Category Archives: Server maintenance

Installing the GeoIP extension on Cent OS 5 running WHM/cPanel

Posted by on July 12, 2011 No comments

We’re running a managed dedicated server hosted by Liquidweb. Those guys are usually a pretty good bunch, but sometimes it shows that they are also just mere mortals. Last weekend I asked them to upgrade MySQL from version 4 to 5 and I also casually asked whether our server OS could be upgraded from Cent OS 4 to 5. The weekend was coming up so it seemed like a good idea to get that underway.

Well, it turned out they actually had to upgrade the OS in order to get MySQL 5 to work. So the server was reinstalled, all hosting accounts re-imaged etc. Unfortunately, none of the PHP/server extensions – such as ImageMagick and GeoIP – survived the upgrade. No sweat, I thought, logged into our WHM site and tried to install the missing modules there. But the PECL installation always failed. So I contacted Liquidweb again – but for the first time ever I did not hear back from them for more than an hour (as I said, they’re usually pretty good, but I guess even they need a break every now and then).

It was kind of unnerving that some of our websites were not working because the extensions were missing. So I took it upon myself to install the stuff with the aid of Google and my moderate Linux knowledge. While imagemagick proved to be a piece of cake following directions given here, GeoIP was a somewhat tougher nut to crack. That was because the installation instructions provided here did not work for me as our yum repositories did not know anything about GeoIP. But at least I knew which packages were necessary:

GeoIP
GeoIP-devel
GeoIP-data

Since the server was running Cent OS 5 now, I needed the correct rpms. God was I glad that a site like http://rpm.pbone.net/ exists! Here I found everything I needed (careful – watch for the correct/corresponding package versions!):

http://rpm.pbone.net/index.php3/stat/4/idpl/14025435/dir/centos_5/com/GeoIP-1.4.5-1.el5.centos.x86_64.rpm.html
http://rpm.pbone.net/index.php3/stat/4/idpl/15707308/dir/centos_5/com/GeoIP-devel-1.4.5-1.el5.centos.x86_64.rpm.html
http://rpm.pbone.net/index.php3/stat/4/idpl/15706982/dir/centos_5/com/GeoIP-data-20090201-1.el5.centos.i386.rpm.html

I logged into our server via SSH and navigated to the /root/tmp/ folder where I could safely execute the installation of the packages. I downloaded the three rpms from one of the mirrors:

wget ftp://ftp.muug.mb.ca/mirror/centos/5.6/extras/x86_64/RPMS/GeoIP-1.4.5-1.el5.centos.x86_64.rpm
wget ftp://ftp.muug.mb.ca/mirror/centos/5.6/extras/x86_64/RPMS/GeoIP-devel-1.4.5-1.el5.centos.x86_64.rpm
wget ftp://ftp.muug.mb.ca/mirror/centos/5.6/extras/i386/RPMS/GeoIP-data-20090201-1.el5.centos.i386.rpm

And installed them one by one:

rpm -ivh GeoIP-1.4.5-1.el5.centos.x86_64.rpm
rpm -ivh GeoIP-devel-1.4.5-1.el5.centos.x86_64.rpm
rpm -ivh GeoIP-data-20090201-1.el5.centos.i386.rpm

With sweaty palms I then typed the command

pecl install geoip

and jumped for joy when I did not get any error messages! I restarted apache via the WHM panel and – woohoo! – GeoIP extension worked as it should!

MySQL remote user access not working on Ubuntu + Plesk

Posted by on June 27, 2011 No comments

Last week one of my mate’s private vServer was hacked, hijacked and used for DoC attacks which prompted his provider (Strato) to disable the machine and recommended a reinstallation of the OS. That was not as bad as it sounds, as all data on the server were on backup and the OS was outdated to boot (OpenSuse 9!).

The vServer was reinstalled with Ubuntu 10.04 LTS and Plesk 10. After all data were back in place, all sites back up and running, all that was missing was the remote connection to the MySQL server. My mate uses Navicat (as do I, btw) to remotely manage his databases. So a new user was added to MySQL with remote access rights, the Navicat settings were altered accordingly and… a connection could not be established. D’Oh!

What went wrong? Well, I had a look at the issue. First off, I checked the [mysqld] settings in the MySQL configuration (aka my.cnf).

user            = mysql
socket          = /var/run/mysqld/mysqld.sock
port            = 3306
bind-address    = 0.0.0.0
basedir         = /usr
datadir         = /var/lib/mysql
tmpdir          = /tmp
skip-external-locking

That looked all good. The standard port was set to 3306, the bind-address was set to listen to all incoming traffic (although a security related “no-no” in my opinion), and no trace of the “skip-networking” directive that might have negated the bind-address settings.

Just to be on the safe side I restarted the mysql server (service restart mysql), but Navicat would still not connect.

Next stop was to have a look at the output generated by iptables -L and there I found this:

DROP       tcp  --  anywhere             anywhere            tcp dpt:mysql

Hmm. It seems that tcp connections to MySQL are dropped for some reason. Probably not a bad idea to keep that setting (and set my.cnf’s bind-address to 127.0.0.1) just to avoid new system intrusions via the MySQL route.

Of course that meant that the Navicat connection problem remained… that is, as far as a direct connection to the MySQL server is concerned. However, Navicat permits to connect to MySQL via SSH tunneling*. And using that option works like a treat minus the security risks of an open MySQL server.

* A bit confusing is that you have to manually set the MySQL Server address to “localhost” in Navicat’s main connection property window. I would have thought that the software would choose this setting automatically, if SSH tunneling is activated. Well, just a minor nuisance.