Install Drush on Ubuntu 16.04

Installing Drush provides a way of managing your Drupal installs using a familiar method, the command line.  Drush can simplify your life by allowing you to perform admin duties.

In this tutorial, we will be using Composer as our package manager, as it is necessary to install Drush’s dependencies.  It does take at least 1 GB worth of memory, so be sure to have that before starting this tutorial.

Step 1:  Updating

As a matter of good practices, we’ll update our system

apt-get update

Step 2:  Install Zip

Most likely you’ll already have the zip command but if you don’t go ahead and install.

apt-get install zip unzip

Step 3: Install Curl

apt-get install curl php7-cli git

Step 4: Install Composer

curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer

Step 5: Install Drush

Using the following command will install the newest version of Drush, at this time it is

composer global require drush/drush

Alternatively, you can install the Drush version of your choice by appending the version needed.  If you’d like Drush 8 use…

composer global require drush/drush:8

Step 6: Add Drush Directory to Your Path

If performing the version check in Step 6 gives you the message of “command not found” then open your .bashrc file and input the following into the file

#path for Drush
export PATH="$HOME/.composer/vendor/bin:$PATH"

Run source show recognize the changes to the file.

source .bashrc

Step 7: Verify the Installation of Drush

You’ll be able to verify the version of the Drush install and other useful information by running the following command.

drush status

Output:

PHP binary    : /usr/bin/php7.0
PHP config    : /etc/php/7.0/cli/php.ini
PHP OS        : Linux
Drush script  : /root/.composer/vendor/bin/drush
Drush version : 9.5.2
Drush temp    : /tmp
Drush configs : /root/.composer/vendor/drush/drush/drush.yml
Drupal root   : /root/.composer/vendor/drush/drush/sut

 

Install and Connect to PostgreSQL 10 on Ubuntu 16.04

PostgreSQL (pronounced “post-gress-Q-L”) is a household name for open source relational database management systems. Its object-relational meaning that you’ll be able to use objects, classes database schemas and in the query language.  In this tutorial, we will show you how to install and connect to your PostgreSQL database on Ubuntu 16.04.

 

Step 1: Install PostgreSQL

First, we’ll obtain the authentication keys need to validate packages from the PostgreSQL repo.

wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ $(lsb_release -sc)-pgdg main" > /etc/apt/sources.list.d/PostgreSQL.list'

As a best practice, we will update our server before installing PostgreSQL.

apt-get -y update

After the update is complete, we’ll run the following command to install PostgreSQL

apt-get install postgresql-10

 

Step 2: Logging into PostgreSQL

Once installed PostgreSQL creates a default user named “postgres”.  This user works in a way different to that of other popular databases like MySQL.  PostgreSQL users can change the method of authentication, but by default, it uses a mode called ident. Ident takes your OS username and compares it with the allowed database usernames.

You must first switch to the default Postgres user

su - postgres

You’ll now see that you are logged in as that user via the prompt change

postgres@host2:~$

Afterward, you can then enter the PostgreSQL terminal by typing:

psql

You’ll know you are connected by the message below:

psql (9.5.14)
Type "help" for help.
postgres=#

 

Step 3: Logging out of PostSQL

To exit out of your postgresql environment use the following command

\q

Now that you’ve created your PostgreSQL world it’s time to stretch your feet!  Let’s start creating and listing databases using our world renown Cloud VPS servers.

 

Listing and Switching Databases in PostgreSQL

PostgreSQL (pronounced “post-gress-Q-L”) is a household name for open source relational database management systems. Its object-relational meaning that you’ll be able to use objects, classes in database schemas and the query language. As part of our PostgreSQL series, we’ll show you how to list and switch between databases quickly.

Pre-flight

Log into your Ubuntu 16.04 server

Step 1: Login to your Database
su - postgres

Step 2: Enter the PostgreSQL environment
psql

With the psql command, you’ll be greeted by its current version and command prompt.

psql (9.5.14)
Type "help" for help.
postgres=#

Step 3: List Your PostgreSQL databases
Often, you’ll need to switch from database to database, but first, we will list the available database in PostgreSQL

postgres=# \list

By default, PosgreSQL has 3 databases: postgres, template0 and template1

Step 4: Switching Between Databases in PostgreSQL
Switching between databases is another way of saying you are closing one connection and opening another. When you need to change between databases, you’ll use the “connect” command, which is conveniently shortened to \c, followed by the database name.

