Hello System Admin | Where system admins share technical article and tips | Create free Blog | Updates on domains, web hosting, servers and more

create free blogs for system admins

Create yourown blogs . Share your knowledge with others , create your own signature in the web.
You can also upload photos , videos and much more. We also provide sigmple Adsense integration plugin and using this you can add your Google adsense code in your blogs .
Create Your Blogs : http://hellosystemadmin.com/login/
Customise your Blogs : http://hellosystemadmin.com/support/docs/

Install SVN server , create respository and users

Easiest way to install SVN Server

Install Apache and IIS on Windws server

You can install both apache and IIS on same port if the system has two IP address. You may install IIS and apache server in normal way. IF IIS is started prior to Apache, IIS will take all the IP address and apache cannot start on the same port. Do fix this, we need to [...]

Install Apache, Mysql, PHP in Linux Server

Installing Apache

[root@server ~]# wget http://opensource.become.com/apache/httpd/apache_1.3.41.tar.gz

SQL Server Injection

February 3rd, 2010

Aneesh

SQL Server Injection

This is a small notes about SQL Injection ( Microsoft SQL Server)

How does SQL injection work?

Formatted SQL queries are passed through text boxes (Login pages, search pages etc). These queries are executed by the sql server. Consider an example of a login page which has two text boxes one for Username and another for password

Now, if the program is not well created a hacker (or a person who knows SQL commands) can pass any sql query to through these text boxes. And that will be executed by the sql server. SQL server does not know where the query comes. For example , a person can pass a query to drop a table through this text box.

How to find SQL Injection?

If you doubt that there something wrong in the database (may be tables altered, data dropped , even database dropped without your permission) you should immediately start SQL server Profiler to monitor the SQl commands. The sql profiler will show all queries that the sql server executes. Now you can see that there may be alter or drop commands appearing in the profiler. When you find it, check the details of that and you can understand that which user executes these commands. I assume that sql server does not allow remote connections. If you allow remote connections, any user who knows the username and password can directly do anything on the database

Following is a case of sql injection

Suppose there is table called ‘City ‘and there is a query to select a user from the city. Let us take a small search page which fill find a user from the table called ‘usrs’. There will be a text box to enter the name of the person that we need to search. Suppose the name of the person is ‘Aneesh’. Now when the user types ‘Aneesh’ and hit on the ‘Search’ button the SQL query will be executed ask follows

SELECT * FROM users WHERE name = 'Aneesh' ;

Now think, the user enters in the seach box as given below

Aneesh; drop table users--

At this time the sql query will be executed as given below

SELECT * FROM users WHERE name = 'Aneesh';drop table OrdersTable--'

Now we know what will do if the above query is executed. It will drop the table ‘users’

How can we Prevent SQL injection?

When a web application is developed make sure that you always use proper validations .I hope this will be the best practice. Also, in our case the login text boxes have no size limit. That means any one can enter long sql queries through these text boxes. So make sure that you set SIZE FOR EACH TEXT BOXES. I login text boxes can be up to 10 and password can be up to 10. It depends upon the nature of the web application. In general for a medium company I don’t think that the user id and password do not need more than 10 characters.

Don’t think that this is only enough, but you can do this in your programs. I experienced and I have taken these measures to prevent it. Following are few cases of sql injection

Install php_mssql on PHP

January 20th, 2010

Aneesh

In fact installing the mssql modules in php is easy, we may get errors sometimes. In phpinfo() it may be shown that the php mssql module is installed. But when we tried to connect to an SQL server through php script we will get error ” sorry something went wrong”

IF we need to install php mssql module it requires two DLLs php_mssql.dll and ntwdblib.dll. If these DLLs are not present in your php installation folder you need to download it. Copy these DLLs to php extension folder also copy ntwdblib.dll to system32 folder . Once you have done these, simply enable the module in php.ini file by uncommenting the line ;extension=php_mssql.dll. The line should be looked like

extension=php_mssql.dll

If there is no such line in php.ini, just add the above line just below the ” Dynamic Extensions ”

Once you did it, just restart apache server and it will be fine.

Common Error: the module mssql is shown in phpinfo, but mssql connections are not working

Solution : This is due to the version of ntwdblib.dll. You can download the latest version of this dll

(http://www.dlldll.com/ntwdblib.dll_download.html)

Configure IIS FTP with User quota

January 7th, 2010

Aneesh

Why do you buy FTP software by paying much money when windows itself provides it . FTP service can be installed in windows IIS and you can create as many virtual directories as you need. You can also set quota for each users by windos’ default quota management. You dont want to run behind any third party FTP server software. I am going to demonstrate how to install IIS FTP service on a windows 2003 server with disk quota for the user. You can set the disk quota in terms of Kilobyte (KB) , Megabyte (MB), Gigabyte (GB), Terabyte (TB) and Exabyte (EB) . In the following example I am going to create a virtual directory for the user ‘test’ with 1 GB disk quota .

