Command Center

Got a spambot or scraper constantly showing up in your server logs? Or maybe there's another site that's leeching all your bandwidth? Perhaps you just want to ban a user from a certain IP address? In this article, I'll show you how to use .htaccess to do all of that and more!

Identifying bad bots

So you've noticed a certain user-agent keeps showing up in your logs, but you're not sure what it is, or if you want to ban it? There's a few ways to find out:

• Google it: Try a search like this.
• Check the User Agent Database.
• Head over to Webmaster World and search again or start a new thread.

Once you've determined that the bot is something you want to block, the next step is to add it to your .htaccess file.

Blocking bots with .htaccess

This example, and all of the following examples, can be placed at the bottom of your .htaccess file. If you don't already have a file called .htaccess in your site's root directory, you can create a new one.

#get rid of the bad bot
   RewriteEngine on
   RewriteCond %{HTTP_USER_AGENT} ^BadBot
   RewriteRule ^(.*)$ http://go.away/

So, what does this code do? It's simple: the above lines tell your webserver to check for any bot whose user-agent string starts with "BadBot". When it sees a bot that matches, it redirects them to a non-existent site called "go.away".
Now, that's great to start with, but what if you want to block more than one bot?

#get rid of bad bots
   RewriteEngine on
   RewriteCond %{HTTP_USER_AGENT} ^BadBot [OR]
   RewriteCond %{HTTP_USER_AGENT} ^EvilScraper [OR]
   RewriteCond %{HTTP_USER_AGENT} ^FakeUser
   RewriteRule ^(.*)$ http://go.away/

The code above shows the same thing as before, but this time I'm blocking 3 different bots. Note the "[OR]" option after the first two bot names: this lets the server know there's more in the list.

Blocking Bandwidth Leeches

Say there's a certain forum that's always hotlinking your images, and it's eating up all your bandwidth. You could replace the image with something really gross, but in some countries that might get you sued! The best way to deal with this problem is simply to block the site, like so:

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://.*somebadforum\.com [NC]
RewriteRule .* - [F] 

This code will return a 403 Forbidden error to anyone trying to hotlink your images on somebadforum.com. The end result: users on that site will see a broken image, and your bandwidth is no longer being stolen.
Here's the code for blocking more than one site:

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://.*somebadforum\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*example\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*lastexample\.com [NC]
RewriteRule .* - [F] 

If you want to block hotlinking completely, so that no one can hotlink your files, take a look at my article on using .htaccess to block hotlinkers.

Banning An IP Address

Sometimes you just don't want a certain person (or bot) accessing your website at all. One simple way to block them is to ban their IP address:

order allow,deny
deny from 192.168.44.201
deny from 224.39.163.12
deny from 172.16.7.92
allow from all

The example above shows how to block 3 different IP addresses. Sometimes you might want to block a whole range of IP addresses:

order allow,deny
deny from 192.168.
deny from 10.0.0.
allow from all

The above code will block any IP address starting with "192.168." or "10.0.0." from accessing your site.
Finally, here's the code to block any specific ISP from getting access:

order allow,deny
deny from some-evil-isp.com
deny from subdomain.another-evil-isp.com
allow from all

Final notes on using .htaccess

As you can see, .htaccess is a very powerful tool for controlling who can do what on your website. Because it's so powerful, it's also fairly easy for things to go wrong. If you have any mistakes or typos in your .htaccess file, the server will spit out an Error 500 page instead of showing your site, so be sure to back up your .htaccess file before making any changes.
If you'd like to learn more about writing .htaccess files, I recommend checking out the Definitive Guide to Mod_Rewrite. This book covers everything you need to know about Apache's .htaccess rewrite system.

REFERENCES
http://blamcast.net/articles/block-bots-hotlinking-ban-ip-htaccess

If you have multiple Windows servers that need to use the same SSL certificate, such as in a load-balancer environment or using a wildcard or UC SSL certificates, you can export the certificate to .pfx file and import it on a new Windows server. This may also be necessary when you switch hosting companies. We will go over the exact process with step-by-step instructions in this article. If necessary, you can copy the SSL certificate to an Apache or other type of server.
We will assume that you have already successfully installed the SSL certificate on one Windows web server. You will follow these steps to move or copy that working certificate to a new server:

1. Export the SSL certificate from the server with the private key and any intermediate certificates into a .pfx file.
2. Import the SSL certificate and private key on the new server.
3. Configure your web sites to use them in IIS.

