markratledge's questions

My server is getting hit hard by bots, etc., looking for various files in /cgi-bin/, like search.cgi, YaBB.pl, gitweb.perl, perl, gitweb.pl, htsearch, and on and on.

I want to deny all access (send a 403 Forbidden header) for all possible file names and extensions in /cgi-bin/ . (This is a shared server, so I only have access to .htaccess, not vhosts or httpd).

In an .htaccess in cgi-bin I've tried

deny from all

as well as

<FilesMatch "\.cgi?$">
        Order Allow,Deny
        Allow from All
</FilesMatch>

for just .cgi extensions, with no luck for either.

How can I deny access for everything in /cgi-bin/?

Do I need to list all file names and extensions in a <FilesMatch directive?

A mod_alias newbie here.

I found the rewrite rule below somewhere and have been using it to block bots and hackers that hit my site, looking for directories like HNAP1, wp, blog, etc.

And it works for that, returning a Forbidden 403 message.

<IfModule mod_alias.c>

RedirectMatch 403 /(\{\$itemURL\}|cro|HNAP1|wp|blog|)/?$

</IfModule>

But how do I also redirect /wp/wp-admin/ and /blog/wp-admin/ to a 403 message? And any other subdirectory, i.e. /wp/wp-admin/subdirectory/ ?

I'm working on a FreeBSD 9.2 server and have run mysqltuner.pl to check the memory and cache needs of MySQL. Now I need to add a my.cnf file to FreeBSD so it uses that instead of the auto cnf file.

I can copy the my-default.cnf this way:

cp /usr/local/share/mysql/my-default.cnf /usr/local/etc/my.cnf

and then my.cnf will load.

The my-default.cnf file shows these values (which will carry over to my.cnf):

# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
# innodb_buffer_pool_size = 128M

# *the above innodb line I can set*

# *But where do I get the values below?*

# These are commonly set, remove the # and set as required.
# basedir = .....
# datadir = .....
# port = .....
# server_id = .....
# socket = .....

Where do I get the values above? I know they must come from the current MySQL server, but how do I find these settings?

Should this question be at https://dba.stackexchange.com/ ?

I have been getting a lot of web hits in my logs that crawl most top level pages of my site and show a referrer as a Java version.

I see different variants of the Java versions in the referrer, i.e. Java/1.6.0_04, Java/1.4.1_04, Java/1.7.0_25, etc.

And sometimes, but not always, I get a 404 for /contact/ but none of the other pages below.

The IPs are usually always spam harvesters and bots, according to Project Honeypot

78.129.252.190 - - [24/Jan/2014:01:28:52 -0800] "GET / HTTP/1.1" 200 6728 "-" "Java/1.6.0_04" 198 7082
78.129.252.190 - - [24/Jan/2014:01:28:55 -0800] "GET /about HTTP/1.1" 301 - "-" "Java/1.6.0_04" 203 352
78.129.252.190 - - [24/Jan/2014:01:28:55 -0800] "GET /about/ HTTP/1.1" 200 29933 "-" "Java/1.6.0_04" 204 30330
78.129.252.190 - - [24/Jan/2014:01:28:56 -0800] "GET /articles-columns HTTP/1.1" 301 - "-" "Java/1.6.0_04" 214 363
78.129.252.190 - - [24/Jan/2014:01:28:57 -0800] "GET /articles-columns/ HTTP/1.1" 200 29973 "-" "Java/1.6.0_04" 215 30370
78.129.252.190 - - [24/Jan/2014:01:28:58 -0800] "GET /contact HTTP/1.1" 301 - "-" "Java/1.6.0_04" 205 354
78.129.252.190 - - [24/Jan/2014:01:28:58 -0800] "GET /contact/ HTTP/1.1" 200 47424 "-" "Java/1.6.0_04" 206 47827

What are they looking for? A vulnerability?

Can I block these visits by their Java referrer? If so, how? Or with a php function?

I know how to block IPs in .htaccess, but blocking by User-agent is a more proactive method for me).

Update 2/04/14 I'm not able to block a Java User-agent with either of these two rules.

RewriteCond %{HTTP_USER_AGENT} Java/1.6.0_04
RewriteRule ^.*$ - [F]

RewriteCond %{HTTP_USER_AGENT} ^Java
RewriteRule ^.*$ - [F]

Note: I'm on shared hosting and have limited access to apache configs.

