Friday, January 21, 2011

Advanced PHP Error Handling via htaccess

SkyHi @ Friday, January 21, 2011
In my previous article on logging PHP errors, How to Enable PHP Error Logging via htaccess, we observed three fundamental aspects of preventing, preserving, and protecting your site’s PHP errors:
Prevent public display of PHP errors via htaccess

# supress php errors
php_flag display_startup_errors off
php_flag display_errors off
php_flag html_errors off
php_value docref_root 0
php_value docref_ext 0

Preserve (log) your site’s PHP errors via htaccess

# enable PHP error logging
php_flag log_errors on
php_value error_log /home/path/public_html/domain/PHP_errors.log

Protect your site’s PHP error log via htaccess

# prevent access to PHP error log

Order allow,deny
Deny from all
Satisfy All


Now, in this article, we will explore these operations 2 in greater depth, provide additional functionality, and examine various implications. First we will explore PHP error handling for production environments (i.e., for websites and applications that are online, active, and public), then we will consider error handling for development environments (i.e., for projects that are under development, testing, private, etc.).

Controlling the level of PHP error reporting

Using htaccess, it is possible to set the level of error reporting to suit your particular needs. The general format for controlling the level of PHP errors is as follows:

# general directive for setting php error level
php_value error_reporting integer

There are several common values used for “integer”, including:

* Complete error reporting — for complete PHP error logging, use an error-reporting integer value of “8191”, which will enable logging of everything except run-time notices. 1
* Zend error reporting — to record both fatal and non-fatal compile-time warnings generated by the Zend scripting engine, use an error-reporting integer value of “128”.
* Basic error reporting — to record run-time notices, compile-time parse errors, as well as run-time errors and warnings, use “8” for the error-reporting integer value.
* Minimal error reporting — to record only fatal run-time errors, use an error-reporting integer value of “1”, which will enable logging of unrecoverable errors.

Of course, there are many more error-reporting values to use, depending on your particular error-logging needs. For more information on logging PHP errors, refer to the Error Handling and Logging Functions page at php.net.
Setting the maximum file size for your error strings

Using htaccess, you may specify a maximum size for your PHP errors. This controls the size of each logged error, not the overall file size. Here is the general syntax:

# general directive for setting max error size
log_errors_max_len integer

Here, “integer” represents the maximum size of each recorded error string as measured in bytes. The default value is “1024” (i.e., 1 kilobyte). To unleash your logging powers to their fullest extent, you may use a zero value, “0”, to indicate “no maximum” and thus remove all limits. Note that this value is also applied to displayed errors when they are enabled (e.g., during development).
Disable logging of repeated errors

If you remember the last time you examined a healthy (or sick, depending on your point of view) PHP error log, you may recall countless entries of nearly identical errors, where the only difference for each line is the timestamp of the event. If you would like to disable this redundancy, throw down the following code in the htaccess file of your project root:

# disable repeated error logging
php_flag ignore_repeated_errors on
php_flag ignore_repeated_source on

With these lines in place, repeated errors will not be logged, even if they are from different sources or locations. If you only want to disable repeat errors from the same source or file, simply comment out or delete the last line. Conversely, to ensure that your log file includes all repeat errors, change both of the on values to off.
Putting it all together — Production Environment

Having discussed a few of the useful ways to customize our PHP error-logging experience, let’s wrap it all up with a solid, htaccess-based error-handling strategy for generalized production environments. Here is the code for your target htaccess file:

# PHP error handling for production servers
php_flag display_startup_errors off
php_flag display_errors off
php_flag html_errors off
php_flag log_errors on
php_flag ignore_repeated_errors off
php_flag ignore_repeated_source off
php_flag report_memleaks on
php_flag track_errors on
php_value docref_root 0
php_value docref_ext 0
php_value error_log /home/path/public_html/domain/PHP_errors.log
# [see footnote 3] # php_value error_reporting 999999999
php_value error_reporting -1
php_value log_errors_max_len 0


Order allow,deny
Deny from all
Satisfy All


Or, if you prefer, an explanatory version of the same code, using comments to explain each line:

# PHP error handling for production servers

# disable display of startup errors
php_flag display_startup_errors off

# disable display of all other errors
php_flag display_errors off

# disable html markup of errors
php_flag html_errors off

# enable logging of errors
php_flag log_errors on

# disable ignoring of repeat errors
php_flag ignore_repeated_errors off

# disable ignoring of unique source errors
php_flag ignore_repeated_source off

# enable logging of php memory leaks
php_flag report_memleaks on

# preserve most recent error via php_errormsg
php_flag track_errors on

# disable formatting of error reference links
php_value docref_root 0

# disable formatting of error reference links
php_value docref_ext 0

# specify path to php error log
php_value error_log /home/path/public_html/domain/PHP_errors.log

# specify recording of all php errors
# [see footnote 3] # php_value error_reporting 999999999
php_value error_reporting -1

# disable max error string length
php_value log_errors_max_len 0

# protect error log by preventing public access

Order allow,deny
Deny from all
Satisfy All


This PHP error-handling strategy is ideal for a generalized production environment. In a nutshell, this code secures your server by disabling public display of error messages, yet also enables complete error transparency for the administrator via private error log. Of course, you may wish to customize this code to suit your specific needs. As always, please share your thoughts, ideas, tips and tricks with our fellow readers. Now, let’s take a look at a generalized error-handling strategy for development environments..
Putting it all together — Development Environment

