Many websites and web applications that are developed using PHP & MySQL allow users to upload files, photos and documents to the server. Normally, the upload script receives the files and moves (or writes) it to a directory (folder) with write permissions. If you are on Linux, then this would mean that your folder CHMOD value is 0777.

The Problem
The changing of CHMOD value to 0777 practically allows anyone in the WORLD to write to your folder and is therefore not recommended. However, many a times we are left with no option but to do so - depending on the servers' environment.

How can this be a problem?
This allows attackers to upload upload a malicious PHP script to your directory, which they will then execute by accessing it. This script could either be a mass-mailing script or a malicious script to gain access to your account (or web server).

The Solution
It is said that prevention is better than cure - and therefore, it is important to prevent these scripts from being executed by the server. This can very simply be done by adding a few lines of code to your .htaccess file. If your directory is supposed to hold photo files only, then the following code is recommended to prevent scripts from being executed.

It is also important to disable directory listing on these folders.

# Disable Directory Listing
Options All -Indexes

# Allow access to these file extensions only
<FilesMatch "\.(htaccess|htpasswd|ini|php|cgi|pl|phps|sh)$">
 Order Allow,Deny
 Deny from all
</FilesMatch>

The above will add an extra layer of security to your web application.

tar -xf file.tar 

tar -czf /path/to/save/file.tar folder_or_file_name

The options used in the above command are outlined below for your understanding.

-c = create
-z = compress a file
-f = use the file mentioned instead of tape drive

ls [options here] | more

Example:-

ls -l | more

Thank you to everybody for your thoughtful birthday wishes via phone call, text message, email and facebook!

Today, I came across this well said proverb while watching one of my favorite TV shows, Numb3rs - the 6th season. I often come across such words of wisdom from many different places which I'll be posting it up on my blog. Stay tuned.

The Hierarchy of Digital Distractions

I stumbled across this infographic on Information in Beautiful. It illustrates the Hierarchy of Digital Distractions. I'm quite amazed with this infographic and find it very true. How true do you find this? Click on the image to see this infographic in its original size.

Tip: start from the bottom.

If you recently installed wordpress and are wondering why your site is not on any search engines, the culprit is the privacy options in wordpress. By default - it is set to reject all search engines besides normal visitors by setting the robots meta tag to noindex, nofollow.

The good thing is that it's really easy to fix this. Follow the instructions below and you'll be on your way to wait for Google & other search engine bots to crawl your site again.

1. Log into Wordpress Administration Area (wp-admin)
2. Go to Settings > Privacy
3. Select: I would like my blog to be visible to everyone, including search engines (like Google, Sphere, Technorati) and archivers
4. Save settings

I hope this helps.

Happy Blogging!

#1: If you are looking for a particular file in /home directory

find /home -name filename

#2: If you are looking for files whose name is starting with "filename" in public_html directories only, you can use the following command:-

find /home/*/public_html -name filename* 

#3: Instead of viewing your search results in command line, you can write it to file by using this:

find /home/*/public_html -name filename* > /home/filename_search.txt

#4: Alternatively, you can send it via e-mail directly from server using the command below. Don't forget to replace "Subject Here" with your email subject, and "email.address@domain" with your email ID.

find /home/*/public_html -name filename* |mail -s "Subject Here" e-mail.address@domain

I hope this was useful.