Update Your Windows Programs with Ease: Mastering the winget upgrade Command

By in Computing

Keeping your software up-to-date is crucial for optimal performance and security on your Windows machine. Traditionally, this involved visiting individual websites or manually checking for updates within each program. Thankfully, Windows 11 offers a more streamlined approach through the Windows Package Manager (winget).

This blog post delves into the power of winget upgrade commands, specifically the --all flag, to effortlessly update all your installed programs at once. Additionally, we’ll explore some alternative commands for more granular control over the update process.

Updating Everything with winget upgrade --all

The winget upgrade --all command acts as a one-stop shop for updating all your installed applications through winget. Here’s how to use it:

  1. Open Command Prompt: Press the Windows key + R, type “cmd,” and press Enter.
  2. Execute the Command: Type winget upgrade --all and press Enter.

winget will scan your system for software updates and, after prompting for confirmation (if applicable), proceed with the download and installation process. Simple, right?

Beyond --all: Exploring Other winget upgrade Commands

While --all is convenient, situations might call for a more targeted approach. Here are some useful variations of the winget upgrade command:

  • winget upgrade <package-id>: This updates a specific program. Find the package ID using winget list.
  • winget upgrade --source <source-name>: Updates from a specific software repository (source).
  • winget upgrade --include-unknown: Upgrades even uninstalled applications with available updates.
  • winget upgrade --silent: Performs the upgrade silently, without prompting for confirmation. (Use with caution!)

Additional Tips:

  • Schedule Updates: Create a scheduled task to run winget upgrade --all periodically for automated updates.
  • Review Updates: Before running --all, consider reviewing the update list with winget upgrade --info to identify any potential conflicts.
  • Official Resources: For detailed information on winget commands and functionality, refer to the official Microsoft documentation: https://learn.microsoft.com/en-us/windows/package-manager/winget/upgrade

By leveraging winget upgrade commands, you can streamline your software update process, ensuring a secure and optimized Windows environment. Remember to implement these commands with caution and refer to the official documentation for advanced usage!

Navigating Email Spam Filters: Understanding and Adjusting Sieve Scripts on Plesk Servers

By in Server Tags: , , ,

 This discussion looks at Sieve scripts — a tool used in Plesk servers outfitted with Dovecot and Warden Anti-Spam — which can lead to rules that filter emails that you should check if something unexplained is occurring it may be that the sieve scripts could be to blame.

The Role of Sieve Scripts in Email Management

Sieve scripts offer a robust mechanism for filtering emails on the server side. They empower users to automate actions such as sorting emails into designated folders, setting up auto-replies, and filtering out spam. Implemented on the server, these scripts process emails before they even hit your email client, serving as a critical defense line against unwanted communications.

A Case Study: The Journey to INBOX.Spam

A recent examination revealed an interesting case where an email, marked as clean by the content filter Amavis, was nonetheless directed to the INBOX.Spam folder. The culprit? A specific fileinto action within a Sieve script, instructing Dovecot to categorise the email as spam. This instance highlights the significant impact Sieve scripts can have on email routing.

How to Access and Modify Sieve Scripts in Plesk

Plesk server users can manipulate Sieve scripts through the web interface or by shell access for those requiring a deeper level of customization. Within the Plesk interface, the “Mail” section offers a gateway to adjusting spam filter settings and managing rules at the individual email account level. For more advanced modifications, including direct Sieve script edits, shell access will be necessary. This approach demands a good grasp of Linux commands and familiarity with Dovecot’s structure.

Sieve Script File Paths and Patterns

Sieve scripts are typically located in the user’s mail directory, with paths varying based on the server’s configuration. Common locations include:

  • /var/qmail/mailnames/domain.com/username/.dovecot.sieve
  • /var/qmail/mailnames/domain.com/username/sieve/

When editing Sieve scripts, you might encounter patterns like:

if address :all :comparator "i;ascii-casemap" :is ["From", "Sender", "Resent-From"] ["example@domain.com"] {
fileinto "INBOX.Spam";
stop;
}


This rule directs emails from example@domain.com straight to spam, showcasing how specific patterns in Sieve scripts govern email sorting.

Adjusting Filtering Rules: A Closer Look

The Sieve script shared earlier delineates various rules for email handling, from whitelisting certain addresses to blacklisting others, and employing spam filters based on the X-Spam-Level header. For instance, it includes conditions to file emails from specific senders into INBOX.Spam, underlining the necessity of precise rule configuration to avoid ensnaring legitimate emails.

