12Jan/151

Linux (Debian/Ubuntu): Backup

In this post I want to show you how to create a basic full backup of your file system and how to restore it. A Linux system with root access is required. It does not matter whether it is a Dedicated Server or VPS.

Important: The following commands were tested with Ubuntu 14.04 (64 Bit). They should work with Debian as well. Other distributions like CentOS require a few adjustments here and there.

 

  1. Create backup
    We use tar with gzip compression to create an archive of the root partition. Special directories will be ignored as they do not contain any relevant data. The MySQL directory won't be archived as well. I get back to that later.We create the backup file in a separate folder which will be also excluded. In this example, I will make use of the Contabo Backup-Space.apt-get install curlftpfs
    curlftpfs USERNAME:PASSWORD@backup.contabo.net /mnt
    cd /mnt
    tar czf rootfs_backup.tar.gz --directory=/ --exclude=dev/* --exclude=proc/* --exclude=run/* --exclude=sys/* --exclude=tmp/* --exclude=var/lib/mysql/* --exclude=mnt/* .

    The backup can also be temporarily created on the server hard disk. The directory in which the archive will be created must be excluded in any case. I strongly recommend to store the archive in an other secure location though.We now have an image of the whole root partition. This image can be used to restore the server in its current state at any time.
  2. Restore backup
    We start the server into the rescue system und login via SSH. It is important to choose the equivalent version, because else the chroot command would fail. In most cases that would be 64 Bit. In this example, the new hard disk is completely empty. Thus, we need to create a new root partition first and also a swap partition if necessary. Use parted to create the partition:parted /dev/vda mklabel msdos
    parted /dev/vda 'mkpart primary 1 -1'
    parted /dev/vda set 1 boot on
    mkfs.ext4 /dev/vda1
    Now we can mount the new root partition and the FTP Backup-Space:mount /dev/vda1 /mnt/custom
    curlftpfs USERNAME:PASSWORD@178.238.239.254 /mnt/backup
    And finally start the actual restore process:cd /mnt/custom
    tar xzf /mnt/backup/rootfs_backup.tar.gz
    There are a few modifications necessary to make the system bootable. We change the working environment with chroot:

    mount -o bind /dev /mnt/custom/dev
    mount -o bind /sys /mnt/custom/sys
    mount -t proc /proc /mnt/custom/proc
    chroot /mnt/custom /bin/bash

    The operating system uses UUIDs to identify partitions. Since we created a new root partition we have to replace the old UUID with the new one. We find the new UUID with this command:

    blkid

    Open /etc/fstab with your favorite text editor, e.g. nano and change the UUID of /. Then fix the GRUB configuration and install the boot loader like this:

    grub-mkconfig > /boot/grub/grub.cfg
    grub-install /dev/vda

    We leave the chroot environment with exit and ultimately the rescue system with exitrescue. After a reboot your server server should be running normally again with the backup state.

  3. MySQL exception
    MySQL databases can't be copied directly from the directory while the MySQL server is running. This could result in data corruption. Thus, we use mysqldump here:mysqldump -p --all-databases > db_backup.sqlThis command should be executed before creating the root filesystem backup to include it in the same image. Use the following commands to restore the database backup after the server has been booted normally again for the first time:mysql_install_db
    service mysql start
    mysql < db_backup.sql
    service mysql restart

As you can see a few commands can be enough to not only backup important personal files, but also the complete system including all settings. Regular and reliable backups can prevent long outages and - the real important part - data loss.

Always remember: Data without backup is insignificant data!

Posted by: Tino | Tagged as: , , , 1 Comment
25Nov/131

cPanel/WHM: Best practices

Our Dedicated Servers and VPS's with cPanel are very popular among our customers. The easy to use administration panel renders web hosting comfortably even for inexperienced Linux administrators. Almost all settings can be done via WHM, SSH access is rarely necessary.

We deploy cPanel servers automatically with a working standard configuration. Most settings are left default, some had to be added to make the server accessible. I want to show you a few points that are important after the installation.

The following steps can be done in your server WHM. Please log in to https://[server-IP]:2087 as root to continue.

