Uninstall Programs Manually

Uninstall Programs Manually
Just because Windows XP has the Add/Remove Programs feature it doesn't mean your application will appear in the list. Furthermore, even if it does appear, it's no guarantee that the uninstall feature will work. When you run across one of these situations the items listed below will help in getting rid of the application. Be aware that these steps may not remove everything associated with the application and can impact other applications on the computer. Have a backup or restore point and use caution.

Find the directory for the application and delete all the files in the directory. Delete the directory.

Open regedit and navigate to HKEY_LOCAL_MACHINE\SOFTWARE and find the folder for the application. Delete the folder.

Open regedit and navigate to HKEY_CURRENT_USER\SOFTWARE and find the folder for the application. Delete the folder.

To remove the application entry from Add/Remove Programs (if present) open regedit and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall and find the folder for the application. Delete the folder.

Some applications have Services attached to them. If this is the case, navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services, locate and delete the service.

In Windows Explorer, navigate to the individual user settings and delete program references. Common places to check would be:

C:\Documents and Settings\All Users\Start Menu\Programs and delete relevant entries.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup and delete relevant entries.
C:\Documents and Settings\%YourUserID%\Start Menu\Programs and delete relevant entries.
[Do this for each User ID listed]
C:\Documents and Settings\%YourUserID%\Start Menu\Programs\Startup and delete relevant entries.
[Do this for each User ID listed]

If no entries were found in the previous step and the application launches automatically, navigate to
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
and delete the entry.

If the Add/Remove Programs applet does NOT open

Start Button\Run and type appwiz.cpl and click OK

If the Add/Remove Programs applet does NOT open, or flashes briefly, you may have some missing registry entries.

To fix the problem:

1. Open a CMD.EXE prompt.

2. Type regsvr32 mshtml.dll and press Enter and OK.

3. Type regsvr32 shdocvw.dll -i and press Enter and OK.

4. Type regsvr32 shell32.dll -i and press Enter and OK.
__________________

Installing Trac on FreeBSD 6.2

Trac is a project which integrates SCM & project management. Trac can help you stay more organized keeping your wiki, roadmap, tickets, and source information in one location.

Installing trac

cd /usr/ports/www/trac
make install clean
I left the default options in config screen


Setup a basic trac site for the example svn repository created in Setting up a Subversion Server on FreeBSD 6.2

cd /usr/local
mkdir trac
cd trac
mkdir MyRepoName
trac-admin MyRepoName initenv
chown -R www /usr/local/trac


Installing mod_python

cd /usr/ports/www/mod_python3
make install clean


To configure mod_python for trac I followed steps from TracModPython

vi /usr/local/etc/apache22/httpd.conf
LoadModule python_module libexec/apache22/mod_python.so
PythonOption mod_python.mutex_directory "/tmp"
PythonOption mod_python.mutex_locks 8


Configure trac with the same access as that given to the svn repository in Setting up a Subversion Server on FreeBSD 6.2

vi /usr/local/etc/apache22/Includes/trac.conf

SetHandler mod_python
PythonHandler trac.web.modpython_frontend
PythonOption TracEnv /usr/local/trac/MyRepoName
PythonOption TracUriRoot /trac/MyRepoName
AuthType Basic
AuthName "trac access"
AuthUserFile /usr/local/svn-repositories/conf/htpasswd
Require valid-user
SSLRequireSSL


apachectl graceful

https://192.168.0.100/trac/MyRepoName
Accept the certificate and enter your username and password, you should now see your trac site.

Setting up a Subversion Server on FreeBSD 6.2

I wanted the svn server to only be accessed through SSL and with some form of basic authentication.


Install FreeBSD to a VPC or a machine and login as root or a user in the wheel group and become su.
If your not sitting at the machine or your running in a vpc id recommend downloading PuTTY and using a ssh session to your FreeBSD machine.
Configure system
edit /etc/hosts file after the 127 loopback I added this, it is required for starting apache, needs to be able to resolve its dns
vi /etc/hosts
192.168.0.100 svn
Get the ports tree to the machine:
portsnap fetch
portsnap extract
Install OpenSSL
cd /usr/ports/security/openssl
make install clean
Install Apache
cd /usr/ports/www/apache22
make install clean
Configure Apache
add accf_http_load="YES" to loader.conf
vi /boot/loader.conf
accf_http_load="YES"
Configure SSL keys
cd /usr/local/etc/apache22
mkdir ssl.key
mkdir ssl.crt
/usr/local/bin/openssl req -new -x509 -days 365 -keyout ./ssl.key/server.key -out ./ssl.crt/server.crt -subj '/CN=Test-Only Certificate'
cp ./ssl.crt/server.crt server.crt
/usr/local/bin/openssl rsa -in ssl.key/server.key -out server.key
cp /usr/local/etc/apache22/extra/httpd-ssl.conf /usr/local/etc/apache22/Includes
Launch Apache at system startup
cp /usr/local/etc/rc.d/apache22 /usr/local/etc/rc.d/apache22.sh
vi /etc/rc.conf
Add apache22_enable="YES" to the end of the file.
Start up the apache server
/usr/local/sbin/apachectl start
Browse to your computer through http and https, you should see the It Works! page on both.
Install Subversion with mod_dav_svn, apache2 support and without Berkeley DB support
cd /usr/ports/devel/subversion
make -DWITH_MOD_DAV_SVN -DWITHOUT_BDB -DWITH_APACHE2_APR
make install clean
Setup a Subversion Repository
cd /usr/local
mkdir svn-repositories
cd svn-repositories
mkdir repos
cd repos
mkdir MyRepoName
/usr/local/bin/svnadmin create MyRepoName
Setup the auth file for access to the repository
cd /usr/local/svn-repositories
mkdir conf
cd conf
htpasswd -c -m -b htpasswd user1 pass1
htpasswd -m -b htpasswd user2 pass2
htpasswd -m -b htpasswd user3 pass3
etc. You get the idea
Change the owner of the svn-repositories directory to nobody
chown -R nobody /usr/local/svn-repositories
Add a location to your apache conf file to point to the Subversion Repository Directory, using SVNParentPath lets you create as many repositories as you would like in that path and they are all configured with the same settings in the apache conf.
vi /usr/local/etc/apache22/Includes/svn.conf

DAV svn
SVNParentPath /usr/local/svn-repositories/repos
AuthType Basic
AuthName "Subversion repository"
AuthUserFile /usr/local/svn-repositories/conf/htpasswd
Require valid-user
SSLRequireSSL

/usr/local/sbin/apachectl restart
Browse to https://192.168.0.100/svn/MyRepoName
Accept the certificate and enter your username and password, you should now have a working subversion server.
To ensure you are using the most current OpenSSL library you can check the version you are running in Apache by doing the following:

/usr/local/bin/openssl s_client -connect 192.168.0.100:443
[Enter]
GET / HTTP/1.0
[Enter]
[Enter]
The results should look similar to the following:
HTTP/1.1 200 OK
Date: Tue, 03 Apr 2007 12:07:18 GMT
Server: Apache/2.2.4 (FreeBSD) mod_ssl/2.2.4 OpenSSL/0.9.8e DAV/2 SVN/1.4.3
Last-Modified: Sat, 20 Nov 2004 20:16:24 GMT
ETag: "c21e-2c-4c23b600"
Accept-Ranges: bytes
Content-Length: 44
Connection: close
Content-Type: text/html



That is it for now on this topic, if anyone has corrections or opinions on how to improve this mini guide please leave them.


References:
Custom-Compiling Apache and Subversion
Using Subversion for Collaborative Development

FreeBSD Ports Collection, getting and keeping them up to date

To get the port tree for the first time:

portsnap fetch
portsnap extract

you will now have the ports tree at /usr/ports

To update the ports tree:

portsnap fetch
portsnap update


Typical install of a port

cd /usr/local/security/openssl
make install clean


Uninstall a port

cd /usr/local/security/openssl
make deinstall


The portmanager utility allows you to keep your installed ports up to date:

cd /usr/ports/ports-mgmt/portmanager
make install


To see if any installed ports are out of date:

portmanager -s

To upgrade all installed ports convient for those of us who would rather just have the system brought up to date without much ado:

portmanager -u

Interesting tidbit from the portmanager manual, portmanager comes with a pretty impressive safety net:

With the normal "make install clean" method of adding ports there is a critical step, after a port is made, the old port must be deinstalled then the new port installed in its place. If for some reason the new port fails to install you are left with neither your old port, nor the new one. It is for this reason portmanager makes a package from your old port before removing it, and if the new port fails to install correctly portmanager will reinstall your old port from that package.

Even if you out of portmanager at the crucial moment between removal of the old port and installation of the new port portmanager may still install the original from the backup package, this is not guaranteed though, so only at this step it is recommended not to terminate portmanager. Every other point in time it is perfectly safe to abort, , kill, etc., during program operation. Your ports collection will not be harmed!

Of course there are other ways to keep your ports tree in up to date. Here are couple articles on ports I just found from a google search that might prove useful, portupgrade and Ports Tricks.

Searching the ports tree for keywords

cd /usr/ports
make search key=rails more


Leave me a comment if you have any suggestions or know of any better ways to keep your ports collection up to date.

DenyHosts jail sharing rocks

http://Denyhosts.sf.net rocks, or in the FreeBSD ports collection

/usr/ports/security/denyhosts/ (just do make install clean)

It is easy to use this with an multiple jail environment, just make one jail in the same partition(!) the master denyhost.

The jaildisk is /jaildisk1, the FreeBSD denyhosts installed in /jaildisk1/henk/etc/hosts.deniedssh.

Cd to /jaildisk, hardlink with “ln /jaildisk1/henk/etc/hosts.deniedssh /jaildisk1/user2/etc/hosts.deniedssh”

Edit the /etc/hosts.allow off course with adding the entry

sshd : /etc/hosts.deniedssh : deny

on the top somewhere

Note, hard links only works on the same slice in this example /jaildisk1

How to setup 2 IP address on One NIC

command as follows:
# ifconfig lnc0 192.168.1.5 netmask 255.255.255.255 alias

B) You can setup this alias in /etc/rc.conf file by appending following text, so that next time FreeBSD comes up (after restart/shutdown) it will create alias for you:
ifconfig_lnc0_alias0=”192.168.1.5 netmask 255.255.255.255″

C)Restart FreeBSD network service using following script:
# /etc/netstart

D) Display alias and real ip using ifconfig lnc0 command:
# ifconfig lnc0
lnc0: flags=8843 mtu 1500
inet6 fe80::20c:29ff:fe01:ddbd%lnc0 prefixlen 64 scopeid 0×1
inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255
inet 192.168.1.5 netmask 0xffff


Read ifconfig man page.