On a Windows server you will need to export your certificate from the MMC console to a .pfx file with your private key. You can then copy that .pfx file to the new Windows server and import it. The following screenshots are from a Windows Server 2008 machine but any differences for Windows Server 2003 are noted.

Export the certificate from the Windows MMC console

Note: These instructions will have you export the certificate using the MMC console. If you have Windows Server 2008 (IIS7) you can also import and export certificates directly in the Server Certificates section in IIS. Click here to hide or show the images

1. Click on the Start menu and click Run.
2. Type in mmc and click OK.
   
3. Click on the File menu and click Add/Remove Snap-in...
   
4. If you are using Windows Server 2003, click on the Add button. Double-click on Certificates.
   
5. Click on Computer Account and click Next.
   
6. Leave Local Computer selected and click Finish.
   
7. If you are using Windows Server 2003, click the Close button. Click OK.
   
8. Click the plus sign next to Certificates in the left pane.
   
9. Click the plus sign next to the Personal folder and click on the Certificates folder. Right-click on the certificate you would like to export and select All Tasks and then Export...
   
10. In the Certificate Export Wizard click Next.
    
11. Choose "Yes, export the private key" and click Next.
    
12. Click the checkbox next to "Include all certificates in the certification path if possible" and click Next.
    
13. Enter and confirm a password. This password will be needed whenever the certificate is imported to another server.
    
14. Click Browse and find a location to save the .pfx file to. Type in a name such as "mydomain.pfx" and then click Next.
    
15. Click Finish. The .pfx file containing the certificates and the private key is now saved to the location you specified.
    

Import the certificate in the Windows MMC console

After you have exported the certificate from the original server you will need to copy the .pfx file that you created to the new server and follow these import instructions.

1. Click on the Start menu and click Run.
2. Type in mmc and click OK.
   
3. Click on the File menu and click Add/Remove Snap-in...
   
4. If you are using Windows Server 2003, click on the Add button. Double-click on Certificates.
   
5. Click on Computer Account and click Next.
   
6. Leave Local Computer selected and click Finish.
   
7. If you are using Windows Server 2003, click the Close button. Click OK.
   
8. Right-click on the Personal folder and select All Tasks and then Import...
   
9. In the Certificate Import Wizard click Next.
   
10. Click the Browse button and change the file type from "X.509..." to "Personal Information Exchange (*.pfx, *.p12)". find the .pfx file that you copied over and click Open and then Next.
    
11. Enter the password that you set when you exported the .pfx file and click "Mark this key as exportable" so you can export the certificate from this machine as well as the original. Click Next.
    
12. Click "Automatically select the certificate store based on the type of certificate" and click Next.
    
13. Click Finish to complete the wizard.
    
14. You can now click the Refresh button in the toolbar to refresh and find your certificate in the Certificates folder under Personal. You can verify that it was imported correctly by double-clicking it and looking for "You have a private key that corresponds to this certificate" at the bottom of the certificate dialog.
    
15. Close the MMC console. You do not need to save any changes.

Assigning the SSL certificate

After you have imported the .pfx file, you will either need to assign the certificate in IIS, enable the certificate for the services you need in Exchange or select the certificate in any other software that you are using. Because IIS is the most common place to use SSL certificates, we have included the instructions for assigning a website to use the new certificate in IIS 6 (Windows Server 2003). If you have Windows Server 2008, just follow the binding part of the IIS 7 SSL Certificate Installation instructions.

1. In IIS, right-click on the website that needs the certificate and click on Properties.
2. Click the Directory Security tab and click on the Server Certificate button to run the server certificate wizard.
3. If you already have a certificate on that website you will need to remove it and then start the wizard again.
4. Click "Assign an existing certificate" and click Next.
5. Select the new certificate that you just imported and click Next.
6. Click Finish. You may need to restart IIS for the certificate to start working with the assigned website.

While there are several steps in the process, moving an SSL certificate from one Windows server to another is an easy task. It involves exporting a working SSL certificate from the MMC console to a .pfx file which contains the certificates and private key and then importing that file in the MMC console of the new or additional server. You will then need to assign or bind the certificate to a website in IIS in order to start using it on a website. If you need to move your SSL certificate to or from a different type of server, select the server type on our main SSL Certificate Import/Export Page




REFERENCES
http://www.sslshopper.com/move-or-copy-an-ssl-certificate-from-a-windows-server-to-another-windows-server.html

