27 Nov 2010

Hiring a PHP Programmer: Part #3, Frameworks & Licensing 

By - PHP No Comments

This is the third and concluding part of our short series on what to look for when hiring a PHP programmer for your company. In part #1 we took a look at ensuring the programmer was vigilant against SQL injection vulnerabilities. In part #2 we reviewed code formatting & commenting practices. For this final portion we will tackle a set of topics more directly related to your business’ intellectual property interests.
Read more

15 Nov 2010

Hiring a PHP Programmer: Part #2, Code Organization & Commenting 

By - PHP 2 Comments

In part #1 of our short series on hiring a quality PHP programmer, we spoke about SQL injection security. In today’s post we are going to look at an outwardly less important but crucial aspect to any programmer: what their code looks like.
Read more

10 Nov 2010

Hiring a PHP Programmer: Part #1, SQL Security 

By - PHP, Security 3 Comments

PHP is a fantastic web development language if for no other reason than its low learning-curve to create dynamic, database-driven web sites quickly. For this reason and others, there has been an obvious influx of web developers ready to hire-on to create your company’s next web application or site. Just like any other employee, contractor or otherwise, you want to be sure that the work being done isn’t just quickly thrown together by a novice, but that there is consideration with regard to appropriate programming practices and security being thought of during development. Read more

07 Nov 2010

ProFTPD Remote Code Execution Vulnerability and exploit 

By - Linux, Plesk, Security 3 Comments

A flaw in the popular ProFTPD FTP server potentially allows unauthenticated attackers to compromise a server. The problem is caused by a buffer overflow in the pr_netio_telnet_gets() function for evaluating TELNET IAC sequences.

ProFTPD bug report: http://bugs.proftpd.org/show_bug.cgi?id=3521

All MNX Solutions Linux Server Management customers have been patched.
Read more

30 Sep 2010

Server Management and Terminating Access 

By - Security No Comments

What if you had to let someone go tomorrow for some unforeseen reason. Would you know all of the points that this person or company has access to? How can you be certain unless you keep track of these locations?

Even if you know all the locations, do you understand the impact of modifying the users access? Was this users access tied to a critical cron job? Was this user account tied to MySQL access for performing monthly billing? What if this employee happened to own one of your domain names? Surprisingly, we see scenarios like this too often.

Read more

19 Sep 2010

Ksplice Provides Patch for Linux Kernel Exploit CVE-2010-3081 

By - Security No Comments

It has been mentioned in many places on the web, that a vulnerability in the 32-bit compatibility mode of the current Linux kernel (and previous versions) for 64-bit systems can be exploited to escalate privileges.

The folks over at Ksplice have put together a patch that fixes this vulnerability, and a tool to check if your system has been compromised. More detail is available on the Ksplice Blog.
Read more

17 Sep 2010

Plesk PHP upgrade 

By - Apache, Plesk No Comments

We are often asked to upgrade PHP on Plesk based systems. When working with Plesk based control panel systems, PHP is typically maintained by the operating system. This means RedHat 5 and CentOS 5 based servers will be running PHP version 5.1.6. Many applications have a requirement of PHP 5.2 or greater.

A few options are available, we will discuss two solutions below..
Read more

14 Sep 2010

Building an Empty RPM 

By - Quick Tip 7 Comments

When searching for information on creating an empty, or null rpm file, I was unable to locate the spec file details needed. In another post, I will describe my need for this empty rpm, but for now here is the minimal spec file needed to build an empty rpm:

Place the following in a file called, php.spec

Summary: Empty PHP
Name: php
Version: 0
Release: 0
License: Public
Group: Applications/System
%description
Empty PHP RPM
%files

Now, build your new php rpm using the following command:

# rpmbuild -bb php.spec
Processing files: php-0-0
Checking for unpackaged file(s): /usr/lib/rpm/check-files %{buildroot}
Wrote: /usr/src/redhat/RPMS/i386/php-0-0.i386.rpm

And that’s it, you now have an empty rpm!

14 Sep 2010

Server Management Best Practices – Firewall 

By - Linux, Quick Tip, Security No Comments

Every week at MNX solutions we handle issues from server security and patch management to system recovery and performance tuning. In this blog series, we will review a number of firewall best practices that you can implement today on your server infrastructure.

First things first, do you utilize a firewall on your server? If your answer is “no” or you are not sure, this should be one of your top priorities. Read more

11 Jul 2010

bash_history date 

By - Linux, Quick Tip No Comments

Bash_history date

Ever try to determine what caused the latest outage by trying to determined when a command was last executed?

Look in your .bash_history (if you are running a bash shell), and you will see your recently executed commands. However, it is generally impossible to tell when the command was executed.

Read more