Ispconfig3 site cron not executing

When setting up a website in Ispconfig3 I wanted to run a cron job (shell script) for the site (setup under Sites -> Cron jobs) but the job did not execute. When examining the /var/log/auth.log I found lines like these:

Mar 22 10:31:01 servername jk_chrootsh[28726]: abort, homedir ‘/var/www/clients/client6/web284’ for user web284 (5015) does not contain the jail separator <jail>/./<home>

Mar 22 10:31:01 servername jk_chrootsh[28725]: abort, homedir ‘/var/www/clients/client1/web283’ for user web283 (5014) does not contain the jail separator <jail>/./<home>

The solution was to just add a dummy ssh user (using Jailkit as Chroot shell) in Ispconfig3 for the website.
I haven’t verified but I suspect the issue could be caused by the fact that the system originally was set up under Ubuntu 12.04 (LTS) and recently I did a do-release-upgrade to Ubuntu 14.04.

FileZilla FTP-client retrieve directory listing failed on MLSD command using TLS

Some week ago FileZilla released a new version – 3.10.0.1. After installing this version some clients had problems connecting with their web hosting servers using FTP. One of the changes in FileZilla was that it now defaults to TLS encrypted connections if the server supports it, which many web hosting providers do.

However, if the FTP server is not properly configured together with it’s firewall the client will connect but fail to retrieve the directory listing (timeout).

A workaround on the client side is to connect with plain old FTP using no encryption. To do this in the later versions of FileZilla you must create a connection in the site manager and select plain FTP (unsecure) in the encryption field. (This option is not availible in the quick connect.)

A better solution is to solve the problem on the server side. To do this the FTP server must be configured to use a specific range of ports for passive mode and allowing traffic to them through the server firewall. The example below shows how to do this with pure-ftpd and iptables. In the example we setup pure-ftpd to use ports 50000-55000 for passive transfers and then we allow the same range in iptables.

echo “50000 55000” > /etc/pure-ftpd/conf/PassivePortRange
/etc/init.d/pure-ftpd restart

Then add the following to your iptables rules and reload them:

iptables -I INPUT -p tcp -m tcp –dport 50000:55000 -j ACCEPT

Convert Microsoft Outlook PST email to IMAP without Outlook

A client was going to stop using Microsoft Outlook and Exchange server and move their email to an ordinary web hosting company using IMAP. The client was downscaling and had no use of the benefits of Microsoft Exchange like shared contacts and calendars. They where just using it for email which could be obtained much cheaper by using the IMAP account at their web hosting provider.

So I was faced with the task of converting their old email contained in PST files. They had already shut down their Exchange server and I could not use the Outlook program. I just had the PST files that where exported before the server shutdown and needed them imported into the IMAP account without using Outlook as it was not availible for me.

This is how I solved it.

Tools used:

  1. Download and install Thunderbird. Set it up with the target email account both as an IMAP account and a POP3 account (it was a problem importing the converted eml files directly to the IMAP account so I had to import them to the POP3 account which is stored locally and then drag them over to the IMAP account, more about that later on). Make sure you setup the POP3 account to leave mail on server and not delete mail when deleted locally.
  2. Download the ImportExportTools extension for Thunderbird. Drag the downloaded file onto Thunderbird in the task bar to install it.
  3. Download the free trial of the SysTools PST converter and install it. The free version is limited to 25 emails per folder so if you have more emails you need to purchase it ($49 when writing this article). You can make a test run with the free version so you see everything works before you go on and buy it.
  4. Run the SysTools PST converter.
  5. Click the Add file button and select your PST file.
  6. Click the Export button and select EML format, and check the folders you wish to export (normally the top folder). Enter a target folder. Then click the Export button.
  7. In Thunderbird, right click the POP3 email account and select New folder and call it “From PST” for example.
  8. Select the “From PST” folder and go to the menu icon in Thunderbird and select Tools -> ImportExport-tools -> Import all EML from a folder -> and it’s subfolders. Select the top folder of your email export in step 6 and click Select folder.
  9. All subfolder and it’s email should now turn up in the “From PST” folder. Now drag the “From PST” folder from the POP3 account to the IMAP account in Thunderbird.
  10. Finally delete the POP3 account in Thunderbird.

