Category Archives: Linux
nginx – avoid 501 and 502 nginx errors
This are my settings on /etc/php5/fpm/pool.d/www.conf to avoid 501 and 502 nginx errors… on CentOS 7 location of www.conf is at /etc/php-fpm.d/.
The server has 16Gb RAM. This configuration is for a 8Gb RAM server so…
pm.max_children = 70
pm.start_servers = 20
pm.min_spare_servers = 20
pm.max_spare_servers = 35
pm.max_requests = 500
Sources & more readings
http://myshell.co.uk/blog/2012/07/adjusting-child-processes-for-php-fpm-nginx/
http://jeremymarc.github.io/2013/04/22/nginx-and-php-fpm-for-performance/
modsecurity – MULTIPART_UNMATCHED_BOUNDARY
Forbidden
You don’t have permission to access /phpmyadmin/import.php on this server.
WOW!
PHP Warning: POST Content-Length of 9028812 bytes exceeds the limit of 8388608 bytes in Unknown on line
Looks like modsecurity is working…
ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "MULTIPART_UNMATCHED_BOUNDARY" required. [file "/etc/modsecurity/modsecurity.conf"] [line "80"] [id "200003"] [msg "Multipart parser detected a possible unmatched boundary."]
OK!, lets comment some lines @ modsecurity.conf and then restart apache to solve it…
nano /etc/modsecurity/modsecurity.conf
lets comment the following lines
SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \ "id:'200003',phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'"
and then restart apache
service apache2 restart
Force www on a domain with apache
This is how!
Edit a .conf (in my case I have a redirects.conf) for this kind of redirects….
nano /etc/apache2/sites-enabled/redirects.conf
And add the following lines…
<VirtualHost *:80>
ServerName example.com
Redirect permanent / http://www.example.com/
</VirtualHost>
and naturally restart apache! 😉
service apache2 restart
Enabling cgi-bin on apache
I had to enable CGI on this new recent server
sudo a2enmod cgi
sudo service apache2 restart
Simple!,
But I was getting a error script not found or unable to stat
[Mon Nov 30 18:00:32.380748 2015] [cgi:error] [pid 18799] [client 84.91.XXX.XXX:62545] script not found or unable to stat: /usr/lib/cgi-bin/HiPGZ23est4
I had to edit the .conf file
nano /etc/apache2/sites-enabled/domain.com.conf
and add the following lines
ScriptAlias /cgi-bin/ /path_to_cgi_folder/cgi-bin/ <Directory "/path_to_cgi_folder/cgi-bin/"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory>
and then reload the apache configurations
service apache2 reload
sshd – Did not receive identification string from
fuckz!
Nov 30 06:27:58 ns33XXXXX sshd[16965]: Did not receive identification string from 5.196.20.94 ... Nov 30 06:31:07 ns33XXXXX sshd[17139]: Connection closed by 5.196.20.94 [preauth] ... Nov 30 06:35:09 ns33XXXXX sshd[17313]: Connection closed by 5.196.20.94 [preauth]
So, what does this means?
Some miscreant (surprise!) is hammering at ssh to try to find a username/password combination that gets them into the system. Probably from some botnet doing the same to who knows how many other unsuspecting victims.
Source: http://serverfault.com/questions/483852/sshd-log-full-of-did-not-receive-identification-string-from
This one below means ssh server waited and did not receive what it needed in a timely fashion. This is typically due to connectivity issues. In an ssh connection, the server first provides its identification string, then waits for the client to then provide its identification string. If there is a loss in connection, or the client just bails, this is what you will see in the logs.
If someone uses telnet or netcat to fetch your ssh banner, or other various scans, the logs on the server side will show this as well.
Source: https://scottlinux.com/2012/03/07/troubleshooting-ssh-server-logs-and-error-messages/
So, I went to fail2ban and increased the values!
This is my /var/log/fail2ban.log.
2015-11-30 13:11:24,144 fail2ban.filter : INFO Set maxRetry = 3 2015-11-30 13:11:24,146 fail2ban.filter : INFO Set findtime = 6000 2015-11-30 13:11:24,146 fail2ban.actions: INFO Set banTime = 6000
Fuckers!
