Windows Update Error Code 80072EE2

You are unable to install updates on your computer because the Windows Update management console reports error code 80072EE2. Check to see where your updates are coming from. If the console reports that “You receive updates:” “Managed by your system administrator”… chances are that your registry settings are specifying a special Windows Update server that either doesn’t exist or isn’t functioning correctly.

Step 1: Open the Windows Registry Editor “As Administrator”. Click the Start button, search for “regedit”, and right-click / Choose Run as administrator

Step 2: Browse to [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows] and Delete the [WindowsUpdate] key.

Step 3: Restart your machine and run Windows Update.  You should now see that “You receive updates:” “For Windows and other products from Microsoft Update”.

Posted in Registry, Windows, Windows update | Leave a comment

Install Virtualmin GPL on Ubuntu 11.04 Natty 64 bit

Install Virtualmin GPL on Ubuntu 11.04 Natty 64 bit

This brief tutorial will help you get a copy of Virtualmin GPL up and running on Ubuntu Server 11.04 Natty 64 Bit. This tutorial assumes that you have a fresh install of the OS, ssh access (if needed), access to the internet, and no firewalls blocking the necessary ports needed for accessing the server once everything is set up. Why Ubuntu? Ubuntu has a full set of LAMP stack packages that are relatively up to date. Virtualmin has great support for CentOS (in fact, the installer runs with no additional configuration necessary), but CentOS only pac Here we go.

Root-level Access

If you aren’t already functioning as the root user, use the ‘sudo -s’ command to get you into the root account.

user@ubuntu:~$ sudo -s
[sudo] password for user: your-password
root@ubuntu:~#
Establish root access

Add Webmin/Virtualmin Repositories and GPG Keys

The repos needed are as follows:
deb http://download.webmin.com/download/repository sarge contrib
deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib
deb http://software.virtualmin.com/gpl/debian virtualmin-universal main

They gpg keys needed are as follows:

http://software.virtualmin.com/lib/RPM-GPG-KEY-virtualmin

http://www.webmin.com/jcameron-key.asc

To install the repos and keys, add the keys to the /etc/apt/sources.list file. First make a backup, just in case. then use vi or another editor to insert the three repos into the sources list.

root@ubuntu:~# cp /etc/apt/sources.list /etc/apt/sources.list-bak
root@ubuntu:~# vi /etc/apt/sources.list

Next, import the gpg keys.

root@ubuntu:~# cd /tmp
root@ubuntu:/tmp# wget http://software.virtualmin.com/lib/RPM-GPG-KEY-virtualmin
root@ubuntu:/tmp# wget http://www.webmin.com/jcameron-key.asc
root@ubuntu:/tmp# apt-key add jcameron-key.asc
root@ubuntu:/tmp$ apt-key add RPM-GPG-KEY-virtualmin
Add repos and gpg keys

Now we need to update our repos, and while we are at it, any out of date Ubuntu packages.

root@ubuntu:/tmp# apt-get -y update
root@ubuntu:/tmp# apt-get -y upgrade


Install Package Dependencies

At the time of writing, the Virtualmin GPL install script would die due to a missing dependency (procmail-wrapper). We’ll manually install it. Note, if your server install is 32 bit, you’ll need to visit the website specified below in the wget command and get the address for the i386 package.

root@ubuntu:/tmp# wget http://software.virtualmin.com/gpl/ubuntu/dists/virtualmin-hardy/main/binary-amd64/procmail-wrapper_1.0-2_amd64.deb
root@ubuntu:/tmp# dpkg -i procmail-wrapper_1.0-2_amd64.deb

Set the Server’s Hostname

The hostname needs to be a FQDN (Fully Qualified Domain Name) or the web interface will break trying to deal with the BIND Nameserver package. If your hostname is not a FQDN, use this command: (not that the use of ‘server’ isn’t required, it can be anything you want)

root@ubuntu:/tmp# /bin/hostname server.domain.com
set hostname

Use the Virtualmin GPL Auto-install Script

We’ll download the installer, make it executable, and then run it! Note: If the install script asks for your FQDN: re-type it into command line.  The hostname we set earlier will be in effect when the machine reboots.

