Categoria: linux

17 ottobre 2017 / / english

Checking a Zimbra Network Edition server I found out backups were not running for some time. Nobody noticed because reports email were not delivered.

When running

zmbackup -f -a all

I got this error message:

Error occurred: system failure: unable to retrieve latest session-account, account name-id maps

Talking in IRC Tonster suggested that the main Zimbra backup file, accounts.xml, could have been corrupted.

11 settembre 2017 / / english

Yesterday I released a new version (thus introducing the concept of versions) of the certbot-zimbra script.

One of the most notably change is the removal of the patches/ subdirectory, which I personally hated. Now patches are embedded inside the script. Less crap around to manage!

Also the patching method was changed: instead of having a single patch file (or variable, with the new method) for every Zimbra version now I do version comparison. So now there’s an if (version < 8.6) apply patch 1, otherwise if lower than X.Y apply patch 2 and so on. Simpler and less problematic for users.

8 settembre 2017 / / english
5 settembre 2017 / / english

wordpress-bruteforceNot the best solution out there, but a piece that could help.

I’ve an hosting VPS with LEMP stack and ISPConfig, on which I have some WordPress sites. WordPress sites are known to be very popular among spammers and crackers, not because of the core itself but because its thousands of plugins are often not updated and so easily crackable, or beause they know their chickens and WP admins might use weak passwords which can be bruteforced.

So I often find a lot of POSTs against wp-login.php in my webserver log. How to block them?

29 agosto 2017 / / english
31 luglio 2017 / / english

I’ve used handle in the title because you cannot actually manage Access MDB tables from within PHP itself, and I didn’t want to add a misleading title just to attract people…

What you can do is import the data, and not even from PHP itself but by using external tools.

I’m showing the most I could achieve to import an Access file to MySQL, and then handle the data in there. Of course this way you cannot write data back to Access. And I hope it’s the goal of everyone else: who as of today is still relying on Access to store data?

Anyway, the only way I managed to get the data out of Access is using mdbtools. They’re some open source tools to get data from mdb files, so through exec‘s php function you can call them and obtain the informations.

7 luglio 2017 / / english
16 giugno 2017 / / english

We recently got in charge of an existing Zimbra installation, and the IT guy told me that users couldn’t change their password.

At first I thought there was external authentication enabled against their AD/LDAP directory, but checking in the domain settings the auth was internal.

Then by digging into Zimbra configuration attrs list, and searching first for password, on the second page I find an intriguing parameter:

14 giugno 2017 / / english

We mainly use KVM as virtualization hypervisor, but sometimes we have XenServer installations. Often in these situation we deploy a firewall as a Virtual Machine, but sadly pfSense, or better FreeBSD in general, has networking problems in virtualization environments.

The typical situation when pfSense is installed is that:

  • networking is fine on the hosts of the LAN. The VMs work fine in the LAN;
  • the hosts on the LAN can access internet without problems;
  • XenServer host and other virtual machines can ping outside, but almost all TCP connections doesn’t work, inbound or outbound.

To solve such problems with KVM it’s enough to Disable hardware checksum offload in pfSense’s advanced network preferences. But this doesn’t apply to XenServer.

6 giugno 2017 / / english