NGINX DDos Attack Tutorial – Implement Basic Protection

DDoS attacks are usually intended to paralyze websites and web services and it is better to mitigate it at the firewall level. But for the web server that runs on Nginx, I have prepared a basic step to provide DDoS protection which proved to work for small-scale DDoS attacks and DDoS attacks that aimed at applications. This DDos Attack Tutorial protection for Nginx guidelines has been tested on CentOS 6, CentOS 7, RHEL 7 and Oracle Linux 7. This steps may work on your environment but please note that this guidelines is not an official document and official recommendation from Nginx website.

DDos Attack Tutorial – Implement Basic Protection for Nginx :

1. In /etc/nginx/nginx.conf, include the following parameters :

client_body_buffer_size 128k;
large_client_header_buffers 4 256k;
limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;
limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=50r/s;
server {
    limit_conn conn_limit_per_ip 10;
    limit_req zone=req_limit_per_ip burst=10 nodelay;
}

2. Then restart or reload your Nginx service to apply DDoS protection for Nginx :

# /etc/init.d/nginx restart

or

# /etc/init.d/nginx reload

Explanation :

a) Limit the number of connections per single IP :

limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;

b) Limit the number of requests for a given session :

limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=50r/s;

C) Zone which we want to limit by upper values, we want limit whole server :

server {
limit_conn conn_limit_per_ip 10;
limit_req zone=req_limit_per_ip burst=10 nodelay;
}

If your WordPress is under DDoS attack, you will get the following log into Nginx files domain.access.log :

1.2.3.4 - - [25/Mar/2015:16:52:38 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:39 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:39 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:40 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:40 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:41 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:41 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:42 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:42 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:43 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:43 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:44 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:44 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:45 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:45 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"

Here is an example of the results after you perform basic DDoS protection for Nginx :

2015/03/28 11:44:33 [error] 22370#0: *71492 limiting connections by zone "conn_limit_per_ip", client: 1.2.3.4, server: www.ehowstuff.com, request: "GET /wp-login.php HTTP/1.0", host: "www.ehowstuff.com"
2015/03/28 11:44:33 [error] 22370#0: *71493 limiting connections by zone "conn_limit_per_ip", client: 1.2.3.4, server: www.ehowstuff.com, request: "GET /wp-login.php HTTP/1.0", host: "www.ehowstuff.com"
2015/03/28 11:44:33 [error] 22370#0: *71494 limiting connections by zone "conn_limit_per_ip", client: 1.2.3.4, server: www.ehowstuff.com, request: "GET /wp-login.php HTTP/1.0", host: "www.ehowstuff.com"
2015/03/28 11:44:33 [error] 22370#0: *71498 limiting connections by zone "conn_limit_per_ip", client: 1.2.3.4, server: www.ehowstuff.com, request: "GET /wp-login.php HTTP/1.0", host: "www.ehowstuff.com"
2015/03/28 11:44:33 [error] 22370#0: *71502 limiting connections by zone "conn_limit_per_ip", client: 1.2.3.4, server: www.ehowstuff.com, request: "GET /wp-login.php HTTP/1.0", host: "www.ehowstuff.com"
2015/03/28 11:44:33 [error] 22370#0: *71506 limiting connections by zone "conn_limit_per_ip", client: 1.2.3.4, server: www.ehowstuff.com, request: "GET /wp-login.php HTTP/1.0", host: "www.ehowstuff.com"

Hope this DDos Attack Tutorial to Implement Basic Protection on NGINX help!!

DDos Attack Tutorial

How to Secure your MySQL On VPS or Dedicated Server

Running a WordPress on a Virtual private Server or dedicated server is not an easy as running a WordPress on shared hosting server. There are a few things need to install and configure. Basically you will need web server(Apache, Nginx or Lighttpd) and database server(MySQL). The most popular database for WordPress platform is MySQL. Installation of the MySQL is very easy, but most of the webmaster will facing difficulties on the configuration part. Therefore i have prepared the article that will cover configuring and securing your MySQL on Virtual private Server(VPS) or on dedicated server. MySQL database is actually the brain of your website or blog. It will store all the configuration information, the posts, comments, login information, user information and etc. This article assumed that you already installed the MySQL server on your VPS or dedicated server and then you may proceed to configure and harden it as below :

1. Run pre-install mysql script, mysql_secure_installation. This will do the following :

a) Set the root password ensures that nobody can log into the MySQL root user without the proper authorization.
b) Remove anonymous users
c) Remove test database and access to it
d) Normally, root should only be allowed to connect from ‘localhost’. Disallow root login remotely if you want. However i prefer to disallow it later

[root@mysql-server ~]# /usr/bin/mysql_secure_installation




NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!


In order to log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] n
 ... skipping.

By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...



All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!

2. List of MySQL users, make sure all users have password :

mysql> SELECT User,Host,Password FROM mysql.user;
+---------------+-------------+-------------------------------------------+
| User          | Host        | Password                                  |
+---------------+-------------+-------------------------------------------+
| root          | localhost   | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
| root          | mysql       | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
| root          | 127.0.0.1   | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
| wordpressuser | 192.168.0.5 | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
+---------------+-------------+-------------------------------------------+
4 rows in set (0.00 sec)

3. Set a strong password for the MySQL root account and also existing user account :

Existing user account :

mysql> select Host,User,Password from user;
+-------------+---------------+-------------------------------------------+
| Host        | User          | Password                                  |
+-------------+---------------+-------------------------------------------+
| localhost   | root          | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
| mysql       | root          | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
| 127.0.0.1   | root          | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
| 192.168.0.5 | wordpressuser | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
+-------------+---------------+-------------------------------------------+
4 rows in set (0.00 sec)

Set new strong password :

mysql> set password for 'root'@'localhost'=password('newstrongpassword');
mysql> set password for 'root'@'127.0.0.1'=password('newstrongpassword');
mysql> set password for 'wordpressuser'@'192.168.0.5'=password('newstrongpassword');

4. Make sure logging such as general_log, slow_query_log and log-error has been enabled in mysql :

[root@mysql-server ~]# vim /etc/my.cnf
[mysqld]
..
..
..
general_log_file=/var/log/mysql/mysqld.log
general_log=1
slow_query_log_file=/var/log/mysql/mysqld.slow.log
slow_query_log=1

[mysqld_safe]
log-error=/var/log/mysql/mysqld.error.log
...
..

