So I SSH’ed onto the box and opened up “crontab -e -ureportuser” where we store these kind of things. Then I started to think for a minute how I was going to go about this. I suddenly realised I wasn’t sure and turned to my trusty friend, Google.

Sigh, I don’t know what it was but Google was letting me down today. I wanted to find the most effective and neat way of doing this. I didn’t want to call some hacked up bash script, it had to be neat, easy and maintainable with no overhead calling additional scripts.

Why isn’t it straight forward? I simply want to run a report via cron on first Tuesday of the month. Darn, it could be a Monday, Wednesday, Thursday or any other day! Windows can do it easily, but who wants to use Windows for this kind of thing! Blah!

The closest I came up to was this:

5 9 1-7 * 2 /bin/email-report.sh

5 = minutes 0:05
9 = hour 9am
1-7 = calendar day 1 to 7, as the first Tue has to be in this range
* = month, all
2 = weekday Tue
/bin/email-report.sh = command

It looks fine on paper except for one thing. The 2 (Tuesday) weekday setting comes through as an OR and not an AND. So the report was running on every applicable Tuesday and the first seven days of the month. Drat! The client shouldn’t have gotten that report yet?

A colleague (Gavin – thanks bro!) however came up with a delightful solution that had me impressed. It’s neat, tidy, maintainable and no extra scripts – within all the rules.

5 9 * * 2 [ `date +\%d` -le 7 ] && /bin/email-report.sh

5 = minutes 0:05
9 = hour 9am
* = calendar day, all
* = month, all
2 = weekday Tue
[ `date +\%d` -le 7 ] && /bin/email-report.sh = command

How does this work? [ `date +%d` -le 7 ] && forms a conditional statement in bash that will return an exit code based on whether the condition is true or false. In the condition is true the report gets run. Note that when we add this to a crontab entry, the % will need to be delimited with a backslash (\).

Broken down, the backquotes or backticks indicate command substitution, meaning the contents will be evaluated in bash. `date +%d` will evaluate into calling of the date command with the attribute +%d – which will return the current numeric day of the month (e.g. 03).

The remainder of the conditional statement (-le 7) asks if the resulting day of the month is less than or equal than seven. If the result is less than or equal to seven, then it is within the first seven day or week of the month and a true (1) is returned. Otherwise a false (0) exit code is returned and further execution halts.

If this command [ `date +\%d` -le 7 ] && /bin/email-report.sh is run on every Tuesday of the month, eventually it will run within the first seven days and execute the report!

This command could be easily modified to run on the second, third, forth or fifth specified weekday of the month – whatever you require.Similar Posts:

• Generic PHP Function Code to Query “Stop Forum Spam” API
• Synchronise cPanel DNS Cluster from Command Line
• How to Stop sidebar.exe Using Lots of Memory (Edited 14 May 2011)
• apf: command not found
• Delete PC Sync Calendar on HTC Desire

I’ve written a batch script, and confirmed this works in Windows 7 (should work in Windows Vista too). I created a batch file called restart-sidebar.bat, and stored it in c:\users\brendan – contents of the file below:

@echo off
taskkill /im sidebar.exe /f
echo This script will now sleep momentarily…
TIMEOUT /T 2
echo Starting sidebar.exe now…
start sidebar.exe

The idea is it will kill the process called / task with the image name of, sidebar.exe, forcefully. It will then wait two seconds before starting the process again.

To complete the setup, create a new scheduled task specifying the path to your newly created batch file (mine was c:\users\brendan\restart-sidebar.bat). Run the scheduled task as your own user. I have it scheduled to run once a day at 5pm. I prefer to have it run when I’m not using the computer, more of a scheduled maintenance task that goes on behind the scenes. If you find that’s not enough, schedule it to run a few times a day.

For your information – I’ve encountered on only a few occurrences problems in the past when shutting. The sidebar process has stalled the shutdown procedure and Windows has forcefully killed the process. On login again I’ve lost a few sidebar settings. While I’ve not encountered this running the above batch script, it’s possible you may encounter this. If you’re concerned about it, drop the /f from the taskkill line in the above script (as to not force it) and increase the timeout value from 2, to up to 20 seconds to allow it to safely exit.

Downsides / Cons - I haven’t been able to find something to force the batch file to run in a minimised window (so it pops up and runs as a black command prompt window). This I’m a little bit disappointed with – you could perhaps create a shortcut to the batch file and set the properties on it to start minimised – however I’ve not confirmed this works. – See “Edit 14 May 2011″ below which overcomes this problem.

Advantages / Pluses - It’s a simple and easy fix. Avoids the pain of closing all your programs and restarting / logging off. Runs in seconds and doesn’t require administrative privileges to run.

Edit 14 May 2011 - I recently received an interesting email sent via the contact page. Ray, a fellow sysadmin in the trenches, had come up with a beautiful revision to my own code above. Using the below Windows Script in a vbs file (e.g. restart_sidebar.vbs) run on the same scheduled task as above, it accomplishes the restart of the sidebar without any extra windows or user interaction – it runs silently in the background (like a ninja). I’ve tested it for a few days and it runs beautifully. Thanks Ray, and good work!

‘—————————————————
‘ Author: Ray Flores (raymond.l.flores@gmail.com)
‘ Written May 2011
‘—————————————————

Set WshShell = WScript.CreateObject(“WScript.Shell”)
WshShell.Run “C:\Windows\System32\taskkill.exe /im sidebar.exe /f”, 0, True
WshShell.Run “C:\Windows\System32\timeout.exe /T 2″, 0, True
WshShell.Run “sidebar.exe”, 0, True

Similar Posts:

• Windows sidebar.exe Memory Leak
• What is sidebar.exe
• Generic PHP Function Code to Query “Stop Forum Spam” API
• Moving From No Control Panel Servers to a cPanel Server
• Cron to Run on First Tuesday of the Month

What is sidebar.exe - It’s a genuine Microsoft process / application seen in Windows Vista and Windows 7. It is not dangerous, a virus or malware orientated.

In Windows Vista: It is responsible for displaying gadgets in a bar, usually docked down one side of the screen or screens, hence the term sidebar.

In Windows 7: Like in Windows Vista, while named the same, gadgets run outside of the “bar” and float on the desktop. Gadgets can also be independently docked to the side of a screen or moved around.

Gadgets can have their opacity / transparency adjusted individually (in Windows 7). They can also be set to appear on top – but don’t always depending on the other applications running at the time.

