Category Archives: Hodgepodge

ungroup story

How to Setting VirtualHosts in XAMPP on Mac

Posted on by
Reply

1. Enable VirtualHosts

Open the file “httpd.conf” which locate at:
/Applications/XAMPP/xamppfile/etc/httpd.conf by Textwrangler or other text editor.
Look for the following lines:

# Virtual hosts
#Include /Applications/XAMPP/etc/extra/httpd-vhosts.conf

Uncomment the second line by removing the hash (#), so that Apache loads your custom VirtualHosts configuration file:

# Virtual hosts
Include /Applications/XAMPP/etc/extra/httpd-vhosts.conf

2. Add Your Custom VirtualHosts

Open the file /Applications/XAMPP/xamppfile/etc/extra/httpd-vhosts.conf.
At the bottom of the file, add ‘localhost’ as the default named VirtualHost:

# localhost
<VirtualHost *:80>
    ServerName localhost
    DocumentRoot "/Applications/XAMPP/htdocs"
    <Directory "/Applications/XAMPP/htdocs">
        Options Indexes FollowSymLinks Includes execCGI
        AllowOverride All
        Order Allow,Deny
        Allow From All
    </Directory>
</VirtualHost>

After you add the default localhost. Now you can add your own virtualhosts

# mysite.local
<VirtualHost *:80>
    ServerName mysite.local
    DocumentRoot "/Users/phichamon/Public/mysite/"
    <Directory "/Users/phichamon/Public/mysite/">
        Options Indexes FollowSymLinks Includes ExecCGI
        AllowOverride All
        Order Allow,Deny
        Allow From All
    </Directory>
    ErrorLog "logs/mysite.local-error_log"
</VirtualHost>

In the example you can replace “mysite.local” with your own hostname.

3. Edit hosts file

Once you’ve saved your httpd.conf and httpd-vhosts.conf files, the next step is to edit your OSX hosts file by open the Terminal instance, and at the prompt type the following command:

sudo nano /etc/hosts

Enter your OSX password when prompted, and the hosts file will be opened in the nano text editor. You’ll see that the hosts file already contains some default hostname mappings (e.g. “127.0.0.1 localhost”). Use your keyboard’s arrow keys to navigate to the bottom of the file and add your own mapping:

# XAMPP VirtualHost mappings
127.0.0.1 mysite.local

4. Restart Apache

So that your changes take effect, restart Apache. This can be done using XAMPP Control, which is found at /Applications/XAMPP/XAMPP Control.app.

Point your browser at http://mysite.local (or whatever ServerName you chose) and you should see your website.

if you have error about server error you can fix by change the file permission by add the following command on terminal.

chmod 755 /Users/phichamon/Public/mysite/
or
sudo chmod -R 755 /Users/phichamon/Public/mysite/

How to show hidden files in Finder – Mac OS X

Posted on by
2

Mac OS X Finder hide hidden files by default. To show hidden files in Finder, you need to use two commands (AppleShowAllFiles and killall).

Just follow the steps below and your finder will show hidden files:-

    Start your “Terminal”
    type “defaults write com.apple.finder AppleShowAllFiles TRUE” and enter (without the quote)
    type “killall Finder” and enter (without quote)
    Done. You have just enable your show hidden files in Finder

To disable the show hidden files in Finder, follow the steps below:-

    Start your “Terminal”
    type “defaults write com.apple.finder AppleShowAllFiles FALSE” and enter (without the quote)
    type “killall Finder” and enter (without quote)
    Done. You have just disable your show hidden files in Finder

See also: http://www.brooksandrus.com/blog/2007/03/23/mac-os-x-show-hide-hidden-files-in-finder/

What to do when your WordPress site has been hacked?

Posted on by
3

Once day google sent me this message in my mail box.

  • Phishing notification regarding http://fusionpeach.com/

    Dear site owner or webmaster of http://fusionpeach.com/,

    We recently discovered that some pages on your site look like a possible phishing attack, in which users are encouraged to give up sensitive information such as login credentials or banking information. We have removed the suspicious URLs from Google.com search results and have begun showing a warning page to users who visit these URLs in certain browsers that receive anti-phishing data from Google.

    Below are one or more example URLs on your site which may be part of a phishing attack:

    http://www.fusionpeach.com/~aptour/new/hy0ew9y9wey9dsysdsdlajsldjsasdaosa0d8ew0sdiadashgoidgsoaudgsaoudgosuadgosaugdouasgdousagdosuagdoasugdosuagdoasugdosaugdsouadgoas/u0we99wqeyq90wryq0wrwqr/resolutioncenter/Login.htm

    Here is a link to a sample warning page: http://www.google.com/interstitial?url=http://www.fusionpeach.com/~aptour/new/hy0ew9y9wey9dsysdsdlajsldjsasdaosa0d8ew0sdiadashgoidgsoaudgsaoudgosuadgosaugdouasgdousagdosuagdoasugdosuagdoasugdosaugdsouadgoas/u0we99wqeyq90wryq0wrwqr/resolutioncenter/Login.htm

    We strongly encourage you to investigate this immediately to protect users who are being directed to a suspected phishing attack being hosted on your web site. Although some sites intentionally host such attacks, in many cases the webmaster is unaware because:

    1) the site was compromised

    2) the site doesn’t monitor for malicious user-contributed content

    If your site was compromised, it’s important to not only remove the content involved in the phishing attack, but to also identify and fix the vulnerability that enabled such content to be placed on your site. We suggest contacting your hosting provider if you are unsure of how to proceed.

    Once you’ve secured your site, and removed the content involved in the suspected phishing attack, or if you believe we have made an error and this is not actually a phishing attack, you can request that the warning be removed by visiting this page, and reporting an “incorrect forgery alert.” We will review this request and take the appropriate actions.

    Sincerely,

    Google Search Quality Team

After I’ve done some researches I know that my site was hacked by someone who is a client of my hosting which his username is “aptour” because my hosting still use the old version of the cPanel So I’ve done the following:
1. Back up my site and database.
2. Check Server Log (Law access logs)
3. Check .htaccess files in the root directory. It may be redirect rules there.
4. Create New FTP account, delete the old one the use new FTP to delete that page. (In my case, it’ve already removed or temporary page)
5. Login to PhpMyadmin to revise your data. (I’ve found new admin user and removed it.)
6. Change database username/password.
7. Change WordPress Admin Password.
8. Change WordPress Authentication Unique Keys by use “https://api.wordpress.org/secret-key/1.1/”
9. Upgrade wordpress then disable using the xmlrpc.php (I don’t publish my blog by email)
10. Contact my hosting, inform what happen.

Now everything has already secured. So let’s google help us check our site again.

Resouces