Hate with ssh and FTP brute force attack? if you are Freebsd user, try use bruteblock software.
by this software, we can block brute force attacker automatically use ipfw2. so.. you can sleep well every day… hehehe..
here is step by step installation and configuration:
1. install from port

#cd /usr/ports/security/bruteblock

# make install clean

2. add command in rc.conf for automatic running after reboot

bruteblockd_enable=”YES”
bruteblockd_table=”1?
bruteblockd_flags=”-s 5?

3. edit syslog.conf

change this line:
auth.info;authpriv.info /var/log/auth.log
to
auth.info;authpriv.info |exec /usr/local/sbin/bruteblock -f /usr/local/etc/bruteblock/ssh.conf

4. restart syslog

#/etc/rc.d/syslogd restart

5. run bruteblock software

#/usr/local/etc/rc.d/bruteblockd start

6. add ipfw firewall to block the ip in the list of bruteblock

#ipfw add 400 deny ip from me to table\(1\)
#ipfw add 410 deny ip from table\(1\) to me

7. change configuration as you want in /usr/local/etc/bruteblock/ssh.conf

i add for vsftpd so i add this line in regexp

regexp4 = vsftpd.*FAIL LOGIN: Client (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})

we can add another service, just put in regexp based on log format in log file

this is it…. we can can sleep well every night now….

source: http://zuma.staff.umm.ac.id/2010/10/08/penangkal-serangan-bruteforce/

[root@fw-gw1 /usr/home/bimo]# cd /dev
[root@fw-gw1 /dev]# ls
tun0
tun1
tun2

if you want to add tun device, you can create using command:
# ifconfig tun3 create

if you want to delete tun device:
#ifconfig tun3 destroy

after finish installed, now lets configure it
——————————————————————–
Put postgresql in rc.conf so can running otomatic every time server startup
echo ‘postgresql_enable=”YES”‘ >> /etc/rc.conf

For init DB:
/usr/local/etc/rc.d/postgresql initdb
——————————————————————–
The files belonging to this database system will be owned by user “pgsql”.
This user must also own the server process.

——————————————–
Edit configuration
ee /usr/local/pgsql/data/postgresql.conf

listen_addresses=’*’
————————————————–
edit this file also
ee /usr/local/pgsql/data/pg_hba.conf

host all all 127.0.0.1 md5
——————————————————–
after finsih all, lets start the POstgreSQL
/usr/local/etc/rc.d/postgresql start &

create user:
su pgsql
$ createuser -sdrP username
Enter password for new role: ******
Enter it again: ******

$ exit

create db and user privillege:
su pgsql
$ createdb test
$ psql test
psql (8.4.5)
Type “help” for help.

test=# create user usertest with password ‘userpaswd’;
CREATE ROLE
test=#

before you do it, make sure you understand of what you doing and prepare some coffee and "cemilan", coz its take more than 3 hour prosess ( depend on your computer resource and bandwidth)

Bismillahirohmanirohim…..

first, lets check my mail server version
mail# uname -a
FreeBSD mail.pagongxx.xxx.xx 6.1-RELEASE FreeBSD 6.1-RELEASE #0: Tue Oct 16 14:26:49 WIT 2007 bimo@mail.pagongxx.xxx.xx:/usr/src/sys/i386/compile/KERNEL1 i386
mail#

oke..still Release version, lets make it STABLE VERSION….

we must install cvsup first,
mail#cd /usr/ports/net/cvsup-without-gui
mail#make install clean
now, edit file called stable-supfile on /usr/share/examples/cvsup/ directory

mail#ee /usr/share/examples/cvsup/stable-supfile

edit this field:

default host= cvsup2.freebsd.org or cvsup3.freebsd.org
save it.

or you can see at http://www.freebsd.org/doc/en_US.ISO8859 - /books/handbook/cvsup.html#CVSUP-MIRRORS

then,
mail#cvsup -g -L 2 /usr/share/examples/cvsup/stable-supfile

now, rebuild your kernel, here is the steps
mail# cd /usr/src
mail# make buildworld
mail# make buildkernel KERNCONF=YOUR_KERNEL_NAME
mail# make installkernel KERNCONF=YOUR_KERNEL_NAME
mail# reboot

mail# mergemaster -p
mail# make installworld
mail# mergemaster

But i suggest you to back up your file in /etc/ directory before you do mergemaster

mail# cp -Rp /etc /etc.old
mergemaster -p use for pre-buildworld mode. Its use to compare ecensial file for successfull buildworld.

