Comments (0)

By admin, June 2, 2014 8:45 pm

今天发现一客户的网站中出现了很多隐藏的文件,文件名开头均为com,aux,lpt,con,prn,nul等字母开头的.还发现有一名为文件为”PRN.asp:.jpg”的文件.删除改名都不行.
google了一下,发现Windows 下不能够以下面这些字样来命名文件/文件夹，包括：“aux”“com1”“com2”“prn”“con”和“nul”等，因为这些名字都属于设备名称，等价于一个 DOS 设备，如果我们把文件命名为这些名字，Windows 就会误以为发生重名，所以会提示“不能创建同名的文件”等等。
当然，有一些特殊的方法可以偷机取巧，建立以这些设备名为名的文件夹，比如我们在命令提示符下执行“md C:\aux\\”，就在 C 盘建了一个名叫 aux 的文件夹。此文件夹虽然可以访问，也可以建立子文件夹，但却无法删除，因为 Windows 不允许以这种方式删除设备。在系统看来，这个 aux 文件夹就是设备。
那么，如何删除这样的文件/文件夹呢？我们只要按照完整的 UNC 路径格式，就是网上邻居的路径格式，正确输入文件路径及文件名即可。比如要删除 C 盘下的 aux 文件夹，可在命令提示符下执行：rd /s \\.\C:\aux，rd 是命令提示符删除文件夹的命令，/s 参数表示从所有子目录删除指定文件。再比如要删除 C 盘 temp 文件夹下的 nul.exe 文件，在命令提示符下执行：del \\.\C:\temp\nul.exe 即可。如果有属性可以用attrib命令去掉相关属性,attrib -s -r -h -a \\.\c:\temp\nul.exe再删除.
至于PRN.asp:.jpg,采用del \\.\D:\****\PRN.asp:.jpg的方式是删除不了的.只好用rd删除整个文件夹,有属性的话用attrib命令去掉属性.

Comments (0)

By admin, May 31, 2014 10:58 pm

Today I found out there are over 100K PHP session files locate in Windows Temp directory and it’s impossible to open the Temp directory with Windows Explorer, hence not able to remove any file.

The solution is to use a dinosaur tool called DOS Command!

del /F /Q sess*

Da Da…after a few minutes, you can open the temp directory again with Windows Explorer, this really comes handy when you need it.

Of course, I’ve also changed the session.savepath and since PHP uses garbage collection every 24 minutes, so this left over session problem is fixed as well.

Comments (0)

By admin, May 31, 2014 11:47 am

Recently, I need to configure PHP to run on Windows Server 2008 R2. Even I’ve done this countless previously, but things still didn’t work in the first go, my test.php below displayed the raw code when running from browser.

<? phpinfo; ?>

It turns out to be a simple parameter (ie, short_open_tag) wasn’t turned on in php.ini.

;;;;;;;;;;;;;;;;;;;;
; Language Options ;
;;;;;;;;;;;;;;;;;;;;

; This directive determines whether or not PHP will recognize code between
; <? and ?> tags as PHP source which should be processed as such. It’s been
; recommended for several years that you not use the short tag “short cut” and
; instead to use the full <?php and ?> tag combination. With the wide spread use
; of XML and use of these tags by other languages, the server can become easily
; confused and end up parsing the wrong code in the wrong context. But because
; this short cut has been a feature for such a long time, it’s currently still
; supported for backwards compatibility, but we recommend you don’t use them.
; http://php.net/short-open-tag

short_open_tag = On

Comments (0)

By admin, May 27, 2014 6:25 pm

Out of blue, after years of searching for the best way to prevent spammer from inside. I think I probably found the solution by extending Delay between Recipients to 5 seconds on Outgoing SMTP, which keeps the email password cracker away.

It’s really more a mind tactic than the actual technical solution, as the spammer will give up right away if they find your SMTP server is so slow sending out emails per second. I strongly suspect they have a set of standards, say if a SMTP server can’t deliver more than 10 email per second, then they won’t use it…after all, why bother to use a slow SMTP while they are plenty powerful ones out there.

In contrast, by using Grey Listing on incoming SMTP also greatly reduced the spam or email DDOS by a large percentage.

Just my 2 cents.

Update: Jan 16, 2018

Today client’s email server had a DDOS attack, one of the users got tens of thousands of email and this made the spooler almost crashed, hence CPU stays at 100%. Solution is to decrease the SMTP Delay from 5 seconds to 1 second, so the email server can quickly bounce back the email (of course, remove that user temporarily).

Lesson learned, Delay SMTP delivery may cause dearly at a specific occasion, so use it wisely according to the actual filed scenario.

Comments (1)

By admin, May 24, 2014 8:30 am

Received a letter from Devin Wenig, President, eBay asking everyone to change their password.