\connect dbname

Or:

\c dbname

Creating and Deleting a PostgreSQL Database

PostgreSQL (pronounced “post-gress-Q-L”) is a household name for open source relational database management systems. Its object-relational meaning that you’ll be able to use objects, classes in database schemas and the query language.  In this tutorial, we will be demonstrating some essentials like creating, listing and deleting a database.

If you have already installed PostgreSQL to your Ubuntu 16.04 server using our last tutorial, your next step is to create a database.  You’ll be accomplishing this task by using the default superuser, postgres, to log in.

Step 1: Login as the Postgres User

su - postgres

Step 2: Enter the PostgreSQL Environment

psql

With the psql command, you’ll be greeted by its current version and command prompt.

psql (9.5.14)
Type "help" for help.
postgres=#

Step 3: Creating the PostgreSQL Database

Let’s create our first database by typing in the command below.  Replace dbname with the database name of your choice.

CREATE DATABASE dbname;

 

Verify Creation of PostgreSQL Database

Using the following command allows us to view the databases in our PostgreSQL instance (you can ignore, delete or utilize the default databases: postgres, template0, template1)

postgres=# \list

 

Deleting a PostgreSQL Database

Once you’ve backed up your removing your PostgreSQL database is a cinch!  Its similar to creating a database but we will be using the drop command. In my command line example, the database name is “dbname”. By using the list command in the previous section, you’ll be able to view your databases’ names. Replace dbname with your database’s name in the command below.

DROP DATABASE dbname;

 

Reset Your WordPress Admin Password

Whether its a hacked site or a lost password, you may find that you are locked out of your WordPress Admin control panel. If you’ve forgotten your password or don’t have access to the email address that the “Lost your password?” link sends to, you still have one more option to access it. Through the database!  WordPress’ database stores all WordPress username, encrypted passwords, and the user’s email address and thus can be edited through a database client like phpMyAdmin. In this tutorial, we’ll be showing you how to edit the email address and change your user’s password.

Continue reading “Reset Your WordPress Admin Password”

How To Change Website Name in WordPress

You may have noticed, when transferring a website, that the URL is still stuck on the old site even though you have changed the virtual host file to reflect the new domain name. Or you may see the URL entirely greyed out in your WordPress portal. This mismatch can happen if you can’t change the URL within WordPress to reflect the new site name. In this tutorial, we will show you how to change the URL through the database.

Step 1: Enter the Database

If you don’t have your database credentials you can certainly grab them from your wp-config.php file, usually located in /var/www/html. Copy your username and password, you’ll need these to enter phpMyAdmin.

/** MySQL database username */
define('DB_USER', 'yourusername');
/** MySQL database password */
define('DB_PASSWORD', 'userpassword');

If you Ubuntu 14.XX and higher, you can visit https://yourhostname.com/phpmyadmin and enter your database username and password copied from your wp-config.php. CentOS users can usually go to their WHM panel and type in “phpMyAdmin” into the search bar for a shortcut into their database.  With specialty platforms like Managed WordPress or Cloud Sites check with your support team to locate your phpMyAdmin instance.

Step 2: Find the WP_Options Table

Once you’ve entered phpMyAdmin, click on your database name on the left, in this case, ours is named 929368_kittens.In WordPress' database the wp-options table has the siteurl and home row needed to change the URL.

Locate wp_options, afterwards you’ll see rows on the right hand side.  The home and site_url row is needed as we will be changing these values to the new website name.

Note:
Search home or siteurl in the Filter rows: in the search box to these entries if not readily visible.

Select Edit in the row of siteurl and home to edit the URL, including “http” or “https” (if you already have an SSL on the domain name). Once you’ve changed your URL, select GO to save your changes.

In a WordPress database change the URL by editing the siteurl and home row.

Step 3: Update DNS

Your WordPress instance is now set to your new URL!  If you haven’t done so already, you may need to set your A record to your new IP address or clear your browser’s cache to visit your new URL.