root@server:/tmp$ wget http://software.virtualmin.com/gpl/scripts/install.sh
root@server:/tmp$ chmod u+x install.sh
root@server:/tmp$ /tmp/install.sh
Install virtualmin


Follow the prompts. After the install is complete, you will need to give your root user a password if it does not have one (the default Ubuntu practice is to not give root a password.

root@server:/tmp$ passwd

Again, follow the prompts.

Troubleshooting

If you receive an error saying that there is no package available called virtualmin-base, check and make sure the virtualmin repo is in /etc/apt/sources.list and re-import the key with apt-key add.

Use Your New Ubuntu Webserver

Assuming that you have DNS records set up to point your server’s hostname to it’s IP address, you can hit the webmin interface at http://server.domain.com:10000. You’ll need to log in as root and go from there.

Posted in Uncategorized | Leave a comment

Stop HTML Form Remote Spam Without Captcha

Stop HTML Form Remote Spam Without Captcha

It is possible to stop remote bot spam cold in its track.  The solution involves JavaScript and server-side processing.  The example will be given in PHP/HTML/JavaScript. I developed this process in 2008 for a client who was inundated with remote spam posts. It stopped spam bots cold in that case and I have been using it ever since.

What This Method Won’t Stop

This technique will not stop someone who actually loads an html page containing a form, fills in the required fields, and submits the form. The client will need to have JavaScript enabled.

On The Server Side

Before the form is sent to the browser we are going to create a session variable that is a hash.  This hash lets us know that the user visited the form page and is allowed one trip to the processor. I generally use something like this:

<?php
   session_start();
   $_SESSION['my-form-hash'] = md5(date(str_shuffle('
      aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
   ')));
   // Now show the form

At the top of the form processor, we validate the form hash. You must remember to 1) unset() the form hash from the session if they are successful, and 2) kill the script if they fail. If you redirect but don’t kill the script, php will continue executing code even through the visitor’s browser redirected.

<?php
   session_start();
   // If things don't match up...
   if(!isset($_SESSION['my-form-hash']) ||
      $_SESSION['my-form-hash'] == '' ||
      !isset($_POST['my-form-hash']) ||
      $_POST['my-form-hash'] == '' ||
      $_POST['my-form-hash'] !== $_SESSION['my-form-hash']) {
      // Send them to another page, push a 404 header, etc

      // Make sure and kill the script!!!
      exit();
   }
   // If they made it this far, all is well
   unset($_SESSION['my-form-hash']);
   // Now check the data one more time and process it appropriately

On The Client Side

The first step is to remove hints as to the location of the form processor.  Something like this will do:

<!-- Leave method and action blank
<form id="form" name="form" method="" action="">
   <!-- Insert the form hash as a hidden element -->
   <input type="hidden" name="my-form-hash" value="a3678ed..." />
   ...
   <input type="submit" id="submit" value="submit"
          onclick="void(0);" />
</form>
<noscript>Hi. You need JavaScript to submit this form.</noscript>

Next will will use a remotely included JavaScript file to process the form on the client side; I use jQuery but raw JavaScript would work just as well.

$(document).ready(function () {
   $("input#submit").click(function () {
      // Validate some fields if you want to...

      // If it passed validation (line breaks added due to space
      // constraints)
      $("form#form").attr('method','post')
                    .attr('action','/my-form-processor.php')
                    .submit();
   });
});

This is a basic example of how to stop remote form submission without Captcha.  The visitor enters the page where the form is located and PHP generates and stores a hash. This hash is placed into the form as a hidden form element.  When the form is submitted to the form processor, the processor checks the value of the submitted hash against the stored hash.  If there is a discrepancy, no data is submitted.