Create folder for mysql log and change the folder owner to mysql:

[root@mysql-server ~]# chown -R mysql:mysql /var/log/mysql

Verify the logs :

[root@mysql-server ~]# ll /var/log/mysql
total 12
-rw-r----- 1 mysql mysql 3547 Apr  7 16:57 mysqld.error.log
-rw-rw---- 1 mysql mysql  373 Apr  7 16:58 mysqld.log
-rw-rw---- 1 mysql mysql  174 Apr  7 16:57 mysqld.slow.log

This Will help administrators to monitor critical events and helps in troubleshooting.

Reference : http://dev.mysql.com/doc/refman/5.7/en/server-logs.html

Once you have done above configuration, make sure yo restart the mysqld service :

[root@mysql-server ~]# service mysqld restart
Stopping mysqld:                                           [  OK  ]
Starting mysqld:                                           [  OK  ]

Note : This configuration and hardening practice is very basic, you can fine tune your database based on your expected security level and also you can implement host iptables, physical firewall protection and operating system hardening in order to protect the MySQL server. You may refer to “Securing and Hardening Linux Dedicated Server

How to Install WordPress on CentOS 6.4

wordpressWordPress is free web blogging software and open source content management system (CMS) which based on PHP and MySQL platform. You can run and install WorPress on shared Web hosting service, on virtual private server (VPS) or if you need high performance WordPress blog which can serve many concurrent users at a time, you can choose dedicated server for it. This post covers the steps how to install WordPress on linux CentOS 6.4. It was assumed that this CentOS 6.4 already installed with PHP, apache and MySQL server.

1. Login as a root, download latest wordpress file :

[root@centos64 ~]# wget http://wordpress.org/latest.tar.gz

2. Once downloaded, move yje wordpress file to document root on your web server.

[root@centos64 ~]# mv latest.tar.gz /var/www/html/

3. Enter document’s root directory and extract the wordpress file :

[root@centos64 ~]# cd /var/www/html/
[root@centos64 html]# tar xvzf latest.tar.gz

4. Make wordpress folder readable :

[root@centos64 ~]# chmod 755 /var/www/html/wordpress

5. Create Database name “newwordpress” :

mysql> CREATE DATABASE newwordpress;
Query OK, 1 row affected (0.08 sec)

6. Create user “newwordpressuser” with password “newwordpresspassword” :

mysql> CREATE USER 'newwordpressuser'@'localhost' IDENTIFIED BY 'newwordpresspassword';
Query OK, 0 rows affected (0.07 sec)

7. Grant all privileges to “newwordpress” to user “newwordpressuser” from localhost access :

mysql> GRANT ALL PRIVILEGES ON newwordpress.* to newwordpressuser@localhost;
Query OK, 0 rows affected (0.00 sec)

8. Verify the granted access for user “newwordpressuser” :

mysql> SHOW GRANTS FOR 'newwordpressuser'@'localhost';
+-------------------------------------------------------------------------------------------------------------------------+
| Grants for newwordpressuser@localhost                                                                                   |
+-------------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'newwordpressuser'@'localhost' IDENTIFIED BY PASSWORD '*2E824B82B9B162C4283AA039118AD4C5248380DA' |
| GRANT ALL PRIVILEGES ON `newwordpress`.* TO 'newwordpressuser'@'localhost'                                              |
+-------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

mysql>

9. Display the created database :

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| newwordpress       |
+--------------------+
3 rows in set (0.00 sec)

10. Copy and rename wp-config-sample.php to wp-config.php:

[root@centos64 ~]# cp /var/www/html/wordpress/wp-config-sample.php /var/www/html/wordpress/wp-config.php

11. Modify the wp-config.php :

[root@centos64 ~]# vi /var/www/html/wordpress/wp-config.php

12. Change below database details such as database’ name, database’ username, database’ password nand database’ hostname.

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'newwordpress');

/** MySQL database username */
define('DB_USER', 'newwordpressuser');

/** MySQL database password */
define('DB_PASSWORD', 'newwordpresspassword');

/** MySQL hostname */
define('DB_HOST', 'localhost');

13. To install, navigate the browser to http://servername/wordpress/.
http://192.168.2.64/wordpress/
1
14. To login, navigate the browser to http://servername/wordpress/wp-login.php :

How to Install and Securing MySQL on CentOS 6.4 VPS

MySQLMySQL Database server is one of the most popular used database in the internet especially for content management and blogging site. It’s can stores and retrieves data for the blog, websites and applications. This post will describes how you can install and securing MySQL on CentOS 6.4 virtual private server (VPS) or dedicated MySQL database server. For more information on MySQL, you can visit their website at www.mysql.com.

1. Install MySQL Database Server using yum command :

[root@centos64 ~]# yum install mysql mysql-server -y

Example :

[root@centos64 ~]# yum install mysql mysql-server -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.upsi.edu.my
 * epel: kartolo.sby.datautama.net.id
 * extras: mirror.upsi.edu.my
 * updates: mirror.upsi.edu.my
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package mysql.x86_64 0:5.1.69-1.el6_4 will be installed
--> Processing Dependency: mysql-libs = 5.1.69-1.el6_4 for package: mysql-5.1.69-1.el6_4.x86_64
---> Package mysql-server.x86_64 0:5.1.69-1.el6_4 will be installed
--> Processing Dependency: perl-DBI for package: mysql-server-5.1.69-1.el6_4.x86_64
--> Processing Dependency: perl-DBD-MySQL for package: mysql-server-5.1.69-1.el6_4.x86_64
--> Processing Dependency: perl(DBI) for package: mysql-server-5.1.69-1.el6_4.x86_64
--> Running transaction check
---> Package mysql-libs.x86_64 0:5.1.67-1.el6_3 will be updated
---> Package mysql-libs.x86_64 0:5.1.69-1.el6_4 will be an update
---> Package perl-DBD-MySQL.x86_64 0:4.013-3.el6 will be installed
---> Package perl-DBI.x86_64 0:1.609-4.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package                    Arch               Version                    Repository           Size
====================================================================================================
Installing:
 mysql                      x86_64             5.1.69-1.el6_4             updates             907 k
 mysql-server               x86_64             5.1.69-1.el6_4             updates             8.7 M
Installing for dependencies:
 perl-DBD-MySQL             x86_64             4.013-3.el6                base                134 k
 perl-DBI                   x86_64             1.609-4.el6                base                705 k
Updating for dependencies:
 mysql-libs                 x86_64             5.1.69-1.el6_4             updates             1.2 M

