Here is what you need to prepare before proceed with the backup.

1. Create a directory for backup. i.e folder name of ServerBackup. Go to “Control Panel” -> “Shared Folder”.

2. Enable SSH on Synology. Go to “Control Panel” -> “Terminal & SNMP” -> “Enable SSH Service”. If you option to change the SSH port or not

3. Try to ssh into Synology with username “root”. The root password is the same with “admin”.

If are you done, let’s do it.

Generate SSH Key

You wouldn’t want to key in password whenever want to access to the server to grab the file. Generate a “custom” ssh key which will be used for synology. Remember, please do not set the password. Give you ssh file a “special name”, DO NOT use the default. I.e we used synobackup, there are 2 files will be generate

1. synobackup – This is the private key files
2. synobackup.pub – This is the public key which will be placed on the remote server.

Next, we will copy this 2 files into Synology folder ServerBackup. We create a folder name “scripts”, and the file will be placed in synology

1. /Volume/ServerBackup/scripts/synobackup
2. /Volume/ServerBackup/scripts/synobackup.pub

We will copy the key on synobackup.pub into remote server’s ssh directory “.ssh/authorized_keys” for the user’s home directory where you will login with the username later. i.e “/home/takizo/.ssh/authorized_keys”

Ok.. we are done with ssh thingy. Let’s write some script.

Simple Scripting

Next, we will do some scripting as below.

#!/bin/ash

#This is the private key
PRIVKEY="/volume/ServerBackup/scripts/snology"

#This is the folder you would like to backup from
HOSTFOLDER=/backup/*

#This is the folder you would like to backup to Synology
DESTFOLDER="/volume/ServerBackup/database/server-godzilla/"

#We will be using rsync in synology, this will do the rync! 
/usr/syno/bin/rsync -avz -e "ssh -p7777 -i $PRIVKEY" takizo@godzilla.takizo.com:$HOSTFOLDER $DESTFOLDER

Save the script above into your Synology backup folder which created earlier “/volume/ServerBackup/scripts/database.backup.sh”

Please take note that the remote folder is define by yourself. We are done with the script, it’s time to Execute it!

Configure the Backup Script

Due to it’s the first time access to the remote server, you need to manually run the script in shell to accept the SSH session. We are almost there.

SSH to Synology server

ssh -p2222 root@your_synology_ip
mydisk> cd /volume/ServerBackup/scripts
mydisk> ./database.backup.sh
The authenticity of host '[godzilla.takizo.com]:2222 ([123.456.123.111]:2222)' can't be established.
ECDSA key fingerprint is f7:9b:d6:92:7b:33.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[godzilla.takizo.com]:2222,[123.456.123.111]:2222' (ECDSA) to the list of known hosts.
receiving incremental file list
20150721122502.dbbackup.tar.gz

sent 42 bytes  received 18901016 bytes  1021678.81 bytes/sec
total size is 18997573  speedup is 1.01

The important part for this action is this line

Warning: Permanently added '[godzilla.takizo.com]:2222,[123.456.123.111]:2222' (ECDSA) to the list of known hosts.

This will add the host into /root/.ssh/known_hosts, when the script is run next time, it will not prompt the message again.

Setup the Task on Synology

Since the script is working perfectly fine. The last step is add it into Synology’s Task Schedule.

1. Go to “Control Panel” -> “Task Schedule”
2. Create “User defined-script”
3. Give a meaningful name for your “Task”
4. User choose “root” or any user you prefer
5. User-defined script: The script you created earlier inside Synology folder, “/volume/ServerBackup/scripts/database.backup.sh”
6. Put up a schedule for this, how often it should run and at what time.

After the schedule has been created, try run it again and check is the files transfer into your Synology folder (if you don’t have new copy of file in the server, delete the files earlier being rsync into synology).

Yep, basically you have another copy of backup on synology! Enjoy backup more stuff from remote server

There were a lot email queue in Exim’s queue, due to the blockage from recipient server. Unfortunately WordPress doesn’t have SMTP setting for outgoing email notification, it has to rely on third party plugins.

Here is what we implement on SMTP MTA to deny/rate limit outgoing from PHP’s mail() function.

On Exim config file, before hitting ACL configuration, place this config for non-smtp setting

acl_not_smtp = acl_check_not_smtp

After “begin acl” section, place this config

acl_check_not_smtp:

  deny
        senders = www@domain.com
        message = sorry server is offline

  deny
        ratelimit = 20 / 1h / strict / $sender_address_domain
        senders = *@domain.com
        message = sorry server is offline

  accept

The first rule is totally deny anything from apache’s vhost. It means non of the apache’s vhost can send outgoing email with PHP mail() function. If you are not comfortable with this. Can try on the second rules, which is rate limit the outgoing email, which can help to eliminate the massive outgoing email happened on apache web server UID.