Have a CD or DVD lying around that you are sick of putting in the drive every time you need something on the disc?
How about just making an .iso file that you can mount as you need? Or maybe you just want a “master” copy of the media so you can create another copy at a future date.
At any rate it is rather easy to accomplish in Ubuntu:

sudo umount /dev/cdrom
dd if=/dev/cdrom of=file.iso bs=1024

You can also do the same with folders:
mkisofs -r -o file.iso /location_of_folder/

Don’t forget to make a checksum:
md5sum file.iso > file.iso.md5



====================================================================

This is very helpfull to backup you cd and dvd into iso images:

To make an ISO from your CD/DVD, place the media in your drive but do not mount it. If it automounts, unmount it. (ubuntu automount so you need to unmount, that's quite easy, just choose the option unmount from the shell).

dd if=/dev/dvd of=dvd.iso # for dvd
dd if=/dev/cdrom of=cd.iso # for cdrom
dd if=/dev/scd0 of=cd.iso # if cdrom is scsi

To make an ISO from files on your hard drive, create a directory which holds the files you want. Then use the mkisofs command.

mkisofs -o /tmp/cd.iso /tmp/directory/

This results in a file called cd.iso in folder /tmp which contains all the files and directories in /tmp/directory/.

For more info, see the man pages for mkisofs, losetup, and dd, or see the CD-Writing-HOWTO at http://www.tldp.org.
 
===========================================================





 1. Create ISO Images With K3b
K3b is the KDE default CD/DVD burner and also one of the most popular (if not the most popular) burning application for Linux. The current version comes installed by default in Kubuntu 8.10 and 9.04, but if you are using Ubuntu and want to get install it issue the following command:

sudo apt-get install k3b

A port for KDE4 is in the works too, but until now there is no stable release. (Update: This applies for K3b 2.0+ too)

To create an ISO image just fire up K3b and follow the steps below:

Go to File -> New Project -> New Data CD Project (or New Data DVD Project, depending on what size the image you want to create will have):


Next, drag and drop the files and folders from the file browser to the bottom area:


Now, click the Burn button and, in the window that appears, tick the Only create image option under the Settings widget. The image will be created by default as the /tmp/kde-YOUR_USERNAME/image_name.iso, but you can change this location in the Image tab.



Next, click on Start and wait for the image to be created. This should be all.


Here's what the file /var/kde-embryo/my_iso_image.iso shows:

embryo@kubu:~$ file /tmp/kde-embryo/my_iso_image.iso
/tmp/kde-embryo/my_iso_image.iso: ISO 9660 CD-ROM filesystem data 'my_iso_image '

2. Create ISO images with Brasero
Brasero is the default CD/DVD burning application in Ubuntu. The way Brasero creates images is similar with K3b's. If you don't have Brasero installed for some reason, type:

sudo apt-get install brasero

Start Brasero (or fire it up, as you wish to call it) and click on the Data project button (or go to Project -> New Project -> New Data Project).


Change the name of the disc at the bottom to whatever you like and then click on the green plus sign in the upper left corner in the toolbar to start adding files and directories to your image:


After you finished adding files click on Burn and make sure no empty CD/DVD is in your optical drives:


This should be all. The image will be located in the home directory.

3. Create ISO images using AcetoneISO
AcetoneISO is a GUI (graphical user interface) application built in Qt4 for mounting and unmounting CD/DVD ISO (NRG, MDF and BIN too) images, but it can also be used to create ISO images.

To install AcetoneISO in Ubuntu you can follow the guide I put up a while ago, here. I will use version 2.0.2 for this example. In newer Ubuntu versions, just type in a terminal:

sudo apt-get install acetoneiso

First, put all the files and folders you want included in the image into a new, empty directory. Next, in the menu go to Conversion -> Generate ISO from folder, select the desired folder and enter the name of the image:


That's it.

4. Create ISO images using command-line
What, you thought I was going to leave CLI behind? Here's (probably) the easiest way to create ISO images using command-line interface.

First, install the tool called genisoimage (if you already have Brasero or K3b installed, this package is probably already installed):

sudo apt-get install genisoimage

Use it like this:

genisoimage -o my_image.iso my_directory

Or:

genisoimage -o my_image.iso file01 file02 file03

The first command will create an ISO image from the contents of folder my_directory (and it will include it as the root directory), while the second one will create an image containing file01, file02, file03 (and no root directory).

