I recently ran into this issue on a brand new install of ispconfig. The problem I found was a bad install.What you have to do is copy your config files for proftpd and ispconfigs proftpd config file.

Once copied, yum remove proftpd

After its removed yum install proftpd

replace current config files with the backups.

Restart postfix and you should be live.

I thought why not update the blog as its been some time now. As usual I am developing on the weekend, creating some really cool new stuff, that I can’t talk about. Its the normal deal. But I will say I will finally have something I can talk about coming out this week. When I do, I will post immediately.

Should be an interesting weekend. I have alot of projects that I am wrapping up and spending a lot of time on studying code and business. Of course I am among the many that have to do taxes and I have been working away on them as well.

Posted in RT.

So its 1:26AM and my head wont stop pounding. I took something but what sucks is that now I will probably be up till 3 or 4AM because of the Tylenol. Yet my mind will be awake, my body will want sleep. All because I was writing code. Apparently I was thinking too hard! Arrrh!

Oh well, good news is laptop is setup for more work to be done. I have officially moved in to my new laptop! Which means only one thing, Fast laptop = faster development = Sooner release dates for all our projects. Plus with me sorting thru all my old data, Im much more organized! Much needed cleaning I found out!

Well, thought I would make this quick and random post, since I have nothing else to do. Thanks for reading!

Posted in RT.

After deciding whether I need a desktop or Laptop, and weighting out what makes most sense I decided to buy the ASUS G73JW-A1. I multitask like no other. I needed a machine with serious power and a decent amount of data storage. Plus if need be, I wanted it to be upgradeable. Since I’m always on the go, a desktop wouldn’t cut it. For the reasonable price of 1,799.99 from Micro Center, I went ahead and got one.

WOW! Its fast, with the 8GB of memory I feel like I can never max it out so far. I haven’t put it threw the full ringer just yet. Coming from a AMD fan, Intel knocked it out of the park with the i7 processor. This processor has no problem keeping up with my uncompressing files, editing php files, having 40 tabs open in Firefox, listening to music, and editing video. Yep, it keeps up! My one comment I have to make that I wish I could change is the hard drives. First when you get it, they partition both the drives into two partitions. Not totally sure why they did that. The one thing with the drives is, even though they are 7200RPM with all the other high performance goodies, it feels like the drives are always the one thing I’m waiting on. One thought is adding a SSD drive, and I might do that but Id like to wait till they are further tested. Blueray drive rocks, I have no complaints there.

Taking this apart is amazingly easy for how much stuff is packed inside. Its very well engineered, hands down best laptop I have ever touched in the engineered department. The one thing I can say, ASUS engineers are the gods of laptop cooling! WOW WOW WOW!!! I have never ever had a laptop with even 50% the kind of power and still be this cool. My last HP when idling wasn’t even half as cool as this laptop is when playing Call of Duty! Could all the manufactures design laptop cooling like this?

The design is something that hasn’t been seen before. I like it! I will say I wish it was about 1 inch smaller in width, so it could fit in my old laptop bag. Ill have to find a new bag I guess. The backpack that is given with the laptop is pretty cool but it doesn’t clash well showing up at a corporate meeting with a backpack. Minor issue. Besides all that, the design is a 10 out of 10! Back lit Keyboard, was the best design feature they added. Every laptop should have a back lit keyboard. Must comment, The way the chassis is angled makes it so nice to type on it. With all other laptops it rubs into my arms and feels like its cuts off circulation to my hands. Seriously, another feature that all laptops should have, an angled front lip. Also the material the laptop is made of rocks, doesn’t appear to scratch (Haven’t tried hard to make that happen), doesn’t show finger prints, and just feels good!

This is a double edge sword. Keeping in mind this laptop has a 17.3″ screen, i7 core processor, 8gb of memory, two 500GB 7200PRM HDs, that’s a lot to power. With that said the battery lasts about 50 Minutes on a charge. I really didn’t expect more then an hour myself. Only way to get more time is a bigger battery and I don’t think it would make sense to put in a bigger battery. One, it would make the entire laptop weigh more which I don’t think end users would like. Two, it would be come odd shaped which again end users wouldn’t like. I’m plugged in about 90% of the the time. Occasionally, I’m cordless but 50 minutes should cover me.

