Tag Archives: IIS

WordPress 4.x auto updates under windows

If you want your WordPress install to do auto-updates (in a Windows Server based hosting setup), you need to do one simple step.

 

Edit the hosts file.

Put a local IP in there for the domain name of the site.

Save the changes.

 

Example:

10.5.5.5  www.whatever-the-site-is.com

Re-log into WordPress and go to dashboard-updates and in there it should tell you “future updates will be automatically applied”

Why is all of this needed?  WordPress uses PHP CRON and that is reliant on the server being able to find the local website.  Therefore it is necessary to put a hard-coded IP in the hosts file so the CRON job can “see” the wordpress site.  Without the hosts entry the website will resolve to the external IP of the site, and you will have an unreachable IP issue and auto-update won’t work.

Proper FTP setup via IIS using Passive FTP

Since PASSIVE FTP seems to be a relative standard (that I experience), and since most clients don’t understand or want to use “ACTIVE” FTP, here is the easy way to configure your firewall and FTP software on an IIS machine to permit PASSIVE FTP.

Firewall Setup

You’ll need two rules and one “one to one” NAT mapping (this may vary a bit due to your firewall software).

The one to one NAT mapping needs to map the external IP address to the internal IP of the server.  Such as “66.33.123.21” mapped to “10.1.1.21”

One rule to allow the world into TCP port 21, mapped to the specific server in question.  (Allow * from ANY to 10.1.1.21 TCP port 21).

Second rule, specifically for PASSIVE FTP.  Allow * from ANY to 10.1.1.21 on ports range 50000 to 50100.

FTP Server Setup

We normally use Filezilla Server (latest version, of course).

Add a user and setup the standard settings.

Passive settings are as follows (below).

Most importantly, the “X.X.X.X” area below is your PUBLIC IP that is mapped through your firewall.

Click OK and save the settings.

FTP1

 

FTP Client Settings

Nothing fancy here, just check to make sure the settings look like this:

FTP2

Throttling bandwidth on an IIS based site

If you need to throttle (or limit) the amount of bandwidth a specific site on Microsoft Server — this is for you.  This should work with any Microsoft Server OS from 2008 to present. Open IIS. Go to the specific site in question (in the tree to left expand and click on the specific site name).

on the right side panel, click Configure — Limits.

Check “limit bandwidth usage” and type in a number.

Click OK.

limits

eXtplorer does not allow login under PHP 5.6 and IIS Windows Server

Have you deployed out eXtplorer and received this error:

PHP Deprecated:  Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context in X:\XXXXXX\WWW.AAAAA.com\www\libraries\JSON.php on line 828

it’s an easy fix.

edit the file

X:\XXXXXX\WWW.AAAAA.com\www\libraries\pear.php

edit line 247

change this:

function isError($data, $code = null)

to this:

static function isError($data, $code = null)

How to prep a Windows 2012 R2 Update 1 server for PHP / WordPress

1) Presuming you have already loaded the OS onto the machine (whether virtual or physical)
2) Join the machine to your business domain
3) windows updates
4) reboot
5) windows updates (again until no more updates)
6) configure role -> Web server and under Application Development, pick .NET Extensibility 3.5
7) once that is complete, run windows updates again
8) probably you’ll need to reboot
9) check windows updates ONE MORE TIME
10) install the Web Platform Installer (version 5.0 as of this post), from here: http://www.microsoft.com/web/downloads/platform.aspx
11) after the WPI is installed, run it and choose the following: PHP 5.6.0 (or later), Windows Cache Extension 1.3 for PHP 5.6, PHP Manager for IIS
12) install those programs, when complete, open the IIS manager
13) verify that you see the following: URL Rewrite, PHP Manager under the main server features panel
14) download the latest version of PHP. (for me, it was 5.6.3)
15) unzip and move it to a new folder under “Program Files (x86)”\PHP\ called v5.6.3 (you should see v5.6 in there).
16) Make a folder called PHP-TEMP on the C:\ root
17) Give it the following permissions, IUSR and IIS_IUSRS to full control
18) Go to the PHP manager and register the new version
19) in the PHP manager, go to Manage all Settings and update the following:
Error Log -> PHP-TEMP directory
Memory_limit = 512mb
Post_Max_size = 10M
upload_max_filesize = 10M
upload_tmp_dir -> PHP-TEMP directory
SMTP->your internal email server IP
session.save_path -> PHP-TEMP directory
==
20) stop the default site
21) create your new site
22) make sure a static IP is assigned to the server for step 21
23) make sure firewall rules are in place to permit traffic to that IP
24) move or deploy the new wordpress site
25) adjust IIS settings-> Logging location and daily roll over, URL Rewrite rules for domain name and wordpress
26) you should have a web.config file from a previous (working) wordpress install. Use that for the above two things.

>more to come<

ASPMAKER v11 Image Resizer not working under IIS

If you are using ASPMAKER by HKVSTORE to build web admin interfaces, and you’ve arrived at this page, it’s likely because the Image Resizer ASP.NET add-on is not working for you.

