Posts

Posted on

Apache Httpd web page authentication

this command for create user and password access file:
htpasswd -c /etc/httpd/conf/.htpasswd xxxx

chown root:apache /etc/httpd/conf/.htpasswd
chmod 640 /etc/httpd/conf/.htpasswd

Is possible generate the row to add to the file /etc/httpd/conf/.htpasswd from here

htpasswd [ -c ] [ -i ] [ -m | -B | -d | -s | -p ] [ -C cost ] [ -D ] [ -v ] passwdfile username

htpasswd -b [ -c ] [ -m | -B | -d | -s | -p ] [ -C cost ] [ -D ] [ -v ] passwdfile username password

htpasswd -n [ -i ] [ -m | -B | -d | -s | -p ] [ -C cost ] username

htpasswd -nb [ -m | -B | -d | -s | -p ] [ -C cost ] username password

 

In my vhost configuration file:

ServerName sm.saic.it
RewriteEngine On
DocumentRoot /usr/local/sendmailanalyzer/www
Options ExecCGI
AddHandler cgi-script .cgi
DirectoryIndex sa_report.cgi
<Directory “/usr/local/sendmailanalyzer/www”>
AuthType Basic
AuthName “Restricted Content”
AuthUserFile /etc/httpd/conf/.htpasswd
Require valid-user

# Apache 2.4
# Require all granted
#Require host example.com

# Apache 2.2
Order deny,allow
#Allow from all
#Allow from 127.0.0.1
#Allow from ::1
# Allow from .example.com

 

Posted on

Fail2ban and wordpress

Find the wordpress log file.

normally is configured in httpd.conf (if u are using apache web server)
Find the wordpress log file.
normally is configured in httpd.conf (if u are using apache web server)

    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #

    #LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    LogFormat "%h %v %l %u %t \"%r\" %>s %b" comonvhost

    
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio

    
    #
    # The location and format of the access logfile (Common Logfile Format).
    # If you do not define any access logfiles within a 
    # container, they will be logged here.  Contrariwise, if you *do*
    # define per- access logfiles, transactions will be
    # logged therein and *not* in this file.
    #
    #CustomLog "logs/access_log" common
    #
    # If you prefer a logfile with access, agent, and referer information
    # (Combined Logfile Format) you can use the following directive.
    #
    CustomLog "logs/access_log" combined

here the log file parameters

My server example of failed login to wordpress


%v       %h                     %l %u %t                     \"%r\"                        %>s
saic.it 85.10.117.176 - -       [30/Sep/2017:09:29:02 +0200] "POST /wp-login.php HTTP/1.1" 200 
%b   \"%{Referer}i\"                   \"%{User-Agent}i\""
5444 "http://www.saic.it/wp-login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:52.0) Gecko/20100101 Firefox/52.0"

Link

Link2

Posted on

Install dependencies for JQuery into Angular2

3 Steps:
Install jQuery. (skip if already installed)
npm install jquery –save
Install types for jQuery.
npm install @types/jquery –save
Import jQuery in app.module.ts.
import * as $ from ‘jquery’;
The best way to enable the production mode for an Angular 2 application, is to use angular-cli and build the application with ng build -prod. This will build the application with production profile. Using angular-cli has the benefit of being able to use development mode using ng serve or ng build while developing without altering the code all the time.
Posted on

How to test if the email address exists

Source Link

To check if user entered email mailbox.does.not.exist@webdigiapps.com really exists go through the following in command prompt on windows / terminal on mac. The commands you type in are in green and the server response is in blue. Please refer to MAC & PC screenshots towards the end of this post.

Step 1 – Find mail exchanger or mail server of webdigiapps.com

COMMAND:
nslookup -q=mx webdigiapps.com
RESPONSE:
Non-authoritative answer:
webdigiapps.com mail exchanger = 0 mx2.sub3.homie.mail.dreamhost.com.
webdigiapps.com mail exchanger = 0 mx1.sub3.homie.mail.dreamhost.com.

Step 2 – Now we know the mail server address so let us connect to it. You can connect to one of the exchanger addresses in the response from Step 1.

COMMAND:
telnet mx2.sub3.homie.mail.dreamhost.com 25
RESPONSE:
Connected to mx2.sub3.homie.mail.dreamhost.com.
Escape character is ‘^]’.
220 homiemail-mx7.g.dreamhost.com ESMTP

COMMAND:
helo hi
RESPONSE:
250 homiemail-mx8.g.dreamhost.com

COMMAND:
mail from: <youremail@gmail.com>
RESPONSE:
250 2.1.0 Ok

COMMAND:
rcpt to: <mailbox.does.not.exist@webdigiapps.com>
RESPONSE:
550 5.1.1 <mailbox.does.not.exist@webdigiapps.com>: Recipient address rejected: User unknown in virtual alias table

COMMAND:
quit
RESPONSE:
221 2.0.0 Bye

Screenshots – MAC Terminal & Windows

MAC email verification
Windows email verification

NOTES:

1) the 550 response indicates that the email address is not valid and you have caught a valid but wrong email address. This code can be on the server and called on AJAX when user tabs out of the email field.  The entire check will take less than 2 seconds to run and you can make sure that the email is correct.
2) If email was present the server will respond with a 250 instead of 550
3) There are certain servers with a CATCH ALL email and this means all email address are accepted as valid on their servers (RARE but some servers do have this setting).
4) Please do not use this method to continuously to check for availability of gmail / yahoo / msn accounts etc as this may cause your IP to be added to a blacklist.
5) This is to supplement the standard email address javascript validation.