During project development, when public access to your project is unavailable, you may find it beneficial to catch PHP errors in real time, where moment-by-moment circumstances continue to evolve. Here is a generalized, htaccess-based PHP error-handling strategy for development environments. Place this code in your target htaccess file:

# PHP error handling for development servers
php_flag display_startup_errors on
php_flag display_errors on
php_flag html_errors on
php_flag log_errors on
php_flag ignore_repeated_errors off
php_flag ignore_repeated_source off
php_flag report_memleaks on
php_flag track_errors on
php_value docref_root 0
php_value docref_ext 0
php_value error_log /home/path/public_html/domain/PHP_errors.log
# [see footnote 3] # php_value error_reporting 999999999
php_value error_reporting -1
php_value log_errors_max_len 0


Order allow,deny
Deny from all
Satisfy All


For this code, we will forego the line-by-line explanations, as they may be extrapolated from the previous section. This PHP error-handling strategy is ideal for a generalized development environment. In a nutshell, this code enables real-time error-handling via public display of error messages, while also enabling complete error transparency for the administrator via private error log. Of course, you may wish to customize this code to suit your specific needs. As always, please share your thoughts, ideas, tips and tricks with our fellow readers. That’s all for this article — see you next time!
Footnotes

* 1 Due to the bitwise nature of the various error-reporting values, the value for logging all errors continues to increase. For example, in PHP 5.2.x, its value is 6143, and before that, its value was 2047. Thus, to ensure comprehensive error logging well into the future, it is advisable to set a very large value for error_reporting, such as 2147483647.
* 2 For more information, check out the manual on Error Handling and Logging Functions at php.net
* 3 According to the PHP Manual on error_reporting, “Passing in the value -1 will show every possible error, even when new levels and constants are added in future PHP versions. The E_ALL constant also behaves this way as of PHP 6.” – Thus, the code in this article has been updated accordingly. Simply delete the commented-out line in the code and you’re good to go.

REFERENCES
http://perishablepress.com/press/2008/01/14/advanced-php-error-handling-via-htaccess/

Ubuntu Shrew(IKE) Soft VPN client IPsec

SkyHi @ Friday, January 21, 2011
#sudo apt-get install ike

Note:
Most Linux systems will require the following modifications to the System Settings in order to work with the Shrew Soft VPN Client. Wthout the following sysctl setting, the kernel will drop packets received on one interface when the destination address is owned by another interface.

1. Use a text editor to edit (as root) /etc/sysctl.conf
2. Change the following Entries from 1 to 0 (if these values are not defined you will need to add them in order to override the default setting of

net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0

3. Use a text editor to edit (as root) /etc/sysctl.d/10-network-security.conf

4. Change the following Entries from 1 to 0 (if these values are not defined you will need to add them in order to override the default setting of 1).

net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0

5. reboot

6. Execute the following command to confirm settings change has taken affect:
sysctl –a| egrep rp_filter|egrep –v arp
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.lo.rp_filter = 0
net.ipv4.conf.eth0.rp_filter = 0


REFERENCES
ShrewSoftVPN_LinuxInstall.pdf

libt1.so.5 is needed by php-gd

SkyHi @ Friday, January 21, 2011
ERROR:
[root@home php5.2.10]# rpm --test -ivh php-gd-5.2.10-1.el5.remi.i386.rpm
error: Failed dependencies:
libt1.so.5 is needed by php-gd-5.2.10-1.el5.remi.i386

Solution:

1. search for "libt1 so 5 rpm" on google
[root@home php5.2.10]# yum install t1lib

[root@home php5.2.10]# rpm --test -ivh php-gd-5.2.10-1.el5.remi.i386.rpm
Preparing... ########################################### [100%]
[root@home php5.2.10]# rpm -ivh php-gd-5.2.10-1.el5.remi.i386.rpm
Preparing... ########################################### [100%]
1:php-gd ########################################### [100%]
[root@home php5.2.10]# service httpd reload
Reloading httpd:
[ OK ]

<php
phpinfo();
?>

gd
GD Support          enabled
GD Version          bundled (2.0.34 compatible)
FreeType Support  enabled
FreeType Linkage  with freetype
FreeType Version  2.2.1
T1Lib Support          enabled
GIF Read Support  enabled
GIF Create Support  enabled
JPG Support          enabled
PNG Support          enabled
WBMP Support          enabled
XPM Support          enabled
XBM Support          enabled 

Thursday, January 20, 2011

How to disable mod_security in .htaccess file

SkyHi @ Thursday, January 20, 2011
It is quite common that mod_security is interfering the functions of your web applications. mod_security is installed and enabled by your web server admin but you can still disable it for your individual website using .htaccess file by following this tutorial.

“mod_security is an Apache module (for Apache 1 and 2) that provides intrusion detection and prevention for web applications.” — HowtoForge

Disable mod_security in .htaccess file

1. If you do not have one yet, an .htaccess file in the folder of your web application
2. To disable mod_security COMPLETELY, add the following line to the .htaccess file:
SecFilterEngine Off
OR, to disable HTTP POST scanning only, use the following instead:
SecFilterScanPOST Off
3. Save the file and test your web application to check whether disabling mod_security has solved your problem.

I recommend you to try SecFilterScanPOST Off first, instead of disabling mod_security completely.