Does this look familiar to you?

Warning: ASP.NET 2.0 or later is required but ASP.NET script is not executed properly on this server:

see this screenshot:2014-07-08_15-47-49Here is the solution to the issue.

  1. You need to have a HOSTS file entry on the server that will allow the server to resolve the domain name for the website you are using ASPMAKER and the Image Resizer on.  This is because the ASP.NET resizer uses MSXML2.ServerXMLHTTP to locally fetch and resize the image.  If there is no HOSTS file entry on the local server, there is no way for the resizer to work.
  2. Open the HOSTS file and add an entry like this
  3.  X.X.X.X   your.domain.name
  4.  Make sure the upload folder is set properly in ASPMAKER here:file temp
  5.  This path will be relative to the folder you have deployed the ASPMAKER files to on the server.  For example, if the ASPMAKER files are in the directory /123/ then the upload folder (pictured above) will be /123/upload-temp/
  6. set the permissions properly on the /upload-temp/ folder.  this means adding machinename\IUSR and granting full control.
  7. Inside ASPMAKER, make sure the destination folder is correct. Note I had to use “../” to get ASPMAKER to upload to the correct path off the root.  It is NOT necessary to grant this folder any special permissions.correct-path
  8. Make sure the base site itself has a valid application pool assigned.  Here’s what mine looks like (It is not necessary to have an application for the subdirectory where the ASPMAKER app). app
  9. NOTE: depending on your setup, it may be necessary to set the .NET CLR version to v.2.X above.  (I HAD TO USE v.2.X for my setup…)
  10. Adjust the maximum file upload size in ASP.  ASP->Limits Properties ->Maximum Requesting Entity Body Limit.  The default value is 200,000 (200000) which is 200,000 bytes.  I upped mine to 20,000,000 (leave out the commas here).
  11. Launch the ASPMAKER web admin and try uploading an image.  The above should take care of all the issues.

Let me know if this saves you a headache!

 

 

Permission denied error dealing with Classic ASP loadpicture

To solve the following error, which is generated by the loadpicture object

Microsoft VBScript runtime error ‘800a0046’
Permission denied: ‘loadpicture’

set myImg = loadpicture(“C:\aaa\asdf.jpg”)

==

The solution is to simply add this permission as full control

servername\IUSR

to the directory in which this object is going to work…

Problem with PHP mailer sending mail – Result: delayed, Status: 4.1.1 452 4.1.1 requested action aborted: try again later – GL/GL

If you see this type of message logged in your outbound mail logs, and your clients are unable to get email delivered to their domain, then I may have the s0lution for you.

In our particular scenario, we have a PHP site running WordPress and the email server is located with IPOWER.  So the website needs to be able to send email from our data center into the IPOWER data center, but in our case the emails were getting bounced due to this error below.  (VERY NON-DESCRIPT!).

Result: delayed, Status: 4.1.1 452 4.1.1 absc@asdasdasd.com requested action aborted: try again later – GL/GL

in your BOUNCE BACK emails, you may find something like this:

X-PHP-Originating-Script: 0:class-phpmailer.php

X-Mailer: PHPMailer 5.1 (phpmailer.sourceforge.net)

In our case, the recipient domain was hosted at IPOWER web.  To solve this issue, we logged into the IPOWER control panel, went to spam settings:

http://www.ipower.com/controlpanel/spamfilter.bml

and went to the WHITELIST and whitelisted our email server’s IP address.  Saved the changes and re-tried sending the email on the PHP (wordpress) site.

Worked immediately.

 

How to get IIS 7.5 web server to pass the BEAST PCI vulnerability compliance scans

If your e-commerce website keeps flunking PCI vulnerability complaince scans with the following error:

BEAST (Browser Exploit Against SSL/TLS) Vulnerability, CVE-2011-3389

and you are running Microsoft Server 2008 R2, I can help you.

If you aren’t on Windows Server 2008 R2, there is no known way to pass this test short of upgrading your server to W2K8R2 and doing the following steps.

This is the exact vulnerability as reported (in our case, by Trustkeeper):

BEAST (Browser Exploit Against SSL/TLS) Vulnerability The SSL protocol encrypts data by using CBC mode with chained initialization vectors. This allows an attacker, which is has gotten access to an HTTPS session via man-in-the-middle (MITM) attacks or other means, to obtain plain text HTTP headers via a blockwise chosen-boundary attack (BCBA) in conjunction with Javascript code that uses the HTML5 WebSocket API, the Java URLConnection API, or the Silverlight WebClient API. This vulnerability is more commonly referred to as Browser Exploit Against SSL/TLS or “BEAST”.

