CategoryLinux

WordPress hack might affect more than your WordPress installation!

Just a quick note…

If you’re managing WordPress installations, and haven’t heard about the recent WordPress hacks (http://wordpress.org/support/topic/307660) yet you probably just got back from holiday.

There’s plenty of advice on fixing a hacked installation if you follow some of the links in the above post, so I’m not going to recite that here.

However! While cleaning a WordPress installation that resides in a subdirectory of a modx cms I found that the modx index.php files were also infected. I searched for infected files using grep as follows:

grep -R 'function gpc_' *

If you’re on a shared hosting environment that doesn’t allow shell access: time to change your hosting provider. (mail me if you need recommendations)

Update your rails application without downtime

It’s often not possible or wanted to take down your rails application for updates. Even if it is, I still regard downtime as something that should be avoided if possible.

When using the absolutely fantastic HAProxy to load-balance between your mongrels, you can take down a mongrel process without any adverse effects. When a mongrel process is not answering anymore, HAProxy just forwards the request to the next available mongrel and no harm is done.

So all you need is a way to stop and restart each mongrel, one after the other. I cooked up a bash script to do this. It’s not perfect, but I’ve been using it on several projects. The script stops each mongrel, waits until it’s really stopped, then restarts and checks if it’s really running.

Why a bash script ? I wanted to sharpen my (limited) bash scripting skills (so if you have any tips: feel free to comment).

Customize where needed. (properly indented version here)

If you are running monit, remember to ‘unmonitor’ before and ‘monitor’ after.


#!/usr/bin/env bash

#rails project home dir
#!!Change acc to your needs
cd /home/rails/le_test/current

#Ports mongrels are running on
#!!Change acc to your needs
for PORT in 8000 8001 8002
do
#the location of our pid-files
#!!Change acc to your needs
PF=/var/run/mongrel/mongrel.$PORT.pid

#pidfile exists ?
if [ -e $PF ]; then
PR=$(cat $PF)

#process still running ?
if ps $PR > /dev/null 2>&1; then
echo "$PF $PR Running - killing"
kill $PR
while ps $PR > /dev/null 2>&1; do
echo "$PR still running"
sleep 1
done
echo "$PR killed"
else
echo "$PF $PR Not Running - deleting pidfile"
rm -f $PF
fi
else
echo "$PF does not exist"
fi

#check if a command containing $PORT.pid is still running
#in case process is still active but pidfile was not found
if ps ax|grep $PORT.[p]id > /dev/null 2>&1; then
echo "!!! But process containing $PORT.pid running !!!"
echo "!!! NOT auto-restarting, Manual intervention necessary !!!"
else
echo "Restarting port $PORT"
#mongrel start cmd
#!!Change acc to your needs
mongrel_rails start -d -e production -p $PORT -P $PF
sleep 1
#check if process is actually running now (could also be done by pidfile based check)
while ! ps ax|grep $PORT.[p]id > /dev/null 2>&1; do
echo "Not Running"
done
fi

done

This should work with other load-balancers too, but since HAProxy had all features I expected to find and is very resource friendly and has a tiny footprint (and irons a shirt in 2 mins), I didn’t look any further (after looking at Pound, which only advantage is that it’s easy to install/configure and cisco css switches which are just a tiny bit expensive for my needs)

Apache – adding local virtual domains

Why ?
Because it’s nicer, handier and sometimes just plain necessary to refer to ‘test-sites’ on your development machine as http://project instead of http://localhost/project. (first time I needed it was when breaking my head over mod_rewrite)

I’m still running a Fedore Core 3 Linux installation here, but I guess this will be the same on 90% of standard Linux installations.

How ?
Add the fake domain to /etc/hosts, so your computer knows the ip addres (=local) and doesn’t need to query dns (which won’t work).
Also change apache httpd.conf to add the domain and the corresponding ‘root path’.

Add the domain to /etc/hosts
Add the domain to your /etc/hosts file, either as a new domain pointing to your local ip (127.0.0.1), or as an alias to your machine’s entry that’s already in there. Look for the following line (there’s probably only one in there):

127.0.0.1 localhost.localdomain localhost

Now add your ‘test’ domain, let’s call this one ‘project’:

127.0.0.1 localhost.localdomain localhost project

Now ‘ping project’ and you’ll see the ping going to 127.0.0.1. NO REBOOT NEEDED (only a save ofcourse), this isn’t windows!

