If you're new here, you may want to subscribe to my RSS feed. So that you can read the latest updates about Web2.0 tools, Making Money Online, Tips in SEO, Ajax and many more. Thanks for visiting ProgramimiCOM!

As many web developers can attest to, logging into your server through SSH (Secure Shell) is one of the more common day-to-day tasks (you can even use it as a secure tunnel for your traffic). It only makes sense to automate this process which in turn can save many many keystrokes.

This how-to is written with PuTTY and Windows in mind and requires several other tools that are available from PuTTY’s website. So from their download page, make sure you have these files:

• PuTTY (putty.exe)
• PuTTYgen (puttygen.exe)

Then to automate SSH login, do the following:

1. Run PuTTYgen.
2. Select SSH-2 DSA as the Type of Key to generate.
3. Click generate and move your mouse around to generate randomness.
4. Click “Save Private Key” and save it somewhere on your computer.
5. Copy the entire content inside the box to your clipboard (this is your generated public key).
6. Login to your SSH server.
7. Create the file ~/.ssh/authorized_keys containing the generated public key (from step 3) on a single line.
8. Make this file readable (chmod 755).
9. Then open up PuTTY and navigate to Connection->Data and fill in the auto-login username.
10. Navigate to Connection->SSH->Auth and under Private-key, browse to the file you had saved earlier on your computer.

That’s it! Now you can try logging in to your SSH server and it should login automatically. If it works, make sure you save your session so you don’t have to repeat these steps every time!

Hopefully these steps work for everyone! Let me know if there are any problems.

• 0 Comments

Ndisuio.sys, a very mysterious system file is present in Windows XP and Vista and is a driver for wireless things such as wi-fi and bluetooth. However, there have been many issues with this file downloading immense amounts of data and perhaps causing activity that is “big brother”ish.

The fact that hardly any information on this file downloading data is available by Microsoft makes things quite suspicious about it. It has even been noted that it looked as if it was transferring data to major companies like Comcast, Road Runner, Time Warner, BTC and Verizon.

The good news is, it turns out this file duplicates data that is sent/received, so wherever you go, it will also transfer the data to that file but it does not leave the computer/network so it’s not spyware. So it’s not as much of a big brother situation then it looks like. It simply performs internal communication tasks and stands for NDIS user I/O, hence, NDISUIO. NDISUIO is also used as a driver by many developers as it makes certain wireless network tasks easier such as implementing it for 802.11x connections. Some firewalls also use it as it can get the data in order to filter it.

But duplicating this data can hog resources for no reason, so disabling it is the best thing to do. The data rate of this file’s received data is huge, so that indicates that the data transfer is not over the Internet, but locally. So it’s just a duplicate of network activity but because it’s local everything transfers faster but uses more resources then casual internet usage as there’s more data involved at a given time span of 1 second, for example.

To disable this file, go to the control panel, administration tools, services, Wireless Zero Configuration, double click and disable it. This file is probably required to run if you use any linksys wireless devices.

• 0 Comments

If you have even a remote interest in earning money on the internet, you have probably come across those pay per click programs that promise fabulous amounts of money just by clicking on ads and completing free offers. Are these things for real? Let’s take a look at exactly how they work and why you should avoid them.

The reality is that these pay per click websites are earning quite a bit of money off of their users. Sure, they might pay you a sum of money for doing the offers on their site, but rest assured that they are earning far more than you are! Between paid ads and the payment they receive for sending you to collect all those special offers, the pay per click sites are raking it in! And they have even more techniques to make money off of their unsuspecting users.

For example, have you ever read the Terms and Conditions contract that is on the website of one of these pay per click programs? If not, you should. You are almost guaranteed to find that they are not protecting you against anything. Your private information will become public knowledge and not only that, but possibly sold for yet more profit by the pay per click company or its affiliates!

While many pay per click sites really do pay up, they often have a payout limit that takes forever to reach so many people give up before getting to their goal of $50 or whatever the amount is and the company never needs to actually pay up. And when you do reach the payout level, there are far too many pay per click sites that actually refuse to pay!

That is the downside of the actual pay per click company, but what about the offers that you are completing? There are assorted different offers that you can fill out. Anything from simply filling out a form with your email address and name to ordering a product or a quote that you pay for and are then reimbursed for (on top of which you receive a bonus from the pay per click company).

