Reset ownCloud Passwords For Admin And Users Using phpMyAdmin

Warning:  Following the instruction below at your own risks, because bad things happen!  Don’t blame me for your bravery in destroying ownCloud’s database if something goes wrong and beyond one’s expectation.  Nonetheless, I’ve used the exact directives to successfully change the admin and users passwords for ownCloud.

Forgetting your ownCloud’s password?  Whether your ownCloud’s admin or regular user password is lost, you can always restore or change the password for the admin or user.  Perhaps, you forgot to enter the email address into user’s settings to receive lost password reset email, to think that you’re stuck is being crazy.  Of course, unless you forgot your MySQL database’s root password too, then you really are stuck and won’t be able to access your data that reside within ownCloud.  Nonetheless, let’s hope you aren’t yet out of options, then you can totally use your MySQL’s root password to edit your ownCloud’s admin or user password.  I won’t talk about how to access and edit any other database as I can barely get around MySQL.  Nonetheless, read on and the trick is here to treat you well.

I don’t even bother with MySQL command lines, and so I sure hope you have installed phpMyAdmin.  We will use phpMyAdmin to edit out the oc_users table’s passwords.

  1. So, first of all, log into your ownCloud MySQL’s database as a root user or the owner of ownCloud database through phpMyAdmin.
  2. Secondly, expand the left panel and expand the ownCloud database.  You should see bunch of ownCloud tables underneath ownCloud’s database, and these tables should begin with oc_ extension.  Try to find oc_users!
  3. Click on oc_users to access the oc_users table.  Before you even think aboud editing a user entry within this table, you must know that once you edit a user’s password there is no going back to the original password.  Of course, if you already know the original password, you wouldn’t do this in the first place!
  4. Click on the edit link next to the user to access the oc_users’ user entry.  In here you can change the password for a user.  Don’t do anything yet though, because the passwords store within oc_users table are encrypted with whatever.  If you delete the encrypted passphrase, you basically delete the password.  Nonetheless, you can’t enter a password of your own, because your password isn’t encrypted.  If you try to enter a plain password, your user account won’t see the password change.  Furthermore, if you try to empty out the password, ownCloud’s login page won’t allow you to access ownCloud service even though you had emptied out the password.
  5. If you read my instruction carefully, it means you haven’t done anything yet.  Good, because now you need to open up a web browser’s tab or a new web browser so you can go to http://pajhome.org.uk/crypt/md5/ (link).  If this webpage is still the same and has yet to be changed, under the Demonstration section you should see MD5/SHA-1 boxes.  Instead of entering a real password that can be read by the owner of this website, you need to enter a weak password (that you plan to change it later) into the Input Calculate Result’s top box.  When done entering a temporary password that is easy to remember, hit the SHA-1 button to allow the webpage to generate the SHA-1 hash.  Make sure you copy the SHA-1 hash result in the bottom box.
  6. We need to paste the SHA-1 hash passphrase into the password’s value field (box) of a user you want to change the password for within the database.  So, back in phpMyAdmin, within a user’s entry which resides within the oc_users table, you need to enter the SHA-1 hash into the password’s value field (box).  Hit the Go button which situates right underneath the password’s value field (box).  This should do it.
  7. Now, you can try log into ownCloud service with a new password that you had created for the ownCloud user.  Of course, the password isn’t the SHA-1 hash passphrase, because the ownCloud’s login page expects the regular plain password that you encrypted with SHA-1 hash earlier.  If everything goes as plan, you should be able logging into the ownCloud’s admin or user account.  From, here you can change the password in Personal page, and so you should change the password you just changed for your ownCloud admin or user into a really strong password.

Now, you can chuck down a beer and congratulate yourself a job well done.

Advertisements

Adding .htaccess File To QNAP’s /share/Web/ To Secure All Web Applications Within

Legal Disclaimer:  Following the tip within this blog post at your own risk.  You have been warned, thus you know that you are going to do something dangerous here to your web server or QNAP server.  With this knowledge of yours and by having reading this warning or skipping this clear warning, you cannot hold me for your stupidity or dangerous action against your very own QNAP server or web server or against anyone’s web server that you’re responsible for its administrative duties and procurements.

Are you running a web server on QNAP NAS?  NAS stands for Network Attached Storage server.  If you are for whatever purpose, whether this web server is for production purpose or testing purpose, you might want to know that .htaccess file can help secure QNAP’s web applications such as WordPress, Drupal, and the rest.  Here’s how to create proper .htaccess file that controls all web applications at once on your QNAP server.