Is it safe - Yes, the process is safe. It is however known to use large amounts of memory at times (especially when using gadgets that interact or feed from the internet). This may slow your computer but it is no way dangerous. To clear memory:

• Log off and on again
• Restart the computer
• Kill the process and start again from the Start menu.

For more information on the large memory consumption of this process, see my other post on the Windows sidebar.exe Memory Leak.Similar Posts:

• Windows sidebar.exe Memory Leak
• How to Stop sidebar.exe Using Lots of Memory (Edited 14 May 2011)
• Find What IP Address cPanel Site Is Using via Command Line
• I’m told the customer is always right?
• Delete PC Sync Calendar on HTC Desire

The Problem - My new HTC is really good at syncing things, too good in fact. I plugged it into my personal computer to play with the HTC Sync program (you know, sync some music for the drives to work). For reasons unbeknown to me, I also told it to sync my personal calendar. The calendar syncs to the HTC Desire to a calendar named “PC Sync”. After realising my mistake I sought to delete the calendar – after all it’s a personal calendar on a work phone, it’s reminding me about all my personal appointments and I don’t like it. So I plug the phone back into my personal computer, open HTC Sync and turn off the calendar syncing. After the lengthy synchronize process completes I check my calendars: Personal Calendar (from Google), PC Sync, Facebook and Exchange. Whaaa? The PC Sync calendar is still there!

The Problem Escalated - Annoyed, I then open the calendar application on the HTC Desire, press Menu > More > Calendars. It’s still there! I press Menu > Remove Calendars and the option to delete the PC Sync calendar is not available. I’m stuck with the calendar with all my personal events on it and no way to remove it – beyond deleting weeks worth of entries one by one, I’m a little lost as to what to do next. The outlook is grim.

The Grinding - Google! My friend! I start running some searches around Google looking for other people experiencing the same problem. There are. But no resolution. All I find are lame responses from know it all people who really know nothing. Some suggests using another Sync program – a little overkill isn’t it? I just want to remove a calendar?

I’d been searching for a good 10 minutes, when I light globe lit up…

The Solution - I recall some weeks back deleting some applications after being prompted that my (tiny) SD card was running out of space. I went into Settings,  Applications and then Manage Applications – and proceeded to start deleting games I’d downloaded (strictly work related of course). I recalled there was a button on this screen called Clear Data.

With hast, I picked up my HTC Desire mobile phone, unlocked it, tapped Settings > Applications > Manage Applications > “All” tab and searched for the word Calender. There were three applications – Calendar, Calendar Storage and Calendar Sync Adapter. Doesn’t Calendar Storage sound convenient? I tapped Calendar Storage and then Clear Data. Upon checking my calendars, I’d lost all my calenders and their data – all calendar related data was gone.

Work uses Microsoft Exchange (to my disgust) – so I opened Settings > Accounts & Sync > Exchange ActiveSync > Sync Now which repopulated my calendar with all my work calendar data, appointments and meetings. I’m pretty sure if I did the same for the Google account I’d sync that calendar back too – but since I don’t use it I didn’t bother.

All my calendar information is stored elsewhere and synchronised to my phone. All my calendar information (I wanted) could be recovered again.

In Summary - When syncing your calendars with the HTC Sync program to your HTC phone, it seems that you can’t un-sync or delete the PC Sync calendar once synched. It seems like such a simple thing to do, but not well thought through by the developers it seems. I found and used a less obvious method of deleting the calendar – deleting all the calendar data via the application manager. This meant all my calendar data was deleted. This was intentional and I knew I could recover what I needed. Only proceed if you know you can recover your calendar data from another source. A backup beforehand probably wouldn’t go astray either.

These are the steps I took on my HTC Desire running Android version 2.2 to delete all calendar data, and in turn the PC Sync calendar:

1. On the phone, open Settings > Applications > Manage Applications
2. Click the “All” tab at the top of the screen
3. Scroll down and tap the Calendar Storage application
4. Tap the “Clear data” button, and confirm you’d like to proceed.

Now all the calendar data is gone from the phone, running your sync processes again to populate only the calendars you want on your phone.

So, if you’re stuck and need to remove this darn annoying calendar – I hope my experience here has been able to help.Similar Posts:

• Rant: Google In Trouble Over Collecting Unprotected WiFi Data
• Synchronise cPanel DNS Cluster from Command Line
• Firefox Google Search Plugin for Australia (AU)
• Emails Not Sending – defer (111): Connection refused (Exim) and SMTP Tweak
• Modifying cPanel Mailbox Quota Errors “invalid maildirsize file”

http://ie6update.com/

So I took a look and liked what I saw.

As the highly educated and brilliant sysadmin you are, I know that you know that Internet Explorer 6 has reached it’s end of life. Meaning that the developer (Microsoft) is no longer supporting or maintaining the product (code).

It’s dead. Therefore one can now assume that IE6 is both out of date and insecure. Not only that, it lacks the compatibility of newer technologies and support of newer (and older) web standards that today’s web community demands.

What is interesting though is a large percentage of the internet still uses it! I have to admit advantages to IE6 include it is really quick and simple. Plus I don’t get NAGGED by the application to setup/configure the browser with a billion step wizard every time I login to a new workstation!

That aside however, the website attempts to encourage a move from older technology to the new. Being a part of the web community and being a web developer, I think it’s a brilliant way we can all easily participate in the education of users. As the image above demonstrates, a simple prompt appears for users of IE6 when arriving at your website, encouraging them to upgrade. Clicking takes to the Microsoft IE website. Integration into your website or blog is simple – download the provided zip from http://ie6update.com/, upload the files within the zip package, and finish by adding the code in the example.html file to your webpage. If you use WordPress Blog, it’s a simple plug-in install.

I’m in!Similar Posts:

• Windows sidebar.exe Memory Leak
• Firefox Google Search Plugin for Australia (AU)
• Simple IP Information / IP to Location (Country) Lookup
• What is sidebar.exe
• I’m told the customer is always right?

Back to the point though – Firefox – when you use the Google Search plugin that comes with the default install of Firefox, it goes to some long and unnecessarily complicated URL on the google.com domain. Now I’m Australian, and proud to be. My preferred domain is google.com.au. While the Google SSL search (https://encrypted.google.com/) is helpful, you lose a lot of the quick access to Image search, time and… just useful search options I’ve come to rely on. Regardless, as users we typically like to use the search for our own country.