-finish-

its status today,

mail# uname -a
FreeBSD mail.pagongxx.xxx.xx 6.4-STABLE FreeBSD 6.4-STABLE #0: Fri Feb 20 02:46:47 WIT 2009 bimo@mail.pagongxx.xxx.xx:/usr/obj/usr/src/sys/KERNEL1 i386
mail#

its easy right?
for detail, you can visit http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/current-stable.html

Bismillahirohmanirohim……

1. INSTALL APPLICATION

install bind94
NS1#cd /usr/ports/dns/bind94
NS1#make install clean

cd /etc/named
ee named.conf
—————-begin—————————–
options {
// Relative to the chroot directory, if any
directory “/etc/namedb”;
pid-file “/var/run/named/pid”;
dump-file “/var/dump/named_dump.db”;
statistics-file “/var/stats/named.stats”;
allow-recursion { any; }; —————-> add this line euy
allow-query { any; }; —————-> add this line euy
allow-query-cache { any; }; —————-> add this line euy
listen-on { any; }; —————-> add this line euy

———-edit this line————————————–

forward only; ——–> use this

};

———————–close here———————————–

and also delete unnecesary configuration or example config

move named.root original
NS1#mv named.root named.root.asli

download new named.root
NS1#wget ftp://internic.net/domain/named.root
if you cant download it, you can create manually your named.root from http://internic.net/domain/named.root

make file for zona localhost
NS1#sh make-localhost

edit file zona localhost
NS1#pwd
/usr/named/
NS1#cd master

NS1#ee localhost.rev
#—————-begin————————————-
$TTL 3600

@ IN SOA localhost. localhost. (
20070303 ; Serial
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.

#———————-end of file——————————

save the file.

make a zone for localhost

for the zone, we can copy file from localhost.rev to db.localhost then edit,
NS1#cp localhost.rev db.localhost
NS1#ee db.localhost

#—————-begin————————————-
$TTL 3600

@ IN SOA localhost. root.localhost. (
20070303 ; Serial
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum
IN NS localhost.
IN A 127.0.0.1
#———————-end of file——————————

save the zone, and continue with the next step.

now, put localhost zone into named.conf

NS1#cd /etc/namedb
NS1#ee named.conf

add this line
##———-begin————-
zone “localhost” IN {

};
##————-stop———–

save the file.

***make an rndc.conf file

for the next step, makes an rndc.conf file by using rndc-confgen.
the result always different with yours.
NS1#rndc-confgen

—————–begin file———————-
# start of rndc.conf

# };

————————-end of file———————

create your rndc.conf
NS1#ee rndc.conf
and put this line ( from rndc-confgen)

key “rndc-key” {

};

now, lets edit named.conf
NS1#ee named.conf
and put this line ( from rndc-confgen)

—————–begin file———————-
key “rndc-key” {

allow { 127.0.0.1; } keys { “rndc-key”; };
};

————————-end of file———————
then, save the file and run the BIND.
NS1# /usr/local/bin/named
or
NS1# /usr/sbin/named
(depends named location)

check the application already running or not,
NS1# ps ax | grep named
490 ?? Ss 15:21.76 named
64091 p0 R+ 0:00.00 grep named

oke sip. its running.
now, lets edit our dns IP in our server,
NS1#ee /etc/resolv.conf

nameserver 127.0.0.1

save it.
now, lets test it.
NS1# host localhost
localhost has address 127.0.0.1

NS1#host 127.0.0.1
1.0.0.127.in-addr.arpa domain name pointer localhost

sip. our DNS already running well.