Ubuntu 12.04 hangs in different stages of the boot sequence

A server I am maintaining stopped during boot on the "Stopping userspace bootsplash" or "Configuring network interfaces". If Ctrl-Alt-Del was pressed the machine rebooted so it was not completely stuck. I tried booting in rescue mode and checked the /etc/network/interfaces syntax but no problem visible there.

The solution was quite simple. Boot in rescue mode and select package repair. After repairing my packages the machine was rebooted, then fsck was ran automatically (which took quite a while). After that the machine booted normally.

 

Install Ubuntu 14.04 on Samsung Ultrabook Ativ Book 9

To install Ubuntu 14.04 on a Samung Ultrabook Ativ Book 9, this is how to do it.

I decided to keep the factory installed Windows 8.1 beside my Ubuntu install using dual boot. Thanks to enrish for the basic info. I found out there is no need to shrink the Windows 8.1 partition as long there is space enough for Ubuntu. The Ubuntu installation will do this for you. Before you do anything – make sure you have a backup as usual. If you decide not to keep the Windows 8.1 install, do keep the recovery partitions. No need to install any screen drivers, Ubuntu worked out of the box.

  1. In WIndows, run the Samsung Update Utility and update everything including BIOS/firmware.
  2. In Window Control Panel go to Power options and click on Choose what the power button does. Click on Change settings that are currently unavailable then scroll down and deselect Turn on fast startup (source http://askubuntu.com/questions/221835/installing-ubuntu-on-a-pre-installed-windows-8-64-bit-system-uefi-supported). Restart your system.
  3. When booting, press F2 to enter the setup.
  4. In the Boot section, disable Fastboot
  5. Insert the USB flash drive with Ubuntu ISO (prepared with create startup disk on another computer). 
  6. Configure boot device order, setting the flash drive to be the first option.
  7. Save and reboot. Now the system should be booting on the flash drive.
  8. Select to Install Ubuntu. During installation Ubuntu will recognize that you have Windows 8.1 installed and you have the option to install Ubuntu beside the Windows 8.1. The Ubuntu install will shrink the Windows 8.1 partition to make room for Ubuntu. By dragging the vertical bar you can decide how large the partitions for Windows vs Ubuntu should be. Continue installing Ubuntu as usual.
  9. After installing Ubuntu, unplug the flashdrive and when booting, press F2 and enable Fastboot again.

 

Disable 802.11n on Compaq 6910p with iwl4965 in Ubuntu

I’ve found out that the 802.11n high speed wifi / wlan mode (300 Mbps theoretically) tends to cause more harm than good, i.e. the performance in many, especially crowded, wifi environments will be really poor and it is a better option to turn it off.

My Compaq 6910p laptop comes with an Intel Wireless WiFi Link 4965AGN chipset. The 802.11n mode can be disabled making it fall back to only use 802.11a/b/g modes casuing the connection to be much more stable and often the overall bandwidth will be better.

To check if your chipset is running with 802.11n enabled, enter the command:

sudo iwconfig wlan0

The output will look something like this:

wlan0     IEEE 802.11abgn  ESSID:"XXXXXX"
          Mode:Managed  Frequency:2.462 GHz  Access Point: 00:0C:F6:82:90:28
          Bit Rate=14.4 Mb/s   Tx-Power=15 dBm
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality=51/70  Signal level=-59 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:66  Invalid misc:36   Missed beacon:0

If the first line says 802.11abgn your chipset has 802.11n activated.

To disable 802.11n mode do the following:

sudo modprobe -r iwl4965
sudo modprobe iwl4965 11n_disable=1

This will disable 802.11n until next reboot. Now check again with sudo iwconfig wlan0 and the output should display the first line without the “n” after 802.11, like this:

wlan0     IEEE 802.11abg  ESSID:”XXXXXX”
          Mode:Managed  Frequency:2.462 GHz  Access Point: 00:0C:F6:82:90:28
          Bit Rate=54 Mb/s   Tx-Power=15 dBm
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality=46/70  Signal level=-64 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:7  Invalid misc:485   Missed beacon:0

If you want to make this change permanent, i.e. always disable 802.11n, do the following:

sudo echo "options iwl4965 11n_disable=1" >> /etc/modprobe.d/iwl4965.conf

After rebooting, verify using sudo iwconfig wlan0 that 802.11n is not enabled.

