reset wordpress admin password using MySQL

If you wish to reset the password from cli, using MySQL prompt, use the following commands:

Login to server via ssh and go to MySQL prompt by entering the following in the cli.

$mysql

Use the corresponding database for the wordpress install. You can locate it from the wp-config.php file.

$use wordpress_dbname;

Check for table wp_users table.

$show tables;

Use the following to find the details of the table.

$SELECT ID, user_login, user_pass FROM (table_name);

Now update the password using the following command.

$UPDATE (name-of-table) SET user_pass=”(MD5-string_of_password)” WHERE ID = (accocunt_id_number);

For the latest MySQL versions, you can generate the MD5 using the MySQL.

$UPDATE `wp_users` SET `user_pass` = MD5(‘new_password’) WHERE `wp_users`.`user_login` = “admin_username”;

reset wordpress admin password using phpMyAdmin

First, log into phpMyAdmin and select the database associated with your WordPress installation. You can find it from the wp-config.php file. Once in your database, select the wp_users table.

Once the table is loaded, look for the username you had chosen while installing WordPress. Assuming the user name is admin in this scenario. Click on the edit icon, the little yellow pencil icon located next to the admin entry.

Look for the row named user_pass and make the following changes:

Change the Function field to MD5. Under the Value field, enter your new password and click on Save Changes.

Now you have successfully changed your WordPress password and reset the WordPress admin password. 🙂

Your Internet Address has changed since the beginning of your Mail session. To protect your security, you must login again

If you are unable to login into Webmail , and you are getting an Error: “Your Internet Address has changed since the beginning of your Mail session. To protect your security, you must login again.”

To fix this problem, you may do the following:

1)You can turn off ‘checkip’ feature in Horde server-wide.

2)Edit the /usr/share/psa-horde/config/conf.php file in the Plesk server and the change the following lines.

$conf[‘auth’][‘checkip’] = true;
to
$conf[‘auth’][‘checkip’] = false;

Please note that this modification cannot be configured per user basis and will affect all the webmail users in the server.

Checking Rootkits with rkhunter

Rootkits
A rootkit is software that is installed on your server with the purpose of hiding the fact that your server has been compromised and providing access to your server so that the intruder can easily return. It is important to understand that in order for an intruder to install a rootkit they will have to have gained the rights to do so on your server. This means that the first line of defense is good security that prevents the installation of a rootkit.

The intruder could use a rootkit to hide the password cracker program that’s stealing your passwords and sending them back to the intruder. The intruder could also use a rootkit to hide a “back door” program that would give him easy access back into the compromised system.

There are at least six basic categories of rootkits which all serve the same purpose. They prevent the intruder’s malicious software from showing screen output to the unsuspecting user, and they prevent the malicious software from leaving traces in the system logs. They also prevent the malicious software from showing up in a “ps” or “top” process list.

Firmware rootkits
One of the most difficult rootkits to discover is the firmware rootkit that is placed in the code that exists in the ACPI or PCI cards or your system clock. Firmware rootkits can be installed in any flashable code on your motherboard or any cards that you install. The difficulties here will be that you cannot fix this by reinstalling your operating system or wiping your hard drives.

Virtualized rootkits change a computer’s boot-up sequence so that the rootkits get loaded instead of the operating system. Once the rootkits are running in memory, the original operating system loads and then runs in a virtual machine as a guest operating system. The rootkit can then intercept hardware calls from the original operating system in order to conceal the presence of any malicious software or activity.

Kernel rootkits
When Linux boots up, it loads kernel extensions, or modules. Loadable Kernel Module, or LKM rootkits, can modify these modules to make them do the intruder’s bidding. These are also very difficult to detect. They can subvert any attempt to detect them and can prevent removal. On the other hand, they can be prevented. On a known clean system, just recompile the Linux kernel without support for loadable kernel modules.

Boot Loader rootkits
In this rootkit the boot loader is replaced with a modified boot loader which is used to achieve the goals of the intruder.

Library rootkits
These rootkits work by modifying the operating system’s libraries that provide system calls. They will either patch the library files, hook onto them, or outright replace them.