2. MAKES zONE DOMAIN

for example, we have a domain using bohongan.net, and delegated to our dns, so we should do this step:

NS1#ee named.conf
add this line

zone “bohongan.net” {
type master;
file “master/db.bohongan”;
};

now makes file db.bohongan

NS1#ee master/db.bohongan

#—————-begin————————————-
$TTL 3600

@ IN SOA ns1.bohongan.net. admin.bohongan.net. (
20070303 ; Serial
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum
IN NS ns1.bohongan.net.
IN NS ns2.bohongan.net.
IN MX 10 mail.bohongan.net.
IN A 123.567.89.1 —————> fill with your IP
ns1 IN A 123.567.89.1 —————> fill with your IP
mail IN A 123.567.89.1
www IN A 123.567.89.1
#———————-end of file——————————

save and restart our DNS

NS1#rndc reload

Test domain

# dig -t ns bohongan.net

; <<>> DiG 9.3.0 <<>> -t ns bohongan.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38978
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;bohongan.net. IN NS

;; ANSWER SECTION:
bohongan.net. 3269 IN NS ns2.bohongan.net.
bohongan.net. 3269 IN NS ns1.bohongan.net.

;; Query time: 16 msec
;; SERVER: 202.134.0.155#53(202.134.0.155)
;; WHEN: Fri Aug 11 21:22:23 2006
;; MSG SIZE rcvd: 79

if show this, its mean our domain already resolve and running. so internet already known it.

Having trouble using fetch through a firewall? Try setting the environment
variable FTP_PASSIVE_MODE to yes, and see fetch(3) for more details.
%
By pressing “Scroll Lock” you can use the arrow keys to scroll backward
through the console output. Press “Scroll Lock” again to turn it off.
%
Want colour in your directory listings? Use “ls -G”. “ls -F” is also useful,
and they can be combined as “ls -FG”.
%
If you need to ask a question on the FreeBSD-questions mailing list then

http://www.freebsd.org/doc/en_US.ISO8859-1/articles/
freebsd-questions/index.html

contains lots of useful advice to help you get the best results.
%
If you’d like to keep track of applications in the FreeBSD ports tree, take a
look at FreshPorts;

http://www.freshports.org/
%
To search for files that match a particular name, use find(1); for example

find / -name “*GENERIC*” -ls

will search ‘/’, and all subdirectories, for files with ‘GENERIC’ in the name.
– Stephen Hilton
%
In tcsh, you can `set autolist’ to have the shell automatically show
all the possible matches when doing filename/directory expansion.
%
You can `set autologout = 30′ to have tcsh log you off automatically
if you leave the shell idle for more than 30 minutes.
%
If you `set filec’ (file completion) in tcsh and write a part of the
filename, pressing TAB will show you the available choices when there
is more than one, or complete the filename if there’s only one match.
%
You can press up-arrow or down-arrow to walk through a list of
previous commands in tcsh.
%
You can disable tcsh’s terminal beep if you `set nobeep’.
%
If you `set watch = (0 any any)’ in tcsh, you will be notified when
someone logs in or out of your system.

%
Nice tcsh prompt: set prompt = ‘%m %# ‘
%
Nice tcsh prompt: set prompt = ‘%n@%m%# ‘
%
Nice tcsh prompt: set prompt = ‘%n@%m:%~%# ‘
%
Nice tcsh prompt: set prompt = ‘%n@%m:%/%# ‘
%
Nice tcsh prompt: set prompt = ‘[%B%m%b] %B%~%b%# ‘
%
Simple tcsh prompt: set prompt = ‘%# ‘
%
If you want df(1) and other commands to display disk sizes in
kilobytes instead of 512-byte blocks, set BLOCKSIZE in your
environment to ‘K’. You can also use ‘M’ for Megabytes or ‘G’ for
Gigabytes. If you want df(1) to automatically select the best size
then use ‘df -h’.
%
To change an environment variable in tcsh you use: setenv NAME “value”
where NAME is the name of the variable and “value” its new value.
%
To change an environment variable in /bin/sh use:

$ VARIABLE=”value”
$ export VARIABLE
%
You can use /etc/make.conf to control the options used to compile software
on this system. Example entries are in
/usr/share/examples/etc/defaults/make.conf.
%
To do a fast search for a file, try

locate filename

locate uses a database that is updated every Saturday (assuming your computer
is running FreeBSD at the time) to quickly find files based on name only.
%
In order to search for a string in some files, use ‘grep’ like this:

grep “string” filename1 [filename2 filename3 ...]

