How to change administrator username in WordPress

By default, WordPress won’t allow you to change username of  your administrator account. There are several ways to do this. There are even plugins for this, but I think using plugins for this task is unnecessary and bad idea in general. WordPress is great but consider using as less plugins as you can. Especially bad ones, they are just calling to be hacked by evil guys with too much time. 🙂

Here is how to change administrators username with one simple mysql command.

First, select your wordpress database.

mysql> show tables;
+-----------------------+
| Tables_in_sample-blog |
+-----------------------+
| wp_commentmeta        |
| wp_comments           |
| wp_links              |
| wp_options            |
| wp_postmeta           |
| wp_posts              |
| wp_snippets           |
| wp_term_relationships |
| wp_term_taxonomy      |
| wp_termmeta           |
| wp_terms              |
| wp_usermeta           |
| wp_users              |
+-----------------------+

So in this case I want to change username for my admin user.

mysql> select id, user_login from wp_users;
+----+------------+
| id | user_login |
+----+------------+
|  1 | admin      |
|  2 | someuser   |
+----+------------+

You just have to update user_login field in wp_users table with command below. Of course change id and user_login value to your needs.

mysql> update wp_users set user_login="igor" where id="1";
Query OK, 1 row affected (0.05 sec)
Rows matched: 1  Changed: 1  Warnings: 0

Username is now changed. You can login in your wordpress with new username.

mysql> select id, user_login from wp_users;
+----+------------+
| id | user_login |
+----+------------+
|  1 | igor       |
|  2 | someuser   |
+----+------------+

Exim – delete specific emails from queue

Sometimes your exim mail queue can grow quite large. Especially when some website (WordPress!) is hacked and is sending tons of spam mail. Or when you end up with thousands of frozen mails. You probably don’t want to remove all emails from queue. That would mean legit emails too. You want to specify and delete only specific ones.

For sake of this demonstration we want to delete all emails that contains string domain.com

18h   60K 1b33Uz-000LkN-48 <info@domain.com> (someuser)
          info@somedomain.com

Just run command below and all mails with string match doman.com will be deleted from mail queue.

exim -bp |  grep "domain.com" | awk {'print $3'} | xargs exim -Mrm

Or for example, in case of frozen mails:

exim -bp |  grep froz | awk {'print $3'} | xargs exim -Mrm

Find CryptoPHP hacks on your server / False php scripts

CryptoPHP is nasty little shit! A while ago I had a problem with spam on one of our hosting servers. When we ended on several RBL lists, one of them stated that there is a possible way that our machine is infected with CryptoPHP. Hacked files can be very hard to find. PHP code was hidden in false .png files! This pngs were then included in some legit php files, like index.php. So every time index.php was loaded, hacked code inside included png file was loaded too.

Here is how you can find if there are false png files on your system. Just scan your directory with this line:

find -L /path/to/dir/ -type f -name "*.png" -exec file {} + | grep PHP

You could also scan your system for other types of files. Just replace *.png with something elese, for example *.jpg.

Output for legit files will look something like this:

./wp-includes/js/tinymce/skins/wordpress/images/more-2x.png:    PNG image data, 3800 x 40, 4-bit colormap, non-interlaced

Output for script that pretends to be regular PNG file – hacks – will look something like this:

./test.png:   PHP script, ASCII text

How to transfer SSL certificate from Linux to Windows

Sometimes you may want to transfer your SSL certificate to Windows enviroment. So if you searching for how to transfer and find this article, than I’m sure that you know how to install certificate on Linux or Windows machine. Otherwise there are a million tutorials that you can find on google. I will explain how to transfer your certificate from Linux to Windows.

First, you need to create .pem file. This file must contain private key and certificate hash (.key and .crt). Open your favorite text editor (vi) and paste the content of your key and certificate file in one file. You must paste it in that order with a line break. First key and then crt. Save this file as sslcertificate.pem.

On IIS server you’ll need a file in p12 format. You can simply create p12 file by execute command below on your Linux machine. You’ll have to define password for your .p12 file. Remember this password because you’ll need it later!

openssl pkcs12 -export -in sslcertificate.pem -out sslcertificate.p12 //replace with your attributes

Transfer your freshly created sslcertificate.p12 file on to your Windows machine. You’ll import your sslcertificate.p12 in your IIS. On Windows machine, find properties of your website in IIS and then go into Directory Security tab. Click on button Server Certificate and then select option Import. Than will asked you to find file. You need to change scope to All files as otherwise, sslcertificate.p12 file won’t be visible. When you’ll select sslcertificate.p12 file, you’ll be asked to enter password. Enter the password that you defined in step 3. This is it! You transferred SSL certificate from Linux to Windows.

