Archive for the ‘How to Install’ Category

Chkrootkit Installation Guide

Posted in How to Install on 05/23/2009 08:03 pm by admin

chkrootkit (Check Rootkit) is a common Unix based program intented to help system administrators check their system for known rootkits. It is basically a shell script using common UNIX/Linux tools like strings and grep commands to check core system programs for signatures. If you doubt that your server has been hacked, chkrootkit is what you need to run.

Chkrootkit’s installation is very easy. I am describing the steps below.

1. Ssh to the server as ‘root’, and then wget the chkrootkit from its FTP location.

wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

2. Unpack the tarball in the current directory.

tar xvzf chkrootkit.tar.gz

3. Go to the directory newly created, and compile the script.

cd chkrootkit*
make sense

4. Once the compilation is complete, use the below command to execute chkrootkit.

./chkrootkit

NOTE: Make sure that you have gcc and make on the server or else the installation will fail :-(

At this point, I would suggest that you set a crontab to execute this chkrootkit daily. You can even have the results sent to you via email.

For that, create a file /etc/cron.daily/chkrootkit.sh

Insert the following to the new file and save it:

#!/bin/bash
cd /yourinstallpath/chkrootkit-0.42b/
./chkrootkit | mail -s "Daily chkrootkit from Servername" admin@youremail.com

1. Replace ‘yourinstallpath’ with the actual path to where you unpacked Chkrootkit.
2. Change ‘Servername’ to the server your running so you know where it’s coming from.
3. Change ‘admin@youremail.com’ to your actual email address where the script will mail you.

Change the file permissions so that it can execute:

chmod 755 /etc/cron.daily/chkrootkit.sh

You will receive daily chkrootkit reports on your email address from now on.

 

Ioncube Installation Guide

Posted in How to Install on 05/23/2009 07:53 pm by admin

This article describes how to install ionCube loader extension in PHP. ionCube provides tools for PHP source code protection. Usually, a PHP file is in plain-text format. Which means anyone who has access to the actual PHP file can use a text editor (like vim) to view the source code.

If a skilled hacker/programmer gets access to the entire PHP source code, then it would allow him/her to find vulnerabilities which can be used to launch attack on website(s) or web server(s).

It was this reason which led to the web industry search for an encoding engine that is capable of translating source code to efficient bytecodes, and one of the best solution today is ionCube loader. ionCube encoding tools deliver the ideal combination of maximum source code protection without sacrificing performance, reliability or language compatibility.

By default, PHP is unable to parse files encoded using ionCube. In order to do so, you have to install ionCube loader extension in PHP. This is how it is done:

1. Download ionCube loader from ioncube.com

wget http://downloads2.ioncube.com/loader_downloads/ ioncube_loaders_lin_x86.tar.gz

2. Extract the tar.gz file

tar zxvf ioncube_loaders_lin_x86.tar.gz

3. Change to directory ‘ioncube’ and copy over the file ioncube-install-assistant.php to a web directory such as your hosting directory

cd ioncube/
cp ioncube-install-assistant.php /home/userdirectoryhere/public_html/

4. Then open it http://www.yourdomain.com/ioncube-install-assistant.php.
The output should be something similar to:

Analysis of your system configuration shows:

PHP Version 4.3.3
Operating System Linux
Threaded PHP No
php.ini file /usr/local/lib/php.ini
Required Loader ioncube_loader_lin_4.3.so

5. Now move the iconcube directory to a permanent location:

cd ../
mv ioncube /usr/local

6. Now that you know the location of php.ini you need to edit it.

pico /usr/local/lib/php.ini

Now find where other zend extentions are in the file.
ctrl + w: zend_extension

Paste in your new line for ioncube loader

zend_extension = /usr/local/ioncube/ioncube_loader_lin_4.3.so

7. Save the changes
ctrl + X then Y and enter

8. Restart the web server to take effect.

/etc/init.d/httpd restart

Now, create a new document named phpinfo.php. The file should contain the below lines:

phpinfo();
?>

Place this document in your www directory and open it from your web browser by pointing to http://www.yourdomain.com/phpinfo.php. You should now see ionCube loader listed in it (search for the string ‘ioncube’).

That’s it! :-)