Application level rootkits
These are sometimes referred to as “traditional” rootkits. That’s because they’re the oldest variety. Application level rootkits replace system utility programs with their own trojaned versions. On Linux, the affected system utilities include login, ls, du, netstat, ifconfig, ps and top. When the unsuspecting user invokes one of these counterfeit utilities, it’ll will do what the user wants done, but in the background, it will also do something for the intruder.

One way to check these utilities is to invoke them with the -/ option switch. If the command works with that switch, it’s an sign that its executable file is infected.

Rootkit Hunter
Rootkit Hunter performs a more comprehensive check than chkrootkit, and takes somewhat longer to run. If your distro’s package repository doesn’t have it, you can download it from the author’s website. The site is: http://rootkit.nl/projects or you can download it from sourceforge.net.

To perform a check of your system, enter:

rkhunter -c

Here is a typical summary which is listed at the end of the check.
System checks summary
=====================

File properties checks…
Files checked: 129
Suspect files: 0

Rootkit checks…
Rootkits checked : 115
Possible rootkits: 0

Applications checks…
Applications checked: 9
Suspect applications: 0

The system checks took: 3 minutes and 1 seconds

All results have been written to the logfile (/var/log/rkhunter.log)

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)

To update Rootkit Hunter, enter:

rkhunter –update

If you do a test and it discovers some programs have changed but you are sure that the changes occurred as the result of an upgrade you will want to upgrade those changes with rkhunter so that it does not continually report those as problems. Note that rkhunter will only be able to tell you that changes have occurred not why they have changed, that is your responsibility to find out.

rkhunter –propupd

Run without User Input
In order to run rkhunter as a cron job, or without user input, you must make a few modifications. Other wise, during the course of its scan, it will stop several times and ask the user to press “Enter”. Use the command:

rkhunter –cronjob

Report only Problems
You can run rkhunter so that it will only report problems that it discovers.

rkunter –cronjob –rwo

Email Your Account
You will need to edit two lines to enter your email and check your mail command header setting. This command will work for Sendmail but not Postfix.

MAIL-ON-WARNING=youremail@example.com root@mydomain
MAIL_CMD=mail -s “[rkhunter] Warnings found for ${HOST_NAME}”

If you are using Postfix as the mail server you will want to modify the default line so it looks like this:
MAIL_CMD=/usr/sbin/sendmail

This is the message you will receive is there is a problem.

”Please inspect this machine, because it may be infected.”

False Positives
You may have to uncomment lines in the rkhunter.conf file to allow for some hidden directories. You may also have to enter the lines and issues that are discovered for your system that are false positives. Of course, you will want to verify either that rkhunter discovered these on a new system or that you are sure they do not represent intrusion.

LOGFILE=/var/log/rkhunter.log

If you allow the root user to login using SSH, change this line.
ALLOW_SSH_ROOT_USER=yes

You may need to allow some directories and files to stop the false positives.
#ALLOWHIDDENDIR=/etc/.java
ALLOWHIDDENDIR=/dev/.udev
#ALLOWHIDDENDIR=/dev/.udevdb
#ALLOWHIDDENDIR=/dev/.udev.tdb
ALLOWHIDDENDIR=/dev/.static
ALLOWHIDDENDIR=/dev/.initramfs
#ALLOWHIDDENDIR=/dev/.SRC-unix

ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz
ALLOWHIDDENFILE=/usr/bin/.fipscheck.hmac
ALLOWHIDDENFILE=/usr/bin/.ssh.hmac
ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac

SCRIPTWHITELIST=/sbin/ifup
SCRIPTWHITELIST=/sbin/ifdown
SCRIPTWHITELIST=/usr/bin/groups
SCRIPTWHITELIST=/usr/bin/ldd
SCRIPTWHITELIST=/usr/bin/whatis

Enter the applications you want to whitelist. This is a possible list for a CentOS system apache on Ubuntu is called apache2 instead of httpd.