This will print out the lines in the files that contain the string. grep can
also do a lot more advanced searches - type ‘man grep’ for details.
%
You can use the ‘fetch’ command to retrieve files over ftp or http.

fetch http://www.freebsd.org/index.html

will download the front page of the FreeBSD web site.
%
In order to make fetch (the FreeBSD downloading tool) ask for
username/password when it encounters a password-protected web page, you can set
the environment variable HTTP_AUTH to ‘basic:*’.
%
You can permanently set environment variables for your shell by putting them
in a startup file for the shell. The name of the startup file varies
depending on the shell - csh and tcsh uses .login, bash, sh, ksh and zsh use
.profile. When using bash, sh, ksh or zsh, don’t forget to export the
variable.
%
If you are running xterm, the default TERM variable will be ‘xterm’. If you
set this environment variable to ‘xterm-color’ instead, a lot of programs will
use colors. You can do this by

TERM=xterm-color; export TERM

in Bourne-derived shells, and

setenv TERM xterm-color

in csh-derived shells.
%
If you do not want to get beeps in X11 (X Windows), you can turn them off with

xset b off
%
You can look through a file in a nice text-based interface by typing

less filename
%
The default editor in FreeBSD is vi, which is efficient to use when you have
learned it, but somewhat user-unfriendly. To use ee (an easier but less
powerful editor) instead, set the environment variable EDITOR to /usr/bin/ee
%
If you accidentally end up inside vi, you can quit it by pressing Escape, colon
(:), q (q), bang (!) and pressing return.
%
You can use aliases to decrease the amount of typing you need to do to get
commands you commonly use. Examples of fairly popular aliases include (in
Bourne shell style, as in /bin/sh, bash, ksh, and zsh):

alias lf=”ls -FA”
alias ll=”ls -lA”
alias su=”su -m”

In csh or tcsh, these would be

alias lf ls -FA
alias ll ls -lA
alias su su -m

To remove an alias, you can usually use ‘unalias aliasname’. To list all
aliases, you can usually type just ‘alias’.
%
In order to support national characters for European languages in tools like
less without creating other nationalisation aspects, set the environment
variable LC_ALL to ‘en_US.ISO8859-1′.
%
You can search for documentation on a keyword by typing

apropos keyword
%
Man pages are divided into section depending on topic. There are 9 different
sections numbered from 1 (General Commands) to 9 (Kernel Developer’s Manual).
You can get an introduction to each topic by typing

man intro

In other words, to get the intro to general commands, type

man 1 intro
%
FreeBSD is started up by the program ‘init’. The first thing init does when
starting multiuser mode (ie, starting the computer up for normal use) is to
run the shell script /etc/rc. By reading /etc/rc, you can learn a lot about
how the system is put together, which again will make you more confident about
what happens when you do something with it.
%
If you want to play CDs with FreeBSD, a utility for this is already included.
Type ‘cdcontrol’ then ‘help’ to learn more. (You may need to set the CDROM
environment variable in order to make cdcontrol want to start.)
%
If you have a CD-ROM drive in your machine, you can make the CD-ROM that is
presently inserted available by typing ‘mount /cdrom’ as root. The CD-ROM
will be available under /cdrom/. Remember to do ‘umount /cdrom’ before
removing the CD-ROM (it will usually not be possible to remove the CD-ROM
without doing this.)

Note: This tip may not work in all configurations.
%
You can install extra packages for FreeBSD by using the ports system.
If you have installed it, you can download, compile, and install software by
just typing

# cd /usr/ports//
# make install && make clean

as root. The ports infrastructure will download the software, change it so
it works on FreeBSD, compile it, install it, register the installation so it
will be possible to automatically uninstall it, and clean out the temporary
working space it used. You can remove an installed port you decide you do not
want after all by typing

# cd /usr/ports//
# make deinstall

as root.
%
Nice bash prompt: PS1=’([$(tput md)]t [$(tput me)]) $(echo $?) $ ‘
– Mathieu
%
To see the output from when your computer started, run dmesg(8). If it has
been replaced with other messages, look at /var/run/dmesg.boot.
– Francisco Reyes
%
You can use “whereis” to locate standard binary, manual page and source
directories for the specified programs. This can be particularly handy
when you are trying to find where in the ports tree an application is.