  1. You need to change into directory of /share/Web by using this Linux command [cd /share/Web].  Of course, please do ignore the square brackets as these are only for clarifying the command line.
  2. Quickly do [ls -la] to figure out if you have an .htaccess file already.  If you do, please make a backup of this file in case you need this original file again for whatever purpose.  To make a backup of this .htaccess file that you already have had in the QNAP’s /share/Web directory, use this command [cp -p -a /share/Web/.htaccess /share/Web/.htaccess-old].
  3. Once you had followed the step #2 herein, then you can try to remove the original .htaccess file (Not the backup one you just made OK?) by using this command [rm -rf /share/Web/.htaccess].  Be very careful with [rm -rf] command line, because if you misspell a file or a directory you’re trying to remove, you will definitely lose such directory or file forever and won’t be able to recover it.
  4. Now let us create the .htaccess file again, but this time we’re creating it the way we like it.  Of course, .htaccess is a complex file, thus regular Joe like us needs not to worry about making this file too complex.  Instead, let a regular Joe like us to just create simple .htaccess file that denies all IP addresses but only allows a specific IP addresses.  This means, if you want to allow one or two specific IP addresses to access QNAP’s web applications, this .htaccess file should satisfy your command.  So here we go…
    1. Creating .htaccess file by using this command [touch /share/Web/.htaccess].
    2. Now, let’s edit the .htaccess file we just created by using this command [vim /share/Web/.htaccess].
    3. Let’s enter the lines below for our new .htaccess file shall we?  These lines must be in the order as follow…
      1. order deny,allow
      2. allow from 192.168.0.x (please use your very own IP address here)
      3. allow from 192.168.0.x (please use your very own IP address here)
      4. deny from all
    4. What we had done was adding 2 IP addresses to the allow list in .htaccess file so these 2 IP addresses will be able to interact/access the web applications that reside in QNAP’s /share/Web directory.  You can add more IP addresses or remove most IP addresses but allowing only one according to your desire by simply adding more [allow from…] or remove [allow from…] lines.  Of course all [allow from…] lines must be written or typed out above the line which said [deny from all] and below the line which said [order deny,allow].  Now, we must save our newly edited .htaccess file by doing this while you’re still in the vim editor.
      1. Hit escape key on the keyboard to exit the editing mode.
      2. Type in [:wq] and hit enter key on the keyboard.  Of course, please do ignore the square brackets as these are only for clarifying the command line.
  5. The last step is to secure our new .htaccess file by doing two things.
    1. First thing to secure is to make sure the owner and the group owner of the .htaccess file are indeed the right owner and group owner.  For me personally, I prefer to not use admin user and administrators group for any web application files and directories, because I don’t want the evil doers to be able to use one of these files with high privilege access to escalate the privilege and execute malicious commands.  This is why on my QNAP server I rather make most of my web applications’ files and directories in the name of user httpdusr and group owner everyone.  So let’s do this command to make this happens OK?  Type in [chown httpdusr:everyone /share/Web/.htaccess].  Afterward, just do [ls -la /share/Web/.htaccess] to see if .htaccess file indeed is using user httpdusr and group owner everyone.
    2. Second thing to secure is to make sure the .htaccess file has the right permission.  So we need to use this command [chmod 400 /share/Web/.htaccess].  What this command does is change the permission of .htaccess file in /share/Web directory to read only for user (owner of the .htaccess file) and no other permission is allowable for anyone else, hint the two zeros after #4.  These two zeros stand for no permission for group user (whoever has the group authorization of whichever group) and no permission for everyone else (this is the last 0 for).  Finally, you can do [ls -la /share/Web/.htaccess] to confirm that the permission for .htaccess file is indeed 400 or not.  If it’s so, it means only the QNAP web server user httpdusr will be able to read the file, but even this user cannot write to or execute whatever within this .htaccess file.

Now, with this .htaccess file configuration for your QNAP’s /share/Web directory, the web applications that are residing within this specific Web directory will not be accessible to anyone with any IP address unless somebody is using the IP address that is being allowed by this very .htaccess file.

Do you know that by following the tip herein, you can also use this very tip for non-QNAP web server?  Just create a similar .htaccess file within whatever web server’s directory to prevent snooping to most IP addresses and allow only the IP addresses that are being allowed within.