 

Fix the Heartbleed Bug on Ubuntu

OpenSSL on Ubuntu can be vulnerable to the Heartbleed Bug. Not all versions of OpenSSL are affected though. 

OpenSSL version 1.0.1 to 1.0.1f are vulnerable.
OpenSSL version 1.0.1g are not vulnerable.
OpenSSL branches 1.0.0 and 0.9.8 are not vulnerable.

To fix this issue on Ubuntu systems: 

Check your OpenSSL version to see if it is vulnerable to the bug:

openssl version

If it says 1.0.1 check the build date:

openssl version -b

If it says anything before Apr 7 2014 you need to update OpenSSL. Proceed as follows:

sudo apt-get update
sudo apt-get install openssl
sudo apt-get install libssl1.0.0

Now verify that you are running the updated OpenSSL libraries:

openssl version
openssl version -b

The build date should now come out Apr 7 2014 or later.

Now you need to regenerate your SSL certificates as they might been compromised. A guide can be found here: https://www.digitalocean.com/community/articles/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-12-04
 

 

Remmina on Ubuntu 12.04 problem to connect to Windows 7 with RDP ‘Unable to connect to RDP server’

Suddenly I couldn’t connect to my Windows 7 machine by RDP using Remmina on Ubuntu 12.04. It had worked before and suddenly stopped working. The error message displayed was ‘Unable to connect to RDP server’. Other RDP connections worked fine.

For some reason the problem was solved by editing the file ~/.freerdp/known_hosts and deleting the line with the server having the problem. When connecting again I was asked to accept the certificate and now the RDP connection worked again.

 

Err 310 ERR_TOO_MANY_REDIRECTS in Chrome and Firefox using Apache’s mod_rewrite

I used Apache’s mod_rewrite in order to direct a couple of domains pointing to the same website using the 301 moved permanently (to avoid duplicate content), i.e. something like this in .htaccess: 

RewriteEngine On
RewriteCond %{HTTP_HOST} !^example\.com$
RewriteRule ^(.*)$ http://example.com/$1 [R=301,L]

I randomly got the error message 310 ERR_TOO_MANY_REDIRECTS when trying the different domains in both Chrome and Firefox (other browsers seemd to work). I had decided my site should be reached without "www", so http://www.example.com was redirected to http://example.com also. 

After a while of head scratching I found a couple of forgotten DNS entries. Two of them where outdated. My domain setup for example.com in DNS looked like this (sample IP-addresses): 

example.com zone:

@  IN  A  192.168.100.1
@  IN  A  192.168.100.2
@  IN  A  192.168.100.3

www  IN  A  192.168.100.1

But only 192.168.100.1 was valid and had a running web server on it.

I guess what happens is when Chrome/Firefox tries to talk to 192.168.100.2 or .3 and get no response, they add "www" in front of the domain name, i.e. http://www.example.com. Now it got a response from the webserver saying 301 redirect to http://example.com. Now trying to talk to example.com on 192.168.100.2 or .3 no response, adding "www" and there we have our loop.

Fixing the DNS entries (removed the invalid 192.168.100.2 and .3) fixed the problem. A bit odd and hard to find, and most of all stupid to have the outdated records still in the zone. 

 

Remove or add www to URL using Apache mod_rewrite

To avoid a website being considered as "duplicate content" by Google (i.e. the same website appearing under different URLs) it is a good idea to make sure the website doesnt appear as both http://www.example.com and http://example.com. This can be achieved by using the mod_rewrite in Apache using the .htaccess file.

To remove "www" from the URL, i.e. the website’s URL should be http://example.com, your .htaccess should look like this: 

RewriteEngine On
RewriteCond %{HTTP_HOST} !^example\.com$
RewriteRule ^(.*)$ http://example.com/$1 [R=301,L]

If you instead want to make sure "www" is added, i.e. the website’s URL should be http://www.example.com, your .htaccess should look like this: 

RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.example\.com$
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]