Let’s Encrypt Auto SSL on Web Host Manager CPanel Server

This blog post describes how to set up free SSL certificates on a Web Host Manager CPanel server. This requires root access to the server, if you don’t have access to this then you must ask your service provider to install it for you.

What is Let’s Encrypt?

Let’s Encrypt is in their own words “free, automated, and open Certificate Authority” providing free SSL certificates to anyone who wants to use their services. The only requirement to obtain a certificate from them is to prove you own the domain. This service is backed by some of the big web companies including Google and Facebook so has a large technical group behind it.

Many SSL certificate providers do this through a convoluted process of manually adding DNS records or replying to emails found via DNS. Instead of having to do this you confirm your ownership by the newly developed ACME protocol.

One of the ways you can verify your domain is using an ACME client such as certbot. I wont be using that today as I wanted an automatic solution that worked with the CPanel servers I manage.

Let’s Encrypt with CPanel

To automatically install SSL certificates  CPanel provide an AutoSSL facility. By default doesn’t provide Lets Encrypt SSL Certificates but they can be enabled easily enough.

If you log into your server as root you can install the Let’s Encrypt Auto SSL module by running the following command:

  1. /scripts/install_lets_encrypt_autossl_provider

Once you have run this CPanel should now let you select Let’s Encrypt as your Auto SSL provider!

The developers of CPanel are testing this and is likely to be rolled out in the future. However at the moment you need to install it manually. More information can be found in their blog post.

BIGINT Overflow Error Based SQL Injection

In MySQL 5.5+ you can abuse a new feature with BIGINT values. This involves a problem called integer rollover and your ability to run arbitrary SQL.

The problem of integer rollover

Integer rollover happens when a number is too big or small and is made bigger/smaller.

In the case where the number is the highest possible stored value adding to it makes it larger and it becomes as small as it can. Similarly when the number is too small and it has something subtracted from it it becomes very large.

This is down to how the number is represented in binary where it tries to make the value bigger/smaller and it “rolls over”. This is typically undesired behavior but in many languages this happens silently. Previously this was something you checked for manually however newer languages are starting to check and raise errors for this.

How MySQL is affected by this

Now in MySQL versions 5.5 or later instead of silently wrapping around it will raise an error and fail. This is considered better than silently making your number radically different.

 

If the website displays the mysql error directly, it will report back the result of the query that caused the rollaround. If a site incorrectly does this and allows unsanitized input to be sent to the database this allows you to craft a query and view the results.

By creating a subquery for the request and guessing table names you can pull out any data in the database. Worse is that this works for the information schema so you are able to get the data you need by querying this. Having full access to the database can mean that you can then download sensitive information.

Fixing this exploit

Here the exploit is stopped by properly escaping user input which is something that many websites still forget to do. In addition since this requires viewing the data in the returned error turning off error reporting would stop this bug, but not stop the ability to insert data via a subquery. Even in the case that the error is not shown back, being able to insert data may allow privilege escalation.

The full exploit including example code is available online and includes example code and the full explanation. This is another example of why is it critically important to sanitize input from users.

RIP Terry Pratchett – Long shall you live on in the Clacks

In one of his books:

The Hour of the Dead was when men died. And when a man died, they sent him home by clacks. Moist’s mouth dropped open. ‘Huh?’

‘That’s what they call it,’ said Harry. ‘Not lit’rally, o’ course. But they send his name from one end of the Trunk to the other, ending up at the tower nearest his home.’

‘Yeah, but they say sometimes the person stays on in the towers, somehow,’ said Jim.’ “Living in the Overhead”, they call it.’

Sir Terry will always live on in the overhead of reddit.

A lot of what travelled on the Grand Trunk was called the Overhead. It was instructions to towers, reports, messages about messages, even chatter between operators, although this was strictly forbidden these days. It was all in code. It was very rare you got Plain in the Overhead. But now . . . ‘There it goes again,’ she said. ‘It must be wrong. It’s got no origin code and no address. It’s Overhead, but it’s in Plain.’ On the other side of the tower, sitting in a seat facing the opposite direction because he was operating the up-line, was Roger, who was seventeen and already working for his tower-master certificate. His hand didn’t stop moving as he said: ‘What did it say?’

‘There was GNU, and I know that’s a code, and then just a name. It was John Dearheart. Was it a—’

‘You sent it on?’ said Grandad. Grandad had been hunched in the corner, repairing a shutter box in this cramped shed halfway up the tower. Grandad was the tower-master and had been everywhere and knew everything. Everyone called him Grandad. He was twenty-six. He was always doing something in the tower when she was working the line, even though there was always a boy in the other chair. She didn’t work out why until later. ‘Yes, because it was a G code,’ said Princess. ‘Then you did right. Don’t worry about it.’

