SolidServers.ca

This will be a quick one folks.  The Apache module mod_deflate helps in reducing the size of the information sent to a user, by compressing things prior.  It seems to work very well.  Read the rest of this entry »

If you have ever wanted to display a message to your users when the log in through ssh, you just need to edit a couple of files.  The first one is:

Read the rest of this entry »

To help protect your server, you may want to scan your users FTP uploads.  Here is a great way of doing this, if you are using Pure-FTP and ClamAV.  Pure-FTP has an option to run a file after an upload, called the pure-uploadscript.  What you do, is tie the virus scanner into this script, so that when a file gets uploaded, it will get scanned.  As long as you have your virus scanner up to date, this will pick up most of the main stream virii, as well as the dreaded php shell scripts.

Read the rest of this entry »

Just wanted to let everyone know that I am open to doing some small server adminstration jobs if anyone has a need.  Looking for something to pass the time :-)

Most of my work has been on RHEL/Centos, though I have worked with other systems.

If you need a hand setting up your new server, I can help you out, at a very low cost.  If you have any questions, I would be happy to answer them as well.

For added security, I modified the .bashrc profile for any users that may have shell access, and added the following, so that when the user logs in, it sends out an email, letting you know that someone has logged in.

echo ‘ALERT – Root Shell Access (YourserverName) on:’ `date` `who` | mail -s “Alert: Root Access from `who | cut -d”(” -f2 | cut -d”)” -f1`” you@yourdomain.com

Of course, you need to modify  the (Yourservername) and you@yourdomain.com part.

This little code gets added into the .bashrc file for the user you want to report. For example, if the user logging in was named tedsite, you would add this to:

/home/tedsite/.bashrc

I was getting an error though once I tried it:

-bash: mail: command not found

This was fixed easily on the Centos system, by running the following from the command line:

yum install mailx

If you wanted to apply this to the root account, you would edit this file:

/root/.bashrc

A quick note, its best to use an email address that is not on your current server.

If you need to add a new user to your systemm just run the following commands:

useradd username

That will create a new user, and a new group, for the ‘username’ that you placed in there.  Now, to change the password for that user, run this:

passwd username

The system will ask you to input the password for the ‘username’ you chose twice.  Thats it, make sure you read the article on ssh security on how to make your enviroment more secure.

There are many things one can do to help keep your ssh access secure on a shared hosting enviroment.  Grab your client (putty links can be found on the software page), log in, and lets go!

1. The first one, don’t allow it!  Pretty simple huh?  In a shared hosting environment, there are very few reasons why you should allow a user to have ssh.  If you do, make sure you inspect the script(s) they plan on running, and keep an eye on the logs. Read the rest of this entry »

Suhosin, the hardened php project.  If you are having some troubles running some scripts after you’ve installed, you will have to change some of the configuration values.  There are three ways of doing this, however, I’ll only touch on two of them.  Both require you to have root access to the server.  If you want to change values globally (for all sites on the server), then you would add the config changes to the end of your php.ini file.  For example:

suhosin.post.max_vars = 2048
suhosin.request.max_vars = 2048

Read the rest of this entry »