Transaction Summary
====================================================================================================
Install       4 Package(s)
Upgrade       1 Package(s)

Total download size: 12 M
Downloading Packages:
(1/5): mysql-5.1.69-1.el6_4.x86_64.rpm                                       | 907 kB     00:07
(2/5): mysql-libs-5.1.69-1.el6_4.x86_64.rpm                                  | 1.2 MB     00:12
(3/5): mysql-server-5.1.69-1.el6_4.x86_64.rpm                                | 8.7 MB     01:30
(4/5): perl-DBD-MySQL-4.013-3.el6.x86_64.rpm                                 | 134 kB     00:00
(5/5): perl-DBI-1.609-4.el6.x86_64.rpm                                       | 705 kB     00:06
----------------------------------------------------------------------------------------------------
Total                                                               101 kB/s |  12 MB     01:57
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating   : mysql-libs-5.1.69-1.el6_4.x86_64                                                 1/6
  Installing : perl-DBI-1.609-4.el6.x86_64                                                      2/6
  Installing : perl-DBD-MySQL-4.013-3.el6.x86_64                                                3/6
  Installing : mysql-5.1.69-1.el6_4.x86_64                                                      4/6
  Installing : mysql-server-5.1.69-1.el6_4.x86_64                                               5/6
  Cleanup    : mysql-libs-5.1.67-1.el6_3.x86_64                                                 6/6
  Verifying  : mysql-libs-5.1.69-1.el6_4.x86_64                                                 1/6
  Verifying  : perl-DBD-MySQL-4.013-3.el6.x86_64                                                2/6
  Verifying  : perl-DBI-1.609-4.el6.x86_64                                                      3/6
  Verifying  : mysql-server-5.1.69-1.el6_4.x86_64                                               4/6
  Verifying  : mysql-5.1.69-1.el6_4.x86_64                                                      5/6
  Verifying  : mysql-libs-5.1.67-1.el6_3.x86_64                                                 6/6

Installed:
  mysql.x86_64 0:5.1.69-1.el6_4                 mysql-server.x86_64 0:5.1.69-1.el6_4

Dependency Installed:
  perl-DBD-MySQL.x86_64 0:4.013-3.el6                 perl-DBI.x86_64 0:1.609-4.el6

Dependency Updated:
  mysql-libs.x86_64 0:5.1.69-1.el6_4

Complete!

2. Make mysqld daemon start at boot and start MySQL Database Server :

[root@centos64 ~]# chkconfig mysqld on
[root@centos64 ~]# service mysqld start
Initializing MySQL database:  Installing MySQL system tables...
OK
Filling help tables...
OK

To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system

PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:

/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h centos64.ehowstuff.local password 'new-password'

Alternatively you can run:
/usr/bin/mysql_secure_installation

which will also give you the option of removing the test
databases and anonymous user created by default.  This is
strongly recommended for production servers.

See the manual for more instructions.

You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &

You can test the MySQL daemon with mysql-test-run.pl
cd /usr/mysql-test ; perl mysql-test-run.pl

Please report any problems with the /usr/bin/mysqlbug script!

                                                           [  OK  ]
Starting mysqld:                                           [  OK  ]

3. Securing MySQL Database Server. This includes setting up the password for mysql root, remove anonymous users, disallow root login remotely and remove test database and access.

[root@centos64 ~]# /usr/bin/mysql_secure_installation




NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!


In order to log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...



All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!


4. For testing, login to MySQL Server using defined password :

[root@centos64 ~]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 10
Server version: 5.1.69 Source distribution

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
+--------------------+
2 rows in set (0.01 sec)

mysql>

Linode VPS – Lish SSH Gateway

We’re rolling out a new Lish SSH gateway that simplifies Lish by introducing a single place to access Lish for all of your Linodes, regardless of their host or datacenter. It eliminates the need for per-Linode Lish passwords and SSH keys. Instead, the Lish gateway uses your existing Linode Manager credentials for authentication. You will also notice a new “Lish SSH Keys” field in the My Profile section of the Linode Manager, where you can submit SSH public keys to authenticate yourself to these new Lish gateway boxes.

To provide a little background, Lish is the Linode Shell. It provides you with the ability to issue reboot and shutdown jobs, check the status of your Linode, and most importantly, access and interact with the console of your running Linode. Lish is an out-of-band console, which means you can access it even when your Linode’s networking is disabled.

Previously, each Linode required its own Lish SSH username, password, and SSH keys. Access to Lish was via a direct SSH connection to your Linode’s host machine. In the coming weeks, we will be completely removing host access from the public Internet, and as such the old Lish access methods will no longer function.

Lish-via-SSH into hosts will cease to function on Friday, May 10, 2013 1:00PM EDT.  As such, please adjust any scripts or aliases to utilize the new Lish gateway.

When you log in to the new Lish gateway, you’ll see a list of your Linodes and their locations, as shown below:

$ ssh caker@lish-newark.linode.com 
Linodes located in this data center:
linode2345           Newark, NJ
linode3456           Newark, NJ
linode4567           Newark, NJ

Linodes located in other data centers:
sandbox              Dallas, TX
linode5678           Dallas, TX
[caker@lish-newark.linode.com]#

Then, at the command prompt, you can enter the name of the Linode to which you want to make your Lish connection. In the example shown above, you could enter “linode2345? to access the Lish console for linode2345. Once you’re on a specific Linode, Lish will work like it always has. When you exit linode2345?s Lish, you’ll be taken back to the gateway menu.

You can also do tricks like this to bypass the menu all together:

$ ssh -t caker@lish-newark.linode.com linode2345

And like this to send commands directly to a Linode’s Lish:

$ ssh -t caker@lish-newark.linode.com linode2345 logview

We’ve set up Lish gateways in all six data centers. You can use any gateway to get to any Linode, but we recommend using the one geographically closest to you or your Linodes. Here are the Lish gateway boxes:

  • lish-tokyo.linode.com
  • lish-fremont.linode.com
  • lish-dallas.linode.com
  • lish-atlanta.linode.com
  • lish-newark.linode.com
  • lish-london.linode.com

The Lish gateway boxes are accessible via both IPv4 and IPv6. The Ajax method of connecting to your Linode’s Lish is unaffected by these changes.

