Friday, October 26, 2007

Media convertor problems?

On Oct 11 I had some connectivity problems, thought there was some router problem, but finally suspected local (PC) router and media convertor. Once again, on Oct 23, I had one more episode of connection problem. Tried restarting my router (Millenium) computer. Still problem persisted. Then toggled the WorkStation/Hub switch of the media convertor. Then it started working. So, probably media-convertor / network card issue. Right now it is working and I can live with it....

Thursday, October 25, 2007

internal http sharing problem

Our internal http large file share had been unmounted after a reboot due to a power problem, but after remounting it, was not able to access it from the same machine. Forgot that I've not added localhost to the access controls! So, changed the relevant lines in httpd.conf:

AllowOverride None
Options +Indexes
Order deny,allow
Deny from all
Allow from 127.0.0.1 x.y.z.w a.b.c.d p.q.0.0/255.255.0.0
#allow from .your_domain.com

Migrating to Google Apps

Spent the whole morning yesterday creating accounts, adding forwarding rules etc so that the users will not feel anything in the migration. The Dashboard was very slow yesterday, probably because of Murphy's Law! This morning, corrected our SPF records so that the new accounts also can send mail without spf softfail - needed to remove the mx records of gmail, which were anyway not required, since mail sent from gmail is anyway signed properly. So, now the SPF records have ip4: parts and the include: part as given in Google's Helpcenter.

For migrating other domains, will think about the options presented by Scott Hanselman, especially the part about transferring old mails via pop and the gXfer tool to one-click transfer all mails.

Monday, October 22, 2007

small bug in PhpMailer timezone code

As posted to phpmailer general mailing list:

In class.phpmailer.php 's function RFCDate(), there is a bug in the timezone code which returns +0580 for Indian Standard Time instead of +0530.

The line
$tz = ($tz/3600)*100 + ($tz%3600)/60;

should be replaced with

$tz = (($tz - ($tz%3600) )/3600)*100 + ($tz%3600)/60;

Found this bug in our phplist mails....

Edit: More info - http://in.php.net/operators.arithmetic has a comment which describes the integer division required:
nicolas_rainardNOSPAM at yahoo dot fr
10-Jul-2007 09:10
Here is another very simple and extremely fast integer division function, but it works only if the arguments are integers and nothing else. So use it only if you are sure of what you are doing.

function int_int_divide($x, $y) {
return ($x - ($x % $y)) / $y;
}

phplist process bounces

Phplist process bounces stopped working a few days back. Reason probably was an interrupted run of the processbounces script. Tried deleting bounces with the Reset Bounces link in View Bounces section. Didn't work. Then purged the mbox file by rm and touch, fetched some more bounces, now it works.

Sunday, October 14, 2007

PhpSpy trojan and more

One of our machines was found to have the PhpSpy trojan, using which a cracker had put a link to mozzila.net.cn on a webpage. The fake mozilla site is now down - note the spelling -
mozzila
... And we're removed the offending php-based pages from view.

Wednesday, October 10, 2007

dns corrections

Found that the local Cyberoam dns server was repeatedly failing for radiosai.org domain. Checking out the Domain report at dnsstuff.com, found that it had a problem of having a stealth nameserver. Logged into Plesk and changed the ns dns records to w5 and w6, that seems to have fixed the problem. Also added SPF TXT record using the wizard at openspf.org.

phppgadmin issue - blank fields

An issue with phppgadmin cropped up during the db work. If any field which is marked as a key of any type (even unique key) is NULL, clicking Edit next to a record opens the Edit form with all the fields blank - not filled in like in other cases. Does not happen for NULL fields when the fields are not marked as keys. It relates to the way the query is made in phppgadmin....

sql queries for find-replace

Running some sql queries on our pgsql db like
UPDATE "file_id" SET "download_filename" = '-' 
WHERE "filename" ~~ 'SV_MS%'
AND "filename" not like '%MSANTAN%'

UPDATE "file_id" SET "download_filename" =
REPLACE(download_filename,'_RAVI_', '_')
WHERE "filename" ~~ 'MBV%RAVI%'
and filename not like '%ARAVIND%'
and filename not like '%KULA%'
and so on. It took two mornings to finish.

Saturday, October 06, 2007

extra-curricular activities

Aiming to use Dataone for "Loka Samasta Sukhino Bhavantu", doing a bit of cleanup for some other sites on a purely voluntary basis, avoiding the limelight....

Tuesday, October 02, 2007

R's iptables config for ssh natting

Struggled a bit with R to configure his machine to nat ssh - here's a working /etc/sysconfig/iptables for Fedora -
# Generated by iptables-save v1.2.11 on Sat Mar 11 13:08:36 2006
*filter
:INPUT DROP [1339:140723]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [137:35130]
# allow local loopback connections
-A INPUT -i lo -j ACCEPT
# drop INVALID connections
-A INPUT -m state --state INVALID -j DROP
-A OUTPUT -m state --state INVALID -j DROP
-A FORWARD -m state --state INVALID -j DROP
# accept requests from internal machines on port 8080
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A FORWARD -s 192.168.0.0/255.255.255.0 -i eth0 -p tcp -m tcp --dport 80 -j REJECT
-A FORWARD -s 192.168.0.0/255.255.255.0 -i eth0 -p tcp -m tcp --dport 443 -j REJECT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -d 202.141.1.132 -o eth0 -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT
-A OUTPUT -d 202.41.99.9 -o eth0 -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT
COMMIT
# Completed on Sat Mar 11 13:08:36 2006
# Generated by iptables-save v1.2.11 on Sat Mar 11 13:08:36 2006
*nat
:PREROUTING ACCEPT [128:15724]
:POSTROUTING ACCEPT [35:2100]
:OUTPUT ACCEPT [35:2100]
-A POSTROUTING -s 192.168.0.0/255.255.255.0 -o eth1 -j MASQUERADE
COMMIT
# Completed on Sat Mar 11 13:08:36 2006
By changing the ports to REJECT in the format --dport 8081:65535 he can block access to any other service.

We took more than an hour, because default routes were not set to use this machine as a gateway, and also the machine blocks pings. Once the gateway was set correctly on his double-homed Win2k3 box, it worked. But we also struggled a bit because of forgetting the two COMMITs, one after each *table. Also, the
echo "1" > /proc/sys/net/ipv4/ip_forward
was getting overwritten on service network restart, he had to add it to the startup scripts.