Virtual Machine Is A Very Beautiful Thing

Virtual machine is a very beautiful thing, but the majority computer users might be ignorant of it.  How beautiful virtual machine is?  Let me just say this right off the bat, virtual machine is there to piss off evil doers!  It’s so beautiful that you can basically download computer viruses onto a virtual machine without the fear of these nasty things go around and infect a physical machine.  Of course, with just about anything, if one is so inept in computer things, one might be able to allow the computer viruses and what not to infect the whole Intranet (LAN) network even one is using a virtual machine.  Nonetheless, one has to be very inept to do so.  For an example, allowing virtual machine to be on the same subnet with a physical machine without its own protection measures (i.e., antivirus, firewall and what not) — thus, showing just another door to the evil doers.  The evil doers can use a compromised active virtual machine as a gateway for their Intranet (LAN) hacking activities.  The beautiful thing is that if one is smart enough to secure a virtual machine, one basically has a hardened sandbox which can easily be used as a platform for browsing the dangerous web at will.  Perhaps, even downloading computer viruses and what not for testing purposes such as testing to see the effectiveness of an antivirus program.  Professional antivirus software reviewers are mostly using a hardened virtual machine to test to see how effective an antivirus program can be.

Virtual machine is so beautiful that it is very perverted.  How?  I’ve heard how many people have seen their computers got infected with computer viruses, worms, trojans, and what not just because they have been browsing dangerous pornographic websites.  What’s worse is that these folks do not use readily available simple measures such as Javascript blocker software/plugins (e.g., ScriptSafe, Noscript, etc…).  For an example, I’d talked to one person who complained that he would format his computer often, because he caught too many computer viruses.  This very person would like to say that he’s an advance computer user.  Nonetheless, he’d told me that he befuddled how his Windows machine kept on catching a flu (i.e., sarcasm for computer viruses).  Furthermore, he told me that it was too easy for his computer to catch a flu whenever he got perverted.  Obviously, it meant that he browsed pornographic websites and his computer caught a flu.  In the end, he told me his assumption that there’s no way a PC can be OK if one is browsing a pornographic website.  I told him flat out that he’s dead wrong.  The simplest answer I could give to him at that point was that just make sure his physical machine is clean (i.e., not being infected with any computer virus) and then install a virtual machine.

Virtual machine is beautiful since it’s allowing us to have a secure sandbox to play around.  Of course, it’s a bit more complicated than just a secure sandbox, because a virtual machine can run just about all major operating systems.  Furthermore, a virtual machine can be a quick testing ground for security software and what not.  If a virtual machine user doesn’t like what he or she sees, he or she can simply go through few clicks to delete a virtual machine and make a new one.  My suggestion for whoever that does browse the web dangerously is to install a virtual machine on a clean physical machine, install Linux such as Ubuntu, install firewall and ClamAV onto Ubuntu, harden up Ubuntu (virtual machine) as if it’s running on a real machine, and then browse the dangerous web.

Virtual machine is a strange beast, because it can do certain things exceptionally well and efficient, but it can be totally useless at times.  For an example, playing games on a virtual machine is a no no.  First of all, a virtual machine does not use a dedicated graphic card, because it’s emulating one.  Even if a virtual machine environment allows a physical computer to share dedicated graphic resources, I doubt a virtual machine could really share dedicated graphic resources efficiently.  Playing intensive graphic resource demanding games would be almost impossible.  Nonetheless, if one uses a virtual machine for applications such as virtualizing a NAS (i.e., Network Attached Storage server), it can become very interesting.  Imagining this further, how interesting it is for one to be able to clone a virtualized NAS easily, right?  Virtual machine platforms such as VirtualBox is certainly carrying the option of allowing a computer user to clone a virtual machine through few clicks of a mouse.

In summary, virtual machine is very beautiful, but the degrees of beautifulness are scaling accordingly according to whoever is using it.  One can simply use a virtual machine to test out how effective an antivirus software can be, but one can also use it to run a virtualized NAS.  If one is horny, one can simply browse the dangerous pornographic websites with a virtual machine.  Basically, virtual machine is quite useful and secure if one knows how to use it as a sandbox.

 

There’s Time To Be Nice, But Digital One Isn’t So

Should you be a nice guy when it comes to Internet etiquette?  The answer isn’t so simple since it’s all depending on the context of things.  For an example, a friend sent you an email for whatever purpose, important or not, you might have to reply to him or her.  Down to earth Internet etiquette cannot be so disconnected from physical world, otherwise we are not who we are, as in being human with complex emotions.  Thus, our strong human traits such as politeness can also be our weaknesses.  This is why social engineering is useful for some bad actors who have intension to hack into your digital life.

Without going to rant much on elusive Internet/digital philosophy, let me get to the point.  I’d recently received many online bank surveys through my email inbox.  The politeness of online etiquette wanted me to click on the survey request link in the email so I could start a survey, because being polite is good, whether that would be on the web or off the web.  Unfortunately, in the back of my head, my impolite part of the brain told me to not being so nice and polite, because the survey itself might not be sent from the bank.  I think there are ways to fake emails that look like they’re from the legitimate party.