Changing the domain name within WordPress is simple enough but sometimes code within an nginx.conf or .htaccess file can also direct a site back to the old domain name. It should also be noted that sometimes a plugin, theme or database can be referenced or hardcoded to read an old domain name.  For either problem, the Velvet Blue’s plugin or WP-CLI’s search and replace command cater to the issue.  Our Managed WordPress platform performs name changes automatically from our control panel, as well as core updates.  Check out how our Managed WordPress product can streamline your work.

Creating a Virtual Environment for Python on Ubuntu 16.04

Virtualenv is a tool that creates an isolated environment separate from other projects. In this instance we will be installing different Python versions, including their dependencies.  Creating a virtual environment allows us to work on a Python project without affecting other projects that also use Python. It will utilize Python’s core files on the global environment to run, thus saving you disk space while providing the freedom to use different Python version for separate apps.

Continue reading “Creating a Virtual Environment for Python on Ubuntu 16.04”

Install vsftpd on Ubuntu 16.04

Installing vsftpd allows you to upload files to a server, the concept is comparable to that of Google Drive.  When you invite specified users to your Google Drive they can create, delete, upload and download files all behind a secure login. Vsftpd is excellent for company’s looking for an alternative to Google Drive or for anyone who wants to create a robust server. This “Very Secure File Transfer Protocol Daemon” is favored for its security and speed and we’ll be showing you how to install vsftpd on an Ubuntu 16.04 LTS server.

 

Pre-Flight Check

  • These instructions are intended specifically for installing vsftpd on Ubuntu 16.04.
  • You must be logged in via SSH as the root user to follow these directions.
Warning:
FTP data is insecure; traffic is not encrypted, and all transmissions are clear text, including usernames, passwords, commands, and data. Consider securing your FTP connection (FTPS).

Step 1: Updating Apt-Get

As a matter of best practices we update apt-get with the following command:

apt-get update

Step 2: Installing Vsftpd

One command allows us to install vsftpd very easily.

apt-get -y install vsftpd

Step 3: Configuring Vsftpd

We’ve installed vsftpd, and now we will edit some options that will help us to protect the FTP environment and enable the environment for utilization. Enter the configuration file using the text editor of your choice.

vim /etc/vsftpd.conf

Change the values in the config file to match the values below and lastly, save exit by typing

:wq

 

anonymous_enable=NO
local_enable=YES
write_enable=YES
chroot_local_user=YES
ascii_upload_enable=YES
ascii_download_enable=YES

 

Click Here for a Further Explaination on Each Directive
Anonymous_enable: Prohibit anonymous internet users access files from your FTP. Change anonymous_enable section to NO.

Local_enable: If you have created users you can allow these users to log in by changing the local_enable setting to YES.

Write_enabled: Enable users the ability to write the directory, allowing them to upload files. Uncomment by removing the # in from of write_enabled:

Chroot jail: You can “chroot jail” local users, restricting them to their home directories (/home/username) and prohibiting access to any other part of the server. Choosing this is optional but if you state YES follow the steps in Step 4 for removing write privileges and making their own directory for uploads. If you select NO, the user will have access to other directories.

Step 4: Editing Permissions for a User

If you have an existing or new user that is not able to connect, try removing write privileges to their directory:

chmod a-w /home/username

Step 5: Creating the User a Directory

Create a directory just for FTP, in this case, and we are name it files. Afterward, this user will be able to upload and create files within the files folder:

mkdir /home/username/files

Step 6: Accepting FTP Traffic to Ports

There are a few ways to open ports within a server, below is one way of opening port 20 and 21 for FTP users to connect.

Note
Directly passing iptable commands, like below, can break some firewalls. In whichever method you choose to edit your iptables ensure that port 20 and 21 are open.

iptables -I INPUT 1 -p tcp --dport=20 -j ACCEPT

iptables -I INPUT 1 -p tcp --dport=21 -j ACCEPT

Step 7: Restarting the Vsftpd Service

Restarting vsftpd enables changes to the file (step 3) to be recognized.

service vsftpd restart

Step 8: Verifying Vsftpd

Now for a little fun, let’s connect to our FTP to verify it is working.

ftp 79.212.205.191

Example Output:

ftp 79.212.205.191
Connected to 79.212.205.191.
220 Welcome to FTP!
Name (79.212.205.191:terminalusername):<enter your FTP user>

You’ll also be able to connect via an FTP client, like Filezilla, using the IP address of your hostname and leaving the port number blank.  Take it for a spin and try to upload a file or write a file. If you enabled the chroot jail option, the user should not be able to go to any other parent directory.