If you used the same eBay password on any other site, I encourage you to change your password on those sites too. And if you are a PayPal user, we have no evidence that this attack affected your PayPal account or any PayPal financial information, which is encrypted and stored on a separate secure network.

Comments (2)

By admin, April 7, 2014 1:10 pm

It is generally accepted as common knowledge that the high-end RISC server vendors—IBM and Oracle—have been bleeding market share in favor of high-end Intel Xeon based servers. Indeed, the RISC market accounts for about 150k units while the x86 market has almost 10 million servers. About 5% of those 10 million units are high-end x86 servers, so the Xeon E7 server volume is probably only 2-4 times the size of the whole RISC market. Still, that tiny amount of RISC servers represents about 50% of the server market revenues.

Comments (0)

By admin, January 30, 2014 11:45 am

Seemed Lenovo is making the move again, but it seem IBM is always selling the rubbish to Lenovo to me…haha…

On January 23, Lenovo and IBM have entered into a definitive agreement in which Lenovo plans to acquire IBM’s x86 server business. As a valued client of IBM, I wanted to reach out to you with this exciting news, and give you some of the highlights:

Under the agreement, Lenovo plans to acquire IBM’s System x, BladeCenter and Flex System blade servers and switches, x86-based Flex Systems, NeXtScale and iDataPlex servers and associated software, networking and maintenance operations.

IBM will retain its System z mainframes, Power Systems, Storage Systems, Power-based Flex servers, and PureApplication and PureData appliances. This is consistent with our strategy over the last several years to continually remix our portfolio to focus on high value solutions and services for our clients.

Lenovo and IBM plan to enter into a strategic relationship which will include a global OEM and reseller agreement for sales of IBM’s industry-leading entry and midrange Storwize disk storage systems, tape storage systems, General Parallel File System software, SmartCloud Entry offering, and elements of IBM’s system software portfolio, including Systems Director and Platform Symphony.

Comments (0)

By admin, January 11, 2014 7:38 pm

Yesterday was like a long fight, different parts started to fall apart within a few hours, first it was one of the ESX host, then Equallogic, finally Group Manager and iDrac problem, people say Shxt happens, this fits exactly to my case!

One thing I’m glad that Dell fulfilled it’s promise this time and fixed everything within the 4 hours pro-support contract (hardware wise of course), poor guy has to go to NOC twice and worked till almost mid-night with me working remotely.

So please let me list them accordingly:

1. ESX Host:
I suddenly received a host fail alert, vCenter shows the problem host got disconnected, all the VMs on it also went grey out. Funny thing is all VMs can be still pingable and function perfectly normal as if there is nothing wrong.

Telnet/SSH Even Console hung completely, there was no way to login using root, openmanage doesn’t load. Later I found out a 15K 146GB disk failed in a RAID1 configuration from iDrac system log.

Worst enough, the replaced disk did not start to rebuild. Later Dell’s technician went into Megaraid BIOS utility and found out he has to manually add back the disk. I suspect the problem is due to the replaced disk is a Fujisu where as the faulty disk is a Hitachi, that’s why they don’t work together initially. (they should in theory, but in reality NO)

At this stage, since there is no way to remove the live VM or do a vMotion, I have no choice but to power down the host manually. Even more strange, HA didn’t kick in, all the VM did not restart on other hosts in the cluster even after 5 mins.

The whole rebuild took about 15 minutes, thanks to RAID1. The rebuild status in Openmange shows it’s always 33% while the disk light stopped blinking (meaning completed), funny! After reboot again, the optimal status can be verified in Megaraid BIOS, also reflects in Openmanage later, so this means Openmanage takes time to fetch the status from different hardware parts.

So I still have no clue why the faulty disk in a RAID1 caused the ESX host to be non-responsive.

2. Equallogic:

I received the following notice multiple times via Email, Group Manager shows it’s Information type and it’s in Green, I’ve sensed there must be something wrong, so I called Dell EQL support, as expected, the local support knows nothing about it.

—————————————–
INFO event from storage array eql01
subsystem: SP
event: 14.2.22
time: Fri Jan 10 12:10:30 2014

I/Os containing bad blocks were read from drive 10 and successfully reconstructed in the last 8 minutes.
—————————————–

After approximately 6 hours, the following faulty alert confirmed my previous worry.

—————————————–
ERROR event from storage array eql01
subsystem: SP
event: 14.4.22
time: Fri Jan 10 20:11:15 2014

Disk drive 10 failed in RAID LUN 0.
—————————————–

So the previous notice is actually EQL’s Predictive Failure in Action!!!

SANHQ also generated the similar alert.

