Hello System Admin | Where system admins share technical article and tips | Create free Blog | Updates on domains, web hosting, servers and more

create free blogs for system admins

Create yourown blogs . Share your knowledge with others , create your own signature in the web.
You can also upload photos , videos and much more. We also provide sigmple Adsense integration plugin and using this you can add your Google adsense code in your blogs .
Create Your Blogs : http://hellosystemadmin.com/login/
Customise your Blogs : http://hellosystemadmin.com/support/docs/

Install SVN server , create respository and users

Easiest way to install SVN Server

Install Apache and IIS on Windws server

You can install both apache and IIS on same port if the system has two IP address. You may install IIS and apache server in normal way. IF IIS is started prior to Apache, IIS will take all the IP address and apache cannot start on the same port. Do fix this, we need to [...]

Install Apache, Mysql, PHP in Linux Server

Installing Apache

[root@server ~]# wget http://opensource.become.com/apache/httpd/apache_1.3.41.tar.gz

“HEY TO GET FREE CELLPHONE RECHARGE SEEE MY PROFILE”

February 26th, 2010

Aneesh

Orkut account hacking again !! Beware of it. DO NOT COPY AND PASTE ANY JAVASCRIPT IN TO YOUR ORKUT ADDRESS BAR

You may get message or scraps from your very close friend which says that “HEY TO GET FREE CELLPHONE RECHARGE SEEE MY PROFILE”. When you click on that link it will take you to the profile of your friend where you can find a java script and you will be asked to copy and paste the java-script in to your orkut address bar. If you do that Your account is hacked and your profile will be acted as a marketing tool where the hacker will get your friends list and they will scrap to all and repeat the same

So Beware of it…Orkut account hacking again !! Beware of it. DO NOT COPY AND PASTE ANY JAVASCRIPT IN TO YOUR ORKUT ADDRESS BAR

httpd asking password when starting apache service

February 15th, 2010

Aneesh

When starting httpd ( apache server ) it may ask a password to load the SSL certificate. And you may receive a message like given below

———————————-

[root@server SSL]# /etc/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: Apache/2.2.11 mod_ssl/2.2.11 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server www.example.com:443 (RSA)
Enter pass phrase:

—————————————-

When apache needs to load the ssl certificate it needs to read the private key and the crt file. In some case if you encrypted the private key , in order to read the key file you need to provide the password that you used while created the private key. If you wish to avoid this Pass Phrase Dialog you can decrypt the Key file in the following way.

PLEASE KEEP A COPY OF ORIGINAL KEY FILE

cp www.example.com.key www.example.com.key.BAK
openssl rsa -in www.example.com.key -out www.example.com.key

Now start apache server ( httpd service ) and this time you will not get the Pass Phrase Dialog

How to install Zend frame work on a Linux and test it

February 9th, 2010

Aneesh

Note : This guide is for Admins only , who is going to install Zend for the first time

Here I simply describe about how to install Zend framework and create a sample project

My server is running on Fedora 9, PHP5

Step 1:

Download the Zend framework (MINIMAL PACKAGE). I have downloaded http://downloads.zend.com/framework/1.10.0/ZendFramework-1.10.0-minimal.tar.gz

Step2: Extract the package

Step3: Create Sample Project using Zend

Go to the any web directory say, /var/www/html/test

Now call the zf.sh file in the bin folder of zend framework to create new project

In my case I extracted the zend framework in /var/ww/html/zend-framework

So I called the zf.sh file as follows

/var/www/html/zend-framework/bin/zf.sh create project zendtest

Now a project called called “ zendtest “ has been created in the current directory. This project will have four Sub folders.

Now we need to include the Libraries in the zend framework in our new project. To do that, just copy the folder called Zend from the library folder of our zend framework. (in my case I copied /var/ww/html/zend-framework/library/Zend ).

That’s all, we have created a sample project in Zend framework. We can test it using browsing the Public folder in the new project

http://localhost/ test/zendtest/public/

SQL Server Injection

February 3rd, 2010

Aneesh

SQL Server Injection

This is a small notes about SQL Injection ( Microsoft SQL Server)

How does SQL injection work?

Formatted SQL queries are passed through text boxes (Login pages, search pages etc). These queries are executed by the sql server. Consider an example of a login page which has two text boxes one for Username and another for password

Now, if the program is not well created a hacker (or a person who knows SQL commands) can pass any sql query to through these text boxes. And that will be executed by the sql server. SQL server does not know where the query comes. For example , a person can pass a query to drop a table through this text box.

How to find SQL Injection?

