Cloudways – Let’s Encrypt Renewal Alert

We are using Cloudways at work for our WordPress corporate website Cloudways sent me an ”Let’s Encrypt Renewal Alert”, that stated that ”Renewal of the Let’s Encrypt certificate failed due to an application restriction. You can manually renew the certificate by following this guide.”. However, the guide did not help.

Cloudways web UI didn’t give us any more information about the problem. Then I started to investigate the server access logs and found out that the renewal process needs to access a specified URL on the server. But because of the redirect rules in the default wordpress .htaccess, that URl was not accessible. We need to add an exclusion to that URL.

RewriteRule "^.well-known/acme-challenge" - [L]

Add this to the default WordPress .htaccess like this.

RewriteEngine On
RewriteRule "^.well-known/acme-challenge" - [L]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

Cloudways can then automatically renew the cert. You should now be able to renew the SSL certificate in the Cloudways application ”control panel”

Drawing horizontal lines in chart.js

Long time no see! The blog is awakening.

I wanted to produce a graph with chart.js that had two horizontal lines for alarm and warning levels. The resulting graph and code is shown below. This is a reply to this post.


            name: "LineWithLine",
            initialize: function () {
                Chart.types.Line.prototype.initialize.apply(this, arguments);
            draw: function () {
                Chart.types.Line.prototype.draw.apply(this, arguments);
                var firstPoint = this.datasets[0].points[0];

                this.chart.ctx.strokeStyle = '#ff0000';
                this.chart.ctx.strokeColor = '#ff0000';
                this.chart.ctx.moveTo(firstPoint.x, this.scale.calculateY(this.options.larmLevel));
                this.chart.ctx.lineTo(this.chart.width, this.scale.calculateY(this.options.larmLevel));

                this.chart.ctx.strokeStyle = '#CCCC00';
                this.chart.ctx.strokeColor = '#CCCC00';
                this.chart.ctx.moveTo(firstPoint.x, this.scale.calculateY(this.options.warningLevel));
                this.chart.ctx.lineTo(this.chart.width, this.scale.calculateY(this.options.warningLevel));

        var data = {
            labels: ["13/10", "14/10", "15/10", "16/10", "17/10", "18/10", "19/10", "20/10"],
            datasets: [
                    data: [14, 100, 87, 76, 49, 42, 20 ,10]

       $(document).ready(function () {

            var ctx = document.getElementById("myChart").getContext("2d");
            var myLineChart = new Chart(ctx).LineWithLine(data, {
                larmLevel: 12,
                warningLevel: 24



Hey! I am now working with Nagios again at work. This time I am doing a transition from Nagios to OP5 for a very big swedish company. So much evolution has happened since I worked with monitoring software the last time in 2009.

Before we can do any real work in our projekt we needed to get a picture of what we monitor in the current Nagios system. I could not find a good inventory tool so I made one myself, it can now be found on github:


It is very useful because it can export the entire Nagios configuration to Excel in no-time.

Byta starthaksbrygga på röjsåg eller annan motor

Om du någon gång måste byta starthaksbrygga på en röjsåg (eller annan motor) så har du kommit rätt. Vår Husqvarna 336fr drabbades plötsligt av detta fel som innebär att maskinen inte går att starta. Detta eftersom plastbitarna i bryggan ska gripa tag i svänghjulet när man drar igång maskinen. I vårt fall så var plastbitarna och det som tillhör dessa borta.

Så här ser starthaksbryggan ut.


Hos vår återförsäljare så kostade denna del 136 kr. Det var billigare att köpa hela bryggan än bara plastbitarna.

Då man byter denna så börjar man med att skruva lös själva startanordningen för att frilägga starthaksbryggan. Och eventuella kåpor. Sedan så tar man bort tändstiftet och ser till så att kolven är så långt ner som möjligt. Sedan man pular in ett nylonrep inuti förbränningskammaren eftersom man måste få stopp på kolvens rörelse. Anledningen till att använda ett nylonrep är att detta inte förstör något i motorn. Om inte detta görs så får man inte loss bryggan då kolven bara går runt. Sedan är det bara att vrida bryggan motsols för att få loss den. Voila! Sedan är det bara att montera ihop allt igen.

Idén med att använda ett nylonrep hittade jag pÃ¥ denna video. Tack youtube! Starthaksbrygga heter ”starter pawl” pÃ¥ engelska och det kan vara bra att veta om man letar reservdelar pÃ¥ nätet.

Hacker attack detected

My site has been under hacker attack lately. Well, it is constantly under attack by bots but this time the site was targeted by a real hacker. The hacker first signed up as a regular user with the clever username ”putinn” and then he started to upload various scripts wherever he could.

Uploading php-scripts is forbidden (in code) so he tried to upload the script as other file formats. This is what he tried to upload:

Fortunately I had already written protection against such attacks so the hacker had no luck and went somewhere else. When I found out about the attack I started to investigate it further. The attack uses the eval(base64_decode( attack vector, the same as I discovered earlier. For fun and curiosity I ran the attack code in a sandbox environment. What shoved up was a shell called n3tshell.


It contains so many features, like brute force ftp and sql querying etc. The image above shows the menu and a complete file browser which could edit/delete/create files.


This picture above shows more features. The attacker can execute all commands that are available for the user running the web server process. He could also upload files and do much more. It is a very powerful tool if the hacker manages to get the script running on the server.

