Fix nss-softokn rpm/yum issue in CentOS 6

The recent update to nss-softokn breaks rpm/yum updates in CentOS 6.

To restore functionality run these commands:

For 64-bit:

# wget http://mirror.centos.org/centos/6/updates/x86_64/Packages/nss-softokn-freebl-3.14.3-19.el6_6.x86_64.rpm
# rpm2cpio nss-softokn-freebl-3.14.3-19.el6_6.x86_64.rpm | cpio -idmv
# cd lib64
# cp libfreeblpriv3.* /lib64
# yum update

For 32-bit:

# wget http://mirror.centos.org/centos/6/updates/i386/Packages/nss-softokn-freebl-3.14.3-19.el6_6.i686.rpm
# rpm2cpio nss-softokn-freebl-3.14.3-19.el6_6.i686.rpm | cpio -idmv
# cd lib
# cp libfreeblpriv3.* /lib
# yum update

Backing up your phone with MyBackup and Dropbox

MyBackup Pro from Rerware can be a very useful app to back up your phone – or transfer data between phones.

I set it up to backup my Android phone on a nightly basis, but more often than not it fails to connect to their server and cannot upload the backup.

I paid for the Pro version and I have 100MB of their online storage, but if I lose my phone and it has failed to backup online then it is suddenly completely pointless as a backup program.

So my solution is to take their servers out of the equation – backup locally and then sync that backup to my Dropbox account. This has the added benefit of allowing me much more space for my backups than 100MB (sorry Rerware, I’d pay more for your storage space if I could actually use it consistently).

The Dropbox app is already installed and linked to my phone, but it doesn’t support syncing. There is an app called Dropsync that does exactly that – the free version is limited to files under 5MB and one synced folder, but that should be enough for most of your needs unless you are backing up app install files and larger videos.

Dropsync is available on Google Play here: https://play.google.com/store/apps/details?id=com.ttxapps.dropsync&hl=en

Install the app – it will use the official Dropbox app info to link up if that’s installed otherwise you will need to log in the first time to link it to your Dropbox.

Just set up a sync with your local folder as: /mnt/sdcard/rerware/MyBackup …and create a new MyBackup folder in your Dropbox to sync into (don’t sync into the same folder as other things or it will start download random files to your phone).

If you have the pro version you may also want to sync the folder DCIM (again into a separate folder) and I sync my WhatsApp folder as well – and exclude the pattern **/Thumbs.db to prevent errors in the logs.

My Dropsync settings: Enable Autosync checked, Autosync interval 12 hours (hopefully it is autosyncing so I don’t want to waste battery), Retry Delay 30 minutes, Instant Upload checked, Battery > 10%, Internet Connection Both WiFi and Mobile, Notifications both turned off.

Then set up your MyBackup backups to save locally and hey presto – local backups that actually work and are synced online!

Cover your Paypal fees

I just thought I’d share a formula I worked out a few years ago when a client asked me to make sure his Paypal website payments were covering the Paypal fees – so that he got the full amount he was asking for.

In the UK, Paypal standard fees are 3.4% plus 20p. So if we invoke the magic of algebra, where x is the total and y is the fee, we start with this:

x = (x+y)-(0.034*(x+y))-0.20

I won’t bother taking you through the workings out, but essentially it ends up like this:

y = (17x+100)/483

So if you take your original total (say £100), multiply it by 17 (£1700), then add 100 (£1800), then divide by 483 – you get the fee: £3.73 (rounded up).

To double-check that: £103.73 (total plus fee) times 0.034 plus 0.20 equals… £3.73 (rounded up) – so Paypal will take £3.73 off your £103.73 leaving you with the original figure.

Add custom fonts to WordPress TinyMCE editor with @font-face

The list of fonts in the WordPress visual editor is quite short. There are plugins available to increase it, but I wanted to add my own custom font to the select dropdown.

There’s no plugin hook for this, so it needs a little lateral thinking. Firstly, generate your webfont @font-face in the normal way – I use http://www.fontsquirrel.com/fontface/generator or http://www.font2web.com

Then add the css to your site stylesheet as normal, e.g.

@font-face {
font-family: 'CustomFont';
src: url('fonts/customfont-webfont.eot');
src: local('CustomFont'),
url('fonts/customfont-webfont.eot?iefix') format('eot'),
url('fonts/customfont-webfont.woff') format('woff'),
url('fonts/customfont-webfont.ttf') format('truetype'),
url('fonts/customfont-webfont.svg#webfontnTz28sxq') format('svg');
font-weight: normal;
font-style: normal;
}

There is a plugin hook that adds a custom stylesheet (adding the code content_css: "stylesheet.css",), so we can use that to inject our own code by closing the quote marks first without entering a stylesheet (or you can if you want so that you can use the font in the editor) and then adding what we need, so add this into your theme’s functions.php:

function plugin_mce_addfont($mce_css) {
if (! empty($mce_css)) $mce_css .= ',';
$mce_css .= '",theme_advanced_fonts:"Custom Font=CustomFont,arial,helvetica,sans-serif';
return $mce_css;
}
add_filter('mce_css', 'plugin_mce_addfont');