How-To setup a MySQL replicating cluster

1 - Write down which is the setup you are going to do, which server is master and which server/s will be slave.

2 - Select your username/password for replications accounts. You can have one per server if you want, or one for all the mysql network.

3 - mysql> GRANT REPLICATION SLAVE ON *.*

TO 'USERNAME'@'IPFROMTHESLAVE' IDENTIFIED BY 'PASSWORD';

Username: mysql username
IPfromtheslave: ip from the mysql server that will be the one replicating the master db.
PASSWORD: the password for the replicator account.

Just a few side notes.

a) None of the passwords need to be root passwords.
b) Is not recomend to use only 1 user for replication in all the network.

4) In the master server you need to Flush all the tables, this will prevent clients from writing the db so it will keep without change while we copy over.

mysql> FLUSH TABLES WITH READ LOCK;

5) Make sure that the [mysqld] section of the my.cnf file on the master host includes a log-bin option. The section should also have a server-id=master_id option, where master_id must be a positive integer value from 1 to 232 – 1. For example:

[mysqld]

log-bin=mysql-bin

server-id=1

6) Login using another ssh client to the master server and lets create a snapshot.

mkdir /home/slave_db
rsync -vrplogDtH /var/lib/mysql /home/slave_db

You may not want to replicate the mysql database if the slave server has a different set of user accounts from those that exist on the master. In this case, you should exclude it from the archive. When the rsync is finish, just login inside mysql and type:

SHOW MASTER STATUS;

Save this info in a txt file inside the slave_db folder that we will use them laster. After you finish doing this, you can reenable the activity on the master: UNLOCK TABLES;

7) Stop the server that is to be used as a slave server and add the following to its my.cnf file:

[mysqld]

server-id=slave_id

The slave_id value, like the master_id value, must be a positive integer value from 1 to 232 – 1. In addition, it is very important that the ID of the slave be different from the ID of the master. For example:

[mysqld]

server-id=2

Remember that server-id must be unique in all the mysql network.

8) Copy the files over from the slave_db folder to the remote location. You can do this doing the following command:

rsync -e ssh -avz /home/slave_db/ root@REMOTESERVER:/var/lib/mysql

Check that all the permitions and correctly in the /var/lib/mysql folder.Remember files must be own by mysql:mysql



9) Start Mysql and enter to it, write the following changing the values that are needed:

mysql> CHANGE MASTER TO

-> MASTER_HOST='master_host_name',

-> MASTER_USER='replication_user_name',

-> MASTER_PASSWORD='replication_password',

-> MASTER_LOG_FILE='recorded_log_file_name',

-> MASTER_LOG_POS=recorded_log_position;
10) type: START SLAVE;

##########
In a mysql shell (as root@unix and root@mysql):

mysql> flush tables with read lock;
mysql> flush logs;
mysql> system lvcreate --snapshot –-size=500M --name=backup /dev/vg01/mysql;
mysql> unlock tables;

Then back in shell land (as root@unix):

$ mount -o ro /dev/vg01/backup /mnt/tmp
$ cd /mnt/tmp/
$ tar czf backup-`date +%Y%m%d`.tgz mysql
$ umount /mnt/tmp
$ lvremove -f /dev/vg01/backup

#######
root@u-1:/home/u-1# mysql -u root mysql
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 1 to server version: 3.23.47
Type 'help;' or 'h' for help. Type 'c' to clear the buffer.
mysql> SET PASSWORD FOR root@localhost=PASSWORD('rubberchicken');
Query OK, 0 rows affected (0.06 sec)
mysql>

In this example, we set the root password to rubberchicken. Note from the above that the password wasn't set. If we try this again, we need to use the -p option to enter the password:

root@u-1:/home/u-1# mysql -u root mysql
ERROR 1045: Access denied for user: 'root@localhost' (Using password: NO)
root@u-1:/home/u-1# mysql -u root -p mysql
Enter password:
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 3 to server version: 3.23.47
Type 'help;' or 'h' for help. Type 'c' to clear the buffer.
mysql>

To reset a root password that you forgot (using paths on our system):

[root@host root]#killall mysqld
[root@host root]#/usr/libexec/mysqld -Sg --user=root &

You may have better luck with:

mysqld --skip-grant-tables --user=root

Go back into MySQL with the client:

[root@host root]# mysql
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 1 to server version: 3.23.41
Type 'help;' or 'h' for help. Type 'c' to clear the buffer.
mysql> USE mysql
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> UPDATE user
-> SET password=password("newpassword")
-> WHERE user="root";
Query OK, 2 rows affected (0.04 sec)
Rows matched: 2 Changed: 2 Warnings: 0
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)
mysql> exit;
[root@host root]#killall mysqld
Start MySQL the normal way for your system, and all is good. For Red Hat this is:

/etc/init.d/mysqld start
##
/usr/local/bin/mysqladmin -u root password 'new-password'

HOW TO: Secure and Optimize your VPS

SECURING CPANEL - WHM - AND ROOT on a VPS

This will help but as mentioned in previous posts, with a VPS you do not have access to your kernal. That is good in some ways, because if you don't have access to it, neither to hackers or spammers (which limits what they can do). Its bad in ways, because you lose control and if you secure your box as much as possible, you are still at risk because you cannot control your kernal.

At any rate, here are some helpful hints

=========================================
Checking for formmail
=========================================

Form mail is used by hackers to send out spam email, by relay and injection methods. If you are using matts script or a version of it, you may be in jeopardy.


Command to find pesky form mails:
find / -name "[Ff]orm[mM]ai*"

CGIemail is also a security risk:
find / -name "[Cc]giemai*"

Command to disable form mails:
chmod a-rwx /path/to/filename
(a-rwx translates to all types, no read, write or execute permissions).

(this disables all form mail)

If a client or someone on your vps installs form mail, you will have to let them know you are disabling their script and give them an alternative.


=========================================
Root kit checker - http://www.chkrootkit.org/
=========================================

Check for root kits and even set a root kit on a cron job. This will show you if anyone has compromised your root. Always update chrootkit to get the latest root kit checker. Hackers and spammers will try to find insecure upload forms on your box and then with injection methods, try to upload the root kit on your server. If he can run it, it will modify *alot* of files, possibly causing you to have to reinstall.


To install chrootkit, SSH into server and login as root.
At command prompt type:

cd /root/
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar xvzf chkrootkit.tar.gz
cd chkrootkit-0.44
make sense


To run chkrootkit

At command prompt type:
/root/chkrootkit-0.44/chkrootkit

Make sure you run it on a regular basis, perhaps including it in a cron job.

Execution

I use these three commands the most.
./chkrootkit
./chkrootkit -q
./chkrootkit -x | more


=========================================
Install a root breach DETECTOR and EMAIL WARNING
=========================================

If someone does happen to get root, be warned quickly by installing a detector and warning at your box. You will at least get the hackers/spammers ip address and be warned someone is in there.


Server e-mail everytime someone logs in as root

To have the server e-mail you everytime someone logs in as root, SSH into server and login as root.


At command prompt type:
pico .bash_profile

Scroll down to the end of the file and add the following line:

echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | awk '{print $6}'`" your@email.com

Save and exit.


Set an SSH Legal Message

To an SSH legal message, SSH into server and login as root.

At command prompt type:
pico /etc/motd

Enter your message, save and exit.
Note: I use the following message...

ALERT! You are entering a secured area! Your IP and login information
have been recorded. System administration has been notified.
This system is restricted to authorized access only. All activities on
this system are recorded and logged. Unauthorized access will be fully
investigated and reported to the appropriate law enforcement agencies.



=========================================
Web Host manager and CPANEL mods.
=========================================

These are items inside of WHM/Cpanel that should be changed to secure your server.

Goto Server Setup =>> Tweak Settings
Check the following items...

Under Domains
Prevent users from parking/adding on common internet domains. (ie hotmail.com, aol.com)

Under Mail
Attempt to prevent pop3 connection floods
Default catch-all/default address behavior for new accounts - blackhole
(according to ELIX - set this to FAIL, which is what I am going to do to reduce server load)

Under System
Use jailshell as the default shell for all new accounts and modified accounts

Goto Server Setup =>> Tweak Security
Enable php open_basedir Protection
Enable mod_userdir Protection
Disabled Compilers for unprivileged users.

Goto Server Setup =>> Manage Wheel Group Users
Remove all users except for root and your main account from the wheel group.

Goto Server Setup =>> Shell Fork Bomb Protection
Enable Shell Fork Bomb/Memory Protection

When setting up Feature Limits for resellers in Resellers =>> Reseller Center, under Privileges always disable Allow Creation of Packages with Shell Access and enable Never allow creation of accounts with shell access; under Root Access disable All Features.

Goto Service Configuration =>> FTP Configuration
Disable Anonymous FTP

Goto Account Functions =>> Manage Shell Access
Disable Shell Access for all users (except yourself)

Goto Mysql =>> MySQL Root Password
Change root password for MySQL

Goto Security and run Quick Security Scan and Scan for Trojan Horses often. The following and similar items are not Trojans:
/sbin/depmod
/sbin/insmod
/sbin/insmod.static
/sbin/modinfo
/sbin/modprobe
/sbin/rmmod

=========================================
More Security Measures
=========================================

These are measures that can be taken to secure your server, with SSH access.

Update OS, Apache and CPanel to the latest stable versions.
This can be done from WHM/CPanel.


Restrict SSH Access
To restrict and secure SSH access, bind sshd to a single IP that is different than the main IP to the server, and on a different port than port 22.

SSH into server and login as root.
Note: You can download Putty by Clicking Here (http://www.chiark.greenend.org.uk/~s.../download.html). It's a clean running application that will not require installation on Windows-boxes.

At command prompt type:
pico /etc/ssh/sshd_config

Scroll down to the section of the file that looks like this:
#Port 22
#Protocol 2, 1
#ListenAddress 0.0.0.0
#ListenAddress ::

Uncomment and change
#Port 22
to look like
Port 5678 (choose your own 4 to 5 digit port number (49151 is the highest port number AND do not use 5678 lol )

Uncomment and change
#Protocol 2, 1
to look like
Protocol 2

Uncomment and change
#ListenAddress 0.0.0.0
to look like
ListenAddress 123.123.123.15 (use one of your own IP Addresses that has been assigned to your server)

Note 1: If you would like to disable direct Root Login, scroll down until you find
#PermitRootLogin yes
and uncomment it and make it look like
PermitRootLogin no

Save by pressing Ctrl o on your keyboard, and then exit by pressing Ctrl x on your keyboard.