Recently in my tinkering with the Firefox config files… I lost my Google Search plugin. I’ve been using the Google SSL search instead (which I strongly dislike) or to type google.com.au into the address bar – so old school.

I found this profoundly awesome page however which lists the Google Search plugins for nearly every nation/country/language Google has a search page for.

http://mycroft.mozdev.org/google-search-plugins.html

Just to pick a few out, there’s Google Search plugins for:

• Google Australia (google.com.au)
• Google AR (google.com.ar)
• Google CA (google.ca)
• Google DE (google.de)
• Google FR (google.fr)
• and more!

I also want to point out there appears to be a few options to pick from:

• Google AU – pages from Australia (google.com.au) by Mycroft Project
• Google AU – the web (google.com.au) by Mycroft Project

The “pages from” is like using google.com.au and selecting to only return results from Australia (or whatever country). However “the web” (my preference) just uses the .com.au Google domain to search.Similar Posts:

• Rant: Google In Trouble Over Collecting Unprotected WiFi Data
• Help Kill IE6
• Simple IP Information / IP to Location (Country) Lookup
• Installing WordPress via SSH Command Line
• Improve Page Rank from Parked Domains

I am utterly sick to death of hearing about “Google breeching privacy” or “spying on private data”. If anyone is stupid enough to leave their wireless network unsecured, then they deserve everything coming to them! There is nothing stopping anyone from driving around in a car, collecting wireless data exchanged through the medium we all share (air). People have been doing it for years! Who hasn’t done it? I have! Why is Google any different? Why has this event turned into a ridiculous worldwide scandal?

The points are, Google stored very small fragments of data that was broadcasting at the time a Google car drove past. If the wireless network was secured (encrypted like all good sysadmins will ensure) then the data was not readable. The scare is, if you were logging into a website at the exact second Google drove past, your information may have been stored.

Lets assume for a second it was… Who cares!!? As soon as it was discovered, the information was segregated and stored on an encrypted volume. Where a nominated representative for a country was selected, the data was securely deleted and verified by independent source.

But it comes back to one thing – if any residence or business operates a wireless network that is not “secured” then it is common knowledge that any data travelling on that network is publicly accessible. Grow the hell up n00bs, and take some responsibility for your own stupidity.

It’s similar to saying “I want cake, but I’m too lazy to get up and get some. ” If you’re too lazy to do something about it, then you don’t get the right to complain about it!

EDIT:

The Media

They really aren’t helping the situation by relaying misleading information to readers, who have no choice but to accept it at face value. Check this news article out by The Australian IT:

Google Street View cars may have obtained bank details

BANK details and other private information of Australians may have been illegally obtained by Google, the federal government says.

Employees of the internet giant are under police investigation for collecting personal information about Australians while they photographed streets for the Google Maps website.

Federal Attorney-General Robert McClelland revealed on Sunday that he had referred the matter to the Australian Federal Police.

Communications Minister Stephen Conroy told a Senate hearing in May that if proven, it would amount to the “single greatest breach in the history of privacy”.

“(If) you were doing a banking transaction, or transmitting personal information, they could have hoover-ed it up, sucked it up into their machine,” he told ABC Television on Monday.

“What we want to ensure now is that we get access to the information that’s been collected.

“We want to know where it’s stored, we want to know what the information is, and importantly we want to ensure that Google don’t destroy this information.”

It was a reminder that Australians should always be alert to online security, Senator Conroy said, while spruiking Cyber Security Awareness Week.

Up to one third of Australians don’t always tap into their wireless connections with passwords, making them vulnerable to security attacks, he said.

Senator Conroy said it was up to police to accept Google’s claim that the collection of personal information was a mistake.

Source: The Australian IT
Last Accessed: 14 Jul 2010

My response to that:

As previously mentioned, it’s called SSL, Conroy you pathetic excuse for existence. “What we want to ensure now is that we get access to the information that’s been collected” is what I would call the “single greatest breach in the history of privacy” – why does the government need access to this information? I trust Google with it more than Conroy. It’s not Google’s fault “Up to one third of Australians” are idiots who can’t secure their wifi connection.

Similar Posts:

• Firefox Google Search Plugin for Australia (AU)
• Delete PC Sync Calendar on HTC Desire
• 6 Reason to use SFTP over FTP or SCP
• Simple IP Information / IP to Location (Country) Lookup
• Linux Software Firewalls

A colleague of mine recently released a new website, which I thought was brilliant enough to blog about. Simply, the website displays IP Facts, without all the crap and ads we normally have to put up with. Simply put sysadmins, it’s simple and gets straight to the point – something hard to come across.

With a little assistance, we also got it to lookup the details of a supplied IP address, IP to Location (Country), which I find helpful when checking abusive IP addresses.

Get your IP Facts – http://ipfacts.info/
Check an IP’s Location / Country – http://ipfacts.info/ip-to-country

Linux / SSH Console Commands

Of course if you have a console window open, you can typically get most of this information using a few commands.

Find your server’s interface IP address:

ifconfig

Check what an IP address resolves to:

host iphere
host 122.122.122.122

Check what hostname an IP address resolves to:

host domain.com
host google.com

As for what country an IP belongs to, this isn’t as easy. You can run a whois and see who the IP is owned by, but that isn’t always the correct country for international corporations, but even then that’s no promise you’ll get any information if any:

$ whois 122.122.122.122
[Querying whois.apnic.net]
[Redirected to whois.twnic.net]
[Querying whois.twnic.net]
[whois.twnic.net]
Chunghwa Telecom Data Communication Business Group

Netname: HINET-NET
Netblock: 122.122.0.0/16

Administrator contact:
network-adm@hinet.net

Technical contact:
network-adm@hinet.net

In the case of the above, the IP to Country script comes in handy because the database is build from another source.Similar Posts:

• Find What IP Address cPanel Site Is Using via Command Line
• Moving From No Control Panel Servers to a cPanel Server
• Locking down and securing SSH access to your server
• Understanding cPanel clustered DNS and Setup
• 6 Reason to use SFTP over FTP or SCP

http://statuscodedrinkinggame.com/

Some samples for your amusement:

404 Not Found
Last person to make a greeting must drink.

416 Request Entity Too Large
Thats what she said! Everyone drinks.

403 Forbidden
Miss a turn, Must drink double on next turn.

Check out the website for more.

