I love these kinds of illusions. The mystery of the disappearing pink dots:
http://www.beforeiforget.co.uk/2009/what-do-you-see/
I recently came across a problem with ActiveMQ and Spring which took a while to find. As with all the articles on this blog, I had to figure it out myself because there weren’t any solutions on the inter-web.
The confusion was caused by the message port out of range:-1 for a JMS broker address of tcp://prd_live_sm:61616. The full error message is:
2009-05-08 11:46:21,171 INFO [uk.co.bigsoft.myapp.RsmDefaultMessageListenerContainer] - could not refresh JMS Connection for destination ‘topic://prd_live_sm’ - retrying in 5000 ms. Cause: Could not connect to broker URL: tcp://prd_live_sm:61616. Reason: java.lang.IllegalArgumentException: port out of range:-1For completeness the Spring bean for the the broker is:
<amq:connectionFactory id="smConnectionFactory" brokerURL="tcp://prd_live_sm:61616"/>
As you can see the port number is 61616 which is a valid port number. Valid port numbers range from 1 to 216-1 (65535).
The clue is in the minus one port number. Minus one is almost certainly an invalid value which is set at the start of parsing the URI. This means that the parsing part was not successful, if it was it would have correctly identified the port number as 61616. I know that the protocol part was all right so the problem must be in the host name.
I knew that underscores were illegal characters in a host names but I thought it would be all right. Sloppy windows allowed my co-worker to give all the machines in this new set up host names containing underscores. ActiveMQ was the only component that complained.
I changed the hosts
file an added an alias to all the machine names containing underscores, so prd_live_sm
became prdlivesm
. I updated the ActiveMQ topic pick up address to the host name without the underscores and restarted my container. Low and behold it worked!
The internet standards state that underscores are not allowed, and yet Windows allows them. Who is right? Almost every open source implementation of everything is strict on host names, this includes, but is not limited to Squid cache and Apache HTTP. So the quick answer is that if you want system interoperability then don’t put underscores in your host names. However, if you run a Windows shop you can do what you like but don’t expect things to work very well!I just wanted to install WordPress with the minimum of fuzz. So is the 1 minute cut and paste guide to installing WordPress under Plesk.
First we need to create a database to hold the WordPress articles.
- Login to your Plesk server as root.
- Move to the MySQL database folder:
cd /var/lib/mysql
- Create a folder to create the database:
mkdir example_com_wordpress
- Change the permissions so that MySQL likes it:
chown mysql:mysql example_com_wordpress chmod 700 example_com_wordpress
- Go to the WordPress Download page and download the software.
wget http://wordpress.org/latest.tar.gz
- Unpacked the downloaded file under document root at
/blog/
tar -xvzf latest.tar.gz mv wordpress blog cd blog
- Change the permissions of the unpacked files to that of the rest of your files.
- Copy the sample configuration file in.
cp -p wp-config.sample.php wp-config.php
- Edit the configuration files and change the database access details.
- Next you need some encryption keys. WordPress have kindly provided a facility that generates the keys for you. Load up https://api.wordpress.org/secret-key/1.1/ and cut and paste the the generated PHP code into the configuration file overwriting the lines already there. The original lines look pretty random already but they must be changed otherwise the baddies will be able to easily break your encryption.
$table_prefix
variable.
Extra help can be found on the WordPress web page.If you have to look after a lot of servers then shutting them all down at the end of the day can be a real pain. The button on the front of the machine can be re-configured to perform different actions. The actions include: Shut down, Hibernate, Stand By, Ask Me What To Do or Do Nothing. Depending on the type of machine you have bought these settings will be different; for example if it is a Laptop computer it might be set to Hibernate where as a Desktop might be set to Stand By.
As with all things Windows, the way in which you configure this changes depending on your version of operating system. So for Windows XP:
- Right click on the background of the Desktop and select Properties.
- Go to the Screen Saver tab and in the Monitor Power section click the Power… button.
- Go to the Advanced tab. From the drop down in the Power buttons section you can change the action to whatever you like.
- Right click on the background of the Desktop and select Personalize.
- From the Personalize appearance and sounds section click Screen Saver.
- In the Power management section click Change power settings….
- On the left hand side there is a list of links, click Choose what the power button does.
- There is a single drop-down box where you can select your desired option and click the Save Changes button.
If you have a server on the internet, the chances are that someone will attempt to gain entry. I have seen cases where the server was live on the internet for as little as 2 minutes before some bot launched an attack.
There are various programs out there that will do brute force dictionary hacks on your machines. Hackers know that there are standard user names that always exist on your server, especially if it is using the default configuration. User names include (but are not limited to) root, mail, news, mysql, lp. You can check your /etc/passwd file for the rest.
The attack involves trying to login to the user names using a dictionary of commonly used passwords. The best thing you can do is to rename those user names. For example renaming the root user name to rootuser will always mean that the hacker will never gain entry because the user name doesn’t even exist! However some start up scripts rely on the top level user being root instead of checking the top user id is zero.
It is definitely more difficult to rename the lp user because its user id is not fixed and so the name is relied upon. In cases like mysql you can rename the user name because it is created my you, so as long as all the permissions are set correctly you should be fine.
Another problem with someone attacking your server is that they are stealing your bandwidth to do it! You have to pay for traffic that comes to your site and it all adds up.
Fear not, there is a way to stop this, but first you have to know what you are looking for. The system log will give you an idea of how many times hackers have tried to gain access to your system. It is located at
/var/log/messages
. When an attack is in progress you will see something along the lines of:
Mar 8 19:23:28 myhostname sshd(pam_unix)[32075]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=evil.hacker.host.name Mar 8 19:23:38 myhostname sshd(pam_unix)[32101]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=evil.hacker.host.namerhost specifies the remote machine that is talking to you. From these log entries we can see that the attacker is using ssh to try and log in. You will see this message even if it is you that has accidentally typed the password in wrong, so be very careful about the action you take. You don’t want to lock yourself out! If it is a real attack then there will be pages and pages of these messages, cycling through the standard user names mentioned above. If you are watching then you can block the remote host from talking to you. You can add rules to your firewall to drop their incoming packets on the floor. This is better than replying with unknown address, because the attacking machine will hang around waiting for it’s pre-set timeout which could be a couple of seconds. For those couple of seconds the attackers aren’t attacking you (or anyone else). After a couple of time outs they generally stop. So to send their machine into a blackhole add a firewall rule to drop their host’s packets on the floor:
iptables -I INPUT -s evil.hacker.host.name -j DROPto see who you have in your blackhole, list the current firewall rules:
iptables -Land to unblock a host, remove it from the drop list:
iptables -D INPUT -s evil.hacker.host.name -j DROPIt is important to only keep the evil.hacker.host.name in your blackhole for about 30 minutes. The attacking program should have given up by then and if the remote host is a firewall or a proxy server you could be blocking access to your server to potentially thousands of innocent people. You may not be able to watch your servers all the time so there are several programs out there to watch your log files and block would-be attackers for you. One of the most popular of these is called Sentry Tools and can be found on SourceForge. The project hasn’t changed for ages, but it is as current now as it was 5 years ago. When I get a chance I’ll write a blog about how to install and configure it.