Mohsin Sumar Zend Certified Engineer, PHP Professional, Designer & Web Developer

15Mar/100

Hibernate does not work anymore in Microsoft Vista

It's been a while since I blogged last, and even longer since I cleaned and free up some disk space on my laptop. While moving and deleting data last week, I used disk cleanup utility. I cleared couple of GBs using this utility, including Hibernation File Cleaner. Obviously, I had no idea what this would do to my laptops' power settings and realized it after a few days that my laptop doesn't hibernate any more and goes to sleep.

After quite sometime trying to fix this, I stumbled across the following knowledge base article on Microsoft Support site: http://support.microsoft.com/kb/929658

The fix is really simple; all you need to do is log in as Administrator and run the following command:-

powercfg /hibernate on

You'll now be able to hibernate again. I'm going to do just that right now! :)

27Nov/090

Securing PHP application from malicious scripts

If you've stumbled across this post, then you've recently become a victim of the most famous way of uploading a malicious script to a website - PHP file uploads.

Many websites and web applications that are developed using PHP & MySQL allow users to upload files, photos and documents to the server. Normally, the upload script receives the files and moves (or writes) it to a directory (folder) with write permissions. If you are on Linux, then this would mean that your folder CHMOD value is 0777.

The Problem
The changing of CHMOD value to 0777 practically allows anyone in the WORLD to write to your folder and is therefore not recommended. However, many a times we are left with no option but to do so - depending on the servers' environment.

How can this be a problem?
This allows attackers to upload upload a malicious PHP script to your directory, which they will then execute by accessing it. This script could either be a mass-mailing script or a malicious script to gain access to your account (or web server).

The Solution
It is said that prevention is better than cure - and therefore, it is important to prevent these scripts from being executed by the server. This can very simply be done by adding a few lines of code to your .htaccess file. If your directory is supposed to hold photo files only, then the following code is recommended to prevent scripts from being executed.

It is also important to disable directory listing on these folders.

# Disable Directory Listing
Options All -Indexes

# Allow access to these file extensions only
<FilesMatch "\.(htaccess|htpasswd|ini|php|cgi|pl|phps|sh)$">
 Order Allow,Deny
 Deny from all
</FilesMatch>

The above will add an extra layer of security to your web application.

24Nov/090

How do I extract a tar file?

Using the following command in SSH, you will be able to extract files from your tar file.

tar -xf file.tar 

22Nov/090

How to tar a file using SSH?

Use the following command if you want to create a tar and compress a file (or folder).

tar -czf /path/to/save/file.tar folder_or_file_name

The options used in the above command are outlined below for your understanding.

-c = create
-z = compress a file
-f = use the file mentioned instead of tape drive

16Nov/090

A man should look for what is, and not for what he thinks should be.

"A man should look for what is, and not for what he thinks should be."
- Albert Einstein