So at your next departmental party, get all the sysadmins  together and try out this status code drinking game! I’m looking forward to it.Similar Posts:

• Generic PHP Function Code to Query “Stop Forum Spam” API
• PHP Code Block Vent In Spite of Spammers
• Help Kill IE6
• Improve Page Rank from Parked Domains
• Installing WordPress via SSH Command Line

invalid maildirsize file

While I didn’t actually check the size of the user’s mailbox in file size, which I would have done with:

du -sch /home/username/mail/domain.com/john.smith/*

I would have found that the actual usage was near zero, while cPanel was reporting the mail box usage was over 200mb.

The cause of the invalid maildirsize file error message is a corruption in the maildirsize file – as the error might suggest. It is no longer accurately keeping track of the usage properly. The solution is simple, all you need to do is delete the file and it will rebuild itself without a problem (will occur on new activity like a login or modification of quota).

There are two common ways of deleting it. First is to login to your server via SSH. The follow example applies where the email address is john.smith@domain.com, and the account username is “username”. Substitute the values in bold.

cd /home/username/mail/domain.com/john.smith/
rm -f maildirsize

That’s all there is to it for SSH.

The second method is probably more easier for the laymen, FTP. Login to the account with the primary login details (e.g. username will be the account username [avoid the sub user FTP accounts], and the password the account password). Browse to:

/mail/domain.com/john.smith/
Delete file named maildirsize

Problem solved. The disk usage dropped back to zero and I’ve not received any more annoying emails since, and the quota reset didn’t give me a invalid maildirsize file error message.Similar Posts:

• Moving From No Control Panel Servers to a cPanel Server
• Synchronise cPanel DNS Cluster from Command Line
• Find What IP Address cPanel Site Is Using via Command Line
• Understanding cPanel clustered DNS and Setup
• Emails Not Sending – defer (111): Connection refused (Exim) and SMTP Tweak

I found this website called Stop Forum Spam that stores and maintains a database of known details of spammers. So if JohnyGreen at nys@affiliatelist.org with the IP address of 92.113.110.125 tries to interact with your forums, wordpress blog or otherwise, you can do a lookup of the details stored at http://www.stopforumspam.com/. If you do, you’ll find at the time of writing 16 results on that username alone. The IP address and email will also flag several results.

From the front page of stopforumspam.com, “We catch a lot of spammers trying to register on forums. And we post their details here.  We currently have information on 873718 spammers since about December 2006. Here is the last 12 hours worth of spammers caught in our traps.”

The website also offers APIs that you can use to query their database. For example:

http://www.stopforumspam.com/api?ip=71.194.95.244

http://www.stopforumspam.com/api?email=i-m-spammer@domain.cn

http://www.stopforumspam.com/api?username=TestUserNameHere

Based on that, this neat little XML result is returned:

<response success=”true”>
<type>ip</type>
<appears>yes</appears>
<lastseen>2009-10-26 11:55:07</lastseen>
<frequency>78</frequency>
</response>

Depending on the platform, there are a lot of plugins/mods developed for your forum or bulletin board. Simply implement them using the instructions of the plugin developer.

Interestingly, I searched the WordPress Plugin database and found a heap of plugins that query the database and block potential attacks or abuse of your blog or website. Check out the plugin results! I currently use the WP-NoSpamUser wordpress plugin on some of my other blogs (it works very well, lots of options to choose from).

The Stop Forum Spam download page also references code examples by other third party developers. Being a PHP developer, I checked out the work of Smurf_Minions who wrote their own code to check for spam bots using the Stop Forum Spam API. They also released their source code! While the developer has done an excellent job, I thought I could improve upon their code a little. So I set out to make something a little more generic and useful to the every day web developer to use.

I rewrote the primary function and added a little bit more internal documentation for anyone who wants to take this and improve on it further, or adapt it to their own custom use. You can pretty much just reference the function below and pass the data you want to check. It will return a Boolean result of true/false or 1/0. The latest version is included below. Monitor the revision number for new versions.

<?php
function CheckIfSpambot($emailAddress, $ipAddress, $userName, $debug = false)
{

// *********************************
// Code originally written by Smurf_Minions (http://guildwarsholland.nl/)
// Original Source: http://guildwarsholland.nl/phphulp/testspambot.php
//
// Modified by Brendan Erskine (http://sysadminspot.com/)
// Last Modified: 8 May 2010
// Revision Number: 2.0
// *********************************

  // Initiate and declare spambot/errorDetected as false - as we're just getting started
  $spambot = false;
  $errorDetected = false;

  // -------------
  // Check email address
  // -------------

  if ($emailAddress != "")
  {
    $xml_string = file_get_contents("http://www.stopforumspam.com/api?email=" . urlencode($emailAddress));
    $xml = new SimpleXMLElement($xml_string);

    if ($xml->appears == "yes") // Was the result was registered
    {
      $spambot = true; // Check failed. Result indicates dangerous.
    }
    elseif ($xml->appears == "no") // Check passed. Result returned safe.
    {
      $spambot = false; // Check passed. Result returned safe.
    }
    else
    {
      $errorDetected = true; // Test returned neither positive or negative result. Service might be down?
    }
  }

  // -------------
  // Check IP Address
  // -------------
  if ($spambot != true && $ipAddress != "")
  {
    $xml_string = file_get_contents("http://www.stopforumspam.com/api?ip=" . urlencode($ipAddress));
    $xml = new SimpleXMLElement($xml_string);

    if ($xml->appears == "yes") // Was the result was registered
    {
      $spambot = true; // Check failed. Result indicates dangerous.
    }
    elseif ($xml->appears == "no") // Check passed. Result returned safe.
    {
      $spambot = false; // Check passed. Result returned safe.
    }
    else
    {
      $errorDetected = true; // Test returned neither positive or negative result. Service might be down?
    }
  }

  // -------------
  // Check Username
  // -------------
  if ($spambot != true && $userName != "")
  {
    $xml_string = file_get_contents("http://www.stopforumspam.com/api?username=" . urlencode($userName));
    $xml = new SimpleXMLElement($xml_string);

    if ($xml->appears == "yes") // Was the result was registered
    {
      $spambot = true; // Check failed. Result indicates dangerous.
    }
    elseif ($xml->appears == "no") // Check passed. Result returned safe.
    {
      $spambot = false; // Check passed. Result returned safe.
    }
    else
    {
      $errorDetected = true; // Test returned neither positive or negative result. Service might be down?
    }
  }

  // To debug function, call it with the debug flag as true and instead the function will return whether or not an error was detected, rather than the test result.
  if ($debug == true)
  {
    return $errorDetected; // If enabled, return whether or not an error was detected
  }
  else
  {
    return $spambot; // Return test results as either true/false or 1/0
  }
}
?>

