WordPress Tips 38: How to fix wp-admin not accessible problem

The /wp-admin is not accessible any more after domain moving.

Here’re the steps,

1. Edit the wp-config.php file.

2. After the “define” statements (just before the comment line that says “That’s all, stop editing!”), insert a new line, and type: define('RELOCATE',true);

3. Save your wp-config.php file.

4. Open a web browser and manually point it to wp-login.php on the new server. For example, if your new site is at http://www.yourdomainname.com, then type http://www.yourdomainname.com/wp-login.php into your browser’s address bar.

Like:

http://www.cathaycenturies.com/blog/wp-login.php

5. You will be able to login and change “site address” information under Settings.

6. Once this has been fixed, edit wp-config.php and either completely remove the line that you added (delete the whole line), comment it out (with //) or change the true value to false if you think it’s likely you will be relocating again.

Note: When the RELOCATE flag is set to true, the Site URL will be automatically updated to whatever path you are using to access the login screen. This will get the admin section up and running on the new URL, but it will not correct any other part of the setup. Those you will still need to alter manually.

Changing the URL directly in the database

If you know how to access phpMyAdmin on your host, then you can edit these values directly to get you up and running again.

  1. Backup your database and save the copy off-site.
  2. Login to phpMyAdmin.
  3. Click the link to your Databases.
  4. A list of your databases will appear. Choose the one that is your WordPress database.
  5. All the tables in your database will appear on the screen.
  6. From the list, look for wp_options. Note: The table prefix of wp_ may be different if you changed it when installing.
  7. Click on the small icon indicated as Browse.
  8. A screen will open with a list of the fields within the wp_options table.
  9. Under the field option_name, scroll down and look for siteurl.
  10. Click the Edit Field icon which usually is found at the far left at the beginning of the row.
  11. The Edit Field window will appear.
  12. In the input box for option_value, carefully change the URL information to the new address.
  13. Verify this is correct and click Go to save the information.
  14. You should be returned to your wp_options table.
  15. Look for the home field in the table and click Edit Field. Note There are several pages of tables inside wp_options. Look for the > symbol to page through them.
  16. In the input box for option_value, carefully change the URL information to the new address.
  17. Verify this is correct and click Go to save the information.

Juniper Tips 37: How to apply packet filter

1. Build a firewall filter

0> show configuration firewall family inet filter CPE1
term CUST-PROTECTED-IP {
from {
source-address { 10.2.208.0/27; }
}
then {
count CPE1;
accept;
}
}

term ALLOW-NETFLOW {
from {
source-address {
10.2.208.60/32;
}
destination-port 2055;
}
then {
count ALLOW-NETFLOW;
accept;
}
}

term DROP-ALL-ELSE {
then {
count DROP-ALL-ELSE;
log;
discard;
}
}

2. Apply Filter into the intended interface

> show configuration interfaces ge-0/0/0.100
family inet {
filter {
input-list [ COMMON-FILTER CPE1 ];
}
service {
input { service-set NAT-GROUP-1; }
output {service-set NAT-GROUP-1; }
}
address 192.168.100.33/30;
}

 3. Verify the filter

since the filter was applied as the filter set. It will not show the counter, as the single filter can be used in multiple interfaces.

#show firewall filter

Filter: gr-0/0/0.100-i
Counters:
Name Bytes Packets
ALLOW-BGP-gr-0/0/0.100-i 2165275 43751
ALLOW-ICMP-gr-0/0/0.100-i 2436 29
ALLOW-NETFLOW-gr-0/0/0.100-i 5195740 31641
ALLOW-REMOTE-GRE-PACKET-gr-0/0/0.100-i 2874504 119771
CPE1-gr-0/0/0.100-i 844762395 7679678
DROP-ALL-ELSE-gr-0/0/0.100-i 2780 88
GRE-KEEPALIVE-gr-0/0/0.100-i 0 0

#show firewall filter CPE1 <-which only work if one filter in place

Filter: CPE1
Counters:
Name Bytes Packets
ALLOW-NETFLOW 0 0
DROP-ALL-ELSE 0 0
CPE1 0 0

Hacking Tools 1: hping

 Installation

Step 1: Install tcl-dev using command “sudo apt-get install tcl-dev”

or you will run into error during make.

