DHCP (DORA) Process

This is how DHCP (Dynamically Host Configuration Protocol) works internally when you connect a laptop to a LAN with DHCP server configured.

When you connect a computer in a network , automatically you will get an ip address for your computer or when you try with ipconfig/release and ipconfig/renew from your DOS prompt in your system you will get a new ip address.

It’s a four step process:

DHCP (D)iscover
DHCP (O)ffer
DHCP (R)equest
DHCP (A)ck

Step 1:

Your laptop sends a “Discovery” request, asking for it’s IP information from any listening DHCP servers on your LAN.

Step 2:

Any listening DHCP servers will “Offer” their configuration information to your workstation, here your laptop.

Step 3:

You workstation chooses the best lease; then “Requests” that lease from the corresponding DHCP server.

Step 4:

The DHCP server you requested the IP configuration information from then “Acknowledges” your request and leases you the IP configuration information.

Last but not least, if none of the DHCP server is availble in your network or the connection is broken to your DHCP server APIPA would automatically assign a unique class B IP address to each machine in the range of 169.254.0.1 to 169.254.255.254 range.

Advertisements

Test Authenticated SMTP using Telnet

We all know how to test SMTP server by telneting to port 25. But, what if you have to test a SMTP server that has to be authenticated before you send a test mail using telnet. The only difference from normal test is, here you have to authenticate with the user/password, not in plain text, but you should send the authentication string with a Base64-encoded (http://base64-encoder-online.waraxe.us) password.

So, here is how you would test authenticated smtp server using telnet.

telnet smtp.mymailserver.net 25

220 mi1 ESMTP service ready
ehlo localhost
250-mi1
250-8BITMIME
250-SIZE 20480000
250-AUTH=PLAIN LOGIN
250-AUTH PLAIN LOGIN
250 STARTTLS
Auth Login
334 VXNlcm5hbWU6
c3VwcG9ydEyMHBsdXNjbHViLmNvbQ==
334 UGFzc3dvcmQ6
RHZsNIwWA==
235 Authentication successful.
MAIL FROM: support@mydomain.com
250 Sender address accepted
RCPT TO: soj@yahoo.com
250 Recipient address accepted
DATA
354 Continue
This is a test message for SMTP auth using telnet. Plz ignore. Don't reply.
.
250 Delivery in progress

So, the difference is what you see in those 3 lines starting from “Auth Login” and the following 2 codes are username and password respectively which does SMTP authentication. Those 2 encoded codes are generated using http://base64-encoder-online.waraxe.us

I hope this helps.

Load Balancing

What is Load Balancing?

Load Balancing is taking the overall hosting burden and spreading across multiple servers so at any given time, a single device or hardware is not overwhelmed. Load balancing also offers a level of redundancy. It allows you to have a scheduled maintenance work, and if a server should fail, there is already one there to take over that burden. It also allows end users to have a seamless, uninterrupted end user experience.

Who should use Load Balancing?

Medium to Large Businesses
eCommerce Businesses
Any mission critical application

Basically any business with the multi-service stratergy, which can’t afford a moment of downtime should consider implementing load balancing.

Few info on Server Clustering

What is Server Clustering?

A server clustering is a group of linked servers, working together as a single solution. They can be programmed to balance the overall processing load of the hosting solution or be designated to handle specific individual requirement within the whole solution.

Why do we need Clustering?

If you have a multi faceted or large solution, clustering is ideal for meeting these large solutions with high demands.

Enhanced Performance: By harnessing the power of several servers, speed and efficiency can be dramatically improved. Databases, which allows for vast data storage and utilization which is easily scalable. Furthermore, a cluster server is ideal for a busy e-commerce site. They can deliver faster and more reliable solution with less downtime. Also, they can be customized to deliver unique experience for each visitor.

What does a good provider offer?

First and foremost, the latest technology. This simply means increasing your clustered solution quickly without going offline or disrupting your end user experience and finally 24×7 expert support and guaranteed excellent response times.

Disaster Recovery Planning

What is Disaster Recovery Planning?

Disaster Recovery Planning is a technology-based process that ensures client’s solutions are returned to normal performance as soon as possible after a major event. It is a strategy to keep vital data safe and accessible even in the worst of situations. It also ensures applications stay online continuously to prevent the loss of business. Also, it ensures a continuity of service to the client’s customers so your good reputation remains intact.

Who should consider a Disaster Recovery Plan?

In reality Disaster Recovery Planning should be important for every business with an online presence. It’s vital for mission critical applications and crucial to any online business that stores client information and user data.

What does a good provider include in their Disaster Recovery Plan?

• Managed backups:
Expert managed backups of clients’ data are set at regular intervals, so in the event of disaster files and applications can be immediately restored.

• Offsite data backup:
For organisations storing vital or sensitive data offsite data backup adds a further level of security. Should disaster affect the primary storage location, data is therefore safe and accessible at all times in a secondary location.

• A Business Continuity Platform:
This plug-in-and-go service ensures that even in the most trying server situations, clients remain up, running and ready to do business.

Updating Password for MySQL server

These are some of the things that we have to keep in mine when installing MySQL and updating passwords for the root user.

First check if MySQL is installed or not.

rpm -qa | grep mysql
yum search mysql

Install MySQL Server:

yum install mysql
yum install mysql-server

Query list the installed package to check the contents:

rpm -ql mysql-server

Some of the important files to note are the data directory, log files and PID directory.

Data Directory – /var/lib/mysql
Log File – /var/log/mysqld.log
PID Directory – /var/run/mysql

You can query list the MySQL client package to enumerate the common user binaries

rpm -ql mysql

/usr/bin/mysqladmin
/usr/bin/mysqlcheck
/usr/bin/mysqldump
/usr/bin/mysqlimport

Also, worth checking the MySQL libs directory for system wide configuration file (/etc/my.cnf) which is read by both Client and MySQL server.

rpm -ql mysql-libs

vi /etc/my.cnf

[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0

[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

:wq!