Screen & Graphics
Rocks, I have zero issues with it. That is all I can really say. Graphics, WOW! 460 Nvidia packed inside this laptop is impressive. When Playing Call of Duty Black Ops, it plays full 1080, graphics turned all the way up. Its awesome!

Now, I would normally not dedicated a section to the touchpad but this needs mentioning. First off the the touchpad is huge, which rocks! Bad news, some of the software that runs the touchpad doesn’t run properly I believe. Some people have mentioned lag from the touchpad, which I too noticed. Some said to remove the synaptics driver from add/remove programs. Tried that, it stopped the lag but then my mouse didn’t move fast enough. Tired to adjust it but it wasn’t fast enough for me. I decided to reinstall the driver again, worked flawlessly. It brought back the touchpad lag again. This time I decided to go into the synaptics mouse settings and disable things like pinch to zoom, and scrolling on the touch pad. Restarted the computer, and it was fixed. So if your having touchpad lag issues with the ASUS G73JW-A1, then post a comment and Ill email you with the instructions on how I did it. If I get enough requests, Ill post it on the blog here.

Great laptop, My best yet! I’m not a huge gamer but I like it that I can play when I want without any issues. Nice size, comfortable to walk with. Comfortable typing on the couch or on the desk. Its all an all a great laptop for someone that needs a high performance laptop, who could care less about the battery as long as they get at least 30 minutes of battery. All and all, I would recommend anyone who uses there computer all the time and needs performance.

Happy New Year everyone!!! Can’t wait to get 2011 going to start an amazing year! This will be the year we see a lot of great new things. This will be an amazing year, the year to make it all happen!

You can send emails but you cannot receive emails. People that send you email get a message similar to this one:

May 1 03:14:52 mail postfix/smtp[62798]: 23CA4BD6B40: to=, relay=none, delay=0.01, delays=0/0/0/0, dsn=5.4.6, status=bounced (mail for mail.example.com loops back to myself)

Postfix did found a dns reply to your email server, but it hasn’t been configured to deal with address such as root@mail.example.com. In other words, your server is configured to accept user@example.com but not as user@mail.example.com. This is well known config problem with virtual domain. To fix this error either add system FQDN to mydestination or relay_domains. Postfix accepts mail for domain listed in virtual_mailbox_domains, virtual_alias_domains, and domains that resolve to IP addresses listed in inet_interfaces and proxy_interfaces. Update mydestination using postconf or by editing main.cf file:

mydestination = localhost.$mydomain, localhost, mail.example.com

Once you are done:
service postfix reload

If you run ISPConfig, you need to edit the local-host-names file in the postfix folder.

vi /etc/postfix/local-host-names

And add your host name to your server. I.E. I had to add server2039.myhosting.com to it and it fixed it.
Of course don’t forget to reload postfix.

service postfix reload

So on my recent upgrade to 10.10 Meerkat Ubuntu I decided to do a complete reinstall. Maybe I should of reconsidered…. I spent about 2 hours trying to figure out why my machine didn’t see any my partitions. It saw the drive /dev/sda but not the partitions. I wiped out the partitions with gparted, did it with ext4 format and completely empty, both didn’t work. Here is the basic info. Its an older machine, about 4 years I think? Its a simple server for the house. I have many, this one performs a few things.

Here is the specs

AMD 3200 64bit processor


1Gb of memory

Western Digital 80GB SATA drive

Promise SATA controller is in use instead of the VIA option.

Here is the answer to the problem. After searching the forums of Ubuntu, I found it. I want to thank user “Darkod” again for posting it. Basically you need to run two commands from terminal. If your in the install, hit the quit button on the installer. After that it will allow you to use Ubuntu to work like a LiveCD then. From there go to Programs > Accessories > Terminal.

Here are your commands:

sudo dmraid -E -r /dev/sda
sudo apt-get remove dmraid

After you run both commands, close the terminal, click on the Install Ubuntu icon and you should be able to install!