My two cents

mod_security is good to protect your website but it might cause some problems for certain web applications, especially in file uploads. My server has mod_security enabled and I encountered WordPress upload error: “HTTP error”. The SecFilterScanPOST Off solved the problem immediately.
<Directory /var/www/html/phpmyadmin>
SecRuleEngine Off
</Directory>

<Directory "/var/www/html/phpmyadmin">
Order deny,allow
Deny from all
Allow from 192.168.2
</Directory>
REFERENCES
http://www.liewcf.com/how-to-disable-mod_security-in-htaccess-file-3631/

How to Add Route to TCP/IP Routing Table With Windows Routing And Remote Access Console or DOS Prompt

SkyHi @ Thursday, January 20, 2011
Windows box which connected to network, be it local area network (LAN) or Internet has a IP Routing Table with rules that defines how and where all data packets should be sent and routed when the IP datagram is forwarded to remote destination, normally via main network adapter on the system to router or switch and hub before leaving to Internet.

On some system connected to complex and complicated network, administrator may require to configure a more advanced network topology with additional routing routes requirement. For example, customized route is required when the NIC interface does not know where to route to an IP address on network segment which does not belong to the same subnet, such as router at 192.168.1.1 to access node on 10.1.1.1 and subnet mask of 255.255.255.0. In any cases, administrator or user can add a route into TCP/IP Routing Table using DOS command prompt with route command or Routing And Remote Access management console in Windows.

Add IP Route Rules into Windows Routing Table in Command Prompt with Route Command
  1. Click Start -> Run (or at Start Search in Windows Vista or Windows 7 ), and type in Cmd, then press Enter to open a command prompt window. (note: Windows 7's cmd and Wireshark needs to run as Administrator )
  2. The syntax of route command to add a routing table entry: route ADD [destination IP address or subnet] MASK [subnet mask] [gateway IP address] [metric] IF [interface]
    Not all parts of the syntax is mandatory. Some if optional, such as metric and network interface. Example command to add a route to 10.1.1.0/24 subnet network through 192.168.1.8 gateway router:
    route ADD 10.1.1.0 MASK 255.255.255.0 192.168.1.8
    To make the route persistent across boots of the system, use -p flag in addition to route add command. Else, the route is not preserved once system restarts. For example:
    route -p ADD 10.1.1.0 MASK 255.255.255.0 192.168.1.8
    Note: route help will display different commands and switches supported by route command.
  3. Press Enter to execute the route command.
  4. View the routing table to verify that the new route rules is added correctly. Note: If any part of the information in the route is wrong, user has to use the route delete command to delete the incorrect entry, and then use route add command as illustrated above to re-enter the routing table entry.

Add New Routing Table Entry Using Routing and Remote Access Console
  1. Click Start -> Administrative Tools -> Routing And Remote Access.
  2. If the computer is already configured for routing and remote access, skip to step 5. Else, if the server is not yet configured for routing and remote access, right click on the computer node (or click on Action menu), and then click on Configure and Enable Routing and Remote Access option.
    Note: If you don’t see your PC (normally local system will be added automatically), right clock on root of tree, and click on Add Server to add This Computer.
  3. While configuration the computer for routing and remote access, select Custom configuration, and click Next button.
  4. Check the checkbox of LAN routing, and click Next button.
  5. Click on Finish button and if prompted, opt to start the service.
  6. In the console tree, expand the computer node to add the IP routing rule, and then expand the IP Routing sub-tree.
  7. Right click on Static Routes, and click Add Static Route on the right click menu.
  8. A Static Route dialog box will open.
  9. Select the appropriate network connection to route from the Interface drop-down list box, and fill in the value for Destination, Network mask, Gateway and Metric. Leave the Use this route to initiate demand-dial connections option checkbox enabled if the route is to be used for demand-dial connections.
  10. Click OK.


REFERENCES
http://www.mydigitallife.info/2008/12/25/how-to-add-route-to-tcpip-routing-table-with-windows-routing-and-remote-access-console-or-dos-prompt/


Windows XP Persistent Route


   The example below show step by step to add persistent route or some say permanent static route on the Windows XP computer, the same rules or command can be apply on Windows 2000

1. Click on Start menu, then click on Run to open the run command window.
Windows XP start menu

2. On the Open text box type in cmd and click OK button to start the Windows XP command interpreter.
Windows XP run command window

Windows XP command interpreter

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Jason>

3.  To display routing table information on your Windows XP machine, type in 'route print' as shown on example below.

C:\Documents and Settings\Jason>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 50 56 c0 00 08 ...... VMware Virtual Ethernet Adapter for VMnet8
0x3 ...00 50 56 c0 00 01 ...... VMware Virtual Ethernet Adapter for VMnet1
0x4 ...00 16 17 6c 38 31 ...... VIA Compatable Fast Ethernet Adapter - Packet Scheduler Miniport
0x5 ...00 11 67 25 56 41 ...... Bluetooth PAN Network Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.15 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.15 192.168.1.15 30
192.168.1.0 255.255.255.0 192.168.1.11 192.168.1.11 20
192.168.1.0 255.255.255.0 192.168.1.12 192.168.1.12 20
192.168.1.0 255.255.255.0 192.168.1.15 192.168.1.15 20
192.168.1.11 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.12 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.15 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.11 192.168.1.11 20
192.168.1.255 255.255.255.255 192.168.1.12 192.168.1.12 20
192.168.1.255 255.255.255.255 192.168.1.15 192.168.1.15 20
224.0.0.0 240.0.0.0 192.168.1.11 192.168.1.11 20
224.0.0.0 240.0.0.0 192.168.1.12 192.168.1.12 20
224.0.0.0 240.0.0.0 192.168.1.15 192.168.1.15 20
255.255.255.255 255.255.255.255 192.168.1.11 192.168.1.11 1
255.255.255.255 255.255.255.255 192.168.1.12 192.168.1.12 1
255.255.255.255 255.255.255.255 192.168.1.15 192.168.1.15 1
255.255.255.255 255.255.255.255 192.168.1.15 5 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

C:\Documents and Settings\Jason>

Display route command help


4.  To get more information or help on manipulating the routing table on Windows XP type in 'route /?' and then hit the Enter key as shown on the example below.