For Rock Ridge extensions (which provide permissions and ownership support), use:

genisoimage -o my_image.iso -R my_directory

So, these are the four methods I find most accessible for creating CD/DVD images in Ubuntu. Please share other ways of accomplishing this in the comments below.
REFERENCEShttp://www.ubuntu-unleashed.com/2007/12/have-cd-or-dvd-lying-around-that-you.html
http://tuxarena.blogspot.com/2009/03/4-ways-to-create-cddvd-iso-images-in.html
http://ubuntuforums.org/showthread.php?t=6509

Port forwarding, or tunneling, is a way to forward otherwise insecure TCP traffic through SSH Secure Shell. You can secure for example POP3, SMTP and HTTP connections that would otherwise be insecure.

There are two kinds of port forwarding: local and remote forwarding. They are also called outgoing and incoming tunnels, respectively.
Local port forwarding forwards traffic coming to a local port to a specified remote port. For example, all traffic coming to port 1234 on the client could be forwarded to port 23 on the server (host).
Note: The value of localhost is resolved after the Secure Shell connection has been established – so when defining local forwarding (outgoing tunnels), localhost refers to the server (remote host computer) you have connected to.
Remote port forwarding does the opposite: it forwards traffic coming to a remote port to a specified local port. For example, all traffic coming to port 1234 on the server (host) could be forwarded to port 23 on the client (localhost).
Local port forwarding
Accessing a service (in this example SSH port tcp/22, but it could be anything like a web server on tcp/80) on a machine at work (172.16.10.10) from your machine at home (192.168.10.10), simply by connecting to the server work.example.org at work :
$ ssh user@work.example.org -L 10000:172.16.10.10:22
We see the service is available on the loopback interface only, listening on port tcp/10000 :
$ netstat -tunelp | grep 10000
tcp 0 0 127.0.0.1:10000 0.0.0.0:* LISTEN 1000 71679 12468/ssh
From your home machine, you should be able to connect to the machine at work :
$ ssh root@localhost -p 10000
Local port forward for anyone at home !
If you want other people on your home subnet to be able to reach the machine at work by SSH, add the option -g :
$ ssh user@work.example.org -L 10000:172.16.10.10:22 -g
We now see the service is available on all interfaces on your home computer, available for anyone to connect to on the local subnet :
$ netstat -tunelp | grep 10000

tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 1000 72265 12543/ssh
Anyone on your local subnet should be able to connect to the machine at work by doing this :
$ ssh root@192.168.10.10 -p 10000
Remote port forwarding
Giving access to a service (SSH port tcp/22) on your home machine (192.168.10.10) to people at work
$ ssh user@work.example.org -R 10000:192.168.1.10:22
We see on our server at work (on the loopback interface on port tcp/10000) that we have access to our SSH server at home :
work.example.org$ netstat -tunelp | grep 10000

tcp 0 0 127.0.0.1:10000 0.0.0.0:* LISTEN 0 73719534 3809/1
People logged in on the machine work.example.org now should be able to SSH into your home machine by doing :
work.example.org$ ssh user@localhost -p 10000
Remote port forwarding for anyone at work !
If you want everybody on the subnet at work to be able to SSH into your home machine, there’s no -g option for remote forward, so you need to change the SSH configuration of work.example.org, add to sshd_config :
GatewayPorts yes
Connect just as before :
home$ ssh user@work.example.org -R 10000:192.168.1.10:22
Now, it’s listening on all interfaces on the server at work :
work.example.org$ netstat -tunelp | grep 10000

tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 0 73721060 4426/1
Anyone at work can now connect to your home machine by SSH via the server :
anyone.example.org$ ssh anyone@work.example.org -p 10000
Notes
- You would need to log in as root if you want services to listen on a port < 1024.
- Don’t forget to open necessary ports on any firewall either at home or work.
- Unfortunately you can only forward services running on TCP, but there’s a way to forward UDP through SSH using netcat

REFERENCES
http://www.debianadmin.com/howto-use-ssh-local-and-remote-port-forwarding.html

Bypassing corporate firewall with reverse ssh port forwarding
Probably lots of you are behind some sort of very restrictive corporate firewall. Unable to access your office pc from home because of firewall policies. In normal cases this scenario is more than welcomed. No outsiders should be allowed to access internal parts of secure network! Ideally companies will setup secure VPN access thus allowing its employees to access their work computers and do some work remotely. What if you aren’t one of the lucky ones having such option? You desperately need to access your office pc?