I'm trying to install APC on CentOS 5.8 with PHP 5.2.17. I ran the dependancies, which weren't needed, and then

pecl install apc

and after a whole bunch of stuff, got:

Build process completed successfully Installing '/usr/local/lib/php/extensions/no-debug-non-zts-20060613/apc.so' Installing '/usr/local/include/php/ext/apc/apc_serializer.h' install ok: channel://pecl.php.net/APC-3.1.9 Extension apc enabled in php.ini

But, I restarted apache, but APC doesn't show up in phpinfo

and there was no apc extension added to php.ini

Can I simply add extension=apc.so to php.ini? And if so, where in the file itself?

I'm getting a constant "connection refused" while trying to connect over SSH from OS X to a CentOS VPS with a WHM control panel. SSH is enabled in WHM, and I've generated SSH keys. I also tried SSH with the firewall off for a minute , but no luck.

After perusing other questions, I've run ssh -vv [email protected] and that gives me:

debug2: ssh_connect: needpriv 0
debug1: connect to address xx.xxx.xx.xx port 22: Connection refused

and running nc -zvw 2 xx.xxx.xx.xx 22 gives me

nc: connect to xx.xxx.xx.xx port 22 (tcp) failed: Connection refused

What do these really mean? What else can I try?

mydomain is the main domain (in Plesk, Media Temple MT VPS), and under that are several Wordpress sites, like mysite1.com, mysite2.com, etc.

Problem is that I get lots of these errors in httpd's error_log:

[error] [client 127.0.0.1] script '/var/www/html/wp-cron.php' not found or unable to stat

wp-cron.php does exist at the html root in all the Wordpress installs.

I've found hints elsewhere that these errors may have something to do with my /etc/hosts file. This is the hosts file:

127.0.0.1 mydomain.com mydomain localhost localhost.localdomain

Question: do I need to add mysite1.com, mysite2.com, etc., to the hosts file so they resolve and can find the wp-cron.php file?

Edit: found the answer after much Googling. Seems that there are two issues: the hosts file and the fact that MT VPS overwrite the hosts file on each reboot. So the hosts file should look like this for multiple domains on one server:

127.0.0.1 localhost localhost.localdomain
xxx.xxx.xxx.xxx  yourdomain1.com yourdomain1 yourdomain2.com yourdomain2

And those lines must have a few blank lines above the in the hosts file, or they will get overwritten each reboot. See http://bradt.ca/archives/fix-wordpress-missed-schedule-error-on-media-temple-dv-plesk/

I get many of these errors each day in my apache error log:

[error] [client 127.0.0.1] script '/var/www/html/wp-cron.php' not found or unable to stat

and I'm wondering if it has something to with my httpd.conf, because my DocumentRoot is set as "/var/www/html" but my WordPress site(s) are in a top directory called httpdocs, not html. wp-cron.php exists, but it's in httpdocs, not html, and there is no html directory. There are multiple WordPress sites and domains on the VPS and at the IP.

There are no other errors like that in the logs, and WordPress seems to run fine. But I want to fix these errors, as it's a bit of an extra load on the server.

Is there a way to add a redirect or alias in httpd.conf so wp-cron.php can be found? Or this a different matter with a different solution?

Edit: Found the answer; problem was hosts file entries: Hosts file entries for multiple domains on VPS?

When the domain resolves OK for a website, but the IP throws a 404 at the site, is this a DNS problem?

Kind of complicated: I have a client with 3 domains. All three point to one hosting account. Two are pointed at that host, but are not the root of the WordPress install. One domain is for WordPress; and that domain also has some subdomains configured in DNS. (Network Solutions hosting and domains)

I've advised them that the two domains should be domain forwarded, not pointed at the hosting account, and that might be part of the problem.

Where do I start trying to figure this out? What else do I need to question or investigate?

Edit 8/19/10:

Thanks for the responses, and everyone had suggested host headers, but I don't know what those are or where I would find those settings. The hosting is called nsHosting Shared (Small-Unix). I can't find any more details on it. Nothing out of the ordinary in .htaccess.

This is the DNS for the domain that Wordpress is installed under (no CNAME records):

Host                                 IP
www                     206.188.192.100  Network Solutions Hosting
@ (None)                206.188.192.100  Network Solutions Hosting
* (All Others)          206.188.192.100  Network Solutions Hosting
grafton.mydomain.com       216.161.227.32 
mail.mydomain.com         24.111.147.85 
remote.mydomain.com     24.111.147.85 

How does one prevent hotlinking of swf files from an Amazon S3 file system? Flash files don't send http referrers, so I've tried to set a bucket policy that restricts to certain referrers at Amazon, but no luck.