Best Practices for Sieve Script Management

  1. Review Rules Periodically: To keep your email filtering effective, periodically review your Sieve script rules, especially after changes in email communication patterns.
  2. Proceed With Caution: Exercise caution when modifying Sieve scripts, ensuring your changes are well-tested to prevent unintended email routing.
  3. Back Up Before Modifying: Always back up your existing scripts before making adjustments, enabling easy restoration if needed.

Conclusion

Efficient email management hinges on a fine-tuned approach to spam filtering. By mastering Sieve scripts on your Plesk server, you can enhance your control over which emails land in your inbox versus spam. Regular reviews and cautious customisation of these scripts will ensure your email system remains effective and secure, tailored to your specific needs.

 

Expanding the Root Partition on Debian with LVM: A Step-by-Step Guide

By in Server Tags: ,

Expanding your Debian server’s root partition without downtime is a critical skill for managing server resources efficiently, especially when you’re using Logical Volume Manager (LVM) for disk management. This guide provides a detailed walkthrough, including command outputs for clarity and copy-paste commands for ease of use.

Prerequisites

  • Ensure you have backed up all critical data.
  • You should have root access or be able to use sudo.
  • This guide assumes familiarity with basic Linux terminal commands.

Step 1: Verify Current Disk Layout

Identify your disk’s current layout to determine the partition you need to resize. Use lsblk to list all block devices and their mount points:

lsblk

Example output:

NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT 
sda 8:0 0 160G 0 disk 
├─sda1 8:1 0 487M 0 part /boot 
└─sda2 8:2 0 20G 0 part
 ├─vg00-lv01 254:1 0 8G 0 lvm /
 └─vg00-lv00 254:0 0 2G 0 lvm [SWAP]

Step 2: Resize the Partition with fdisk

Caution: Deleting and recreating the partition must be done carefully to avoid data loss.

  1. Launch fdisk on Your Disk:

    sudo fdisk /dev/sda

  2. Delete the Existing Partition:

    First, print the partition table:

    Command (m for help): p

    Example output:

    Disk /dev/sda: 160 GiB, 171798691840 bytes, 335544320 sectors
Disk model: Virtual Disk
Units: sectors of 1 * 512 = 512 bytesDevice Boot Start End Sectors Size Id Type
/dev/sda1 * 2048 999423 997376 487M 83 Linux
/dev/sda2 999424 20971519 19972096 20G 8e Linux LVM

    Note the Start sector of /dev/sda2. Delete /dev/sda2:

    Command (m for help): d
Partition number (1,2, default 2): 2

  3. Recreate the Partition:

    Create a new primary partition:

    Command (m for help): n
Partition type
 p primary (1 primary, 0 extended, 3 free)
 e extended (container for logical partitions)
Select (default p): p
Partition number (2-4, default 2): 2
First sector (999424-335544319, default 999424): 999424
Last sector, +/-sectors or +/-size{K,M,G,T,P} (999424-335544319, default 335544319):

    If prompted about removing the signature, choose No:

    Partition #2 contains a LVM2_member signature.

Do you want to remove the signature? [Y]es/[N]o: N

  4. Set the Partition Type:

    Change the partition type to Linux LVM:

    Command (m for help): t
Partition number (1,2, default 2): 2
Hex code (type L to list all codes): 8e

  5. Write Changes and Exit:

    Command (m for help): w

Step 3: Reboot the System

After modifying the partition table, reboot your system:

sudo reboot

Step 4: Resize the Physical Volume

Notify LVM of the partition’s new size:

sudo pvresize /dev/sda2

Step 5: Extend the Logical Volume

Increase the size of the logical volume to use all available space:

sudo lvextend -l +100%FREE /dev/vg00/lv01

Step 6: Resize the Filesystem

Finally, resize the filesystem on the logical volume:

For ext4 filesystem:

sudo resize2fs /dev/vg00/lv01

For xfs filesystem:

sudo xfs_growfs /dev/vg00/lv01

Conclusion

You’ve now successfully expanded your root partition to utilize additional disk space, enhancing your Debian server’s capacity without downtime. Remember, the key to a smooth operation is careful planning and ensuring you have backups before starting.

Software Projects

By in Uncategorized

My ‘hobby’ software projects are below. Over time I will also add more details about the code used along with more information about methodologies/availability etc… But in the meantime – click on a link to go to the project page, and then click any links if you want to try an interactive version of the project.