Even if you have not worked with the WHM interface yet, you will be able to navigate through it easily. I find the search bar very useful to access the needed function quickly. It acts similar to the Windows 7 start menu search.

cPanel Search

  1. We start with Basic cPanel & WHM Setup.
    1. Notice the contact e-mail address in the first configuration line. We recommend changing it to a personal address to keep yourself informed about server activities. cPanel is quite active in this regard, so a separate in-box is advisable.
    2. You will find the default nameservers at the bottom of the page. We have predefined our nameservers here. Domains that you bought from us will work out of the box using this setting. If you run domains on other nameservers, you can define their addresses here.
  2. We continue with Configure Remote Service IPs. Choose the tab Remote Name Server IPs here. The following list of IP addresses are associated to the nameservers defined before. If you only use domains from us, no changes are necessary here. If you have domains on other nameservers, you can add their IPs to the list. Otherwise cPanel will refuse to add those domains as addon domains.
  3. The next point is Change Hostname. Our predefined hostname does not resolve to your server IP by default. You will have to define a new one with a working domain to avoid problems with e-mail transmission. You may leave the first section as it is, e.g. "vmi1234.example.com". If you use a domain that is not hosted on our nameservers, make sure to add an A entry for the sub-domain in your DNS management.
  4. A correct RDNS entry is another important factor for RFC compliant e-mail transmission. The PTR of an IP must match the server hostname. Please use our Customer Control Panel to set the entry for your server IP, e.g. "vmi1234.example.com".
    Update 19 December 2014: We now set a default host name in the contabo.host zone which resolves correctly. There are no adjustments necessary in this regard anymore.

After these steps, your cPanel server is ready to fulfil all general hosting tasks. If you need more help material, please see the comprehensive cPanel documentation.

Posted by: Tino | Tagged as: , , , , , , 1 Comment
9Oct/130

ASI News

Attention Windows Server users: We released a new installation method for Windows Server operating systems today. It is already available for all VPS and Dedicated Server customers with Windows Server. The first thing you will notice is a much shorter installation time. Our Dedicated Server X with 1 Gbit/s port only took five minutes to finish. Further technical improvements facilitate our administrative work.

We still provide all existing advantages of our automated system installation (ASI) as a matter of course. There will not be any user interaction necessary. Your server will be automatically deployed with the assigned IPv4 and IPv6 address. RDP will be accessible right after the installation. Important security updates will be downloaded and installed over night.

We are now perfectly prepared for future Windows versions. Windows Server 2012 R2 should be available very soon on our servers after its official release.

Posted by: Tino | Tagged as: , , No Comments
31Jul/130

System Rescue CD: First Steps

sysresccd login

Many of you have already heard about it or even used it once in a while, but most of you have probably not been introduced to it yet: Our rescue system! While hopefully not being needed at all, it provides many possibilities to fix certain problems and to bring the machine back online as soon as possible. When the server is down, every second counts. It is important to know what to do beforehand. Thus, I will provide you with some basic information first:

Our rescue system is based on the SystemRescueCD. This is a specialised Linux distribution for recovery purposes. I can highly recommend it for private usage as well. I always carry a bootable thumb drive with me ;). The rescue system starts on our servers via PXE network boot. This has several advantages:

  • It is available as long as the server is connected to our network.
  • It is always accessible with the same known login credentials.
  • It boots isolated from the operating system and its settings.

The rescue system can be chosen for Dedicated Servers or VPS's in your Customer Control Panel. After clicking on the rescue icon, a new page opens with a short info text and the version control. The version should match the operating system. This is 64 bit in most cases. Once you click on "Start rescue system", your server will reboot right away.

The system will be available after a few minutes via SSH under the server IP and the default port 22. The root password is the default one that we have sent you when you ordered the server. We can send you that e-mail again if necessary. We recommend PuTTy (command line) and WinSCP (file transfer) as Windows clients.

You will probably need access to your data. Check first which partitions are available:

fdisk -l

The root file system is usually located on /dev/sda2 or /dev/vda2. Use the following command to mount the according partition:

mount /dev/sda2 /mnt/custom

Your server files are now available in /mnt/custom.

