Apr 15

ReCaptcha Users – Update your URL

By derak Personal, PHP 2 Comments »

On March 8th, the reCaptcha team announced they’re changing their API URL, effective Apr. 11th, 2011.

As others have pointed out, really poor communication from reCaptcha guys. Use your blog, put it on slashdot, reach out to the communities listed on your site. Don’t just yank the rug out from under folks. A month isn’t anywhere near long enough for this important change to trickle out to all the folks integrating with your service. Paypal gave a year and a half worth of notice to is developer community before switching its api urls and that wasn’t long enough either.

Really minor change for zend framework users or other scripting languages.
ZF hasn’t offically said when they’ll update their code. There is a bug report for it.

Here is what change to get ZF ReCaptcha service working again:
Open:
/ZendFramework-1.11.0/library/Zend/Service/ReCaptcha.php


/**
* URI to the regular API
*
* @var string
*/
const API_SERVER = 'http://www.google.com/recaptcha/api';

/**
* URI to the secure API
*
* @var string
*/
const API_SECURE_SERVER = 'https://www.google.com/recaptcha/api';
/**
* URI to the verify server
*
* @var string
*/
const VERIFY_SERVER = 'http://www.google.com/recaptcha/api/verify';
[/code]
#The old urls are still working but are being redirected.

ReCaptcha has already reflected this in their documentation.

Tagged with:
Jan 22

The complicated process for removing the “uncomplicated firewall”

By derak GNU\Linux, Sysadmin Tips No Comments »

If your new to linux, ufw is very useful tool. Really simple to install with ubuntu.

However, should you choose to get rid of it for some reason, it leaves behind quite a mess.
Here is a quick script to clean up the mess.

Here is the whole process as a bash script:

#!/usr/bin/bash
iptables -P INPUT ACCEPT
iptables -X ufw-user-output

iptables -X ufw-user-logging-output
iptables -X ufw-user-logging-input
iptables -X ufw-user-logging-forward
iptables -X ufw-user-limit-accept
iptables -X ufw-user-limit
iptables -X ufw-user-input
iptables -X ufw-user-forward
iptables -X ufw-track-output
iptables -X ufw-track-input
iptables -X ufw-skip-to-policy-output
iptables -X ufw-skip-to-policy-input
iptables -X ufw-skip-to-policy-forward
iptables -X ufw-reject-output
iptables -X ufw-reject-input
iptables -X ufw-reject-forward
iptables -X ufw-not-local
iptables -X ufw-logging-deny
iptables -X ufw-logging-allow
iptables -X ufw-before-output
iptables -X ufw-before-logging-output
iptables -X ufw-before-logging-input
iptables -X ufw-before-logging-forward
iptables -X ufw-before-input
iptables -X ufw-before-forward
iptables -X ufw-after-output
iptables -X ufw-after-logging-output
iptables -X ufw-after-logging-input
iptables -X ufw-after-logging-forward
iptables -X ufw-after-input
iptables -X ufw-after-forward
apt-get remove ufw
#As a basic firewall I’d recommend the following:
iptables  -F
iptables  -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables  -A INPUT -i lo -j ACCEPT
iptables  -A INPUT -p tcp -m tcp –dport 80 -j ACCEPT
iptables  -A INPUT -p tcp -m tcp –dport 443 -j ACCEPT
iptables  -A INPUT -p tcp -m tcp –dport 13160-j ACCEPT
iptables  -A INPUT -d XX_REPLACE_WITH_YOUR_SERVER_IP/32 -p icmp -m icmp –icmp-type 8 -m state –state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables  -A INPUT -d XX_REPLACE_WITH_YOUR_SERVER_IP/32 -p icmp -m icmp –icmp-type 0 -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
This will:
Reset the default policy of INPUT to ACCEPT so we don’t get locked out of our box.
Then  remove the custom ufw chains, flush all existing rules, accept established connections, accept all connections on loopback device, accept all connects to ports 80(http),443(https), and 22(sshd)
It will also accept pings from machines which have established a connection. With large packet support now enabled by default in the linux kernel, its important to allow some pings to be accepted. Then we set the default policys of input and forward to drop and output to accept.
Make sure you replace XX_REPLACE_WITH_YOUR SERVER_IP with your servers ip address.
Tagged with:
Jan 09

Install errors from missing locales

By derak GNU\Linux, Sysadmin Tips No Comments »

While setting up a lamp stack in a VPS using ubuntu 10 LTR, I got the following error:
Setting up php5-cli (5.3.2-1ubuntu4.5) ...
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "en_US.utf8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C")

I was also getting a similar error from locale -a
locale -a
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_COLLATE to default locale: No such file or directory

It appears this VPS provider doesn’t have any locales installed by default. I fixed it by installing my locale via apt-get.

apt-get install language-pack-en-base

 

Update – 1-23-2011

If your using debian instead of ubuntu, see http://people.debian.org/~schultmc/locales.html

  1. Install debconf (i.e. run apt-get update then apt-get install debconf, as root)
  2. Run dpkg-reconfigure locales as root

 

Tagged with:
Jul 03

Quickly extract a folder full of zip files

By derak Personal No Comments »

I need this snip-it a couple times a year to decompress a folder full of left4dead maps.

You will need, 7zip.

Open a windows command prompt.
cd into the folder where your zip files reside.
run C:\Program Files\7-Zip\7z.exe x *.zip
This will extract all the files into the current directory and retain any directory structure inside the zip files.

Depending on the folder permissions, you may need to start the command window as an administrator.
(right click on the ‘command prompt’ icon and select run as administrator or use the ‘runas’ command.)

Jun 14

Add php5-cli and rsync to your esxi server

By derak ESXi, GNU\Linux, PHP, Sysadmin Tips 1 Comment »

My new favorite toy is a box running ESXi.

ESXi is a strange beast. I’m used to using linux based host OS’s so the limitations of ESXi are a little frustrating. No direct access to physical drives, no direct access to USB devices, ESXi only knows how to read its own proprietary files system vmfs.
For all the headache, its much faster than a linux host and has a ton of configuration options via the vSphere client software.

The no cli thing bugs me a lot. The only supported way to interact with esxi is via the vSphere client software.
It does include sshd, but its off by default.
There are lots of articles on how to enable this mode.

Once you’ve got SSH access, you’ll quickly discover that most of the commands your used to in linux are missing.
Including perl, rsync, etc…

Since there are no dev tools, no gcc, or glib headers for this kernel, you can’t compile software directly on the host either.
Ah, but if you can build it into a static binary, it will run!

I’ve found an rsync binary and a php binary.
Installing these opens doors for writing useful scripts with esxi.

Login as root, plop these into your /bin/ directory and make them executable with a chmod a+x and your good to go.

Not quite that easy. The binaries work, just /bin doesn’t persist between reboots. You’ll need to place your utilities in a persistent storage location to keep them around.

Tagged with:
Previous Entries Next Entries