Note 2: You can also create a custome nameserver specifically for your new SSH IP address. Just create one called something like ssh.xyz.com or whatever. Be sure to add an A address to your zone file for the new nameserver.

Now restart SSH
At command prompt type:
/etc/rc.d/init.d/sshd restart

Exit out of SSH, and then re-login to SSH using the new IP or nameserver, and the new port.

Note: If you should have any problems, just Telnet into your server, fix the problem, then SSH in again. Telnet is a very unsecure protocol, so change your root password after you use it.

After SSH has been redirected, disable telnet.

Disable Telnet
To disable telnet, SSH into server and login as root.
At command prompt type: pico -w /etc/xinetd.d/telnet
change disable = no to disable = yes
Save and Exit
At command prompt type: /etc/init.d/xinetd restart


Disable Shell Accounts
To disable any shell accounts hosted on your server SSH into server and login as root.
At command prompt type: locate shell.php
Also check for:
locate irc
locate eggdrop
locate bnc
locate BNC
locate ptlink
locate BitchX
locate guardservices
locate psyBNC
locate .rhosts

Note: There will be several listings that will be OS/CPanel related. Examples are
/home/cpapachebuild/buildapache/php-4.3.1/ext/ircg
/usr/local/cpanel/etc/sym/eggdrop.sym
/usr/local/cpanel/etc/sym/bnc.sym
/usr/local/cpanel/etc/sym/psyBNC.sym
/usr/local/cpanel/etc/sym/ptlink.sym
/usr/lib/libncurses.so
/usr/lib/libncurses.a
etc.


Disable identification output for Apache

(do this to hide version numbers from potentional hackers)

To disable the version output for proftp, SSH into server and login as root.
At command prompt type: pico /etc/httpd/conf/httpd.conf

Scroll (way) down and change the following line to
ServerSignature Off

Restart Apache
At command prompt type: /etc/rc.d/init.d/httpd restart



=========================================
Install BFD (Brute Force Detection - optional)
=========================================

To install BFD, SSH into server and login as root.

At command prompt type:
cd /root/
wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz
tar -xvzf bfd-current.tar.gz
cd bfd-0.4
./install.sh

After BFD has been installed, you need to edit the configuration file.

At command prompt type:
pico /usr/local/bfd/conf.bfd

Under Enable brute force hack attempt alerts:
Find
ALERT_USR="0"
and change it to
ALERT_USR="1"

Find
EMAIL_USR="root"
and change it to
EMAIL_USR="your@email.com"

Save the changes then exit.

To start BFD

At command prompt type:
/usr/local/sbin/bfd -s


Modify LogWatch
Logwatch is a customizable log analysis system. It parses through your system's logs for a given period of time and creates a report analyzing areas that you specify, in as much detail as you require. Logwatch is already installed on most CPanel servers.

To modify LogWatch, SSH into server and login as root.

At command prompt type:
pico -w /etc/log.d/conf/logwatch.conf

Scroll down to
MailTo = root
and change to
Mailto = your@email.com
Note: Set the e-mail address to an offsite account incase you get hacked.

Now scroll down to
Detail = Low
Change that to Medium, or High...
Detail = 5 or Detail = 10
Note: High will give you more detailed logs with all actions.

Save and exit.

A number of suggestions to improve system security. Some of this is specific to CPanel, but much can be applied to most Linux systems.
--------------------------------------------------
Use The Latest Software
Keep the OS and 3rd party software up to date. Always!
CPanel itself can be updated from the root WHM.
--------------------------------------------------
Change Passwords
Change the root passwords at least once a month and try to make them hard to guess. Yes it's a pain to have to keep remembering them, but it's better than being hacked.

--------------------------------------------------
Set Up A More Secure SSH Environment As described here.
--------------------------------------------------
Disable Telnet
1. Type: pico -w /etc/xinetd.d/telnet
2. Change the disable = no line to disable = yes.
3. Hit CTRL+X press y and then enter to save the file.
4. Restart xinted with: /etc/rc.d/init.d/xinetd restart
Also, add the following line to /etc/deny.hosts to flag Telnet access attempts as 'emergency' messages.

in.telnetd : ALL : severity emerg

--------------------------------------------------
Disable Unnecessary Ports (optional)
First backup the file that contains your list of ports with:
cp /etc/services /etc/services.original
Now configure /etc/services so that it only has the ports you need in it. This will match the ports enabled in your firewall.
On a typical CPanel system it would look something like this:
tcpmux 1/tcp # TCP port service multiplexer
echo 7/tcp
echo 7/udp
ftp-data 20/tcp
ftp 21/tcp
ssh 22/tcp # SSH Remote Login Protocol
smtp 25/tcp mail
domain 53/tcp # name-domain server
domain 53/udp
http 80/tcp www www-http # WorldWideWeb HTTP
pop3 110/tcp pop-3 # POP version 3
imap 143/tcp imap2 # Interim Mail Access Proto v2
https 443/tcp # MCom
smtps 465/tcp # SMTP over SSL (TLS)
syslog 514/udp
rndc 953/tcp # rndc control sockets (BIND 9)
rndc 953/udp # rndc control sockets (BIND 9)
imaps 993/tcp # IMAP over SSL
pop3s 995/tcp # POP-3 over SSL
cpanel 2082/tcp
cpanels 2083/tcp
whm 2086/tcp
whms 2087/tcp
webmail 2095/tcp
webmails 2096/tcp
mysql 3306/tcp # MySQL
?>
Additional ports are controlled by /etc/rpc. These aren't generally needed, so get shot of that file with: mv /etc/rpc /etc/rpc-moved
--------------------------------------------------
Watch The Logs
Install something like logwatch to keep an eye on your system logs. This will extract anything 'interesting' from the logs and e-mail to you on a daily basis.
Logwatch can be found at: http://www.logwatch.org
Install instructions here.
--------------------------------------------------
Avoid CPanel Demo Mode
Switch it off via WHM Account Functions => Disable or Enable Demo Mode.
--------------------------------------------------
Jail All Users
Via WHM Account Functions => Manage Shell Access => Jail All Users.
Better still never allow shell access to anyone - no exceptions.
--------------------------------------------------
Immediate Notification Of Specific Attackers
If you need immediate notification of a specific attacker (TCPWrapped services only), add the following to /etc/hosts.deny

ALL : nnn.nnn.nnn.nnn : spawn /bin/ 'date' %c %d | mail -s"Access attempt by nnn.nnn.nnn.nnn on for hostname" notify@mydomain.com
Replacing nnn.nnn.nnn.nnn with the attacker's IP address.
Replacing hostname with your hostname.
Replacing notify@mydomain.com with your e-mail address.
This will deny access to the attacker and e-mail the sysadmin about the access attempt.
--------------------------------------------------
Check Open Ports
From time to time it's worth checking which ports are open to the outside world. This can be done with:
nmap -sT -O localhost
If nmap isn't installed, it can be selected from root WHM's Install an RPM option.
--------------------------------------------------
Set The MySQL Root Password
This can be done in CPanel from the root WHM Server Setup -> Set MySQL Root Password.
Make it different to your root password!
--------------------------------------------------
Tweak Security (CPanel)
From the root WHM, Server Setup -> Tweak Security, you will most likely want to enable:
- php open_basedir Tweak.
- SMTP tweak.
You may want to enable:
- mod_userdir Tweak. But that will disable domain preview.
--------------------------------------------------
Use SuExec (CPanel)
From root WHM, Server Setup -> Enable/Disable SuExec. This is CPanel's decription of what it does:
"suexec allows cgi scripts to run with the user's id. It will also make it easier to track which user has sent out an email. If suexec is not enabled, all cgi scripts will run as nobody. "
Even if you don't use phpsuexec (which often causes more problems), SuExec should be considered.
--------------------------------------------------
Use PHPSuExec (CPanel)
This needs to built into Apache (Software -> Update Apache from the root WHM) and does the same as SuExec but for PHP scripts.
Wisth PHPSuExec enabled, you users will have to make sure that all their PHP files have permissions no greater than 0755 and that their htaccess files contain no PHP directives.
--------------------------------------------------
Disable Compilers
This will prevent hackers from compiling worms, root kits and the like on your machine.
To disable them, do the following:

chmod 000 /usr/bin/perlcc
chmod 000 /usr/bin/byacc
chmod 000 /usr/bin/yacc
chmod 000 /usr/bin/bcc
chmod 000 /usr/bin/kgcc
chmod 000 /usr/bin/cc
chmod 000 /usr/bin/gcc
chmod 000 /usr/bin/i386*cc
chmod 000 /usr/bin/*c++
chmod 000 /usr/bin/*g++
chmod 000 /usr/lib/bcc /usr/lib/bcc/bcc-cc1
chmod 000 /usr/i386-glibc21-linux/lib/gcc-lib/i386-redhat-linux/2.96/cc1

You will need to enable them again when you need to perform system updates. To do this, run:

chmod 755 /usr/bin/perlcc
chmod 755 /usr/bin/byacc
chmod 755 /usr/bin/yacc
chmod 755 /usr/bin/bcc
chmod 755 /usr/bin/kgcc
chmod 755 /usr/bin/cc
chmod 755 /usr/bin/gcc
chmod 755 /usr/bin/i386*cc
chmod 755 /usr/bin/*c++
chmod 755 /usr/bin/*g++
chmod 755 /usr/lib/bcc /usr/lib/bcc/bcc-cc1
chmod 755 /usr/i386-glibc21-linux/lib/gcc-lib/i386-redhat-linux/2.96/cc1

--------------------------------------------------
Obfuscate The Apache Version Number
1. Type: pico /etc/httpd/conf/httpd.conf
2. Change the line that begins ServerSignature to:

ServerSignature Off

3. Add a line underneath that which reads:

ServerTokens ProductOnly

4. Hit CTRL+X, they y, the enter to save the file.
5. Restart Apache with: /etc/rc.d/init.d/httpd restart
--------------------

COMMON COMMANDS I USE
System Information
who
List the users logged in on the machine. --

rwho -a
List all users logged in on your network. The rwho service must be enabled for this command to work.

finger user_name
System info about a user. Try: finger root last. This lists the users last logged-in on your system.

history | more
Show the last (1000 or so) commands executed from the command line on the current account. The | more causes the display to stop after each screen fill.

pwd
Print working directory, i.e. display the name of your current directory on the screen.

hostname
Print the name of the local host (the machine on which you are working).

