Asides
manually removing a pool slave from a pool in XenCenter
manually removing a pool slave from a pool in XenCenter
Problem: The pool master was lost or the ip address was changed. Upon bootup of one of the pool’s slaves, it came up with no management network, and no network interfaces to configure.
Resolution:
MAKE SURE YOUR VMs ARE BACKED UP!!!! LOCAL STORAGE WILL GO AWAY AFTER THIS AND WILL HAVE TO BE RE-CREATED.
Remove the slave server from XenCenter.
At the slave console’s main menu, go to “Network and Management Interface”, “Emergency Network Reset”
Login, and walk through he steps of re-assigning your address. Go ahead and enter an address for the master when prompted.
The server will reboot.
Go to “Local Command Shell” on the main menu.
Check the state of the server:
xe host-is-in-emergency-mode
answer: true
because the server is still in emergency mode, we need to edit the pool.conf.
nano /etc/xensource/pool.conf
It will probably reference “slave” and whatever address you defined as your master.
Remove all entries and add : master
save the conf file with Ctrl + o, exit with Ctrl + x
Rename the state.db with this command.
mv /var/xapi/state.db /var/xapi/state.db-old
Exit to the main console with xsconsole.
reboot it, and you should be able to re-add it to XenCenter and your pool.
More on changing ip addresses here:
http://support.citrix.com/article/CTX123477
Adding your local storage back to the xenserver:
Once you’ve re-added your server back to XenCenter, you’ll notice that your storage devices are gone. to re-add:
On the console tab of the server you just added, You can list your devices with:
cat /proc/partitions
get your device id’s with:
ll /dev/disk/by-id
Execute the following command:
xe sr-create content-type=user device-config:device=/dev/disk/by-id/<device ID from the list from the previous command> host-uuid=<ID can be copied and pasted from the “general” tab> name-label=”Give It a Name” shared=false type=lvm
If you’re trying to add the disk with the system on it, you’ll have to select the partition to restore:
xe sr-create content-type=user device-config:device=/dev/disk/by-id/<device ID for the partition from the list from the previous command> host-uuid=<ID can be copied and pasted from the “general” tab> name-label=”Give It a Name” shared=false type=lvm
This might at least allow you to get and files on that storage off to a more stable place. With a server in this condition, I would recommend reloading XenServer once you’ve taken everything that you need off of it.
Matt Long
02/24/2015
Remove WordPress Generator Tags: Powered by Visual Composer – drag and drop page builder for WordPress
Remove WordPress Generator Tags: Powered by Visual Composer – drag and drop page builder for WordPress
When using a WordPress theme that uses the ‘Visual Composer’, a meta tag
- Powered by Visual Composer – drag and drop page builder for WordPress
Is displayed on the output of each of your pages.
You can use a tool like our WordPress Website Tool to see what generator meta tags are exposed by your WordPress installation
Since one of our initiatives here at Matraex, Inc while optimizing WordPress websites, is to remove the telltale signs of a WordPress installation, we need a way that we can easily remove these tags.
We already have a plugin that we install into each of the WordPress websites that we manage which helps us to optimize each of them so we had a quick place we could add custom code to handle the removal.
This gives us a more reliable way to customize the output, without having to worry about the settings within different plugins.
We added the following code which removed the Visual Composer Generator Tag
add_action('init', 'optimize_fixwp_head', 100);
function optimize_fixwp_head() {
remove_action('wp_head', array(visual_composer(), 'addMetaData'));
}
Once you have added this, you can do a very quick check to see that the meta tag has been removed using our WordPress Website Tool .
The tool will also help you identify whether you have any other common WordPress exposure issues.
In researching the way to implement this thanks to :
- wpbakery – http://codecanyon.net/item/visual-composer-page-builder-for-wordpress/242431/comments?page=162
- sbahjaoui – https://wordpress.org/support/topic/wp-meta-info
Website Owners 6 Free Speed Security and SEO Tools
Website Owners 6 Free Speed Security and SEO Tools
6 Free Speed, Security and SEO Tools Matraex, Inc Uses
There are a plethora of tools out there to help you evaluate your website. We have built a few ourselves that help us manage multiple websites. The following list is geared towards a website owner and should help you to understand some important aspects of your website.
If you should ever need anything part of your website changed, contact us here at Matraex for fast effective help.