C:\Documents and Settings\Jason>route /?

Manipulates network routing tables.

ROUTE [-f] [-p] [command [destination]
[MASK netmask] [gateway] [METRIC metric] [IF interface]

-f Clears the routing tables of all gateway entries. If this is used in conjunction with one of the commands, the tables are cleared prior to running the command.
-p When used with the ADD command, makes a route persistent across boots of the system. By default, routes are not preserved when the system is restarted. Ignored for all other commands, which always affect the appropriate persistent routes. This option is not supported in Windows 95.
command One of these:
PRINT Prints a route
ADD Adds a route
DELETE Deletes a route
CHANGE Modifies an existing route
destination Specifies the host.
MASK Specifies that the next parameter is the 'netmask' value.
netmask Specifies a subnet mask value for this route entry.
If not specified, it defaults to 255.255.255.255.
gateway Specifies gateway.
interface the interface number for the specified route.
METRIC specifies the metric, ie. cost for the destination.

All symbolic names used for destination are looked up in the network database file NETWORKS. The symbolic names for gateway are looked up in the host name database file HOSTS.

If the command is PRINT or DELETE. Destination or gateway can be a wildcard, (wildcard is specified as a star '*'), or the gateway argument may be omitted.

If Dest contains a * or ?, it is treated as a shell pattern, and only matching destination routes are printed. The '*' matches any string, and '?' matches any one char. Examples: 157.*.1, 157.*, 127.*, *224*.
Diagnostic Notes:
Invalid MASK generates an error, that is when (DEST & MASK) != DEST.
Example> route ADD 157.0.0.0 MASK 155.0.0.0 157.55.80.1 IF 1
The route addition failed: The specified mask parameter is invalid. (Destination & Mask) != Destination.

Examples:

> route PRINT
> route ADD 157.0.0.0 MASK 255.0.0.0 157.55.80.1 METRIC 3 IF 2
         destination^      ^mask     ^gateway     metric^    ^
                                                    Interface^
If IF is not given, it tries to find the best interface for a given gateway.
> route PRINT
> route PRINT 157* .... Only prints those matching 157*
> route CHANGE 157.0.0.0 MASK 255.0.0.0 157.55.80.5 METRIC 2 IF 2

CHANGE is used to modify gateway and/or metric only.
> route PRINT
> route DELETE 157.0.0.0
> route PRINT

C:\Documents and Settings\Jason>

Add persistent route on Windows XP


5.  The command example below show the route command to add persistent route (permanent static route)

C:\Documents and Settings\Jason>route ADD -p 192.168.1.0 MASK 255.255.255.0 192.168.1.1

command explanations:

Windows XP persistent route explaination

6.  Verify the changes using 'route PRINT' command.

C:\Documents and Settings\Jason>route PRINT
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 50 56 c0 00 08 ...... VMware Virtual Ethernet Adapter for VMnet8
0x3 ...00 50 56 c0 00 01 ...... VMware Virtual Ethernet Adapter for VMnet1
0x4 ...00 16 17 6c 38 31 ...... VIA Compatable Fast Ethernet Adapter - Packet Scheduler Miniport
0x5 ...00 11 67 25 56 41 ...... Bluetooth PAN Network Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.15 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.15 192.168.1.15 30
192.168.1.0 255.255.255.0 192.168.1.11 192.168.1.11 20
192.168.1.0 255.255.255.0 192.168.1.12 192.168.1.12 20
192.168.1.0 255.255.255.0 192.168.1.15 192.168.1.15 20
192.168.1.0 255.255.255.0 192.168.1.1 192.168.1.11 1
192.168.1.11 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.12 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.15 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.11 192.168.1.11 20
192.168.1.255 255.255.255.255 192.168.1.12 192.168.1.12 20
192.168.1.255 255.255.255.255 192.168.1.15 192.168.1.15 20
224.0.0.0 240.0.0.0 192.168.1.11 192.168.1.11 20
224.0.0.0 240.0.0.0 192.168.1.12 192.168.1.12 20
224.0.0.0 240.0.0.0 192.168.1.15 192.168.1.15 20
255.255.255.255 255.255.255.255 192.168.1.11 192.168.1.11 1
255.255.255.255 255.255.255.255 192.168.1.12 192.168.1.12 1
255.255.255.255 255.255.255.255 192.168.1.15 192.168.1.15 1
255.255.255.255 255.255.255.255 192.168.1.15 5 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
192.168.1.0 255.255.255.0 192.168.1.1 1

C:\Documents and Settings\Jason>

Delete persistent route on Windows XP


7.  The example below show the example of route command use to delete or remove persistence route that we add on the Windows routing table on earlier example.

C:\Documents and Settings\Jason>route DELETE 192.168.1.0

8.  To verify the changes made after we execute the command to delete the route, execute the 'route PRINT' command as show on the example below.

