Disable directory browsing in CentOs 6.4 apache/httpd

How to Disable directory browsing in apache httpd.conf ?

Answer: Actually you are totally right that you wish to disable this feature. One of the “must do’s” on setting a secure apache web server is to disable directory browsing. Usually apache comes with this feature enabled but its always a good idea to get it disabled unless you really need it.

First of all find where is the main apache’s config file httpd.conf is located. If you use Debian, it should be here: /etc/apache/httpd.conf. Using some file editor like Vim or Nano open this file and find the line that looks as follows:

Options Includes Indexes FollowSymLinks MultiViews

then remove word Indexes and save the file. The line should look like this one:

Options Includes FollowSymLinks MultiViews

for the subdomains:

To allow directory browsing for sub-domains and blocked in the main domain as become as follow.
Options Includes FollowSymLinks MultiViews
<VirtualHost *:80>
DocumentRoot "/var/www/downloads"
ServerName downloads.facebook.com
ErrorLog "logs/facebook"
CustomLog "logs/facebook_custom" common
<Directory "/var/www/downloads">
allow from all
Options +Indexes
</Directory>
</VirtualHost>

If no file from the DirectoryIndex directive can be located in the directory, then mod_autoindex can generate a listing of the directory contents. This is turned on and off using the Options directive. For example, to turn on directory listings for a particular directory, you can use:

<Directory /usr/local/apache2/htdocs/listme>
  Options +Indexes
</Directory>

To prevent directory listings (for security purposes, for example), you should remove the Indexes keyword from every Options directive in your configuration file. Or to prevent them only for a single directory, you can use:

<Directory /usr/local/apache2/htdocs/dontlistme>
  Options -Indexes
</Directory>

CentOS 6.4 Create FTP Users

How to Create FTP Users in CentOs 6.4?

- Add a user called "bira"

# useradd bira

Add a password for the user "bira"

# passwd bira (Enter)

New password: (enter your password)

Retype new password: (enter the same password again)

passwd: all authentication tokens updated successfully.

Now give the directory access for the user.

Change the ownership for the "html" directory 

# chown bira /var/www/html

Change the group for this "html" directory .

#chgrp bira /var/www/html

list the directories and check
# ls -l
drwxr-xr-x. 3 bira bira 4096 Nov 21 13:23 html

Finally re-start the vsfptd server.
# service vsftpd restart

All done! just trying to connect with your FileZilla ftp client.

if not:

Do you have SELinux enabled?

To check: # sestatus

If SELinuxstatus = on & Current mode = enforcing, it's all enabled... 

so lets turn it to permissive mode.

Permissive mode: # setenforce 0

Check sestatus again, and it should be Current mode = permissive. This basically leaves SELinux on, but in a log only manner.

All done! just trying to connect with your FileZilla ftp client.

If you still having issues please let me know my self.

“Denied access” problem when using Wamp server 2 on Windows 8

“Denied access” problem when  using Wamp server 2 on Windows 8

First, open the httpd.conf file of your apache version by a text editor such as Notepad or Notepad++. It’s usually located at \wamp\bin\apache\<your apache version>\conf\httpd.conf or you can use the quick menu of Wamp manager to open it. Find these snippet before modify it:

# First, we configure the "default" to be a very restrictive set of 
# features.  
#
<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
</Directory>

Replace the Deny from all with Allow from all and save the file.We have not finished yet. Find another snippet:

#   onlineoffline tag - don't remove
    Order Deny,Allow
    Deny from all
    Allow from 127.0.0.1

Replace Deny from all with Allow from all again. The localhost runs correctly now.After do all above thing, I believe that you can locate to localhost and your local web project with your browser. However, if you navigate to http://localhost/phpmyadmin, you will continue getting the Forbidden error. The reason is you did not modify the alias configuration file to allow access from your localhost. Let open this file by using Wamp manager or finding it in \wamp\alias\phpmyadmin.conf, find this snippet

<Directory "c:/wamp/apps/phpmyadmin3.4.10.1/">
    Options Indexes FollowSymLinks MultiViews
    AllowOverride all
        Order Deny,Allow
    Deny from all
    Allow from 127.0.0.1
</Directory>


Change Allow from 127.0.0.1 to Allow from ::1 or you can do as above, change Deny from all into Allow from all. Now, that’s all.

FileZilla - Disable the password autosave feature

To disable this feature under FileZilla: 

1. Click on the "Edit" menu > Settings > Interface
2. In the "Behaviour" section, check "Do not save passwords".
3. Click on OK to validate.

CentOS 6.x make visible .htaccess file on ftp / vsftpd

Server OS: Centos 5.x / VSFTPD

Client: Windows 7 /Filezilla

You have uploaded an .htaccess file to your FTP space. You click refresh and the file disappears. Do not worry. The file is there – it is simply not displaying as it is classed as a hidden file. If you have shell access then SSH to your server and run:

 ls -a

You should see the file listed.
In this scenario, to see the hidden files via your FTP client edit the vsftpd.conf file:

 vi /etc/vsftpd/vsftpd.conf

And add the following line force_dot_files=YES
Dont forget to restart the FTP service! /sbin/service vsftpd restart

CentOS 6.4 VSFTP Problem - 553 Could not create file

Do you have SELinux enabled?

To check: sestatus

If SELinuxstatus = on & Current mode = enforcing, it's all enabled... so lets turn it to permissive mode.

Permissive mode: setenforce 0

Check sestatus again, and it should be Current mode = permissive. This basically leaves SELinux on, but in a log only manner.