NOTE: After I wrote this I found that it removed my settings in the promise controller causing it not to boot. Simple solution, turn off the promise controller. Turn on the VIA controller and switch the cable around. Ubuntu installed flawlessly. Granted I don’t need a raid setup so this works for me, but it won’t work for everyone.

HTC had pegged “early next year” for the 7 Pro’s launch in Europe, and when you think about it, January is just about as “early” as you can get. O2’s boys and girls in Germany have thrown up a teaser page for the QWERTY-equipped Windows Phone 7 handset, saying it’s expected to be available next month — a promising sign, indeed. Granted, launch dates can always slip, but considering how desperately the world needs some more landscape QWERTY options for WP7.

Currently wrapping up the long awaited website for Smartie Computers and its division sites. Among that I have be working a few new ideas that should be out soon.

Working on a social network site (I know what your thinking, “Another one?” Trust me we need it.) Which should be out this week.

I also have an open source project starting this week that I will be releasing this week under Smartie Development. It will be under the GPL license and posted on Sourceforge.

Last but certainly not least I have started development a few weeks ago on a website for an up and coming entrepreneur! More details on this project and what it consists of in the coming weeks.

Basic reference information on how to setup a remote access to Mysql. This is recommended for advanced users, that have linux knowledge, plus I’m doing this with CentOS so it will be different for the other variations. You would need remote access in some cases for additional servers to access it or remotely administer the Mysql server. In my case I have a completely dedicated Mysql server to help decrease the load on a few of my heavy used websites that have the database on the same server.

Alright so here we go, start the install of Mysql.

yum install mysql mysql-devel mysql-server

Now we run the secure install:


Pretty straight forward, allows you to setup root password, remove test db and remove anonymous access.

After you run that, setup centos to run it at startup.

chkconfig --levels 235 mysqld on
/etc/init.d/mysqld start

Now go in and edit the main config file:

vi /etc/my.cnf

When you get in there we need to add two things:

bind-address= YOUR IP ADDRESS

Simple enough, of course swap out the “YOUR IP ADDRESS” to your Mysql server ip address. Restart the server:

/etc/init.d/mysqld restart

After you restart your Mysql server, now we need to setup your server with an account that has remote access. First login to mysql:

mysql -u root -p

Second, Create a user:

CREATE USER 'yourusername'@'localhost' IDENTIFIED BY 'yourpassword';

Once logged in type in this command below, make sure to change the variables!


After that, run flush privileges:

mysql> flush privileges;

Thats the basics, Highly recommend you look at some methods of security to lock down your server. I take no responsibility if your server gets hacked. If you cant get this to work, post your issue in the comments and Ill see if I can help.

Skipfish is this Google code project created by Michal Zalewski. This prject is a web application security scanner. Its amazing!

Here is there brief overview:

Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.

Talk about easy to use! This program rocks! It has helped so much in my project development making sure that all the apps we produce are secure and safe from the worlds hackers! It is one of my right arms in development there is no doubt. Highly recommend to download and use if your a developer! Here is the link: http://code.google.com/p/skipfish/

Ah the long needed tutorial on how to secure your ispconfig installation. First off the obvious things must be said:

You already have linux knowledge

You have a ISPConfig 2.2.37 installation up and running with all the updates done

You have the EPEL (Extra Packages for Enterprise Linux) repo enabled. If not click here.

Use the most difficult passwords on everything and lock out as many ports as possible. (Really obvious but it must be said, highly recommend password safe to keep track of them all.)

Now that we checked all that, we start with an overview of what you will have done to your server:

mod_security Apache Intrusion Detection And Prevention Engine

ModEvasive (Prevent DDOS attacks)

Harden SSH server

Fix Open DNS Recursion

Install RKhunter

Securing PHP

PortsEntry (tool to detect portscans)

Harden host.conf (against IP spoofing)

One thing I must say is that ISPConfig itself is pretty secure and there shouldn’t be a huge worry about that but what you need to worry about is the applications your hosting and the websites themselves. That is really what this tutorial is for. I needed to know that my server was gonna get knocked out if one of my clients uploads a application that has holes in it. So hopefully this helps someone else too! I also have to mention that I kept the built in firewall. I didn’t think it would be worthwhile to replace it with CSF or some other firewall when the Basetille works really well. (Basetille if you didn’t know is the firewall that ISPConfig uses.)