If you fill out a form on a pay per click site, you are probably signing up for an email newsletter from the company that is paying. These are the lowest paying pay per click actions, ranging from fifty cents to a dollar. You are guaranteed to receive heaps of ads and junk mail to your inbox after signing up for one of these offers, and just deleting them all takes so much time that the piddly sum isn’t worth it!

As for the major pay per click offers where you sign up for a free trial period or a quote or other item that requires you to enter your credit card, stay far, far away. Too many people have been cheated out of their money by these companies when they were unable to cancel their membership when the trial period came up. These sites are usually designed so that you can’t quit even if you want to and they just keep charging your credit card, month after month.

Pay per click programs sound great, but they are often a wolf in sheep’s clothing. It is better to look for a real online job rather than waste your time with these programs.

• 0 Comments

Using Wi-fi in public hotspots can be dangerous when packet sniffers are readily available. You’d want to encrypt and protect what you are sending and receiving over the network. Even at home if you don’t want people on the network logging your activity (for whatever reason) you would want to encrypt your traffic. An excellent way to do this is to set up a proxy over an SSH connection. You will need the following to do this (works for any platform):

• PuTTY for your platform (I use v0.59)
• A server that supports SSH (either set up at home or your web host)

That’s it! First set up PuTTY to connect to your SSH server but also set the following Tunnel settings:

• Source Port: 7070 (this number can be pretty much anything)
• Destination: localhost
• Select Dynamic and Auto

Then click Add and it should show up as D7070. Select Open and log-in. Your traffic can now be forwarded once you configure your applications to use the proxy.

In Firefox (2.x), go to Tools->Options->Advanced->Network->Settings and set the following proxy configuration:

• Manual proxy config
• SOCKS Host: localhost
• Port: 7070
• SOCKSv5 (or v4, doesn’t matter)

Then hit OK and you’re done. To make sure the proxy is working, you can go to a site that will display your IP address or location. You can also encrypt your BitTorrent traffic or your MSN connection by changing connection/proxy settings to point to localhost port 7070 using either SOCKS v4 or v5.

An easy way to switch proxy settings in Firefox is to install the Switchproxy add-on — change proxy settings with just a click. Enjoy your secure browser session!

• 1 Comment

You have probably seen the ads for email reading programs. They claim that you can get rich by simply reading a few emails each day and hundreds of thousands of people sign up for these programs. Exactly how legit are these businesses? Can you really earn money by just reading an email or two?

The way email reading services work is that they offer clients a certain number of hits to their websites. The clients pay for this service and the site then turns around and pays people like you to receive emails which must be opened and have a specific link clicked on in order to qualify. You usually have to stay on the advertiser’s site for 30-60 seconds before your hit is counted and you will be paid.

In general, reading and clicking an email is not a high paid job. You end up getting somewhere between half a cent and 3 cents per email that you open, if you perform the requested action.

Even if you are willing to work for such low pay, you need to be aware that many of these websites are not as great as they might look at first glance. Apart from sending you an email or two a day, they are earning from you and all their other “workers” by doing less ethical things like sell your personal information and email address to other companies. Some of these sites also have spyware which will install itself into your computer and gather vital information like bank account numbers, passwords and any other useful and confidential content that you have stored on your hard drive.

Other email programs are set up to lure people in, but they never actually pay. So they are receiving money for all the hits they send to their clients, but not paying out to their workers. It is a nasty way to do business, but these sites tend to draw so many people that they will never actually pay, that they just keep going! By promising to pay $1 per referral (or more), they ensure that people continue to reel in fresh meat so they will never lack for workers.

However, it is possible to find decent email reading websites that will not do you damage or steal your personal information and that will truly pay you when they say they will. The best way to find these is to ask people. Avoid anyone who gives you a referral URL since their opinion will be biased. You should also ask to see proof of payment. This just means that the person commenting will send you a screen shot of his or her Paypal account with the amount credited and the name of the business paying, or a photo of a check if that is how the email program pays.

A pay to read email program that is worth checking out is one that pays and has a clear privacy policy which states your information will not be used by anyone except them, and for job-related purposes only. They should also be able to provide proof of payment for their workers.

• 0 Comments

Referrer logging is used to allow web servers and websites to identify where people are visiting them either for promotional or security purposes. You can find out which search engine they used to find your site and whether your customer has come from a ‘linked site’. It is basically the URL of the previous webpage from which your link was followed.

