WPScan & Wordfence

Suddenly the entire world is talking about hacking “again”, there is a awesome new serie (mr. robot) and I recently stand corrected on hacker “gear” in sense 8 also a great serie, that is on netflix.  The names where pretty fancy tho, rage master, water witch, switch hooks, CANDYGRAM are not something we regular hear about, but they do exist ! Also the story about the hacking team, is pretty crazy. (good summery about hacking team) Anyway my brain was looking in to security again.

WPScan

Is my WordPress installation save ? Did I use some dangerously outdated plugin ? Is my template safe ? Is something giving away data ? Security is not easy and very time consuming. So I was happy to find that, there is a great tool for these kind of tests, called wpscan (WPScan is a black box WordPress vulnerability scanner). Running it is as easy as -after installation- :

ruby wpscan.rb --url http://my_blog.ext

What is even more fun, you can start a brute force on accounts of the blog! I was surprised to learn that WordPress doesn’t per default include a limitation at the amount of login attempts can be made and as such you have to rely on plugins, as otherwise, this leaves the door open to brute force attacks.

Wordfence

I was checking what kind of security measurements are in WordPress, allot of plugins pop-up when searching for it, however adding more code to a project generally decreases the security and doesn’t make it faster generally. The exception seems to be Wordfence, stating that they make your website up to 50 times faster, and more secure since they limit the amount of logins over time. While that does seem to be to good to be true, the data seems to be there, so Wordfence it is!

 

Useful Linux command : screen

Screen is one of those hidden Linux gems, when working on a remote or unstable connection, screen is the way to go!  It creates a new shell that keeps on running even when you disconnect.

Using screen is as simple as typing screen there are some options, those however, I commonly don’t use, with one exception, the -S parameter, which gives you the option to enter a human readable name for the screen session. Definitely useful for long running jobs you are sure you are going to detach ! Another one is the -r option to reattach again (when your link was down, and you had to reconnect). In the default run-mode there is no log being made of the screen session and the scrolling-back history buffer is rather limited, so when rsyncing for example it might be useful to log the output. This can be done using the -L flag, note that you can set the scrolling-back history buffer (-h int) also, but this is limited anyway, so its better to log the screen. To end, some examples.

# simply start a new screen session
screen

# start a screen session with a name
screen -S my_names

# detach from a screen
ctrl-a ctrl-d

# reattach on a screen
screen -r pid.screen_name
screen -r 14552.rysnc_to_server
screen -r 14809.pts-0.localhost
# screen list 
screen -ls

# when a screen is attached, and you can't enter 
screen -D 14552.attached_screen
# screen with logging
screen -L

# sometimes the screen "locks up" "freezes" you can try 
ctrl-a q
# which is unblocking scroll
example screen -ls

Mount shareable dir to openvz & proxmox

This one is really easy once you know it, so I like to share it with you. I wanted to move a shared directory from our storage server to a container on proxmox; However I don’t want to add ~4TB on data to my regular backup, so I thought a NFS service would be needed; seems its not ! You can simply mount a directory to your -running- container!

mount --bind LOCAL_DIR /var/lib/vz/root/114/INSIDE_CONTAINER

LOCAL_DIR : that’s the directory on the “host” node, for me this was /data/groups
INSIDE_CONTAINER : that’s the directory inside the container starting from / : root so  /var/lib/vz/root/114/media/groups/ inside the container linked to /media/groups

This probably won’t survive a reboot; So I added this to /etc/vz/conf/114.mount

sources :

#!/bin/bash
source /etc/vz/vz.conf
source ${VE_CONFFILE}
mount -n --bind /data/groups ${VE_ROOT}/media/groups

serverfault
bind mounts in openvz man
topic question @ openvz

proxmox : fix updates

I love proxmox, its cool it works and its very user friendly. The only pain point is, they try to sell their  subscription really hard. In such an attempt they even change the default update location to something that will throw an error when not having a subscription!