So the first thing we do is close the double quotes and then leave off the final double quote in our code. This will only give you the one choice of font, however (with a browser backup to Arial etc. in case it doesn’t work).  The full list of fonts you originally had is in the file wp-includes/js/tinymce/themes/advanced/editor-template.js so we need to tack them on the end so that we can use all of them:

function plugin_mce_addfont($mce_css) {
if (! empty($mce_css)) $mce_css .= ',';
$mce_css .= '",theme_advanced_fonts:"Custom Font=CustomFont,arial,helvetica,sans-serif;Andale Mono=andale mono,times;Arial=arial,helvetica,sans-serif;Arial Black=arial black,avant garde;Book Antiqua=book antiqua,palatino;Comic Sans MS=comic sans ms,sans-serif;Courier New=courier new,courier;Georgia=georgia,palatino;Helvetica=helvetica;Impact=impact,chicago;Symbol=symbol;Tahoma=tahoma,arial,helvetica,sans-serif;Terminal=terminal,monaco;Times New Roman=times new roman,times;Trebuchet MS=trebuchet ms,geneva;Verdana=verdana,geneva;Webdings=webdings;Wingdings=wingdings,zapf dingbats';
return $mce_css;
}
add_filter('mce_css', 'plugin_mce_addfont');

Done.

Process email bounces with PHP

This is a quick script to process email bounces, for example from a mailing list so that users can be flagged up or unsubscribed when they have too many failures.

The actual bounce identification will be done by Chris Fortune’s Bounce Handler, which you can download from:
http://anti-spam-man.com/php_bouncehandler/

We require 3 files from that package:
bounce_driver.class.php
bounce_responses.php
rfc1893.error.codes.php

What this script does is get the bounced emails from a specified mailbox and counts up how many failed emails there are per email address – if the number is at least as many as your threshold value (called $delete), then (you insert your code to unsubscribe the email address or whatever etc. and) the bounced emails are then deleted. You can run the script as a cronjob or call from your mailing list script to tidy up subscriptions.

<?php

# define variables
$mail_box = '{mail.domain.com:143/novalidate-cert}'; //imap example
$mail_user = 'username'; //mail username
$mail_pass = 'password'; //mail password
$delete = '5'; //deletes emails with at least this number of failures

# connect to mailbox
$conn = imap_open ($mail_box, $mail_user, $mail_pass) or die(imap_last_error());
$num_msgs = imap_num_msg($conn);

# start bounce class
require_once('bounce_driver.class.php');
$bouncehandler = new Bouncehandler();

# get the failures
$email_addresses = array();
$delete_addresses = array();
  for ($n=1;$n<=$num_msgs;$n++) {
  $bounce = imap_fetchheader($conn, $n).imap_body($conn, $n); //entire message
  $multiArray = $bouncehandler->get_the_facts($bounce);
    if (!empty($multiArray[0]['action']) && !empty($multiArray[0]['status']) && !empty($multiArray[0]['recipient']) ) {
      if ($multiArray[0]['action']=='failed') {
      $email_addresses[$multiArray[0]['recipient']]++; //increment number of failures
      $delete_addresses[$multiArray[0]['recipient']][] = $n; //add message to delete array
      } //if delivery failed
    } //if passed parsing as bounce
  } //for loop

# process the failures
  foreach ($email_addresses as $key => $value) { //trim($key) is email address, $value is number of failures
    if ($value>=$delete) {
    /*
    do whatever you need to do here, e.g. unsubscribe email address
    */
    # mark for deletion
      foreach ($delete_addresses[$key] as $delnum) imap_delete($conn, $delnum);
    } //if failed more than $delete times
  } //foreach

# delete messages
imap_expunge($conn);

# close
imap_close($conn);

?>

Monitor server cpu resources with email notification

I thought I’d write a quick script to keep an eye on which processes/users are using too many cpu cycles on my CentOS server. This checks the usage over the previous 5 minutes and emails a detailed list of cpu-hungry processes if it’s over the defined limit. Run it from cron to keep an eye on those resources:

#!/bin/bash
CPU_LIMIT="10" # relevant to number of cores, so quad-core at capacity is 4
EMAIL="your@email.com"
  if [ $(echo "$(cat /proc/loadavg | cut -d " " -f 2) >= $CPU_LIMIT" | bc) = 1 ]; then
ps ax --sort=-pcpu o user,pid,pcpu,pmem,vsz,rss,stat,time,comm | mail -s "CPU OVER LIMIT ON `hostname`" $EMAIL
  fi

That’s all folks!

Dovecot brute-force blocking with fail2ban

If you are getting any brute force attacks to your dovecot imap/pop3 server, install fail2ban to block the offenders. This works on CentOs 5.7. For other distributions, see the relevant websites.

Firstly, install fail2ban. You should have the rpmforge repo from my previous post. Enable it first to install fail2ban:

# cd /etc/yum.repos.d/
# vi rpmforge.repo

Change it to enabled = 1 and save

Then it’s simple:

# yum install fail2ban

After installation I recommend disabling the repo. Edit the file and change to enabled = 0

Then make sure the service starts up:

# chkconfig --add fail2ban
# chkconfig fail2ban on
# service fail2ban start

Create a new filter file for your dovecot:

# vi /etc/fail2ban/filter.d/dovecot-pop3imap.conf

Paste in the following definition:

[Definition]
failregex = pam.*dovecot.*(?:authentication failure).*rhost=(?:::f{4,6}:)?(?P<host>\S*)
ignoreregex =

Then add the new information to the main config file:

# vi /etc/fail2ban/jail.conf

At the end, add the following:

[dovecot-pop3imap]
enabled = true
filter = dovecot-pop3imap
action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
# optional mail notification
# mail[name=dovecot-pop3imap, dest=root@domain]
# see /etc/fail2ban/action.d/ or Fail2Ban doc
logpath = /var/log/secure
maxretry = 20
findtime = 1200
bantime = 1200

That’s it!