C:\Documents and Settings\Jason>route PRINT
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 50 56 c0 00 08 ...... VMware Virtual Ethernet Adapter for VMnet8
0x3 ...00 50 56 c0 00 01 ...... VMware Virtual Ethernet Adapter for VMnet1
0x4 ...00 16 17 6c 38 31 ...... VIA Compatable Fast Ethernet Adapter - Packet Scheduler Miniport
0x5 ...00 11 67 25 56 41 ...... Bluetooth PAN Network Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.15 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.15 192.168.1.15 30
192.168.1.0 255.255.255.0 192.168.1.11 192.168.1.11 20
192.168.1.0 255.255.255.0 192.168.1.12 192.168.1.12 20
192.168.1.0 255.255.255.0 192.168.1.15 192.168.1.15 20
192.168.1.11 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.12 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.15 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.11 192.168.1.11 20
192.168.1.255 255.255.255.255 192.168.1.12 192.168.1.12 20
192.168.1.255 255.255.255.255 192.168.1.15 192.168.1.15 20
224.0.0.0 240.0.0.0 192.168.1.11 192.168.1.11 20
224.0.0.0 240.0.0.0 192.168.1.12 192.168.1.12 20
224.0.0.0 240.0.0.0 192.168.1.15 192.168.1.15 20
255.255.255.255 255.255.255.255 192.168.1.11 192.168.1.11 1
255.255.255.255 255.255.255.255 192.168.1.12 192.168.1.12 1
255.255.255.255 255.255.255.255 192.168.1.15 192.168.1.15 1
255.255.255.255 255.255.255.255 192.168.1.15 5 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

C:\Documents and Settings\Jason>

Temporary route


   To temporarily add route on your Windows XP, just remove the -p on the persistent route command, as shown on the example below.

C:\Documents and Settings\Jason>route ADD 192.168.1.0 MASK 255.255.255.0 192.168.1.1


Keywords: persistent route, persistent route xp, add persistent route, windows xp route, route windows xp, static route xp, temporary route xp, add route windows xp


REFERENCES

    VPN client can’t access to a Mulithomed computer without gateway or route return

    SkyHi @ Thursday, January 20, 2011
    Situation: a multihomed computer is setup one NIC connecting to a DMZ (IP 172.254.2.0/16) with default gateway and another other network NIC connecting the LAN (IP 10.0.0.0/16) without gateway. The user can establish the VPN using IP 192.169.198.0/24 to access the LAN but not this multihomed computer because LAN NIC doesn’t have gateway or route return. The below are the results of ipconfig and routing table.
    ipconfig
    Windows IP Configuration
    Ethernet adapter Local Area Connection 2:
            Connection-specific DNS Suffix  . :
            IP Address. . . . . . . . . . . . : 10.0.0.106
            Subnet Mask . . . . . . . . . . . : 255.255.0.0
            Default Gateway . . . . . . . . . :
    Ethernet adapter Local Area Connection:
            Connection-specific DNS Suffix  . :
            IP Address. . . . . . . . . . . . : 172.254.2.66
            Subnet Mask . . . . . . . . . . . : 255.255.255.0
            Default Gateway . . . . . . . . . : 172.254.2.251 
    route print
    ===========================================================================
    Interface List
    0x1 ........................... MS TCP Loopback interface
    0x2 ...00 04 76 35 e1 18 ...... 3Com 3CSOHO Fast Ethernet Adapter - Packet Sched
    uler Miniport
    0x3 ...00 17 a4 40 73 11 ...... Broadcom NetXtreme Gigabit Ethernet - Packet Sch
    eduler Miniport
    ===========================================================================
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0    172.254.2.251    172.254.2.66       20
             10.0.0.0      255.255.0.0       10.0.0.106      10.0.0.106       20
           10.0.0.106  255.255.255.255        127.0.0.1       127.0.0.1       20
       10.255.255.255  255.255.255.255       10.0.0.106      10.0.0.106       20
            127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
          172.254.2.0    255.255.255.0     172.254.2.66    172.254.2.66       20
         172.254.2.66  255.255.255.255        127.0.0.1       127.0.0.1       20
      172.254.255.255  255.255.255.255     172.254.2.66    172.254.2.66       20
            224.0.0.0        240.0.0.0       10.0.0.106      10.0.0.106       20
            224.0.0.0        240.0.0.0     172.254.2.66    172.254.2.66       20
      255.255.255.255  255.255.255.255       10.0.0.106      10.0.0.106       1
      255.255.255.255  255.255.255.255     172.254.2.66    172.254.2.66       1
    Default Gateway:     172.254.2.251
    ===========================================================================
    Persistent Routes:
      None
    Solution: modify the routing table on the multihomed computer so that the computer has route return to the VPN. In our case, do this command “route add 192.168.198.0 mask 255.255.255.0 10.0.0.2”. The below is the modified routing table.
    route print
    ===========================================================================
    Interface List
    0x1 ........................... MS TCP Loopback interface
    0x2 ...00 04 76 35 e1 18 ...... 3Com 3CSOHO Fast Ethernet Adapter - Packet Sched
    uler Miniport
    0x3 ...00 17 a4 40 73 11 ...... Broadcom NetXtreme Gigabit Ethernet - Packet Sch
    eduler Miniport
    ===========================================================================
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0    172.254.2.251    172.254.2.66       20
             10.0.0.0      255.255.0.0       10.0.0.106      10.0.0.106       20
           10.0.0.106  255.255.255.255        127.0.0.1       127.0.0.1       20
       10.255.255.255  255.255.255.255       10.0.0.106      10.0.0.106       20
            127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
          172.254.2.0    255.255.255.0     172.254.2.66    172.254.2.66       20
         172.254.2.66  255.255.255.255        127.0.0.1       127.0.0.1       20
      172.254.255.255  255.255.255.255     172.254.2.66    172.254.2.66       20
        192.168.198.0    255.255.255.0         10.0.0.2      10.0.0.106       1
            224.0.0.0        240.0.0.0       10.0.0.106      10.0.0.106       20
            224.0.0.0        240.0.0.0     172.254.2.66    172.254.2.66       20
      255.255.255.255  255.255.255.255       10.0.0.106      10.0.0.106       1
      255.255.255.255  255.255.255.255     172.254.2.66    172.254.2.66       1
    Default Gateway:     172.254.2.251
    ===========================================================================
    Persistent Routes:

