Category Archives: code

Tips: How to automate OwnCloud files synchronization on Windows with WinSCP


I had a task to automate customer files backup from Windows 10 desktop to NextCloud server. The main idea to keep offline backup that will be updated automatically few times a week (not every day). Main requirement for this was to reduce human interaction with the process as much as possible and exclude some files from backup process all together.
Initially I was not concerned about this – after all there is official Nextcloud Windows desktop client along with command line tool, ownCloud desktop client is also compatible and also has command line tool included, so I thought to myself out of these two I should be able to put together some kind of automation.
Well, to my dismay both official clients proved to be completely useless in unattended automation. Whatever webDAV protocol limitation there were, both command line clients had it, for example simple task of synchronizing single directory, say d:\testsync to remote/testsync was impossible because neither client could create 1st level folder on remote server. It could be underlying limitation or bug of Qt implementation of WebDAV protocol, but figuring that out was out of scope of my task.
I needed reliable and compact (this is not the requirement but always welcome, considering that official clients were dragging with them about 100Mb of Qt core libraries and are useless for my purposes) WebDAV client for Windows with automation and I needed it yesterday.
Then, I discovered that WinSCP supports WebDAV and allows scripting advanced enough to help me with my task.
After some testing I cam up with the following system:

  1. CMD script started by Task Scheduler, executes WiSCP console tool with the script, in the loop until it exits with “success” result

  2. WinSCP console util executes script that synchronizes local storage with NextCloud server

    filemask covers exclusions

This solution synchronizes about 200Gb of data from single Windows every 2-3 days. It’s pretty fast, compact and the best part of it is that it transfers only changed files. Case closed.

Sysadmin: How to install Letsencrypt on CentOS


Since Letsencrypt started their services life became much easier (or less). You can get free valid and secure SSL certificates that are recognized by majority of browsers, but for that you need to do some initial configuration and keep in mind that if you don’t renew all these nice certificates will turn into pumpkin after 2 month.
Here is the one liner command to install certbot-auto in CentOS 6 (requires additional Python 2.7 from EPEL repo)

Almost, the same for the CentOS 7 just without Python.

Here is how quickly request/retrieve certificate for your website on domain.com that is hosted under /home/domain/public_html from command line (presuming that the site is answering on this server already e.g. DNS and web server configured properly)

If the request was successful your new certificates could be accessible from /etc/letsencrypt/live/domain.com, where
privkey.pem – is the certificate key, cert.pem – bare certificate fullchain.pem – certificate along with the whole CA chain.
Don’t forget that these are valid for 2 month only. You’ll need to run

after that to get valid certificates.

Sysadmin: check massive list of urls for HTTP status code reply in single line

As I mentioned in previous post I did a few upgrades to EasyApache4 on couple of WHM/cPanel servers recently. While providing with an impressive list of advantages this upgrade could render some of the hosted sites offline because of missing PHP modules and incompatible PHP versions. In order to minimize the downtime all hosted sites has to be verified for availability. There could be easily hundreds of web sites hosted on single WHM/cPanel server and checking all of them manually will take a lot of time. In Linux almost anything could be automated.
Read more »

Sysadmin: Brute force detection – custom rule for SMTP and SSH

I wrote before about excellent tool BFD that allows to block brute force password guessing attempts on different network services.
I prefer it to Fail2ban because of portability (bash script) system resource consumption (bash script!) and extendĐ°bility (true “unix way” modularity).
I also wrote before a brief instruction on how to extend BFD with your own rule to fight with apache/Wordpress DOS attack.
In this post I will show you how to write custom rules to block SMTP password guessing brute force attempts and SSSHD

Read more »

Sysadmin: How to force fsck on reboot on single filesystem on Linux

fsck
Recently I’ve faced a problem with some server where /usr filesystem ot an error and was switched to read-only. Otherwise server was fine and I wanted to force fsck just on this filesystem, avoiding the rest ( 500gb /home filesystem would keep server down for a loong time which is completely opposite of my goal)
Read more »

How to use BFD tool to block WordPress brute force attacks

I have written about the excellent and lightweight (unlike fail2ban which is more popular but too resource consuming and 3rd party tools dependent) tool BFD earlier. This tool is actually the set of bash scripts that looks for known pattern in the logs and executes actions against offending IPs based on the configuration. Little is known that it’s also modular and allows to extend it’s behavior by writing custom rules to assist with more uncommon situations.

I’ve also written about widespread WordPress brute force attacks that targets wp-logon.php script. The solution I’ve offered there takes care of single WordPress site. It’s getting more difficult to mitigate the attack in case you have multiple servers with multiple WordPress sites. So I decided to come up with more general approach.

Read more »

Sysadmin: How to delete specific messages from postfix queue

postfix
In case your server mailqueue is full of messages you want to delete, most of google found instructions are not correct – there is no mailq for postfix anymore.
Read more »

PHP Catchable fatal error: Object of class Savant2_Error could not be converted to string

savant
This was the tale of my last couple of days. One of our long time customers was moving a bunch of web sites from various web hosting providers to her dedicated server.
As usual there was all kinds of kinks and problems during her attempts to reconfigure her web sites. Some of her sites are using Savant template system and was showing unusual behavior – request to the front page was returning status 500 – server error and while content was displaying the design of the content was altered. Unable to figure out the problem she asked for help.
Read more »

Centos: How to run multiple mysql instances on a single server

centos_iconmysql There are plenty instruction on how to run multiple mysql instances on a single server on various blogs. Most of them are based on the original mysql rpm package produced by Oracle (nowdays). In my opinion this could be unnecessary overhead when you have OS provided mysql server package and all you need to configure another instance is to slightly modify bundled configuration and init.d script.
Read more »

Sysadmin: how to configure nginx for Jelix PHP framework

nginxjelix I had to migrate to nginx web server some web application written using Jelix PHP framework and I’ve hard a problem with Jelix URLs that look like http://domain.com/site/script.php/arg1/arg2/arg3. Originally Jelix requires “Options +MultiViews” and “AcceptPathInfo on” in Apache config, neither of which are available on nginx. It took a while to find proper solution.
Read more »