whoami
Print your login name.

id username
Print user id (uid) and his/her group id (gid), effective id (if different than the real id) and the supplementary groups.

date
Print or change the operating system date and time. E.g., change the date and time to 2000-12-31 23:57 using this command

date 123123572000
To set the hardware clock from the system clock, use the command (as root)
setclock

time
Determine the amount of time that it takes for a process to complete+ other info. Don’t confuse it with date command. For e.g. we can find out how long it takes to display a directory content using time ls

uptime
Amount of time since the last reboot

ps
List the processes that are have been run by the current user.

ps aux | more
List all the processes currently running, even those without the controlling terminal, together with the name of the user that owns each process.

top
Keep listing the currently running processes, sorted by cpu usage (top users first).

uname -a
Info on your server.

free
Memory info (in kilobytes).

df -h
Print disk info about all the file systems in a human-readable form.

du / -bh | more
Print detailed disk usage for each subdirectory starting at root (in a human readable form).

lsmod
(as root. Use /sbin/lsmod to execute this command when you are a non-root user.) Show the kernel modules currently loaded.

set|more
Show the current user environment.

echo $PATH
Show the content of the environment variable PATH. This command can be used to show other environment variables as well. Use set to see the full environment.

dmesg | less
Print kernel messages (the current content of the so-called kernel ring buffer). Press q to quit less. Use less /var/log/dmesg to see what dmesg dumped into the file right after bootup. - only works on dedciated systems

Commands for Process control
ps
Display the list of currently running processes with their process IDs (PID) numbers. Use ps aux to see all processes currently running on your system (also those of other users or without a controlling terminal),
each with the name of the owner. Use top to keep listing the processes currently running.

fg
PID Bring a background or stopped process to the foreground.

bg
PID Send the process to the background. This is the opposite of fg. The same can be accomplished with Ctrl z

any_command &
Run any command in the background (the symbol ‘&’ means run the command in the background?).

kill PID
Force a process shutdown. First determine the PID of the process to kill using ps.

killall -9 program_name
Kill program(s) by name.

xkill
(in an xwindow terminal) Kill a GUI-based program with mouse. (Point with your mouse cursor at the window of the process you want to kill and click.)

lpc
(as root) Check and control the printer(s). Type ??? to see the list of available commands.

lpq
Show the content of the printer queue.

lprm job_number
Remove a printing job job_number from the queue.

nice program_name
Run program_name adjusting its priority. Since the priority is not specified in this example, it will be adjusted by 10 (the process will run slower), from the default value (usually 0). The lower the number (of niceness to other users on the system), the higher the priority. The priority value may be in the range -20 to 19. Only root may specify negative values. Use top to display the priorities of the running processes.

renice -1 PID
(as root) Change the priority of a running process to -1. Normal users can only adjust processes they own, and only up from the current value (make them run slower).


Optimizing your VPS server (help it run more efficiently)



Quote:
Originally Posted by elix
VPSes are really hard to use with the memory restrictions and CPU limitations...but with some optimization they can definitely serve your websites fast!

MySQL Optimization
Here are my suggested settings for the my.cnf file. This should work well for a VPS with 256-512MB RAM.

Code:

[mysqld]
max_connections = 400
key_buffer = 16M
myisam_sort_buffer_size = 32M
join_buffer_size = 1M
read_buffer_size = 1M
sort_buffer_size = 2M
table_cache = 1024
thread_cache_size = 286
interactive_timeout = 25
wait_timeout = 1000
connect_timeout = 10
max_allowed_packet = 16M
max_connect_errors = 10
query_cache_limit = 1M
query_cache_size = 16M
query_cache_type = 1
tmp_table_size = 16M
skip-innodb

[mysqld_safe]
open_files_limit = 8192

[mysqldump]
quick
max_allowed_packet = 16M

[myisamchk]
key_buffer = 32M
sort_buffer = 32M
read_buffer = 16M
write_buffer = 16MIn order to make things even faster, you can customize these settings specifically for your VPSs' usage. There's a great howto on InterWorx's forum for this --> http://www.interworx.com/forums/showthread.php?p=2346

Lastly, I recommend installing mytop to help you monitor your usage...

Code:
wget http://dll.elix.us/mytop-1.4.tar.gz
tar -zxvf mytop-1.4.tar.gz
cd mytop-1.4
perl Makefile.PL
make
make test
make installOnce that's done, just enter in "mytop" .

PHP & Apache Optimization
I strongly recommend installing eAccelerator. There's an easy to follow howto here: http://forum.ev1servers.net/showthre...t=eaccelerator. If you use the default cache dir for eAccelerator (/tmp/eaccelerator) make sure you check it reguarily and clean it every once and a while. (it can really get quite large from my experience)

For httpd.conf I suggest:
Timeout 200
KeepAlive On
maxKeepAliveRequests 100
KeepAliveTimeout 3
MinSpareServers 10
MaxSpareServers 20
StartServers 15
MaxClients 250
MaxRequestsPerChild 0
HostnameLookups Off

You can use ab to benchmark your Apache before and after you make changes.

ab -c 5 -n 20 somephpbasedsiteonyourserver.com/file.php

I suggest doing 2 or 3 tests like that to get an average.

If you want to check the Apache error log, try this -->
cat /usr/local/apache/logs/error_log

Monitoring Usage
On a Virtuozzo VPS you can use cat /proc/usr_beancounters to output your usage of the VZ parameters. You should pay most attention to oomguarpages and privmpages. (although anything with a failure is generally bad)

You can find the amount of connections to Apache with this command:
netstat -nt | grep :80 | wc -l

To find the amount of Apache processes use this command:
ps -A | grep httpd | wc -l (this will show the process count)
ps -aux | grep httpd (this will show the actual processes)

To find the amount of MySQL processes use this command:
ps -A | grep mysql | wc -l (this will show the process count)
ps -aux | grep mysql (this will show the actual processes)

Just simply using top (standard view) or top -c (will show the actual command being used and/or location of each process as opposed to just the name) can help you monitor your VPS usage very wel.

To see your disk space usage, try using this command --> df -h

Mitigating (D)DOS
If you're being DDOS'd or DOS'd you can use this command:
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

That will help you see how many connections each IP address has in total to your server.

There's a very decent script you can use to automate the banning of IP addresses available here --> http://forums.deftechgroup.com/showthread.php?t=825

Although I haven't tried it myself, I suggest you take a look at Scrutinizer as well which sounds very useful --> http://www.solutix.ch/cgi-bin/index.pl

Spam Assassin
Spam Assassin can take up a lot of memory and make it really hard to host just a few sites on a VPS, but there is a way around this...

Login to WHM as root, scroll down to "cPanel 10.8.1-R15" (it may be slightly different depending on what version you are using) then goto "Addon Modules" and install "spamdconf". Once it's done, refresh the WHM page, scroll down to "Add-ons" on the nav bar and then click on 'Setup Spamd Startup Configuration". Set "Maximum Children" to "2". Then hit Submit. Wait a few seconds (15-30, but usually less) for exim to restart and you're done .

cPanel Tweak Setings
Login to WHM as root, and under "Server Configuration" on the nav bar hit "Tweak Settings".

Here are some suggested settings:
Default catch-all/default address behavior for new accounts. fail will generally save the most CPU time.
- Use "FAIL". If you already have some accounts setup not to use "FAIL" (by default it will not) then run this command to convert to FAIL from BLACKHOLE --> perl -pi -e "s/:blackhole:/:fail:/g;" /etc/valiases/*

Mailman
- Mailman tends to use a lot of resources, so if you don't need cpanel mailing lists then uncheck this.

Number of minutes between mail server queue runs (default is 60).:
- You may want to set this to 180 to reduce load.

Track the origin of messages sent though the mail server by adding the X-Source headers (exim 4.34+ required)
- This is just generally a good idea. So check this.

Analog Stats
- I find this useless, so uncheck this. If you want to delete the existing analog stats files just run this command --> rm -rf /home/*/tmp/analog/*

Awstats Reverse Dns Resolution
- Make sure this is unchecked, I find it pretty much useless for most users.

Awstats Stats
- You can check this if you need a robust stats software that integrates with cPanel, if you don't need it, then don't check it. *Note most hosting clients will want to use this. If you want to delete the existing awstats stats files just run this command --> rm -rf /home/*/tmp/awstats/*

Webalizer Stats
- Not many hosting clients will want to use this so, you can uncheck this to reduce load. If you want to delete the existing webalizer stats files just run this command --> rm -rf /home/*/tmp/webalizer/*

Delete each domain's access logs after stats run
- Make sure this is checked, otherwise disk space usage can really rack up!

That's about it for now, I may do some more later....

Hope it helps!

gmirror – Software RAID 1

Boot from a FreeBSD CD and choose "Fix-it" mode

chroot /dist

mount_devfs devfs /dev

gmirror clear /dev/ad4

gmirror clear /dev/ad6

gmirror load

gmirror label -v -b load gm0 /dev/ad4

mount /dev/mirror/gm0s2a /mnt

echo geom_mirror_load="YES" >> /mnt/boot/loader.conf

echo swapoff="YES" >> /mnt/etc/rc.conf

sed "s%ad4%mirror/gm0%" /mnt/etc/fstab > /mnt/etc/fstab.new

mv /mnt/etc/fstab /mnt/etc/fstab.old

mv /mnt/etc/fstab.new /mnt/etc/fstab

gmirror insert gm0 /dev/ad6



See:
http://freebsdwiki.net/index.php/RAID1,_Software,_How_to_setup

gmirror list

Sudo, configuring

First, install sudo. su to root and go to /usr/ports and then find out where the port is:

[dave]@deus ~ % sudo
-bash: sudo: command not found
[dave]@deus ~ % su -
Password:
[root]@deus ~ # cd /usr/ports && make search name=sudo
Port: sudo-1.6.7.5
Path: /usr/ports/security/sudo
Info: Allow others to run commands as root
Maint: mharo@FreeBSD.org
B-deps:
R-deps:

[root]@deus /usr/ports # cd security/sudo
[root]@deus /usr/ports/security/sudo # make install clean
Once it's installed, you'll need to run visudo since there's no other way to edit /etc/sudoers (well, you can use another editor, but it just won't work.)

Note that visudo doesn't actually call the vi editor, just your default editor; if that happens to be vi then it will come up. Otherwise, your regular editor will come up.

/etc/sudoers has one entry in it:

root ALL=ALL(ALL) ALL
which doesn't really explain what those ALLs mean in context; so often a lot of folks will set the sudoers to give ALL=ALL(ALL) ALL to every user they add. That's nice, but you're giving all of root's power away. You might as well give users the root password and save them the hassle of using sudo at all.

