A couple of days ago, I started to notice that there was nothing but gibberish on the homepage of Daily Cup of Tech. I quickly dug into the problem to determine what could be causing the issue. The problem was with compression in the (wonderful) WP-Super-Cache Wordpress plug-in.

Here is how I fixed the problem.

1. I accessed the WP-Super-Cache admin page directly from its URL:
   <blog base URL>/wp-admin/options-general.php?page=wp-super-cache/wp-cache.php
2. I disabled the Super Cache Compression and then updated the settings.

This seems to have resolved the issue but I would really like to run compression as it is a nice feature. Anyone out there had any luck fixing the compression problem?

Trackback link - http://www.dailycupoftech.com/2008/08/19/wordpress-cache-gibberish/trackback/

Since the whole VPS (Virtual Private Server) thing is going so well for me, I thought that I would let my readers know about some of the steps that I took to set it up. In this episode I will be talking about updating the initially installed image and configuring the linux firewall using iptables.

Just as a side note, the VPS that I have is running Ubuntu 8.04 (Hardy Heron) so if you are using a different OS, you make have to do things a bit differently.

Update The Server

For those of you from the Windows world, this may seem to be shockingly easy. First, you need to edit the file which tells the system where to get all of the updates. I like to enable all of the sources, including universe and source code. To do this, you need to edit /etc/apt/sources.list:

sudo nano /etc/apt/sources.list

Remove the # characters in front of all the sources. When I was done, my sources.list file looked like this:

deb http://archive.ubuntu.com/ubuntu/ hardy main restricted universe
deb-src http://archive.ubuntu.com/ubuntu/ hardy main restricted universe

deb http://archive.ubuntu.com/ubuntu/ hardy-updates main restricted universe
deb-src http://archive.ubuntu.com/ubuntu/ hardy-updates main restricted universe

deb http://security.ubuntu.com/ubuntu hardy-security main restricted universe
deb-src http://security.ubuntu.com/ubuntu hardy-security main restricted universe

Now, update Ubuntu by entering these three commands one after another:

sudo aptitude –y update
sudo aptitude –y safe-upgrade
sudo aptitude –y full-upgrade

That’s all there is to it!

Configure iptables

In my opinion, this is the most important thing that you can do because it helps to restrict access to your VPS. The configuration that I am presenting here is just the basics that you should set out and you may want to tighten in down a bit afterward.

Backup

The first thing that you need to do is backup your present iptables rules:

iptables-save > /etc/iptables.up.rules

Create Filter

Next, you are going to want to create your filter. This is a set of rules that tells the firewall what you want to do with data packets that hit your network card.

First, allow all loopback (lo0) traffic and drop all traffic to 127.0.0.0/8 that doesn’t use lo0. This will allow you network services that run on your VPS to talk to other network services on your VPS:

sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT

Next, accepts all established inbound connections. This means that anything that is already connected to your firewall will remain connected, even if there is a change to the rules. This is very handy to prevent you from locking yourself out of your virtual server if you accidentally disable the wrong port:

sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

You want your VPS to be able to talk to anything on the Internet so you need to be enable that access:

sudo iptables -A OUTPUT -j ACCEPT

Since we are building a web server, we need to allows HTTP (port 80) and HTTPS (port 443) connections from anywhere on the Internet:

sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

Linux servers are managed primarily via SSH. So, we need to make sure that we have an SSH port open. I decided to use a non-standard port (port 999) rather than the standard port 22:

sudo iptables -A INPUT -p tcp -m state --state NEW --dport 999 -j ACCEPT

The next line will allow you (and others) to ping your server. There is some debate as to whether or not you should allow pings but, in the end, it is really up to you:

sudo iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

We will be needing to know if there is anyone out there trying to tamper with our server. So, we are going to log iptables denied calls:

sudo iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

Since we have configured all of the ports that we want access to, we will reject all other inbound traffic that is not explicitly allowed by a policy:

sudo iptables -A INPUT -j DROP
sudo iptables -A FORWARD -j DROP

Save Rules

Now that we have created out filter/rules, we need to save it:

sudo iptables-save > /etc/iptables.up.rules

When you are finished, your /etc/iptables.up.rules file should look something like this:

# Generated by iptables-save v1.3.8 on Fri Jul 18 02:03:12 2008
*filter
:INPUT ACCEPT [15:1712]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [15:9376]
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/255.0.0.0 -i ! lo -j REJECT --reject-with icmp-port-unreachable
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 999 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A INPUT -j DROP
-A FORWARD -j DROP
-A OUTPUT -j ACCEPT
COMMIT
# Completed on Fri Jul 18 02:03:12 2008

Configure Network to Load Rules Automatically

We need to make sure that these rules reload automatically whenever we reboot the server. Do this by editting the network interface to load the rules automatically:

sudo nano /etc/network/interfaces

Add pre-up iptables-restore < /etc/iptables.up.rules after iface lo inet loopback and then save the file.

Conclusion

With this short tutorial, we have upgraded and secured out VPS. In part 2, we are going to look at installing and configuring SSH so that we can remotely connect and manage the VPS plus we are going to add some security to our SSH sessions by changing the SSH port to 999 and setting up and using public and private keys with PuTTY in Windows.