1) Pingdom Webspeed Test
A good, full page speed load tester, it gives a score and suggestions for improvements – http://tools.pingdom.com/fpt/
2) Google PageSpeed Insights
A phenomenal resource for understanding how you can improve the load speed and experience of your website. Google gives you a Mobile and Desktop Grade and then gives suggestions and advice with downloads. – https://developers.google.com/speed/pagespeed/insights/
[Matraex Website Performance Assessment Log – saves results from tools 1 and 2 above to help users ‘watch’ the effect that changes have on their performance]
3) Qualys SSL Labs test
A great free test to check that your SSL certificate on your site does not have any vulnerabilities, The site gives your SSL certificate a grade and describes any problems. This is a great repeatable test if you have a site looking to become PCI compliant – https://www.ssllabs.com/
4) Jitbit SSL
Scan your https:// site to see if you have any insecure content. This test can help identify images, style sheet, javascript and other linked content which runs over an insecure (http://) connection – https://www.jitbit.com/sslcheck/
5) Securi Site Scan
Run a scan on your WordPress website with securi, this will help identify malware or hacks on your site. – https://sitecheck.sucuri.net
6) SEMRush SEO Evaluation
Find how your site is performing – SEM Rush gives you a single overview page with almost too much information. Take a look at your results for organic search backlinks and keywords. The initial report is free however SEM Rush charges for more frequent and advanced reports. Their free report gives you a good general idea to allow you to decide whether you want to get more indepth – https://www.semrush.com/
We of course want to include a link to our free tool as well, our tool helps us to take an even smaller, faster look at a WordPress Website’s speed, security and exposure, take a look if it fits your type of site – https://www.matraex.com/website-check.php
If these tools gave you a good idea about how your website is performing for you, but you would like more info or you would like to improve it, contact us or give me a call to discuss your website – Michael Blood 208.344.1115 x 250
7 Big Words in Website Design
7 Big Words in Website Design
Some of these words are more basic than others, but if you don’t already know these terms you should learn them as they may help your discussion with a web developer. The only criteria for these words / phrases were 1) “big”. they had to be three syllables or more and 2) they had to be terms that would apply to a web design / development conversation. (my contact information is at the bottom of this post so you and I can have a conversation about your website design)
[mtxquickform label=”Suggest a word to define” collectemailaddress=1 hidelist=’emailaddress’ submitbutton=’Suggest’ emailto=”michael@matraex.com” style=’float:right; width:40%; max-width:350px; font-size:12px; font-weight:normal; border:1px solid black; padding:10px; margin:10px; border-radius:4px;’]
- Deep Linking
- Localization
- Minimal Design
- Parallax Scrolling
- Responsive Design
- Skeumorphism
- Typography
Deep Linking
Creating a link directly to a piece of content instead of your home page. The content may otherwise have been buried behind searches or link only available on your website.
Where the page on our website might have been http://matraex.com?p=7044, we use deep linking and have this url https://www.matraex.com/bulk-domain-ns-mx-and-a-record-lookup-tool/
Using good naming convention and deep linking can help a in Search Engine Optimization.
Localization
The process of adapting a product or content to a specific locale.
A website may look up your location from your profile or by IP Address and then change what you see or what language is displayed.
The idea is simple but it can be difficult to implement. In browser translation helps users browse websites which do not have language localization.
Minimal Design
Not specific to web design, this is the idea that less is more.
The idea has taken hold on the web as people respond to websites which create more focused content with less clutter.
Parallax Scrolling
The technique of moving the background images at a different rate than the foreground images, thereby creating and illusion of depth.
Some sites simply move a background a small amount as you move around, other sites have a more involved method of handling the scroll to move through a picture.
http://www.dementialab.org/discovery-lab/ has a very engaging method of moving through their pictures.
Responsive Design
A method of site design which ‘responds’ to the resolution of the users screen to ensures the site looks great for all sizes.
Often the businesses logo and the website navigation menu are shrunk down to make more room for other website content.
A responsive site has become a necessity as users increasingly find other business using mobile devices.
Skeuomorphism
Making the items that are represented in digital form, resemble their real-world counter parts. An example is this microphone which was used in a voice recording app.
A quick way to get up on the concept is to read Gizmodo’s discussion of it. You can also see several examples of it by searching Google Images for ‘Skeuomorphism examples‘
Realism
Typography
The art of arranging typed text to make written language appealing.
Includes selecting the typeface, point size, line and letter length and spacing.
Take a look at a Google Images search for Typography fonts to see lots of examples.
Website Developer
Contact Michael Blood with Matraex, Inc to have a discussion about these or any other Website Development Terms – 208.344.1115 x 250 – Contact Form
Custom network tools we use at Matraex
We had a need for some Network Tools and we could not find them, so we created them
As Matraex has been developing websites over the last 15+ years, we have used many tools to do it.
We often find areas which there are no tools, or we could automate time consuming or error prone tasks in order to get them done more quickly and efficiently.
For these areas, we have developed some Network Tools which help us to get what we need done.