Tips For Success

Having the JavaScript form processor in another file makes it harder for a spam bot to determine the location of the form processor.  Most will not scan beyond the HTML page where the form is to determine this information. If you are ultra paranoid you could Base 64 encode the form processor URL and then Base 64 Decode that value right before the value is populated into the action attribute of the form tag by JavaScript. If you have a form that is a magnet for remote spam, make sure and put the form processor at another URL. I like to push a 404 header (Page Not Found) for failed form submission attempts.

Posted in JavaScript, PHP, Programming, Tutorials | Tagged | Leave a comment

MySQL Toggle Boolean TinyInt with XOR

MySQL Toggle Boolean TinyInt with XOR

A quick tip for toggling a tinyint(1) [essentially a boolean] field is to use an update statement that uses the XOR operator.  Given a field named ‘active’ of type tinyint(1) we can toggle it by simply sending the following to MySQL:

update table_name set active = active XOR 1

This would toggle all of the fields in that table.  To limit it to a certain record, just append a ‘where’ clause and use another field to limit what gets updated.

update table_name set active = active XOR 1 where id = x

Posted in MySQL, Tutorials | Tagged , , , , , | Leave a comment

Restrict WordPress Admin to Specific IP Addresses with htaccess

Restrict WordPress Admin to Specific IP Addresses with .htaccess

Making your WordPress install secure is an item of top priority.  The source code is openly available for inspection by people with less-than-scrupulous intentions.  As the popularity of the platform increases it will draw the attention of people looking to hack into sites and harvest private data.  This tutorial assumes several things:

  • First, you are already using a secure password containing numbers, letters (at least one capital), and symbols.
  • Second, your WordPress install is on a server running Apache where you are allowed to override settings using .htaccess files.
  • Third, you have FTP access to the site.

Using .htaccess to Restrict IP Addresses

When a server is running Apache and is configured to allow overrides, the .htaccess can be placed in a physical filesystem directory for the purposes of granting or denying access to that directory ~and everything under it~.  For our purposes we will want to create a blank file called “.htaccess” in our /wp-admin/ folder.  Immediately attempt to log in to your blog or access the /wp-admin/ folder and make sure that the presence of the file is not disrupting Apache’s service of your web content.  Next, make sure that the file itself cannot be directly accessed by browsing to “/wp-admin/.htaccess”.  You should see an error message stating that viewing the file is forbidden. Apache is very flexible, powerful, and complex.  Administrators can forget to deny browser access to the override files, use a different filename for overrides, or disable the feature altogether.  If you can see your blog admin panel and the .htaccess file is forbidden, keep reading.

Apache’s Order, Allow, and Deny Directives

The full scope of how the Allow and Deny directives are evaluated is outside of the scope of this mini-tutorial.  You can read about them in the Apache 2.2 Documentation for mod_authz_host.  For our purposes we are going to add two lines to our .htaccess file:

Order Allow,Deny
Allow from [your IP address (ex: 127.0.0.1)]

You can use multiple IP addresses by separating them with a space, you can use partial IP addresses, or use CIDR notation for allowing or denying certain IP blocks.

To test the functionality of your directives, place a bogus IP address after ‘Allow from ‘.  Save the file and try to access your administration panel.  If you were redirected to the /wp-login.php page you might notice that the page doesn’t look correct.  This is because some of the images and stylesheets are in the /wp-admin/ folder.  Use your regular credentials and you should be denied access to the WordPress backend.

Now you can place your IP address after the ‘Allow from ‘ statement and you should be able to access the WordPress administration features.

Considerations when using Apache’s .htaccess to restrict access by IP address

What is protected…

  1. You will only be able to log in when you are using the IP addresses you specified.  If you are at home, chances are you will receive a different IP address from time to time.  Simply FTP in and update the list of allowed IP addresses.
  2. This will prevent unauthorized access to WordPress administration panel from IP addresses you haven’t specifically enabled.
  3. If a vulnerability is discovered in any file under the /wp-admin/ folder, your blog will be protected as long as your credentials aren’t compromised ~and~ the Administration area isn’t access from one of your specified IP addresses.

