In my point of view, if US government computers have really been hacked, it is not necessarily China who has done the hacking. Why is this so? It’s because when you hack into a computer, you will leave tracks and authorities can trace these tracks and will lead them to the hacker. In the US, the systems are so interconnected and if anyone does a cybercrime, the crook can be easily traced. As many of us know, all computers in the world basically use the same system, software and servers, whether Linux or Windows, Apache or IIS and all have the same security problems. Thus, it is of high probability that an unsecure server of China may have been hacked and was used to hack into the US government computers therefore hiding tracks to the real culprits. Who knows, the crooks may have actually come from England?

I would also like to voice out my opinion regarding this issue. Lately, I’ve noticed that China has been the center of controversy for various issues like Mattel products from China recalled, some food containing formalin, Hong Kong residents being hesitant to buy poultry from China and recently, this alleged hacking activity. For me, the “Sleeping Giant” is slowly becoming a powerful and influential country that could rock the whole world with its tremendous power. Do you think that these events are some of the means of stopping China in becoming a superpower? Are Chinese people really hacking into US government computers? Or are there just lame people (not necessarily Chinese or from China) who want to destroy China’s credibility?

Doing hard reboot on the server may help and also depends if your data center offers some reboot facility for you. but doing this all the time may not be the best way to fix the problem if the only problem is CPanel and the Web Host Manager are not working and only show a blank page and the rest of the server still works perfectly. It’s probably best to simply restart CPanel only.

We assume you are a dedicated server owner or co-located server owner running a server with CPanel, so again, we assume you have shell access. So login to your server by SSH, and I do assume you have an SSH software of course. If not and you are using a Windows machine, Putty works fine. Login as root to your server and simply run this:

/etc/init.d/cpanel restart

And it will restart all your CPanel related services and simply wait until it’s done.

One way to save space on your web hosting account and have a large email box is simply using Gmail’s service but still use your personalize domain name email account.

Things are getting bigger now a days, hard disk, memory and processor speeds keep on increasing due to the demands of softwares with increasing required specifications. Data files are increasing in size as well and sharing data online via IM or email requires larger email boxes and higher bandwidth speeds.

And as domain name prices drop, where you can get a domain for less than $10/year, and get some cheap web hosting, you can have your own personalized email address having your own domain name like whatever@yourname.com. But in every hosting account with some email service, you pay for space and bandwidth. The larger it is, the larger you need to pay on a regular basis.

Now this is assuming you have your own domain name and hosting service but wants to save on web hosting space by moving your email to Gmail.

How to receive emails

Most web hosting companies will really offer email forwarding, most of the time for free, sometimes with a limited number or sometimes unlimited. And instead of using an email POP3 account on the server, you can simply not create one or delete it if you have one already to save on space and just make an email forwarder going to your free Gmail email address. So receiving emails is simply done by checking your emails on Gmail. So for example, if the email is whatever@yourname.com, simple set this to forward to your Gmail email account. Obviously you need to own your own domain name already and should probably have a hosting account as well for your website. If you do not have this but plan on having your own personalized domain name email, you can buy domains for less than $10 bucks a year, just add a little bit more for hosting, and get the ideal plan for your hosting needs. Each hosting provider has a different procedure in doing email forwarding in their control panel. If you have any trouble doing this, it is best to contact your web/email hosting provider.

How to send emails

Since you are now using Gmail, you do not want people to see your Gmail address and want to show them your personalized email address like whatever@yourname.com. You can simply change the settings in Gmail do this:

1. Login to your Gmail account and click on Settings.
   
2. Click on Accounts.
   
3. Click on Add another email address to add your own domain name email in Gmail.
   
4. A popup window will appear. If none appears, your browser might be blocking it and be sure to allow popups from gmail.com. In this popup window, simply enter your name and your own domain name email and go to the Next Step.
   
5. You will be asked to verify your email. Simply click on the Send Verification button.
   
   Since in the earlier step, we have already said that your personalized domain name email should already be forwarding to your email account, then all you have to do next is simply check your Gmail and click on the verification link and you are done.
6. When sending a new email, just Compose a new email in Gmail and you will be given options in the From field as a dropdown menu.

That’s it. So now you get to save on email space, using the big 2GB+ and growing email box of Gmail. You get to use many of the other great features of Gmail, you can check it anywhere you have Internet access. Their spam filter is one of the best. They have good segregation and grouping of emails based on subject and fast searching of emails. And you get to use your own domain name on it, branded in whatever way you wish.

I have just upgraded my PHP4.4.1 to PHP5.2.0 on a cPanel server using the WHM Apache Update. So far I have encountered the following problems:

AddType .html extensions for PHP - error 500.

Problem: This does not work anymore if you have this line in your .htaccess file.

AddType application/x-httpd-php .php .php4 .php3 .phtml .html .htm

Solution: This will work. I looked at the httpd.conf file and checked how it was written in there.