/usr/bin/ld: cannot find -ltcl8.5
collect2: ld returned 1 exit status

Step 2 : Fix the warning message from TCL scripting support.

#hping3-20051105$ ./configure
build byteorder.c…
create byteorder.h…
===> Found Tclsh in: /usr/bin/tclsh8.4
==> WARNING: no Tcl header files found!
————————————–
system type: LINUX

LIBPCAP      : PCAP=-lpcap
PCAP_INCLUDE :
MANPATH      : /usr/local/man
USE_TCL      :
TCL_VER      : 8.4
TCL_INC      :
LIBTCL       : -ltcl8.5 -lm -lpthread
TCLSH        : /usr/bin/tclsh8.4

(to modify try configure –help)
————————————–
creating Makefile…
creating dependences…
now you can try `make’

or you will run into error when run hping command.

#./hping3
Sorry, this hping binary was compiled without TCL scripting support

go back to step 1. recompile with TCL support.

$ sudo find / -name “tcl.h”
/usr/include/tcl8.5/tcl.h
/usr/include/tcl8.5/tcl-private/generic/tcl.h

It’s running on tcl8.5, the configure script does not have 8.5 support. need to be modified.

for TCLPATH_TRY in “/usr/bin/” “/usr/local/bin/” “/bin/”
do
  for TCLVER_TRY in “8.5” “8.4” “8.2” “8.1” “8.0”
do
if [ -z $TCLSH ]
then
TCLSH_TRY=${TCLPATH_TRY}tclsh${TCLVER_TRY}
if [ -f $TCLSH_TRY ]
then
TCLSH=$TCLSH_TRY
echo “===> Found Tclsh in: $TCLSH”
…..

Step 3:  Install libpcap-dev by using command “sudo apt-get install libpcap-dev”

Otherwise you will run into error during make.

fatal error: pcap.h: No such file or directory compilation terminated.

Step 4: Creating softlink for net/bpf.h

#find / -name “bpf.h”

# sudo ln -s /usr/include/pcap/bpf.h /usr/include/net/bpf.h

libpcap_stuff.c:20:21: net/bpf.h: No such file or directory
make: *** [libpcap_stuff.o] Error 1

And it should work now!

HOW TO USE HPING

Hping Examples:

/hping3 -S -V  192.168.1.6 -s 7550 -p 339

-S Syn Packet, -F fin, -R RST, -U URG, -P PUSH, -A ACK,

-V verbose output, -s source port, -p destination port

If the port is not listening, you will receive RST ACK instead of SA.

hping3 –rand-source –S –L 0 –p <target port> <target IP>Here we are sending SYN packets (set value by replacing 0) with a random source.

hping3 –rand-source –SA –p <open port> <target IP>Here we are sending SYN + ACK packets from a random source.
hping3 –rand-source -–udp <target IP> –floodFlooding the target IP with UDP packets.
hping3 –rand-source –SAFRU –L 0 –M 0 –p <port> <target> — we are sending SYN+ACK+FIN+RST+URG packets with TCP ack (-L) and TCP seq (-M). Change the values after -L and -M.
hping3 –icmp –spoof <target address> <broadcast address> –floodFlooding with ICMP packets by spoofed IP (–spoof).