Change Apache httpd.conf
Next, we need to add the virtual domain to apache’s config file, which is located at /etc/httpd/conf/httpd.conf (on FC3, otherwise ‘find’ it). At the end of httpd.conf, add the following (let’s pretend the root of our domain is located at /var/www/html/project on the filesystem):

<virtualhost *:80>
DocumentRoot /var/www/html/project
ServerName project
</virtualhost>

Use ‘service httpd restart’ to restart Apache with the new config. (if this doesn’t work, try ‘httpd -k restart’)
Open a browser, surf to’ http://project’ => bingo!

Running Windows ?
I haven’t tested this, but I guess instead of adding your domain to /etc/hosts, you’ll need to find a file called ‘lmhosts’ (no extension!) and add your domain pointing to 127.0.0.1 there. I *think* the apache httpd.conf modification will be the same.

installing fxruby on ubuntu

Did you get the following error on your ubuntu 5.10 when installing fxruby (or probably any other gem) via rubygems:

Building native extensions. This could take a while...
extconf.rb:4:in `require': no such file to load -- mkmf (LoadError)
from extconf.rb:4

then you probably need to install the ruby1.8-dev package.

Email attachments with mutt

Might come in handy when you need to send an attachment from within a shell script

echo text for body of message|mutt -a attachment_filename.zip -s "subject" [email protected]

Installing scons on Fedora Core 3

I downloaded the rpm scons-0.96.1-2.1.fc3.rf.noarch.rpm from http://dag.wieers.com/packages/scons/

If scons (I needed it for the kdissert mind mapping tool), gives the following error:

Checking for uic : uic was not found - set QTDIR put it in your PATH ?


You probably need to install the Qt gui toolkit headers with ‘yum install qt-devel’

If you get:

Checking for the kde includes : The kde includes were NOT found

You need a ‘yum install kdebase-devel’ (or at least something else this is dependent on)

Hope this help someone some minutes googling or maybe prevents some hairpulling. In any case, kdissert is a nice tool though. I was just evaluating a commercial mindmapper on windows (Visual Mind) when it caught my eye. It’s got basically the same features so I guess I can stop evaluating it. I must admit Visual Mind looks real nice, but my wallet can’t see the difference.

I just wonder… why is it you can’t have 2 branches arrive at the same node… say, you’ve got 2 possible paths giving the same result and you haven’t made up your mind yet about which one you’ll be using. This doesn’t seem to be possible in either kdissert or Visual Mind.

Problem booting copied Fedora partition with Grub

Situation:
After copying a Fedora Core 3 partition to a new harddrive (using Knoppix) I was at first unable to boot the new partition (using Grub).
I got the following error:

switchroot: mount failed: 22
umount /initrd/dev failed: 2
Kernel panic - no syncing: Attemped to kill init!

I vaguely remembered having this situation before, but really couldn’t remember how I dealt with it.
Googling around didn’t really produce much results at first (only more people having the same issue, but no real answers), but I was able to puzzle a solution together.

Problem:
It turned out that both my grub.conf and /etc/fstab files contained a reference to a ‘LABEL’ that seemed to be missing. Relevant entry of grub.conf:

title Fedora Core (2.6.9-1.667)
root (hd0,5)
kernel /boot/vmlinuz-2.6.9-1.667 ro root=LABEL=/ rhgb quiet
initrd /boot/initrd-2.6.9-1.667.img

entry of fstab:

LABEL=/ / ext3 defaults 1 1

Solution:
For as far as I understand you’d normally put a device here (in my case I would have been able use /dev/hda6 in both files), but the ‘LABEL=/’ here means as much as ‘use the partition with label /’.
Putting a label on a partition is possible using ‘e2label’. I labelled my /dev/hda6 as follows (using Knoppix):

su
mount -o dev,rw /mnt/hda6
(to mount my new partition writable)
e2label /mnt/hda6 /

Apparently it’s also possible to set the partition label/volume name using ‘tune2fs’, but since the above worked for me I didn’t really look into this.