If you use Windows as operating system on your server, our rescue system can be helpful despite the different architecture. The C: drive is usually located on /dev/sda2 or /dev/vda2. The command to mount it with write access is a bit different:

ntfs-3g /dev/sda2 /mnt/windows

You are now set to modify configuration files or to retrieve personal data. WinSCP is perfect for those purposes.

When you have finished your work and want to boot your server normally again, enter the following commands:

exitrescue
reboot

Your server should then boot from the hard disk again and be available as usual.

This was supposed to be a short introduction. Becoming familiar with the Linux shell and its possibilities is very advantageous. I can definitely recommend the tutorials on nixCraft for further reading.

More tutorials for certain procedures will follow, so stay tuned!

 

Posted by: Tino | Tagged as: , , , , No Comments
15Jul/131

Rewrite rules with htaccess

Contabo Webspace XXLOne recurring question affects mostly our webspace packages, but should be interesting for many others as well:

How can I move the content of my main domain to a sub-folder without affecting its appearance?

 

cPanel always assigns one domain as the main domain for a user account. Add-On domains can be added easily, but they simply appear as sub-folders in the same folder that is being used by the main domain. Here is the effect:

/

  • public_html/
    • admin/
    • config/
    • data/
    • example2.com/
      • admin/
      • config/
      • data/
      • themes/
      • index.php
    • themes/
    • index.php

This can cause confusion when using several add-on domains. It would be better to have the content of the main domain in a separate sub-folder as well. However, cPanel does not offer a configuration option for this purpose. Luckily, this will not be necessary though, since htaccess rewrites allow specifying the actual location of the website content.

It is best to start with a fresh account. Otherwise, a full backup of all files is as always recommendable. The cPanel backup assistant will be helpful here.

The following steps can be done easily via FTP client.

If you are moving an existing website, create a sub-folder in /public_html and name it after the domain, e.g. example.com. Move all content of your main domain to the newly created folder. In our example this would include admin, config, data, themes and index.php. If there already is a .htaccess file, move it as well.

Then create a new .htaccess file in /public_html and paste the following:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^example.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.example.com$
RewriteCond %{REQUEST_URI} !^/example.com
RewriteRule ^(.*)$ example.com/$1 [L]

example.com has to be replaced with your actual domain name.

After saving the file you can open the domain in your browser. The website should be displayed correctly.

The next step depends on the software that is being used on your website. In this example, we show the procedure for Joomla! 3 and WordPress.

Most scripts generate relative URLs based on their location by default. Our changes would cause links on your website to be shown like this:

http://www.example.com/example.com/index.php

To correct this behaviour, the base URL needs to be set statically in the Joomla! configuration. Open configuration.php with an editor and modify the following line:

public $live_site = 'http://www.example.com/';

configuration.php is usually stored read-only. You may need to gain write access first by modifying the file permission.

If you use URL Rewriting in Joomla!, edit the following line in the .htaccess file in the sub-folder of your domain:

RewriteBase /example.com

Make sure to remove the hash at the beginning of the line.

The WordPress configuration is similar. Open wp-config.php with an editor and modify the following lines:

define('WP_HOME','http://example.com');
define('WP_SITEURL','http://example.com');

The changes are not visible to visitors and your website is accessible normally. The new folder structure is much cleaner:

/

  • public_html/
    • example.com/
      • admin/
      • config/
      • data/
      • themes/
      • index.php
    • example2.com/
      • admin/
      • config/
      • data/
      • themes/
      • index.php
    • .htaccess

This is only one of the many possibilities of rewrite rules. If you desire more information on this complex topic, I can recommend the Apache documentation.

Posted by: Tino | Tagged as: , 1 Comment
13May/130

From Squeeze to Wheezy like a breeze!!!

Upgrading Debian 6.0 to 7.0

 

With the release of Debian 7.0 there are two ways that you can have this distribution installed on your VPS or Dedicated servers.

One is the clean installation, this could be done using our customer control panel. This is a complete re-installation, so you will loose all your data. This method is recommended as it will freshly install a clean distribution.