Trackback link - http://www.dailycupoftech.com/2008/07/27/vps-setup-part-1-update-ubuntu-and-configure-iptables/trackback/

Well, it took over a year, but we now have definitive proof that the Lost USB Drive application works! When I launched the Lost USB Drive Experiment in early June of last year, I wasn’t really sure what to expect. I had all but forgotten about the experiment.

So, imagine my surprise when I had this in my inbox this morning:

Dale,

I recently took over Costa Coffee Eastleigh and have found your USB Memory stick, I’m not sure how long it has been here but if you would like to pop in and collect it I will put it to one side.

Thanks

Matthew
Store Manager

Costa Coffee
27-29 Market Street
Eastleigh
SO50 5RG

To be honest, I was a little shocked! But, at the same time, this totally made my day! Just goes to prove that there are some honest people out there and that a little ingenuity can go a long way!

If any of you are in the area of Matthew’s store, go in, congratulate him on his honesty and integrity, and buy the biggest, most expensive coffee on the menu! Way to go, Matthew!

Trackback link - http://www.dailycupoftech.com/2008/06/11/long-lost-drive-found/trackback/

Every single IT person will tell you to maintain your Windows security updates. It is critical, we are told, so that we can keep our computers safe. While I don’t completely agree with the statement (I’ve personally experienced an “update” that has completely killed a mission critical server), it is important to be able to update your system with the required patches.

Most people use Windows Update and many IT administrators use Windows Software Update Services (WSUS) to deploy these patches. While both works well, I personally prefer AutoPatcher. And here’s why:

1. It uses way less bandwidth than Windows Update. You download the patches once and you are done. You can now easily deploy all of the update to several computers, even computers without Internet access.
2. AutoPatcher does more than just update Microsoft applications. It is completely customizable and you can use it to install pretty much anything you want.
3. You can deploy AutoPatcher updates over a network without a bunch of registry hacks. Unless you are running Active Directory, you need to perform a number of registry hacks to get WSUS to work.
4. You do not need to install the Windows Genuine Advantage “critical” update in order to install other updates. You can keep your information to yourself.
5. AutoPatcher can be run unattended over a network or from a log-on script.

If you have never used this amazing tool, I would really encourage you to give it a try. It’s freeware so all it will cost you is your time.

Trackback link - http://www.dailycupoftech.com/2008/05/16/why-autopatcher-beats-windows-update-and-wsus/trackback/

It has been long time since I have watched television like “normal” people. Ever since I found bittorrent, there was no turning back!

The problem that I have is that I am a pack rat! Once I download a TV episode, I don’t want to get rid of it. After all, I used up all that bandwidth!

So, I’ve started organizing my television shows into three categories:

1. Downloaded - these are shows that have just completed downloading and are in their original form from the Internet
2. Unsorted - these shows are in in one central location and should be in playable format. These are all my new shows that I probably have not watched yet
3. Sorted - once I have watched a show, the shows get moved into appropriate folders based on series and season name

The issue that I have run into in the past is that once an episode is downloaded, it may not be in playable format since many shows are archived, typically into RAR files. This means that I needed to manually extract these files or move the playable files to the Unsorted folder so that I could watch them.

I finally got fed up with this and I thought that there had to be a better way. It took me a couple of evenings work but I finally came up with a batch files that does the work for me! I simply have Windows programmed to run the batch file on a regular basis and it extracts all of the RAR files to my preferred location and moves all of the AVI files there as well (without copying the samples).

Here is the contents of that batch file:

@echo off
setlocal
cls

rem Set program variables below:
rem sourcedir - where files are saved once they have been downloaded
set sourcedir=C:\Downloaded

rem destinationdir - where you want all of the playable files to be placed
set destinationdir=C:\Unsorted

rem winrarpath - location of the unrar program
set winrarpath=C:\Program Files\WinRAR\

rem filelist - the name of the file which will store all of the RAR and AVI file names that have been processed
set filelist=FoundFiles.txt

rem tempfile - name of the temporary file that will be created and then deleted during the cleanup process
set tempfile=TempFile.txt

set path="%winrarpath%";%path%

echo Extracting new RAR files...
for /R "%sourcedir%" %%R IN (*.rar) DO find /C "%%R" %filelist% > NUL & if errorlevel 1 call unrar e -o- -y "%%R" *.* %destinationdir%\ & echo %%R>>%filelist%

echo Adding sample AVI files to no copy list...
for /R "%sourcedir%" %%R IN (*sample*.avi) DO find /C "%%R" %filelist% > NUL & if errorlevel 1 echo %%R>>%filelist%

echo Moving new AVI files...
for /R "%sourcedir%" %%R IN (*.avi) DO find /C "%%R" %filelist% > NUL & if errorlevel 1 echo Copying %%R... & copy "%%R" %destinationdir%\ & echo %%R>>%filelist%

echo Cleaning up %filelist%...
for /F %%R IN (%filelist%) DO if exist "%%R" echo %%R>>%tempfile%
del %filelist%
rename %tempfile% %filelist%

All you need to do is copy this file and save it as TorMove.cmd.  Then edit the three variables:

• sourcedir
• destinationdir
• winrarpath
• filelist
• tempfile

Only the first three are critical.  You just need to make sure that the last two do not clash with other files.

Also, you do not need to use WinRAR.  If you do not have this program, UnRAR for Windows will work just fine.

Once you have modified your file, save it and then schedule Windows to run it as often as you want!

Trackback link - http://www.dailycupoftech.com/2008/05/14/automatic-torrent-extractormover-script/trackback/