    REFERENCES
    http://www.chicagotech.net/VPN/vpnrouting1.htm

    Tuesday, January 18, 2011

    Viewing hidden files on a Mac

    SkyHi @ Tuesday, January 18, 2011
    Viewing hidden files on a Mac is useful for accessing the hidden UNIX directories or for recovering Music from an iPod. Additionally, by prefixing the name of a folder with a '.', you can create a folder that is seemingly hidden from prying eyes.
    To view hidden folders:
    1. Open the Terminal (located in /Applications/Utilities/)
    2. At the command prompt type
      defaults write com.apple.finder AppleShowAllFiles -bool true
       
    3. Press return to execute the command.
    4. For the changes to take effect, either log out then log back in again, or relaunch Finder (this can be done from the Force Quit Window or by typing 'killall Finder' in a Terminal window).
    To hide the hidden files again:
    1. Open the Terminal
    2. At the command prompt type
      defaults write com.apple.finder AppleShowAllFiles -bool false
       
    3. then press return to execute the command.
    4. Log out then back in again, or relaunch Finder (explained above). 
    REFERENCES
    http://guides.macrumors.com/Viewing_hidden_files_on_a_Mac

    MySQL 5.0 vs 5.1 triggers

    SkyHi @ Tuesday, January 18, 2011
    I am developer basically and my client have shared hosting plan in site5. i wanted to create mysql triggers in my account. but it said super privilege is required for that so i contact site5 support. there answer was plain simple ...

    "Triggers require special permissions which are not available on our shared hosting plans. We can elevate this security measure on a dedicated server if needed, however due to nature of shared hosting, it's not something we can do while keeping security."

    So i researched about it what things cause security problem, problem was prior to mysql 5.1 it required special privilege called SUPER. now this privilege can create security measures as if it is granted you can change other peoples databases in shared accounts. but after mysql 5.1 it does not require SUPER privilege, it has its own grant permission just like other mysql commands TRIGGER privilege. so i asked support people which version we have at site5 server. in case we have old MySQL server can we upgrade our server to 5.1 at least?

    But i got reply like this "Triggers are not available on our shared hosting plans due to control panel limitation as it requires special permissions. We can only elevate those on our dedicated servers."




    As you know, we run MySQL 5.0.x on our shared and reseller servers. None of our servers are currently running MySQL 5.1. In order to use TRIGGERS with MySQL 5.0.x, you must have the SUPER privilege also. For security reasons, we are not going to grant this to regular users:

    http://dev.mysql.com/doc/refman/5.1/...tml#priv_super

    We do plan to eventually upgrade to MySQL 5.1 and when that time comes it will be a simple matter of enabling the TRIGGER privilege per-user. Until we do that, we will not be enabling any sort of workarounds to enable TRIGGER privileges. TRIGGER will not be available until MySQL 5.1 is installed on our server fleet.

    REFERENCES
    http://forums.site5.com/showthread.php?t=28931

    SSL Certificate Installation Checker

    SkyHi @ Tuesday, January 18, 2011
    Thawte SSL Certificate Installation Checker
    ** All other server platforms

    Please download the Thawte Intermediate CAs for your SSL certificate here:
    https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=AR1371

    If you require the CA bundle version of the Intermediate CAs, please download it here:
    https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=AR1372

    3. CHECK INSTALLATION:
    Ensure you have installed your certificate correctly at:
    https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO9555

    4. INSTALL THE THAWTE TRUSTED SEAL:
    Additionally, as part of your SSL Certificate Service, you are entitled to display the Thawte Trusted Seal - recognised across the Internet and around the world as a symbol of authenticity, security, and trust - to build consumer confidence in your Web site.

    Installation instructions for the Thawte Trusted Seal can be found on the following link:
    http://www.thawte.com/ssl/secured-seal/installation-agreement/index.html

    Visit the Thawte Support Web site, where you will find a range of support tools to help you:
    https://search.thawte.com/support/ssl-digital-certificates/index.html




    VeriSign SSL Certificate Installation Checker
    IMPORTANT! In order for your SSL Certificate to function properly, you must download and install the VeriSign Intermediate CA Certificate on your Web server. Microsoft Internet Information Services (IIS) 5.0 and above automatically installs the Intermediate CA Certificate when you install the SSL Certificate and does not require separate installation. All other Web servers require you to install the Intermediate CA separately.
    ===========================

    For detailed installation instructions for your SSL Certificate and the Intermediate CA, go to:
    https://www.verisign.com/support/ssl-certificates-support/install-ssl-certificate.html

    ===========================
    NEW CERTIFICATE INSTALLATION CHECKER
    Ensure you have installed your certificate correctly at: https://knowledge.verisign.com/support/ssl-certificates-support/index?page=certchecker
    ===========================

    Additionally, as part of your Secure Site Service, you are entitled to display the VeriSign Secured Seal - recognized across the Internet and around the world as a symbol of authenticity, security, and trust - to build consumer confidence in your Web site. For installation instructions for your VeriSign Secured Seal, go to:
    https://www.verisign.com/ssl/secured-seal/index.html




    SSL for IIS 6.0 
    D: I just want to confirm if a new csr is needed to renew a SSL123
    on IIS6.0?