If you want to test the above function, put the above code in a file called spambotcheck.php. Then add the following code to insert a form and result handling to the page:

<?php
if (isset($_GET[check]))
{
  $result = CheckIfSpambot($_POST[emailAddress], $_POST[ipAddress], $_POST[userName]);

  switch ($result)
  {
    case 0:
		echo "Negative result";
		break;

	case 1:
		echo "Positive result";
		break;

	default:
		echo "You broke it!";
	}
}
?>
<form method="post" action="<?php echo $_SERVER["PHP_SELF"]; ?>?check">
  <label>Username
  <input type="text" name="userName" id="userName">
  </label>
  <label>IP Address
  <input type="text" name="ipAddress" id="ipAddress">
  </label>
  <label>Email Address
  <input type="text" name="emailAddress" id="emailAddress">
  </label>
  <input type="submit" name="button" id="button" value="Submit">
</form>

If you want to demo the output, check out my own spambotcheck.php demo.

My tests so far show it works reasonable well. The only way I would improve this further is the debugging ability. The API results return success=”true” or success=”false” which could be built into the error checking. To use the debugging at the moment, you need to modify your function call to something like this:

// Add a true flag in the forth parameter
$result = CheckIfSpambot($_POST[emailAddress], $_POST[ipAddress], $_POST[userName], true);

// Or use 1 as the fourth parameter.
$result = CheckIfSpambot($_POST[emailAddress], $_POST[ipAddress], $_POST[userName], 1);

It will change the returned value to whether an error was detected (true) or not (false) instead of a spammer detected (true) or not (false). Make sure you reset debugging back to false (or remove the parameter) otherwise you’ll be getting misleading results back!!Similar Posts:

• PHP Code Block Vent In Spite of Spammers
• Cron to Run on First Tuesday of the Month
• How to Stop sidebar.exe Using Lots of Memory (Edited 14 May 2011)
• Firefox Google Search Plugin for Australia (AU)
• HTTP Status Code Drinking Game

$bannedPhrases = array(" seo ", "engine optimisation", "engine optimization", "increase traffic");
$bannedMessage = "Hello spammer, please kindly f*** off and die painfully!";

foreach ($bannedPhrases as $value)
{
  if (strpos($name, $value) || strpos($email, $value) || strpos($message, $value))
  {
    include "header.php";
    echo "<br /><p align=center>$bannedMessage</p><br />";
    include "footer.php";
    die(); // do not send message
  }
}

Immature I know, but no harm done.

EDIT: After posting this I realised it was really pointless, more than I realised at first. So I set to finding a better solution and posted it a short time later. See my post called Generic PHP Function Code to Query “Stop Forum Spam” API. Good luck fellow sysadmin!Similar Posts:

• Generic PHP Function Code to Query “Stop Forum Spam” API
• HTTP Status Code Drinking Game
• Rant: Google In Trouble Over Collecting Unprotected WiFi Data
• Improve Page Rank from Parked Domains
• I’m told the customer is always right?

When you try and rename it the following is given:

$ mv ––index.html index.html.renamed
mv: unrecognized option `––index.html’
Try `mv ––help’ for more information.

I also tried delimiting it the normal way, but it wouldn’t work either:

mv \–\–index.html index.html.renamed

The correct way to rename it is:

mv ./––index.html index.html.renamed

Because –– has special meaning, you can’t delimit it with a simple backslash (\), you have to put a path reference in there to delimit it. So my path working directory (pwd) was /home/user/data/ where the file was located, so I could use ./ to reference the current pwd. The other option is to put the full path in:

mv /home/user/data/––index.html index.html.renamed

Hopefully this helps out some other Linux server administrator out there who’s mind it has slipped.Similar Posts:

• 6 Reason to use SFTP over FTP or SCP
• apf: command not found
• Locking down and securing SSH access to your server
• Moving From No Control Panel Servers to a cPanel Server
• Modifying cPanel Mailbox Quota Errors “invalid maildirsize file”

Quite some time back when using Vista, I noticed the sidebar.exe process generally consumes vast/large amounts of memory. My Googling concluded consumption varied depending on degrees of usage, what gadgets are being used and the system uptime. This blogger recorded 1.3Gb of RAM hogged by the sidebar.exe process. I just wanted to make a blog post though and say, if you’re reading this… you’re not alone in your confusion brother.

What is this all about? If looking in task manager and running the Windows Sidebar application, you might notice sidebar.exe using lots of memory. There’s a lot of confusion over why it uses so much memory and what the cause is. When a process eats into available memory and doesn’t release unused memory to the point of exhaustion – it is called a memory leak (more at Wikipedia).

Most people will tell you, just “restart your computer”, “kill the process”, “just don’t use it” or “delete the gadget” and it will fix the problem. Well… I have to stop right here and have a rant… Any person with a lick of common sense will tell you it doesn’t fix the damn problem!! It’s infuriating to read posts by n00bs who honestly have no idea what they’re on about, suggesting these dumb ideas. There is a problem! Covering your eyes and saying “I can’t see it” doesn’t fix it!

Some people (including myself) actually value the easy accessibility of information the side bar can deliver. There are lots of great gadgets out there which will give you cool key information about your system, operating environment and access social networking feeds like Twitter, etc.

So what is the deal with this memory over consumption thing anyway? Well I found this excellent blog post by Mark Russinovich, “The Case of the Frozen Clock Gadget” which takes a detailed look into the problem. He concludes the problem is “down to a leaky Sidebar API” – which doesn’t seem surprising considering Microsoft.

Being Microsoft, and knowing this problem has prevailed through both Windows Vista and Windows 7 now – I’m getting the sense we’ll be lucky to ever see this sidebar memory leak problem resolved. To think, just a minor tweak or rewrite of a function could potentially spark spontaneous celebration and world peace should it even appear on Microsoft’s radar. A little bit of me dies each time I think about it – knowing if Windows was open source, we’d all have this problem nailed by now.

So what can you do to fix this problem? Nothing it seems. While others have suggested you can simply not use Windows Sidebar, restarting the process (killing and starting again), or restarting the computer will temporarily recover your lost memory, it isn’t a long term fix. Really though, considering the amount of RAM we’re running on these days it doesn’t make that much difference personally to my usage. Even if my overall usage does get extreme, the operating system should page/swap the unused memory from RAM to disk. The only downside to that is temporary degraded performance during swapping/paging.