Ubuntu Tips 16: How to upgrade from an older version

I was seeing errors from apt-get install or apt-get update like:

W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/oneiric-security/main/source/Sources  404  Not Found

And errors from apt-get upgrade like:

Err http://archive.ubuntu.com/ubuntu/ oneiric-updates/main ncurses-bin i386 5.9-1ubuntu5.1
403  Forbidden

Luckily ubuntu provides a repository for old releases, aptly named old-releases.ubuntu.com. To use it, open /etc/apt/sources.list replace all occurrences of archive.ubuntu.com or security.ubuntu.com as the following.

deb http://old-releases.ubuntu.com/ubuntu/ oneiric main
deb-src http://old-releases.ubuntu.com/ubuntu/ oneiric main
deb http://old-releases.ubuntu.com/ubuntu/ oneiric-updates main
deb-src http://old-releases.ubuntu.com/ubuntu/ oneiric-updates main
deb http://old-releases.ubuntu.com/ubuntu/ oneiric universe
deb-src http://old-releases.ubuntu.com/ubuntu/ oneiric universe
deb http://old-releases.ubuntu.com/ubuntu/ oneiric-updates universe
deb-src http://old-releases.ubuntu.com/ubuntu/ oneiric-updates universe
deb http://old-releases.ubuntu.com/ubuntu oneiric-security main
deb-src http://old-releases.ubuntu.com/ubuntu oneiric-security main
deb http://old-releases.ubuntu.com/ubuntu oneiric-security universe
deb-src http://old-releases.ubuntu.com/ubuntu oneiric-security universe

Now you should run a full update to the latest release:

$ sudo do-release-update

 

Juniper Tips 36: How to use Tag to control route advertisement over BGP

1. Control receiving route from Peer1

#edit policy-option policy-statement From-PEER1

term 1 {
    from {
        route-filter 10.2.208.0/27 exact; <-route-filter is more flexible than one statement, can be a collection of matching prefixes. When specifying a match prefix, you can specify an exact match with a particular route or a less precise match. You can configure either a common action that applies to the entire list or an action associated with each prefix.
    }
    then {
        tag 1111;
        accept;
    }
}
term 2 {
    then reject;
}

#edit configuration protocols bgp group PEER1
type external;
import From-PEER1; <-control what to accept
peer-as 65534;
neighbor 192.168.100.34;

#show route receive-protocol bgp 192.168.100.34 all

inet.0: 153 destinations, 153 routes (152 active, 0 holddown, 1 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
* 10.2.208.0/27          192.168.100.34       0                  65534 I
  10.2.208.32/28         192.168.100.34       0                  65534 I <-this’s hidden route, since it does not match to the rule, which has been dropped.

2. Control advertising out route to PEER2

#Edit policy-options policy-statement To-PEER2

term EXPORT-ALL-TAG-Route

{
    from tag 1111;
    then accept;
}
term EXPORT-GRE-ROUTE1 {
    from {
        route-filter 10.2.211.45/32 exact;
        condition gr-status1;
    }
    then accept;
}
term EXPORT-GRE-ROUTE_521 {
    from {
        route-filter 172.16.20.0/24 orlonger;

        route-filter 172.16.30.0/24 longer; (does not include 172.16.30.0/24)
        route-filter 172.8.100.0/24 prefix-length-range /26–/28 ; (only 172.8.100/26,/27,/28 are matching
        condition gr-status_521;
    }

condition gr-status1 {
    if-route-exists {
        192.168.100.36/30;
        table inet.0;
    }
}
condition gr-status_521 {
    if-route-exists {
        192.168.100.40/30;
        table inet.0;
    }
}
  then accept;
}
term DISCARD-ALL-OTHER-ROUTES {
    then reject;
}

#edit protocol bgp group PEER2

type external;
export To-PEER2; <-Control what to export to Peer2
peer-as 65060;
neighbor 10.2.2.13;
neighbor 10.2.2.9;

#show route advertising-protocol bgp 10.2.2.9

inet.0: 153 destinations, 153 routes (152 active, 0 holddown, 1 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
* 10.2.133.0/24          Self                                    I
* 10.2.208.0/27          Self                                    65534 I
* 10.2.208.64/27         Self                                    I