Enjoy!
-Chris

Click here for full Story

Linode NextGen: RAM Upgrade

This is the third and final post in a series about Linode: NextGen. The first post in the series focused on network upgrades and the second post focused on host hardware. This post announces yet another upgrade, and discusses the upgrade procedure and availability.

We’re doubling the RAM on all of our plans. This upgrade is available to existing and new customers. New Linodes will automatically be created with the new resources. Existing Linodes will need to go through the Upgrade Queue to receive the upgrades.

The new Linode plans lineup is now the following:

PlanRAMDiskXFERCPUPrice
Linode 1G1 GB24 GB2 TB8 cores (1x priority)$20 / mo
Linode 2G2 GB48 GB4 TB8 cores (2x priority)$40 / mo
Linode 4G4 GB96 GB8 TB8 cores (4x priority)$80 / mo
Linode 8G8 GB192 GB16 TB8 cores (8x priority)$160 / mo
Linode 16G16 GB384 GB20 TB8 cores (16x priority)$320 / mo
Linode 24G24 GB576 GB20 TB8 cores (24x priority)$480 / mo
Linode 32G32 GB768 GB20 TB8 cores (32x priority)$640 / mo
Linode 40G40 GB960 GB20 TB8 cores (40x priority)$800 / mo

Upgrade Queue

Here’s how to get the upgrade for your existing Linode: Log into the Linode Manager and view your Linode’s Dashboard, where you’ll have a new “Upgrade Available” box on the right-hand side. This links to a page describing the upgrade process, which is very simple. Simply click the button and your Linode will enter the Upgrade Queue. While in the queue, your Linode can remain booted.

Once it’s your Linode’s turn in the queue, your Linode will be shut down, upgraded, and migrated to another host. The migration will take about 1 minute per GB of disk images. After the migration has completed, your Linode will be returned to its last state (booted or shutdown) – but with the new RAM!

Full disclosure: the new plans are $0.05 more expensive per month. We did this to get rid of the legacy $19.95, $39.95, $59.95, etc pricing model in favor of a simpler $20, $40, $60 model. The upgrade is not mandatory, so if you’re not down with the 5 cent increase you can keep your existing resources and pricing.

Upgrade Availability

We’ll be enabling the upgrade by data center very soon, with the exception of Fremont which may take another week or two – we’ll be explaining more on Fremont in another post.

Fremont, CA: TBD
Dallas, TX: Upgrades are available
Atlanta, GA: Upgrades are available
Newark, NJ: Upgrades are available
London, UK: Upgrades are available
Tokyo, JP: Upgrades are available

Check back regularly for updates for your data center.

Linode NextGen Recap

This has been a great couple of weeks for Linode and our customers. We’ve spent millions improving our network, a fleet refresh with new hardware and 8 core Linodes, and now this: doubling your RAM without doubling the price. Enjoy!

-Chris

Click here for full Story

9 Steps to Setup Dedicated Server for your Website

dedicated serverThere are different types of hosting services are used in the computer technology such as shared hosting, VPS (Virtual Private Server) and Dedicated Server hosting. For new websites with low numbers of visitors, I would highly recommend getting a shared hosting. If you need more control of the server, then you should moving from shared hosting to a VPS. There are plenty of hosting companies offering Virtual Private Servers, and VPS hosting is getting cheaper. This blog hosted at RamNode VPS.

At some point, your site will get super slow server performance impact on limited resources when running VPS hosting. More server resources required is due to the increased number of visitors to the tens of thousands or hundreds of thousands per day.

At the situation when you are hitting super slow website performance due to huge numbers of traffic, I would recommend you to getting dedicated servers. Cheaper way is to setup VPS additional to balance the load. If cost is not an issue, I always recommend you to purchase a dedicated server as this will give you excellent processing performance. In a dedicated server environment , resources such as memory , hard drive storage capacity, processing power, and network access are all 100% to dedicated servers instead of shared with multiple VPS or dozens of shared hosting customers. Popular websites on the Internet certainly have excellent servers behind them. Without such an excellent server, web sites with high concurrency of visitors will not be able to survive.

If you are an experienced system administrator, the following articles may not attract you, but for web developers and those new to the web hosting, the following article can be a useful guide on their first steps. I believe the popular website on the internet has been setup by a consultant who specializes in servers or installed by an experienced system administrator. In this article, I would like to share 9 steps to setup Dedicated Server for your Website.

Once you have purchased a dedicated server, you can log in to your server to complete the setup of your server from start to finish. Below is a guide and checklist for you who are new to server administration.

9 Steps to Setup Dedicated Server

1. Choose and Install Linux operating system :

Choosing the right platform on which to host your dedicated server. Please make sure that you are familiar with the preferred operating system (OS) either CentOS or Fedora or Ubuntu or maybe Windows OS. If you choose linux OS, I would recommend you to do a clean minimal installed of the OS.

2. Update operating system :

Make sure that the OS has been applied the latest patches.
How to Update CentOS 6.4 System using ‘yum update’

3. Install Apache or Nginx Web server :

Apache httpd is one of the most popular web servers and has a lot of features that make it very extensible and useful for many different types of websites. As an alternative to Apache http server, you also can install NGINX. Nginx or “engine x” is a free, open-source HTTP server that provide high-performance edge web server with the lowest memory footprint and the key features to build modern and efficient web infrastructure. I used Nginx to run this blog.

How to Setup Nginx With PHP-FastCGI on CentOS 6.2/CentOS 6.3 VPS Server

4. Install MySQL Database server :

MySQL server is a database server that can stores and retrieves data for the blog, websites and applications. It is one of the most popular most used in the internet especially for content management and blogging site.

5. Install PHP :

PHP: Hypertext Preprocessor is a widely used, free and open-source server-side scripting language that was especially designed for web development to produce dynamic web pages and can be embedded into HTML.

6. Install Bind DNS server :

BIND (the Berkeley Internet Name Domain) also known as NAMED is the most widely used DNS server in the internet. Bind DNS helps to resolve domain name to ip address and ip address to domain name.