If we’re really lucky, we might see an update in the distant future patching the sidebar API… and then again, the US might catch Osama Bin Laden – it was a pleasant thought while it lasted.

UPDATE (7 March 2011): Thanks TED for your suggestion. I’ve implemented it and confirmed it works on Windows 7 – see the blog post How to Stop sidebar.exe Using Lots of Memory.Similar Posts:

• What is sidebar.exe
• How to Stop sidebar.exe Using Lots of Memory (Edited 14 May 2011)
• Delete PC Sync Calendar on HTC Desire
• PHP Code Block Vent In Spite of Spammers
• Modifying cPanel Mailbox Quota Errors “invalid maildirsize file”

Similar Posts:

• Cron to Run on First Tuesday of the Month
• Linux Software Firewalls
• I’m told the customer is always right?
• Windows sidebar.exe Memory Leak
• Can’t connect to local MySQL server through socket ‘/var/lib/mysql/mysql.sock’ (13)

Advanced Policy Firewall (APF) Is Not Installed

Type in the following command:

$ /etc/apf/apf

One of two things will happen..

You’ll this error message:

/etc/apf/apf: No such file or directory

OR

You’ll get something like this:

$ /etc/apf/apf
APF version 9.6 <apf@r-fx.org>
…

If you get the first expected result, APF isn’t installed. Go to Advanced Policy Firewall project page, download it and install.

Bash “PATH” Variable

If when performing the above test got something like this:

$ /etc/apf/apf
APF version 9.6 <apf@r-fx.org>
…

It is likely your environmental “PATH” variable doesn’t cover /usr/local/sbin/ or similar. When APF is installed, it symlinks /usr/local/sbin/apf to /etc/apf/apf. To check, try the following command and see if /usr/local/sbin/ is included:

$ echo $PATH
/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/root/bin

You can either type your commands like “/etc/apf/apf -d <source>” or you can fix the symbolic link (probably the better idea because other links may be broken).

To fix the PATH variable to include the new bin, modify your bash profile or server-wide (either ~/.bash_profile or /etc/bashrc respectively – the first is probably safer):

vi ~/.bash_profile

Again, I use vi/vim, use nano or your other preferred editor if that’s what you prefer.

Look for a variable like this:

PATH=$PATH:$HOME/bin:/usr/bin/systools

To the end, add something like:

:/usr/local/sbin

Resulting in it now looking like:

PATH=$PATH:$HOME/bin:/usr/bin/systools:/usr/local/sbin

Then I recommend you just logout and then login again. You stuff around with export, but easier to just logout/in again.

Didn’t Work?

There are a number of other possible solutions depending on the problem you’re experiencing. I’ve only covered two. Leave a comment with some output of your tests and we’ll take a look.Similar Posts:

• Allow, Deny and Remove with Advanced Policy Firewall (APF)
• Synchronise cPanel DNS Cluster from Command Line
• Emails Not Sending – defer (111): Connection refused (Exim) and SMTP Tweak
• Linux Software Firewalls
• Find What IP Address cPanel Site Is Using via Command Line

If you’re looking for information on how to configure APF, this isn’t the post for you. Check out Linux Software Firewalls which covers some of the key configuration settings you’ll need to consider when setting it up. Alternatively, check out APF documentation – it’s rather good. If you’re still stuck, leave a comment.

Direct Command Line

Using the apf command via SSH has to be my preferred method of adjusting the firewall. To deny a source you can simply type:

apf -d <source> [comment]
apf -d 123.45.67.89 Keepings dosing the server

If you have a default deny policy and only want to allow on an individual basis then you can use a command like this:

apf -a <source> [comment]
apf -a 123.45.67.89 Melbourne office allow complete access

Another handy parameter I didn’t learn about until later (much regretted) is the -u one. It will remove the IP source from either allow or denied if it exists. Saves you modifying the rule files directly and restarting the firewall. So to remove a source use:

apf -u <source>
apf -u 123.45.67.89

A catch with remove though, if you have denied 123.45.0.0/16 and you want to remove 123.45.1.56 from the deny rules, it won’t work like this. You can’t apf -u 123.45.1.56 and expect it to work – the tool searches for the parameter you’ve provided and searches any matching rules. These obviously won’t match. If you want to deny 123.45.0.0/16 but suddenly want to allow 123.45.1.56, I’d try apf -d 123.45.0.0/16 and then apf -a 123.45.1.56. I think the results will vary depending on your default policy (not 100% sure on that though).

After using these commands you do not need to restart or reload your firewall. They are invoked straight away as a part of the command. Using apf -r will be pointless in this case.

Looking for example of <source>? I’ve explained it more below.

Direct Rule File Modification

So firstly, your base directory is /etc/apf/ – you’ll find all the configuration files and rules in there.

There are the two main rule files you need to worry about. Don’t worry about the others:

$ ls /etc/apf/{allow,deny}*.rules
/etc/apf/allow_hosts.rules  /etc/apf/deny_hosts.rules

If you open either of these files, there should be rather in-depth instructions contained within:

# Format of this file is line-seperated addresses, IP masking is supported.
# Example:
# 192.168.2.1
# 192.168.5.0/24
#
# advanced usage
#
# The trust rules can be made in advanced format with 4 options
# (proto:flow:port:ip);
# 1) protocol: [packet protocol tcp/udp]
# 2) flow in/out: [packet direction, inbound or outbound]
# 3) s/d=port: [packet source or destination port]
# 4) s/d=ip(/xx) [packet source or destination address, masking supported]
#
# Syntax:
# proto:flow:[s/d]=port:[s/d]=ip(/mask)
# s – source , d – destination , flow – packet flow in/out
#
# Examples:
# inbound to destination port 22 from 192.168.2.1
# tcp:in:d=22:s=192.168.2.1
#
# outbound to destination port 23 to destination host 192.168.2.1
# out:d=23:d=192.168.2.1
#
# inbound to destination port 3306 from 192.168.5.0/24
# d=3306:s=192.168.5.0/24

The developer has done very well explaining the possible syntax and formats you can use. The only thing I can add to it is keep it simple where possible. If you just want to completely drop, firewall, deny or block an IP address from interacting with your server, just add the IP on a new line in the /etc/apf/deny_hosts.rules file (see post changes section below).

If you want to allow your Perth based office to access SSH on your server which is closed by default, you could add something like this on a new line to /etc/apf/allow_hosts.rules (also see post changes section below):

d=22:s=123.45.1.56 # Perth Office SSH

Note that the # is a comment, and everything after it will have no bearing on the rule you’ve added.

