Category Archives: Programming

Installing LAMP (Linux – Apache, MySql, PHP) on Ubuntu 12.04.02

This is one way to install Apache2 webserver, MySql database server, and PHP5 web server support, plus PhpMyAdmin, onto Linux Ubuntu server or Ubuntu desktop v. 12.04.02 distribution.

Credit to Kevin Whitman for his excellent youtube tutorial. http://www.youtube.com/watch?v=MrGD2X-sDQY

And credit Kevin Whitman’s Blog articles: See: Part 2  http://kevinwhitman.com/2011/06/27/set-up-a-sandbox-to-test-php-apps-part-2-install-web-server-php-mysql-and-phpmyadmin/

Note:  For windows remote SSH access to your Ubuntu server, you should download and execute PuTTY or similar SSH client for establishing a terminal interface to the Ubuntu server IP address.  You can find and download PuTTY open source from sourceforge.net here: http://sourceforge.net/projects/putty.mirror/ . This article assumes that Ubuntu server or Desktop version 12.04.02 (32 bit or 64 bit) is already installed as your server.

Installing Apache Webserver on Ubuntu:

root ~> apt-get install apache2 (Enter)
(answer Y(es) to download the installation package and install it.)

Installing MySQL on Ubuntu:

root ~> apt-get install mysql-server
(you should setup a MySQL ‘root’ password when prompted.  Write it down so you won’t forget the password for ‘root.’)

Install PHP on Ubuntu:

apt-get install php5 php5-gd php-pear php5-mysql php5-curl php5-memcache

Y(es) to download etc.

Restart the Apache web server after installing PHP:

root ~> /etc/init.d/apache2 restart (Enter)

Test Your PHP and Apache installation:

Create a php information file called “testinfo.php” to test PHP and Apache.

at the default /var/www/ directory, and the testinfo.php file should have only the following one line of content:

<?php phpinfo() ?>

Create this testinfo.php file using a text editor.  Access it from http://the_server_IP_address/testinfo.php

Install PHPMYADMIN

root~> apt-get install phpmyadmin

select apache

configure the database root password

Copy the phpmyconf file (configuration file) over

ls –s /etc/phpmyadmin/apache.conf /etc/apache2/conf.d/phpmyadmin.conf

Then restart apache web server 

/etc/init.d/apache2 restart

So, now phpmyadmin will come up in the browser http://Server_IP_address/phpmyadmin

Login to phpMyadmin with the username:  root
and the password you established

Cloned Ubuntu 12.04 from defective WD 1TB to new Seagate 1TB using Clonezilla

The brand new Western Digital 1TB drive that I bought had developed a harmonic squeal which began about 2 days after I started installing software on it. It sounded like a high-pitched tuning fork.  Before returning this WD drive to the store for a refund, I would want to clone it sector-by-sector to a new Seagate 1TB drive. I had installed Linux Ubuntu 12.04.02 64-bit O/S on the WD drive and had also installed Zpanel web hosting control panel, with Apache web server, MySQL database server, Roundcube Webmail and Postfix / Dovecot email SMTP, POP3 and IMAP mail protocols. I needed to clone the WD onto the new Seagate replacement drive because I didn’t want to make a fresh install of everything (Ubuntu and the Zpanel package) going onto the new Seagate. So, I looked for a good cloning solution.

EaseUS To Do 3.0 booted nicely from CD, but it reported that it could not clone the entire disk-at-once (going disk-to-disk all in one step) because EaseUS reported that the source drive (WD) was larger than the destination drive (Seagate). The source disk had more than one partition. Instead of trying to clone each disk partition separately from source to target, I decide to look for a better cloning solution than EaseUS.

I downloaded the 64-bit ubuntu-based version of Gparted Live, which I read that I could use to resize the source partitions on the WD drive, and hopefully to make them a little smaller (combined) so that a cloning program might allow me to do disk-to-disk at-once, or at least clone the separate partitions one at a time without exceeding the target Seagate total disk size.

The operating partition on the WD drive was quite empty. Probably only 10 percent of the partition actually contained files. I thought that I could use the Gparted Live CD to shrink the operating partition on the WD, and then try to use Clonezilla cloning software to clone the WD partitions (one at a time) over to the new empty Seagate Drive. Little did I know that the Gparted might not be necessary for my particular job.