Each project is hosted on a docker image, these run on a low-powered server and no guarantee about availability is given at this point. Functionality may change as well – but this is not too likely unless it’s to fix something that is broken or to improve on the look/feel.

Generally speaking, you will see some projects which are similar, this is likely because I had a working version, and then improved it – but retained the original version because its functionality worked and possibly as the newer version may have unresolved or untested bugs in it.

**URL updates 5th Feb 2024 – due to increased popularity the tools are moving to a dedicated server running a reverse proxy system – this means they now are secure and use my domain instead of the IP address! **

  • Magic Eight Ball
    • A simple python script allows you to ask and answer magic eight-ball questions
    • Very simple html design using templates – nothing fancy here – have fun!
  • Sudoku Solver (v1)
    • A very very basic Sudoku solver using Flask and Python
    • This version is very inefficient, has no real web-design or usability
    • Can be easily broken with complex puzzles or impossible puzzles – very much a proof of concept
  • Sudoku Solver (v1.1)
    • Based on the V1 code – with a slightly better web-page interface showing the puzzle
    • Solving is based on the same method with the same weaknesses
  • Sudoku Solver – Fun and Easy Way to Solve Puzzles (v2)
    • Significant re-write – using Python and Flask still
    • Now detects impossible puzzles and stops trying to solve
    • No longer uses pure brute-force to solve, instead if a number can no longer be used it’s no longer tested – much faster solving times
    • Iteration count is more accurate than v1 and greatly reduced due to the improvements
    • Better HTML interaction with re-playing links and some work on SEO tags
  • Sudoku Solver – V2 update Jan 2024
    • Some bugs fixed – it now fails more reliably if given an impossible puzzle (some combinations could previously still cause a long processing before failing)
    • HTML has been tweaked to make it more accessible – you can now enter in the numbers by tabbing across the cells, which is must faster.
    • This now tries to solve a cell with the least number of combinations available first, then moves onto surrounding cells, if these can be solved the process repeats until complete. in the case of a cell that can’t be solved it will backtrack and proceed with a new solution until complete. This approach reduces attempts to around 1/100th of v2 and abandons the brute-force mechanism in the v1 and v1.1 model.

Block wordpress xmlrpc requests

By in Server, Wordpress Tags: , ,

cropped-technology-cable-electricity-energy-electronic-device-electrical-supply-104676-pxhere.com_.jpg

If you run a server with multiple sites on it, then you may have issues with WordPress installations. WordPress has a remote admin feature (which allows 3rd party connections to post new articles etc..).

While a greate feature in theory, in practice it is an avenue for attack by bot networks. You will see hundreds/thousands of connections a minute across a multi-domain hosting server (one of our servers has 40 sites on it – nearly all wordpress).

These requests take up resources, even if they do not compromise a site (though, with multiple sites – managed by people of differing technical skills, you may well get some compromised due to age and lack of updating) – to the point where a server cannot perform as well as expected, causing delays or requirements to upgrade hardware before you really should.

If you are running mod-security (if you aren’t perhaps consider it to protect your/your client sites) then you can add the following rule:

#Block requests to xmlrpc.php with no referring URL

SecRule REQUEST_METHOD "POST" "deny,status:401,id:5000900,chain,msg:'xmlrpc.php request blocked, no referer'"

SecRule &HTTP_REFERER "@eq 0" "chain"

SecRule REQUEST_URI "xmlrpc.php"

(adapted from a post on cpanel forums by ‘dalem’ (https://forums.cpanel.net/threads/xmlrpc-spam.646765/) )

Once you add this, any requests to xmlrpc, which do not originate from a link/trigger from a website (i.e. no referrer) will be blocked with a 401 (forbidden) message.

If you have a firewall or banning software (such as csf firewall or fail2ban) you can also get these to scan the log-file and ban repeated offenders on this rule.

When might this not be a good idea?

Basically, if you or any customers, use 3rd parties that utilise the xml-rpc functionality, you may not be able to deploy this rule. If you have a fixed IP you could always add in another part of the rule (another SecRule line) which excludes that IP address – but this may be hard to maintain.

Cpanel / Linux – Apachetop for seeing what your server is really serving

By in apache, Cpanel, Server Tags: , , ,

apachetop

Apache is great and so is Cpanel, but when you need to find out what is using resources or causing a low-down the tools can be limited, Apachetop helps by providing real-time analysis.