CVE: CVE-2011-3389

NVD: CVE-2011-3389

Bugtraq: 49778

CVSSv2: AV:N/AC:M/Au:N/C:P/I:N/A:N(4.30)

This is the remediation (as stated by Trustkeeper):

Affected users should disable all block-based cipher suites in the server’s SSL configuration and only support RC4 ciphers, which are not vulnerable to fully address this vulnerability. This vulnerability was addressed in TLS version 1.1/1.2, however, support for these newer TLS versions is not widely supported at the time of this writing, making it difficult to disable earlier versions.

Additionally, affected users can also configure SSL to prefer RC4 ciphers over block-based ciphers to limit, but not eliminate, exposure. Affected users that implement prioritization techniques for mitigation as described above should appeal this vulnerability and include details of the SSL configuration.

Here is the evidence (as stated by TrustKeeper):

Service: http
Evidence:
Cipher Suite: SSLv3 : DES-CBC3-SHA
Cipher Suite: SSLv3 : RC4-SHA
Cipher Suite: SSLv3 : RC4-MD5
Cipher Suite: TLSv1 : AES256-SHA
Cipher Suite: TLSv1 : AES128-SHA
Cipher Suite: TLSv1 : DES-CBC3-SHA
Cipher Suite: TLSv1 : RC4-SHA
Cipher Suite: TLSv1 : RC4-MD5

That isn’t much help, of course.

Ok, here is how to solve this.  And you don’t even need REGEDIT!

  1. Make sure your website is on a Windows 2008 R2 server, with a valid SSL certificate.
  2. Download the following FREE – and FANTASTIC program to your web server.
    1. https://www.nartac.com/Products/IISCrypto/Default.aspx
  3. Run the program on your web server.  Please be logged in as full admin, and remote desktop is fine.
  4. Start by clicking the PCI button, then make all your settings look like below:
    1. pci
  5. In some cases you might have a few more listing under SSL Cipher Suite order.  Here is a screenshot from a second server (below).  The settings below are also perfectly fine:
    1. pci2
  6. In all cases – MAKE YOUR SETTINGS JUST LIKE ABOVE – and your site should always pass the BEAST test.
    1. IT IS CRITICAL that you have ONLY the CIPHERS selected in the above two screenshots, and the TOPMOST TWO in THIS SPECIFIC ORDER.
  7. apply the changes
  8. Restart the server.
  9. once the server is back up and running, go to the website below:
    1. https://www.ssllabs.com/ssltest/index.html
  10. Allow the test to complete.  The test will tell you if the site passes all the tests and is BEAST compliant, and it will give you a score for your website.  The website we tested scored 89 which is an “A”.

Hopefully this will help shortcut this process for some of you. I literally spent hours working this solution out.

 

 

How to migrate MYSQL to a new Windows server

Here is the easiest process that I know of for migrating (and upgrading) from one version of MYSQL running on Windows server, to a new Windows server.

  1. Setup the new Windows server, give it a fixed IP address (we’ll change that later to be at the same IP as the old server).
  2. Run all Windows updates
  3. Install IIS 7.5 (in our example, we were on W2K8 R2 Standard) and take all defaults.
  4. Go to Google and search for MICROSOFT PLATFORM INSTALLER, go to that Microsoft site, and run the installer.  The current version as of this post was 4.0RC
  5. in the MPI, search for PHP and install PHP.  Allow it to take any extras it chooses, hit next and install those items.
  6. Now that PHP is installed, launch the IIS 7.5 manager, stop the default site and setup a new website that we’ll use to park PHPMYADMIN on.
  7. Go download the latest version of PHPMYADMIN.
  8. extract it to your website directory into the /phpmyadmin/ directory.
  9. you should now be able to access the PHPMYADMIN site via http://localhost/phpmyadmin/
  10. Download and install the latest MSI installer download (of the x64 version if you have an x64 server)
  11. Install MYSQL
  12. Run the configuration wizard and complete the standard setup.  In our case we used a dedicated MYSQL server, set a new password for the admin account and pretty much took all defaults.
  13. At this pount we just need to migrate the data over from the old server to the new server.
  14. Make sure you have MYSQL Workbench installed to do this (under windows).  Current version is 5.2.30 CE.
  15. Under “Server Administration” you need to setup one connection for the old (current server) and one for the new one.
  16. Connect to the old server.
  17. Click Data Export.
  18. Export out ALL databases to one SQL file.  This may take some time depending on the speed of your internet connection.
  19. when this is complete, go check the file to make sure it is (relatively) large depending on the number of databases that you exported out.  MAKE SURE you export out the MYSQL database as well as all databases.
  20. Connect to the new server.
  21. Do a DATA IMPORT/RESTORE and load the SQL file you just exported
  22. Start the import.  Again, this may take some time to complete.
  23. When complete, the new machine is now a clone of the old machine.
  24. Shut down the old server.
  25. Change the IP on the new server to the IP of the old server.  Reboot (just to be sure).
  26. Once the new server is rebooted and it is at the “old IP” any of your sites that connect to MYSQL should now be working once again just as if they were connecting to the old server.

I hope this helps anyone who is in need of migrating/upgrading their Windows-based MYSQL install.

 

1 2