Err https://enterprise.proxmox.com jessie/pve-enterprise amd64 Packages
  HttpError401
Get:22 https://enterprise.proxmox.com jessie/pve-enterprise Translation-en_US [401 B]
Ign https://enterprise.proxmox.com jessie/pve-enterprise Translation-en_US
Get:23 https://enterprise.proxmox.com jessie/pve-enterprise Translation-en [401 B]
Ign https://enterprise.proxmox.com jessie/pve-enterprise Translation-en
Fetched 572 kB in 2s (231 kB/s)
W: Failed to fetch https://enterprise.proxmox.com/debian/dists/jessie/pve-enterprise/binary-amd64/Packages  HttpError401

E: Some index files failed to download. They have been ignored, or old ones used instead.

Changing them is easy enough :

nano /etc/apt/sources.list

add

note : this is for wheezy

# pve updates
deb http://download.proxmox.com/debian wheezy pve-no-subscription

For jessie :

deb http://download.proxmox.com/debian jessie pve-no-subscription

Also remove this one :

rm /etc/apt/sources.list.d/pve-enterprise.list

If you now run a  apt-get update && apt-get upgrade no errors should be there !

 

Note : There is also a official wiki, where one can see the same changes : proxmox wiki

iconv_strlen(): Wrong charset, conversion from 8bit to UCS-4LE is not allowed

While working with codeigniter & dompdf  I hit upon this crazy error, while generating a pdf:

iconv_strlen(): Wrong charset, conversion from 8bit to UCS-4LE is not allowed

While this looks like a PHP error, it seems its actually missing some library.  Since I work on a Centos 6.5 machine and still wanted a new version of PHP I used webtastic. That is a precompiled yum repo, makes live allot easier. So just install this bad boy, once webtastic is installed :

yum install php55w-mbstring

Restart your httpd service and voila, problem solved!

Based on this post I believe in debian php-mbstring is installed per default;

 

 

crouton add-apt-repository command not found

While working with my crouton/chromebook/toshiba cb30-102(dutch), I hit upon a weird one. While try’ing to install a PPA. I got this error :

sudo: add-apt-repository: command not found

Since my crouton is a default Ubuntu installation (12.04 LTS) with Xfce, I was stunned, since this is a ‘default’ command, but seemingly they install a minimal image, and this doesn’t include all packets. So the fix is easy as pie :

sudo apt-get install python-software-properties

Note for newer versions (12.10+) this might be the package name :

sudo apt-get install software-properties-common

source

putty inside notepad++

I’m a huge fan of notepad++ , while I would love to see a Linux version, for now its only limited to Windows and wine installations. Since I work with Linux pretty much all day and use my local machine as a thin client (hp elitebook 8530p). Its super useful to be able to run putty from inside notepad++. While I found a way a while ago, I still am not very happy with the result, even so that I dropped it again and when to the two windows again. However, I still like to share the way I have found before.

 

  1. Install a plugin that runs commands NppExec or NppConsole
  2. download plink
  3. download ansicon (or anything else that can “translate” linux output to windows)
  4. move these executable to somewhere where the PATH variable goes looking, or add the location to the PATH variable . (tutorial)
  5. Restart np++
  6. run the command (F6) ansicon.exe -p plink.exe -ssh user@location
  7. buy me a beer.

 

curses.h: No such file or directory

While installing the latest samtools, there was a “missing” library called curses this is needed for the command line visualization tview (text view) of samtools. Although there is a build-in option to not use this library. Its an easy fix :  (centos 6.6)

yum install ncurses-devel ncurses

for debian distro’s this should work :

apt-get install libncurses5-dev libncursesw5-dev

tview, an example of samtools
tview, an example app of samtools

// update 22/01/2016

Similar issue on Centos 6 while installing Firebird. I had to install the static libs.

[root@gringott ]# yum search ncurses
ncurses.x86_64 : Ncurses support utilities
ncurses-devel.i686 : Development files for the ncurses library
ncurses-devel.x86_64 : Development files for the ncurses library
ncurses-libs.i686 : Ncurses libraries
ncurses-libs.x86_64 : Ncurses libraries
ncurses-static.x86_64 : Static libraries for the ncurses library
ncurses-base.x86_64 : Descriptions of common terminals
ncurses-term.x86_64 : Terminal descriptions

A catch ‘m all for me :

yum install ncurses-static.x86_64 ncurses-libs.x86_64 ncurses-libs.i686 ncurses-devel.x86_64 ncurses-devel.i686