Categories
Uncategorized

CVE-2012-1823

同一記事の日本語版

   I watched “さくらのVPSに来る悪い人を観察する その2” and “SSH ハニーポットでの悪い人の観察“, then rolled on the floor, laughing. I first found this on “徳丸浩の日記” which reads the slide show is very interesting and very popular lately, so I went to the slide show to be sure it and agreed with it.

   The slide show is related to CVE-2012-1823. Actually, the attacks the slide#36 shows come everywhere whether the vulnerability exists or not. My server is no exception. I don’t create SSH server, and my PHP doesn’t have the vulnerability nor isn’t CGI version, so all attacks failed though.

   Ozuma5119 is a genuine white hacker. If you’re up for this topic, visit the linked sites though they are only in Japanese. Please use some translation services m(_”_)m.

Categories
Uncategorized

phpMyAdmin 4.1.0 is released.

同一記事の日本語版

   phpMyAdmin 4.1.0 is released. They say “With this release the minimum supported PHP version is now 5.3 and the minimum MySQL version is 5.5”. It has a ton of information in the ChangeLog. So I updated.

   I downloaded a phpMyAdmin-4.1.0-english.zip, extracted it, copied my old config.inc.php to the phpmyadmin folder made by extracting, and uploaded all of them to the server (See “To create a Wamp-like Web Server in Windows7-#3.“).

   By the way, when I compared the new config.sample.inc.php with my old one, I found some additional lines in it. Like this:
    At /* User used to manipulate with storage */ area
     // $cfg[‘Servers’][$i][‘controlport’] = ”;

    At /* Storage database and tables */ area
     // $cfg[‘Servers’][$i][‘users’] = ‘pma__users’;
     // $cfg[‘Servers’][$i][‘usergroups’] = ‘pma__usergroups’;
     // $cfg[‘Servers’][$i][‘navigationhiding’] = ‘pma__navigationhiding’;

    At the last area above the doc/ folder information
     /**
      * Should error reporting be enabled for JavaScript errors
      *
      * default = ‘ask’
      */
     //$cfg[‘SendErrorReports’] = ‘ask’;

   So, when I logged on the new phphmyadmin at the first time, I got “The phpMyAdmin configuration storage is not completely configured, some extended features have been deactivated. To find out why click here.”.

   By a clicking, I got the next three alerts.

     $cfg[‘Servers’][$i][‘users’] … not OK [ Documentation ]
     $cfg[‘Servers’][$i][‘usergroups’] … not OK [ Documentation ]
     Configurable menus: Disabled

     $cfg[‘Servers’][$i][‘navigationhiding’] … not OK [ Documentation ]
     Hide/show navigation items: Disabled

   I had instructions, too.

     Quick steps to setup advanced features:

     Create the needed tables with the examples/create_tables.sql.
     Create a pma user and give access to these tables.
     Enable advanced features in configuration file (config.inc.php), for example by starting from
     config.sample.inc.php.
     Re-login to phpMyAdmin to load the updated configuration file.

   To create the tables with the examples/create_tables.sql or by your hand, it is your choice. Further information about this, see “Configuration storage“. As I already had the pma user, I created the tables manually. Then, I added new additional lines above to my config.inc.php, and removed “//” from the head of the next lines.
     $cfg[‘Servers’][$i][‘users’] = ‘pma__users’;
     $cfg[‘Servers’][$i][‘usergroups’] = ‘pma__usergroups’;
     $cfg[‘Servers’][$i][‘navigationhiding’] = ‘pma__navigationhiding’;

   I re-logined to phpMyAdmin to load the updated configuration file. Mission complete.

Categories
Uncategorized

Updating to Apache 2.4.7.

同一記事の日本語版

   Apache HTTP Server 2.4.7 was released, and I think I found something good on Steffen’s post Apache 2.4.7 available.

   I downloaded httpd-2.4.7-win32-VC11.zip (22 Nov) from the ApacheLounge for My Windows7 server. If you need the information about Apache 2.4.x configuration on Windows, see my post ‘To create a Wamp-like Web Server in Windows7-#1.‘.

Categories
Uncategorized

Apache: Use mod_deflate.

同一記事の日本語版

   Yesterday, I changed several settings in Apache conf file.

   Open the httpd.conf.