My eventual action was usually a quick delete of such email.  Why?  Although I’m a nobody and poor, thus my bank account would be a waste of time for whoever wants to hack into it.  Thus, I’m not supposed to be all that protective toward my online bank account.  Regardless, I don’t really like being hack, because it feels very invasive.  Imagine a stranger just walks into your life and does whatever to you, how do you feel?  This is the feeling of being hack, because you don’t know the hacker or hackers!  So, it was a quick and simple decision, I rather not being polite and willy nilly clicking on a bank account survey link.  I don’t care if the email is legitimate or not, I just won’t subject myself to downloading malware or virus or trojan onto my computer just so I could have a nice digital etiquette.

In summary, I think we need to be very cautious about the stuffs that go through our emails.  Especially, survey invitations and what not might not be so innocent.  I’m writing this post is to remind my future self and whoever else to be more cautious about Internet security in regarding to email.  Furthermore, I like to remind my future self and whoever else that if a hacker has your email account, he or she can basically try to reset your passwords from your bank accounts, social website accounts, and what not.  If hackers are successful at resetting your online accounts’ passwords, then they’re basically taking control of your digital life.  Simply put, do you want a stranger to take over your life, albeit it’s an Internet one?

With The New Mavericks, I Found Love In Bitdefender Virus Scanner

English: An "X" colored to be simila...

English: An “X” colored to be similar to the logo for Mac OS X tiger (Photo credit: Wikipedia)

I just got done updating my MacBook Pro to the latest Mac OS X which is the Mavericks.  Coincidentally with the Mavericks update, my Kaspersky antivirus for Mac is about to be expired, seven days to be exact, and so I was frantically searching for a good alternative.  I downloaded all sorts of antivirus for Mac out there, but I found many of them had performed poorly or not worked at all with Mac OS X Mavericks.  Luckily, I found one that is working rather well with Mac OS X Mavericks at this point in time.  I didn’t even have to download it on a strange website, because it is readily available in the Mac App Store.  Basically, I pulled my hair out for nothing!  The antivirus I’m talking of is the Bitdefender Virus Scanner.

You can download Bitdefender Virus Scanner for free in the Mac App Store.  This antivirus app runs well, and I haven’t found any trouble with it yet.  It does not slow down my MacBook Pro at all, and so this is a really big plus.  I found most Mac antivirus software tend to slow down my MacBook Pro a lot, but Bitdefender Virus Scanner proves to be not this sort of case at all.  One downside to this Mac antivirus app is that it does not have a real time monitoring/scanning feature.  You know how the antivirus software on Windows would behave?  (Lurking in the background and checking to see if there is a malicious process!)

Bitdefender Virus Scanner also got a paid version, and you can also find it in the Mac App Store.  I think it is being called as Virus Scanner Plus.  I think the paid version comes with more features such as Continuous Scan, but I don’t really know what this feature does since I haven’t yet bought the paid version.

I combine Bitdefender Virus Scanner with Little Snitch Network Monitor to add an additional sound security defense measure for my MacBook Pro.  The first line of defense is obviously would be the Mac OS X Mavericks’ default firewall.  Still, you can never know how much computer security measures would be enough, because there is always that somebody who knows just enough to poke a hole through your computer security defense.  I hope this little confession of mine will be of some help to Mac users who are thinking of adding an antivirus program to their computer security defense.

How Paranoid Should You Be For Backing Up Your Data?

Backup Backup Backup - And Test Restores

Backup Backup Backup – And Test Restores (Photo credit: Wikipedia)

If you ask me what is the best way to backup your data, I will probably direct your concern to more than one way.  I like to think of not placing all of your eggs in one basket kind of scenario.  What’s the point of backing up data in the first place?  It’s to hope that when things go crazy such as a computer’s data corruption might occur, you can then access your most valuable backup data.  If you only rely on one preferable backup method, then what if in a critical moment that even the backup data isn’t accessible through your preferable only backup method, what will you do then?  Even a perfect storm is a possible scenario for spreading eggs in more than one basket, therefore I think being paranoid about safekeeping your data with more than one preferable backup method is the best way to go about doing the backups for your valuable data.