What is not protected…

  1. This does not address any other vulnerabilities that may be present in any files outside of the /wp-admin/ folder.
  2. If you are using unsecured WiFi and your login credentials are compromised, an attacker could gain access if they can connect to that same router.

Ultimate Security for the /wp-admin Folder

If you can live with the inconvenience of having to connect via FTP prior to posting, you can specify ‘Allow from none’ or ‘Deny from all’.  When you are ready to post or make changes you’ll have to FTP in and add your IP address to the ‘Allow from ‘ statement.  This isn’t a very practical solution for most situations.  Additionally, it is subject to the same scrutiny over an unsecured network.  If you are connecting via FTP over port 21 through an unsecured WiFi router, your credentials could be compromised which would exposed the entire filesystem to someone with malicious intent.

You could also add additional security such as Apache-based HTTP authentication which would provide a third layer of security (WP Login, .htaccess, HTTP Authentication).

Posted in Apache, Tutorials, WordPress | Leave a comment

Failover Name Servers for Reliability and Uptime

Failover Name Servers for Reliability and Uptime

Name Servers are a forgotten piece of the internet puzzle.  Having failover name servers for reliability and uptime is a consideration often overlooked from the client, to the web services provider, and all the way up to the webhost.  While name servers are (theoretically) geographically separated and located on separate networks, they are not impregnable and/or exempt from issues that result in downtime for a website.

This article serves as a ‘proof of concept’ more than a actual tutorial.

What the Name Server Does

Broadly speaking, a Name Server is an internet phone book.  You type into your browser ‘http://www.example.com’ and your internet service provider sends your request to the phone book.  The Name Server looks for what is called a ‘zone record’ for example.com and returns the proper IP address where the domain you are looking for is hosted.  This is known as ‘resolving’.  The name server resolves the domain to an IP address.  With that information in hand, your request is sent to the appropriate server and the content you were looking for is delivered to your screen.  Name servers also help with routing e-mail and subdomains, among other things.

Every publicly available website has zone records on at least two name servers.  The idea is that if one name server cannot return the correct information, the request will be kicked to the next server listed in an attempt to retrieve the information necessary.

Name Server Vulnerability

Name Servers, like any other piece of internet hardware, are subject to failure for time to time.  The failure could be the result of any number of occurrences from natural disaster, to human error, to malicious activities.  Despite these types of vulnerabilities, name servers can be configured to almost guarantee 100% uptime for dns resolution.

Most web hosting services and domain registrars offer basic DNS services.  That is, they will allow you create subdomains, specify mail exchange services, etc.  However, they generally will not allow you to specify an alternate backup DNS service (known as a slave) that automatically syncs with their master zone records.

Additionally, as of today, if you tracert or ping GoDaddy’s name server pairs (ex: ns25.domaincontrol.com and ns26.domaincontrol.com) you will see that both of them resolve to the same IP address.  That means that your ‘two’ name servers are really just one server that has two IP addresses.  If that server goes down, or any of the servers/routers in between, your DNS resolution will fail and your site disappears.

As previously stated, name servers are neglected when it comes to mapping out a plan for web service reliability.  The instances of name server failure are generally low, but when time is money, any potential downtime should be mitigated as much as possible.  Fortunately, it is easy to ensure your own name server failover.  This tutorial will help accomplish that task.

Proof of Concept: Creating Name Server Failover

Register a domain for your name servers.

This isn’t actually 100% necessary, but it will save you from having to create an extra A Record for each name server if you try to use subdomains of your main domain to house the name servers.  For instance, if you own example.com, putting name servers on ns1.example.com and ns2.example.com will require you to have an A Record for both in the DNS zone file.  On the other hand, if you register ‘example-ns.com’ or even ‘example.net’ (as long as there isn’t a site on that domain that will be served by the name servers), you will not have to remember to add the A Records for the name servers.  It’s not a big deal, its just one less thing to remember.