If you doubt that there something wrong in the database (may be tables altered, data dropped , even database dropped without your permission) you should immediately start SQL server Profiler to monitor the SQl commands. The sql profiler will show all queries that the sql server executes. Now you can see that there may be alter or drop commands appearing in the profiler. When you find it, check the details of that and you can understand that which user executes these commands. I assume that sql server does not allow remote connections. If you allow remote connections, any user who knows the username and password can directly do anything on the database

Following is a case of sql injection

Suppose there is table called ‘City ‘and there is a query to select a user from the city. Let us take a small search page which fill find a user from the table called ‘usrs’. There will be a text box to enter the name of the person that we need to search. Suppose the name of the person is ‘Aneesh’. Now when the user types ‘Aneesh’ and hit on the ‘Search’ button the SQL query will be executed ask follows

SELECT * FROM users WHERE name = 'Aneesh' ;

Now think, the user enters in the seach box as given below

Aneesh; drop table users--

At this time the sql query will be executed as given below

SELECT * FROM users WHERE name = 'Aneesh';drop table OrdersTable--'

Now we know what will do if the above query is executed. It will drop the table ‘users’

How can we Prevent SQL injection?

When a web application is developed make sure that you always use proper validations .I hope this will be the best practice. Also, in our case the login text boxes have no size limit. That means any one can enter long sql queries through these text boxes. So make sure that you set SIZE FOR EACH TEXT BOXES. I login text boxes can be up to 10 and password can be up to 10. It depends upon the nature of the web application. In general for a medium company I don’t think that the user id and password do not need more than 10 characters.

Don’t think that this is only enough, but you can do this in your programs. I experienced and I have taken these measures to prevent it. Following are few cases of sql injection

Install php_mssql on PHP

January 20th, 2010

Aneesh

In fact installing the mssql modules in php is easy, we may get errors sometimes. In phpinfo() it may be shown that the php mssql module is installed. But when we tried to connect to an SQL server through php script we will get error ” sorry something went wrong”

IF we need to install php mssql module it requires two DLLs php_mssql.dll and ntwdblib.dll. If these DLLs are not present in your php installation folder you need to download it. Copy these DLLs to php extension folder also copy ntwdblib.dll to system32 folder . Once you have done these, simply enable the module in php.ini file by uncommenting the line ;extension=php_mssql.dll. The line should be looked like

extension=php_mssql.dll

If there is no such line in php.ini, just add the above line just below the ” Dynamic Extensions ”

Once you did it, just restart apache server and it will be fine.

Common Error: the module mssql is shown in phpinfo, but mssql connections are not working

Solution : This is due to the version of ntwdblib.dll. You can download the latest version of this dll

(http://www.dlldll.com/ntwdblib.dll_download.html)

Recent Posts
Categories
- Default (1)
- Featured (4)
- Hacking (1)
- Linux (11)
  - Apache (3)
    - htaccess (1)
  - Commands (3)
  - crontab (1)
  - IPtables (2)
  - Mysql (2)
  - PHP (5)
    - FFMPEG (1)
- SSL Certificate (2)
- SVN (1)
- Web Server Security (1)
- Windows (3)
  - Apache on windows (1)
  - IIS (1)
    - IIS FTP (1)
  - MS SQL Server (1)
Archives
Calendar

March 2010

M T W T F S S

« Feb

1 2 3 4 5 6 7

8 9 10 11 12 13 14

15 16 17 18 19 20 21

22 23 24 25 26 27 28

29 30 31
Blogroll
- Login
Recent Comments
- Aneesh: I cannot duplicate it here. Any way please remembe... »
- Sayan Acharjee: No not at all, every step went smothly without any... »
- Aneesh: Is there any error up to 13the steps ?... »
- Sayan Acharjee: I was trying to install ffmpeg-php on Fedora9, I'v... »
- Sathyavrathan PK: Need to check it in my dev server...seems a good s... »

March 2010
M	T	W	T	F	S	S
« Feb
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31

Fatal error: Call to undefined function wp_list_addonn() in /home/sites/customers/aneesh/systemadmin/blog/wp-content/themes/Grante/sidebar.php on line 94

create free blogs for system admins

Install SVN server , create respository and users

Install Apache and IIS on Windws server

Install Apache, Mysql, PHP in Linux Server

“HEY TO GET FREE CELLPHONE RECHARGE SEEE MY PROFILE”

httpd asking password when starting apache service

How to install Zend frame work on a Linux and test it

SQL Server Injection

Install php_mssql on PHP

Recent Posts

Categories

Archives

Calendar

Blogroll

Recent Comments