Category Archives: Software Livre

Buddypress avatars on all blogs of wordpress multisite MU

Sorry, this entry is only available in Brazilian Portuguese. For the sake of viewer convenience, the content is shown below in the alternative language. You may click the link to switch the active language.

Encontrei esta solução para fazer com que avatares locais de um Buddypress sejam exibidos em todos os blogs de um wordpress MU:

Anyeossays:

Ok, I just noticed what BP_AVATAR_URL and BP_AVATAR_DIR are setted relative to url and dir of user blog. I reeplaced that code for one what always use the same absolute paths (obtained from WP_CONTENT_URL and WP_CONTENT_DIR) using the global “uploads” directory. Now all avatars are the same in all weblogs.
If you like to do it edit the file bp-core/bp-core-avatars.php and modify this functions:

function bp_core_avatar_upload_path() {
$basedir = WP_CONTENT_DIR.'/uploads';
return apply_filters( 'bp_core_avatar_upload_path', $basedir );
}
function bp_core_avatar_url() {
 $baseurl = WP_CONTENT_URL.'/uploads';
 return apply_filters( 'bp_core_avatar_url', $baseurl );
 }

Do post:
http://www.amberweinberg.com/how-to-add-buddypress-avatars-to-wordpress-mu/

(Português) OTRS – Status (estados) pré definidos dos Tickets

Sorry, this entry is only available in Brazilian Portuguese. For the sake of viewer convenience, the content is shown below in the alternative language. You may click the link to switch the active language.

Uma livre tradução do manul do OTRS 3.0:
http://doc.otrs.org/3.0/en/html/states.html

O OTRS permite alterar estados de bilhetes pré-definidos e os seus tipos, ou mesmo adicionar novos. Dois atributos são importantes para um estado: o nome do estado e do tipo de estado.

Os estados padrão do OTRS são: ‘fechado com sucesso’, ‘fechado sem sucesso’, ‘merged’, ‘novo’, ‘aberto’, ‘pendente auto fechamento +’, ‘pendente auto fechamento -‘ ‘lembrete de pendente’, e ‘removido’ .

Novo

Os bilhetes estão neste estado geralmente quando são criados a partir de e-mails recebidos.
Comentário Ronaldo: Desta forma os atendentes sabem que este ticket ainda não foi lido, ou seja, nossa empresa ainda não tem conhecimento deste problema.

Aberto

Este é o estado padrão de bilhetes atribuídos a filas e agentes.

Lembrete de pendente

Quando o tempo determinado no campo “Data de Pendência” for atingido, o dono bilhete/ticket receberá um email de lembrete sobre o bilhete. Se o bilhete não estiver bloqueado, o lembrete será enviado a todos os agentes da fila. Lembrete de bilhetes só serão enviados durante o horário comercial, e são repetidamente enviados a cada 24 horas até que o estado bilhete seja alterada pelo agente. Tempo gasto pelo bilhete neste estado continua a contar para fins de escalonamento.

Pendente auto fechamento –

Bilhetes neste status serão definidos como “Fechado sem sucesso” se o tempo de espera determinado em “Data de Pendência” for atingido. Tempo gasto pelo bilhete neste estado continua a contar para fins de escalonamento.

Pendente auto fechamento +

Bilhetes neste status serão definidos como “Fechado com sucesso” se o tempo de espera determinado em “Data de Pendência” for atingido. Tempo gasto pelo bilhete neste estado continua a contar para fins de escalonamento.

Merged

Este é o estado de bilhetes que foram fundidos com outros bilhetes.

Fechado com sucesso

Este é o estado final de bilhetes que foram resolvidos com êxito. Dependendo da configuração, você pode ou não ser capaz de reabrir bilhetes fechado.

Fechado sem sucesso

Este é o estado final de bilhetes que não foram resolvidos com êxito. Dependendo da configuração, você pode ou não ser capaz de reabrir bilhetes fechado.

A small Web Hosting with OpenPanel + Ubuntu Server 10.04 LTS + some tricks

Hi,

I’m trying Openpanel, a great new opensource tool that helps developers make a complex server tasks with some mouse clicks.

http://www.openpanel.com/

You can create domains, mail accounts, DNS and other stuff in a “Panel” way. You can create user accounts and allow them to create their own domains, emails and vhosts.

I’m trying it on linode

www.linode.com

With Ubuntu Server 10.04 LTS (You can deploy this image from linode dashboard. You have a virtual machine running after 5 min max)

After a successful OpenPanel install, I need to make my users vhosts run as Apache process of their own user. This way, their php and other apps could write under their directories and make some personal stuff, as also it gets better to my administration tasks.