When I finished burning the Clonezilla Live AMD-64 (64-bit) ISO onto a blank CD (creating a boot utility CD), I decided to try again cloning disk-to-disk at-once without first using Gparted to shrink the OS partition on the WD source drive. CLONEZILLA WORKED!!! It actually reported that the WD source drive was exactly 1.0 Terabyte in total size and that the Seagate drive was 1.2 Terabytes in total size!!! The source drive was actually larger than the destination drive!!! This meant that there was absolutely no reason to resize and shrink any partitions on the WD source drive. EaseUS was wrong. Maybe the free version of EaseUS that I was using had a 1 TB limit and the new Seagate exceeded that self imposed limit! Who knows? Not sure. But, I love Clonezilla. It actually rebuilt the Grub2 boot loader and re-sized (expanded) the operating partition on the target drive to utilize the extra 0.2 terabytes of space located on the destination Seagate drive.

After cloning, I booted to the Seagate OS and everything works just fine — so far.

Configuring Application Pools for Websites and Applications using Internet Information Services (IIS7) Manager

First, in Windows, click Start, Administrative tools, and Internet Information Services (IIS) Manager.  Then select your server name (the second item in the left column under Start Page).

iismgr01

At this point you should probably create a new application pool separate from the default application pool.  Right click on Application Pools, and select Add Application Pool . . .

iismgr02

Insert a friendly name for this new Application Pool.  Select the version of ASP.net framework that may be required to run the site / application, or select No Managed Code if no .Net framework is required (such as if your website functions on serving PHP pages. Leave Managed pipeline mode as Integrated, check the checkbox to Start Application Pool Immediately, and click OK button.

iismgr04

Right click on the name of the new Application Pool that you just created, and select Advanced Settings.

iismgr03

Click on “ApplicationPoolIdentity” (which is the value across from the Identity field shown below) and then select Network Service from the pop-up box / list that appears.  Click OK twice to confirm this change.

iismgr05

iismgr06

You can apply the new Application Pool to a new or existing website, or to an new “Application” that you create by converting a major sub-directory path of a Website.  To establish an Application and apply the new Application Pool to that new Application, just right click a sub-directory of a website and select “Convert to Application” from the drop-down menu.

iismgr07

Click the select button to change from the DefaultAppPool and select the new AppPool you just created.  Note that the physical path to this sub-directory is already set.  Then, click both OK buttons to apply and exit these property boxes.

iismgr08

Let me know via comment if this works for you, and if you have anything that I should add to or change in this Article. Thank you.

De-obfuscate a backdoor PHP script

See this post:

Versatile Programmer’s Diary

This:  ‘\x63\x72\x65\x61\x74\x65\x5f\x66\x75\x6e\x63\x74\x69\x6f\x6e’ is hex encoded “create_function” string. This is a PHP function that creates a function dynamically from a string.  This is a backdoor.  What can it do, for example?

  • It can upload arbitrary files
  • It can execute mysql queries
  • Its can shell command

Others have detected the following as a Trojan function.

‘function letmein() {die’

Script to find base64_decode in your wordpress files

Has your wordpress website been infected by unwanted base64_decode?  One indication is that when web-surfers find your website by searching in Google, the Google link is blocked from visiting your website (and their free Avast anti-virus probably shows a nasty alert warning when they click your website link from Google).

Here is a tool (a useful script) that can help you identify which files might be infected.  The full article, explanation and script can be found at the following link.  You will find the script both with and without comments.

http://blog.aw-snap.info/p/simple-script-to-find-base64decode-in.html

Just copy and paste the script into a new .php file that you create and place the file in the root directory of your wordpress website.  Install and use an app like Notepad++ to edit and save the new file.

If you only wish to check for the string occurences of ‘base64_decode’ then you can insert leading double forward slash // at the beginning of each line of script “$str_to_find[]” in order to “comment-out” and disable checking for anything else.  For Example:

$str_to_find[]=’base64_decode’;
//     $str_to_find[]=’edoced_46esab’;
//     Comment: Previous line is base64_decode reversed
//     $str_to_find[]=’preg_replace’;
//     $str_to_find[]=’HTTP_REFERER’;
//     $str_to_find[]=’HTTP_USER_AGENT’;

If you wish to better limit your search to identify the string ‘eval (base64_decode’ then you should modify the first variable in the list to instead be this:

$str_to_find[]=’eval (base64_decode’;

If you don’t understand much of this at all, then please hire your friendly neighborhood IT geek and let him or her fix it for you.  Good luck.