bookmark_borderTroubleshooting PHP-FPM Pool Setup: WordPress Requires FTP/SFTP User After Successful Configuration

This post assumes you have successfully installed PHP-FPM and have confirmed it is running on the server, and

# systemctl status php7.2-fpm.service
● php7.2-fpm.service - The PHP 7.2 FastCGI Process Manager
   Loaded: loaded (/lib/systemd/system/php7.2-fpm.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2020-08-13 03:40:43 UTC; 14min ago

Configured on the site:

But still getting this:

The good news is you are actually pretty close, and it’s actually something you missed in your site config file.

Go back and verify the port you’re listening on (e.g., vim /etc/php/7.2/fpm/pool.d/[pool name].conf). For instance, in my case it was:

listen = 127.0.0.1:9001

But my Apache config was looking for:

<FilesMatch "\.php$">
SetHandler "proxy:fcgi://127.0.0.1:9000/"
</FilesMatch>

A simple update to:

<FilesMatch "\.php$">
SetHandler "proxy:fcgi://127.0.0.1:9001/"
</FilesMatch>

And a restart of the web server:

systemctl restart apache2.service

Should do the trick, and get you situated again.

bookmark_borderSSH Permission Denied on DD-WRT Router

DD-WRT is an OpenSource router firmware supported by most modern router systems. If you want to open the door to what you can do with your router, DD-WRT is the way to do it. It allows you to bypass the limitations your commercial router software introduces.

Ok, let’s cut to the chase..

Permission Denied Using SSH with DD-WRT

If you’re like me, you have probably hit a brick wall when trying to SSH into the router after it’s been imaged with DD-WRT.

Check All SSH Settings

There are two place you want to update SSHD settings. Navigate to the following location

Services > Services > Secure Shell

Here, you will enable the SSHD daemon.

Make note of the port you’re using, and select to use a password or key or both. This is pretty straight forward, in my scenario I selected to disable password login and use my public SSH key for security.

Snapshot of Secure Shell Panel on Services Page

Then, navigate here:

Administration > Management > Remote Access

Don’t ask me why, but here you will make sure that SSH Management is Enabled and that your port is set the same as the last page.

Snapshot of Remote Access Panel on Management Page

Now save, and reboot the machine to make sure the changes stick.

Verify Username is Correct

If you are still having an issue, and it looks something like this:

$ ssh admin@192.168.1.1

DD-WRT v3.0-r44048 std (c) 2020 NewMedia-NET GmbH

Release: 08/02/20

Board: Linksys WRT3200ACM

admin@192.168.1.1: Permission denied (publickey).

or, something like this:

$ ssh admin@192.168.1.1

ssh: connect to host 192.168.1.1 port 22: Network is unreachable

tony:public antonioperez$ ssh admin@192.168.1.1

DD-WRT v3.0-r44048 std (c) 2020 NewMedia-NET GmbH

Release: 08/02/20

Board: Linksys WRT3200ACM

admin@192.168.1.1’s password: 

Permission denied, please try again.

admin@192.168.1.1’s password: 

Permission denied, please try again.

admin@192.168.1.1’s password: 

But you swear you are using the same username and password you log into the GUI with, then it might be something a little more frustrating.

The user.

Update the user to root instead of whatever user you were using. In my case, I was testing with admin.

After updating the username to ROOT:

$ ssh root@192.168.1.1

DD-WRT v3.0-r44048 std (c) 2020 NewMedia-NET GmbH

Release: 08/02/20

Board: Linksys WRT3200ACM

Enter passphrase for key ‘/Users/antonioperez/.ssh/id_rsa’:

Tada! Like magic, it started working. I have no idea why this is, but I have successfully used this on three DD-WRT installations and it works every time.

Cheers

bookmark_borderHow to remove .php / .html extension from URL slug

Was recently working on a project, not using a CMS like WordPress and Daniel was making fun of me for requiring “.php” in my URL.

Naturally, that could not go without a response.