Warning conditions:

• 1/10/2014 8:10:50 PM to 1/10/2014 8:12:50 PM
  • Warning: Member eql01 RAID Set Is Degraded
    • Warning: Member eql01 RAID set is degraded because a disk drive failed or was removed.
  • Warning: Member eql01 RAID More Spares Expected
    • Warning: Member eql01 The current RAID configuration requires more spare drives then are currently available.
  • Warning: Member eql01 has a failed drive in slot 10

With the replacement disk, reconstruction immediately took place, and the process took about 1 hour to complete, again, thanks to RAID1.

3. EQL Group Manager

As I need to verify if the replaced EQL disk has successfully changed to a hot spare, then I found out I can no longer login to EQL Group Manager due to some strange Java error, no matter if it’s IE or Firefox. The Java version is v7 u45, then I’ve tried different versions until I figured out only v7 u17 worked. My conclusion is EQL firmware plays a big role in this case, as I am still using v5.2.2, so EQL probably hard coded the requirement into their application, anyway, Java JRE verion always produces nasty problem in my environment one way another, so I’ve decided not to upgrade it for sure.

4. iDrac

Back to the Disconnected Host with faulty disk, I found I can no longer login to iDrac Web UI, IE works but producing all sorts of problem, not to mention the console doesn’t show up at all with its ActiveX stuff. I’ve even tried to removed the iDRAC cert from advanced option, reboot the managed machine, won’t help at all, and it turns out a simple Content Cache Clear in Firefox solved the problem completely! Ridiculous Really!

If it still doesn’t work, do a soft rest by “racadm racreset soft”

5. Veeam

Yes, it’s not finished yet, I also found Veeam’s schedule job stopped working as I am still using V5.0.1, there is a Veeam KB and an update (v5.0.2) for this issue, but I can’t explain why it’s been working for 3+ years and suddenly stopped working with no reason, so I’ve removed all the old backup and created a New Full Backup, truth will tell by tomorrow morning and I shall verify the Schedule Job again by then.

Update: I have to install the update in order to solve the schedule job doesn’t run problem. Also do remember to close all the extra TPC/UDP ports that’s been re-enabled by the upgrade of Veeam B&R program. (Potential Risk: Veeam Agent, NFS and Windows Shares in particular)

Updated:

Restarting the management agents on ESX may help:

1. Log in to your ESX Server as root (by su -) from either an SSH session or directly from the console of the server.
2. Type “service mgmt-vmware restart”.
   Caution: Ensure Automatic Startup/Shutdown of virtual machines is disabled before running this command or you risk rebooting the virtual machines.
3. Press Enter.
4. Type “service vmware-vpxa restart”.
5. Press Enter.
6. Type “logout” and press Enter to disconnect from the ESX host.

Comments (0)

By admin, December 24, 2013 12:24 pm

說真的，我還在用v5.2.2，v6頂多可以叫做5.4，v7那也就是5.7。

EQL最近一兩年這樣的命名方式簡直就是自欺欺人，用來嚇唬人新人還可以，其實背后根本還是一頭紙老虎來的。所以最近一年v6和v7的更新在EQL社區里都沒有像之前5.1引來那么大的回響了，而那些所謂的新功能其實也都比較雞肋。

咨同樣道理ESX4.1>ESX5.5 (其實應該叫ESX4.8)沒之前那么大的回響也是預料之中。

If it ain’t broke don’t fix it

另外據一位資深中國Dell L2工程師多年前的忠告，如果沒事就請別搬石頭砸自己的腳，請不要動不動就去升級各類硬件的Firmware和Driver，一定要以穩定至上。

e.g., http://communities.vmware.com/message/2300998

Last but not least, keep your network & storage design simple but elegant!

最後其實我一直都有以下疑問，多年來都沒有得到很好的答案:

個別Member出錯的機會應該會隨着你增加EQL Members進Group而增加的，那豈不很危險﹖想想看，一個16個Members的Group個別硬件出錯機會一定比一個4個Members的Group大。

如果是我的話，就會把16個Members的Group分成4組4個Members的Group，主要還是不放心。

究竟怎樣分配才是最佳的平衡點呢﹖

Comments (0)

By admin, November 14, 2013 1:22 pm

6 months ago, I found my Windows 7 C:\ drive (50GB) is almost used up, using WinDirStat (another neat tool), I quickly found out C:\Windows\WinSXS and iPhone Backup took up 20% and 15% of the space respectively.

I’ve been searching for a simply solution to reduce these wasted space especially in C:\Windows\WinSXS without success. It has come to a point that I almost used up my entire C:\ today, my only option is to use Acronis Disk Director to expand C:\, but that involves some risks.

Luckily, I fount out Microsoft has released a nice updated Disk Cleanup tool just about two weeks ago that will solve all the problem at once.

So problem solved for now!

As for changing the default iTunes backup folder location, here is a good link.