DNS and Name Servers
Bulk DNS Lookup
One of areas we identified was when dealing with new customers with a large number of domains. In ideal situations, the domains would all be registered with a single registrar account and all using known name servers. However that has not always been the case. We built the Bulk MX, DNS Domain Lookup tool to help us quickly assess the domain name, where it is located, who hosts the Name Servers, domains and mail services.
Name Server Compare
In other cases we found that we needed help in identifying where multiple name servers is not set to the same value on different servers. For example if a domain uses three different name servers, there are times that those name servers many not be setup the same and may report different values.
For this we built the https://www.matraex.com/nameserver-compare-tool/
This is especially useful when moving a number of domains from one name server to another.
Website Performance
Website Performance Assessment Log
To help us track the performance increase (or decrease) for Websites we built the Website Performance Assessment Log. The tool has very little functionality itself, however it allows you to type in statistics from Pingdom and from Google’s PageSpeed Insights, then once you make changes to your site you can type in the next set of statistics. This is helps to track which changes made a difference and which changes did not.
WordPress Website Check
We needed to quickly be able to assess a new WordPress website. So we built the Website Check tool which grabs some quick speed and page load statistics, does some security checks and checks on what your WordPress site exposes.
Other less popular, but some times helpful tools,
- our CSS helper tool, this tool helps us identify duplicate and overriding style sheet definitions on a single style sheet.
- Our buik – unix time to date converter. You can paste in a block of text (typically I copy this from some syslog file which logged in unix timestamps) and the tool replaces any found timestamps to help us quickly read the results with Date/ Time stamps
Matraex Inc has other tools as well and we try to offer these tools free (within reason) in order to allow others to do the same thing we do.
WordPress Website Check Instant tool 3 feedback areas
WordPress Website Check Instant tool 3 feedback areas
When working with WordPress websites, there are three main areas we assess within the first few seconds, speed, security and exposure. To help us quickly do this, we built a tool, WordPress Website Check Instant tool 3 feedback areas, which pulls this information quickly and puts it into a single interface.
WordPress Website Check – http://matraex.com/website-check.php
While each of the three areas of speed, security and exposure go much deeper than this small scan, we are able to see some very important metrics very quickly.
Three Checks
Speed
We can see the download speed, the size of your home page, the number of external CSS files and the number of external scripts. This helps us to see how well the site has been optimized. Typically wordpress websites are made up of a Theme with enabled capabilities, as well as a number of plugins. Each of the capabilities and plugins will often have their own stylesheets and script files which can add up to a bloated website.
Security
WordPress websites are the subject of frequent hack attempts. Website scanners quickly find WordPress sites that have their admin and login scripts exposed. The scanner identifies the scripts. If the scripts do not block access after a number of failed attempts (with the username ‘admin’ and then with a random username) the script fails.
Exposure
WordPress websites often publish their version number as well as details about which plugins it uses. This information ideally is private and if possible should be kept private. When vulnerabilities in these tools are found, this is an advertisement to exploit your site.
The results can be saved and a link will be sent to your email so you can permanently have access to the results
The tool is our way of checking a site within seconds, and we offer it free. Our hope is that others find this useful ad will come to Matraex, Inc for their Website Development, Design, Hosting and Security needs.
Matraex, Inc
208.344.1115
DNS Nameserver Response Comparison Tool
DNS Nameserver Response Comparison Tool
Over the years, as we have worked with setting up Nameservers with A records we have found that it can be a rather complex task. So we made a DNS Nameserver Response Comparison Tool.
The work of configuring the servers is straight forward (we prefer to work with Bind on Ubuntu). We have come up with ways of automating the configuration in order to manage the large numbers of domains our Name Servers handle. However when an issue comes up it can take a considerable amount of time to identify differences between the servers.
The time that it takes for records to propagate throughout the internet and simultaneous whois record updates can add confusion.
So, we came up with the Nameserver Results Compare Tool.
- Enter Nameserver 1 and Nameserver 2
- Enter a list of domain names
- Review the results with discrepancies highlighted
The link to the tool is here:
https://www.matraex.com/nameserver-compare.php
Some other uses of the tool:
- Know whether a new Nameserver correctly reports all of your domain names, before you put it in production
- Compare googles 8.8.8.8 Nameserver results against your own.
- Identify when a recursive name server is caching the results in stead of requesting them from the authoritative source
As of this writing, the tool is new. If it is anything like the Bulk MX and DNS Lookup Tool we will likely add new features as we find new uses for it.
Some of the potential new features we could see for the future:
- Add multiple additional name servers
- Save frequently used name servers
- Add different record types (MX, TXT, CNAME)
- Control and report on the recursive portion of the request
- Track the comparison history
If you find this tool to be useful, please do provide a review for us. If you think of an enhancement that could make this DNS Nameserver Response Comparison Tool even more useful, please let us know (email: dnsutil @ matraex.com )
Owning Your Application Take Possession
Owning Your Application Take Possession
If you are a manager whose business relies on a website, apps or other software in order to function, the location and ownership of those assets (your application) is important.
