Adrian's Blog

Category: Work

  • Magento Connect Manager – Access is locked. Please try again in a few minutes

    This is an indication that the site has been subject to a brute-force login attack, specifically on the Connect Manager (downloader) login.

    var/brute-force.ini should look something like this:

    brute-force-bad-attempts-count = 0
    brute-force-diff-time-to-attempt = 180
    brute-force-attempts-count = 3

    Any value for brute-force-bad-attempts-count > brute-force-attempts-count will result in the above error.

    Solution: edit the file to set the count back to zero, and remember to rename the downloader directory to something less obvious when not in use.

  • See All Failed or Successful SSH Login Attempts

    To list all failed SSH login attempts:

     cat /var/log/secure | grep 'sshd.*Failed'

    To list all successful SSH login attemps:

     cat /var/log/secure | grep 'sshd.*opened'

  • Error 500 applying upgrades in Magento Downloader

    Inspecting the error log, the 500 error embedded in the downloader console is the result of a php timeout:

    mod_fcgid: read data timeout in 45 seconds, referer: https://www.<omitted>
(110)Connection timed out: mod_fcgid: ap_pass_brigade failed in  handle_request_ipc function, referer: https://www.

    According to Plesk Article ID: 127621, FcgidIOTimeout should be the same as PHP’s max_execution_time unless the latter is set to 0.

    From Plesk 12.5 control panel for a domain use Apache & nginx Settings to add the following directive to both http and https, which increases the FcgidIOTimeout from 45 to 120 seconds :

    <IfModule mod_fcgid.c>
    FcgidIOTimeout 120
</IfModule>

    Simply OK this and re-run the Magento Downloader again.

    Note: at the time of writing the Magneto Connect site is very slow, which may be the cause of this timeout.

  • What is consuming my inodes?

    To find how many inodes are in use & available, you would issue the command:

    df -i

    but to find out the top ten directories consuming inodes issue the following from root:

    for i in `ls -1A | grep -v "\.\./" | grep -v "\./"`; do echo "`find $i | sort -u | wc -l` $i"; done | sort -rn | head -10

  • After upgrade to Magento Downloader to 1.9.2 no upgrades are available

    Following an upgrade to Magento Downloader 1.9.2 I found that the Magento Connect (Downloader) “check for upgrades” returned nothing (quickly) and the mage upgrade community [package name] gave the following error:
    Error:
    upgrade: Package community/[package name] failed: Unknown cipher in list: TLSv1
    This is caused by the OpenSSL library being out of date, so either update it, or comment out line 377 in downloader/lib/Mage/HTTP/Client/Curl.php like so:
    //$this->curlOption(CURLOPT_SSL_CIPHER_LIST, ‘TLSv1’)

    Adendum: for 1.9.3.2 and 1.9.3.3 the fix is different:

    in /downloader/lib/Mage/HTTP/Client/Curl.php line 371

    change:
    protected function makeRequest($method, $uri, $params = array(), $isAuthorizationRequired = false, $https = true)

    to:
    protected function makeRequest($method, $uri, $params = array(), $isAuthorizationRequired = false, $https = false)

    (Changing the connection method to HTTP in Magento Connect Manager does NOT work.)
    If the downloader is itself updated, this “fix” will need to be repeated.

  • Outlook Send/Receive error: 0x800CCC13 on Windows 10

    I got Send/Receive error: 0x800CCC13 on one IMAP mailbox when doing a Send & Receive on a fresh Windows 10 installation. The full error text is:
    Error message: ‘Robert – Sending’ reported error (0x800CCC13): ‘Cannot connect to the network. Verify your network connection or modem’
    Which is a little odd, when other IMAP mailboxes are working OK as part of the same Send & Receive.
    The solution is a system file scan & repair; from the command prompt run
    sfc /scannow
    Which just takes a few minutes to complete and resolves the problem.

