Writer on LowEndBox

After waiting for almost two months, my account has finally been upgraded by Chief (the new admin of LowEndBox) to give me privileges to post offers without waiting for someone to approve them. Approx 2 months ago, I applied and was given the opportunity to write for LowEndBox as a test writer.

During this time, I wrote the following posts on LowEndBox

  1. OnePoundWebHosting – £4.40 512MB Xen VPS in UK
  2. EaseVPS – $3.99/Month, 512MB OpenVZ VPS in Manchester, Jacksonville & Kansas City
  3. Corgi Tech – $6 512MB VMWare VPS in UK
  4. Jolly Works Hosting – $15/Year 128MB OpenVZ VPS in Phoenix
  5. sshVM – $6/Quarter 128MB OpenVZ VPS
  6. IperWeb – €1.52/Month 192MB OpenVZ VPS in Italy
  7. InceptionHosting – €6/Quarter 128MB XEN PV VPS in Phoenix and Netherlands
  8. WHMCS Hacked, Client data leaked online
  9. Prometeus – €11.25/Year 128MB KVM VPS in Italy

Enjoyed working with the team especially KuJoe of SecureDragon.net

How to find specific files and send alerts

Maintaining a shared hosting server is a full time job but tools and proper checks and balances can help make this burden lot less. I manage a shared hosting server for one of my friends and numerous times the scripts that people have installed over on their websites have vulnerabilities and hackers exploit it to upload stuff that mass-email or do other nasty stuff. Luckily, most of these exploits have common patterns like files names or other signatures that make them traceable (most of the time the so called hackers are just kiddy scripts)

Create a file and put this in it

find /home -name 'paypal.com*' | mail -s '[Woodcrest] Phishing Alert!' me@mydomain.com
find /home -name 'rout.php' | mail -s '[Woodcrest] Phishing Alert - Mail Bomber!' me@mydomain.com

This is a small script that finds specific named scripts in the /home directory (mostly cPanel servers). You can put this in the crontab to do a scan every x hours or so.

Have any questions or comments? feel free to post them below!

package-cleanup: command not found

I tried to do package-cleanup and found this

root@ns1 [~]# package-cleanup --problems
-bash: package-cleanup: command not found

If I was on Ubuntu, I would have done “apt-get install package-cleanup” but it does not work that way on CentOS, its actually available in yum-utils package, install it by typing

yum install yum-utils


How to configure repos to not overwrite base packages?

The greatest fear with adding additional and especially third party repos such as EPEL (we did a blog post on how to install EPEL earlier) is that it MAY overwrite base packages and bring the system to an unstable state.

We can fix this issue by installing Yum Priorities plugin

on CentOS 5:

yum install yum-priorities

on CentOS 4 or CentOS 6:

yum install yum-plugin-priorities

Then make sure that the plugin is enabled

nano /etc/yum/pluginconf.d/priorities.conf

Now there are two ways to do it, either set HIGHEST priority to CentOS repos OR set lowest priority to other repos. This is done by adding the line

# N=1 highest priority
# N=99 lowest priority

In this blog post, I will set 1 as the priority (highest) for my CentOS Base repo

nano /etc/yum.repos.d/CentOS-Base.repo

So that it becomes

# CentOS-Base.repo
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS updates
# unless you are manually picking other mirrors.
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.

name=CentOS-$releasever - Base

#released updates
name=CentOS-$releasever - Updates

Other repos do not need updating since I have assigned CentOS repos with the highest priority. The default priority for repositories is 99.

How to change time and/or timezone in CentOS

Generically, I use this

Change directory to /etc

[root@testbed ~]# cd /etc

Now create a symbolic link (aka symlink) to the timezone e.g. Asia/Karachi (for Pakistan standard time)

[root@testbed etc]# ln -sf /usr/share/zoneinfo/Asia/Karachi localtime
[root@testbed etc]# date
Mon Jan 16 19:26:52 PKT 2012

Please note that the timezone is following a directory-structure so if you want EST time, you should use

[root@testbed etc]# ln -sf /usr/share/zoneinfo/EST localtime

WHMCS Hacked, 1.7GB of data posted online

Ok, so I didn’t had enough time and information to blog this but most of you already know it that WHMCS got hacked yesterday. We have a long LET thread here.

I was expecting this to get fixed soon hence I created a Video and uploaded on Youtube (later it was clear that my initial idea was wrong, it took much longer for WHMCS to come back online on its feet before getting hacked for the second time)

Hackers released about 1.7GB of data on pasteBin note (unsure whats with pastebin but every hacker seem to be doing that)

UGNazi Tweet mentioning WHMCS hacked files

UGNazi Tweet mentioning WHMCS hacked files

Continue reading

How to disable SELinux

SELINUX is a security feature on CentOS but some software such as SolusVM will require that SELINUX be disabled

Installation log : /tmp/install.log

 Add this slave to your SolusVM master using the following details:

 ID Key .......... : ABC
 ID Password ..... : XYZ

IMPORTANT!! You need to setup a network bridge before you can use KVM on this server.
 Please see the following link: http://wiki.solusvm.com/index.php/KVM_Network_Bridge_Setup

 Please set SELINUX=disabled in /etc/selinux/config before rebooting.

Thankyou for choosing SolusVM.

The solution?

1) Edit /etc/selinux/config using your favourite editor

[root@kvm ~]# nano /etc/selinux/config

and set SELINUX=disabled

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - SELinux is fully disabled.
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.

2) and don’t forget to reboot your system

CentOS minimal template’s issue with crontab

On my CentOS 5.x 64bit XEN PV template (XEN PV is a virtualization type, this means I am talking about a VPS) doing ‘crontab -e’ gave me the following error

[root@vpsadmin ~]# crontab -e
no crontab for root - using an empty one
/bin/sh: /bin/vi: No such file or directory
crontab: "/bin/vi" exited with status 127

To correct this issue, do the following

[root@vpsadmin ~]# touch ~/.bashrc
[root@vpsadmin ~]# export VISUAL=nano
[root@vpsadmin ~]# source ~/.bashrc

So, now if you do ‘crontab -e’ it will work as it should

[root@vpsadmin ~]# crontab -e
no crontab for root - using an empty one
crontab: no changes made to crontab

Freshclam daemon not running

Normally, I have two things on every Linux box so that I know whats going on

  1. NAGIOS monitoring (nrpe)
  2. Logwatch

Today, I got something in my logwatch email and it was strange because just the other day, I upgraded the clamav to latest version using epel reo.

 --------------------- clam-update Begin ------------------------

 The ClamAV update process (freshclam daemon) was not running!
 If you no longer wish to run freshclam, deleting the freshclam.log
 file will suppress this error message.

 ---------------------- clam-update End -------------------------

It appears that the latest version has some permission issues on the log file because when I try to run freshclam on command line I get this

root@cpanel [~]# freshclam
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).

The solution?

The solution is very simple 🙂 just do the following

touch /var/log/clamav/freshclam.log
chown clamav /var/log/clamav/freshclam.log
chmod 666 /var/log/clamav/freshclam.log

and after that, run freshclam (the service that updates the virus-definition for clamav)

root@cpanel [~]# freshclam