Example of What I wanted to Do

Example of what I’m talking about:

https://defragged.org/somdirectory/somefile.php

I wanted to remove the “.php” extension from the URL, so that it reads:

https://defragged.org/somdirectory/somefile

If this is you, then here is the quick and dirty on how to get this done.

How To Remove .PHP / .HTML from URL Slug

I am working on Apache and the latest version of Ubuntu, but it should be the same for most of the latest versions.

Because this is a test server, I wanted to do a global deployment so that I don’t have to worry about it anymore. This saves me from having to remember to do this in each web directory via an .htaccess file.

Navigate to your apache config file, something like this:

# vim /etc/apache2/apache2.conf 

Scroll to the bottom, and append this to your file:

<Directory /var/www/>
 <IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule ^(.*)/$ $1 [R,L]
  RewriteCond %{REQUEST_FILENAME}.php -f
  RewriteRule (.*) $1.php [L]
  RewriteCond %{REQUEST_FILENAME}.html -f
  RewriteRule (.*) $1.html [L]
 </IfModule>
</Directory>

Save the file, and restart the web server.

service apache2 restart

That should be it, clear your browser cache, and revisit the site. It should do the trick.

Sharing is caring!

bookmark_borderParse JSON Responses using Bash Scripts

I was working with the categorify.org site and I wanted to parse through the API’s response. The response was in JSON format.

There are a number of different ways you can do this, but if you want a quick, simple, way that uses existing tools you probably already have installed, this is for you.

To parse through the JSON response I used Python.

Here is an example of what I was doing:

curl -s https://categorify.org/api?website=pornhub.com

If you do this, the response is something like this:

$ curl -s https://categorify.org/api?website=pornhub.com

{“domain”:”pornhub.com”,”ip”:”31.192.120.36″,”country-code”:”NL”,”country”:”Netherlands”,”rating”:{“language”:true,”violence”:false,”nudity”:true,”adult”:true,”value”:”R & NSFW”,”description”:”Adult-only content and not safe for a work environment”},”category”:[“Adult\/Pornography”],”keyword_heatmap”:{“videos”:99,”free”:85,”pornhub”:61,”porn”:55,”models”:54,”premium”:45,”content”:45,”rated”:44,”photos”:44,”exclusive”:43,”party”:43,”gifs”:42,”sister”:39,”discover”:36,”online”:36,”video”:35,”albums”:34,”pornhubcom”:33,”cancel”:33,”subscribed”:30}}

What I specifically wanted was the category value: “category”:[“Adult\/Pornography”]

So I modified my command to pipe my output to python and ran the following:

$ curl -s https://categorify.org/api?website=pornhub.com | python -c ‘import json,sys;obj=json.load(sys.stdin);print obj[“category”]’

The section you’re most interested in is this: print obj[“category”]

You have to choose which object you want to print. In my case, I wanted the category object as it holds the value I am looking for.

You can use this to parse any JSON response, just update the print object with one that corresponds to your results. The beautiful part is that this should be available on most major OS platforms without additional installations.


Side note, here are two variations depending on which version of Python you have on your machine.

Python 3

python3 -c "import sys, json; print(json.load(sys.stdin)['category'])"

Python 2

python2 -c "import sys, json; print json.load(sys.stdin)['category']"

bookmark_borderPi-Hole Error: Could not update local repository. Contact Support.

When you are running Pi-Hole for the first time, you might run into an error that reads:

Could not update local repository. Contact Support.

This can be for a couple of different reasons, but these are the ones that have been most effective:

  1. Verify that you chose the right interface when installing Pi-Hole. For instance, I chose the ethernet interface on the installation process. When it went to install, it assumed the internet was on this interface. I reran the installer, chose the WiFi interface, and it worked. Alternatively, connect it via the ethernet interface and that too should work.
  2. If you are running this on a new install, or what you believe to be a new install, try running this command:

pi@raspberrypi:~ $ sudo git clone -q –depth 1 https://github.com/pi-hole/pi-hole.git /etc/.pihole

If it returns this, it’s an update problem, not a new install problem:

fatal: destination path ‘/etc/.pihole’ already exists and is not an empty directory.