APP_WHITELIST=”httpd sshd PHP named”
Here is an example of the output that you need to fix in order to eliminate false positives.

rkhunter –cronjob –rwo
Warning: Hidden directory found: /dev/.udev
Warning: Hidden file found: /usr/share/man/man1/..1.gz: gzip compressed data, from Unix, max compression
Warning: Hidden file found: /usr/bin/.fipscheck.hmac: ASCII text
Warning: Hidden file found: /usr/bin/.ssh.hmac: ASCII text
Warning: Hidden file found: /usr/sbin/.sshd.hmac: ASCII text

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)

Microsoft Contributes Code to Linux Kernel

Microsoft released about 20,000 lines of device driver code to the Linux Community. The code includes three Linux device drivers, has been submitted to the Linux kernel community for inclusion in the Linux tree.

Sam Ramji, Senior Director of Platform Strategy, and Tom Hanrahan, Director of the Open Source Technology Center, discuss the release of this code under General Public License v2 and how both customer and community demand is driving better integration between Windows and Linux.

More : http://port25.technet.com/archive/2009/07/20/the-hyper-v-linux-integration-components.aspx

Press Release : http://www.microsoft.com/presspass/features/2009/Jul09/07-20LinuxQA.mspx

CentOS Project In Trouble?

CentOS is a community-supported, freely-available operating system based on Red Hat Enterprise Linux. Lance Davis created CentOS and now he goes absent without leave.

Lance vanished from the project some time in 2008. Everybody needs time off from projects from time to time, so there was no real need to worry about that. What there was to worry about is the following: Lance is the only one, who can make active changes to the centos.org domain, as he “owns it”. Nobody else in the team is able to add nameservers, or change anything as for now. Recently he put an anonymizing service on the domain, so that nobody from the outside can see who that domain belongs to.

The other important thing is that Lance is the one who has access to the Google AdSense and the Paypal accounts, without a backup. This money was donated towards the project and could have been used for professionally made media for fairs and conventions, professionally made advertisement material for the same, hardware, community support and so on. Nobody on the CentOS team wants to make money, they are doing the project in their free time.

Different APF log for TDP/UDP drops

We are able to create a separate log file for TCP/UDP OUTPUT and drops.

Requirements:

APF Firewall 0.9.3 or above. It may work on previous versions but haven’t tested. If you’re using an older version you should upgrade anyways.

Changing APF’s configuration:

1) Login to your server and su to root shell.

2) Create a new log file just for the TCP/UDP output/drops from APF.
touch /var/log/customlog

Set user permissions to restrict access.
chmod 600 /var/log/customlog

3) Change the syslog so it will tell iptables to use your new log file.
First lets make a backup to be safe:
cp /etc/syslog.conf /etc/syslog.conf.bak

vi /etc/syslog.conf

4) Add the following line at the bottom

# Send iptables LOGDROPs to /var/log/customlog
kern.=debug /var/log/customlog

5) Save the changes, ctrl + X then Y

6) Reload the syslogd service for the change to take effect.
service syslog reload

7) Open APF and edit the firewall configuration.
First lets make a backup to be safe:
cp /etc/apf/firewall /etc/apf/firewall.bak

vi /etc/apf/firewall

Find the following: DROP_LOG

You should see this: P.S. USE OUR PRINTER FRIENDLY VERSION TO AVOID TEXT WRAPPING, LINK AT TOP!

if [ “$DROP_LOG” == “1” ]; then
# Default TCP/UDP INPUT log chain
$IPT -A INPUT -p tcp -m limit –limit $LRATE/minute -i $IF -j LOG –log-prefix “** IN_TCP DROP ** ”
$IPT -A INPUT -p udp -m limit –limit $LRATE/minute -i $IF -j LOG –log-prefix “** IN_UDP DROP ** ”

Replace with the following:

if [ “$DROP_LOG” == “1” ]; then
# Default TCP/UDP INPUT log chain
$IPT -A INPUT -p tcp -m limit –limit $LRATE/minute -i $IF -j LOG –log-level debug
$IPT -A INPUT -p udp -m limit –limit $LRATE/minute -i $IF -j LOG –log-level debug

Find the following one more time: DROP_LOG

You should see this:

if [ “$DROP_LOG” == “1” ] && [ “$EGF” == “1” ]; then
# Default TCP/UDP OUTPUT log chain
$IPT -A OUTPUT -p tcp -m limit –limit $LRATE/minute -o $IF -j LOG –log-prefix “** OUT_TCP DROP ** ”
$IPT -A OUTPUT -p udp -m limit –limit $LRATE/minute -o $IF -j LOG –log-prefix “** OUT_UDP DROP ** ”