Post Changes to Rule/Config Files

After you make a change to your rule or configuration files, you must invoke them by loading them into your firewall. You do this by restarting your firewall:

apf -r

When you restart APF, all rules will be flushed or removed and then re-added effectively implementing the new rule changes you’ve added.

What can I block or allow? What types of Source can I use?

In the above examples I’ve used <source>. Source can equal a single IP address, a IP block in Classless Inter-Domain Routing (CIDR) notation or a fully qualified domain name (FQDN). Examples of each:

Single IP – 123.45.67.89

IP Block (CIDR) – 123.45.0.0/16 (which equates to 123.45.0.0 to 123.45.255.255)

FQDN – nyoffice.domain.com or 13371.dnshost.net

How do I Allow/Block an IP Range?

I’ve also seen a heap of requests specifically about allowing/blocking a range of IP addresses in APF. You can’t do this as “block A to B” – it needs to be in the form of CIDR notation. I use this IP Address Range Calculator to CIDR tool to calculate the CIDR notation for me. I’m lazy and its reasonably accurate.

If you’re looking to block 123.45.67.89 to 123.45.67.91, I’d personally just add them manually. IP’s fit into CIDR specially and you won’t cleanly be able to block 123.45.67.89 to 123.45.67.91 without blocking other IP addresses surrounding them. Don’t be surprised if you’re given multiple CIDR blocks in the results either – it means your supplied IP range crosses multiple blocks.Similar Posts:

• apf: command not found
• Locking down and securing SSH access to your server
• Linux Software Firewalls
• 6 Reason to use SFTP over FTP or SCP
• Emails Not Sending – defer (111): Connection refused (Exim) and SMTP Tweak

Usually I see this happen if there is a problem with DNS, particularly with the hostname. The server’s hostname should always point to the primary IP address of the server. There should also be a reverse DNS (rDNS) or pointer setup on that IP address pointing back to the hostname. For example:

fileserver.domain.com.au -> 123.45.67.89
123.45.67.89 -> fileserver.domain.com.a

If you don’t do this, you’re asking for trouble. Most providers won’t accept email from you if you don’t setup your DNS properly. For example, here is a message from AOL:

$ telnet mailin-04.mx.aol.com 25
Trying 64.12.90.66…
Connected to mailin-04.mx.aol.com.
Escape character is ‘^]’.
…
220-Effective immediately:
220-AOL may no longer accept connections from IP addresses
220 which no do not have reverse-DNS (PTR records) assigned.
quit
221 2.0.0 Bye
Connection closed by foreign host.

In the past I’ve seen the server hostname accidently changed causing a mismatch, and in turn this problem.

However the actual cause of my problem today was caused by playing with cPanel settings I was unclear of. What does SMTP Tweak do exactly? It’s very poorly explained… well no, it’s not explained at all in Web Hosting Manager (WHM), but I extracted this from the cPanel docs explaining SMTP Tweak:

SMTP Tweak

You may want to prevent users from bypassing your mail server to send mail. This is common practice for spammers.  This feature allows you to configure your server so that the mail transport agent (MTA), Mailman mailing list software, and root user are the only accounts able to connect to remote SMTP servers.

Source: http://docs.cpanel.net/twiki/bin/view/AllDocumentation/WHMDocs/TweakMail

If your clients are not setup to handle sending mail as an authenticated user, suddenly enabling SMTP Tweak in WHM will cause…

mailin-01.mx.aol.com [205.188.146.193] Connection refused
cluster9.us.messagelabs.com [216.82.242.19] Connection refused
cluster9a.us.messagelabs.com [95.131.108.66] Connection refused
xxx@xxx.com.au <xxx@xxx.com.au> R=lookuphost T=remote_smtp defer (111): Connection refused
mailipao.vtcif.telstra.com.au [202.12.144.27] Connection refused
xxx@telstra.com <xxx@telstra.com> R=lookuphost T=remote_smtp defer (111): Connection refused
gmail-smtp-in.l.google.com [209.85.221.11] Connection refused
alt1.gmail-smtp-in.l.google.com [216.239.59.27] Connection refused
alt2.gmail-smtp-in.l.google.com [74.125.79.114] Connection refused
alt3.gmail-smtp-in.l.google.com [72.14.221.27] Connection refused
alt4.gmail-smtp-in.l.google.com [209.85.216.62] Connection refused

Uhoh. cPanel’s SMTP Tweak does this by adding these rules to iptables:

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  –  anywhere             localhost           tcp dpt:smtp
REJECT     tcp  –  anywhere             anywhere            tcp dpt:smtp reject-with icmp-port-unreachable

So in the end, it had nothing to do with his migration. It was a simple mis-click of SMTP Tweak. At least we know for certain what it does! It effectively firewalls your outbound connection from the server unless you’re an authenticated user, making it appear as if the destination server is blocking you. Unless you look carefully it has the potential to be confusing.

Similar Posts:

• Synchronise cPanel DNS Cluster from Command Line
• Firefox Google Search Plugin for Australia (AU)
• Modifying cPanel Mailbox Quota Errors “invalid maildirsize file”
• Moving From No Control Panel Servers to a cPanel Server
• Understanding cPanel clustered DNS and Setup

Advanced Policy Firewall (APF)

Simple Settings to Configuring APF

My preferred text editor is vim, use nano or whatever else you prefer. Substitute my preference with your own with the below commands.

vi /etc/apf/conf.apf

This is the config file. As a sysadmin, I hate wasting time typing things out and therefore love being able to type “vi /etc/apf/conf” and then press Tab to finish the command for me. Well named guys.

DEVEL_MODE

Be familiar with DEVEL_MODE, you need to have it turned off for production operations. With it turned on, your firewall rules will flush to to none every 5 minutes. It’s designed for you to test your settings work, but if you lock yourself out you’ll get access in 5 minutes time again.

IFACE_IN / IFACE_OUT

If you’re using a virtual machine, you may have something other than eth0. Be sure to change it to the untrusted or public network interface.

SET_MONOKERN

If you install APF on a virtual machine, VPS, VE (virtual environment), or whatever you want to call it, and you don’t have access to the kernel you might have to change this to 1 for it to work.

SYSCTL_SYNCOOKIES

This will turn on syn cookies for you. Can help filter out SYN denial of service attacks by flagging packets.