The problem

As shown on the picture above, we have our office PC behind very restrictive corporate firewall connected to Internet. Firewall will not allow any traffic originating from Internet to internal network except previously initiated traffic. Meaning you can contact remote hosts on Internet from your office PC and they can respond, but remote computers can’t initiate connection to your office PC. This is of course huge problem if you have to access your work materials on office PC from your home. Additionally corporate firewall will only allow certain traffic from your office PC to remote hosts. Meaning you can only establish FTP, SSH, HTTP, POP3… communications, all other ports are blocked.
So how can you access your office PC? One way is to setup corporate VPN access allowing secure connections to internal network. Another method is to setup a port forwarding on corporate firewall so it redirects certain ports to your office PC. But if you don’t have the means to accomplish any of this then the only way to do it is to use ssh tunnels and reverse port forwarding.

The solution

So if we can only contact remote hosts on certain ports, the solution would be to contact remote hosts via allowed port and piggyback the connection on already established link.

Something like shown on the picture above. Fortunately we can do this with ssh, all we need to do is met some requirements.
// //

Real life example

I will assume that home PC is connected via dynamically assigned IP address. First thing you will need to make sure you have ssh server installed on your home PC and it should be accessible from Internet. If you have some NAT routers, be sure to forward port 22 to your home PC. Secondly you will need to setup a dyndns account so you can connect to your home PC regardless of IP address changes. Now the goal will be to connect to ssh server on our office PC. so the port in question will be 22 if you wish to forward another port change it in your configuration accordingly.
For the purpose of this example i will name my home PC: bhome.dyndns.com office computer name will be bwork.office.com
bwork computer uses private IP range of 192.168.0.0/24 with address 192.168.0.100
So if the firewall is preventing outside connections to our bwork computer we must initiate connection from it.
We can do this with simple ssh command:

council# ssh -R 2210:localhost:22 user@bhome.dyndns.com(ninja)

So what just happened here?
We are initiating ssh connection “ssh” with reverse port forwarding option “-R” which will then open listening port “2210:” who is going to be forwarded back to localhost’s port “:22″ and all this will happen on remote computer “bhome.dyndns.com”.
This connection represents the green line in the diagram above, and it’s a legit connection as far as corporate firewall is concerned.
So if we now open up a terminal on bhome computer, and type in:
#

ninja#ssh -p 2210 user@localhost

we will try to connect to localhost (bhome.dyndns.com) on port 2210. Since that port is setuped by remote ssh connection it will tunnel the request back via that link to the bwork.office.com computer. This is the red line on the diagram above. Looking from firewall’s perspective it’s a legit traffic, since it is responding traffic on already initiated link from bwork computer.

Real life example 2

What if your home computer is not always on-line? Or perhaps you wish to access your office computer from multiple locations? For this you will have to have some dedicated server or VPS outside the corporate firewall.
So to accomplish this we will use the same command as previously, only this time we will open up a reverse ssh tunnel to remote server or VPS.
For the purpose of this example we will name the server bserver.outside.com with IP 89.xxx.xx.4

ssh -R 2210:localhost:22 bserver.outside.com

again this will open up reverse ssh tunnel to the machine 89.xxx.xx.4 (bserver.outside.com). So when we login to the server and issue the command:

ssh -p 2210 localhost

we will end up with bwork computer’s ssh login prompt.

Can I use this previously established reverse ssh tunnel to the server to directly connect to my office computer?

// //


Of course, but some slight modifications are required.
By default ssh tunnels only bind to local address, and can be accessible only locally. Meaning, in the example above, you can’t just type:

ssh -p 2210 bserver.outside.com

on your home PC and be connected to your office PC
If you run:

netstat -ntl

on bserver you will see that the port 2210 is only listening on 127.0.0.1 IP address. To get it listen on interface connected to Internet we must enable GatewayPorts option in ssh server’s configuration.
By default GatewayPorts are disabled in sshd, we can simply enable them:

nano /etc/ssh/sshd_config

then add:

GatewayPorts clientspecified

save the file and restart sshd:

/etc/init.d/ssh restart

we could have just enable GatewayPorts by typing On instead of clientspecified, that would route any ssh tunnel to network interface. This way we can control which tunnel will be accessible from outside, and on which interface.
So if we initiate reverse ssh tunnel like this:

ssh -R 89.xxx.xx.4:2210:localhost:22 bserver.outside.com

we will have bserver listening on port 2210 on network interface bound to ip 89.xxx.xx.4 and forwarding all traffic via established tunnel to bwork computer. If you omit the 89.xxx.xx.4 address from the command above server will again listen on port 2210 only on local loopback interface. If you have multiple network interfaces on server be sure to select the one you can connect to.
So now when we run:

ssh -p 2210 bserver.outside.com

from our home PC we will initiate ssh connection on port 2210 towards server bserver.outside.com (blue line). Server will then forward that traffic to office PC (red line) via the previously established reverse ssh tunnel (gren line). Of course you will have to open up port 2210 on server’s firewall to be able to connect.
// //

Some more fun with reverse tunnels.

