Linux Wordpress

Timthumb.php hacked again

I needed a better way to check that my clients were not installing old version of timthumb.php as part of their themes on WordPress. Here’s a reminder for myself and others of simply search and find on a linux server. I’m sure that this could be automated to search, find, and replace with the latest – but as we are only talking less than 30 timthumb files – I’m happy to carry out manually at the moment.

find `pwd` -type f \( -iname thumb.php -or -iname timthumb.php \) -exec grep -HP 'define ?\(.VERSION' {} \;

Will return :

/var/www/vhosts/ ('VERSION', '2.8.3'); // Version of this script
/var/www/vhosts/ ('VERSION', '2.8.3'); // Version of this script
/var/www/vhosts/ ('VERSION', '1.6'); // Version of this script

Any old versions should be replaced with the latest from

CentOS Linux VMWare

Install VMware Tools in CentOS 6.1 command line

Here is how I went about installing VMware Tools on CentOS 6.1 using the command line.

1.In VMware Fusion or Sphere Client: Virtual Machine / Guest > Install/update VMware Tools
2. Within the VM – using command line (I’m not using x) at the prompt:
3. mkdir /mnt/cdrom
4. mount the virtual cdrom using; mount /dev/cdrom /mnt/cdrom
5. cd /tmp
6. tar -xvf /mnt/cdrom/VMwareTools* or tab to auto complete
7. cd vmware* or tab to auto complete
8. ./; accepting defaults throughout. (If not already installed – yum install perl)
9. umount /mnt/cdrom
10. In Fusion / Vsphere Client VMware tools should now display as installed. Check via Virtual Machine / Guest > Install/VMware Tools > will display as “Reinstall” or “OK” version dependant.

HowTo Guides Plesk

Handy htaccess file tips

Ok – here is some handy .htaccess bits

If you want to redirect all visitors to a single page, apart from specific IP address (eg your IP or your customers) the following .htaccess file can be used. Simply repeat the REMOTE_ADDR line if you want more IP addresses :

<IfModule mod_rewrite.c>
  RewriteCond %{REMOTE_ADDR} !^82\.16\.14\.130
  RewriteCond %{REMOTE_ADDR} !^82\.87\.43\.123
  RewriteCond %{REQUEST_URI} !/comingsoon.html$ [NC]
  RewriteCond %{REQUEST_URI} !\.(jpe?g?|png|gif) [NC]
  RewriteRule .* /comingsoon.html [R=302,L]

What about if you want to use Google’s ‘site moved’ facilities, and you already have your 301 redirect in place? When you try to validate your domain with Google it will fail! So… using this .htaccess file, you can redirect all traffic to your new domain, but still let Google access your validation file :

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCond %{HTTP_HOST} [NC]
  RewriteCond %{REQUEST_URI} !^/google1d5jdk4533a39485.html$
  RewriteRule ^(.*)$$1 [R=301,L]

If you have any .htaccess tips – please leave a comment, and I’ll add them to the list.


How would you improve Parallels Plesk Control Panel

I’ve used Plesk for over 6 years now, and have grown to rely heavily upon this web server control panel to manage my 3 production web servers – currently hosting around 400 sites.

The interface has always remained fairly consistent, despite the odd hiding of reporting buttons and moving of icons – but several things have always bugged me…

  • Why can’t I enable FTP backup for all clients in batch, or enable for all domains by default
  • Why can’t I report or notify on success or failure of backups
  • I missed out on switching to Power User view when initializing the server – now I seem to be stuck with the Reseller mode

Let me know in the comments how you would change Plesk.

CentOS HowTo Guides Linux Plesk

1and1 default Plesk partition – resizing guide

1and1 have been regularly criticized for their unusual partitions on default installations of their dedicated servers – but this is the first time I have been affected. One of our dedicated servers started producing Postfix SMTP errors – caused by low disk space.

Upon investigation, the default partitions on my 1&1 Plesk 10.4 server came set at 4Gb, and my ‘var’ partition was full. The used space is all genuine files, so my only option was to increase the partition. On Windows this is quite a complex procedure, requiring additional applications – however following a simple guide made this a 5 minute procedure. Here are the steps that I took

HowTo Guides Linux Plesk

Plesk API vulnerability – allow anonymous hacker

Great… Nice start to the day, received an email from Parallels regarding a vulnerability within all Plesk Panel versions below 10.4 which allow anonymous access to the server!

In a nutshell – if your server is running below 10.4 – you are at risk and MUST update. I have 3 Plesk servers, 10.4 / 9.5.4 / 8.6.0 – so I was able to carry out the “Micro updates” (MU), versions other than this required a manual patch (unless you opt to go upto the highest subversion to get the MU).