  • Can’t receive Gmail messages on Plesk domains

    Google’s response to the Poodle email vulnerability seems to be to send using TLS where the server is properly configured, but queue messages where it isn’t. So to enable email receipt we need to tell qmail SMTP which encryption to use, and provide it with a valid certificate.

    Plesk supports SSL certificates, obviously, but also has a self-certified certificate for use with the control panel. This can be used for SMTP.

    Either for qmail:
    cp /usr/local/psa/admin/conf/httpsd.pem /var/qmail/control/servercert.pem
    or Postfix:
    cp /usr/local/psa/admin/conf/httpsd.pem /etc/postfix/postfix_default.pem

    IMAP:
    cp /usr/local/psa/admin/conf/httpsd.pem /usr/share/imapd.pem
    POP3:
    cp /usr/local/psa/admin/conf/httpsd.pem /usr/share/pop3d.pem

    And to make sure the certificate is used, create the TLS cipher rule files:
    openssl ciphers > /var/qmail/control/tlsserverciphers
    openssl ciphers > /var/qmail/control/tlsclientciphers

    (servercert.pem tlsserverciphers and tlsclientciphers were all empty in my installation)

    It may also be worth checking the integrity of the qmail installation:
    /usr/local/psa/admin/sbin/mchk

  • Finding big files in Unix

    Assuming Perl is running on the server, this is quite neat:
    find / -mount -noleaf -type f -size +10000k -print0 | xargs -0 ls -lhSr | perl -ne '/(\S+\s+){4}(\S+)\s+(\S+\s+){3}(.*)/ and printf("%*s %s\n",7,$2.":",$4);'

  • Adding mcrypt to Plesk 12

    The php mcrypt module, required by Magento, wasn’t present on our Plesk VPS. Here’s how to add it from SSH:

    (1) Add the repository. For example, to add EPEL:
    rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

    (2) Install the php-mcrypt module:
    yum install php-mcrypt

  • Programming The APC Smart UPS 700

    I have a Smart UPS 700 which after a battery change shows zero run time and a permanently lit “Trim” LED.

    The zero run time is because the battery constant held in EEPROM is wrong – I think that this is maintained by the Smart UPS as the battery capacity fades over time, but isn’t reset when a new battery pack is inserted.

    The Trim LED shows that the UPS thinks the supply voltage is too high. It isn’t, so in this case the firmware version in EEPROM is wrong, making the device think it is a US model and expecting a 120V supply.

    Both problems can be solved using the APC “black” serial cable P/No 940-0024 and a terminal emulator on the laptop.

    Lost the black cable, did you? Here is the wiring:

    UPS
    Signal Name    		 DB-9 Male
    (UPS end)    		 DB-9 Female
    (PC end)    		 PC
    Signal Name
    TX / AC Fail 2 2 Rx, Received Data
    RX / Shutdown 1 3 Tx, Transmitted Data
    Common 9 5 GND
    Link 1 & 4 DCD,DTR
    Link 7 & 8 RTS,CTS

     

    Referring to the table below, the correct battery constant (register 0) is 96 (hex) and the firmware version is 52.11.I

    Connect the serial cable and using puTTY or similar issue the following commands:

    Press Y (Capital Y)
    UPS should respond SM
    Press 1, wait 2 seconds, press 1 again.
    You should see response PROG.
    Press 0  (zero).
    The UPS should respond with the current constant.
    Press + (plus) or - (minus) to increment/decrement the value
    Press R (capital R) to reprogram constant value
    The UPS should respond Bye
    Press Y
    The UPS should respond S
    Press 0 (zero)
    The UPS should respond with the new constant.
    Press b.
    You will see the current firmware code.
    Press either + or - followed by a 1 second pause followed by b to cycle through the firmware versions.
    Press R (capital R) to reprogram the firmware version.
    The UPS should respond BYE.
    Quit the console without resetting the serial port.

    That should be all that is required.