Step 1. SSH Hardening

The simplest way secure your SSH is to run SSH on the different port other than default port 22. The hardening of SSH can be achieved by the following simple steps:

  • Disable Root Logins
  • Disable password authentication
  • Disable Port 22 and use any other port to run SSH (like Port 1899). Dont forget to block port 22 using firewall.

Before you harden the SSH, first make sure you create a user name and password.

adduser (username)

To set the password for the user

passwd (username)

Once the user has been created and added, edit the ssh configuration file /etc/ssh/sshd_conf
Change the default port 22 to any port number, say 2455 and set the protocol to just Protocol 2 which is a more secure protocol.

vi /etc/ssh/sshd_config

# /etc/ssh/sshd_conf

Port 2199
Protocol 2
#ListenAddress ::

Disable root login
Locate the line # PermitRootLogin yes in the configuration file and change it to no

PermitRootLogin no

Once you save this configuration and restart your SSH you will not be able to login as root and will be able to login only at Port 2129.

/etc/init.d/sshd restart
// to restart the SSH server

Step 2. Disable Telnet & Other Unused Services

You may want to disable services like telnet, finger and other unwanted services running on your server with xinet.

nano /etc/xinetd.d/telnet
// OR
nano /etc/xinetd.d/krb5-telnet

look for lines disable=no and change to disable=yes

chkconfig telnet off

Run grouplist to see what software groups that are installed:

yum grouplist

Remove all groups that are installed EXCEPT “Yum Utilities”

yum groupremove "GroupName"

Lets disable unneeded services:

chkconfig anacron off
chkconfig atd off
chkconfig auditd off
chkconfig cpuspeed off
chkconfig kudzu off
chkconfig netfs off
chkconfig ip6tables off
chkconfig smartd off
chkconfig pcscd off
chkconfig cups off
chkconfig mcstrans off
chkconfig nfslock off
chkconfig rpcgssd off
chkconfig rpcidmapd off
chkconfig portmap off
chkconfig nfs off

Use this command to check what services that are setup to run

chkconfig --list | grep :on

You should have these services running:
anacron, crond, iptables, irqbalance, kudzu, mcstrans, network, readahead_early, restorecond, sshd, syslog, sysstat, yum-updatesd

Install and syncing NTP time service:

yum -y install ntp
chkconfig --levels 235 ntpd on
ntpdate 0.pool.ntp.org
/etc/init.d/ntpd start

make sure to reboot!!!!


Step 3. Hardening PHP for Security

HP is the most popular scripting language for apache and mysql. You will need to disable system level functions in the php configuration file.

vi /etc/php.ini

Look for the lines and make sure you have the lines as below..

disable_functions = exec,system,shell_exec,passthru
register_globals = Off
expose_php = Off
magic_quotes_gpc = On

It is best to keep magic_quotes to on as otherwise you forms using POST may be used for SQL injection attacks.

Step 4. Disable Open DNS Recursion (DNS Server)

If you are running bind DNS server, then you might want to check your dns server statistics with dnstools.com. You dont want to allow recursive lookups to performed on your server other than local IP. It can also slowdown your server.

vi /etc/named.conf

Under Options { place a line

Options {
recursion no;

Then restart the bind

service named restart

You will also need to restrict zone transfers and notifications.

Step 5. Mod_Security, web application protection!

Since the EPEL repo is enabled, your life just got a bit more easier. To install the Mod_security app you only need to do this:
yum install mod_security

Once installed here is some information you will want to know:
mod_security configuration files

1. /etc/httpd/conf.d/mod_security.conf – main configuration file for the mod_security Apache module.
2. /etc/httpd/modsecurity.d/ – all other configuration files for the mod_security Apache.
3. /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf – Configuration contained in this file should be customized for your specific requirements before deployment.
4. /var/log/httpd/modsec_debug.log – Use debug messages for debugging mod_security rules and other problems.
5. /var/log/httpd/modsec_audit.log – All requests that trigger a ModSecurity events (as detected) or a serer error are logged (“RelevantOnly”) are logged into this file.

