IamCraig.com Rotating Header Image

server admin

man page humour

Found this little nugget in the “find” man page recently:

A ‘%’ character followed by any other character is discarded, but the other character is printed (don’t rely on this, as further format characters may be introduced). A ‘%’ at the end of the format argument causes undefined behaviour since there is no following character. In some locales, it may hide your door keys, while in others it may remove the final page from the novel you are reading.

Reminds me of a T-shirt I have:

$> man woman
$> Segmentation fault (core dumped)

HeidiSQL and MySQL: Can’t connect to MySQL server on ‘127.0.0.1’ (10061)

HeidiSQL can't connect to MySQL.

HeidiSQL can’t connect to MySQL

I installed XAMPP and HeidiSQL (the latter running under Wine) on my local Xubuntu 14.04 (LTS) system sometime in the last year or two. I’d used both before when I used to use Windows, and have had no problem using HeidiSQL to connect to external MySQL servers. However, I have had no success connecting to my local installation of MySQL. Not having time to deal with the issue (what seemingly inexplicable computer issue is ever resolved in a matter of minutes?!) I just left it and used phpMyAdmin that comes bundled with XAMPP, which is up to the job but which is a pain to use once you’re used to a native application like HeidiSQL.

Well, yesterday was the day to get to the bottom of the problem, and predictably it took me several hours to figure out.

I found a number of articles that referred to user privileges, client bugs, binding MySQL to the localhost IP address, some guy who was doing it wrong, another guy who must have been using machine translation to try to get his point across (I don’t envy the poor guy), and a guy who seemed to have the same problem as me (but didn’t).

I found the clue that solved my problem in the Navicat knowledge base (“2003 – Can’t connect to MySQL server on xxx (10061)“) that linked to the MySQL reference manual (“B.5.2.2 Can’t connect to [local] MySQL server“). Looking at the default XAMPP MySQL configuration file at /opt/lampp/etc/my.cnf I noticed the following:

# commented in by xampp security
#skip-networking
skip-networking

I’m guessing that the XAMPP-provided script that I recall XAMPP suggesting you run after installation to plug a few security holes put that there. After I once again commented out “skip-networking” and restarted MySQL, HeidiSQL was able to connect. Considering I generally only run the local MySQL server for brief periods I don’t expect this to be a major security issue.

I am a happy camper once again. Hope this helps you too.

Deleting files under Linux/Unix

Today I came across a comment on a blog post related to deleting files on a Unix/Linux system that was a clear case of bullshit. I tried to post a comment to that effect on the blog in question, but the comment feature was broken. So, since I had already gone to the trouble of writing my response, and since I don’t post nearly as much to my own blog as I would like, I’ll just post it here instead.

To PoorMe, who claimed to have “just lost all of [his/her] files and folders on [his/her] server in just 2 seconds” by running the suggested command, I call bullshit!

I actually intentionally tried this a few years ago on a server that I was decommissioning. First of all, you have to be in the root directory for the dreaded “rm -rf *” command to try and remove everything (unless you craft the command explicitly to remove everything under the root directory), and you’re almost never in the root directory unless you place yourself there for some specific and very unusual reason.

Secondly, in my test (which I did run as root) I ran into many files and directories that threw up errors and interrupted the process, even though I used the “-f” flag. In fact, I ended up having to delete individual directories off of the root to do what I was trying to achieve, and even then I gave up trying to remove anything but directories I knew contained user data.

Thirdly, even without those errors the process would have taken minutes, if not hours, not “2 seconds”. Anyone who thinks it takes two seconds has obviously never tried it. Besides, assuming you’re connecting over SSH, how are you still connected if you deleted everything, including the SSH server?

Bottom line, don’t run commands on your system that you find on the Internet without first understanding and checking them. But even if you don’t take that advice, the chances of you erasing every file and directory on your server in the blink of an eye are close to zero. Sure, you might erase a whole lot of stuff you didn’t want to erase that you may never get back and which may destabilise your system requiring you to reinstall the operating system (and it may happen in as few as two seconds), but what PoorMe claims happened almost certainly didn’t happen.

Port 25 open on Shaw connection

While doing some mail server testing, I happened to notice that port 25 outbound on my run-of-the-mill, consumer grade, non-static Shaw connection is open. I wonder if this is a mistake, or if they’ve abandoned the practice.

Block outbound email to a specific domain with qmail

With Sendmail, I can block all email from (a sending domain to the server in question) and to a (foreign) domain using the /etc/mail/access file. However, apparently, it’s not so simple with qmail. Further complicating my need to prevent all users on one of my systems (which uses qmail) from sending email to certain domains is the fact that the system also uses Plesk, so I didn’t really want to start messing around with patching qmail and risk breaking something to do with Plesk.