The explanation:

sudo-user machine=(effective user rights) command
So, if I want to give Jimbo root access on my server, Pete root on my laptop and Light only to have access to shutdown on all my machines, my sudoers would look like:

root ALL=ALL(ALL) ALL
jimbo ALL=samizdata.mydomain.tld(ALL) ALL
peet ALL=deus(ALL) ALL
light ALL=ALL(ALL) /sbin/shutdown
Finally, if you just want to give yourself root access on your server via sudo with no password, your sudoers might look like:

root ALL=ALL(ALL) ALL
yourself ALL=(ALL) NOPASSWD: ALL
NOTE: remember that setting sudo rights for multiple machines in a single sudoers file is only meaningful if that file is actually shared or distributed across those multiple machines. Simply writing permissions for the machine samizdata on the machine deus isn't going to do anything useful by itself. You would need to copy the file contents over to all the machines that are listed (and then kill -HUP the sudo process, if it's running,) in order to make the changes meaningful.

[edit]Using Aliases to make life easier
You can make groups within the sudoers file so that you don't have to type more than you need to. Follow this format:

User_Alias allows you to define a group of users
Runas_Alias allows you to define the daemon or user the command can run as
Host_Alias allows you to define a group of hosts
Cmnd_Alias allows you to define which commands (full path must be given) are in a group

You can use already existing system groups, but you have to add the prefix % (e.g., %wheel)
As an example, if my /etc/sudoers showed:

User_Alias ADMINS=jimbo
User_Alias DNSADMINS=peet
User_Alias DHCPADMINS=light

Runas_Alias DAEMONS=bind,dhcpd,sshd

Host_Alias NAMESERVERS=ns1.samizdata.mydomain.tld,ns2.samizdata.mydomain.tld
Host_Alias DHCPSERVERS=dhcp.mydomain.tld,dhcp2.mydomain.tld

Cmnd_Alias DNS=/usr/local/sbin/rndc,/usr/local/sbin/bind
Cmnd_Alias DHCP=/usr/local/sbin/dhcpd
at the top, then I could add these lines to the bottom:

ADMINS ALL=(ALL) DNS,DHCP
DNSADMINS NAMESERVERS=(DAEMONS) DNS
DHCPADMINS DHCPSERVERS=(DAEMONS) DHCP
Note that there are no spaces between the users and commas, likewise, servers and commands only have a comma seperating them -- no spaces. This would essentially give jimbo rights to do root-priviledge stuff with any server, as any daemon, but only using the commands that DNS and DHCP specify; peet would only get root access to NAMESERVERS, only run as the DAEMONS, and only use the commands in DNS. Light would only get root access to DHCPSERVERS, run as DAEMONS and only be able to run /usr/local/sbin/dhcpd.

This is ideal if you have a) a lot of servers and/or b) a lot of admins with specific functions, that don't need complete access to the machine, but do need some sort of administrative rights on it.

Retrieved from "http://freebsdwiki.net/index.php/Sudo%2C_configuring"

Tripwire on FreeBSD

# Tripwire v2.4.0.1 http://sourceforge.net/projects/tripwire

# Install Tripwire
cd /usr/ports/security/tripwire
make install clean
# Answer questions and set various passwords (remember these passwords) when prompted.


# Setup email addresses for notification as described here:
# http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-tripwire-update-policy.html#S2-TRIPWIRE-EMAIL
vi /usr/local/etc/tripwire/twpol.txt
# Each place (17 places) you see "severity =" add a comma and a new line after that to get an email, example:
(
rulename = "Networking Programs",
severity = $(SIG_HI),
emailto = johnray@domain.com;bob@domain.com
)

# Update your site policy
/usr/local/sbin/twadmin --create-polfile -S /usr/local/etc/tripwire/site.key /usr/local/etc/tripwire/twpol.txt

# Create a new database
/usr/local/sbin/tripwire --init

# Make sure tripwire runs daily
cp /usr/ports/security/tripwire/work/tripwire-2.4.0.1/contrib/tripwire-check /etc/periodic/daily/998.tripwire-check
chmod +x /etc/periodic/daily/998.tripwire-check

# Run tripwire manually as desired (try it at least once now)
/usr/local/sbin/tripwire --check

# Tripwire Reports (*.twr) are kept here: /var/db/tripwire/report/
# Get a list of your reports
ls /var/db/tripwire/report
# View a report
/usr/local/sbin/twprint -m r --twrfile /var/db/tripwire/report/.twr

# NOTE: After you see your first report, you will want to cleanup tripwire's configuration
# to stop checking for things that don't exist, this means deleting lines in twpol.txt
vi /usr/local/etc/tripwire/twpol.txt
# You will then need to update your policy file and create a new database again
/usr/local/sbin/twadmin --create-polfile -S /usr/local/etc/tripwire/site.key /usr/local/etc/tripwire/twpol.txt
/usr/local/sbin/tripwire --init
# Run tripwire manually again and view the new report to verify your policy is error free


# Guide: http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/ch-tripwire.html

Jail

The main document for creating a jail is man jail. I followed the instructions listed under Setting up a Jail Directory Tree. I used those instructions to create the jail. You will need the full source tree for the system you going to create. I used the /usr/src/ directory I had from my most recent build world.

One step from man jail that I did not follow:

I left sendmail (actually, postfix) running. I just changed it so that it did not listen on all IP addresses. I added this setting to /usr/local/etc/postfix/main.cf:
inet_interfaces = $myhostname
That setting allows the jail to run its own mail server.
I put my jail at /home/jails/ducky/. This is the value I assigned to D in the instructions. After you have installed the jail, if you peek inside that directory, you'll see it looks just like the root directory of a typical FreeBSD system:

[dan@dfc:/home/jails/ducky/] $ ls
COPYRIGHT etc libexec root usr
bin home mnt sbin var
boot kernel proc sys
dev lib rescue tmp
[dan@dfc:/home/jails/ducky/] $

Terminology: host versus jail
The host environment is the main system and is where you first install FreeBSD on the computer. It is in the host environment that you create a jail. The Bacula project will do their testing in the jail. They have access to the jail and only the jail. They will not have access to the host environment at all.

This concept of host environment and jail environment will be used later in this article. It is important that you understand what each one is.

In this example, the host environment will be at IP address 192.168.0.100 and the jail will be at 192.168.0.155.


Modifying other daemons
Most daemons will listen to whatever IP addresses are available to them. After starting your jail, if you try to ssh to it, you will not get into it. You'll be in the host environment instead. To get into the jail environment via ssh, you need to:

Tell the host environment sshd not to listen to the jail's IP address
run sshd in the jail

Host environment syslogd
This entry in /etc/rc.conf tells syslogd to not listen on any IP address.

syslogd_flags="-ss"
That allows syslogd to run in both the host and the jail environments.

Host environment inetd
This entry in /etc/rc.conf tells inetd to listen on a specific IP address. This address is that of the host environment:

inetd_flags="-wW -C 60 -a 192.168.0.100"
You should note that the first part of the above flags is from /etc/defaults/rc.conf:

inetd_flags="-wW -C 60" # Optional flags to inetd
Host environment sshd
To alter the host environment sshd so it listens only to host environment IP addresses, modify /etc/ssh/sshd_config and set the IP address for the Listen directive:
ListenAddress 192.168.0.100
Then restart the main sshd process:
kill -HUP `cat /var/run/sshd.pid`
Use telnet to verify that the host environment is not listening on the jail address:
$ telnet 192.168.0.155 22
Trying 192.168.0.155...
telnet: connect to address 192.168.0.155: Connection refused
telnet: Unable to connect to remote host
If you don't get a connection, the host environment is not listening. This assumes that you have not yet started sshd in the jail environment.
Jail environment sshd
To start sshd in the jail environment, add the following line to /etc/rc.conf:

sshd_enable="YES"
To get DNS working, add something like this to /etc/resolv.conf:

search example.org
nameserver 10.0.0.67
nameserver 10.0.0.98
Jail environment syslogd
In addition, I also swapped console output to /var/log/messages as shown in this snipped from /etc/syslog.conf:

#*.err;kern.warning;auth.notice;mail.crit /dev/console *.err;kern.warning;auth.notice;mail.crit /var/log/messages

Configuring the Jail
Next, you'll want to read the part of the man page titled Configuring the Jail. Included there you will to make the following settings within the jail. I made these changes to the jail directly from the host environment (that is, I did not start the jail; I modified the files from outside). These are things I changed, but I can't point to a man page as to why it's a good thing to do this:

adjkerntz - Not sure about this. I commented out the /etc/crontab entry for adjkerntz within the jail environment. If you don't do this, you'll see this type of notification from cron via email:
adjkerntz[11643]: sysctl(put_wallclock): Operation not permitted
/etc/ssh - I was actually duplicating an existing physical machine into this environment. Therefore, copying over the keys from this directory will avoid "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!" warning messages. If you are creating a new environment, you don't have to worry about this step.


Starting the jail for the first time
From man jail, to start a jail, issue this command:

[root@mtwenty:/home/dan] # jail /home/jails/ducky/ ducky.example.org 192.168.0.155 /bin/sh
#
That prompt (#) indicates you are now in the jail environment. Now you can run the start up processes:
# sh /etc/rc
Loading configuration files.
ducky.example.org
Setting hostname: ducky.example.org.
Generating nsswitch.conf.
Generating host.conf.
Starting syslogd.
ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib
a.out ldconfig path: /usr/lib/aout /usr/lib/compat/aout
Starting local daemons:.
Updating motd.
/etc/rc: WARNING: Setting entropy source to blocking mode.
====================================================
Type a full screenful of random junk to unblock
it and remember to finish with . This will
timeout in 300 seconds, but waiting for
the timeout without typing junk may make the
entropy source deliver predictable output.

Just hit for fast+insecure startup.
====================================================
kern.random.sys.seeded: 1
jalkjlkajdflkajdfl iur opiquv dropuivwaopieuaoijdfl;uiop9^[[12~84718e0r9invpfinadfpisad;ifsda;lsajdfl lk;kasf;kladfs
Generating public/private rsa1 key pair.
Your identification has been saved in /etc/ssh/ssh_host_key.
Your public key has been saved in /etc/ssh/ssh_host_key.pub.
The key fingerprint is:
5c:48:47:4f:e0:c5:a2:ed:71:bc:83:b5:42:3f:95:e4 root@ducky.example.org
Generating public/private dsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_dsa_key.
Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub.
The key fingerprint is:
4d:bb:af:fa:b1:4b:43:cc:47:b6:78:44:ad:4e:ef:1f root@ducky.example.org
Generating public/private rsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.
The key fingerprint is:
9b:b5:26:98:f8:0d:da:bb:2c:57:75:d1:c4:58:52:c1 root@ducky.example.org
Starting sshd.
Starting cron.
Local package initialization:.