  1. Uncomment the line to use the module mod_deflate for HTTP compression.
          LoadModule deflate_module modules/mod_deflate.so
  2. Uncomment the line to use the directive AddOutputFilterByType
          LoadModule filter_module modules/mod_filter.so
  3. Uncomment the line to use the directive Header
          LoadModule headers_module modules/mod_headers.so
  4. Uncomment the line to use the module mod_expires.
          LoadModule expires_module modules/mod_expires.so

   Add the next lines to the httpd.conf. About this, I have something not to understand, though.
      # Enables generation of Expires headers
      ExpiresActive On
      # expire images and some applications after a month in the client’s cache
      ExpiresByType image/gif A2592000
      ExpiresByType image/jpeg A2592000
      ExpiresByType image/png A2592000
      ExpiresByType text/javascript A2592000
      ExpiresByType text/css A2592000
      ExpiresByType application/javascript A2592000
      ExpiresByType application/x-font-woff A2592000
      # HTML documents are good for a week from the time they were changed
      ExpiresByType text/html M604800
      ExpiresByType text/plain M604800
      ExpiresByType text/xml M604800
      # Enabling Compression
      AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css application/javascript
      BrowserMatch ^Mozilla/4 gzip-only-text/html
      BrowserMatch ^Mozilla/4.0[678] no-gzip
      BrowserMatch bMSIEs(7|8) !no-gzip !gzip-only-text/html
      # Make sure proxies don’t deliver the wrong content
      SetEnvIfNoCase Request_URI .(?:gif|jpe?g|png)$ dont-vary
      Header append Vary User-Agent env=!dont-vary

Categories
Uncategorized

Cleaning of the laptop (LC5505D).

同一記事の日本語版
   I cleaned the laptop inside (LC5505D).
   This PC is an NEC product and my previous server machine. I use it as a temporary server. Yes, temporary, but the fact that I used it from 2012.Apr.14 to 2013.Aug.01 (he-he). Now, I use this PC instead of an old Elite II Elite-4 (a cybernet product called Keyboard PC) in my living room. Recently, I heard uncomfortable fun noise from it. So, I decided to clean it up yesterday.

  1. First remove the main battery. And, remove four screws. (Fig. 1)
  2. Turn upside down. Slide and remove the palmrest assembly carefully (Fig. 2), because the other side of the palmrest has a touchpad ribbon cable (Fig. 3).
  3. Remove the keyboard panel. Carefully, because it also has a ribbon cable (Fig.3).
  4. Finally, I meet the dusty fun (Fig 4). Ha-ha.

(Fig. 4) Dusty fun
(Fig. 4) Dusty fun

   I cleaned the pc inside up. If you try the same thing, wash your hands first. If you use a vacuum cleaner or something, take precautions against static electricity!!

   After cleaning, I feel something better about the pc. It’s just my imagination??? (^_^;)

   By the way, I pasted the Google AdSense code on the left sidebar. But, it shows ADs in Japanese. How can I change it into English? My sites run on sub directory type. I have not found out “HowTo” yet.

(Fig. 1) Remove screws
(Fig. 1) Remove screws

(Fig. 2) Slide the palmrest assembly
(Fig. 2) Slide the palmrest assembly


(Fig. 3) Ribbon cables
(Fig. 3) Ribbon cables
Categories
Uncategorized

Updating to Apache 2.4.6.

同一記事の日本語版

   Apache HTTP Server 2.4.6 was released, which is for reverting a broken fix for PR54948 that was applied to 2.4.5 (which was not released) and found post-2.4.5 tagging. I heard Apache HTTP Server 2.4.5 broke vhost mapping.

   I downloaded httpd-2.4.6-win32-VC9.zip (16 Jul) from the ApacheLounge for My WindowsXP server. The new httpd.conf has the next four additional lines which are all commented.
————————————————————————————————————————————————
   #LoadModule auth_form_module modules/mod_auth_form.so
   #LoadModule cache_socache_module modules/mod_cache_socache.so
   #LoadModule macro_module modules/mod_macro.so
   #LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so

Categories
Uncategorized

Updating to PHP5.4.17.

同一記事の日本語版

Update information      Edit(Aug.3)

   At Jul-03 23:29:25UTC, they released PHP5.4.17. So, I downloaded a Thread Safe version php-5.4.17-Win32-VC9-x86.zip for my server (WindowsXP SP3 (x86)).

   Acoording to the ChangeLog, it has some bug fixes.

   As php5apache2_4.dll included in the official PHP binary 5.4.10+, I extracted the zip archive and replaced all PHP5.4.15 files with all PHP5.4.16 files except my php.ini. Then, I restarted my Apache. That’s it.

   If you need how to configure PHP5.4, please see the post on my Japanese blog. Of course, it is only in Japanese and for a mbstrings user, but I think the information gives some help for you.