AddHandler application/x-httpd-php .php .php4 .php3 .phtml .html .htm
AddType application/x-httpd-php .php
AddType application/x-httpd-php .php4
AddType application/x-httpd-php .php3
AddType application/x-httpd-php .phtml
AddType application/x-httpd-php .html
AddType application/x-httpd-php .htm

OK, The document has moved here.

Problem: I have PHP 301 Redirect pages, in fact I use it on this blog too. And instead of the page just directing. It shows an intermediate page that says:

OK
The document has moved here.

A message like this will really appear if there is some code before the PHP redirection code. And I had none since it was the first thing in my Wordpress template, all the way on top.

Solution: In PHP5, it seems even having the header location code all the way on top, but is called by an include() or require() function, it will display the error message. So in my case where it was in a Wordpress template, I took the code out and placed it on top of the main Wordpress file. Disadvantage of this is, I will need to reinsert the code when a Wordpress update comes out.

allow_url_include is disabled by default

If you have been using include() functions with actual absolute URLs with get include errors. And I have no plans on enabling it. They were disabled by default for security purposes. If you are having this problem with your scripts, instead of using:

include("http://www.domain.com/path/file.php");

Use this instead on a cPanel server:

include("/home/account_username/public_html/path/file.php");

ZenPhoto does not seem to work

Problem: getGalleryIndexURL(); function is not working. We are not sure why and there seems like no one has been writing about it yet in the ZenPhoto forums.

Solution: This function should output the URL of the photo gallery index. In templates it is usually used in album.php and image.php files for the breadcrumb navigation. Probably not the best solution but since it only occurs twice in our template, we just hard coded the link to the gallery index.

ForceType problems and other problems with Dew-Code phpLinks

Problem: A hosting client of mine using Dew-code phpLinks had problems of the script not working. And I have found not only 1 problem but several.

Problem with ForceType. The .htaccess file had this line:

ForceType application/x-httpd-php

Solution: Add SetHandler

SetHandler application/x-httpd-php
ForceType application/x-httpd-php

$_SERVER[PATH_INFO] not supported by default

Here is what the PHP Manual has to say:

cgi.fix_pathinfo: Provides real PATH_INFO/PATH_TRANSLATED support for CGI. PHP’s previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting this to 1 will cause PHP CGI to fix it’s paths to conform to the spec. A setting of zero causes PHP to behave as before. Default is zero. You should fix your scripts to use SCRIPT_FILENAME rather than PATH_TRANSLATED.

Solution: I became a fan of the PATH_INFO sometime early 2005 and has been using it for some time. But since PHP recommends not to use it anymore, instead of globally enabling it, I am going to modify all scripts to be more compliant to the new way of doing things. But then again, I barely have the time to rewrite everything. And I will just come up with a patch to the problem. thus I am going to use:

$_SERVER[PATH_INFO] =
substr($_SERVER[REQUEST_URI], strlen($_SERVER[PHP_SELF]));

Ok now back to discovering more problems, so far, I still have the ZenPhoto problem.

UPDATE: Because of all these problems, I did a roll back to PHP4.4 and ran PHP5.2 on FastCGI and had Ruby on Rails enabled too. Thanks to Mike on his PHP4/PHP5/RoR setup.

http://www.domain.com
http://sub.domain.com
http://whatever.domain.com
http://something.domain.com
http://anything.domain.com

will all show the same page. Even if you just invented one subdomain up, it will still show the same page, the homepage. Err, hmmm what’s the use of that? Well for some this is totally non-sense, but for some, it totally makes sense why to do this, where you can be having the same file running and just using server-side scripts to change content of a website dynamically. Now if you believe wildcard DNS is something you need to do in order to achieve something like this and is running a CPanel server, how can this be done?

First is, if you just have a shared hosting account and has no access to WHM and no SSH access to the httpd.conf file, you might need to ask permission from the server owner. If you run your own server, or is given the freedom to play around with these files, you can go ahead and follow the procedure.

But I do believe there may also be some other way to do this, maybe with just playing around with the .htaccess file, but tough regex commands and .htaccess modifications are not my cup of tea. Another thing is, I am not guaranteeing anyone that what you will do will not mess up your servers. Although this procedure has served me well, if ever something happens to your server as a result of following this procedure, I, the author, this website, my business, my friends, my cats and my dogs will not be held responsible for what ever losses may occur on your end.

Ok now, how to do it?