 

WordPress Exploit – AMP Plugin

AMP for WP -Accelerated Mobile Pages allows your site to be faster for mobile visitors. Along with last week’s report, the AMP plugin has also been added to the list exploited. The AMP for WP plugin was reported on October 20, 2018, by its developers. Luckily, the newest version, 0.9.97.20, of this plugin has patched for their known security flaws. This exploit has the means of putting 100,000+ users at potential risk, so its best to check if you are utilizing this plugin. In this tutorial, we will be checking if you use this plugin. Along with updating, we will also show you how to check if your site for compromises.

In the vein of the WP GDPR plugin exploit, the AMP hack allows code vulnerability to make site-wide changes. Bots scan for sites using the AMP plugin and use an XSS security bug to create a new user that has admin-like privileges. The vulnerable versions’ (below 0.9.97.20) code didn’t cross check to see if registered users had the permissions to perform some actions. With administrative like privileges a hacker can hide their code within your WordPress files to use to take over your website. Additionally, they can upload files, update plugins, read files, and inject posts.

Identify If You Use AMP for WP

By logging into your WordPress backend you can easily see if you are subject to this exploit.

Step 1: Enter the WordPress backend by going to yourdomain.com/wp-login.php in your browser.
Step 2: Login with your WordPress username and password and navigate to Plugins and click on Installed Plugins on the left-hand side of your screen.
Step 3: Scroll down through any installed plugins to see if you have Accelerated Mobile Pages within your list, followed by its version. Any version below 0.9.97.20 is still vulnerable and you’ll have to perform a few actions to protect yourself.
The Plugins section in WordPress will allow you to see if you are utilizing AMP.

Upgrade AMP – Accelerated Mobile Pages

Note: It’s recommended to backup your website before pushing any updates.

Step 1: Follow the steps above in the section “Identify If You Use AMP for WP” to login and locate your Plugins menu.

Step 2: Locate Accelerated Mobile Pages. If you are running an outdated version you’ll see a message providing you a link to update. Click “update now” to automatically update to the latest version.

 

In the WordPress backend click the "update now" link to protect yourself from the AMP hack.

Have You Been Hacked?

A site hack is possible even without noticing any visual differences to your site. For a closer inspection below are some of the characteristics of the AMP exploit.

  • Characteristics of the AMP hack:
  • External Calls to sslapis.com
  • New creation of WordPress admin user “supportuuser”
  • Post injections
  • Registered user can manipulate code
  • Code vulnerability in ajax hooks
    • ampforwp_save_steps_data
    • wp_ajax_ampforwp_get_licence_activate_update
    • wp_ajax_ampforwp_deactivate_license
    • wp_ajax_ampforwp_save_installer
    • wp_ajax_amppb_export_layout_data
    • wp_ajax_amppb_save_layout_data
    • wp_ajax_ampforwp_get_image

If have identified your site is compromised from above characteristics, you’ll want to remedy it immediately since other sites on the same server can potentially be affected.

  • Liquid Web customer can purchase a Malware Clean Up package
  • Manually remove the code from the infected files
  • Restore from a backup dated before October 20, 2018 (keep in mind this will still have the old version and your site will still be in danger).

As time goes by, more plugins will give way to more vulnerabilities but there are some proactive steps to ensure your site’s security. For insight into ways of protecting your WordPress site look into our article on the subject, The Best Ways to Protect Your WordPress Site.

 

Create a Cron Task in Ubuntu 16.04

Cron jobs are an incredibly useful Linux tool aimed at saving you time by scheduling tasks within your server. A programmed cron task will execute commands within a script by the minute, day, week or month. They can be scheduled to do many tasks including backing up your server’s files nightly, updating inventory orders in a database or even compressing files for migrating. Repetitive tasks become a cinch when incorporating a cron job. While there are numerous ways to run a cron task, we will be using the crontab option that is inherent within Ubuntu to set up a nightly backup of our website. Continue reading “Create a Cron Task in Ubuntu 16.04”