IG_TCP_CPORTS

The permitted inbound TCP ports. Very important. Basically put in all the port numbers you want to be publicly open. For example, HTTP (80) and DNS (53). If you want to allow access to certain IP addresses only, but not the world, don’t include them here.

IG_UDP_CPORTS

The permitted inbound UDP ports. I see FTP (21) and DNS (52) in these a lot, I don’t think it is necessary though.

IG_ICMP_TYPES

Internet Control Message Protocol (ICMP) or commonly called ping (basically the ping command uses this protocol to test connections). Each type of ICMP state corresponds with a number, which you can permit or block. Read about the states and results on Wikipedia, I’m not going into them. The idea being you  can block ping on your server, if a hacker pings you to see if your host is online it can response with request timed out, and they might move on.

EGF

“Outbound (egress) filtering”. Set to 0 or disabled by default. It allows you to filter outbound connections to your server. This is the master on/off switch for the feature.

EG_TCP_CPORTS

Outbound TCP Ports to allow.

EG_UDP_CPORTS

Outbound UDP ports to allow.

EG_ICMP_TYPES

Outbound ICMP or ping types to allow. Again, read about the states and results on Wikipedia to save me going into it.

Other Firewalls – CSF (ConfigServer Security &  Firewall)

If you use a cPanel server, CSF (ConfigServer Security &  Firewall) is very popular and integrates with Web Hosting Manager (WHM). I’m not going to talk about it here, but check out the feature lists and download it at the developers website, ConfigServer.Similar Posts:

• Locking down and securing SSH access to your server
• 6 Reason to use SFTP over FTP or SCP
• Linux Conference 2010 – Wellington, New Zealand
• Allow, Deny and Remove with Advanced Policy Firewall (APF)
• Rant: Google In Trouble Over Collecting Unprotected WiFi Data

Lets say its toymanufactco.com, people go out and buy toysmanufactco.com, toymanufact.com, makingtoys.com, toysmaking.com, greattoys.com, yirginiatoyco.com, etc etc. They buy all these domains I assume because they’re hoping that someone will accidently type one in? Or they want to “secure” or “protect” their brand. Most of the time I think they’re doing the exact reverse.

Imagine is ebay.com started expanding their domains to include dbay.com, fbay.com, onlineauctions.com, auctionsonline.com, onlineauctionbids.com, etc etc etc etc! They’re breaking away from their main stream brand. They’re splitting their marketing budget from one primary domain, central and focal domain name to several others. Why? For what possible reason would this help ebay? No, ebay is ebay.com and that’s it!

If you’re a small business and you’re doing this, you’re wasting money. Worst yet if you’ve been doing this for years now, if you stop you’re going to lose potential traffic. That means you’re going to have to continually spent money to maintain it. Your brand image could be split and you can confuse visitors by having the same content on separate domains. It could lead your customers to believe this is normal, and they could walk into phishing websites and be scammed? It’s a dangerous precedent!

So while the idea isn’t really… a good one anymore. It use to be, 10 years ago! There is another problem yet to be mention…

Search Engine Optimisation / Ranking

This problem causes problems with your page rank or PR. Your content can be duplicated on multiple domains, because it’s a copy, Google might actually penalise you by giving you a lower PR! It thinks you’ve copied content of that other guy.. when it’s really you!

You can also sometimes increase your PR by consolidating traffic on your primary domain name. All your visitors are linking to toysmanufactco.com/tips-for-buying-toys and greattoys.com/tips-for-buying-toys and makingtoys.com/tips-for-buying-toys: and for each link you’ll gain PR a little. But if you had all the links going to the same domain your PR for that one domain will be higher. They’re already linking to you, they’re linking to the same content, they’re just linking to a separate domain which Google could mistake as you stealing content from.

Solution

Now this isn’t a full fix. You still shouldn’t be doing what you’re doing, but it will help. If you have six domain names parked on top of your primary, you can redirect them with a 301 redirect to your primary domain. A 301 redirect is a permanent redirect. It is an status code given by the web server that tells the browser or search engine that the page content as moved. Google sees a 301 redirect and will follow it! Because it is a permanent redirect, it will remove your existing indexing for the old domains, apply the owed PR to the primary domain you’re redirecting to, and reindex! Consolidating your PR.

I for example have a business website that in a .com. Five years ago a .com.au was very expensive and I wasn’t going to waste the money on it. They’re now more affordable and I want to tell my customers that my business is Australian when they go to my website – I want a .com.au!! But I have an existing website at .com. I want to move everything from my .com to my .com.au – I’m going to use a 301 permanent redirect.

The method I would do this is mod_rewrite thrown it into my .htaccess file. Your Apache webserver needs mod_rewrite included. Here’s some sample code:

ReWriteEngine On
RewriteCond %{HTTP_HOST} !^www.mybusiness.com$
RewriteRule ^(.*)$ http://www.mybusiness.com.au/$1 [R=301,L]

What does this mean!? What does this do!!?

Right, line by line for you…

ReWriteEngine On

All this line does is turn on URL rewriting. That’s all!

RewriteCond %{HTTP_HOST} !^www.mybusiness.com$

This is a condition, it will rewrite based on this condition and any others I specify. HTTP_HOST is basically the domain name part of the URL. If you want to see an example, make a PHP file and add something like <?php echo $_SERVER[HTTP_HOST]; ?> – You’ll see the output. That’s what you’re including.

The logic being:

If HTTP_HOST (the domain name) is NOT (!) from the start (^)www.mybusiness.com to the finish ($) ….. do the rewrite rule.

Leave out the ^ and $ if you can’t get them working. You’ll get an internal server error if you make a mistake.

RewriteRule ^(.*)$ http://www.mybusiness.com.au/$1 [R=301,L]

This is it, this is what does the redirect. It is effectively saying replace xx, with yy. More explained logic:

Based on the above conditions, if any…
Rewrite ^(.*)$ (means everything) to http://www.mybusiness.com.au/ and append $1 (the remainder of the URI to the end) using a 301 redirect and this is the Last (L meaning it won’t pay any attention to following rules) rule.

Give it a go. Us sysadmins shake our heads when we see this, and we typically patch it with this.Similar Posts:

• Firefox Google Search Plugin for Australia (AU)
• Find What IP Address cPanel Site Is Using via Command Line
• Emails Not Sending – defer (111): Connection refused (Exim) and SMTP Tweak
• Simple IP Information / IP to Location (Country) Lookup
• Modifying cPanel Mailbox Quota Errors “invalid maildirsize file”