Renaming mongo shards

Mongo has mostly excellent documentation, yet sometimes it may not be obvious how to do some less-used configuration changes. One of these is a way to rename mongo shards.
Continue reading ‘Renaming mongo shards’ »

Be aware of CloudMagic – Email App – it “steals” your password

Recently, I was looking for an IMAP client for Android. I’ve read some reviews of CloudMagic – Email App and I though I’ll give it a try. To my surprise, it appears to be stealing credentials.

Continue reading ‘Be aware of CloudMagic – Email App – it “steals” your password’ »

Building Apache 2.4.x deb packages for Debian Wheezy (7.x)

If you’re a Debian Wheezy (7.x) user, you’re stuck to use Apache 2.2.x. Apache 2.4.x packages are available in the upcoming Debian Jessie (8.x), now in testing, however it’s not possible to install them on Wheezy.

If you need to use some of the features present only in Apache 2.4.x, it’s easy enough to build deb packages yourself.

For those who just want to download pre-built packages, you can get them from here: https://www.virtall.com/files/debian/wheezy/

Below, building instructions.
Continue reading ‘Building Apache 2.4.x deb packages for Debian Wheezy (7.x)’ »

Why is Microsoft trying to break into one of my servers?

Tonight, I’ve noticed rather lengthy break-in attempt from one of IPs owned by Microsoft. According to whois, 191.238.81.33 is owned by Microsoft Brasil – Microsoft Informatica Ltda., Brazilian subsidiary of multinational Microsoft.
The attack is ongoing, and it’s just a small part of the log. What the hell are they looking for?
Continue reading ‘Why is Microsoft trying to break into one of my servers?’ »

Adding existing code to bitbucket

Bitbucket has a bit imprecise documentation about pushing an existing code to their repo. If you have an existing directory without git control, and would like to push it to bitbucket, you may get the following error:

No refs in common and none specified; doing nothing.
Perhaps you should specify a branch such as 'master'.
Everything up-to-date

Here is how to solve it.

Continue reading ‘Adding existing code to bitbucket’ »

Changing timezone manually on CentOS / Debian

Here are some quick notes on how to change the timezone on CentOS, RedHat, Debian, Ubuntu and similar Linux systems.
Continue reading ‘Changing timezone manually on CentOS / Debian’ »

arcconf on Linux: examples

Here are some arcconf usage examples.
Continue reading ‘arcconf on Linux: examples’ »

Apache and nginx: serving different robots.txt for SSL and non-SSL version of the website

Very often, you don’t want the SSL (https://) version of your websites to be crawled by the robots.

Here is how to achieve it under Apache and nginx.

Continue reading ‘Apache and nginx: serving different robots.txt for SSL and non-SSL version of the website’ »

Serious security flaw in WHM/cPanel – symlinks and .htaccess can be evil

WHM/cPanel is one of the most successful web hosting control panel. Especially popular among shared hostings, it came to me as a surprise that it lets you read files which belong to other users, including those containing database credentials (like, the whole contents wp-config.php belonging to other user’s WordPress installation, or configuration.php, being yet another user’s Joomla config file).

Continue reading ‘Serious security flaw in WHM/cPanel – symlinks and .htaccess can be evil’ »

using tcpdump to detect malware presence

tcpdump can be quite useful for finding malware on a a busy server, where temporarily stopping the traffic will affect many users and thus is not recommended.

Note that it will be only useful if the malware is connecting to some external servers.
Continue reading ‘using tcpdump to detect malware presence’ »