Try “whereis netscape” and “whereis whereis”.
– Konstantinos Konstantinidis
%
You can press Ctrl-D to quickly exit from a shell, or logout from a
login shell.
– Konstantinos Konstantinidis
%
You can use “pkg_info” to see a list of packages you have installed.
– Konstantinos Konstantinidis
%
You can change the video mode on all consoles by adding something like
the following to /etc/rc.conf:

allscreens=”80×30″

You can use “vidcontrol -i mode | grep T” for a list of supported text
modes.
– Konstantinos Konstantinidis
%
Any user that is a member of the wheel group can use “su -” to simulate
a root login. You can add a user to the wheel group by editing /etc/group.
– Konstantinos Konstantinidis
%
Over quota? “du -s * | sort -n ” will give you a sorted list of your
directory sizes.
– David Scheidt
%
Handy bash(1) prompt: PS1=”u@h w !$ ”
– David Scheidt
%
Ever wonder what those numbers after command names were, as in cat(1)? It’s
the section of the manual the man page is in. “man man” will tell you more.
– David Scheidt
%
“man hier” will explain the way FreeBSD filesystems are normally laid out.
– David Scheidt
%
“man tuning” gives some tips how to tune performance of your FreeBSD system.
– David Scheidt
%
“man firewall” will give advice for building a FreeBSD firewall
– David Scheidt
%
You can often get answers to your questions about FreeBSD by searching in the
FreeBSD mailing list archives at

http://www.freebsd.org/search.html
%
You can adjust the volume of various parts of the sound system in your
computer by typing ‘mixer ‘. To get a list of what you can
adjust, just type ‘mixer’.
%
You can automatically download and install binary packages by doing

pkg_add -r

where you replace with the URL to the package. This will also
automatically install the packages the package you download is dependent on
(ie, the packages it needs in order to work.)
%
You can get a good standard workstation install by using the
instant-workstation port/package. If you have ports installed, you can
install it by doing

# cd /usr/ports/misc/instant-workstation
# make install && make clean

as root. This will install a collection of packages that is convenient to
have on a workstation.
%
You can get a good generic server install by using the
instant-server port/package. If you have ports installed, you can
install it by doing

# cd /usr/ports/misc/instant-server
# make install && make clean

as root. This will install a collection of packages that is appropriate for
running a “generic” server.
%
You can make a log of your terminal session with script(1).
%
“man ports” gives many useful hints about installing FreeBSD ports.
%
“man security” gives very good advice on how to tune the security of your
FreeBSD system.
%
Want to find a specific port, just type the following under /usr/ports,
or one its subdirectories:

“make search name=”
or
“make search key=”
%
Want to see how much virtual memory you’re using? Just type “swapinfo” to
be shown information about the usage of your swap partitions.
%
ports/net/netcat port is useful not only for redirecting input/output
to TCP or UDP connections, but also for proxying them. See inetd(8) for
details.
%
If other operating systems have damaged your Master Boot Record, you can
reinstall it either with /stand/sysinstall or with boot0cfg(8). See
“man boot0cfg” for details.
%
Need to see the calendar for this month? Simply type “cal”. To see the
whole year, type “cal -y”.
– Dru
%
Need to quickly return to your home directory? Type “cd”.
– Dru
%
To see the last time that you logged in, use lastlogin(8).
– Dru
%
To clear the screen, use “clear”. To re-display your screen buffer, press
the scroll lock key and use your page up button. When you’re finished,
press the scroll lock key again to get your prompt back.
– Dru
%
To save disk space in your home directory, compress files you rarely
use with “gzip filename”.
– Dru
%
To read a compressed file without having to first uncompress it, use
“zcat” or “zmore” to view it.
– Dru
%
To see how much disk space is left on your partitions, use

df -h
– Dru
%
To see the 10 largest files on a directory or partition, use

du /partition_or_directory_name | sort -rn | head
– Dru
%
To determine whether a file is a text file, executable, or some other type
of file, use

file filename
– Dru
%
Time to change your password? Type “passwd” and follow the prompts.
– Dru
%
Want to know how many words, lines, or bytes are contained in a file? Type
“wc filename”.
– Dru
%
Need to print a manpage? Use

man name_of_manpage | col -bx | lpr
– Dru
%
Need to remove all those ^M characters from a DOS file? Try

