Computers & Internet - Security & System Administration Blogs on Artician

Artician > DeviantART by Bennyd2514

Fri, 3 Jul 2009 17:54:03 EST

Hiya,

Well, I had to totally wipe my computer and reinstall the OS from the beginning today.

Very bad virus was pretty much into every piece of software I tried to used, stopped me from running certain things, etc.

I didn't really have much of a choice!

Ah well, the advantage of reinstalling everything is that my PC now runs the best it has for years.

It's still old though...I should look at getting a new one. If I can ever afford it.

I was going through my old DeviantART stuff today, and decided to shift all the good stuff over.

Looking back on it, I've realized how much my skill has improved over since I first started taking photos.

I always like simple pictures, ones that were very straight-forward, and and I enjoyed taking photos of faces and manipulating eyes.

When I can afford to fix my camera, I'm definitely going to do a lot more photography work.

Plesk and the vhost.conf file! by planck

Wed, 13 May 2009 20:55:44 EST

Soyoure running Plesk?

Good for you!

Plesk automatically updates httpd.include for each domain, making changes to this file only temporary. You dont want to use this file if you need to make changes to Apaches config on the fly, such as phps open_basedir values per domain.

Instead you will want to use a vhost.conf file. This file will be placed inside your domains conf directory, usually found at

/var/www/vhosts/mysite.com/conf

.

Create a file called vhost.conf in whatever editor you prefer.

Note: If you have a site that has an SSL and you need to have access to directories outside the httpsdocs directory you will need to do the same thing but instead of vhost.conf its vhost_ssl.conf

You can now put in any Apache configuration options like you would into httpd.include.

Now if youve been using Plesk for a bit you know that sites are generally kept under the httpdocs directory.

But lets say youre installing some online softwarelike Sugar CRM, Joomla or ELGG.

These packages need access to directories outside of the httpdocs directory.

To solve this issue properly in Plesk - youre supposed to create a vhost.conf file in the conf directory under your site.

Lets say you did this:

cd /var/www/vhosts/mysite.com

mkdir data

chown myusersaserv data

In the site directory you could add the following:

<Directory /var/www/vhosts/mysite.com/httpdocs/>

php_admin_value open_basedir "/var/www/vhosts/mysite.com/httpdocs:/tmp:/var/www/vhosts/mysite.com/data"

</Directory>

Then you would need to force an update in Plesk for this domain using the following command:

/usr/local/psa/admin/sbin/websrvmng -u --vhost-name=mysite.com

After running that there is no need to restart Apache or any other service. Your changes should have taken effect already.

X-Cart Security Issue by planck

Wed, 13 May 2009 20:44:48 EST

UghI hate security holes.

Got notified of one for X-Cart...had to fix it:

During internal security audit a critical security issue has been detected in X-Cart. The issue makes the software vulnerable to attackers who wish to gain access to the server file system. The solution is to remove an affected file.

SEVERITY

Critical

IMPACT

A malicious user can execute his own shell commands and, as a result, gain access to the server file system.

AFFECTED VERSIONS

X-Cart versions from 4.1.0 to 4.1.11. All X-Cart customers who are using these versions are encouraged to apply the fix described below.

SOLUTION

Delete the <xcart_dir>/payment/cc_basia.php file.

This file refers to an outdated integration of Bank of Asia payment gateway, so its deletion will not cause any problems and will not affect your stores.

The <xcart_dir> text means the server directory in which your X-Cart is installed.

You can delete this file using FTP, SSH or the hosting control panel file manager.

Now THATS a good time.

Heres how I dealt with that:

Linux command:

locate "/payment/cc_basia.php" > BadFiles

Then I created a script:

#!/bin/sh

echo "enter file name"

read fname exec<$fname

while read line

do

echo "rm $";

rm $

done

Then ran the following commands:

sh DeleteFiles.sh

enter file name

BadFiles

Bad files are gone!

Woo - done in less than a minute. *blows smoke off fingers*

I did it my way personal computer security/admin by inception8

Tue, 1 Apr 2008 14:01:58 EST

Some programs I have found to be helpful or at least I have come to think of as being pretty damn good, for me at least.

Comodo Firewall Pro - they say this one is probably the best of the free ones. I went with the reviews. For all that's involved in the program I'd say yes. It certainly beats the free version of Zone Alarm.

Avira AntiVir Personal Edtion Classic - I like this program. I've been using it for some time.

Spybot - good proggie. Like the immunize part.

Spyware Terminator - I like the real time shield in this program that's damn handy. Although I don't do as much 'surfing the web' as I use to back in the day I'd say this program will save people on numerous occassions as it has done for me. This and Spybot is a good combo.

Advanced Windows Care V2 Personal - it's a good little utility program I found on CNET/Download. Spyware Removal/Security Defense/Registry Fix/System optimization/Startup manage/Privacy Sweep/Junk Files Cleanup.

SpeedUpMyPC 3 - an interesting program. Don't really know how much good it actually does. (this program isn't free though it'll only scan, you have to buy, or not)

Auslogics Disk Defrag - although I do have my hard drives formated for NTFS and as they say (I'm not certified in the tech fields just a fairly well informed user, or somewhere there abouts, everyone should be) there isn't a whole lot of fragging going on. This little program was pretty fast for a defrag. It would certainly have taken a great deal longer if I left it up to Microsoft's built in one, that's for certain. Fragmentation was of course very little but I did it anyway just for the hell of it.

Overall I dig these. Seems fine to me. Everyone else probably has there own little setup that's better or somewhere close.