Have fun controlling and fight with the spam

At approximately 3pm PST, the Syrian Electronic Army seemingly hacked into Twitter, Huffington Post and NY Times’ registry accounts altering contact details, and more significantly, DNS records. Modifying DNS records of a domain will allow SEA to redirect visitors to any site of their choosing.

Contact details for the Twitter.com domain were changed, but it’s reasonable to assume that if the SEA had the ability to change contact information, they may very well have had the ability to change DNS records and point the Twitter.com domain elsewhere, redirecting visitors and users.

The SEA also altered the DNS records for twimg.com which Twitter uses for virtually all CSS, JS, images, cookies and more. This means for many users, Twitter.com wouldn’t load correctly and avatars were unavailable across many Twitter clients.

[Story via TNW]

Parallels Access turns your iPad into a porthole to your more powerful (and heavier) Windows or Mac computers somewhere else. Connecting the your iPad to your remote machine through the cloud is the (relatively) easy part. The real magic is how Parallels Access elegantly shrinks your desktop applications into manageable tablet apps.

Parallels Access is a subscription service that links your computer to your iPad. As long as both ends are connected to the Internet, you should be able to connect.

[Story via Gizmodo]

Which is weird to me because isn’t that the updates are suppose to fix the vulnerabilities?

To overcome the error building/upgrade the port, invoke the make argument by allowing the portupgrade

# portupgrade -vr -m DISABLE_VULNERABILITIES=yes php52* 

This will ignore the vulnerabilities error message and continue with portupgrade of php52 packages. It can be use for other ports upgrade when you see the vulnerability error messages.

I usually refer to the timezone conversion table at Eastern Time to GMT

For example let say the online seminar is happening at EDT 21:00, it will be 01:00, +8 which is 09:00 (the next day) in my country.

It is always better to have MySQL Data Directory store in a specific partition/drive. It will help on performance and better management and scalability. You change change the data store directory in Linux by editing /etc/my.cnf file.

Edit /etc/my.cnf file

# vi /etc/my.cnf

Change the data directory structure

datadir=/db/mysql
socket=/db/mysql/mysql.sock

After the file has been updated, restart MySQL service.

$ wget -q -O - http://ipchicken.com |  grep -o -E '(^|[[:space:]])[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*([[:space:]]|$)'
# By default, FreeBSD doesn't have wget, you can use fetch instead
$ fetch -q -o - http://www.ipchicken.com | grep -o -E '(^|[[:space:]])[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*([[:space:]]|$)'

You need port 80 external/WAN access to perform the task.

check_dns usage is as below

$ ./check_dns -H host [-s server] [-a expected-address] [-A] [-t timeout] [-w warn] [-c crit]

Try to run the command as below and you will get the query result

$ ./check_dns -H systems.takizo.com -s 8.8.8.8        
DNS OK: 0.012 seconds response time. systems.takizo.com returns 70.32.103.130|time=0.011703s;;;0.000000

Sweet, that is the DNS query plugin, it does DNS query check on your DNS host server and return the query time.
Here is how to activate the monitoring, add the check_dns plug-in into Nagios’ commands.cfg configuration file.

On FreeBSD server, it’s located at /usr/local/etc/nagios/objects/commands.cfg
Edit the file commands.cfg and add the line below

define command {
        command_name    check_dns
        command_line    $USER1$/check_dns -H $HOSTADDRESS$ -s $ARG1$
}

• $ARG1$ is the argument you will parse into in the configuration
• $HOSTADDRESS$ is your host on Nagios monitoring.

Next, put the line below into service check configuration file

define service {
        use                                  generic-service
        host_name                       your-dns-host
        service_description          Check Google.com on DNS Server
        check_command              check_dns!www.google.com
}

Restart your Nagios service now

$ /usr/local/etc/rc.d/nagios restart

If it’s failed, you will the red color on the monitoring status. There are a lot other plug-ins can be explore too. Have fun.

• Bind DLZ – The Bind extension which can store your data in database MySQL, PostgreSQL and etc.
• NSD – A lot people didn’t know about Name Server Daemon, find out more from the eBook.
• DNS Planning – Name Server deployment planning, capacity planning and how to scale.
• PowerDNS – Configure and master it.
• LDAP DNS – Deploy DNS server with LDAP.

Alright, enough with the talks, where to download the eBook? It’s FREE for Download here