Sun Sep 11 17:22:42 EDT 2005
#
For the most part, this looks exactly like a normal startup.

While you have it running, you might want to add a user, set the root password, etc.

I had some problems with ps:

# ps auwx
ps: bad namelist
This usually indicate a kernel that is not in sync with world. To fix this problem, I repeated some of the steps under man 8 jail.

make distribution DESTDIR=$D
mount_devfs devfs $D/dev
cd $D
ln -sf dev/null kernel

In hindsight, I think I missed the mount_devfs step. Symptoms included getting logged in by ssh, but then the screen would freeze. The above steps fixed that problem.


Starting and stopping the jail automagically
With 6.2 comes /etc/rc.d/jail, a startup script for jails. With a bit of fishing in /etc/defaults/rc.conf and some trial and error, I figured out how to use this script. Here are my entries from /etc/rc.conf:

jail_enable="YES"

# Defaults for all jails:
jail_interface="fxp0" # Interface to create the IP alias on
jail_devfs_enable="YES" # mount devfs in the jail
jail_procfs_enable="YES" # mount procfs in jail

# list of jails on this machine
jail_list="ducky"

# values for each jail listed above
jail_ducky_rootdir="/usr/home/jails/ducky" # Jail's root directory
jail_ducky_hostname="ducky.example.org" # Jail's hostname
jail_ducky_ip="192.168.0.155" # Jail's IP number

I could have used jail_ducky_interface, jail_ducky_devfs_enable, and jail_ducky_procfs_enable, but all jail variables, except rootdir, hostname and ip, can be defined without the jail name. Thus, you can set defaults, and then specify only the exception. A fine FreeBSD tradition.


Additional resources
Just after this article appeared on ONLamp, Anthony Nguyen wrote in with these great resources:
FreeBSD Jails by Khairil Yusof, Tom McLaughlin, Radek Kozlowski.
He also mentioned:

Before you even set up a jail if you have already done a build world, you can skip a compiling step. quote "If you have already built world, you can replace make world with make installworld on the fourth line to avoid recompiling everything again."
After you set up your first jail and want more jails, look for the heading "Reusing jails". It clones it.
Starting jail automatically, look at heading "Using system rc scripts to start and stop jails".

--------------------------------------------------------------------------------

Paul Dekkers also wrote in with:

You know you don't need jailtools anymore these days to have rc-scripts and all, don't you? You can just use the right parameters in /etc/rc.conf, like:

jail_enable="YES"
jail_list="milter"

jail_milter_rootdir="/data/jail/milter"
jail_milter_ip="192.87.110.82"
jail_milter_hostname="milter.wind.example.org"
jail_milter_devfs_enable="YES"
#jail_milter_exec="/different/script"

(Which is real example ;-))

Starting and stopping then goes with /etc/rc.d/jail start and I believe you can add the jail name after that. |BTW, I never really needed the security.jail.set_hostname_allowed because I set the hostname in the rc.conf command|

#######################
Try chflags -R noschg old_jail before rm. Some files are protected
with no-touch fags :)

chrooted bind9 within jail

First, make sure the the /etc/namedb is correctly symlinked to
/var/named/etc/namedb. make distribution (part of jail building
process) does _not_ do it rignt.

o Assuming your jail is at /d/jails/myjail, and the hostname is myjail,
now issue

# cd /d/jails/myjail/var/named/dev
# mknod random c 245 0; mknod null c 2 2

o finally, put 2 lines in myjail:/etc/rc.conf
named_enable="YES"
named_chroot_autoupdate="NO"

That's all. I've deployed several 5.3 boxes since the frist day bind
got chrooted, without noticeable problem.

PS, if it's the first time your cute bind9 booting up, run
make-localhost and fix named.conf. there's no 127.0.0.1 within jail ;)

change ip address in redhat

I usually change
/etc/hosts
/etc/sysconfig/network-scripts/ifcfg-eth0 and then reboot
Login to your server (preferably via console or SSH) and switch to the root user
Open network configuration file and update it accordingly.
#root: vi /etc/sysconfig/network-scripts/ifcfg-eth0
Press “i” ( for insert ) and change the file once updated press ESC and save setting with (:w) also you have to change the host name and the default gateway of the machine.
For this you have to edit one more file
#root: vi /etc/sysconfig/network modify the configuration by using the “i” ( insert ) to change your new hostname and gateway information. After completion hit “ ESC ” and save setting using (:w )

Reboot machine using : #root : reboot or restart network by #root: service network restart.

You can now see the new IP address and host name that you had assigned.

How to Succeed Online

The first dot-com boom was a period when the normal laws of business were
temporarily suspended. But the laws of business cannot be suspended for long. They
eventually re-assert themselves. They came back vigorously much like the law of
gravity suddenly re-asserting themselves.

The Schumpeter creative destruction at the end of the last dot.com boom had some
good effects. It created the technical and market infrastructure needed to support this
second, more sustainable dot.com boom. This has created tremendous opportunity for
entrepreneurs.

Like a brick-and-mortar firm, the new dot.com will rise or fall on the fundamentals. In
addition to a solid business plan, a new dot.com needs additional elements to succeed.
This article provides a survey of the basics you need to get started.

Hosting and E-Commerce

Choose a domain name (yourcompany.com) and a hosting company at which to host it.
Your choice of hosting company is important because their reliability and ability to
increase your capacity smoothly as needed are crucially important. Your e-commerce
hosting account is likely to start out as a "shared" hosting (less expensive option) and
later may grow to a "dedicated" server (more capacity but higher price) later, if needed.

However, the good thing about hosting is that if your host turns out to be unreliable or is
unable to scale up to meet your needs, you can always switch hosting companies. Just
make sure that you register the domain name under your name and not theirs from the
beginning.

Decide if the goal of your website will be to capture leads (which can be done through
simple contact forms), which you will then follow-up on later by phone and/or email.
Alternatively, is your goal to make direct sales from your website, in which case you will
need a shopping cart system. Regardless of your goal, you should also provide good
quality content on your website that will capture your prospective customer's interest.

Most hosting companies offer a shopping cart (such as Miva Merchant) with their e-
commerce hosting accounts. Find out which cart they offer, and do some research to
make sure it is a reputable system. Find out how user friendly the system is for non-
technical people to setup and maintain an online store.

In addition to the hosting and shopping cart system, you will need a merchant account
that will enable your business to accept electronic payments (e.g., credit cards). You
may already have a merchant account, especially if you now run a brick-and-mortar
business. For online transactions, you will also need a Payment Gateway (such as
authorize.net or Verisign). The Payment Gateway authorizes payments for online
businesses. Generally, these services will interact automatically with both your shopping
cart system and your merchant account. Once setup, all this happens behind the
scenes so your website is selling your products or services day-and-night, without you
having to be directly involved. Someone from Australia could buy something from your
site while you sleep.

It is imperative that you have the ability to update your shopping cart easily. It is crucial
that you have control of this process, as it is likely you are going to want to make
changes over time.

Website

It is a given that you need a professional looking, well-organized website to sell online.
This does not mean fancy. In fact, fancy can work against you, as it can confuse your
visitors. Your designer can integrate your new website with your shopping cart system.
Make sure you retain a designer who has specific experience in the shopping cart
system you wish to use.

While you will likely hire a design firm to do the initial website design, it is important that
you have the ability to update the website. This means the design firm needs to put
some sort of content management system (CMS) in place or learn to use one of the
Web design/maintenance software packages (such as Dreamweaver or MS FrontPage),
if you do not already know how to use one. You do not want to have to call your website
designer every time you want to make some minor change or addition to your site.

While the designer will develop your site initially, it is important to give some thought to
this process so you can provide plans and guidance to your designer. What are the
goals of your site? Do you want leads captured with a contact form? Do you primarily
want direct sales captured through a shopping cart system? If you have more than a
few items, your database design becomes very important.

Make sure your design consultant has solid database design experience (ask for
examples and references). How do you organize the products so people can quickly
find what they are looking for? What market segments will be visiting your site and how
do you appeal to each? Both site and product navigation are key components of a
useable site.

The next step is to determine the various pages that will comprise your site, what
content will go on each page, and how it will all fit together. While you map this out,
always keep your goals in mind -- direct sales, sales leads, etc.

A good way to start this process is to go out on the website and carefully analyze what
similar businesses have done. You can probably get a decent e-commerce website
starting at about $500 for the design.

Once you have done the research, draw up plans for the various pages of your site to
provide to your designer. In addition, since you have been surfing the web, you may be
able to provide your designer with examples of sites as models of how you want your
site to look. This will be helpful to your designer in thinking through what you want.

Achieving Your Independence

During the early stages while you are getting a shopping cart and a website setup, it is
important to spend some time learning the basics of how to maintain them. You could
discuss this with your designer ahead of time, to make sure that you can get some initial
training on updating both your site and your shopping cart. You absolutely do not want
to have to call someone every time you want to change something on your website or in
your shopping cart system. The truth is that once you learn how to do it, making
changes to your website and shopping cart system is simple.

Now What?

You now have a website giving you an online presence and the ability to capture leads
or make sales directly. Now, how are you going to get people to people to visit to your
site?

While clearly a survey article like this cannot answer these questions definitively, it can
at least serve as a starting point. It is important to do some research and find some
articles on each of these topics.

Search Engine Marketing

At some point -- if your business experiences enough growth to pay for it -- you will
likely consider hiring a professional search engine marketing consultant to help you.
Until then, you need to make some solid progress on your own.

Search Engine Optimization

To increase your site's ranking in Google and other search engines, it is crucial to have
quality content on your website that includes reference to the keywords that you want to
optimize. The place to start optimizing your site is during the planning and design
phase. This is definitely something you will want to read about further, and discuss with
your designer from the beginning.

Once you complete your site, you will want to seek out reputable directories and other
sites relevant to your industry, and request to have your site listed in these. Ideally, the
link provided on these sites would reflect the keyword you are trying to optimize. For
example, if you are optimizing "financial planner in Seattle" you would make sure that
the clickable link is "financial planner in Seattle" not just www.yourcompany.com. This is
easy to do in HTML.