tr -d
< dosfile > newfile
– Originally by Dru
%
Forget what directory you are in? Type “pwd”.
– Dru
%
If you are in the C shell and have just installed a new program, you won’t
be able to run it unless you first type “rehash”.
– Dru
%
Need to leave your terminal for a few minutes and don’t want to logout?
Use “lock -p”. When you return, use your password as the key to unlock the
terminal.
– Dru
%
Need to find the location of a program? Use “locate program_name”.
– Dru
%
Forget how to spell a word or a variation of a word? Use

look portion_of_word_you_know
– Dru
%
To see the last 10 lines of a long file, use “tail filename”. To see the
first 10 lines, use “head filename”.
– Dru
%
To see how long it takes a command to run, type the word “time” before the
command name.
– Dru
%
To quickly create an empty file, use “touch filename”.
– Dru
%
To find out the hostname associated with an IP address, use

dig -x IP_address
– Dru
%
If you use the C shell, add the following line to the .cshrc file in your
home directory to prevent core files from being written to disk:

limit coredumpsize 0
– Dru
%
If you need a reminder to leave your terminal, type “leave +hhmm” where
“hhmm” represents in how many hours and minutes you need to leave.
– Dru
%
Need to do a search in a manpage or in a file you’ve sent to a pager? Use
“/search_word”. To repeat the same search, type “n” for next.
– Dru
%
Forget when Easter is? Try “ncal -e”. If you need the date for Orthodox
Easter, use “ncal -o” instead.
– Dru
%
Need to see your routing table? Type “netstat -rn”. The entry with the G
flag is your gateway.
– Dru
%
Need to see which daemons are listening for connection requests? Use
“sockstat -4l” for IPv4, and “sockstat -l” for IPv4 and IPv6.
– Dru
%
Can’t remember if you’ve installed a certain port or not? Try “pkg_info
-Ix port_name”.
%
To erase a line you’ve written at the command prompt, use “Ctrl-U”.
– Dru
%
To repeat the last command in the C shell, type “!!”.
– Dru
%
Need to quickly empty a file? Use “: > filename”.
– Dru
%
To see all of the directories on your FreeBSD system, type

ls -R / | more
– Dru
%
To see the IP addresses currently set on your active interfaces, type
“ifconfig -u”.
– Dru
%
To see the MAC addresses of the NICs on your system, type

ifconfig -a
– Dru
%
You can open up a new split-screen window in (n)vi with :N or :E and then
use ^w to switch between the two.
%
sh (the default Bourne shell in FreeBSD) supports command-line editing. Just
“set -o emacs” or “set -o vi” to enable it.
%
When you’ve made modifications to a file in vi(1) and then find that
you can’t write it, type “!rm -f %” then “:w!” to force the
write

This won’t work if you don’t have write permissions to the directory
and probably won’t be suitable if you’re editing through a symbolic link.
%
If you want to quickly check for duplicate package/port installations,
try the following pkg_info command.

pkg_info | sort | sed -e ’s/-[0-9].*$//’ |
uniq -c | grep -v ‘^[[:space:]]*1′
%
Want to use sed(1) to edit a file in place? Well, to replace every ‘e’ with
an ‘o’, in a file named ‘foo’, you can do:

sed -i.bak s/e/o/g foo

And you’ll get a backup of the original in a file named ‘foo.bak’, but if you
want no backup:

sed -i ” s/e/o/g foo
%
To obtain a neat PostScript rendering of a manual page, use “-t” switch
of the man(1) utility: “man -t ”. For example:

man -t grep > grep.ps # Save the PostScript version to a file
or
man -t printf | lp # Send the PostScript directly to printer

install portdowngrade first,
webserver# cd /usr/ports/ports-mgmt/portdowngrade
webserver# make install clean

now, lets downgrade our phpmyadmin,
webserver# /usr/local/sbin/portdowngrade phpmyadmin -s:pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs

portdowngrade 0.6 by Heiner Eichmann
Please note, that nothing is changed in the ports tree
unless it is explicitly permitted in step 6!