Replace with the following:

if [ “$DROP_LOG” == “1” ] && [ “$EGF” == “1” ]; then
# Default TCP/UDP OUTPUT log chain
$IPT -A OUTPUT -p tcp -m limit –limit $LRATE/minute -o $IF -j LOG –log-level debug
$IPT -A OUTPUT -p udp -m limit –limit $LRATE/minute -o $IF -j LOG –log-level debug
8) Save the changes to firewall.
Ctrl + X then Y

9) Restart apf for the changes to take effect.

apf –r

10) Make sure the new log file is getting written to:
tail –f /var/log/customlog

You should see things like:

Aug 27 15:48:31 fox kernel: IN=eth0 OUT= MAC=00:0d:61:37:76:84:00:d0:02:06:08:00:08:00 SRC=192.168.1.1 DST=192.168.1.1 LEN=34 TOS=0×00 PREC=0×00 TTL=118 ID=57369 PROTO=UDP SPT=4593 DPT=28000 LEN=14

Also check the messages log to make sure APF still isn’t writing to it.

tail –f /var/log/messages

Linux Foundation Launches Branded Credit Card Featuring Tux.

The Linux Foundation, the non-profit that supports the growth of the Linux kernel, announced an affinity Visa Platinum credit card for people who want to contribute to advancing the OS through the organization’s initiatives. This is actually not that bad an idea.

tux-card

Jim Zemlin, executive director of The Linux Foundation in a statement says people can contribute to Linux in a variety of ways, but now have a convenient way of identifying themselves as supporters of the community “by carrying Tux in their pocket”. And then of course there’s the financial incentive.

The Linux Foundation is partnering with CardPartner to offer the credit card through UMB Bank. The organization will receive $50 for every activated card as well as a percentage of every purchase made with the credit card. The Linux Foundation also says 100% of the proceeds from the Visa card program will go directly towards providing community technical events and travel grants for open source community members in order to accelerate Linux innovation.

Initially, the custom Linux Foundation Visa Platinum card is only available to U.S. residents, but the organization expects to expand in the coming months.

How to change the default port for Plesk

It is not recommended to change the default Plesk port because it can break Plesk integration with other programs like Plesk Expand or DrWeb.

Linux

To change the port Plesk listens on you will need to edit /usr/local/psa/admin/conf/httpsd.conf file and change the following directives to list the port you want Plesk to listen on:

Listen 8443
Port 8443
VirtualHost *:8443>

You will need to restart Plesk afterwards. Plesk cannot listen on any of the ports used for common services.

Windows

Most Plesk installs will be using Apache by default. You will want to edit the Apache configuration file C:\Program Files\SWsoft\Plesk\admin\conf\httpd.conf

1.) Change the following line to list the port number you want Plesk to listen on
Listen 8443

2.) Restart Plesk Control Panel.

Plesk – Rebuilding qmail queue on RPM based Servers

This instruction is written for RPM-based systems like RedHat, Fedora, CentOS, etc.

Please do the following steps to recreate Qmail`s queue, Queue has damage or lots of spam mails.

Please DO remember that all current messages will be removed from the queue in this case and cannot be restored.

1. Stop Qmail and xinetd.

/etc/init.d/qmail stop
/etc/init.d/xinetd stop

2. Move current queue to another location.

mv /var/qmail/queue /var/qmail/queue_old

3 Reinstall ‘psa-qmail’ RPM to recreate qmail queue structure with the command like:

rpm -Uvh –force psa-qmail….

4.(Optional).Reinstall drweb-qmail RPM if you use DrWeb antivirus feature which comes with Plesk.

rpm -Uvh –force drweb-qmail….

5.Start Qmail and xinetd:

/etc/init.d/qmail start
/etc/init.d/xinetd start

You should get the both psa-qmail and drweb-qmail RPMs from the same Plesk version distributive that is installed on the server. You can obtain current psa-qmail, drweb-qmail RPMs and Plesk build versions by running the following commands on Linux systems:

rpm -q psa-qmail
rpm -q drweb-qmail
rpm -q psa