The conclusion is to take ”submit/upload” threat very seriously. Everything that a user could submit to your site has to be checked for EVERY POSSIBLE attack vector.

ifdesc=alias problems with Mrtg cfgmaker

Today I had problem with MRTG’s cfgmaker. When I used the parameter ifdesc=alias it didn’t pick up the correct SNMP OID’s, instead it defaulted to ifdesc=desc. Hmm, very strange. Then I started to investigate the problem and found out that cfgmaker can be debugged because it is a perl script.

To be able to debug cfgmaker you only have to edit one line at the top of the program.
@main::DEBUG=qw(base snpo snpd);

After doing this I ran cfgmaker again and spotted that it did not do any SNMP walk on alias (ifAlias). It turns out that cfgmaker has to know what kind of hardware it is polling to be able to use ”alias”. In my case I was polling an ”Ericsson SSR 8020” which wasn’t recognized by cfgmaker.

I had to add ”Ericsson” to the vendor identification list. If your hardware is not in that list, you can’t use the alias option.

# vendor identification
my %vendorIDs = (
# Add your vendor here
# sysObjectID Vendora
'' => '3com',
'' => 'hp',
'' => 'cisco',
'' => 'dellLan',
'' => 'extremenetworks',
'' => 'foundry',
'' => 'force10',
'' => 'juniper',
'' => 'nokiaipsofw',
'' => 'portmaster',
'' => 'ericsson'
foreach (keys %vendorIDs) {
$DevInfo{Vendor} = $vendorIDs{$_} if ($DevInfo{sysObjectID} =~ /\Q$_\E/);
debug('base',"Vendor Id: $DevInfo{Vendor}");

Then ericsson had to be added to the InterfaceInfo subroutine:

if ($routers->{$router}{deviceinfo}{Vendor} eq 'cisco' &&
$routers->{$router}{deviceinfo}{sysDescr} =~ m/Version\s+(\d+\.\d+)/) {
push @Variables, ($1 > 11.0 or $1 < 10.0 ) ? "ifAlias" : "CiscolocIfDescr"; if ($1 > 11.2) {push @Variables, "vmVlan";};
if ($1 > 11.3) {push @Variables, "vlanTrunkPortDynamicStatus";};
} elsif ( $routers->{$router}{deviceinfo}{Vendor} =~ /(?:hp|juniper|foundry|dellLan|force10|3com|extremenetworks|ericsson)/) {
push @Variables, "ifAlias";

Then it worked! cfgmaker finally walked ifAlias for the interfaces.

Script to handle webcam ftp uploads on a web server

I bought this really cheap webcam from DealExtreme. That camera is now providing one of my websites with live images. The cameras internal webserver can’t handle that many request, so I am using the ftp-feature to upload images to my web server.


One problem is that each photo’s filename consists of a timestamp, like ”20130404_1223.jpg”. Instead I want the filename to be something like ”webcam.jpg”. Another problem is that the ftp feature fill my webserver with too many photos, so I need to purge the upload directory.

I wrote this script that purges the upload directory from ALL but THE LATEST photo. It also renames the remaining photo to webcam.jpg as I wanted.

cd /path/to/webcamftp
(ls -rt *.jpg|tail -n 1;ls *.jpg)|sort|uniq -u|xargs rm
ls *.jpg | xargs -I '{}' mv '{}' webcam.jpg

System manual to home security alarm Fronti FS-250

Some days ago I tried to find the manual for the Fronti FS-250 home alarm security console but I didn’t find it on the Internet. Then I tried to contact the swedish reseller of Fronti home alarms but they did not have it because the model was outdated. Finally I contacted the manufacturer Fronti and they sent me the manual the following day.


Download the Fronti FS-250 Manual.

Administrera sin Telia router Thomson TG789vn från Internet

Om du har ADSL bredband från Telia så har du antagligen en Thomson TG789vn router därhemma. Jag har en sådan och har letat efter ett sätt att kunna administrera den över Internet då jag inte är hemma. Det verkar tyvärr inte finnas stöd för detta i routerns Telia-strypta programvara.


Ett sätt att komma runt detta är att man sätter upp en reverse proxy. I ’mitt fall sÃ¥ löste jag det genom att använda mod_proxy i den apache webbserver som jag har igÃ¥ng hemma och som är öppnad (port forward port 80) mot Internet. Utöver det sÃ¥ har jag ett dynamiskt domän-namn kopplat mot servern.

Så här gick jag till väga:

1. Först skapade jag en egen subdomän kallad http://router.dindomä och pekade den mot servern.

2. Kollade så att apache har mod_proxy enablat i /usr/local/etc/apache22/httpd.conf

LoadModule proxy_module libexec/apache22/
LoadModule proxy_http_module libexec/apache22/
LoadModule xml2enc_module     libexec/apache22/
LoadFile   /usr/local/lib/
LoadModule proxy_html_module  libexec/apache22/

2. Skapade en användare för att lösenordsskydda routern. Username nedan är användarnamnet, lösenordet skriver man på förfrågan.

 htpasswd -c /usr/local/etc/router.user username

3. Lade in följande i apaches configurationför virtualhosts i /usr/local/etc/apache22/extra/httpd-vhosts.conf. är den IP-adress som routern har på hemma-nätverket. Routern skyddas av BASIC-autentisering.

<Virtualhost *>
  ProxyRequests Off
  <Proxy *>
     Order deny,allow
     Allow from all
    AuthType Basic
    AuthName "Password Required"
    AuthUserFile  /usr/local/etc/router.user
    Require valid-user

    ProxyPass /
    ProxyPassReverse /


4. Starta om apache och besök webbsidan http://router.dindomä Thomson boxens admin-sida bör nu dyka upp efter att du matat in användarnamn och lösenord.

Det var alles, happy administration!