[Snippet] Skipping the WHM Getting Started Wizard
WHM uses the /etc/.whostmgrft file to determine whether the Getting Started Wizard should run. You can touch the file using the following command to stop it appearing
Smarty Security – Stop .tpl access
WHMCS uses the Smarty template engine. Which means your .tpl files are accessible to anyone that knows the path. Quite easy in WHMCS. Whilst not really a major security risk, its bad practise to all these files to be accessed directly.
Add this code into your .htaccess file.
- <Files ~ "\.tpl$">
- Order allow,deny
- Deny from all
- </Files>
New Roll Cage
Out came the dash dodging bolt in to make way for the weld in.
Theres a lot of work before it goes in. Etch primering, painting laquering and a bit of seem welding.
Active Directory DHCP Authorisation Issues
So you just deleted a DHCP server in your Active Directory site and can't authorise a new one? Yeah... Stupid.
A client of mine recently deleted a Windows Server running DHCP and couldn't authorise the new server of the same name.
This is because the client did not Unauthorise the server beforehand. Possibly because the server hardware was dead.
[Snippet] Forcing Replication Between Domain Controllers
...because some people still don't know!
- Open Active Directory Sites and Services.
- In the console tree, expand Sites, and then expand the site to which you want to force replication from the updated server.
- Expand the Servers container to display the list of servers that are currently configured for that site.
- Expand the server objects and click their NTDS Settings objects to display their connection objects in the details pane. Find a server that has a connection object from the server on which you made the updates.
- Click NTDS Settings below the server object. In the details pane, right-click the connection object whose From Server is the domain controller that has the updates that you want to replicate, and then click Replicate Now.
- When the Replicate Now message box appears, review the information, and then click OK.
That is all!
[Snippet] Stupid Simple cPanel Install
Open a clean server,
- cd /home && wget -N http://httpupdate.cpanel.net/latest && sh latest && /usr/local/cpanel/cpkeyclt
Go have your lunch. Maybe lunch +VAT depending on the speed of your server.
cPanel MySQL Tuning
The default configuration for MySQL provided by cPanel is pretty barren. /etc/my.cnf
- [mysqld] skip-innodb
Thats it. One line. Its rubbish.
Here's mine to help you along the way. Its got some decent logging set, some decent cache and memory options for a shared server set and some helpful security settings enabled.
- [mysqld]
- max_connections = 200
- bind-address = 127.0.0.1
-
- safe-show-database
- skip-locking
- skip-innodb
-
- # MySQL 4.x has query caching available.
- # Enable it for vast improvement and it may be all you need to tweak.
- query_cache_type=1
- query_cache_limit=1M
- query_cache_size=32M
-
- interactive_timeout=100
-
- # Reduced wait_timeout to prevent idle clients holding connections.
- wait_timeout=15
- connect_timeout=10
-
- # Checked opened tables and adjusted accordingly after running for a while.
- table_cache=512
-
- # Reduced it to 32 to prevent memory hogging.
- thread_cache=32
-
- # Reduced it by checking current size of *.MYI files.
- key_buffer=128M
-
- thread_concurrency=1
-
- log_error = /var/log/mysql/error.log
-
- # log slow queries is a must.
- log_slow_queries=/var/log/mysqld.slow.log
- long_query_time=2
-
- [mysqldump]
- quick
- max_allowed_packet=16M
-
- [mysql]
- no-auto-rehash
-
- [isamchk]
- key_buffer=64M
- sort_buffer=64M
- read_buffer=16M
- write_buffer=16M
-
- [myisamchk]
- key_buffer=64M
- sort_buffer=64M
- read_buffer=16M
- write_buffer=16M
-
- [mysqlhotcopy]
- interactive-timeout
Extending Advanced Policy Firewall with Brute Force Detection
In my previous article I discussed setting up the Advanced Policy Firewall on your servers. So now your servers are protected - but what happens when you get an attack at a legitimate service? SSH? MySQL? Apache? In a series of articles I'll discuss implementing some best practises to help avoid server nightmares.
Advanced Policy Firewall (for cPanel)
More retro software that has been with us for years - APF - Advanced Policy Firewall. A brilliantly robust and fool proof Linux script that acts as a wrapper for iptables.
Here's how I configure it for all the WHM/cPanel boxes I commission, although you can configure it for non-cPanel servers, just adjust your ports accordingly.
Exchange 2003, 2007 & 2010 Topology discovery failed, error 0x80040a02 (DSC_E_NO_SUITABLE_CDC)
A client has been struggling with Exchange 2003 for some time now and I've got the project to roll out Exchange 2010. The first hurdle I come to is a new incarnation of a pre-existing problem from Exchange 2003 - simply put "Can't find a domain controller". Which means it can't mount the Information Store. Brill.
About Kieran