Good luck!

bookmark_borderUse Bash Script to Monitor The Status of Service

When you manage multiple servers it’s sometimes impossible to stay ahead of the various administrative tasks, which is why automation is so important.

If you’re working on a linux based server and want to monitor the status of a service, here is a quick an easy way to automate that process.

#!/bin/bash
# Script to find if a service is running

for i in ossec-monitord ossec-logcollector ossec-integratord;

 do ps auwx | grep -v grep | grep $i >/dev/null 2>&1 ;

   if [ $? = 0 ];

    then

     echo `date “+%Y-%m-%d %H:%M “`”$i Running…”;

    else

     echo `date “+%Y-%m-%d %H:%M “`”$i not running…”;

fi;

What we did above is create a simple loop looking for three distinct services:

  • ossec-monitord
  • ossec-logcollector
  • ossec-integratord

Those three services are assigned to the i variable, and that variable is then passed into the grep query here:

ps auwx | grep -v grep | grep $i >/dev/null 2>&1 ;

What we’re also doing above is cutting out any grep inquiries, because if you were to run a grep command it will show as a process as shown here in red:

root@server:~/scripts# ps auwx | grep ossec-logcollector

root      1260  0.0  0.0   4876  1784 ?        S    May19   0:03 /var/ossec/bin/ossec-logcollector

root     29353  0.0  0.0  14428  1116 pts/0    S+   20:59   0:00 grep –color=auto ossec-logcollector

By cutting out the grep request you see this response:

root@server:~/scripts# ps auwx | grep -v grep | grep ossec-logcollector

root      1260  0.0  0.0   4876  1784 ?        S    May19   0:03 /var/ossec/bin/ossec-logcollector

This is important because this   if [ $? = 0 ]; is looking for the grep exit value of 0, which states:

EXIT STATUS
    The grep utility exits with one of the following values:

    0     One or more lines were selected.
    1     No lines were selected.
    >1    An error occurred.

With this selection, if you run the grep and there are no service running it would still find the grep service itself. It’d give you a false positive response.

The echo command then prints the status of the service:

echo `date “+%Y-%m-%d %H:%M “`”$i Running…”;

It passes each argument through the loop. If the service is found to be running it prints:

2020-05-19 18:27 ossec-monitord Running…

2020-05-19 18:27 ossec-logcollector Running…

2020-05-19 18:27 ossec-integratord Running…

bookmark_borderTips and Tricks: Blocking DNS requests via Iptables

Iptables has to be one of the tools that I use the most on my day to day work. The default firewall tool chain on Linux has a lot of options to filter pretty much any traffic you wish.

In this Tips and Tricks, we will show you how to block DNS requests (domain names + request types) via iptables. Enjoy!

Continue reading “Tips and Tricks: Blocking DNS requests via Iptables”

bookmark_borderBriefly unavailable for scheduled maintenance. Check back in a minute.

Every now and then, depending on what you’re doing, you might encounter this problem with your WordPress site. I often see it after running an update:

Continue reading “Briefly unavailable for scheduled maintenance. Check back in a minute.”

bookmark_borderCreate MySql Database Backup in Linux Using MariaDB

If you need to do a MySQL database backup in linux, this is the basic command structure you want to use:

# mysqldump -u [username] -p [database name] > [filename]-$(date +%F).sql

This will prompt the password when you hit enter.

Continue reading “Create MySql Database Backup in Linux Using MariaDB”

bookmark_borderInspecting DNS traffic via tcpdump

If you ever wondered what is going on at the DNS level on your computer (or network), tcpdump can be a useful tool for you.

TCPdump basics

Tcpdump is a tool that allows you to inspect any packet (TCP, UDP, etc) and its content as they pass through an interface through the libpcap module. The syntax is very simple, but the basics of the command require the network interface name, the protocol and the restrictions of what you are trying to inspect (more on that later):

Continue reading “Inspecting DNS traffic via tcpdump”