But if your system is not that critical, or if you have somehow a 'clean' system, which means that you have installed software only using package management tools, you have not manually 'tweaked' anything or if you have not installed any additional software using .tar, then you can proceed with the following instructions to upgrade from Debian 6.0 (Squeeze) to Debian 7.0 (Wheeze).

Before we begin a word of caution :  Though we have tested this on a test server here at our Contabo labs, and everything seem to work without any problem, we highly recommend you to create a backup and store it remotely before you begin, just in case.

Complete official instruction to upgrade can be found here.

Bringing your current Debian 6 up-to-date:

Before beginning it is a good idea to ensure your current release is up to date. You can do it using the following commands:

Update and Upgrade

apt-get update

apt-get upgrade

Changing sources.list

Please open your favorite text editor to open /etc/apt/sources.list file

vi /etc/apt/sources.list

and change squeeze to wheezy, after the change my /etc/apt/sources.list file looks like this :

deb http://ftp.de.debian.org/debian wheezy main non-free contrib
deb-src http://ftp.de.debian.org/debian wheezy main non-free contrib
deb http://security.debian.org/ wheezy/updates main contrib non-free
deb-src http://security.debian.org/ wheezy/updates main contrib non-free
deb http://ftp.de.debian.org/debian wheezy-updates main contrib non-free
deb-src http://ftp.de.debian.org/debian wheezy-updates main contrib non-free

 

Upgrade the System

We follow the upgrade process in the following sequence according to the official how-to.

Update the sources

apt-get update

 

Minimal upgrade

apt-get upgrade

Upgrade the kernel
You can check the current installed version of your kernel using the following command :

dpkg -l | grep linux-image

my output was:

ii  linux-image-2.6-amd64                2.6.32+29                      Linux 2.6 for 64-bit PCs (meta-package)
ii  linux-image-2.6.32-5-amd64           2.6.32-45                      Linux 2.6.32 for 64-bit PCs

 

Upgrading kernel :

apt-get install linux-image-2.6-amd64

next step would be to update grub to be sure that everything works as expected:

update-grub

update udev

apt-get install udev

 

Final upgrade:

After all the above steps have been completed, we can upgrade the distribution:

apt-get dist-upgrade

Here you go – have fun with your new Debian 7.0 - you can check your version:

cat /etc/issue

Debian GNU/Linux 7.0 \n \l

 

23Apr/130

WordPress Users – Your Admin Password May Get Stolen

Hackers Use Large Botnet To Gain Access.

wordpress

 

If you are using WordPress, it would be a good idea to use a very strong password and make sure your username is not 'admin'.  There is a brute Force dictionary-based attack that aims to find the password for 'admin' account that every WordPress site sets up by default.

According to industry sources, this is a very well-organized and very distributed attack it is believes that around 90,000 IP addresses are currently involved. Successfully exploited sites get a backdoor installed that provides attackers with ongoing access to the WordPress site, regardless of whether a user subsequently changes the password guessed by attackers. Exploited sites are then used to scan for WordPress installations, and launch the same type of attack against those sites.

According to CloudFlare, the hackers control about 100,000 bots. The CloudFlare team believes that the attaker is currently using a network of relatively low-powered home PCs, but the aim is "to build a much larger botnet of beefy servers in prepration for a future attack". Home PCs can be the staging ground for a larger denial-of-service attack, but servers have access to far more bandwidth and can hence push out far larger amounts of traffic.

Some of the measures you could take to protect your WordPress sites are:

  1. Choose a very strong password - which is always a good idea.
  2. Change frequently used admin-level credentials
  3. Install a number of WordPress plugin like wp-fail2ban , Lockdown WP Adminbetter WP SecurityBulletProof Security or simply by hardening your WP   by providing access to the WordPress admin console, to approved IP addresses.
  4. WordPress founder Matt Mullenweg notes in a blog post that changing your 'admin' username to something a bit more obscure may be your best defense given that the hackers have 90,000 IPs at their disposal.
Posted by: Tino | Filed under: General stuff No Comments