Thursday, 7 November 2019

Changing Number of Failed Attempts in Linux Hosting Firewall

When we purchase a dedicated linux server for our company, mostly we have to take care of its security. Its evident that, there are many attackers trying to penetrate through the systems for their attack initilizations. So if our server doesn't have any firewall, the chance of getting hacked is high. So every company will configure Firewall in their server. Mainly the services are  termed as CSF(ConfigServer Security firewall) and Login Failure Daemon(LFD).

CSF

The ConfigServer Security firewall known as CSF is an open source software and most commonly used to configure the advanced firewall in Linux servers such us Login detection, SSH login notifications, etc. CSF provides the wide range of protection on your Linux servers.  By default, CSF firewall will be blocked IP address when entering wrong username or password in more than 5 times in the last 3600 seconds.

LFD

LFD stands for Login Failure Daemon is a process that is a part of the CSF that checks periodically for potentials threats to a server. The CSF is working with LFD. CSF checks the LFD logs for failed login attempts at a regular time interval and is able to find most unauthorized attempts to gain access to your Linux server. 

Changing Configuration From Comman Line or Terminal

Edit csf configuration via command line(CLI)

1) Login to Server as a root user.

2) Open the csf config file using the text editor like vi, vim.

vi /etc/csf/csf.config

3) Then find the following entries.

To change FTP login failed attempt value.

LF_FTPD = “10”

To change the value failure detection of SMTP AUTH connections.

LF_SMTPAUTH = “5”

To change login failure detection value of courier pop3 connections.

LF_POP3D = “5”

To change login failure detection value of courier imap connections

LF_IMAPD = “10”

To change login failure detection value of cPanel, webmail and WHM connections.

LF_CPANEL = “5”

4) Then save this config file after changing these values.

5) You have to restart csf and lfd services.

csf -r

service csf restart.

service lfd restart.

Changing Configuration From WHM

1) Login to WHM as a root user.


2) Go to Plugins >> ConfigServer Security & Firewall.
3) Go To Firewall Configurations

4) Go Inside configuration , now search for   LF_FTPD,  LF_SMTPAUTH   ,LF_POP3D, LF_IMAPD , LF_CPANEL
change its values... and restart the firewall... Now your issues will be resolved!!




Monday, 4 November 2019

Integrating Paypal into Your PHP Website with Dynamic Price

In this advanced world where online shopping is the new trend, its envitable for all the online selling providers to integrate payment gateways on their websites.People dont want to spend time on direct shopping or cash payments.etc.. So Here am explaining about simple way of integrating paypal buttons to your website.
1)First of all You have to create a paypal account. Also its better to create a sandbox accounts for testing. Better if you can create a buyer & seller sandbox accounts to check whether the transaction is happening or not.


2) Login to developer area.Create an app.
When you go inside you will get client id from the app created. So for testing purpose you can create a sandbox app for it and use its Client ID. 

3)In you website Checkout Page . Paste this Code:-

  <!-- Set up a container element for the button -->
    <div id="paypal-button-container"></div>

    <div id="info1"> </div>

    <!-- Include the PayPal JavaScript SDK -->
    <script src="https://www.paypal.com/sdk/js?client-id=CLIENT_ID&currency=USD"></script>
Replace CLIENT_ID with your client id , which i explained before. Currency you can set according to your preference based on the available Paypal Currencies.

4) In this Page you should have 2 things. one is the amount payable. this i want you to store in a variable called "payamount". if your currency is not available, you can convert same to USD using conversion rates and save it in same variable. Another thing you have to save is the corresponding order id of the order in your website. This is for saving the payment record corresponding to this transaction in your database. Save this value to a variable called "orderid".

<?php
 $orderid=$_GET['d'];
 $_SESSION['orderid']=$orderid;
 
 ?>

5)Before next step I want you to create one table in your database  called payments. This will save all payment records corresponding to the orders. So you can check whether the payment is done or not.

