Posts from "February, 2008"

Recovering from a forgotten root password

To perform a system administrator task, you have to know the root password. What happens if you forgot your root password? Not to worry. Just reboot your PC and you can reset the root password by following these steps:

  1. Reboot the PC(select reboot as you log out the of the GUI) or power up a usual.

    Soon you see the graphical boot loader on screen that shows the name of the operating systems you can boot. If your system runs with LILO boot loader, press Ctrl+X and at the boot prompt type linux single and press enter. Then proceed to step 4.


  2. If you have more than one operating system installed, use the arrow key to select linux as operating system, then press the A key.
  3. GRUB prompts you for commands to add to its defualt boot command.

  4. Press the spacebar, type the following, and press enter:
  5. single

    Linux starts up as usual but runs in a single-user mode that do not require you to log in. After linux starts, you will see the following command line prompts that ends with a hash mark (#), similar to the following :


  6. Type the paswrd command to change the root password as follows:
  7. sh-2.05b# passwd
    Changing password for root user.
    New password:

  8. Type the new root password that you want to use (it doesn’t appear on screen) and then press enter.
  9. Linux asks for the password again, like this:

    Retype new password:

  10. Type the new password again, and press enter.
  11. If you enter the same password both times, the passwrd command changes the root password.

  12. Now type reboot to reboot the PC.
  13. After linux starts, it displays the familiar login screen. Now you can log in as root with the new password


Resetting Mysql root Password

‘Like locking your keys in the car, to forget your password after
you’ve spent an hour installing and tweaking a new MySQL server can be
an embarassment to say the least.’
Fortunately, if you have root access to that computer, all in NOT lost.

Here are the steps when you found yourself in this situation.

1. Kill the server process.
% kill pid
(where pid is the process id. Do not use kill -9 unless absolutely
necessary, as this may damage your table files)

2. Run safe-mysqld with the –skip-grant-tables command line option.
(This instructs the MySQL server to allow unrestricted access to
anyone) NOTE: restrict all remote access before issuing this command
% safe-mysqld --skip-grant-table

3. Change root password
mysql > use mysql;
mysql > update user set password = password('newpassword') where user
= 'root';

4. Disconnect and instruct the mysql server to reload the grants
tables to begin requiring passwords.
% mysqladmin flush-privileges

“That does it — and nobody ever has to know what you did. As for
locking your keys in your car, you’re on your own there.”

Must have for php-mysql beginners developers.

Secure Programming in PHP

This article discusses the common threats and challenges of programming secure PHP applications and practical methods for doing so.


The goal of this paper is not only to show common threats and challenges of programming secure PHP applications but also to show you practical methods for doing so. The wonderful thing about PHP is that people with little or even no programming experience are able to achieve simple goals very quickly. The problem, on the other hand, is that many programmers are not really conscious about what is going behind the curtains. Security and convenience do not often go hand in hand — but they can.


PHP has some very flexible file handling functions. The include(), require() and fopen() functions accept local path names as well as remote files using URLs. A lot of vulnerabilities I have seen are due to incorrect handling of dynamic file or path names.
On a site I will not mention in this article (because the problem still has not been solved) has one script which includes various HTML files and displays them in the proper layout. Have a look at the following URL:

The variable $i obviously contains the file name to be included. When you see a URL like this, a lot of questions should come to your mind:

* Has the programmer considered directory traversals like i=../../../etc/passwd?
* Does he check for the .html extension?
* Does he use fopen() to include the files?
* Has he thought about not allowing remote files?

In this case, every answer was negative. Time to play! Of course, it is now possible to read all the files the httpd user has read access for. But what is even more exciting is the fact that the include() function is used to include the HTML file. Consider this:

Where exec.html contains a couple of lines of code:

passthru ('id');
passthru ('ls -al /etc');
passthru ('ping -c 1');
passthru ('echo You have been hax0red | mail root');

I am sure you get the idea. A lot of bad things can be done from here.
Read More

Getting Started with CodeIgniter

Actually CodeIgniter framework (CI) is nearly zero configuration. First is to put your CI files to your webserver, in this example will be using the web root directory of my webserver.