But i have a printer behind that corporate firewall. How can i connect to it? Easy… remember the first example? the command ssh -R is taking 5 arguments of which 4 are mandatory

ssh -R [bind_address:]port:host:hostport

bind_address is the network address on which port will be listening, and forwarded to host (connected to network from which reverse tunnel originated) on hostport.
so if we issue the command like this on our bwork pc:

ssh -R 89.xxx.xx.4:2211:192.168.0.10:631 bserver.outside.com

we will get something like this:
so again we have previously established reverse ssh tunnel listening on port 2210 to channel the ssh connection towards office PC. Now with this new command we established the reverse ssh tunnel (yellow line) towards bserver which will listen for incoming connections on port 2211. When the home pc makes a data connection to port 2211 on bserver (brown line) it is then forwarded to office PC (black line) which is then redirected towards office printer at address 192.168.0.10 on port 631 (violet line). Remember, all this traffic is passing trough corporate firewall as legit traffic, even if the illustration perhaps shows otherwise.

Automating the task

So by now we should have covered the basics on how to bypass corporate firewall in order to get to your office computer and network equipment. Now ssh -R isn’t really practical, it consumes one terminal, and as soon as it shuts down there is no tunnel and no outside connectivity for that matter. The easiest thing to do is putting a cron job that will connect to remote server if the connection fails, office computer reboots etc.
First of all generate ssh keys, and add them to ssh-agent so that script won’t ask you for remote server’s password all the time.
Next we will add two extra parameters to our command -N and -f so that the connection goes into the background.
the command will look like:

ssh -N -f -R [bind_address:]port:host:hostport

next we need a shell script that will be triggered by the cron. For this example we will use the Real life example 2.

#!/bin/sh
COMMAND="ssh -N -f -R 89.xxx.xx.4:2210:localhost:22 bserver.outside.com"
pgrep -f -x "$COMMAND" > /dev/null 2>&1 || $COMMAND

now edit this code so it suits your needs, and save it in your home dir as reverse_ssh_tunnel.sh
Now we need to add a crontab entry which will trigger this script every 5 minutes.

crontab -e

and add:

*/5 * * * * /bin/sh /home/username/reverse_ssh_tunnel.sh

If you are connecting to different user name on remote server you can edit your commands so they look like:
ssh -R [bind_address]:port:host:host_port username@remote_host


REFERENCES
http://rhnotebook.wordpress.com/2010/02/13/reverse-ssh-port-forwarding-t-o-i-c-o-r-g/

It is easy to disable screen saver under X window. But when it comes to text based login or terminal you will not find easy way to disable text based power saving mode (i.e. when your screen goes blank after a few minutes).
So how do I disable the blank screen mode, which activated after a few minutes? Answer is use setterm command.
setterm writes to standard output a character string that will invoke the specified terminal capabilities. Where possible terminfo database (terminfo is a data base describing terminals, used by screen-oriented programs and libraries such as ncurses) is consulted to find the string to use.
By default, the Linux kernel will use screen-save option to disable it you need to type command (it turns off monitor VESA powersaving features):
If it dumps back you with an error that read as follows:

cannot (un)set powersave mode

You need to shutdown X window system and rerun the above command. Better, add following two commands to your ~/.xinitrc file:

 

Other useful options

This command also supports other useful options:
Resets the terminal to its power on state:
Alternatively, initialize terminal:
Turns the terminal's cursor on or off:
Turns automatic line-wrapping on or off (virtual consoles only)
Sets the foreground text color (virtual consoles only):
Sets the background text color (virtual consoles only):
Enables or disables the sending of kernel printk() messages to the console (virtual consoles only). Useful if you get lots message from iptables firewall:
I regularly use these (above) options.

See also:

• Please consult the setterm and terminfo man pages for more information.

==================================================================
This happens when you run xgl on an ATI graphics card. To fix it, you can do this:
Add this section to the file and save it:
If you already have a section called "ServerFlags", just add the four "Option" lines before the "EndSection" line.
Restart the xserver (ctrl-alt-backspace) and the new settings should take effect. 

REFERENCES
http://www.cyberciti.biz/tips/linux-disable-screen-blanking-screen-going-blank.html
http://ubuntuforums.org/showthread.php?p=3997204#post3997204
http://ubuntuforums.org/archive/index.php/t-216747.html