By default, most hosting accounts don’t include referrer logs but may be subscribedd for an extra monthly fee. If your web host does not provide a graphic report of your log files, you can still view the referrer logs for your website by logging into the host server using free or low-cost FTP software, like these:

FTP Explorer: http://www.ftpx.com/
LogMeIn: http://secure.logmein.com/dmcq/103/support.asp
SmartFTP: http://www.smartftp.com/
FTP Voyager: http://www.ftpvoyager.com/

The log file is available on your web server which can be download into your computer later. You can use a log analysis tool, like those mentioned below, to create a graphic report from your log files so that the files are easier to understand.

Abacre Advanced Log Analyzer http://www.abacre.com/ala/
Referrer Soft http://www.softplatz.com/software/referrer/
Log Analyzer http://www.loganalyzer.net

You can view the files using Word, Word Perfect, txt or WordPad files even if you don’t have the right tool. This information is very crucial to your business and marketing plans and is not advisable to neglect it.

In addition to identifying the search engine or linked site from where your visitor arrived, referrer logs can also tell you what keywords or keyword phrases your client used for searching.

As referrer information can sometimes violate privacy, some browsers allow the user to disable the sending of referrer information. Proxy and Firewall software can also filter out referrer information, to avoid leaking the location of private websites. This can result in other problems, as some servers block parts of their site to browsers that don’t send the right referrer information, in an attempt to prevent deep linking or unauthorized use of bandwidth. Some proxy software gives the top-level address of the target site itself as the referrer, which prevents these problems and still not divulging the user’s last visited site.

Since the referrer can easily be spoofed or faked, however, it is of limited use in this regard except on a casual basis.

• 0 Comments

First create a new folder somewhere on your hard drive, when you name it hold down “Alt” and press “0160″. This will create an invisible space so it will apper as if it has no name.

Then right click in and select “Properties”, select the tab “custimize” and select “change icon”. Scroll along and you should a few blank spaces. Click on any one and click ok when you hav saved the settings. The folder will be invisible to hide all your personal files.

• 0 Comments

First thing to keep in mind: If your computer hasn’t crashed yet, it will in the future! So instead of waiting for fate to strike, take some precautions now:

1) BACK-UP! Buy some decent DVD-R discs and put everything useful in them. When you have more useful stuff, backup again. Do this often.

2) Keep your computer healthy. Use an antivirus, an anti-spy, and a firewall. Keep them updated. Check regularly for Windows critical fixes.

3) Don’t install software that would do dangerous things to your hard drive. A boot manager would fall in this category.

4) Use a registry cleaner before and after you install or uninstall any software. Many of the problems that will keep Windows from booting are caused by sloppy software that mess up your registry. A good registry cleaner is Tune-up Utilities.
Code:
http://www.tune-up.com/

5) Run chkdsk now and then. Go to Start> Run. Type chkdsk /F. Press enter.

In case your PC has already crashed, read the following:

Most important: Don’t panic! Panic is like a little demon that whispers in your ear to format your hard drive and reinstall everything. Don’t do it! You will lose all your data and the little demon will laugh at you.

To be exact you can still recover your data if you format your drive (by using special software), but only if you don’t write anything on the disc afterwards. In other words format + windows install = bad idea. If you reinstall windows without formating your drive, you will only lose the files on your desktop and “My Documents” folder.

In all occasions you should make sure to safeguard your files before attempting any kind of repair!

So let’s go about how to do that:

The fast way: Go to this site:
Code:
http://www.knoppix.org
. Knoppix is a Linux distribution than runs from a CD. Download the Knoppix ISO and burn it. Put it in your CD drive. On startup access BIOS and change the boot sequence so that your computer boots from the CD drive. Save settings and exit. Upon reboot, Knoppix will load.

Knoppix is much like windows and it comes with its own CD burner. Locate it, launch it and backup everything you want on CD. Now you don’t have to worry anymore!

The less fast way: This requires that you have access to a second PC. Open the case of your computer and remove the hard disk.

Install it as a slave on the second PC.

Depending on respective configurations, you may have to change some jumper settings on the drive. Read the manual for help with installing hard drives and setting jumpers.

After this is done, boot the second PC. If everything went out ok, you should be able to access your drive without problems. (Edit: Note that Win98 cannot recognize a local NTFS (Win2K/XP) disk.)

Copy everything you need from your own hard drive to the other one. Now you don’t have to worry anymore!

Replace your computer’s hard disk, fix all problems and reverse the process to copy the data back to your computer, or take CD backups on the other PC.

• 0 Comments

Compiling the kernel

Wanted to try out the 2.6 edition kernel? Never knew how to do it? Well heres how! Includes everything from compiling the kernel to configuring your bootloader.