    A: Need to create a new csr via dummy site as there is a bug in IIs
    during renew process it create csr which has few fields striped and hence
    renew csr do not match original order
    A: To resolve the problem you need to create a dummy site in IIS name
    it dummy site
    Make Sure CN is your Domain Name
    Generate a CSR for dummy site CN is your domain name
    Apply for a Renew or Reissue Certificate
    Install the New SSL Cert on Dummy Site
    Replace Production site or Default site with dummy site
    Delete Dummy site
    The agent is sending you to
    https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO3881.

    D: got you, that's exactly what I found..thx....that's such as
    hassle just to renew a ssl...hehe
    A: There is a bug in IIS



    ERROR:  The intermediate CA certificate cannot be found for the following certificate chain. 
    Solution: if everything is correct, restart Apache instead reload Apache.

    Monday, January 17, 2011

    Ebook Formats, DRM and You — A Guide for the Perplexed

    SkyHi @ Monday, January 17, 2011
    DRM: What it is and why you should care about it.
    DRM is used by publishers to restrict what you can do with your ebooks. DRM controls which devices you can use to read your ebook, and stops you converting your ebooks from one format to another.
    DRM makes buying and using ebooks harder. When you first start using ebooks, you might not notice the restrictions very much. But the restrictions are there.
    There are several different DRM schemes. Ebooks with one DRM scheme can’t be read on a device that uses a different DRM scheme. Some DRM schemes limit ebooks to one device only, so if you want to read that ebook on a different device, it’s necessary to download the ebook again. Others require new devices to be authorised by a cerntral server on the Internet.
    When you want to use a different ebook reader, or if the supplier stops supporting the ebooks you’ve bought, you may lose access to your DRMed ebooks.
    So to be able to read your ebooks on all the devices you have now, and to be sure that you will still be able to read your ebooks in the future, you will want to remove the DRM.

    Ethics of DRM Removal
    It shouldn’t really be necessary to say this, but just to be clear: none of the developers and maintainers of these tools or this site are in favour of ebooks being ‘pirated’. We expect people to use these tools only to gain full access to ebooks they have bought themselves. Dedrmed ebooks should not be uploaded to open servers, torrents, or other methods of mass distribution. No help will be given to people doing such things, and no links to such books should be posted here. Authors, Publishers and Ebook retailers all need to earn money to be able to carry on making great ebooks available.

    The simplest option for removing DRM
    (At least, simplest for Windows and Linux users. Mac OS X 10.5 and 10.6 users might find the AppleScript solution easier (see below), if they don’t already use calibre.)
    0. You must already be able read your ebooks, either on your computer or on your ebook reader. (Kindle, nook, etc.) If you cannot read your ebooks on your computer or on your ebook reader, you won’t be able to remove the DRM. Contact your ebook retailer and sort out any problems reading your ebooks before trying to remove the DRM.

    1. Download and install calibre for your Operating System.
    2. Download the latest combined tools package, and unzip it. (On Windows, right-click and “Extract All…”)
    3. Run calibre. Click Preferences. Click Plug-ins.
    4. Click on the large “Add a new plugin” button
    5. Navigate to the tools folder unzipped in step 2
    6. Open the Calibre_Plugins folder
    7. Select one of the zip files in that folder
    8. Click on Add
    9. Click on the “Yes” button in the warning dialog that appears. A Confirmation dialog appears that the plug-in has been installed.
    10. Repeat steps 4 to 9 for every zip file in the Calibre_Plugins folder (five at present).
    11. You must now configure the plugins. Which plugins need configuring, and the information you need to enter depends on what kind of ebooks you have. If your ebooks don’t match the description at the start of any of the following items, ignore it and move on to the next.

    To configure a plugin, you must find it in the list of plugins. All the DRM removal plugins are in the File type plugins section of the Plugins section of the calibre prefereces. Click on the plugin in the list to select it, and then click on the Customize plugin button. In the dialog that then pops up, enter the required information, detailed below.
    a. If you have Mobipocket ebooks, where you either entered a PID on the retailer’s web site, or you must read them in Mobipocket Reader, you must enter the PID you entered on the retailer’s web site, or the PID of your installation of Mobipocket Reader into the customisation field of the K4MobiDeDRM plugin. The PID will be ten numbers and letters, with * or $ as the eighth character. If you have more than one PID, enter them separated by commas,