For us normal folks, the regular Joe(s), who have data that we want to safeguard, it’s a must for us to spread our data in more than one basket.  It must not be that you have to be a company to take this approach.  Furthermore, nowadays regular Joe(s) do have plenty of ways to go about doing backups for their data.  Let me list few of them:

  • Google Drive
  • Pogoplug
  • Dropbox
  • Amazon Simple Storage Service
  • CrashPlan
  • External hard drives
  • Network attach storage solution such as QNAP NAS servers
  • Do it yourself FreeNAS server solution
  • rsync to a renting server with affordable monthly fee

And the list can go on a lot longer as third party cloud services are now in amble supply.  I think the problem isn’t about finding a backup solution or solutions for the regular Joe(s), but it’s about the affordability, speed, security, and conveniency aspects.  Let say, if a regular Joe wants to spread his backup data in more than one basket, how affordable can this be?  So on and so on…

I think affordability should not be as big of an issue as before the time when there were no third party cloud service and competitive (affordable) computer hardware pricing.  If you don’t intend to harbor 100 of Gigabytes worth of data for streaming purpose or whatever extreme configuration, backing up few Gigabytes worth of data should not cost you much at all.  Perhaps, you can do it at no cost too.  One example, I think Google Drive gives you around 10 Gigabytes worth of free data space or a little bit more than this, and just with this service alone you know you don’t have to spend a dime to backup your data as long you are not going over the free space limitation that Google Drive allows.  Don’t like third party cloud services for whatever reasons?  Computer hardware such as external hard drives nowadays are no longer pricing at outrageous prices, therefore it’s easier for regular Joe(s) to go this route for doing their data backups.  How about coupling Linux with a spare, dusty computer to form a local backup storage server at zero cost in term of money, but you have to spend time on putting things together such as installing Linux and deploying Linux’s network attached storage services to have a more complete backup server solution.

I can see that the many third party cloud services as good solutions for doing backups.  How come?  Let say you’re paranoid about the safety of your data to a point that you consider the scenario where local backup data can all be corrupted at the same time for whatever reasons such as a virus/hack attack (or by even a more nefarious scenario), therefore you think third party cloud services are the additional safety reservoirs for your backup data.  If you are this paranoid, I think you’re doing it right.  Although third party cloud services are good measures against local data corruption, there are problems with this whole approach in general.  Let me list a few:

  • Broadband’s upload speed (Internet connection) isn’t fast enough to do a major backup (i.e., backing up huge amount of data in Gigabytes worth)
  • Security issue… how do we know our data can be securely safeguarded and stored on the remote servers?
  • Trust issue… such as how do we know our data privacy and our privacy won’t be breached on the remote servers?

I sneakily snuck in the speed and security concerns about backing up data remotely through third party cloud services, but we should not take the security issue lightly since many people may not want their privately backup data to be made known to the whole world.  Security done right in term of backing up data locally and remotely, this will also address the privacy issue/concern too.  I think employing good network and computer security measures locally will enhance the security protection level for the backup data.  Such measures should be about employing hardware and software firewall, antivirus, and so on.  Don’t forget to update the software and firmware, because through updating these things that you can be assured of weeding out security bugs.  You can never be too sure about the security of your data when you’re backing up your data remotely, therefore you should employing encryption for your backup data before you upload your backup data to the remote servers.  One good encryption measure I know of is TrueCrypt software which can be downloaded and used freely.

I don’t think we should sacrifice our data security for conveniency, because data security is definitely more important than otherwise.  Still, conveniency should be considered in the calculation of our data backup challenge too.  It’s just that we have to make sure we don’t have to sacrifice data security for conveniency.  Let say, you want to backup your data to a third party cloud service, but you don’t like the idea of doing a local encryption for your data first… this means you are sacrificing your data security for conveniency and this is truly bad for you as the owner of the backup data (i.e., privacy concern).

In summary, I think if you’re paranoid enough about the health of your data, then you should devise many backup plans for your data.  You should try to backup your data both locally and remotely, but you should employ encryption for your data when you do backup your data remotely.  Backing up huge amount of data remotely can be very inconvenient at this point in time since so many regular Joe(s) do not have access to fast upload broadband speed.  Let hope this will change soon, and I know things will be moving in this direction since data streaming and data sharing and data backup are in much more demand than ever before.  One example would be Google fiber Internet service.  Google is driving the Internet Service Provider competition forward as Google deploys its Gigabit Internet connection service for many households in various lucky cities and towns.  With Google pushing for more competition in the area of broadband speed, I think the future — having great Internet connection for uploading our backups — is definitely bright.  As time is moving on, the costs of computer backup hardware and backup services can be even more competitive, we can expect the cost of deploying backup measures for our data can only get cheaper and easier.  I like the idea of having a NAS locally, and using one or two third party cloud services for my data backups.

(How paranoid should you be for backing up your data?  In my opinion, the answer should be, the more the merrier.)