7. Install FTP server :

File Transfer Protocol (FTP) is a network protocol used transfer file in the network. one of the most popular FTP server for Unix/Linux is vsftpd. Vsftpd stand for Very Secure FTP Daemon. Vsftpd not only just another popular FTP server for Unix/Linux systems, but vsftpd delivers excellent performance by consuming less memory.

8. Harden and Secure the dedicated server :

There are a few steps to harden the OS of dedicated server.
a) Install a host based firewall to protect your dedicated server from unauthorized access:
Once you have your web server running, you have to install host based firewall and open only certain port in your firewall. I would recommend you tosetting up iptables on your linux dedicated server.

b) Use Strong passwords :
Password complexity requirements should be in place to enforce strong password. A strong password should have mixed case, special characters, numbers, and be longer than 8 characters. Additional security, the passwords should be changed regularly.

c) Disable Unnecessary Processes, Services and Daemons :
I would recommend you to disable unneeded processes,services and daemon such as bluetooth, hidd, cups, yum-updatesd, ypbind, nfs, snmpd, saslauthd, netfs, gpm, pcmcia and sendmail. SELinux also should be set to “Disabled”. This is still very experimental so I would leave this disabled unless you really know what you are doing.

9. Install or migrate over the content of your website or blog :

You can start to migrate over the content of your website or blog to your new dedicated server. For dynamic content blog, i would recommend you to use WordPress as a platform. WordPress is an open-source blogging platform. It’s a free blogging tool and content management system (CMS) based on PHP and MySQL.

I hope that this 9 steps to setup dedicated server can be a useful guide on your first steps to have your own dedicated server to run a websites.

Best Web Hosting 2012 – Best Linux & Windows Web Hosting Providers

PR Web

San Francisco, CA (PRWEB) November 01, 2012

BestHostingSearch.com, a leading web hosting review site since 2006, named BlueHost as the best web hosting on Linux platform and WinHost as the best web hosting on Windows platform for personal and small businesses based on their web hosting technology, features, reliability, performance, technical support, and affordability.

Best Web Hosting 2012 > PHP, ROR, Python, Perl

BlueHost is awarded as the best web hosting provider in 2012 based on Linux platform for hosting sites developed on PHP, Zend Framework, Ruby on Rails, Python and Perl. BlueHost offers a single all-in-one unlimited web hosting plan named “BlueHost Professional” which is the most rich-featured Linux-based hosting plan. Besides supporting almost all the modern programming languages, it includes one free domain & $100-value Google AdWords credits, allows one to host unlimited sites on one account by paying once, and provides Shell Access (SSH), email, MySQL, PostgreSQL, FTP, SSL, etc. It starts at $6.95/mo regularly, but now BlueHost is offering a 44% discount for $3.95/mo for all visitors who go through this BlueHost promotional link.

BlueHost was founded in 1996 and designed to offer the affordable hosting solution to personal and small businesses. Unlike many other web hosts, BlueHost has 3 world-class dedicated data centers in Provo Utah, which had been invested with 20+ millions of USD since 2010. All the data centers are Eco-friendly, with the Internet bandwidth exceeding 150,000 Mbits totally. So far, BlueHost is serving for 2.5 million customers worldwide and it’s fast growing with approximately 20,000 new customers added for each month.

To read the in-depth BlueHost review, visit http://besthostingsearch.com/bluehost-review

Best Web Hosting 2012 > ASP.NET, ASP.NET MVC, Silverlight

WinHost is awarded as the best web hosting provider in 2012 based on Windows platform for hosting sites developed on ASP.NET, ASP.NET MVC and Silverlight technology. WinHost is the most developer and technology friendly web hosting company of all which BestHostingSearch.com had reviewed so far. WinHost supports almost all the latest cutting-edge Microsoft technology. It’s one of the first ASP.NET hosting providers that declaim to support Windows Server 2012, ASP.NET 4.5 and MSSQL 2012. Now, the WinHost ASP.NET hosting plan supports Windows Server 2008R2 & Windows Server 2012, MSSQL 2008R2 & MSSQL 2012, ASP.NET 2/3.5SP1/4/4.5, ASP.NET 2/3/4, Silverlight 4/5, and provides Full Trust configuration, remote IIS management capability, and remote MSSQL management capability.

WinHost ASP.NET hosting starts at $4.95/mo regularly, but now it’s offering a special discount for 2 months free for annual billing at $4.12/mo effectively for all visitors who go through this WinHost promotional link.

To learn more about the award of best web hosting providers in 2012, visit http://besthostingsearch.com/web-hosting-guide/best-web-hosting-2012 >>

About BestHostingSearch.com
BestHostingSearch.com is a leading web hosting review site since 2006. It ranks web hosting providers based on their real hosting experience and the reviews collected from real customers, designed to help people find the best web hosting deal, saving time and money from a bad choice.

Click here for full Story

Google Chrome 21 is out

google chromeGoogle Chrome is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier. Google Chrome version 21.0.1180.60 (21.0.1180.57 for Mac and Linux) is out, fixing 15 security vulnerabilities in the search giant’s browser. Strictly from a security perspective, you should upgrade as soon as possible and download the latest version of Chrome directly from google.com/chrome.

Download Latest Google Chrome

google Chrome

Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

  • [Linux only] [125225] Medium CVE-2012-2846: Cross-process interference in renderers. Credit to Google Chrome Security Team (Julien Tinnes).
  • [127522] Low CVE-2012-2847: Missing re-prompt to user upon excessive downloads. Credit to Matt Austin of Aspect Security.
  • [127525] Medium CVE-2012-2848: Overly broad file access granted after drag+drop. Credit to Matt Austin of Aspect Security.
  • [128163] Low CVE-2012-2849: Off-by-one read in GIF decoder. Credit to Atte Kettunen of OUSPG.
  • [130251] [130592] [130611] [131068] [131237] [131252] [131621] [131690] [132860] Medium CVE-2012-2850: Various lower severity issues in the PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team.
  • [132585] [132694] [132861] High CVE-2012-2851: Integer overflows in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team.
  • [134028] High CVE-2012-2852: Use-after-free with bad object linkage in PDF. Credit to Alexey Samsonov of Google.
  • [134101] Medium CVE-2012-2853: webRequest can interfere with the Chrome Web Store. Credit to Trev of Adblock.
  • [134519] Low CVE-2012-2854: Leak of pointer values to WebUI renderers. Credit to Nasko Oskov of the Chromium development community.
  • [134888] High CVE-2012-2855: Use-after-free in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team.
  • [134954] [135264] High CVE-2012-2856: Out-of-bounds writes in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team.
  • [$1000] [136235] High CVE-2012-2857: Use-after-free in CSS DOM. Credit to Arthur Gerkis.
  • [$1000] [136894] High CVE-2012-2858: Buffer overflow in WebP decoder. Credit to Jüri Aedla.
  • [Linux only] [137541] Critical CVE-2012-2859: Crash in tab handling. Credit to Jeff Roberts of Google Security Team.
  • [137671] Medium CVE-2012-2860: Out-of-bounds access when clicking in date picker. Credit to Chamal de Silva.

