How to deploy HyperDB

Ever since I’ve started experimenting with HyperDB I thought that once I’ve got enough servers at my disposal, and if I ever figure out how to setup MySQL replication I’d bring the two together. I believe that day has finally come: HyperDB is now deployed across over 60 sites I’m taking care of.

I want to share with you my configuration and some of the pitfalls I’ve come across – if it helps, great. But mainly these notes are for me to remember how I did it when the next cluster needs to be built.

Read more

Calling all Forum Beta Testers

Great News: I’ve been meaning to add a general WordPress forum to this site for a while, but none of the options seemed to work well for what I wanted to do.

All I needed was a simple discussion forum, integrated into WordPress – I really didn’t want to mess around with phpBB or the likes. bbPress is in a constant state of beta and gives me a headache every time I want to make it work, SimplePress is ugly and basically all of the above are overcomplicated.

Enter Tal.ki – an embeddable forum solution that promises to give me a forum with only one line of code, or alternatively as a WordPress Plugin! It’s not live on this site – let’s test it out!

Read more

How to prevent direct file access in your wp-content directory

I was working on a secure site with sensitive video material that we needed strict members access to. Even though many plugins can make sure your direct permalinks can only be seen by logged in members, direct links to files in your wp-content directory are still accessible to others. They can even be hotlinked from other sites.

One way around this is to move the wp-content directory outside the web visible portion of your directory on the server, but even so WordPress can always link to such files. A better way is to tell your server not to give access to certain files (say ending with mp4 or mp3) and only allow access from your own domain.

We can use Apache Mod Rewrite for this – it’s a complex language that you can utilise in your .htaccess file within the wp-content folder.

Let me show you how to keep prying eyes out of your content.

Read more

How to avoid emails from Dr. Web

Dr. Web is a Russian anti-virus utility that comes bundled with Plesk. It’s good and it tries to keep the bad guys out.

To keep up with all the mutations out there it tries to update itself frequently. B default, Plesk sends the system admin an email when this happens – no matter if Dr. Web was successful or if there was a problem.

This is what a sample email looks like:

/etc/cron.daily/drweb-update:

Dr.Web update details:
Update server: http://update.us1.drweb.com/plesk/700/unix
Update has begun at Thu May 17 03:37:07 2011
Update has finished at Thu May 17 03:38:16 2011

Following files have been updated:
	/var/drweb/bases/drwdaily.vdb
	/var/drweb/bases/drwtoday.vdb
	/var/drweb/bases/dwmtoday.vdb
	/var/drweb/bases/dwntoday.vdb
	/var/drweb/bases/dwrtoday.vdb
	/var/drweb/bases/timestamp
	/var/drweb/updates/timestamp

Multiply that email by the number of servers you’re looking after, and you’ll soon have an overflowing inbox.

Here’s the solution: tweak a system file and divert those emails to nowhere.

Read more

Say hello to WP Hosting

After well over a year I am very pleased to share with you our latest business venture:

WP Hosting – the easiest way to get a self-hosted WordPress site.

WP Hosting has been in the making for quite some time, and what better way to make its launch coincide with the release of WordPress 3.3. With it come some fundamental changes to the way we do things here – let me explain the details.

Read more

How to install OSSEC HIDS on CentOS 6 and 7

Remote computers are under constant attack by Evil Dudes – that’s especially true for Linux servers. To prevent such attacks by Evil Dudes from Hacker Land, I’ve been relying on the amazing OSSEC Host Intrusion Detection System on all my machines.

Even though the OSSEC website is great, I always forget the simple steps that are involved in getting it up and running on a brand new server. Here are the steps that work for me.

I’ve originally written this article in 2011 for OSSEC 2.6, but I’ve just updated and tested the instructions again with OSSEC 2.8.1 on CentOS 7. It’s my go-to guide on how to get OSSEC up and running. However, by the time you read this it may all be completely out of date – please bear that in mind. Thanks 😉

Read more

How to install Plesk on CentOS 6

The other day I got myself a brand new server – so barebones that I had to do everything myself, including picking a Linux distribution. Sadly the one I wanted (CentOS 6) did not come bundled with Plesk so I had to install it manually.

I thought I’d better take some notes so I can retrace my steps.

At the time of writing, Plesk 10.3 is current, with 10.4 just around the corner. Keep this in mind – things tend to change drastically with every major release.

Read more