One of the most useful methods is to look at the raw apache logs, however if you’ve got a very busy site, or a server with dozens (or more) of domains then apachetop might help.

Cpanel note

If you are using cpanel I recommend you get the domain logs combined, instructions here (there are other methods any will work).

Centos

Instructions for installing below are on CentOS, however you can install it on most Linux distributions.

EPEL

First of all enable EPEL, this gives you access to 3rd party repo’s not directly maintained by Centos (so insert the usual trust issue message here).

To do this just run the following – if this doesn’t work have a quick google for epel-release rpm and find the one for your version of Centos

yum install epel-release

Note installing this rpm will remove your cache files for yum, so the next command make take a few more minutes than you are used to

install apachetop

yum install apachetop

That’s it!

Using apachetop

Run it and pipe the log file to it – it reads from that point onwards – press space to refresh the stats more often than the default.

apachetop -f /usr/local/apache/logs/vhost-access_log

Tips

When running press ? to get some help.  I tend to use d to cycle through the stats, of particular interest to me is the host view, this shows the number of hits and transfer for a host, so if you have a badly behaving one it stands out.  Another view shows the referrers, very useful if a site has had some publicity and is getting a lot of traffic.

Generally I recommend leaving it at least 5 minutes to gather some stats  – this then gives you enough time to evaluate the results.

Have fun and happy debugging!

Cpanel – combine apache logs

By in Cpanel, Server, Uncategorized Tags: , ,

ectf16_500_flog

Default location of logs

By default cpanel puts it’s log files in /usr/local/apache/domlogs/DOMAIN – these are split up by domain, however it can be difficult when troubleshooting to find out where the problem might lie.

Combined logs

Combining the logs can be done by a bash script, however it’s consuming and not realtime.  The trick is to edit the configuration to create a new apache log, this will hold all the information.  Just remember to configure your log-rotate too (another post in the future).

Edit your vhost.default file

The latest version of apache is 2.4 at this time, edit the file /var/cpanel/templates/apache2_4/vhost.default

Add the following just before the </Virtualhost> at the bottom

LogFormat “%V %a %l %u %t \”%r\” %s %b \”%{Referer}i\” \”%{User-agent}i\”” vcommon
CustomLog /usr/local/apache/logs/vhost-access_log vcommon

In order to keep the configuration you need to rebuild the conf

/scripts/verify_vhosts_includes

/scripts/rebuidlthttpdconf

/sbin/service httpd restart

This gets it all working.

If you want to track SSL accesses you need to edit the ssl vhost.default configuration.  I opted not to as there is usually a limited number of SSL sites and they stand out more on normal monitoring.

How to recover from the latest javascript wordpress hack

By in Wordpress Tags: , , , ,

Hack

In the last two weeks a new hack has made the rounds.  This exploits a weakness in either the hosting or the security of a WordPress blog and adds code to every JavaScript file (.js).  The code can vary a bit but starts like this (with a unique identifier).

/*3395379449f353892757e0b699dd2159*/;window[“\x64\x6f”+”\x63\x75″+”\x6d\x65”

and ends like this (with the same unique identifier) the identifier varies per site.

[\”\x31\x32\”]].join(\”\”);”));/*3395379449f353892757e0b699dd2159*/

As this gets spread to all the js files it’s pretty tricky to get rid of.  To date the normal tools do not detect this (Sucuri), but I am sure with the next major update they will.

What causes this isn’t yet known, but most likely it’s due to out of date plugins which allow modification of files, once that is done the infection seeks out JavaScript files and adds on the code at the end of each.

 

Cleaning

Cleaning the files is not easy, in-situ it is almost impossible.  If you have access to a Linux-based computer or a Macbook (based on FreeBSD) these instructions can help you clean up your site.  You still should update the plugins and WordPress version to prevent re-infection.

 

Step 1 – backup

Download all your files, include everything, this will help make sure a complete eradication . Once downloaded compress into a zip file (keep a copy to work on, the zip is if you need to restore anything).

Step 2 – Clean

The easiest way to clean is to restore an old backup – if you have one upload it (overwrite existing files) and get hardening (see below).

If you don’t have a backup, or the backup was compromised as well then you can try using the sed command below (I don’t know of a windows equivalent) – FreeBSD (Mac OS) works slightly differently to Linux, I haven’t been able to test the Linux command, but I believe the version below the Mac one should work.