Unfortunately, this feature is not yet implemented (but it’s on the roadmap), so I need to create the followin “hack”:

  • Install a new MPM apache module:
    sudo apt-get install apache2-mpm-itk
  • Write a script that’s create the directives which makes every vhost runs under it’s owner account and put ir under crontab to run every 10 minutes
    sudo pico /opt/apacheexec.sh
    Put the following content on it:
#!/bin/bash
for sites in /home/*/sites/*
do
    user=`echo "${sites}"|cut -d'/' -f 3`
    site=`echo "${sites}"|cut -d'/' -f 5`
    arquivo=`echo "/etc/apache2/openpanel.d/${site}.inc/mpmitkUser"`
    if [ -f $arquivo ]; then
        true
    else
        echo "<IfModule mpm_itk_module>" > $arquivo
        echo "AssignUserId ${user} ${user}" >> $arquivo
        echo "</IfModule>" >> $arquivo
        exec `/usr/sbin/apache2ctl graceful`
    fi
done
  • Then, make it executable
    chmod a+x /opt/apacheexec.sh
  • Finally, put it to run on crontab
    sudo crontab -e -u root
  • Write it:
    */10 * * * * /opt/apacheexec.sh

And we are done!

OTRS: Show/Hide itens on Ticket Menu according to the user group

OTRS is a great software it’s not 100% documentated. I find this tip digging the source code.

Imagine that you want to remove the Priority link from Nav Bar of Level 1 Agente Front end, while he/she is viewing a ticket and you want it to be viewable only for supervisors.

Go to ADMIN-> SysConfig -> Ticket -> Frontend::Agent::Ticket::MenuModule

Then find the parameter you want to hide/remove. In this case, Ticket::Frontend::MenuModule###300-Priority

Add a key called “Group” and the put “rw:group_that_has_access” as the content. To add more groups, separete with “;”. For example: “rw:admin;rw;supervisors”.

(Português) Acessando o Internet Banking Santander pelo Ubuntu

Sorry, this entry is only available in Brazilian Portuguese. For the sake of viewer convenience, the content is shown below in the alternative language. You may click the link to switch the active language.

Um passo a passo bem resumido:

  1. Abra a Central de Programas do Ubuntu
  2. Pesquise pelo termo “jre”
  3. Remova o “Runtime do OpenJDK Java 6”
  4. Instale o “Sun Java(TM) Runtime Enviroment (JRE) 6 (architecture independent files)” (pacote sun-java6-jre)
  5. Instale o “Java(TM) Plug-in, Java SE 6” (pacote sun-java6-plugin)
  6. Reinicie o Firefox e acesse o site do Santander
  7. Digite as informações de sua conta, clique no seu nome
  8. Siga o passo a passo para instalar o modulo de segurança do Banco.

Aqui funcionou 🙂 Um motivo a menos pra ter Windows na máquina.

Removing virus (badware) from WordPress e protecting your blog

Note: I’m not responsible for damage to your installation. Use these tips at your own risk:)

These days I have two wordpress sites infected with malware! I suffered a bit to clean the site and decided to share the tips here that I was joining the road.

Basically, viruses create a “backdoor” taking advantage of some security flaw or bug in your installation. With this backdoor created, the virus has direct access to your site even after the bug fix or upgrade the system. It is like as if the virus had established an ssh account on your server and could perform almost any command in there.

In one case, the bug that allowed the installation of the virus was a theme that uses a library called timthumb.php. I Found the failure in this link and follow the steps there to solve the problem. This virus is installed through the timthumb.php and creates a backdoor. Through the backdoor, other viruses have settled on the site. I’ve fixed the file timthumb.php to remove the possibility of a new invasion.

This virus inserted an iframe on the home page of the site, causing the visitor to be redirected to a site with malicious code. In my case it was an iframe to a site called wordpress-counter.com

Then I had to remove the backdoor before removing the iframe code generator, because when removing the iframe itself, it was introduced again after 15 minutes through the backdoor.

Follow the tips this post and discovered the backdoor in the file wp-config.php. After the end of the traditional code of WordPress, it has about 100 blank lines and then the malicious code.

Then follow the tips this other post to eliminate the iframe generators.