For Chrome 21, Google paid security researchers a grand total $2,000 in rewards as part of its bug bounty program. This payout is smaller than usual since Google found most of the vulnerabilities this time, using its own AddressSanitizer tool.

Still, Mountain View recently quintupled its maximum bug bounty to $20,000. The company has so far received about 800 qualifying vulnerability reports that span across the hundreds of Google-developed services, as well as the software written by 50 or so firms it has acquired. In just over a year, the program has paid out around $460,000 to roughly 200 individuals.

For the record, Google Chrome 20 was released just five weeks ago (and then updated again three weeks ago). At the time, I expected Chrome 21 to be released “sometime in August.” It turns out I was off by a day.

Click here for full Story

Insanity: Google Sends New Link Warnings, Then Says You Can Ignore Them

Google’s war on bad links officially became insane today. For months, Google’s sending out warnings about bad links and telling publishers they should act on those, lest they get penalized. Today, Google said the latest round of warnings sent out this week can be safely ignored. That’s not “more transparency” as Google posted. That’s more confusion.

It’s easiest to do the history first, to better understand the confusion caused by today’s post.

How We Got Here: Link Warnings Earlier This Year

Toward the end of March and in early April, Google began sending out warnings about “artificial” or “unnatural” links, such like this one:

Dear site owner or webmaster of….We’ve detected that some of your site’s pages may be using techniques that are outside Google’s Webmaster Guidelines.

Specifically, look for possibly artificial or unnatural links pointing to your site that could be intended to manipulate PageRank. Examples of unnatural linking could include buying links to pass PageRank or participating in link schemes.

We encourage you to make changes to your site so that it meets our quality guidelines. Once you’ve made these changes, please submit your site for reconsideration in Google’s search results.

If you find unnatural links to your site that you are unable to control or remove, please provide the details in your reconsideration request.

If you have any questions about how to resolve this issue, please see our Webmaster Help Forum for support.

Sincerely, Google Search Quality Team

There was some confusion about whether these messages meant that a site was actually penalized for having these links pointing at them or whether Google was just informing the sites but not really taking any negative action. Google’s response on this wasn’t clear:

Google has been able to trace and take action on many types of link networks; we recently decided to make that action more visible.In the past, some links might have been silently distrusted or might not have carried as much weight. More recently, we’ve been surfacing the fact that those links aren’t helping to improve ranking or indexing.

The Penguin Attacks

In late April, the Google Penguin Update went live. Designed to fight spam, it especially seemed to take action by either penalizing publishers who had participated in bad linking activities (as determined by Google’s) or discounting those links, so they no longer carried as much weight.

All hell broke loose in some quarters, especially among those who had been actively using link networks to boost their rankings in ways that went against Google’s guidelines. One of the suggested recovery options from Google was to remove bad links.

Google Advice: Get Rid Of Bad Links

But what if people couldn’t get links taken down? The head of Google’s web spam team, Matt Cutts, just generally suggested such a thing was possible without giving any specific advice.

This led further support to those who argued that “negative SEO” was now suddenly a real possibility, that any publisher could be targeted with “bad links” and made to plunge in Google’s rankings. Google stressed that negative SEO in this way is rare and hard. To this date, negative SEO still hasn’t seemed to be a wide-spread problem for the vast majority of publishers on the web.

Those reassurances — along with a Google help page update saying Google “works hard to prevent” negative SEO — hasn’t calmed some. Negative SEO has remained a rallying cry especially for many hit by Penguin (and many were deservedly hit) looking for a way to fight back against Google.

The New Link Building: Remove My Link Requests

But aside from the negative SEO sideshow, plenty of publishers tried to follow Google’s advice to get links removed. I’ve even had one come to me, from some publisher who was listed in our SearchCap daily newsletter in the past and wanted us to pull down a link. Insane. A link from a reputable site like ours is exactly what you want, and yet they wanted it removed.

The insanity has gotten even worse. We’ve had people threatening to sue to have links removed. We’ve covered that before. Boing Boing also covered another case today (without providing any of the background on how Google itself has fueled some of this craziness).

Today, we covered how some directories are now charging people to have links removed. Let’s be really clear on how topsy-turvey that means things have become. People have wanted links in the past and have been willing to pay for them (despite this being against Google’s rules). Now they’re perhaps willing to pay to have links taken down.

June: Google Says Don’t Ignore Link Warnings

But you’ve got to get those links removed, if you’ve gotten a warning message. After all, Google has said that. In June, at our SMX Advanced conference, Cutts said this about those link warnings:

You should pay attention. Typically your web site ranking will drop if you don’t take action after you get one of those notices.

Here’s the extended video clip on the topic:

But again, what to do if you can’t get links removed? Cutts said that Google might release a “disavow” tool. By the end of June, Bing even did launch such a link disavow tool — not that it helped with Google, of course. Those who had notices from Google about bad links pointing at them, notices they were supposed to take action on, still might not be able to get those links removed.

New Batch Of Warnings Goes Out

That leads to yesterday, when Google began sending out a new batch of link notices. Here’s an example of what one of those looks like:

Dear site owner or webmaster of….We’ve detected that some of your site’s pages may be using techniques that are outside Google’s Webmaster Guidelines.

Specifically, look for possibly artificial or unnatural links pointing to your site that could be intended to manipulate PageRank. Examples of unnatural linking could include buying links to pass PageRank or participating in link schemes.

We encourage you to make changes to your site so that it meets our quality guidelines. Once you’ve made these changes, please submit your site for reconsideration in Google’s search results.

If you find unnatural links to your site that you are unable to control or remove, please provide the details in your reconsideration request.

