Re: [arch-general] My Apache Sever Compromised?
On Wed, Apr 9, 2014 at 7:38 PM, ProgAndy ad...@progandy.de wrote: Am 09.04.2014 19:32, schrieb Jameson: On Tue, Apr 1, 2014 at 9:30 AM, Nowaker enwuk...@gmail.com wrote: 199.83.93.35 - - [29/Mar/2014:22:04:54 -0400] GET http://ro2.biz/pixel.png HTTP/1.0 200 151 But the most interesting part is that your apache is replying with 200, that is OK! Nice catch! It's certainly a proxy. Thanks for everyone's help with this. I did in fact have ProxyRequests set to On thinking it was needed for reverse proxies as well, and have turned it off. Now, when I open up port 80, it looks like they're still trying, but I'm replying with 404. Is that what it should be doing? I probably also need to make sure I have some throttling setup in case this is too much for my Internet connection. If you know the IP addresses (or address-ranges) you use to connect to your server, I suggest you block everything else for the time being with an iptables rule. fail2ban can do that automatically for you, with some work configuring it. In general I think it's better not to send a 404 when someone is obviously trying to abuse your servers, that tells the bad guys that there is a web server listening there and may leak some information about your setup. It's better to block them at the firewall level, which costs you less server resources. I'd sugest that the firewall is configured to deny (that is, just drop their packets) instead of reject (which sends a rejection packet which, again, gives the bad guys more information than strictly necessary).
Re: [arch-general] X11vnc in xbmc archlinux
On Mon, Apr 7, 2014 at 12:55 PM, Maykel Franco maykeldeb...@gmail.comwrote: Hi, I configured the archlinux + xbmc. I will like remote control xbmc with x11vnc from other machine. Now, I control the xbmc with xbmc remote from android. And also start x11vnc when archlinux boot... Thanks in advanced. You should be able to connect to the x11vnc server with any vnc client, like Vinagre. Once a vnc connection is established, if xbmc is running, you can control it with the keyboard/mouse of the machine running the vnc client. What problem are you experiencing, exactly? --- I'd flash you my business card, but my hands are too full of guns. - Peter Quill, aka Star-Lord, making another dashing rescue
Re: [arch-general] X11vnc in xbmc archlinux
On Mon, Apr 7, 2014 at 1:06 PM, Maykel Franco maykeldeb...@gmail.comwrote: 2014-04-07 13:00 GMT+02:00 ger...@gmail.com ger...@gmail.com: On Mon, Apr 7, 2014 at 12:55 PM, Maykel Franco maykeldeb...@gmail.com wrote: Hi, I configured the archlinux + xbmc. I will like remote control xbmc with x11vnc from other machine. Now, I control the xbmc with xbmc remote from android. And also start x11vnc when archlinux boot... Thanks in advanced. You should be able to connect to the x11vnc server with any vnc client, like Vinagre. Once a vnc connection is established, if xbmc is running, you can control it with the keyboard/mouse of the machine running the vnc client. What problem are you experiencing, exactly? --- I'd flash you my business card, but my hands are too full of guns. - Peter Quill, aka Star-Lord, making another dashing rescue No problem for connect...The problem is: I need start x11vnc when computer boot... Sorry for my english. Thanks for your response. Are you using a display manager and desktop environment? I once had a setup exactly like you're describing. What I did was: - I had LightDM set to autologin the xbmc user, see https://wiki.archlinux.org/index.php/Lightdm#Enabling_Autologin - When the xbmc user was logged in, XFCE was autostarted using .xinitrc, see https://wiki.archlinux.org/index.php/Xinitrc - I wrote a simple bash script that started x11vnc. Using XFCE's settings GUI, I added two autostart applications: XBMC and the start_x11vnc.sh script I had written. See https://wiki.archlinux.org/index.php/Xfce#Custom_Startup_Applications With this setup when the machine starts, it will autologin the xbmc user, it will start the XFCE desktop environment, and immediately XBMC will start (normally full-screen) and the x11vnc server will also start. There are more lightweight ways of doing this, but I liked being able to exit XMBC and still have a full desktop environment for any file manipulations or whatever.
