Delete spam messages from sendmail queue

One website was hacked and was being used to send spam emails. Sendmail was making the server to halt because of high load!

After cleaning up the site and installing a Malware detector (maldet) I had to delete the messages from the sendmail queue so the server didnt kept getting a high load.

I created this simple bash script to work it out. Obviously you need to uncomment the rm command to make it work.

 

#!/bin/bash

ls -1 | while read fn
do
 if grep -E -q "Wrestling|Asian|pharma|sucking|masturbates|bondage|medic|experience|antidote|poison|presence|jerking|blowjob|boobies|mature|teen|loaded|virgin|noblefox.net|dong|hungers|brainwashing|heartfelt|slave|russian|mistress" "$fn"
 then
   if [[ "$fn" != "remove.sh" ]]
   then
     echo "would delete $fn"
     # rm $fn
   fi
 fi
done

Atualizar ICU para o php-intl no CentOS

I chose to install the latest version for CentOS 5 available on http://site.icu-project.org.

make sure we have the developer packages needed for procedure

# yum -y install php-devel php-pear

download and unpackage tar which code for relevant ICU lib version

# mkdir src
# cd src/
# wget http://download.icu-project.org/files/icu4c/58.1/icu4c-58_1-src.tgz
# tar zxf icu4c-58_1-src.tgz

build and install the library into /opt/icu4c-58_1

# cd icu/source/
# ./configure --prefix /opt/icu4c-58_1 && make && make install

build and install the php-intl version
enter /opt/icu4c-58_1 at prompt for ICU library location

# pecl install intl
# ldconfig

add an ini file wity contents: extension=intl.so

# vi /etc/php.d/intl.ini

you can now check to see if it’s loaded

# php -i | grep intl

restart the apache web server and you’re good to go

# service httpd restart

MySQL fails to start

[ERROR] Fatal error: Can't open and lock privilege tables: Table 'host' is marked as crashed and last (automatic?) repair failed

MySQL 4.1.22 não arrancava… a tabela host, db, user estava marcada como danificada.

– Instalar uma versão nova

– na instalação atual renomear os ficheiros das tabelas (ex. host.frm, host.MYD, host.MYI p/ host_.frm, host_.MYD, host_.MYI)

– copiar os ficheiros das tabelas da versão nova para o local da danificada

– iniciar o servidor MySQL

– aceder ao MySQL administrator e reparar as tabelas renomeadas

– desligar o servidor MySQL

– remover as tabelas copiadas

– renomear as tabelas originais para o nome original (ex. host_.frm, host_.MYD, host_.MYI p/ host.frm, host.MYD, host.MYI)

– iniciar o servidor MySQL

– reparar todas as base de dados/tabelas

mysqlcheck -u root -p -o -c --auto-repair --all-databases

 

Eventualmente pode também ser necessário alterar as definições do MySQL (my.ini) para incluir a opção innodb_force_recovery = 1. Mais info aqui: http://dev.mysql.com/doc/refman/4.1/en/forcing-innodb-recovery.html

Bloquear bots no Apache

Code:

#Joomla com_jce exploit
SecRule HTTP_User-Agent "BOT for JCE" "deny,status:500,id:5000218,msg:'Joomla com_jce code exec'"

#Joomla com_jce exploit
SecRule REQUEST_URI "/images/stories/.+\.php" "deny,status:500,id:5000219,msg:'Joomla com_jce code exec'"

The first blocks the user agent. That exploit puts PHP files into site.com/images/stories/something.php if it is successful, so the 2nd rule blocks access to those in case they change user agent.

Even with the .htaccess or this first rule, you should still use the 2nd rule. Changing user agents is very simple.

 

Outra sugestão:

https://github.com/bluedragonz/bad-bot-blocker

Instalar drivers da placa rede Intel X520-T2 no CentOs

O driver para a placa Intel X520-T2 é o ixgbe. Para instalar este driver é necessário ter um CentOs com a kernel 2.6

 

Driver aqui:
http://downloadcenter.intel.com/SearchResult.aspx?lang=eng&ProductFamily=Network+Connectivity&ProductLine=Intel%C2%AE+Server+Adapters&ProductProduct=Intel%C2%AE+Ethernet+Server+Adapter+X520-T2

 

Instruções de instalação:
http://www.intel.com/support/network/adapter/pro100/sb/CS-032530.htm

 

Listar todos os dispositivos PCI:

# lspci
...
0d:00.0 Ethernet controller: Intel Corporation Unknown device 151c (rev 01)
0d:00.1 Ethernet controller: Intel Corporation Unknown device 151c (rev 01)
...

 

Neste exemplo a placa foi reconhecida como Ethernet controller: Intel Corporation Unknown device 151c (rev 01). Isto acontece porque a placa não está na base de dados de pci-id.

/usr/share/hwdata/pci.ids ficheiro com a lista de todos os ID’s conhecidos utilizadas nos dispositivos PCI: ID’s dos fornecedores, dispositivo, subsistemas e classes de dispositivos. Para atualizar esta base de dados basta executar na shell:

# update-pciids

Listar novamente todos os dispositivos PCI:

# lspci
...
0d:00.0 Ethernet controller: Intel Corporation 82599EB 10 Gigabit TN Network Connection (rev 01)
0d:00.1 Ethernet controller: Intel Corporation 82599EB 10 Gigabit TN Network Connection (rev 01)
...

Cheatography

Um site que cataloga cheat sheets.

Fica aqui o registo de algumas sheets que são úteis para mim:

  • http://www.cheatography.com/davechild/cheat-sheets/mod-rewrite/
  • http://www.cheatography.com/davechild/cheat-sheets/php/
  • http://www.cheatography.com/davechild/cheat-sheets/regular-expressions/
  • http://www.cheatography.com/davechild/cheat-sheets/mysql/
  • http://www.cheatography.com/davechild/cheat-sheets/html-character-entities/