Please choose one: ——-> i choose 1

then follow the instruction

note: -s:pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs is the specific server, you can choose any server you like.

after finish downgrading, its time to uninstall your existing phpmyadmin.
webserver# cd /usr/ports/databases/phpmyadmin
webserver# make deinstall

now lets install your phpmyadmin
webserver# make install clean

=> phpmyadmin — cross-site scripting vulnerability.
Reference:
=> Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/databases/phpmyadmin.

if you find that error, dont worry because freebsd told us that our application has vurnelability.( because our phpmyadmin is the older version right?)

we can use -DDISABLE_VULNERABILITIES to ignore the vurnelability, here should we do:

webserver# make install clean -DDISABLE_VULNERABILITIES

now lets check your phpmyadmin, its back to older version right?
but you must know the risk if you downgrade any application, beware of the vurnelability.
its not recommended at all , but if must to do, why not?

Lets begin, Bismillahirrohmanirrohim….

i assume you already have root login.
dbserver#mysql -u root -p
Enter password: ————-> put your root password here

mysql>show databases;
+——————–+
| Database |
+——————–+
| information_schema |
| mysql |
| test |
+——————–+
3 rows in set (0.00 sec)

mysql> create database coba;
mysql> grant all on coba.* to root;
mysql> grant all on coba.* to root@localhost;
mysql> grant all on coba.* to cobauser;
mysql> grant all on coba.* to cobauser@localhost;
mysql> set password for cobauser@localhost=password(’pwdusercoba’);
mysql> quit

Now, lets upload your sql table to your databases . you must dump your sql table first ( iam not explain how to dump it in here). And upload to your directory.

make sure your sql-dump-file already upload to your directory.
dbserver# cd /home/youruser/
dbserver# ls
sqlname.sql ——> its your sql-dump-file

put your .sql to database,
dbserver# mysql -u root -p coba < sqlname.sql
password:
dbserver#

lets check,
dbserver#mysql -u root -p
Enter password:

mysql> show databases;
+——————–+
| Database |
+——————–+
| information_schema |
| coba |
| mysql |
| test |
+——————–+
4 rows in set (0.00 sec)

mysql> use coba;
mysql> show table;
blabla bla…..
( it must be show your table here)

mysql> quit

Bismillahirahmanirohim…..

webserper# uname -a
FreeBSD ns1.pagongxx.xxx 6.2-STABLE FreeBSD 6.2-STABLE #1: Mon Jun 2 21:23:05 WIT 2008 admin@ns1.pagongxx.xxx:/usr/src/sys/i386/compile/KERNEL1 i386

firstable, I must upgrate our port collection,

step by step upgrade port:
webserper# portsnap fetch
webserper# portsnap extract

now, lets check installed aplication in our webserver.

webserper# pkg_version

apache <
autoconf <
autoconf <
autoconf-wrapper =
awstats <
bandwidthd <
bind9-base <
chkrootkit <
cvsup-without-gui <
db41 =
php4-bz2 <
php4-calendar <
php4-ctype <
php4-ftp <
php4-gd <
php4-gettext <
mrtg <
mysql-client <
net-snmp <
nmap <
phpmyadmin <

etc…

its mean, apache, php, mysql and other ( < ) need to upgrade, except autoconf-wrapper and db41( = ).

Now, lets check the vurnability,
webserper# /usr/local/sbin/portaudit apache

if you want to check all aplication in your server, you can use this:
webserper# /usr/local/sbin/portaudit –Fd

Oke, lets do upgrade those aplication.

webserver# /usr/local/sbin/portupgrade apache

webserver# /usr/local/sbin/portupgrade phpmyadmin

webserver# /usr/local/sbin/portupgrade chkrootkit

etc…

For upgrade php is little bit different because I want upgrade my php4 to php5, so here is the step ( its better to turn off your apache first)

webserper# apachectl stop

webserper# cd /usr/ports/lang/php5
webserper# make config (Note: make sure ‘Apache’ is checked here)
webserper# portupgrade -f -o lang/php5 php4-4.4.2_1

if u finish, there should be a file /usr/local/etc/php.conf,
that contains the following:

webserper# cat /usr/local/etc/php.conf
PHP_VER=5
PHP_VERSION=5.1.4
PHP_SAPI=cli cgi mod

Now check in your httpd.conf and check this line and make sure this line uncomment.

webserper# ee /usr/local/etc/apache22/httpd.conf

LoadModule php5_module libexec/apache22/libphp5.so

run your apache:
webserper# apachectl start

oke, web server already update now.
Thank you all