And this typical anti-hotlinking .htaccess at my server doesn't work:

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?mysite.com [NC]
RewriteRule \.(jpg|jpeg|png|gif|swf)$ mysite.com/goaway.jpg [NC,R,L]

.htaccess and mod_rewrite does work OK for other things, like WordPress permalinks, so I don't think it's a shared hosting-wide problem with mod_rewrite.

Does the URL I'm using in the flash embed matter?: http://mybucketname.s3.amazonaws.com

Using Analog 6 for web stats, and I'm surprised to see over a million 404's over 54 days. Am I looking at this correctly? Is this an unusual ratio of 404's to "200 OK" page views? I don't see any 404's in the list of actual URLs; where would a list of the broken URLs be? The site is a combination of html, WordPress and asp pages on unix/apache, if that matters.

Requests       Status Codes
 6548392       200 OK
     807       206 Partial content
 1830136       301 Document moved permanently
   61795       302 Document found elsewhere
 3091342       304 Not modified since last retrieval
    3042       400 Bad request
   49012       403 Access forbidden
 1043694       404 Document not found
    2936       500 Internal server error
     411       503 Service temporarily unavailable

General stats:

Successful requests:                   9,640,541 
Average successful requests per day:     183,490 
Successful requests for pages:         1,620,543
Failed requests:                       1,099,095 (20,066) 

On a Mediatemple gridserver, I'm trying to run this by a cron set in the control panel:

usr/bin/python /home/xxxxx/html/sitemap_gen.py --config=/home/xxxxx/html/config.xml

But I get the error "python: can't open file '/home/95809/html/sitemap_gen.py': [Errno 2] No such file or directory." But the files are there. MT requires the paths, and there is no difference in the error without the paths.

I can run it manually from ssh:

python sitemap_gen.py --config=config.xml

and have chmoded the script for execution.

Is there a different way to run this script that will work?

MT doesn't have direct examples of python scripts run by cron, and doesn't offer support.

Is there a way to wrap the script in another script - like a bash script - to get away from having to include the paths or invoke python, which I think might be the problem?

Is is possible to configure WordPress permalinks directly in Apache httpd.conf?

I have a server situation (Apache 2.2.3 CentOS PHP5.1.6) where I can't use .htaccess for performance reasons, but can use httpd.conf.

The admin says that mod_rewrite is enabled, but AllowOverride is not, and I can't change those settings.

And I need to restrict the permalinks to just the "blog" directory.

This is what would go in .htaccess but needs to go into httpd.conf:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /blog/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /blog/index.php [L]
</IfModule>

Thanks...

I've got some puzzling (at least to me) errors that show up in my webserver logs. What's puzzling is that they show my error page being referenced, but that error page doesn't show up as being displayed in hits on statcounter.com. Can someone tell me the difference in these two kinds of errors? Or is only one a "real" error?

This is in WordPress, and I have my 404.php file in my theme redirecting to a static Wordpress page at mydomain.com/error/

These first two log entries show /error/, but a "hit" on my /error/ page doesn't show in my webstats. The page referenced - /2009/08/delete-preference-files/ - exists, and shows a "hit" at statcounter.

 92.17.232.242 - - [13/Mar/2010:01:45:43 -0800] "GET /error/ HTTP/1.1" 200 4012 
 "http://mydomain.com/2009/08/delete-preference-files/" "Mozilla/5.0 (Windows;U; 
Windows NT 5.1; en-US; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8 (.NET CLR 3.5.30729)" 732 4432

 92.17.232.242 - - [13/Mar/2010:01:47:11 -0800] "GET /error/ HTTP/1.1" 200 4012
 "http://mydomain.com/wp-content/themes/default/style.css" "Mozilla/5.0(Windows; U; 
Windows NT 5.1; en-US; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8 (.NET CLR 3.5.30729)" 861 4432

These are two error entries that display my /error/ page, because /error/ gets a "hit" in statcounter. The page /cookies/ doesn't exist.

72.174.16.202 - - [13/Mar/2010:10:53:37 -0800] "GET /cookies HTTP/1.1" 302 21 "-"
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
 (.NET CLR 3.5.30729)" 394 642

72.174.16.202 - - [13/Mar/2010:10:53:38 -0800] "GET /error/ HTTP/1.1" 200 4012 "-"
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 
(.NET CLR 3.5.30729)" 393 4432