Finally, I froze the files of my WordPress instalation. I accessed the site root via SSH and perform the steps below (note that this will block you from WordPress to automatically update the latest versions of the Dashboard):

To protect folders:

 find. -type d -exec chmod 755 {} \; 

To protect files:

 find. -type f -exec chmod 644 {} \; 

To prevent other users to view data from your database, which is possible in some shared hosting:

 chmod 750 wp-config.php 

To prevent further attacks modify any file on your system (files less plugins and themes):

 chmod u-w -R *
chmod u+w -R wp-content

References

http://blog.sucuri.net/2011/08/timthumb-php-security-vulnerability-just-the-tip-of-the-iceberg.html
http://markmaunder.com/2011/08/01/zero-day-vulnerability-in-many-wordpress-themes/
http://cantonbecker.com/work/musings/2009/how-to-search-for-backdoors-in-a-hacked-wordpress-site/
http://blog.unmaskparasites.com/2011/03/02/versatile-cc-attacks/
http://codex.wordpress.org/Hardening_WordPress

Ubuntu 11.04 on Dell Vostro 3450 with Radeon 6330M – part 2

This post overwrites the tips I gave on this first one. On that post, the tip was start the laptop disabling a featured called “modeset”.

The problem is that disabling it makes the laptop slower and disable some other interesting features like GPU switching.

The second way I found, and the best one, is the following:

After the system is installed, press “e” when you get Grub screen when you boot it first time. A boot options editor will open and you should add the line below after the param quiet splash:

radeon.modeset=0

Press Crtl+X and the system will boot up.

After that, we need to block the automatic load of radeon module adding it to a blacklist. Open Gnome-terminal and type:

sudo gedit /etc/modprobe.d/blacklist.conf

In the end of the file, type:

blacklist radeon

Save it. After that, we need to make the system load the module in a second moment of the boot process. Type in gnome-terminal:

sudo gedit /etc/rc.local

After the line “# By default this script does nothing.” type this:

modprobe radeon
chown root:plugdev /sys/kernel/debug/vgaswitcheroo/switch
echo OFF > /sys/kernel/debug/vgaswitcheroo/switch
exit 0

Save the file e reboot the system. This may be sufficient to the system work out without disabling radeon modeser.

Your own database with geo located ip information

 

For those who wants to serve content based on viewers location, one good alternative is IP geolocalization, when the viewer or the aplication ins’t integrated with GPS.

There are some libs that we can use to geo locate viewers with IP information:

http://www.geoplugin.com
http://www.maxmind.com

Those applications doens’t offer 100% accurated information but they are a good start point. Let’s create our own Geo Database using MaxMind CityLite free Database.

First, download the CSV file from MaxMind Web Site:

http://www.maxmind.com/app/geolitecity

Then, we need to create 2 tables:

CREATE TABLE `geo_blocks` (
`id` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT,
`location_id` INT(10) UNSIGNED NOT NULL,
`ip_start` INT(10) UNSIGNED NOT NULL,
`ip_end` INT(10) UNSIGNED NOT NULL,
`index_geo` INT(10) UNSIGNED NOT NULL,
PRIMARY KEY (`id`),
INDEX `idx_start` (`ip_start`),
INDEX `idx_end` (`ip_end`),
INDEX `idx_geo` (`index_geo`)
);

CREATE TABLE `geoip`.`location` (
`locId` INT NOT NULL ,
`country` VARCHAR( 100 ) NOT NULL ,
`region` VARCHAR( 100 ) NOT NULL ,
`city` VARCHAR( 150 ) NOT NULL ,
`postalCode` VARCHAR( 20 ) NOT NULL ,
`latitude` VARCHAR( 10 ) NOT NULL ,
`longitude` VARCHAR( 10 ) NOT NULL ,
`metroCode` VARCHAR( 100 ) NOT NULL ,
`areaCode` VARCHAR( 100 ) NOT NULL ,
PRIMARY KEY ( `locId` )
) ENGINE = MYISAM ;

After that, you need to import the CSV files to the mysql:

load data local infile '/pathe/to/the/file/GeoLiteCity_20110802/GeoLiteCity-Blocks.csv'
into table geo_blocks
fields terminated by ',' enclosed by '"'
lines terminated by '\n' ignore 2 lines (ip_start, ip_end, location_id);

load data local infile '/pathe/to/the/file/GeoLiteCity_20110802/GeoLiteCity-Location.csv'
into table location
fields terminated by ',' enclosed by '"'
 lines terminated by '\n' ignore 2 lines (locId,country,region,city,postalCode,latitude,longitude,metroCode,areaCode) ;

That’s all, use it as you want 🙂

MaxMind has a small tutorial teaching how to use the CSV file also:
http://www.maxmind.com/app/csv