Re: [arch-general] [arch-dev-public] Upgrading Apache to 2.4
On Mon, Mar 10, 2014 at 7:46 PM, Anatol Pomozov anatol.pomo...@gmail.comwrote: Hi On Mon, Mar 10, 2014 at 11:41 AM, ger...@gmail.com ger...@gmail.com wrote: On Mon, Mar 10, 2014 at 7:21 PM, Anatol Pomozov anatol.pomo...@gmail.comwrote: Hi On Fri, Mar 7, 2014 at 1:10 AM, Sebastiaan Lokhorst sebastiaanlokho...@gmail.com wrote: Thanks for taking the effort to finally update Apache! When trying to start Apache with PHP, I get the same error as Rene. Just to be clear, what is the recommended way to run Apache+PHP now? Will mod_php5 will still be supported? Ok, it seems that main source of questions is php-apache package that causes Apache is running a threaded MPM, but your PHP Module is not compiled to be threadsafe. You need to recompile PHP. error at apache start. The answer is that you need to switch apache MPM from default mod_mpm_event to slower but mod_php-compatible mod_mpm_prefork. See more information in at wiki page https://wiki.archlinux.org/index.php/LAMP#Troubleshooting BTW kudos to our users who already updated wiki for Apache2.4! And of course anyone is welcome to create a threadsafe version of php-apache in AUR so it can be used with mpm_event. I've also had problems making nagios work under Apache 2.4. When I click on any sidebar link, instead of executing the CGI I'm presented with the download dialog to download the CGI file. I guess CGIs have stopped working after upgrading. I think mod_cgi does not exist for Apache 2.4, and none of the similarly-named mods (mod_fastcgi, mod_proxy_fcgi, mod_fastcgi) seems to be a drop-in replacement for mod_cgi. What is the recommended way to run CGIs, specifically those needed for the Nagios web interface, under Apache 2.4? Update to version 2.4.7-2 (now it stable). It added missing modules to the package: mod_cern_meta mod_cgi mod_ident mod_imagemap mod_lua mod_proxy_html mod_xml2enc Wonderful! After nagios stopped working, I downgraded apache back to 2.2 and put it in IgnorePkg, I didn't think it was a matter of just waiting for the next update. 2.4.7-2 is working fine for me. Also, having mod_proxy_html and mod_xml2enc as part of the core apache package instead of having to get them from AUR is an improvement (the AUR PKGFILE for mod_proxy_html doesn't even compile mod_xml2enc even though the sources are downloaded in the tarball, I had to add it by hand). Thanks Anatol!
Re: [arch-general] [arch-dev-public] Upgrading Apache to 2.4
On Mon, Mar 10, 2014 at 7:21 PM, Anatol Pomozov anatol.pomo...@gmail.comwrote: Hi On Fri, Mar 7, 2014 at 1:10 AM, Sebastiaan Lokhorst sebastiaanlokho...@gmail.com wrote: Thanks for taking the effort to finally update Apache! When trying to start Apache with PHP, I get the same error as Rene. Just to be clear, what is the recommended way to run Apache+PHP now? Will mod_php5 will still be supported? Ok, it seems that main source of questions is php-apache package that causes Apache is running a threaded MPM, but your PHP Module is not compiled to be threadsafe. You need to recompile PHP. error at apache start. The answer is that you need to switch apache MPM from default mod_mpm_event to slower but mod_php-compatible mod_mpm_prefork. See more information in at wiki page https://wiki.archlinux.org/index.php/LAMP#Troubleshooting BTW kudos to our users who already updated wiki for Apache2.4! And of course anyone is welcome to create a threadsafe version of php-apache in AUR so it can be used with mpm_event. I've also had problems making nagios work under Apache 2.4. When I click on any sidebar link, instead of executing the CGI I'm presented with the download dialog to download the CGI file. I guess CGIs have stopped working after upgrading. I think mod_cgi does not exist for Apache 2.4, and none of the similarly-named mods (mod_fastcgi, mod_proxy_fcgi, mod_fastcgi) seems to be a drop-in replacement for mod_cgi. What is the recommended way to run CGIs, specifically those needed for the Nagios web interface, under Apache 2.4?
Re: [arch-general] Ruby gem packages in Arch
On Mon, Jan 13, 2014 at 4:35 PM, Maxime Gauduin aluc...@gmail.com wrote: As I mentioned above, you can easily reverse that statement. Why throw Bundler and Rubygems in the mix when you have pacman? I personally think that having pacman-managed dirs tinkered with by another package manager is heresy :P I have no problem using one in ~ or any other dir that pacman does not manage though, and as Rashif said, all in all it's just a matter of options and preferences. Rubygems, as well as well as bundler, RVM and the rest of the Ruby ecosystem, use folders under $HOME by default (unless installing with sudo, which is not really necessary). There should be no pollution of pacman-managed dirs. I also think pacman packages for ruby gems, or even the Ruby interpreter itself, are wasted effort. The ruby community generally considers using system-managed gems and interpreters a bad practice; they get slower updates, it's hard to keep multiple versions installed in parallel, different users share the same set of gems which is not always desirable... I'm sure fixing all those in pacman packages is possible but it would be costly, and why do that work when there are tools in the Ruby ecosystem that already solve the problem in a platform-independent way? It seems to me like a case of when you have a hammer, all problems look like nails. In this case pacman is not the best suited tool, rubygems and bundler and RVM and friends are. Just my 2 cents. --- I'd flash you my business card, but my hands are too full of guns. - Peter Quill, aka Star-Lord, making another dashing rescue