Open /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf file, enter:
vi /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf

Make sure SecRuleEngine set to “On” to protect webserver for the attacks:
SecRuleEngine On

Turn on other required options and policies as per your requirements. Finally, restart httpd:
service httpd restart

Make sure everything is working:
# tail -f /var/log/httpd/error_log

Sample Output:
[Sat May 09 23:18:31 2009] [notice] caught SIGTERM, shutting down
[Sat May 09 23:18:33 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sat May 09 23:18:34 2009] [notice] ModSecurity for Apache/2.5.9 (http://www.modsecurity.org/) configured.
[Sat May 09 23:18:34 2009] [notice] Original server signature: Apache/2.2.3 (CentOS)
[Sat May 09 23:18:34 2009] [notice] Digest: generating secret for digest authentication ...
[Sat May 09 23:18:34 2009] [notice] Digest: done
[Sat May 09 23:18:35 2009] [notice] Apache/2.2.0 (Fedora) configured -- resuming normal operations

Step 6. Install Mod_Evasive

ModEvasive module for apache offers protection against DDOS (denial of service attacks) in your server.

wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
tar zxf mode_evasive-1.10.1.tar.gz
cd mod_evasive

then run the following command for apache2…

> /usr/sbin/apxs -cia mod_evasive20.c

Once mod evasive is installed, place the following lines in your /etc/httpd/conf/httpd.conf

DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10

Follow the instructions in the README for more tuning of mod_evasive. This will compile, install and activate the module in your server.

Step 7. Install Rkhunter

RkHunter is a rootkit scanner scans for vulnerabilities, insecure files, backdoors in your system and reports it so that you can further harden the server. Installing RkHunter is very easy!

yum install rkhunter

To run checks in your system

rkhunter --checkall
rkhunter -c

You can find what command options are available under rkhunter by issuing this help command

> rkhunter --help

Step 8. PortSentry

Portsentry is a tool to detect port scans and log it. Download the sorce package of portsentry from sourceforge.net

wget http://path/to/portsentry-1.2.tar.gz
tar zxf portsentry-1.2.tar.gz
make linux
make install

To launch portsentry

/usr/local/psionic/portsentry/portsentry -stcp
/usr/local/psionic/portsentry/portsentry -sudp

check the log files /var/log/secure on what portsentry is active or not.

Step 9. Prevent IP Spoofing

IP spoofing is a security exploit and can be prevented from placing nospoof on in host.conf file. Edit the host.conf file and place the following lines. If you run dns bind, give it preference.

order bind,hosts
nospoof on

Step 10. Install LES

Linux Environment Security is intended as a facility to quickly & easily secure RedHat/RPM based environments (i.e: turbo linux, open linux). It does such by enforcing root-only permissions on system binaries (binaries that have no place being executed by normal users), enforcing root-only path traversal on system paths, enforcing immutable bit on essential rpm package contents (i.e: coreutils), and enforcing immutable bit on shell profile scripts.

Downloading, Installing LES

cd /usr/local/src
wget http://www.r-fx.ca/downloads/les-current.tar.gz
tar -zxvf les-current.tar.gz
cd les-0.*
rm -Rf /usr/local/src/les*

View your possible options


If your unsure, run enable all options

/usr/local/sbin/les -ea

-da | --disable-all Disable all options
-ea | --enable-all Enable all options
-sb | --secure-bin Set root only execution of critical binaries
-sp | --secure-path Set root only traversal of critical paths
-sr | --secure-rpmpkg Set immutable on core rpm package binaries
-so | --secure-prof Set immutable on interactive login profiles
-sd | --secure-devel Set access to devel utils for group deva & root

Step 11. Install LSM

A comprehensive alert system, simple program usage & installation make LSM ideal for deployment in any linux environment (geared for web servers). Using a rather simple yet logical structure, LSM identifies changes in both Network Sockets and Unix Domain Sockets. By recording a base set of what sockets should be active then comparing the currently active socket information to that of the base comparison files, we highlight otherwise unknown services.