Step1 : Create a user ‘test’ on windows

Step2 : Install IIS FTP service

Step3 : create a virtual directory under the default FTP and name it as ‘test’ and point to a location , say c:\inetpub\wwwroot\test . Give write permission for the user ‘test ‘

Step4 : Take Properties of ‘C’ Drive and go to ‘Quota’ as mentioned in the following figure

Step5 : Click on ‘Quota Entries’ . Got o ‘Quota menu and click on ‘New Quota Entry’ and input the Quota limit

create free blogs for system admins

January 4th, 2010

Aneesh

Create yourown blogs . Share your knowledge with others , create your own signature in the web.

You can also upload photos , videos and much more. We also provide sigmple Adsense integration plugin and using this you can add your Google adsense code in your blogs .

Create Your Blogs : http://hellosystemadmin.com/login/

Customise your Blogs : http://hellosystemadmin.com/support/docs/

Mysql takes 100 % CPU

December 29th, 2009

Aneesh

I have seen that when executing a mysql query the cpu usage becomes 100 % and it takes a long time to execute the query. I have executed the same query thorugh phpmyadmin and that time also it took a long time to execute also mysql consumes 100 % cpu . I have done some change to my.cnf file and restarted mysql and the problem wentaway. You can also adjust your my.cnf values as follows.

[mysqld]
max_allowed_packet = 128M
sort_buffer_size = 512M
max_connections=500
query_cache_size = 512M
query_cache_limit = 512M
query-cache-type = 2
table_cache = 80
thread_cache_size=8
key_buffer_size = 512M
read_buffer_size=64M
read_rnd_buffer_size=64M
myisam_sort_buffer_size=64M
innodb_flush_log_at_trx_commit=2
innodb_buffer_pool_size=700M
innodb_additional_mem_pool_size=20M

Once you made the changes in my.cnf do not forget to restart mysql server. Mysql can be restarted in any of the following methods

If you have installed mysql using RPM you can restart mysql using one of the following commands

service mysqld restart OR /etc/init.d/mysqld restart

If you have installed mysql from source files you can shutdown mysql and start it as follows

Stop Mysql : mysqladmin -uroot -p shutdown

Start msyql : /usr/local/mysql/bin/mysqld_safe –user=mysql & (assume mysql is installed at /usr/local/mysql)

Recent Posts
Categories
- Cracking (2)
- Default (2)
- Featured (4)
- Job (1)
- Linux (16)
  - Apache (6)
    - htaccess (2)
      - System Admin (1)
    - Perl (1)
  - Commands (3)
  - crontab (1)
  - IPtables (2)
  - Mysql (3)
  - PHP (6)
    - FFMPEG (1)
- SSL Certificate (3)
- SVN (1)
- Virus (0)
  - Trojan (0)
- Web Server Security (1)
- Windows (5)
  - Apache on windows (1)
  - IIS (1)
    - IIS FTP (1)
  - MS SQL Server (1)
Archives
Calendar

September 2010

M T W T F S S

« Jul

1 2 3 4 5

6 7 8 9 10 11 12

13 14 15 16 17 18 19

20 21 22 23 24 25 26

27 28 29 30
Blogroll
- Login
Recent Comments
- Garfield Guillette: Tired of getting low amounts of useless visitors t... »
- Zach: yes~~~~ I have the same problem!!! it's driving me... »
- Beta: Nice VPS... »
- Riyesh: Ee job eniku tharooo.. hi hi... »
- Shera Mobley: I really like your post. Always been very informat... »

September 2010
M	T	W	T	F	S	S
« Jul
	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30

Fatal error: Call to undefined function wp_list_addonn() in /home/sites/customers/aneesh/systemadmin/blog/wp-content/themes/Grante/sidebar.php on line 106

create free blogs for system admins

Install SVN server , create respository and users

Install Apache and IIS on Windws server

Install Apache, Mysql, PHP in Linux Server

SQL Server Injection

Install php_mssql on PHP

Configure IIS FTP with User quota

create free blogs for system admins

Mysql takes 100 % CPU

Recent Posts

Categories

Archives

Calendar

Blogroll

Recent Comments