Invalid command ‘AuthGroupFile’ and Invalid command ‘RewriteEngine’
Invalid command ‘AuthGroupFile’, perhaps misspelled or defined by a module not included in the server configuration
sudo a2enmod authz_groupfile && sudo service apache2 restart
Invalid command ‘RewriteEngine’, perhaps misspelled or defined by a module not included in the server configuration
sudo a2enmod rewrite && sudo service apache2 restart
Import file size limit in PHPMyAdmin
You need to edit your php.ini and increase the upload_max_filesize and post_max_size limit.
nano /etc/php5/apache2/php.ini
restart apache
service apache2 restart
Microsoft’s Software is Malware
Microsoft Back Doors
- Microsoft Windows has a universal back door through which any change whatsoever can be imposed on the users.More information on when this was used.
In Windows 10, the universal back door is no longer hidden; all “upgrades” will be forcibly and immediately imposed.
- Windows 8 also has a back door for remotely deleting apps.You might well decide to let a security service that you trust remotely deactivate programs that it considers malicious. But there is no excuse for deleting the programs, and you should have the right to decide who (if anyone) to trust in this way.
- Windows 8’s back doors are so gaping that the German government has decided it can’t be trusted.
Microsoft Sabotage
The wrongs in this section are not precisely malware, since they do not involve making the program that runs in a way that hurts the user. But they are a lot like malware, since they are technical Microsoft actions that harm to the users of specific Microsoft software.
- Microsoft is repeatedly nagging many users to install Windows 10.
- Microsoft informs the NSA of bugs in Windows before fixing them.
- Microsoft cut off security fixes for Windows XP, except to some big users that pay exorbitantly.Microsoft is going to cut off support for some Internet Explorer versions in the same way.
A person or company has the right to cease to work on a particular program; the wrong here is Microsoft does this after having made the users dependent on Microsoft, because they are not free to ask anyone else to work on the program for them.
Microsoft Surveillance
- Windows 10 ships with default settings that show no regard for the privacy of its users, giving Microsoft the “right” to snoop on the users’ files, text input, voice input, location info, contacts, calendar records and web browsing history, as well as automatically connecting the machines to open hotspots and showing targeted ads.
- Windows 10 sends identifiable information to Microsoft, even if a user turns off its Bing search and Cortana features, and activates the privacy-protection settings.
- Microsoft uses Windows 10’s “privacy policy” to overtly impose a “right” to look at users’ files at any time. Windows 10 full disk encryption gives Microsoft a key.Thus, Windows is overt malware in regard to surveillance, as in other issues.
We can suppose Microsoft look at users’ files for the US government on demand, though the “privacy policy” does not explicit say so. Will it look at users’ files for the Chinese government on demand?
The unique “advertising ID” for each user enables other companies to track the browsing of each specific user.
It’s as if Microsoft has deliberately chosen to make Windows 10 maximally evil on every dimension; to make a grab for total power over anyone that doesn’t drop Windows now.
- Windows 10 requires users to give permission for total snooping, including their files, their commands, their text input, and their voice input.
- Spyware in Windows: Windows Update snoops on the user. Windows 8.1 snoops on local searches. And there’s a secret NSA key in Windows, whose functions we don’t know.
- Microsoft SkyDrive allows the NSA to directly examine users’ data.
Microsoft DRM
- DRM (digital restrictions mechanisms) in Windows, introduced to cater to Bluray disks. (The article also talks about how the same malware would later be introduced in MacOS.)
Microsoft Jails
- Windows 8 on “mobile devices” is a jail: it censors the user’s choice of application programs.
Microsoft Tyrants
- Mobile devices that come with Windows 8 are tyrants: they block users from installing other or modified operating systems.
As this page shows, if you do want to clean your computer of malware, the first software to delete is Windows.
ERROR 502 – connect() to unix:/var/run/php5-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream
2015/11/24 12:01:49 [error] 48055#0: *14094117 connect() to unix:/var/run/php5-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream, client:
Once again, i’m struggling with nginx + php-fpm
sudo nano /etc/php5/fpm/pool.d/www.conf
search for
listen = /var/run/php5-fpm.sock
and replace it for
listen = 127.0.0.1:7777
On the *.conf files of sites-enabled (/etc/nginx/sites-enabled/)
replace (or comment)
fastcgi_pass unix:/var/run/php5-fpm.sock;with
fastcgi_pass 127.0.0.1:7777;
More readings