    Here is the table showing register 0 (battery constant) and Firmware for each UPS model:
    UPS Model 4 5 6 0 Hex Firmware
    SU250 EE F8 B1
    SU400 EE F8 9F E1
    SU600 EA F4 9F E5
    SU900 F3 FC 9F ED
    SU1250 EE FA 9F F5
    SU2000 F1 F9 9F FD
    SU450,700 28 F2 FA 96 07,RM=47 52.11.I
    SU450XL,700XL 28 EE F8 9F 700XL=27 51.9.I
    SU1000,INET 35 EF F9 A0 0B 60.11.I
    SU1000XL 34 EE FC 9A 2B 61.9.I
    SU1400 35 EE FC 9A 70.11.I
    SU1400RM 28 ED FA 89
    SU1400R2IBX135 08 B4 10 A3
    SU1400RMXLI3U 45 F6 F4 80 73.x.I
    SU1400RMXLI3U 20 F3 FD 81 73.x.I
    SU2200I 35 EE FB AF 90.14.I
    SU2200XL,3000 35 EE FB AF 3000=17 90.14.I
    SU3000RMXLI3Ublk 35 F3 F4 AF 77 93.14.I
    SU5000I white 20 F2 FA 91 1F 110.14.I
    SU1400XL,XLI,RM 45 F6 E4 80
    SU420I 25 95 09 85 16 21.7.I
    SU420SI 0E 95 0A 8C
    SU620I 29 99 0B 8A 1A
    BP420SI 0E 95 0A 8C 06 11.2.I
    BP650SI 10 97 0C 91 0A 12.3.I
    Power Stack 250 0C 95 0F B2 26.5.I
    Power Stack 450 0D 96 10 99 36 26.5.I
    SC250RMI1U 0C 95 0F B3 32 735.a.1
    SC420I 0E 95 OA 8C 16 725.1.I
    SC620I 10 97 OB 99 1A 726.x.I
    SC1000I 08 95 10 94 8A 737.x.I
    SC1500I 07 95 14 8F 1E 738.x.I
    SU1000XL 17 EE F9 D5
    MATRIX 3000,5000 E9 F5 B0
    SU700RMI2U 07 B1 0D 92 8A 152.4.I
    SU1000RMI2U 08 B5 0D C7 8E 157.3.I
    SU1400RMI2U 08 B4 10 A3 92 162.3.I
    SUA1000I 07 B5 13 BC 0A 652.12.I
    SUA1000XLI 0B BD 0F 7F 4A 681.13.I
    SUA750XLI 0A B9 0C 86 46 630.3.I
    SUA750I 04 B6 14 82 06 651.12.I
    SUA750RMI2U 07 B1 0D 82 86 619.12.I
    SUA1500I 09 B9 13 A1 0E 601/653.x.I
    SUA1500RMI2U 08 B4 10 A1 8E 617.3.I
    SUA2200I 08 B8 12 B3 26 654.12.I
    SUA2200RMI2U 09 BC 11 81 A6 665.4.I
    SUA2200XLI 0A B7 0F 7F 66 690.x.I
    SUA3000RMI2U 04 B9 0E 70 AA 666.4.I
    SUA3000RMXLI3U 0A B6 0E 89 xx xxx.x.x
    SUOL1000I 06 B6 1B A6
    SUOL2000XL 0D BD 14 75 52 416.5.I
    SURT1000XLI 0A BB 19 A8 4E 411.x.I
    SURT3000XLI 06 B6 0F CC 56 450.2.I
    SURT5000XLI 05 BA 15 86 5A 451.13.W
    SURT7500XLI 03 BB 20 97 63
    SURT10000XLI 06 B8 19 AB 476.12.W
    SUM1500RMXLI2U 03 B7 0D A5 62 716.3.I
    SUM3000RMXLI2U 03 B7 0D A5 6A 715.3.I
    BP500AVR 26 17.1.I