1. Login to WHM
2. Click on Edit DNS Zone on the side navigation.
3. Choose the domain to edit, and click on the Edit button.
4. Under Add New Entries Below this Line add this:
   Domain: *
   TTL: 14400 (this is the default value)
   Record Type: A in (your IP address)
5. Submit and this will now be added.
6. Access your httpd.conf file. Login as root, via SSH.
7. To access the file in a CPanel server go to:
   # cd /etc/httpd/conf/
8. Use your favorite text editor, or just simply type:
   # pico httpd.conf
9. Do a find on your domain and you may find something like this:

   
   ServerAlias yourdomainserver.com
ServerAdmin webmaster@yourdomainserver.com
DocumentRoot /home/yourdoma/public_html
BytesLog domlogs/yourdomainserver.com-bytes_log
ServerName www.yourdomainserver.com
User yourdoma
Group yourdoma
CustomLog /usr/local/apache/domlogs/yourdomainserver.com combined
ScriptAlias /cgi-bin/ /home/yourdoma/public_html/cgi-bin/
   

   On the line:

   ServerAlias yourdomainserver.com

   Change to:

   ServerAlias: *.yourdomainserver.com yourdomainserver.com

10. Exit or press Ctrl X if using Pico.
11. Save the file when asked and replace the existing file.
12. Restart the apache web server by typing in:
    # service httpd restart

Done! You are all set to go. Wildcard DNS Enabled on a CPanel Server

What these hacking people are doing are simply adding some email headers in the email form, like:

Content-Type: multipart/mixed;
MIME-Version: 1.0
From: random@whateverdomain.com
bcc: spammed@email1.com, spammed@email2.com, spammed@email3.com

The can probably try to add this in the From field or at the beginning of a message. Assuming your contact form has no To field and Subject since the contact form should go probably only to one place without a changing subject. With this code, the spammer is trying to in some email headers so that the server will process this and send out copies of the email to other people.

What is the bad part of this:

• Since the emails are sent via machine, so many can be sent in a few seconds. Your email box can be filled with thousands of emails in just a few minutes.
• For every email you recieve, this can be multiplied by a factor of 2 or higher for other email addresses that received the same email. Depending on how many emails they placed in the bcc list.
• The recipient of the email sees you are the source of the email. Gives you a bad reputation as a spammer.
• Slows down the server with a large mail queue.
• Several people can mark you as spam and have you listed in anti-spam company’s banned IP address list.

Clearer images can be found on the news page of YDS Web Solution.

Avoiding it can be done by:

• To not make the From field of the email the actual email address submitted by the sender. And just use something like mywebsite@mydomain.com and place the submitted email in the content of the message. So email headers cannot be added there.
• Place a few lines in the beginning of the message content before sending.
• Do not allow emails to be sent when the words content-type, mime-version and bcc are found.
• Adding some kind of captcha. Try adding a comment to this post to see captcha in action of read this post: http://blog.actiononline.biz/2006/02/03/avoiding-comment-spam-on-wordpress/

Good luck to other people that get attacked.

Related Links:
Preventing Comment Spam on MikeLopez.info

There are several web hosting account administration softwares like Plesk, Ensim and CPanel. I have tried Plesk before and I am quite happy with CPanel right now. CPanel’s Web Host Manager (WHM) is pretty cool but I noticed everything that is related to deleting something, it does not ask you twice to confirm if you really want to delete it. I already made a mistake before when I clicked on Terminate Account and just because of a slip of the mouse and quickly clicking Ok, I noticed that I chose the wrong account and that was the end of it. The account was erased, but good thing I had a back up where I recreated the account and re-uploaded everything.

Now, I have this hosting account where I did DNS entry changes. I started with Edit DNS Zone and added some A Records. But I then realized what I did was wrong. So I wanted to remove the DNS zone entry and decided to click on Delete a DNS Zone. I chose the domain and clicked on Ok and OH NO!!! I thought the next screen will ask me what type of record I will delete and it deleted the whole zone without asking me any confirmation. Well dumb me, it could happen to anyone. Deleting the one entry removed the hosting account from the list of accounts. I then clicked on Add a DNS Zone and I got the DNS zone back for the domain. But it still did not appear in the list of accounts in WHM, but when visited, the account was still live.

The only solution I thought of was, creating a new account on top of it. But I could not create it since WHM was telling me the user already exist. I can’t seem to delete this user and account in WHM since it is no longer listed ever since I deleted the DNS zone. I decided to create one with a new username and just disregard the old username for a while. It worked, I mean creating the account worked.

But when visting the site, it was still pointing to the old username account. I clicked on Terminate an Account hoping I get both usernames deleted. After the terminate account process, I tried to create it again and it still said that the username already exist. So my real problem was deleting this user name and the hosting account attached to it.

How I deleted the user account on Redhat Linux

I was chatting with my friend in the Philippines, Mike Lopez (who made his own warp gate btw), a Linux user told me to SSH to my account and login as root. Then do a deluser. And this is what he uses on his linux distro, Debian. Deluser did not work on Redhat Linux. So he suggested to try rmuser, userrm and all other stuff. All guesses did not work. And while searching online, it was userdel! But that did not solve my problems right away. What I did was:

Login as root:

# userdel username
# rm -r /var/spool/mail/username
# cd /etc
# pico group

Look for the line with the username you want to delete. And delete that line.

I believe my next step was supposed to be:

# rm -r /home/username