Downloading, Installing and cleaning up sources of LSM

cd /usr/local/src
wget http://www.rfxn.com/downloads/lsm-current.tar.gz
tar -zxvf lsm-current.tar.gz
cd lsm-0.*
rm -Rf /usr/local/src/lsm-*

Edit LSM config

nano -w /usr/local/lsm/conf.lsm

Change the USER=”root” to your wanted email adress

Generate the comparion files

/usr/local/sbin/lsm -g

Step 12. Install OSSC

OSSEC is an Open Source Host-based intrusion detection system. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, Mac OS, Solaris and Windows. It has a centralized, cross-platform architecture allowing multiple systems to be easily monitored and managed. It was written by Daniel B. Cid and made public in 2004.

This tool will autosense your system, and send you mails when something is strange or really fishy.

It sends you mail from LEVEL 1 to LEVEL 10, so if you get LEVEL 10 mails you need to read them 🙂

Installing OSSEC from Source

cd /usr/local/src
wget http://www.ossec.net/files/ossec-hids-2.4.1.tar.gz
tar -zxf ossec-hids-2.4.1.tar.gz
cd ossec-hids-2.4.1

Now the config, my choices are marked with RED text


Choice 1:
(en/br/cn/de/el/es/fr/it/jp/pl/ru/sr/tr) [en]: <– Enter
Choice 2:
1- What kind of installation do you want (server, agent, local or help)? <– Local
Choice 3:
– Choose where to install the OSSEC HIDS [/var/ossec]: <– Enter
Choice 4:
3.1- Do you want e-mail notification? (y/n) [y]: <– Enter
Choice 4.1:
– What’s your e-mail address? <– Fill in the email you want the alerts to
Choice 4.2: Installer will try to find you smtp server that belongs to your email. Choose NO and use localhost if you have sendmail running on your server.
– Do you want to use it? (y/n) [n]: <– Press Y
Choice 4.3:
– What’s your SMTP server ip/host? <– Choose whats recommended, if it doesnt work, you need to change config later on.
Choice 5:
3.2- Do you want to run the integrity check daemon? (y/n) [y]: <– Enter
Choice 6:
3.3- Do you want to run the rootkit detection engine? (y/n) [y]: <– Enter
Choice 7:
– Do you want to enable active response? (y/n) [y]: <– Press Enter
Choice 8:
– Do you want to enable the firewall-drop response? (y/n) [y]: <– Press Enter
Choice 9: Choose Yes if you want to add more IPs to the whitelist. Else NO to continue
– Do you want to add more IPs to the white list? (y/n)? [y]: <– Press Y, Add your client ip, just in case.

Installer made OSSEC start at boot. For futher settings, edit of the config file.

vi /var/ossec/etc/ossec.conf

And reboot!

Check everything to make sure its all still working! After that you should be good!

I added some of my own thoughts and addtions to this but I learned a lot from these sites:



Thanks again for reading, hope this helped you!

I wholesale mlb jerseys truly can’t wait for the warm summer обновились air to come! I want to take Another the bike out and go Peace out riding something crazy! The only thing I’m dreading about summer time is the datacenter starts using a/c like mad and that means the power after bill goes ait up. We integrated a custom made hot aisle and cold aisle. Although its more of a hot cheap nba jerseys room and cold The room because the back cheap mlb jerseys side of the server racks are completely contained into almost a separate room that heat is then sucked up by the a/c cheap nfl jerseys units and then cooled back down again in the seperate cold room to provide awesome cooling for our servers.

Since we have started capturing the heat its dramatically dropped the amount of cooling needed as well as power of course. Beyond all that Kimberly-Clark server jazz, I wanna be back on wholesale nba jerseys the road with two wheels this summer Paul bad! I love winter in Minnesota but summer time is here… almost!

Posted in RT.