Now, enable MySQL service at startup as follows:

chkconfig –list mysqld
chkconfig mysqld on
service mysqld start

By default mysql maintains a root password which is UNDEFINED. So, you gotta change the password.

Before changing the password, you can connect to mysql server by typing ‘mysql’ at the command prompt.

[root@linuxgenius soj]# mysql

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| test               |
+--------------------+
3 rows in set (0.10 sec)

mysql> select user,host,password from mysql.user;
+------+--------------------+-------------------------------------------+
| user | host               | password                                  |
+------+--------------------+-------------------------------------------+
| root | localhost          |                                           |
| root | linuxgenius.gemini |                                           |
| root | 127.0.0.1          |                                           |
|      | localhost          |                                           |
|      | linuxgenius.gemini |                                           |
+------+--------------------+-------------------------------------------+
5 rows in set (0.00 sec)

From the above table, you can see by default there are 3 root users without any password and 2 anonymous users.

MySQL represents users as user@host. So, in the first instance, we change password for the root user @ localhost and in the second instance, we change password for root user @ FQDN (root@linuxgenius.gemini).

There are two ways to change MySQL user password.

First option is using mysqladmin tool from the command line as follows:

/usr/bin/mysqladmin -u root password ‘word12’
/usr/bin/mysqladmin -u root -h linuxgenius.gemini password ‘word12’

mysql> select user,host,password from mysql.user;
+------+--------------------+-------------------------------------------+
| user | host               | password                                  |
+------+--------------------+-------------------------------------------+
| root | localhost          | *4E35FA4ABB37E8A43AD4C3C94CDA57ADD4B67B46 |
| root | linuxgenius.gemini |                                           |
| root | 127.0.0.1          |                                           |
|      | localhost          |                                           |
|      | linuxgenius.gemini |                                           |
+------+--------------------+-------------------------------------------+
5 rows in set (0.00 sec)

From the above table, you can see that password is set only for root@localhost, but you will still be able to connect without any password for the 2nd root user as follows:

[root@linuxgenius soj]# mysql -u root -h linuxgenius.gemini

As a security measure, you have to update the password for all hosts.

Second way to change the password is by connecting to MySQL server.

Once you are in the MySQL prompt, issue the following command to update the password

mysql> set password for ‘root’@’linuxgenius.gemini’ = password(‘word12’);

mysql> select user,host,password from mysql.user;
+------+--------------------+-------------------------------------------+
| user | host               | password                                  |
+------+--------------------+-------------------------------------------+
| root | localhost          | *4E35FA4ABB37E8A43AD4C3C94CDA57ADD4B67B46 |
| root | linuxgenius.gemini | *4E35FA4ABB37E8A43AD4C3C94CDA57ADD4B67B46 |
| root | 127.0.0.1          |                                           |
|      | localhost          |                                           |
|      | linuxgenius.gemini |                                           |
+------+--------------------+-------------------------------------------+
5 rows in set (0.00 sec)

You can see that password is now updated for the 2nd root user. Update password for the 3rd root user or you can delete that user since we have already set the password for localhost.

Make sure you issue the command “flush privileges” whenever you change passwords so that the changed password is updated instantly.

Also, the two anonymous login should be deleted as follows:

mysql> delete from mysql.user where user = '';

Query OK, 2 rows affected (0.25 sec)

mysql> select user,host,password from mysql.user;
+------+--------------------+-------------------------------------------+
| user | host               | password                                  |
+------+--------------------+-------------------------------------------+
| root | localhost          | *4E35FA4ABB37E8A43AD4C3C94CDA57ADD4B67B46 |
| root | linuxgenius.gemini | *4E35FA4ABB37E8A43AD4C3C94CDA57ADD4B67B46 |
| root | 127.0.0.1          | *4E35FA4ABB37E8A43AD4C3C94CDA57ADD4B67B46 |
+------+--------------------+-------------------------------------------+
3 rows in set (0.00 sec)

Also, note that MySQL reads a hierarchy of configuration files upon invocation:

/etc/my.cnf – System wide file
$HOME/.my.cnf – User wide file
CLI – Command Line Interface

I’ll write a separate article later on MySQL tools and managing MySQL server.

Block those suckers from eating up your website bandwidth

Hot-linking (Bandwidth theft) is a term used when someone uses a link to an image that is saved on another website instead of saving a copy of the image on the website that the picture will be shown on. An example would be using an tag to display a JPEG image you found on someone else’s web page so it will appear on your own site. This means you are stealing bandwidth of another user by accessing the images on their website whenever you access or loads your website and the other guy ends up paying for all the bandwidth you used. This can happen to your website as well. So, how do you stop others from stealing your bandwidth – Simple Answer is by using an htaccess file to stop others from hotlinking your images on their website. This is how it’s done:

# stop hotlinking and serve 403 error
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain1\.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain2\.com/.*$ [NC]
RewriteRule .*\.(gif|jpg|jpeg)$ – [F,L]

This will block any images with extension “gif, jpg or jpeg” on domain1.com or domain2.com from being hotlinked by any external website.

Note: Instead of 403 error, if you want to redirect to some dummy image, then you can replace the last line in the above rule as follows:

RewriteRule .*\.(gif|jpg)$ http://www.domain.com/dummy_image.jpg [R,NC,L]

To grant linking permission to a site other than yours, insert this code block after the line containing the “domain2.com” string. Remember to replace “goodsite.com” with the actual site domain:

# allow linking from the site ‘goodsite.com’
RewriteCond %{HTTP_REFERER} !^http://(www\.)?goodsite\.com/.*$ [NC]