   By the way, they also announced PHP 5.5.0 was available. It doesn’t support WindowsXP anymore. At some point in the near future, i.e. until 2014/Apr/8, I have to reconstruct my server.

Edit(Aug.3):
   If you need how to configure PHP5.5, please see “To create a Wamp-like Web Server in Windows7-#2“.

Categories
Uncategorized

Updating to PHP5.4.16.

Update information      Edit(Aug.3)

   At Jun-05 22:49:25UTC, they released PHP5.4.16. So, I downloaded a Thread Safe version php-5.4.16-Win32-VC9-x86.zip for my server (WindowsXP SP3 (x86)).

   Acoording to the ChangeLog, it has some bug fixes, also patches for CVE-2013-2110.

   As php5apache2_4.dll included in the official PHP binary 5.4.10+, I extracted the zip archive and replaced all PHP5.4.15 files with all PHP5.4.16 files except my php.ini. Then, I restarted my Apache. That’s it.

   If you need how to configure PHP5.4, please see the post on my Japanese blog. Of course, it is only in Japanese and for a mbstrings user, but I think the information gives some help for you.

   I’ve also updated to phpMyAdmin4.0.3.

Edit(Aug.3):
   If you need how to configure PHP5.5, please see “To create a Wamp-like Web Server in Windows7-#2“.

Categories
Uncategorized

NotScripts on Google Chrome.

   Recently, I have a problem with my Firefox on Windows8 PRO, NJ2100. On the Net, I found out someone had the same issue, but cannot find the resolution. I don’t understand exactly when I have the problem or not. So, I decided to change my main browser from Firefox to Google Chrome on my Win8.

   As I’ve used the plug-in ‘NoScript’ on Firefox since 2 and a half years ago, I look for the same features plug-in I can use on Google Chrome. I think the plug-in ‘NotScripts’ gives me similar features, so, I install it.

   The biggest difference between ‘NoScript’ and ‘NotScripts’ is a password. After adding ‘NotScripts’ to CHROME, you have an alert page. At the first time, you need to set your password in the file CHANGE__PASSWORD__HERE.js. The file exists in the NotScripts folder,
%userprofile%AppDataLocalGoogleChromeUser DataDefaultExtensions
odjhifogjcknibkahlpidmdajjpkkcfnversionNO.
After that, the plug-in is activated.

Categories
Uncategorized

Updating to PHP5.4.15.

Update information      Edit(Aug.3)

   At May-08 22:51:34UTC, they released PHP5.4.15. However, on May-09, the news read:

   “Seriously: PHP 5.4.15 and PHP 5.3.25 really were released!”

  • We weren’t trying to pull an April Fool’s Day joke in May. A temporary glitch caused the latest distributions of PHP to not properly propagate to the mirror servers. This has been fixed at the root level, and it’s now being distributed to all of the mirrors. We’ll take some bacon to go with the egg on our faces, please!
  • If you continue to experience issues with downloading these versions after 21:00 UTC on 9 May, 2013, please drop us a line at php-mirrors@lists.php.net, telling us from which mirror you’re trying to download, and we’ll get it resolved.
  • We apologize for the delays and confusion this may have caused, and thank you for using PHP.

   They have had something wrong, haven’t they? Though, I don’t know about it, I’m more interested in ‘We’ll take some bacon to go with the egg on our faces, please!’.
   What does the sentence mean exactly? Yes, I can infer the meaning of the sentence from context, though. What is some bacon in the sentence really? This is very difficult for me who is NOT an everyday-English-speaker. Someone, re-write it by using less idiomatic, please, please, please!!!

   By the way, I downloaded a Thread Safe version php-5.4.15-Win32-VC9-x86.zip for my server (WindowsXP SP3(x86)).

   Acoording to the ChangeLog, it has 7 bug fixes, and upgrades libmagic to 5.14. They say “All users of PHP are encouraged to upgrade to PHP 5.4.14.”.

   As php5apache2_4.dll included in the official PHP binary 5.4.10+, I extracted the zip archive and replaced all PHP5.4.13 files with all PHP5.4.14 files except my php.ini. Then, I restarted my Apache. That’s it.

   If you need how to configure PHP5.4, please see the post on my Japanese blog. Of course, it is only in Japanese and for a mbstrings user, but I think the information gives some help for you.

Edit(Aug.3):
   If you need how to configure PHP5.5, please see “To create a Wamp-like Web Server in Windows7-#2“.