Lets Begin!

cd /usr/src
wget -c http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.7.tar.bz2
tar xvfj linux-2.6.7.tar.bz2
cd linux-2.6.7
make clean && make mrproper
make oldconfig ( or make menuconfig )
make bzImage
make modules
make modules_install

( i prefer this method rather then just “make” )

If you get alot of errors about .ko modules when you run make modules_install you need to update your modutils package with module-init-tools, see below.

Now to copy the files over for the kernel itself.

cp .config /boot/config-2.6.7
cp arch/i386/boot/bzImage /boot/vmlinuz-2.6.7
cp System.map /boot/System.map-2.6.7
mkinitrd /boot/initrd-2.6.7.img 2.6.7

You may experience an error such as this:

/dev/mapper/control: open failed: No such file or directory

if you receive that error run the following commands:

rm -rf /boot/initrd-2.6.7.img
mkinitrd –omit-lvm-modules /boot/initrd-2.6.7.img 2.6.7

Now to add it to the grub / lilo configuration.

[Grub]

Your config will look something like this. Please note you need to follow the format for your current config.

title Red Hat Linux (2.6.7)
root (hd0,0)
kernel /vmlinuz-2.6.7 ro root=LABEL=/
initrd /initrd-2.6.7.img

Add your new entry to the top of the kernel list. Set the default to your working kernel. NOTE: the first kernel in the list is “0″. (ex. default=1)

Now exit. Type “grub” at the bash prompt.

savedefault –default=0 –once

issue that at the grub prompt then use quit to exit. Once your reboot you need to go back in and set the default to the 2.6 kernel by setting default=0

[lilo]

Your config will look something like this. Please note you need to follow the format for your current config.

image=/boot/vmlinuz-2.6.7
label=2.6.7
append=”root=LABEL=/”
read-only
initrd=/boot/initrd-2.6.7.img

Leave the default as is.

/sbin/lilo -v -v
/sbin/lilo -R 2.6.7

Once it reboots and comes back online you can change the default to be 2.6.7 and /sbin/lilo -v -v

The above tells you how to enable failsafe in your kernels. SO that if the box panics the dc tech does not have to console in he just has to reboot the box.

How to install module-init-tools:

cd /usr/src
wget -c http://www.kernel.org/pub/linux/kernel/people/rusty/modules/module-init-tools-3.0.tar.gz
tar -zxvf module-init-tools-3.0.tar.gz
cd module-init-tools-3.0
./configure –prefix=”"
make moveold
make install
./generate-modprobe.conf /etc/modprobe.conf

How to determine what boot loader you are using?

dd if=/dev/hda bs=512 count=1 2>&1 | grep GRUB
dd if=/dev/hda bs=512 count=1 2>&1 | grep LILO

one of them will kick back something like:

root@w00t [~]# dd if=/dev/hda bs=512 count=1 2>&1 | grep GRUB
Binary file (standard input) matches
root@w00t [~]#

which means its using grub.

• 0 Comments

Rkhunter is a very useful tool that is used to check for trojans, rootkits, and other security problems. This tutorial will touch on installing and setting up a daily report for rkhunter.

Update Aug. 23, 2005

Installing:

wget http://downloads.rootkit.nl/rkhunter-1.2.7.tar.gz
tar -zxvf rkhunter-1.2.7.tar.gz
cd rkhunter-1.2.7
./installer.sh

Now you can run a test scan with the following command:

/usr/local/bin/rkhunter -c

How to setup a daily scan report?

pico /etc/cron.daily/rkhunter.sh

add the following replacing your email address:

#!/bin/bash
(/usr/local/bin/rkhunter -c –cronjob 2>&1 | mail -s “Daily Rkhunter Scan Report” email@domain.com)

chmod +x /etc/cron.daily/rkhunter.sh

Updating rkhunter
gets the latest database updates from their central server and matches your OS better to prevent false positives.

rkhunter –update

I just got a false positive!! What do i do?

False positives are warnings which indicates there is a problem, but aren’t really a problem. Example: some Linux distro updated a few common used binaries like `ls` and `ps`. You (as a good sysadmin) update the new packages and run (ofcourse) daily Rootkit Hunter. Rootkit Hunter isn’t yet aware of these new files and while scanning it resports some “bad” files. In this case we have a false positive. You could always have your datacenter or a system administrator check out the server to verify that it is not compromised.

More information on rkhunter can be found here: http://www.rootkit.nl

• 0 Comments