‘Yes, but I’ve sent that name before. Several times. Upline and downline. Just a name, no message or anything!’ She had a sense that something was wrong, but she went on: ‘I know a U at the end means it has to be turned round at the end of the line, and an N means Not Logged.’ This was showing off, but she’d spent hours reading the cypher book. ‘So it’s just a name, going up and down all the time! Where’s the sense in that?’ Something was really wrong. Roger was still working his line, but he was staring ahead with a thunderous expression. Then Grandad said: ‘Very clever, Princess. You’re dead right.’

‘Hah!’ said Roger. ‘I’m sorry if I did something wrong,’ said the girl meekly. ‘I just thought it was strange. Who’s John Dearheart?’

‘He . . . fell off a tower,’ said Grandad. ‘Hah!’ said Roger, working his shutters as if he suddenly hated them. ‘He’s dead?’ said Princess. ‘Well, some people say—’ Roger began. ‘Roger!’ snapped Grandad. It sounded like a warning. ‘I know about Sending Home,’ said Princess. ‘And I know the souls of dead linesmen stay on the Trunk.’

‘Who told you that?’ said Grandad. Princess was bright enough to know that someone would get into trouble if she was too specific. ‘Oh, I just heard it,’ she said airily. ‘Somewhere.’

‘Someone was trying to scare you,’ said Grandad, looking at Roger’s reddening ears. It hadn’t sounded scary to Princess. If you had to be dead, it seemed a lot better to spend your time flying between the towers than lying underground. But she was bright enough, too, to know when to drop a subject. It was Grandad who spoke next, after a long pause broken only by the squeaking of the new shutter bars. When he did speak, it was as if something was on his mind. ‘We keep that name moving in the Overhead,’ he said, and it seemed to Princess that the wind in the shutter arrays above her blew more forlornly, and the everlasting clicking of the shutters grew more urgent. ‘He’d never have wanted to go home. He was a real linesman. His name is in the code, in the wind in the rigging and the shutters. Haven’t you ever heard the saying “A man’s not dead while his name is still spoken”?’

GNU Terry Pratchett

All webservers under my control return this header now, You can too with http://www.gnuterrypratchett.com/

Choose an open source licence

I was trying to find an open source licence that would fit my purpose for my Trend Analyser project. After some googling I found a wonderful website “Choose a Licence

This showed specifically what each main licence does and gave templates to use. It made it easier than reading through and trying to understand all the legal terms.

In the end I choose a MIT licence for Trend Analyser because I wanted anyone to be able to use or sell the modified code and only wanted a licence that covered me and allowed attribution.

Using Nvidia Optimus on Fedora

If your computer is recent and has an i3/i5/i7 intel core and a Nvidia graphics card it likely uses Optimus technology. This smart piece of software turns off the power-hungry Nvidia graphics card and runs most programs on the integrated intel graphics chip. In laptops this can save a lot of power. However this solution is only available in windows 7 upwards.

The problem occurs when you are using an operating system that doesn’t support this, as in most cases both cards will run all the time, causing major battery drain. On laptops this can severely shorten the battery life.

However there is a solution to this called bumblebee. This piece of software aims to offer similar technology in Linux-based machines. I found many tutorials on how to install it and work and ended up reinstalling fedora (17 at the time) several times.

However, I found a post from the NC State University Technical Staff Exchange on how to install bumblebee for Fedora and Redhat based distributions. I used this before to install on Fedora 17 and now just today on Fedora 18. Previously I was having a lot of issues getting it to work on Fedora 18 and according to them “nouveau drivers do not work on fedora 18 at this time” which after following their guide and installing the Nvidia ones it started to work.

If you are running a laptop with a new intel core and Nvidia graphics card and are getting poor battery life, I suggest you looking into seeing if you have Optimus technology in your laptop, and if so try this.

However, there is a warning, you will be messing around with your display drivers which could cause your system to not be able to display any GUI. Back up everything before trying this.

As usual, if you have any questions, it worked for you or you have something to add to my post, leave a comment!

XFCE Application Menu Icons Missing

After i installed Fedora 18 XFCE i found that it by default doesnt show the icons on the application menu.

I normally navigate it by checking the images and not reading the words, so this inconvenienced me. On checking the properties I found that “Show icons in menu” was checked but it did not seem to work.

However a solution was suggested, and after running it and logging out and in, it worked.

Run this, then restart (or maybe just logout) and it should be fixed next time you login

gconftool-2 --type boolean --set /desktop/gnome/interface/buttons_have_icons true
gconftool-2 --type boolean --set /desktop/gnome/interface/menus_have_icons true

Leave a comment stating your linux distribution and setup if it worked or ask for any help in the comments.