    b. If you have Amazon Kindle ebooks that were downloaded to your Kindle, you must enter your Kindle’s serial number into the customisation field of the K4MobiDeDRM plugin. If you have already entered a PID there, add the Kindle serial number as well, separating it from the PID with a comma.
    c. If you have Amazon Kindle ebooks that were downloaded to the copy of Kindle for Mac or Kindle for PC that was installed on this computer, you do not need to add anything extra into the customisation fields.
    d. If you have ePub ebooks that can be read in Adobe Digital Editions, you do not need to add anything extra into the customisation fields.
    e. If you have PDF ebooks that can be read in Adobe Digital Editions, you do not need to add anything extra into the customisation fields.
    f. If you have ePub ebooks from Barnes and Noble (e.g. for nook), you must enter your name and full credit card number into the customisation field of the Ignoble Epub DeDRM plugin. The name and credit card number should be the ones set as part of the Credit Card unlock code on your Nook Library page. Separate the name from the number with a comma and do not put any spaces in the card number or around the comma.
    g. If you have eReader ebooks from Barnes and Noble, or from, say, Fictionwise, your must enter your name and the last 8 digits of your credit card number into the customisation field of the eReader PDB 2 PML plugin. Again, the name and credit card number must be the ones entered at your ebook retailer’s website as the DRM key/Unlock code.
    h. If you have ebooks bought at the Apple iBooks store, it is not currently possible to remove the DRM.
    i. If you have Microsoft LIT ebooks, there is no Calibre plugin that can remove the DRM.
    12. Now click on the Apply button, and then close the preferences.
    You’re now ready to remove the DRM from your ebooks. Just import them into calibre, and the DRM will be removed. The plugins ONLY remove the DRM when the ebooks are imported. If you have already imported your ebooks into calibre, your will need to remove them and import them again.

    Converting to other formats
    Calibre will convert your ebooks for you, once they have had the DRM removed.

    Other Ways to Remove DRM
    Other tools for removing DRM are addressed in other posts in this blog.
    Mac OS X 10.5 and 10.6 users who don’t want to use calibre should use the DeDRM AppleScript, as described in my post, DeDRM AppleScript for Mac OS X 10.5, 10.6.
    Mac OS X 10.4 and below users will need to install at least Python 2.5, and possibly OpenSSL as well, and then use the stand-alone tools. I do not currently have detailed instructions for Mac OS X 10.4 and below.
    Windows users who don’t want to use calibre will need to install Python and PyCrypto and use the stand-alone tools, as described in my post, Windows, Python, Ebooks and DRM.
    Linux users are sure to be able to work things out for themselves from the Read Me files included in the large tools archive.

    REFERENCES
    http://apprenticealf.wordpress.com/2011/01/13/ebooks-formats-drm-and-you-%E2%80%94-a-guide-for-the-perplexed/

    Back up MySQL Databases with a Simple Bash Script

    SkyHi @ Monday, January 17, 2011
    If you host your own blog or any Web-based application running on the Apache/MySQL/PHP stack, you should have a backup system in place for keeping data stored in MySQL databases safe. There are several solutions that can help you with that, but nothing beats a simple Bash script I stumbled upon in a blog post comment. Here is the script in all its beauty:



    #!/bin/bash
    
    NOW=`date +"%Y-%m"`;
    BACKUPDIR="location/of/your/backup/dir/$NOW";
    
    ### Server Setup ###
    #* MySQL login user name *#
    MUSER="user";
    
    #* MySQL login PASSWORD name *#
    MPASS="pass";
    
    #* MySQL login HOST name *#
    MHOST="your-mysql-ip";
    MPORT="your-mysql-port";
    
    # DO NOT BACKUP these databases
    IGNOREDB="
    information_schema
    mysql
    test
    "
    
    #* MySQL binaries *#
    MYSQL=`which mysql`;
    MYSQLDUMP=`which mysqldump`;
    GZIP=`which gzip`;
    
    # assuming that /nas is mounted via /etc/fstab
    if [ ! -d $BACKUPDIR ]; then
      mkdir -p $BACKUPDIR
    else
     :
    fi
    
    # get all database listing
    DBS="$(mysql -u $MUSER -p$MPASS -h $MHOST -P $MPORT -Bse 'show databases')"
    
    # SET DATE AND TIME FOR THE FILE
    NOW=`date +"d%dh%Hm%Ms%S"`; # day-hour-minute-sec format
    # start to dump database one by one
    for db in $DBS
    do
            DUMP="yes";
            if [ "$IGNOREDB" != "" ]; then
                    for i in $IGNOREDB # Store all value of $IGNOREDB ON i
                    do
                            if [ "$db" == "$i" ]; then # If result of $DBS(db) is equal to $IGNOREDB(i) then
                                    DUMP="NO";         # SET value of DUMP to "no"
                                    #echo "$i database is being ignored!";
                            fi
                    done
            fi
    
            if [ "$DUMP" == "yes" ]; then # If value of DUMP is "yes" then backup database
                    FILE="$BACKUPDIR/$NOW-$db.gz";
                    echo "BACKING UP $db";
                    $MYSQLDUMP --add-drop-database --opt --lock-all-tables -u $MUSER -p$MPASS -h $MHOST -P $MPORT $db | gzip > $FILE
            fi
    done
    

    The best part is that you only need to specify a handful of parameters to make the script work. This includes BACKUPDIR (the destination for storing backups), MUSER (MySQL user), MPASS (MySQL user password), MHOST (the IP address of the MySQL server, e.g. localhost), and MPORT (the port the MySQL database is running on, default is 3306).

    You can run the script manually, or you can set up a cron job which will perform backups on a regular basis. To do this, run the crontab -e command and add the following line (replace the sample path with the actual path and backup script name):

    @daily /path/to/mysqlbackupscript.sh

    Don't forget to make the script executable using the chmod a+x mysqlbackupscript.sh command.

    REFERENCES
    http://www.linuxpromagazine.com/Online/Blogs/Productivity-Sauce/Back-up-MySQL-Databases-with-a-Simple-Bash-Script