Directadmin – auto block IP with firewall on FreeBSD

I wanted to block IP adressess which Directadmin recognized as source of brute force attacks. There is documentation about this for Linux and FreeBSD. I’m using PF as firewall on my system and not IPFW. There is only documentation how to create this with IPFW. So here is a little tweak and IP’s are blocked with PF automatically. Here is how:

In /etc/pf.conf create new table spammers that will persist on file /etc/spammers.

table  persist file “/etc/spammers”

Create block rule so that IP addresses from spammers table will be blocked. Ifext is my network card so change this to your needs.

block drop in quick on $ifext from  to any

In /usr/local/directadmin/scripts/custom/ create new script block_ip.sh and add code below.

#!/bin/sh
echo “Blocking $ip with pf …
”;
pfctl -t spammers -T add $ip
echo $ip >> /etc/spammers
exit $?

As you can see we are using command pfctl -t spammers -T add $ip which is PF syntax. When IP will be recorded it will be immediately added to table spammers and file /etc/spammers that we’ll create in next step. When pf restarts, rule is deleted from ram. But in this case IP is also stored in file /etc/spammers so it will be loaded in spammers table.

Create file /etc/spammers and save it. Thats were blocked IP’s will save.
This script must be manualy started from Directadmin administration. We can make it to run automatically. In /usr/local/directadmin/scripts/custom/ create another script named brute_force_notice_ip.sh. As specified in directadmin documentation you do that like so:

cd /usr/local/directadmin/scripts/custom
wget http://files.directadmin.com/services/all/brute_force_notice_ip.sh
chmod 700 brute_force_notice_ip.sh

IP’s that are listed as source of brute force attacks will now be automaticly blocked with PF.

Create dump of specific tables from mysql database

You can simply create backups of specific tables with mysqldump.

mysqldump -u  -p  databasename table1 table2 table3 ... > mysqldump_file.sql

Directadmin – enable and configure Spamassassin automatically when adding user

By default, when you add new user in Directadmin, Spamassassin is disabled. Some users may not know about Spamassassin, so they’ll have it disabled and will receiving a lot of spam. So it may be good practice to enable Spamassassin by default. You can do that by adding below code in your /usr/local/directadmin/scripts/custom/user_create_post.sh script. The first step is well described on Directadmin sites. But you may also want to define some parameters for Spamassassin “on the fly”. You can do that by manipulating filter.conf file.
In this example I want that on user creation:

  1. spam goes to appropriate users spam folder,
  2. I don’t want to delete high scoring spam,
  3. I want to rewrite subject of spam email with *****SPAM*****.

Just add below code in your user_create_post.sh script. And remove script comments (##).

## We enable Spamassassin, create needed files and give them appropriate permissions
if [ “$spam” = “ON” ]; then
DIR=/home/$username/.spamassassin
mkdir $DIR
touch $DIR/user_prefs
chown ${username}:mail $DIR
chmod 771 $DIR
chown $username:$username $DIR/user_prefs
chmod 755 $DIR/user_prefs
touch $DIR/spam
chown mail:$username $DIR/spam
chmod 660 $DIR/spam

## Here we define some variables for Spamassassin by adding some lines to filter.conf
echo “high_score=15” >> /etc/virtual/$domain/filter.conf
echo “high_score_block=no” >> /etc/virtual/$domain/filter.conf
echo “where=userspamfolder” >> /etc/virtual/$domain/filter.conf
echo “rewrite_header subject *****SPAM*****” >> /home/$username/.spamassassin/user_prefs

## Adding operation in task queue
echo “action=rewrite&value=filter&user=$username” >> /usr/local/directadmin/data/task.queue
fi
exit 0;

FTP file transfer from command line with wget

Sometimes you have a lot of files to transfer and no rsync, only FTP. You don’t want to sit in front of the computer and waiting for files to transfer. If you have access to command line, there is a simple solution on how to transfer all your files through FTP with wget. Once transfer is started you don’t want to close terminal session as you would cancel transfer also. Luckily there is great piece of software named screen. So, you start a new screen session by typing command screen, and run command below. Then you can detach from that screen session with pressing CTRL + A + D. This way file transfer will continue to transfer in background. You can even shut down your computer. When you want to see if all is transfered, you can just attach screen session back with command screen -x.

So in screen, just run this:

wget -m ftp://username:password@ftp.hostname.com

© 2024 geegkytuts.net
Hosted by SIEL


About author