Some directories require payment to be included. Some are worth it; some are not. Be
choosy but err on the side of sites that have a high rank, the Google toolbar (available
for both Internet Explorer and Firefox) can be a valuable tool in determining the
Pagerank of a particular site. For example, Yahoo Directory charged $300/year for
expedited consideration of your submission, which Yahoo organizes by topic. We have
found this to be a worthwhile $300 for our websites.

Pay Per Click (PPC) Advertising

There are a number of services out there that provide PPC like services, including
Google AdWords, Overture (Yahoo), and business.com. You will likely want to start with
Google and then expand to one or more other services over time.

Maximizing conversions is your goal but you need to define exactly what a conversion
means to your business. Generally, it is either a lead (normally a customer submitting a
web form requesting more information) or it is a direct sale (a customer actually
purchases your product or service directly). Your website can offer both of these
primary types of conversions or focus on just one - or it is possible you have other
measures of success you want to measure.

If your goal is to get leads, then that is the sort of conversion your website and
advertising should encourage. In addition, do not forget to ask your prospects to request
more information or whatever the action you are seeking.

One of the most effective ways to get qualified leads to your site in the first place is
through pay-per-click advertising. It is important to read and become familiar with pay-
per-click advertising, and then to continue to learn and refine by doing.

In Google AdWords, you set a daily budget (say $20 to start) and a maximum bid on
specific keywords (say $2.50). You only pay when someone clicks on your ad.
Therefore, if you are bidding $2.50 you might only pay an average of say $2.45 per
click. It depends on the keywords you choose and how much you bid. Spend some time
choosing good keywords. Google Adwords has tools to help you choose the most
powerful keywords. You will also want to embed some special code in your website to
enable Google to track conversions.

I have learned through experience that it is best to start with a low bid and increase it
incrementally depending on the number of clicks and conversions you get. Your goal is
not to outbid the competition but to get the maximum number of clicks (and ultimately
conversions) for your budget. Your optimal bid, at your budget, may be much different
from the optimal bid for a larger competitor with a much larger budget. The way to find
that sweet spot that maximizes clicks for your budget is to start low and increase your
bid until you find the optimal bid. That should be your bid for the time being.

Through systematic trial and error, it soon became apparent that the Google Search
Network had a much higher conversion rate than the Google Content Network. I
responded by dropping the content network completely and focusing exclusively on the
search network, which resulted in an immediate increase in our conversion rates.

Over time, I was able to optimize Google AdWords. Now, it pretty much runs on its own
and brings in a predictable number of leads and direct sales. We make adjustments
here and there, and regularly run tests using different landing pages and so on.

Article Marketing

By putting your knowledge in articles for the benefit of others, the benefits that flow back
to you are substantial. You can build a reputation as knowledgeable in your field,
resulting in leads and more sales. In addition, part of the process of article marketing
means including a bio of yourself. This bio usually includes links back to your website,
thus helping increase the PageRank of your website. That means that people who do a
search for relevant keywords are more likely to find your website.

You increase the effectiveness of your search engine optimization efforts by making
clickable links back to your website the actual keywords you wish to optimize - such as
"Guatemalan Shade Grown Coffee" -- not just a simple URL, such as www.yourcompany.com.

This process takes months to show results but the effort and the patience are well worth
it. Our site went from the fifth page of Google results to page 1 in about a year. It took
sustained effort but it was worth it as we get many more leads and sales because of this
time investment.

The fact is that you have much more to gain by sharing information than by hoarding it.
The most effective means to disseminate your knowledge is to write articles and publish
them on the Web. In return, you can get a higher search engine rank, sales leads, and
new business. If you diligently share your knowledge with the world, rewards will flow
back to you in due time.

Email Marketing

A crucial but often overlooked component of starting an online business is to have an
email marketing solution in place and integrate email marketing into your operations
from the beginning. This insures that you collect customer email addresses and ask
them from the beginning if they want to receive emails from you. Email can include
invoices (often automated), product updates, announcements, special promotions, and
email newsletters.

Email is a powerful tool that can help you reduce costs and increase efficiency but
perhaps even more powerful is the power of email to increase customer loyalty and
retention. As the provider of a product or service that your customers need, you also
have information that could benefit your customers as well. If you produce a newsletter
and regularly put in the time to create useful content, you will increase your mind share
among your customers and they will very likely think of you next time they need to make
a purchasing decision.

Provide consistently good content and special deals for the subscribers to your
newsletter. Make sure that your customers feel they are getting multiple tangible and
intangible benefits from listening to what you have to say.

At a minimum, an email marketing service should make it easy for you to create eye-
catching emails, manage multiple email lists, and place newsletter sign-up forms on
your website. There should be powerful list management, robust reporting, and
reliability.

Your email marketing service should include an easy way to track the results of your
email campaigns. Who opened your email, how many times, and when? Did they click
on the link you provided? Did they purchase anything or submit a lead? The service
should enable you to track message reads in real time, and read detailed reports online
or export them to a spreadsheet.

In addition, your email marketing service should give you the ability to manage multiple
lists and divide lists into multiple segments. Last, but not least, it is preferable that your
email marketing service provider give you a private IP address, rather than one you
share with other customers. A private IP address is preferable to a shared IP address,
because with a shared IP address you are vulnerable to the shared IP address being
blacklisted because of the mistakes of other customers of your email marketing service
provider. With a private IP address, you are the only one who sends email through your
IP address.

It is also important that your email marketing provider knows the CAN SPAM regulations
and makes it easy for clients to comply with them. Knowledge of and compliance with
CAN SPAM is crucial for successful email marketing implementation, and with earning
and keeping the good graces of ISP's and other networks. In addition, nothing will ruin
the good will of your customers faster than spam. On the other hand, properly
implemented permission-based email marketing is one of the most powerful forms of
marketing. Done well, email marketing can earn you a reputation as an expert and help
you make giant leaps in customer loyalty.

This article is a primer, a survey, of the topics you need to consider from the beginning
to have a successful online business. You will want to research each of these topics in
much greater depth than I covered them here. It is worth your time to read articles on
each of these topics, and even invest the time to read books as well. The effort you put
in educating yourself about the various components of starting your online business will
pay off, making it well worth the time investment.

How-To: Market Your Company For Under $1K or Less Talked-About Advertising Techniques

Being in the hosting industry, every one is aware of how tough and crowded the competition is.

Marketing your company and standinging out of the crowd is never an easy task, especially if you're a small operation and have to balance your marketing efforts with actually running the company.

I have reviewed a lot of unique ideas that have been posted in this forum over the past few years and added a few of our own on how you can advertise your company on a relatively small budget.

This article won't discuss the obvious techniques, such as word of mouth, pay per click search engines, and advertising on hosting directories - they've been talked about quite a bit as it is, but rather will branch out in the less-talked about methods.


====================
I. Public Relations

A lot of companies underestimate the power of PR and have a misconception about how much it actually costs to hire a PR specialist. If you go to a job search website, such as guru.com, you will be able to find a PR expert to work for you for around $500/mo.

Obviously, in order for the PR campaign to be successful, you need to sit down and think of a newsworthy story. The important thing to constantly ask yourself is - would anyone else be interested in this story besides yourself?

If you're on a tight budget and don't feel comfortable spending $500 on a PR specialist, go to Amazon.com and purchase a book that will tell you how to do it yourself. My personal recommendation would be "Full Frontal PR: Getting People Talking about You, Your Business, or Your Product" by Richard Laermer & Michael Prichinello.

====================
II. Affiliate Program

Contrary to what you might believe, it isn't enough to simply set up an affiliate script, post a link to it on your site, and wait for the referrals. Affiliate marketing is an incredibly powerful tool, but takes a lot of patience and work to take off the ground.

I think it's important to think of your affiliates as your business partners. One of the companies that we worked with had a dedicated affiliate manager that constantly sent out promotional materials, press releases about the company, monthly incentives, etc. to his affiliates.

If you help your partners, constantly motivate them to do better, provide them with all of the resources they might possibly need (up to the signature text they can use in their eMails to promote your products), they will return the favor by bringing new referrals to you on a constant basis.

An important thing to remember is that not all affililiates are created equal and while some people may argue with me on this, I think that you should offer extra attention and care to the affiliates that actually deliver on a regular basis, instead of spreading your time even among all of them.

There is a good, free publication on affiliate marketing called Revenue - http://www.revenuetoday.com/ - that covers affiliate strategies, techniques, etc.

====================
III. Articles

When you are setting out on a path of building your client base, it's important to understand that one of the biggest factors that plays a role in the decision making process of the prospect is if they trust your company and consider you to be reputable.

I would highly recommend you that you set a goal to release a new article or "research study" on your industry's niche (whether it's forum hosting, eCommerce hosting, etc. - don't be too general) every month. If your writing skills aren't the best ones, do what we usually do - hire a writer to do the articles for you. Generally, you can get a good 750-1,000 word article for ~$200.

When the article is ready, go through every webmaster/web hosting content related website you can find, even including other hosting companies, and ask them if they'd be interested in reprinting the article, while keeping a small "author's box" at the bottom.

If they agree, ask them if they'd be interested in receiving future articles when you release them. This way, you can build up a list of 100-200 websites that will publish every single article you release!

It will help you with search engine rankings, brand awareness, and will establish you as an expert in that particular niche.

When we were looking for a PR firm to help us spread the word about our company, we stumbled upon an article that spoke about the basics of PR. It was written by the CEO of a PR company and guess what... we liked the article so much, that we decided to give the company a shot!

It really works. People will trust you more if they see an article written by you. Of course, you got to keep the article interesting and helpful, as it will portray an image of your own company.

====================
IV. Postcards

While this technique may work better for companies that already have an established client base, you might consider it for yourself for the future.

USPS.com offers a service where you can print and mail full-color postcards with custom text and even a logo for just $.79c a piece. Imagine what kind of an effect it would have on your clients if you sent them the postcards thanking them for their businesses and asking them for referrals (or you can simply imply that you have an affiliate program where you pay $X/referral).

In this day and age, a postcard from a hosting company would be considered unusual but very, very classy. It just associates your company with professionalism and the fact that you really care about your clients and are willing to go above and beyond to make sure they are happy.

====================
V. Search Engine Optimization

Let's face it - if you're on a tight budget, you won't be able to hire a firm to put you in the top 10 results for "web hosting" and if you're drastically short on time, you won't be able to do it yourself.

If you noticed, hosting directories have much more luck in getting listed well on search engines, rather than regular companies. Whatever reason may be behind that, you have to develop a creative approach to SEO, as otherwise you might be dissapointed with the results.