If you are a web developer or web provider, it may not be a bad idea to have a few of your own name servers.  Here are a few reasons why:

  • Many registrars and hosting providers use either a single name server with two IP addresses or two name servers in the same data-center behind the same routers.  When they have a problem and your customer’s site(s) disappear, you look bad for not having answers.
  • Have at least two physically separate and properly configured name servers all but guarantee 100% uptime for DNS resolution.
  • If there is a name server issue on your end, you can diagnose the issue and give your customers an accurate status update.
  • Having ‘ns1.mywebcompany.com’ and ‘ns2.mywebcompany.com’ enhances and solidifies your brand.  This will keep your sub contractors out of the loop and aid in reputability and boost consumer confidence (assuming of course that you keep the service up and running).
  • Large web service providers are more likely to be the target of or succumb to malicious activities.  Conversely, a couple of obscure name servers are much less likely to fall into the cross hairs of an attack.

Deploy some servers to run a DNS service.

Running a DNS service on a server is not a an exercise in rocket science.  We prefer to use BIND which, for all intensive purposes, is the defacto name server daemon.  Further, CentOS has a comprehensive BIND package that can be installed as well as restrictive firewall rules right out of the gate.  You’ll have to open port 53 for TCP and UDP traffic in order for your name server to operate.

The key is to have one of the name servers be a master name server and the other a slave.  The slave will query for updates at a specified interval and thus stay relatively up-to-date.  If the master name server fails, you have time to restore it before the slave server times out.

Your servers could be run out of an office or collocation data-center but an alternate more affordable approach would be to deploy on-demand cloud servers.  These servers can be configured in a variety of ways without the need to be concerned with hardware maintenance and upgrades.  Ideally you would deploy two cloud servers with different providers over different networks.

Register your name server

Once your servers are set up and the slave is properly querying the master server, it’s time to register your name server.  Glue records are created by approved internet registrars.  Some registrars will allow you to create glue records on your own, others will require you to submit a support ticket.  In the GoDaddy interface glue records are created in the host summary interface.  Simply provide the FQDN (fully qualified domain name) of the name server and its static IP address.  It will take a while for these glue records to propagate, but once they do, you are off to the races.  The only thing left to do is set your web site(s) name servers to reflect your name servers and wait for the changes to propagate.

Further Failover Measures

You can ensure even more failover.  Create an account with a free name server provider such as Zone Edit or DNS Park.  You can configure your zones and instruct them to obtain up-to-date information from your master (or slave) DNS server.  You’ll need to explicitly allow this in your name server config, but doing so will bring you up to 4 or more name servers capable of serving your DNS resolution needs.

Summary

Name server failover is the forgotten piece of the web services paradigm.  Whether you are running your own web site or you are a web services provider, neglect of the name server issue is a serious gamble.  This proof of concept shows that name server failover protection is not only feasible, but also affordable and beneficial.  The rise of cloud computing and virtual servers makes deploying a dedicated name server relatively easy and uncomplicated.

Posted in BIND, GoDaddy, linux, Rackspace, Resources, software, Tutorials, Web Hosting | Tagged , , , , , | Leave a comment

MySQL Dictionary of English Words in SQL and CSV

MySQL Dictionary of English Words

I have compiled a dictionary of 109,000+ English words in SQL and CSV format.  I am selling it for a $2.00 donation to cover my hosting and bandwidth fees.





The table has several helpful features.  First, each word has two alternate versions that describe the makeup of the word. For example, the word ‘aardvark’ contains three of the letter ‘a’, one of the letter ‘d’, one of the letter ‘k’, two of the letter ‘r’, and one of the letter ‘v’.  it is encoded in the table as ‘a3d1k1r2v1′ and as ‘aaadkrrv’.  Also, the table contains a field for every letter of the alphabet and contains a integer describing how many of each letter occurs in a word.  I used this information for my Blackberry Word Mole Cheat script and I am sure it has many other uses.