LC_ALL=C find /PATH_TO_YOUR_HACKED_FILES/ -type f -exec sed -i ” -E “s/(\/\*.{32}\*\/\;window\[.*\/\*.{32}\*\/)/ /” {} +

The LC_ALL means it will work on Mac’s with a non US locale.  The expression looks for the starting Window string, and goes back to the comment – it then goes to the end bit (32) with the comment and removes all the bits in-between.

This could potentially hit something legitimate, however as the code is being obscured I wouldn’t trust anything you can’t read!

Linux users

Other linux flavours need a slightly different sed command.  You can remove th LC_ALL = C and before the -E remove the ” (this is in because in FreeBSD you get backup copies otherwise which aren’t needed!

find /PATH_TO_YOUR_HACKED_FILES/ -type f -exec sed -i -E “s/(\/\*.{32}\*\/\;window\[.*\/\*.{32}\*\/)/ /” {} +

Step 3 – Upload & Hardening

Now upload your files, overwrite all that you have. You site is (for now) clean.  To harden I recommend the following steps:

  • Update your WordPress
  • Update your themes (a more common vector for attack than most people realise)
  • Update you plugins.

Finally install some security programs – these help prevent modifications, they also can warn you if someone logs into your blog and of other important changes.

I recommend Sucuri Security.  It has a free version with pro additions, the free is good for now, but if your site makes you money I recommend considering the paid version.

The key thing to do, once installed, is go through the setup – enable as many features as you feel safe, especially directory protection.

My site stopped working after hardening.

Don’t panic, it’s usually that one of the plugins needed more access and it’s now locked out.  Disable your plugins and then re-enable one-by-one.  Once you find the one that isn’t working you can put an exception rule in place.

Hopefully this gets your site up and running, it’s worth a quick check over to see if you have any un-recognised directories or files if anything else has been compromised.

Why is my Raspberry Pi slow? – Htop

By in Raspberry Pi Tags: , ,

After you’ve had your Raspberry Pi for a while, you’ve made it run a web server, media centre, Remote Desktop and more you might find it’s a bit sluggish. To find out more try out htop.

Traditionally in Linux you would use top, however this generally needs a bit more know-how to interpret the display, and it looks kind of plain.

 

An ideal replacement for top is ‘htop’ developed by Hisham Muhammad.  This is an ideal process viewer, with simple colour coding and a graphical output to show where resources might be used.  A sample screenshot from my Pi is below:

htop - a process viewer for the raspberry pi
htop – a process viewer for the raspberry pi

Installation of htop

sudo apt-get update

sudo apt-get install htop

Simple, it’s extremely easy to install and has no real overhead when running.

The output from htop

At the top the number 1,2,3,4 are the core status and the more they are in use the further the graph is to the right.

Mem/Swp is the utilisation of your Ram and Swap – Ram is usually filled up in Linux (used for caching)- your swap should not be used too  much, if it is your system will often be slowing down as it swaps memory from the disk (or SD) to Ram as required.

Running htop

Running it is easy – just login to the command line – ssh or local terminal and type

htop

And that’s it!  You can do more advanced things my using the F keys – F9 is a useful one for killing a process that is out of control.

You can resort using traditional top shortcuts – ctrl-M to sort by memory ctrl-P for processor usage etc..

Using F2 you can add more charts to the top section – both left and right sides! Don’t forget to save your new default settings.

 

If you use another flavour of linux it most likely has htop – try “yum install htop” on centos based systems.

Keeping your Raspberry PI install tidy after upgrades & changes

By in Raspberry Pi Tags: , ,

Whilst Linux in general is very good at being neat and tidy, devices such as the Raspberry PI, where resources can be much more limited than other computers can sometimes suffer – usually from lack of space (performance will be dealt with in another post).

If you’ve recently made changes – removed some packages, or manually updated some components you may find your disk-space getting a bit lower. One of the tools you can use is built into apt-get and allows it to scan and remove dependencies no longer required.

 

Simply run the following commands

sudo apt-get autoclean

#removes old archive files that might have been left behind (note you can use clean as well – however this can cause slowness as it removes all archive files and some may be needed again

sudo apt-get autoremove

#this removes any unused packages – often can be left behind if you remove a program which had optional dependencies, these are not always removed by the system – or other changes may have now marked them as unused.

The output of this will looking similar to this:

Claiming back some disk-space using apt-get autoremove
Claiming back some disk-space using apt-get autoremove

This gained me 300MB this time, but I’ve previously gained back 1.2Gigabytes.

1 2 3 4»