CREATE TABLE IF NOT EXISTS `payments` (
    `id` int(6) NOT NULL AUTO_INCREMENT,
    `txnid` varchar(20) NOT NULL,
    `payment_amount` decimal(7,2) NOT NULL,
    `payment_status` varchar(25) NOT NULL,
    `orderid` varchar(25) NOT NULL,
    `createdtime` datetime NOT NULL,
   `payer_name` varchar(100) NOT NULL,
   `payer_email` varchar(100) NOT NULL,
    `payer_id` varchar(100) NOT NULL,
    PRIMARY KEY (`id`)
    ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;

6) Now paste this code :-, I will explain the function one by one.

 <script>
        // Render the PayPal button into #paypal-button-container
        paypal.Buttons({
            // Set up the transaction
            createOrder: function(data, actions) {
                return actions.order.create({
                    purchase_units: [{
                        amount: {
                            value: '<?php echo $payamount;  ?>'
                        }
                    }]
                });
            },

            // Finalize the transaction
            onApprove: function(data, actions) {
                return actions.order.capture().then(function(details) {
                    // Show a success message to the buyer
                     console.log(details);
                    alert('Transaction completed by ' + details.payer.name.given_name + '!');
                    var name=details.payer.name.given_name;
                    var txnid=details.id;
                    var email=details.payer.email_address;
                    var payerid=details.payer.payer_id;
                    var status=details.status;
                    var updated_date=details.update_time;
                    var payamount = <?php echo $payamount;  ?>;
                   
                      $.ajax({
    type: "POST",
    url:  "postpayment.php",
    data: 'name='+name+'&txnid='+txnid+'&email='+email+'&payerid='+payerid+'&status='+status+'&updated_date='+updated_date+'&payamount='+payamount,
    success: function(data){
        $("#info1").html(data);
    }
  });
                    
                });
            }


        }).render('#paypal-button-container');
    </script>

I have highlighted some variables with red, to  explain you, how it works. In that line

 value: '<?php echo $payamount;  ?>'

Here we are passing the payment amount to the paypal function. After thr transaction gets completed, paypal will return us an array with the success parameters. The enxt thing we have to do is fetch it and pass to our php function and save it..

                   var name=details.payer.name.given_name;
                    var txnid=details.id;
                    var email=details.payer.email_address;
                    var payerid=details.payer.payer_id;
                    var status=details.status;
                    var updated_date=details.update_time;
                    var payamount = <?php echo $payamount;  ?>;
Here am fetching the required values from the details object and parsing one by one. If you closely check, these all values we want to save it in our database.

    url:  "postpayment.php",
This is the php page where am passing these variables as POST method.. Iam passing it like:-
'name='+name+'&txnid='+txnid+'&email='+email+'&payerid='+payerid+'&status='+status+'&updated_date='+updated_date+'&payamount='+payamount,
These variables can be received by the php page as POST varaibles and can save it in database.

7) create a page called postpayment.php

<?php
ob_start();
session_start();
//Connect Database Here

$name=strip_tags($_POST['name']);
$email=strip_tags($_POST['email']);
$txnid=strip_tags($_POST['txnid']);
$payerid=strip_tags($_POST['payerid']);
$status=strip_tags($_POST['status']);
$updated_date=strip_tags($_POST['updated_date']);
$orderid=$_SESSION['orderid'];
$payamount=strip_tags($_POST['payamount']);


$paydet=$pay->getdetails($txnid);

if(count($paydet)<=0){
$insert=array('txn_id'=>$txnid,'payment_amount'=>$payamount,'payment_status'=>$status,'orderid'=>$orderid,'createdtime'=>$updated_date,'payer_name'=>$name,'payer_email'=>$email,'payer_id'=>$payerid);
$pay->addpayment($insert);
$lastid=$pay->lastInsertId();
echo "Your Payment transaction is successfull.Please Note your Payment Reference No. : PAYREF-".$lastid;

}


?>
You can use your own db connection methods. Dont forget to initialize session as you remember, we saved order id as a session varaiable. you can also pass it via ajax with the other varaiables. But am not doing it. So then , assign all varables came as POST method into an array and save it in your database. You can also check, whether same transaction is saved before or not. After you do the payment using your sandbox accounts, check whether value i s saved in database or not. if success, Congratzz.. otherwise recheck above instructions again.

8) If this is success, replace the sandbox app client id with Live app client ID. Enjoy...