You can download a preview of the MySQL Dictionary of English Words in SQL and CSV format.

Posted in linux, MySQL, software | Tagged , , , , , , , | Leave a comment

Blackberry Word Mole Cheat

RIM Blackberry Word Mole Cheat

The Word Mole game for the RIM Blackberry device is fun, educational, and for some people… addicting. Problem is, Storm users have a substantial advantage over non-touch screen users because it is much quicker to tap a screen to choose the letter you want as opposed to scrolling with a trackball or trackpad. I have attempted to even the odds a bit by creating this handy little widget. Simply enter the range of 36 letters given to you by Word Mole and my script will generate the 25 biggest words that can be compiled out of the range of letters present on the screen. Keep in mind that the Word Mole dictionary isn’t ~exactly~ exhaustive, so you’ll need to be selective in which word you try to enter.

Letters In Grid:
Posted in Hardware, Resources, RIM Blackberry, Smartphones | Tagged , , , | Comments Off

Free Alternative to Plesk and cPanel: Virtualmin GPL

Free Alternative to Plesk and cPanel: Virtualmin GPL

Virtualmin GPL is a free alternative to other proprietary web hosting platforms such as Plesk and cPanel.

Who can use Virtualmin GPL

Virtualmin GPL requires that you have root access to a fresh Linux operating system install.  Essentially, you need your own server.  Fortunately, with the rise of cloud computing and advances in server technology, a dedicated server can be obtained on almost any budget.  If you have a server at home, make sure your ISP allows incoming connections over standard web ports (80, 443, etc) and make sure that you can obtain a static IP address (or are familiar with maintaining an IP through a dynamic DNS service).

Comparison of Virtualmin GPL vs. Plesk/cPanel

User Interface

Plesk and cPanel have streamlined intuitive interfaces.  These platforms are designed with ease of use in mind to meet the needs of a broad range of end-user capabilities.  That is to say, they present a user interface that will cater to a beginner as well as the seasoned web administrator. Ask 100 web administrators for their preference of cPanel or Plesk and the opinions will almost certainly be divided right down the middle for various reasons.

Virtualmin GPL has a feature rich offering but the services available through the UI are not nearly as intuitive as what is present in cPanel and Plesk.  End users with basic understandings of Linux, Apache, PHP, MySQL, SSH, FTP, SSL, and other common web-related services will find that Virtualmin GPL provides a satisfactory platform from which to administrate all facets of a web server.

Feature Offerings

Virtualmin GPL has one very distinct difference between cPanel and Plesk (other than cost!).  The Virtualmin GPL automatic install script comes bundled with an additional set of tools called Webmin.  While Virtualmin GPL handles all aspects of virtual servers and web hosting, Webmin facilitates almost complete control of the entire Linux operating system.  Plesk and cPanel are tools focused solely on administrating domains where Virtualmin GPL, via Webmin, allows full OS control.

Virtualmin GPL also configures PHP to to run as a FastCGI by default.  This means that PHP runs as the Linux user instead of as the Apache or nobody user.  This is particularly helpful when you have a web site or application that needs to upload files or other media.  Rather than having to make certain directories world-writable, PHP will be able to write files to the filesystem because PHP is running as the Linux user that owns the directory where the site is hosted.

Summary

Virtualmin GPL is a capable freeware alternative to other proprietary web management platforms such as Plesk and cPanel.  You will need a server with root access, a fresh Linux OS install, and the patience to read some documentation.  If you do not have a server at home or your ISP has some standard web ports blocked, you could always set up On-Demand Linux and Windows Servers on the Cloud.  It’s quick, easy, stable, and best of all, affordable.  Servers start at $11.00 per month.

Posted in linux, software, Virtualmin GPL, Web Hosting | Tagged , , , , , | Leave a comment