If you have any questions about how to resolve this issue, please see our Webmaster Help Forum for support.

Sincerely, Google Search Quality Team

Yes, that’s exactly the same content as what Google sent in late March. Nothing in the message gives the impression it can be ignored. It even encourages people who can’t get links removed to actively file a reconsideration request with Google.

July: Google Says You Can Ignore Link Warnings

But today, Cutts said this about the messages in a Google+ post:

If you received a message yesterday about unnatural links to your site, don’t panic. In the past, these messages were sent when we took action on a site as a whole.Yesterday, we took another step towards more transparency and began sending messages when we distrust some individual links to a site. While it’s possible for this to indicate potential spammy activity by the site, it can also have innocent reasons.

For example, we may take this kind of targeted action to distrust hacked links pointing to an innocent site. The innocent site will get the message as we move towards more transparency, but it’s not necessarily something that you automatically need to worry about.

If we’ve taken more severe action on your site, you’ll likely notice a drop in search traffic, which you can see in the “Search queries” feature Webmaster Tools for example.

As always, if you believe you have been affected by a manual spam action and your site no longer violates the Webmaster Guidelines, go ahead and file a reconsideration request. It’ll take some time for us to process the request, but you will receive a followup message confirming when we’ve processed it.

Like I said, this latest round of messages doesn’t seem to make things more transparent. The messages seem to be the same exact ones that Google previously told people they SHOULD worry about.

How About Just Saying If There’s A Real Concern

How do you know if you’re at risk if you get one of these new messages? Apparently, you also need to look at your traffic from Google and see if there’s a plunge. If so, you have a bad link problem. If not, well, you got a message that apparently can be ignored.

It would sure be much easier if the messages themselves said if action was really required or not. If there really was a penalty or not (in a world now where penalties that were penalties now might be “adjustments”).

That would be transparent. Instead, I predict this is all just going to cause greater confusion and panic, not more clarity and calmness.

It’s also yet another sign of how creaky the foundations or ranking sites based on links has become. It gets even more difficult these days to know what’s supposed to help or hurt. Links as votes suck.

Postscript: Google’s Matt Cutts commented below on Monday, July 23rd that the newer messages that can be safely ignored are now actually saying that:

An engineer worked over the weekend and starting with the messages that we sent out on Sunday, the messages are now different so that you can tell which type of situation you’re in. We also changed the UI in the webmaster console to remove the yellow caution sign for these newer messages. That reflects the fact that these newer notifications are much more targeted and don’t always require action by the site owner.

See also our follow-up story: Google Updates Link Warnings To (Sort Of) Clarify They Can Be Ignored (Maybe).

Read Full Article

How to Setup WordPress Blog on CentOS 6.3

WordPress is an open-source blogging platform. It’s a free blogging tool and content management system (CMS) based on PHP and MySQL. This steps covers how to install the WordPress on linux CentOS 6.3. This post assumed that PHP, apache and MySQL server has been setup properly.

1. Login as a root, go to document’ root folder and download latest wordpress file :

[root@centos63 ~]# cd /var/www/html/
[root@centos63 html]# wget http://wordpress.org/latest.tar.gz

2. Extract the lates.tar.gz files to current directory :

[root@centos63 html]# tar xvzf latest.tar.gz

3. Now create wordpress database. Login to your mySQL database :

[root@centos63 ~]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.1.61 Source distribution

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

4. Create Database name “wordpressdb” :

mysql> CREATE DATABASE wordpressdb;
Query OK, 1 row affected (0.08 sec)

5. Create user “wordpressuser” with password “wordpresspassword” :

mysql> CREATE USER 'wordpressuser'@'localhost' IDENTIFIED BY 'wordpresspassword';
Query OK, 0 rows affected (0.06 sec)

6. Grant all privileges to “wordpressdb” to user ” wordpressuser” from localhost access :

mysql> GRANT ALL PRIVILEGES ON wordpressdb.* to wordpressuser@localhost;
Query OK, 0 rows affected (0.04 sec)

7. Check and verify the granted access for user “wordpressuser” :

mysql> SHOW GRANTS FOR 'wordpressuser'@'localhost';
+----------------------------------------------------------------------------------------------------------------------+
| Grants for wordpressuser@localhost                                                                                   |
+----------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'wordpressuser'@'localhost' IDENTIFIED BY PASSWORD '*E62D3F829F44A91CC231C76347712772B3B9DABC' |
| GRANT ALL PRIVILEGES ON `wordpressdb`.* TO 'wordpressuser'@'localhost'                                               |
+----------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.08 sec)

mysql>

8. For higher security, make wordpress folder readable only from browser :

[root@centos63 ~]# chmod 755 /var/www/html/wordpress

9. Go to your web server terminal or ssh to web server. Copy and rename wp-config-sample.php to wp-config.php:

[root@centos63 ~]# cp /var/www/html/wordpress/wp-config-sample.php /var/www/html/wordpress/wp-config.php

10. Modify the wp-config.php :

[root@centos63 ~]# vi /var/www/html/blog/wp-config.php

Change below database details such as database’ name, database’ username, database’ password nand database’ hostname.

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'wordpressdb');

/** MySQL database username */
define('DB_USER', 'wordpressuser');

/** MySQL database password */
define('DB_PASSWORD', 'wordpresspassword');

/** MySQL hostname */
define('DB_HOST', 'localhost');

11. To configure wordpress, navigate the browser to http://servername/wordpress/. Please complete the form Click “Install WordPress”

Site Title : Blog Title
Username : Prefered username
Password, twice : Your password
Your E-mail : Your Email

wordpress

12. To login, navigate the browser to http://servername/wordpress/wp-login.php :
wordpress

How to Setup Private DNS With Bind9 Chroot on CentOS 6.2 VPS

dnsAssumed that you already buy two Virtual Private Server (VPS) but you dont want to point your nameservers on your hosting provider. To look more professional and stylish, you can run and have two private nameservers such as ns1.ehowstuff.local and ns2.ehowstuff.local. This post will show you the steps on how to setup and run your own Bind9 Chroot private nameservers on CentOS 6.2 VPS or dedicated server with atleast 2 IP addresses. To fit you requirement, please replace domain (ehowstuff.local) and ip addresses to your own domain and IPs.

ns1.ehowstuff.local : 192.168.1.44 (Master Private DNS server)
ns2.ehowstuff.local : 192.168.1.54 (Slave Private DNS server)

