Y’ then ‘Enter’ to save and exit from editor)

Continue reading “cPanel – Remove FrontPage for All Accounts” »

MySQL General Security Guidelines

1. Do not ever give anyone (except MySQL root accounts) access to the user table in the mysql database! This is critical!

2. Learn the MySQL access privilege system. The GRANT and REVOKE statements are used for controlling access to MySQL. Do not grant more privileges than necessary. Never grant privileges to all hosts.
Checklist:

  • Try mysql -u root. If you are able to connect successfully to the server without being asked for a password, anyone can connect to your MySQL server as the MySQL root user with full privileges! Review the MySQL installation instructions, paying particular attention to the information about setting a root password.
  • Use the SHOW GRANTS statement to check which accounts have access to what. Then use the REVOKE statement to remove those privileges that are not necessary.
  • Do not store any plain-text passwords in your database. If your computer becomes compromised, the intruder can take the full list of passwords and use them. Instead, use MD5(), SHA1(), or some other one-way hashing function and store the hash value.
  • Do not choose passwords from dictionaries. Special programs exist to break passwords. Even passwords like “xfish98” are very bad. Much better is “duag98” which contains the same word “fish” but typed one key to the left on a standard QWERTY keyboard.
  • Another method is to use a password that is taken from the first characters of each word in a sentence (for example, “Mary had a little lamb” results in a password of “Mhall”). The password is easy to remember and type, but difficult to guess for someone who does not know the sentence.

3. Invest in a firewall. This protects you from at least 50% of all types of exploits in any software. Put MySQL behind the firewall or in a demilitarized zone (DMZ).
Checklist:

  1. Try to scan your ports from the Internet using a tool such as nmap. MySQL uses port 3306 by default. This port should not be accessible from untrusted hosts. Another simple way to check whether or not your MySQL port is open is to try the following command from some remote machine, where server_host is the host name or IP address of the host on which your MySQL server runs:
    shell> telnet server_host 3306
  2. If you get a connection and some garbage characters, the port is open, and should be closed on your firewall or router, unless you really have a good reason to keep it open. If telnet hangs or the connection is refused, the port is blocked, which is how you want it to be.
  3. Do not trust any data entered by users of your applications. They can try to trick your code by entering special or escaped character sequences in Web forms, URLs, or whatever application you have built. Be sure that your application remains secure if a user enters something like
    "; DROP DATABASE mysql;"

    This is an extreme example, but large security leaks and data loss might occur as a result of hackers using similar techniques, if you do not prepare for them. A common mistake is to protect only string data values. Remember to check numeric data as well. If an application generates a query such as:

     SELECT * FROM table WHERE ID=234

    when a user enters the value 234, the user can enter the value 234 OR 1=1 to cause the application to generate the query:

    SELECT * FROM table WHERE ID=234 OR 1=1

    As a result, the server retrieves every row in the table. This exposes every row and causes excessive server load. The simplest way to protect from this type of attack is to use single quotation marks around the numeric constants:

    SELECT * FROM table WHERE ID='234'

    If the user enters extra information, it all becomes part of the string. In a numeric context, MySQL automatically converts this string to a number and strips any trailing non-numeric characters from it.

Continue reading “MySQL General Security Guidelines” »

FSniper – Monitor Newly Created Files in Directory

Fsniper is a good utility that waits for a file to be changed, then executes a command on that file. Means, whenever newly files created, we can do something with that files while fsniper returning the path and file name. From this, we can manipulate the result to execute another task like sending notification or move the files to specific folder based on MIME types.

Example of FSniper usage can be as follows:

  1. Categorize newly created files based on MIME into specified directory
  2. Notify system administrator that new files has been created via email
  3. Move or delete unwanted files based on extension from the directory that being watched
  4. Scan new files with ClamAV and send the results via email
  5. Much more, you can think by yourself

In this case, I was using following variables:

Server OS: CentOS 5.6 64bit
Directory to be watched: /home/user/public_html
Files being monitored: Images and text files
Action to be taken: Output it to another text files with date, time and files owner

Login into the server and do as follows:

1. Install dependencies via yum:

yum install pcre* file-libs file-devel -y
									

2. Download fsniper using wget. You can find the source at http://freshmeat.net/projects/fsniper :

wget http://projects.l3ib.org/fsniper/files/fsniper-1.3.1.tar.gz
									

3. Extract the downloaded files:

tar -xzf fsniper-1.3.1.tar.gz
									

4. Enter the directory, configure and install:

cd fsniper-*
./configure
make
make install
									

5. Fsniper is installed. Try to run it by executing following command:

fsniper --verbose
									

6. You will see some error telling you that it cant find the configuration files. So we need to build it. Stop the FSniper process by pressing ctrl+C

7. Create the config files under /root/.config/fsniper/ directory:

touch /root/.config/fsniper/config
									

Continue reading “FSniper – Monitor Newly Created Files in Directory” »