Host :
Database : localhost
Username : test
Password : test

After we need to modify system\application\config\config.php


Look for :

$config['base_url'] = ''

change to :

$config['base_url'] = "" //for we are using the web root of the server

Then Save.

Second is to open system\application\config\database.php

$db['default']['hostname'] = "localhost"; //Host of the database
$db['default']['username'] = "test"; //Username of the database
$db['default']['password'] = "test"; //Password of the database
$db['default']['database'] = "test"; // Database Name
$db['default']['dbdriver'] = "mysql"; // Database driver for this example I use mysql
$db['default']['dbprefix'] = ""; // Database prefix
$db['default']['pconnect'] = FALSE; // Connection type (pconnect of connect)

and you CI is now configured, it now able to connect the database.

Next topic would be tweaking defualt CI configuration.

Installing RoundCube in cPanel

First make sure you know your mysql root password, you have to replace DATABASEPASSWORD to your mysql root password.

If you have already used RoundCube installation please make sure you remove any traces of it with,

cd /usr/local/cpanel/base
rm -rf roundcube*
mysql -p -e 'drop database roundcube';
chattr -i /usr/local/cpanel/base/frontend/x/webmaillogin.html
chattr -i /usr/local/cpanel/base/webmaillogin.cgi


You will have to specify your root password when prompted.

Now lets download roundcube first and chmod the directorys

cd /usr/local/cpanel/base
wget -O roundcube.tar.gz
tar -zxvf roundcube.tar.gz
rm -rf roundcube.tar.gz
mv -f roundcubemail-0.1-rc1 roundcube
cd roundcube
chmod -R 777 temp
chmod -R 777 logs

Create the database and install the intial sql file. The following commands will do this for you.

mysql -e "use roundcube; source SQL/mysql.initial.sql;" -pDATABASEPASSWORD

Now lets sort out the configuration

cd config

Now open



$rcmail_config['db_dsnw'] = 'mysql://roundcube:pass@localhost/roundcubemail';

Replace with

$rcmail_config['db_dsnw'] = 'mysql://root:DATABASEPASSWORD@localhost/roundcube';

Now Open



$rcmail_config['default_host'] = '';

Replace with

$rcmail_config['default_host'] = 'localhost';

Now we have to configure cPanel to show roundcube in the theme. Please note this is for the X theme(default) only!! If you use another theme please skip the next part and see below.

cd /usr/local/cpanel/base/roundcube/skins/default/images/
cp --reply=yes roundcube_logo.png /usr/local/cpanel/base/frontend/x/images/roundcube_logo.png
cp --reply=yes roundcube_logo.png /usr/local/cpanel/base/webmail/x/images/roundcube_logo.png
cd /usr/local/cpanel/base
patch -p0 < HGpatch-roundcube-0.1-rc1

**NOTE** If you receive a message stating

Reversed (or previously applied) patch detected! Assume -R?

please press N for No as this is because you previously installed roundcube

This will auto do all the necessary changes to roundcube and the X theme.

Once the patch is executed you may now access roundcube via http://yourip/webmail


If you do not use the X theme please do the following

cd /usr/local/cpanel/base
patch -p0 < HGpatch-roundcube-NON-X-0.1-rc1

Then open your webmaillogin.html, please replace YOURTHEME with the name of your theme.

nano /usr/local/cpanel/base/frontend/YOURTHEME/webmaillogin.html

and find

Add Below


Remember to chattr +i the files or add the patch to your /scripts/upcp.

chattr +i /usr/local/cpanel/base/frontend/x/webmaillogin.html
chattr +i /usr/local/cpanel/base/webmaillogin.cgi

If you are using cPanel 11 ensure to run the following fix.

chmod 700
rm -f

That’s it! You may now access roundcube via http://yourip/webmail

Alternative for rm command

Ive been handling webserver with more than 1000 website and lots of unique visitors per month. Session are stored on the server hard drive and every end of the month i need to clean it up.

Now i was puzzled by rm command.
rm -f *

in /tmp/ directory. The terminal choked and gave out:

-bash: /bin/rm: Argument list too long

Apparently there are a maximum number of files that can be passed to rm.

ls -1 | grep sess | wc -l



wow 382611 session files! image how long it would take if you have an application that running with sessions.
The solution for this problem would be :

find . -name 'sess*' | xargs rm