After a fair bit of research I settled on a workaround using /var/qmail/control/smtproutes to artificially direct email sent to those domains from my qmail system to another mail server under my control, where the emails are rejected during the SMTP dialogue (because they’re not configured on that mail server, of course), thereby being bounced immediately to the sender.

If /var/qmail/control/smtproutes doesn’t exist on your server (it shouldn’t by default) you can create it with the following contents, or add the following contents to an existing file:

bad-domain.com:mx.your-other-domain.com

The file should be owned by the same user and group as most of the other configuration files in the “control” directory.

In this example you want to stop users from sending email to bad-domain.com email addresses, and you control an external mail server at mx.your-other-domain.com. When a user tries to send email to a bad-domain.com address, the sending mail server will not look up the MX record for bad-domain.com, instead routing the email to mx.your-other-domain.com. Because mx.your-other-domain.com is not configured to accept or relay email for bad-domain.com, it will reject it.

Caution: DO NOT route email to a mail server that is not yours. This will likely be considered spam by that mail server’s administrator, and the IP address of your mail server will then likely be blocked and perhaps added to more widely-distributed blacklists. If you don’t control another mail server you could route the forbidden email to a non-existent domain, such as no-such.domain or dev.null or bogus.invalid. To make the bounce message a little more helpful to the receiver (i.e., the original sender), perhaps make up a bogus domain like “Sending-to-that-domain-is.prohibited” which, on some systems, will return a bounce message that might include text like this:

Sorry, I couldn’t find any host named Sending-to-that-domain-is.prohibited.

Do not use a non-existent domain on a real top-level domain (e.g., v539bq59vb45.com, or some other string of randomly-typed characters followed by a real TLD), because there is no guarantee that domain won’t be registered and used in the future. Avoid using even your own real domain that you’re not using (unless you set up some unique but descriptive sub-domain such as “this-is-a-bogus-mx-vb49w4.example.com”), as you may use it in the future and forget that you’re directing email to it. That could result in mail loops if you end up hosting the domain on the same mail server, or being blacklisted if you host it with a third party or allow it to expire and it’s registered and used by someone else.

Anyway, having another mail server to use, I’m sticking with using that to cause the messages to bounce back.

Some assistance in coming up with this idea came from this thread at boardreader.com.

Have a comment or a better idea? Let me know in the comments.

Installing Zend Optimiser

I had a bit of an education on the confusing array of Zend products recently. A client needed Zend Optimizer (which, of course, Zend spells with a “z” to cater to the all-powerful American market) installed on their virtual private server (running Linux, of course), as the installation routine for a web application wouldn’t proceed without it. Fair enough. Some web applications are encoded so that they can’t be hacked (as opposed to cracked; see the difference), reverse engineered, modified, etc., and Zend Optimiser interprets the encoded PHP files so that they can run.

But I was confused. I thought Zend was installed with PHP by default. Turns out it’s Zend Engine that’s installed with PHP. So off I go to the interwebs to do some research. Take a look at these pages:

  • Zend Products: Here are listed Zend Server, Zend Server Cluster Manager, Zend Studio and Zend Guard — four products.
  • Zend Downloads: Here are listed Zend Server, Zend Server Cluster Manager, Zend Server Community Edition, Zend Studio, Zend Guard, Zend Optimizer, Zend Framework, Zend Core and Zend Platform. Phew! Nine products!

You don’t even see Zend Engine listed on either of the above pages, presumably because it’s installed with PHP by default.

So you click on Zend Optimiser and you’re presented with downloads for Zend Guard, Zend Optimiser and Zend Guard Loader. Huh? What’s what, where did Zend Guard Loader come from, and what is it?

Add to that that, in the back of my mind, I thought I had been down this road before on a different server that I’m sure already had a decoder installed. However, I figured out that I was probably thinking of Ioncube, and it had likely been installed with a control panel on that server.

Add further to that confusion the plethora of different instructions you find in a web search, some of which (including the “user guide” that is linked to right next to the Zend Optimizer download link) refer to an installation script which doesn’t exist in the download, and you can see why I was left scratching my head. At one point I even started following the RPM installation instructions on the Zend website, until I said to myself, “Wait a minute. This isn’t right.” Sure enough, those instructions were for a different Zend product.

The download does include what are referred to on some websites as “manual” installation instructions. They’re straightforward, but the confusing array of different options out there threw me off. In the end, the “manual” instructions did indeed work — and given the choice I’d prefer them anyway — and took all of about three minutes, far less time than I had already wasted.