1. Install Bind Chroot DNS Server on both Primary and Slave server :

Master DNS Server

[root@ns1 ~]# yum install bind-chroot -y

Slave DNS server

[root@ns2 ~]# yum install bind-chroot -y


Master DNS Server



2. Login to Primary DNS server (ns1), and create a file /var/named/chroot/var/named/ehowstuff.local with the following configuration:

[root@ns1 ~]# vim /var/named/chroot/var/named/ehowstuff.local
;
;       Addresses and other host information.
;
$TTL 14400
ehowstuff.local.        IN      SOA     ns1.ehowstuff.local.    admin.ehowstuff.local. (
                                        2012060201      ; Serial
                                        86400      ; Refresh
                                        7200       ; Retry
                                        3600000    ; Expire
                                        86400 )  ; Minimum

;A record for domain mapping domain to IP
ehowstuff.local.        IN      A       192.168.1.44

;Define the atleast 2 private nameservers
ehowstuff.local.        IN      NS      ns1.ehowstuff.local.
ehowstuff.local.        IN      NS      ns2.ehowstuff.local.

; Map 2 private nameservers to IP addressess using A record
ns1     IN      A       192.168.1.44
ns2     IN      A       192.168.1.54

; Specify subdomains if any using CNAME or alias.
www     IN      CNAME   ehowstuff.local.
ftp     IN      CNAME   ehowstuff.local.

; Mail exhanger and map it IP using A record.
ehowstuff.local.        IN      MX      10      mail.ehowstuff.local.

3. Still on ns1, please generate an RNDC key :
The rndc tool is used to managed the named daemon. We need to generate a keyfile called /etc/rndc.key which is referenced both by /etc/rndc.conf and /etc/named.conf To do this we use the following command;

[root@ns1 ~]# rndc-confgen -a -c /etc/rndc.key
wrote key file "/etc/rndc.key"

View the content of the RNDC key :

[root@ns1 ~]# cat /etc/rndc.key
key "rndc-key" {
        algorithm hmac-md5;
        secret "T6tduqyMQ/YbIDXOmE0Fzg==";
};

4. on ns1, edit the /var/named/chroot/etc/named.conf file for ehowstuff.local

[root@ns1 ~]# vi /var/named/chroot/etc/named.conf
options {
       directory "/var/named";
       dump-file "/var/named/data/cache_dump.db";
       statistics-file "/var/named/data/named_stats.txt";
forwarders { 8.8.8.8; };
};
include "/etc/rndc.key";
// We are the master server for ehowstuff.local

zone "ehowstuff.local" {
        type master;
        file "/var/named/ehowstuff.local";
        allow-transfer {192.168.1.54;};
        allow-update {none;};
};

5. Start the DNS service using the following command :

[root@ns1 ~]# /etc/init.d/named start
Starting named:                                            [  OK  ]

6. Make named daemon auto start during boot :

[root@ns1 ~]# chkconfig named on


Slave DNS Server



7. Making slave DNS server can be so easy. Login to the other DNS server(ns2) and open the named.conf file. You need not create any file as the slave will automatically download the master zone information through zone transfer. After sometime, you can view the zone file. :

[root@ns2 ~]# vi /var/named/chroot/etc/named.conf
zone "ehowstuff.local" {
type slave;
file "/var/named/slaves/ehowstuff.local";
masters {192.168.1.44;};
};

Note: Bind will not allow you to run master and slave on same server, even-though you have 2 IP addresses

8. Start the DNS service using the following command :

[root@ns2 ~]# /etc/init.d/named start
Starting named:                                            [  OK  ]

9. Make named daemon auto start during boot :

[root@ns2 ~]# chkconfig named on

10. Before testing, make sure your pc or server using the Bind Chroot DNS Server that has been set up :

[root@ns1 ~]# cat /etc/resolv.conf
nameserver 192.168.1.44
nameserver 192.168.1.54
[root@ns2 ~]# cat /etc/resolv.conf
nameserver 192.168.1.44
nameserver 192.168.1.54

11. Test your DNS service :

Test from Master DNS server (ns1)

[root@ns1 ~]# dig ehowstuff.local

; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> ehowstuff.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25783
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;ehowstuff.local.               IN      A

;; ANSWER SECTION:
ehowstuff.local.        14400   IN      A       192.168.1.44

;; AUTHORITY SECTION:
ehowstuff.local.        14400   IN      NS      ns1.ehowstuff.local.
ehowstuff.local.        14400   IN      NS      ns2.ehowstuff.local.

;; ADDITIONAL SECTION:
ns1.ehowstuff.local.    14400   IN      A       192.168.1.44
ns2.ehowstuff.local.    14400   IN      A       192.168.1.54

;; Query time: 0 msec
;; SERVER: 192.168.1.44#53(192.168.1.44)
;; WHEN: Sat Jun  2 14:46:46 2012
;; MSG SIZE  rcvd: 117
[root@ns1 ~]# host -t mx ehowstuff.local
ehowstuff.local mail is handled by 10 mail.ehowstuff.local.
[root@ns1 ~]# host -t ns ehowstuff.local
ehowstuff.local name server ns2.ehowstuff.local.
ehowstuff.local name server ns1.ehowstuff.local.

Test from Slave DNS server (ns2)

[root@ns2 ~]# dig ehowstuff.local

; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> ehowstuff.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11526
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;ehowstuff.local.               IN      A

;; ANSWER SECTION:
ehowstuff.local.        14400   IN      A       192.168.1.44

;; AUTHORITY SECTION:
ehowstuff.local.        14400   IN      NS      ns2.ehowstuff.local.
ehowstuff.local.        14400   IN      NS      ns1.ehowstuff.local.

;; ADDITIONAL SECTION:
ns1.ehowstuff.local.    14400   IN      A       192.168.1.44
ns2.ehowstuff.local.    14400   IN      A       192.168.1.54

;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Jun  2 15:26:19 2012
;; MSG SIZE  rcvd: 117
[root@ns2 ~]# host -t mx ehowstuff.local
ehowstuff.local mail is handled by 10 mail.ehowstuff.local.
[root@ns2 ~]# host -t ns ehowstuff.local
ehowstuff.local name server ns2.ehowstuff.local.
ehowstuff.local name server ns1.ehowstuff.local.