- The manager does not the access to the source, and they must to request it from the original developer
- The manager is not familiar with where the source is or which components used to make it run
- The manager does not know how to confirm whether they have all of the information they need
In general, many client rely on a third party to maintain possession of their Intellectual Property to be able to give us access.
In order for your business to have true ownership of your assets, you need to be able to “WITHOUT HELP FROM YOUR EXISTING PROVIDERS” switch your providers.
A provider is your current website host, your application developer, the vendors that provide you services.
I have a bunch of scenarios which highlight the needs a company for full ownership.
- Any one person is hit by a bus! – This is a favorite, if your company is not able to get access to your application source, website, software or other assets without a one person, you do not have possession. Most of the time this happens when a freelancer or small company built your application, you have confirmed that the application is working, but you have not had it transferred to you. You still must call your provider any time you need work.
- If the building where our applications server blew up, we will have to rebuild – keep backups, and make sure you can access them
- You know you have multiple servers or components, but you are not sure how they connect and you will need to make a couple calls to get that information.
- Your current developer is heading out of town and you need us to talk to them to understand the application in case something happens while they are gone.
In each of these cases, you would be able to remove these as issues if you had full knowledge of your systems. Even better, you had documents which you could point at, which had all of the knowledge in them. This is really emergency preparedness for your application.
If you need help collecting, identifying, documenting and truly owning your application, Matraex can help you with that – 208.344.1115
—
Website Performance Assessment Tool Store Compare Page Speed Size Grade
Webpage performance is important and there are a plethora of tools out there that allow you to see your website’s performance.
The tools give a large amount of information and website owners can use that information to make assessments and improvements.
As we use these tools to help our clients improve the performance of their websites, we found a couple of needs:
- We needed a tool to quickly compare the results between changes
- We needed somewhere we could go to quickly lookup results next time that we evaluated the performance
So, we built the Website Performance Assessment Tool (matraex.com/website-performance).
This tool allows us to 1) Enter a web page url 2) Link to two third party performance tools(pingdom,PageSpeed) 3) Enter the results and 4) Save
The numeric results are then stored in a table and as we make changes we can see how performance improves.
With a couple of enhancements (the ability to track multiple urls and an improved User Interface) we decided to make this tool public and encourage others to use it.
The primary benefits we see are:
- The ability for non technical users to track their site performance
- Website owners can track and evaluate changes made by their website developer
- Website developers and website owners can use the tool to communicate performance expectations and results
Here is one example of how it can work:
- A website owner opens the website assessment performance tool and enters their website url
- They use the quick links to generate metrics for a Performance Grade, Number of Requests, Load time, Page size and a Desktop and Mobile Grade
- They enter the metrics into the tool and click Save
- They notice that the total Load time is more than 4 seconds so they ask their website developer to improve the results.
- Specifically they describe they want:
- the Load Time to decrease to less than 2 seconds and
- the Desktop and Mobile Grade should improve to better than 85% each
- The developer makes changes and tells the owner the changes are complete.
- The owner opens the Performance Tool and re enters the metrics and evaluates whether it is true.
- One month later the owner comes back to the tool and checks again and can see the history and whether performance has degraded.
COMMANDDUMP – installing wpscan penetration tool on a clean ubuntu 14.04 server
COMMANDDUMP – installing wpscan penetration tool on a clean ubuntu 14.04 server
WPScan (http://wpscan.org/) has instructions for installing on Ubuntu 14.04, however when attempting to install it on a clean 14.04 there were several missing dependencies.
(In Ubuntu 14.04 the default is ruby1.8 so the commands I added address this)
So I came up with the following commanddump required to install – this works as of 1/19/2016
sudo apt-get install libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev build-essential libgmp-dev #remove this package ruby-dev which links to an old package sudo apt-get install ril1.9.1 sudo apt-get install ruby1.9.1-dev #thanks stackoverflow gem install addressable -v '2.4.0' #checkpoint you should receive a 'Successfully installed addressable-2.4.0 gem install ffi -v '1.9.10
#checkpoint you may need to install some ruby gems files
git clone https://github.com/wpscanteam/wpscan.git cd wpscan sudo gem install bundler && bundle install --without test
sudo gem install bundler && bundle install --without test
By the way, kudos to this guy (@_FireFart_) for getting his username displayed every time someone updates this awesome software
root@server:# ruby wpscan.rb --update
_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version 2.9
Sponsored by Sucuri - https://sucuri.net
@_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
_______________________________________________________________
[i] Updating the Database ...