With selinux in permissive mode, try your FTP things again, and see if the problems have magically gone away. If they have, you have issues with SELinux. Check /var/log/audit for reasons. Best thing to do is clear the log files, do your FTP thing, then check the logs as they'll then only contain what's related to your FTP issue.

If SELinux is to blame, there's a few SELinux booleans worth looking at.

Best start is: getsebool -a | grep ftp

You'll see something like

allow_ftpd_anon_write --> off

allow_ftpd_full_access --> on

allow_ftpd_use_cifs --> off

allow_ftpd_use_nfs --> off

ftp_home_dir --> on

ftpd_connect_db --> off

httpd_enable_ftp_server --> off

tftp_anon_write --> off

Not all of these are relevant to vsftpd, for example the httpd_enable_ftp_server is for Apache running FTP, and tftp_anon_write is for tftpd. I'd start with:

setsebool -P allow_ftpd_full_access on

setsebool -P ftp_home_dir on

The first one of allow_ftpd_anon_write is needed if you want every joe blow out there to be able to upload files to the anonymous folder... seriously discourage you doing that, unless it's internal only. If this is publicly accessibly, it will be found and it will be abused.

Next you'll need to make sure that the home folders have the right settings enabled.

Check policy bits: ls -alZ /home

Chances are if you just created the home folders they have the wrong settings, so you can just reset them as follows:

First run it to see what it'll change, but without it changing anything: restorecon -nvvr /home

-n = don't do anything, report only

-vv = very verbose

-r = recursive (do /home and everything under it)

You might want to run this on /home/udo, /home/ftp-docs and /home/ftpuser instead of all of /home

If you're happy with what it wants to do: restorecon -vvr /home

Same command with no -n, so it'll do it's actions.

Next stick SELinux back into enforcing mode:

setenforce 1

Check it is with sestatus (current mode = enforcing).

Try FTP again, and if it's broken once more check the audit logs to see what else is going on. Might be missing some settings, which you can sort out using chcon. Use -Z on various commands to work out what the current selinux policies in play are (ps -Z, ls -Z, and so on).

There's a few tools out there to turn the audit log into something more human readable, together with suggestions on what to do to fix it. Never used any of them so I can't speak much about them in anyway.

How to Close Apps iOS7

How to Close Apps

To close an app, just simply press the Home button to get back to the home screen. If the app is in a folder, you’ll have to press the Home button twice in order to get back to the home screen, since you have to travel back out through the folder before you can get to the home screen.

However, this doesn’t close out of the app all the way. Pressing the Home button to exit out of an app doesn’t completely close it out; it still stays running in the background, that way it’s still up and running if you ever want to go back in. To completely close an app, double-click on the Home button. This will bring up iOS 7′s new multitasking tray.

You can scroll through the multitasking tray horizontally and look at all the apps that are currently open. Each app includes a preview card and the app’s icon below it. To close out of an app, simply swipe the preview card of an app upward to completely close it.

New JQuery Live Notations

Jquery recently change the notations for the new versions, please find the new jquery live function notations bellow.

Old Jquery Live 

$("a.offsite").live("click", function(){ alert("Goodbye!"); }); // jQuery 1.3+ $(document).delegate("a.offsite", "click", function(){ alert("Goodbye!"); }); // jQuery 1.4.3+ $(document).on("click", "a.offsite", function(){ alert("Goodbye!"); });

New Jquery Live

$(function(){
    $(document).on('click', '.sm2_expander', function(){
        alert('bye');
        $(this).parent().parent().toggleClass('sm2_liOpen').toggleClass('sm2_d');
    })
})




$(function(){
    $(document).on('click', '.sm2_expander', function(){
        $(this).closest('li').toggleClass('sm2_liOpen sm2_liClosed');
    })
})

If you have any questions just comment bellow.

Cool Pure CSS buttons free

• naji 1 52
• BUTTON
  ensaktas 1 224
• button
  haibnu 2 267
• ReButton
  button
  virturex 1 451
• button
  kodbilenadam 1 367
• button
  sercandanaci 2 406
• BUTTON
  oceangray 4 650
• button
  sirzataytac 1 624
• button
  bulutuzer 1 581
• button
  keremzor 1 515
• ReButton
  button
  sirzataytac 1 523
• button
  panstable 3 730
• button
  fkadev 2 1710
• button
  oceangray 2 580
• button
  hasanyasar 4 640
• button
  hsnayd 4 590
• button
  rssems 8 1307
• button
  sefatarik 2 567

• 1
• 2
• 3

More Buttons
http://buttono.com/

Cross-Site Scripting (XSS) Protection

<?php
session_start();// SNIPif($_POST['sent'] && $_SESSION['form']) {
  if(hash_hmac('sha1', $_SERVER['REMOTE_ADDR'], $_SESSION['form']['nonce']) == $_POST['sent']) {
    if(time() - $_POST['form']['birth'] > 2) {
      // Proceed
    } else {
      // Lifetime:  than 3 seconds. Most likely spam.
    }
  } else {
    // Cross-Site Scripting / Cross Site Request Forgery
  }
} else {
  $_SESSION['form'] = array(
    'nonce' => openssl_random_pseudo_bytes(32),
    'birth' => time()
  );
  ?>  <form method="post">
  <!-- snip -->
  <input type="hidden" name="sent" value="<?=hash_hmac('sha1', $_SERVER['REMOTE_ADDR'], $_SESSION['form']['nonce']); ?>" />
  <input type="submit" />
  </form>
  <?php}?>

This code skeleton above does two things:

1. Securely requires that the form be displayed for > 2 seconds before being submitted.

2. Stops XSS/CSRF attacks by using cryptographic signatures