My personal recommendation would be to create a detailed resource section on your website (better yet, put it on a separate domain), where you publish a few original guides and articles on web hosting.

At that point, hire a professional SEO freelancer (I believe that in these cases, it's better to work with freelancers than full-featured firms, as their overhead is significantly lower which can be passed on to you) to optimize that section for you. The visitors that will come there are much more likely to convert into paying customers for the reasons described in Section III of this guide.

====================
VI. Partnerships

The thing about partnerships that you need to constantly keep in mind is that both parties have a similar goal - gain new clients. When you decide on who to work with, choose carefully.

You can attempt to get in touch with web site monitoring services, bulk traffic services, promotion companies, etc. I believe that it's better when your products are in the same range as your partners', as it will be easier to promote each other's services.

====================
On a final note, I would like to mention a few more things.

Advertising and marketing is never guaranteed, as the industry works out in a different way for every company. When it comes to marketing and advertising, you just can't force people to signup. There are so many factors that will either make or break your marketing campaigns. Sometimes, you'll have great success, while other times you may fail.

The important thing is to carefully approach and test each new advertising opportunity that comes your way. Make sure that you track the ROI of each campaign and know exactly how much you spent on it and how much revenue it brought in. This way, you'll be able to continue to invest into successful advertisements without wasting your budget on ineffective ones.

Finally, my biggest recommendation would be to... read. Make an honest effort to read books on marketing, advertising, public relations, search engines, branding, etc. The more you know, the better decisions you'll be able to make and the better off you'll be in the long run.

There are a lot of other ideas that I haven't mentioned, such as advertising in PayPerClick search Engines, hosting directories, local advertising, etc., however, I would like to encourage other companies to keep adding on their unique ideas and techniques themselves.

I hope you found this little HOW-TO useful. Have a great day!

Boris

How To Set Up The Backend Of Your Hosting Business

How to Set Up Your Backend

What is a backend?

I’m sure many business people and “scholars” have much better definitions of this than me, but I like to think of it as the guts of the business that make things run behind the scenes. When I think of a backend as it pertains to web hosting, I consider the following elements:

-Billing system

-Order processing

-Support system

-Accounting and recordkeeping


Billing system

As you contemplate your billing system, the first piece of information you should look at is what types of payments are you going to accept. Hopefully, you’ve already outlined this in your business plan. Will you take Paypal, or will you accept credit cards through your own merchant account, or will you accept checks and money orders by mail? Accepting payments by mail significantly complicates your business, so I would suggest not accepting payments by mail, or if you do—only accept annual term payments.

The easiest payment system to implement, and my recommendation, is to use a third-party payment processor such as Paypal or 2Checkout. These third-party payment processors allow you to accept credit cards, debit cards, and e-checks securely through their web-based system. They also allow you to create automatically recurring billing, which is the most powerful billing tool that all resellers should implement. Rather than having to bill your customers each term (month, quarter, etc), the third party payment processor will automatically bill your customer on their due date, based on the terms of the subscription that you created. In other words, if you create a $10/month subscription, it will automatically charge your customer $10 on the day they sign up, and then it will charge them $10 on the same day of each subsequent month. This is a huge timesaver, by automating the billing process you can eliminate the need to bill your customers at all.

If you do wish to send your customers a formal bill, or if you aren’t using automatically recurring payments, there are several software programs that can help automate the process for you. The ones specifically designed for web hosting that I would recommend are WHMautopilot, Lpanel, and Modernbill. There dozens of other billing programs available, but I recommend those ones because they also have auto-setup scripts and various client-management features built in to them, which we will discuss next.


Order processing

This part of your backend can basically be broken down into two options: manual processing, or automated processing. Manual processing is pretty much self-explanatory. Your customer places an order and pays using one of your available payment methods. When you receive the order and payment, you go into your Web Host Manager (WHM) and set up the client’s account, and then send them a welcome email with the pertinent information. Using this method there are a few different ways you can set up your order form to collect the information you need. The most important piece of information you need is the domain name. If you use only Paypal as a payment processor, Paypal has a form tool which will allow you to collect up to two form fields along with each order.

For example, you could set up your form so that the customer types in their domain name and username along with their order. When you receive the order confirmation from Paypal, this information will be included. Another method is to simply use a form mail script. This is easily implanted using a two-part order form. In the first part, they type in their applicable information and click "submit", thus emailing you the form. When they click submit, they are then redirected by the form mail script to your payment page. The third method is to use a shopping cart application which integrates the collection of data and payment processing. The advantage of manual order processing is it can help reduce the possibility of fraud and abuse because each order is screened by you as you process it.

Automated order processing saves a lot of time for the reseller, and also creates a smooth ordering process for the customer. Automation is a huge key to building a successful online business, and this is one form of automation that I would highly recommend. An automated order processing program collects the pertinent data from your customer, directs them through their online payment, and then interacts with your web server to set up the account and then sends out a welcome email to your customer.

The programs I would recommend are WHMautopilot, Lpanel, and Modernbill. I am certain there are several other equally viable software programs available as well. The risk of automated order processing is the potential for fraud, and abusers such as spammers signing undetected. However, I would say the benefits of automated order processing typically outweigh the risks. If a customer on the other side of the world orders at 3:00AM, they don’t have to wait for you to wake up and check your email. Your program will go to work for you and set up the account. On top of performing all of these tasks, it also creates a nice customer database which can be used for billing and a number of client administration tasks such as suspending accounts, performing server checks, etc. Just make sure you manually review each order after it has been set up. This will help catch fraudulent customers before they have a chance to run their malicious activities (like spamming) on your server.


Support system

Your solution for a support system depends largely on your own aptitude and preference. If you are familiar with the web hosting platform (such as cPanel) and with basic server administration tasks, you may wish to support your customers yourself. This is especially true while your business is in the startup phase with only a few customers, or if you intend to keep your customer base small. If you choose not to be your own support tech, there are a few alternatives. The obvious one is you could hire a support tech to work for you. While this is often the most ideal situation, most startups can not afford to hire an additional person initially.

A more affordable solution may be to outsource your technical support to a company who specializes in providing support for web hosting companies. Many outsourcing companies are located in technologically advanced areas in low-cost countries such as India. Outsourcing to an overseas company can be a very cost-efficient solution, but can also result in additional problems and challenges so you want to make sure you adequately research your solution before making any commitments. Outsourcing companies typically offer one or more pricing solutions including per-ticket, per-customer, per-server, flat fee per month, or per representative hired.

There are also other creative support solutions available. One solution I’ve seen work with success is creating a community forum where customers can help each other, guided by more experienced moderators and administrators. A host can offer free hosting to moderators in exchange for their help in running the forum. Other forms of bartering have been done successfully as well. For example you could provide free hosting in exchange for 5 hours a month of answering trouble tickets in your helpdesk.

As for the support options themselves, again hopefully you’ve outlined this in your business plan. Are you offering email only, or a helpdesk, live chat, or telephone? Email and telephone are self-explanatory; if you’re even considering starting your own business I’m sure you know to use email and the telephone. Live chat is a nice option if you decide to use it, however you need to be diligent in being available or it could be counteractive. Have you ever seen a site that offers live chat, but the operator is never available during business hours? I think it shows a lack of professionalism, and I rarely buy from such companies. On the other hand, if you run it properly it can be a valuable tool that helps you get customers problems resolved in one chat session rather than a back-and-forth email or support ticket conversation. To run live chat you could simply post your IM screen name (handle) for one of the popular IM platforms such as AIM, MSN, or Yahoo. The other method would be to use a web-based chat client from a free download, or on a subscription basis from a chat provider.

Regardless of whether you offer any other methods of support, the one method I will strongly suggest is an online helpdesk where customers can submit trouble tickets. There are several free helpdesks available, as well as more powerful applications available for purchase. The helpdesks I would recommend are Kayako or Perldesk, both available on a monthly or yearly subscription. Some client management programs such as Lpanel also have a functional helpdesk integrated into them. It is best to choose a helpdesk that supports email piping. In other words, you can send an email to support@yourcompany.com and it automatically opens a helpdesk ticket. Then when you answer the ticket, it also sends an email reply to the client, who can then reply from within their helpdesk account or by replying to the email.


Accounting and recordkeeping

This side of the business can easily be overlooked by enthusiastic startups, and is often the less-favorable task for creative entrepreneurs. However, a solid accounting and recordkeeping system is essential to the long-term survival of your business. If you use an automated system such as WHMautopilot, Lpanel, or Modernbill, it will automatically keep track of much of your financial information which is a useful tool and database.

However; regardless of whether you use one of those programs, I would suggest keeping an offline record of your customers and financials. This could be done through an accounting application like Quicken, or with a customized database in Access, or using a simple spreadsheet (which is my preferred method) in a program like Excel. I personally prefer Excel for its simplicity. Your records should include the following information at a minimum:

-Customer name

-Domain name

-Billing Due date

-Subscription ID number

-Price

-Size of plan

-Email address

In addition to your customer information, it is good to keep track of your overall finances using at a minimum a general ledger and P&L (profit and loss) statement. These documents are much simpler than you may think; in fact if you know how to balance your checkbook you’re almost there. Your general ledger is basically a list of all the expenses and revenues for the month. Again this can be a simple Excel spreadsheet.

Your expenses would include any expense related to the business such as your reseller account, advertising costs, support costs, Paypal or merchant fees, etc.

Your revenues are the money that you receive from your hosting clients.

You can then add up your expenses and revenues for the month, and if your revenues exceed your expenses, you made a profit! A P&L statement simply summarizes the information from your general ledger in a format used by most businesses to gain a good overview of a company’s financials in one page. I’m not going to give you an Accounting 101 class here in this e-course because you can easily find a lot of information about P&L’s and accounting on the web.

If you’ve done your accounting each month, your taxes should be a breeze, especially if you remain a sole proprietor with no employees. All you need to do is take the information from your year-end P&L statement and fill out a schedule C (profit or loss from a business). NOTE: This is NOT official tax advice. I am not an accountant, and you should consult your tax adviser before filing your tax return.

Regarding business status, the simplest type of business with the least amount of paperwork is a sole proprietorship. You can remain a sole proprietor as long as you don’t have any employees. If you wish to remain a sole proprietor, you can avoid hiring employees by only using help on a contractual basis (in other words they are a contractor vs. an employee). There are several restrictions in this regard (you can’t set a contractor’s hours, etc.), so it would be best to do some serious research and/or consult an attorney before making any contractual or employment arrangements.

--------------------------------------------------
Feel free to let me know if there are any questions I can answer regarding starting a hosting business. Thanks!


__________________