I’ll show you here how to validate the IP address using regular expression in PHP.

IP address consists four parts. Each parts separated by period “.” and these part consists the digits which ranges from 0 to 255.

Function to validate IP address in PHP using Regular Expression

//function to validate ip address format in php
function validateIpAddress($ip_addr)
{
//first of all the format of the ip address is matched
if(preg_match(“/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/”,$ip_addr))
{
//now all the intger values are separated
$parts=explode(“.”,$ip_addr);
//now we need to check each part can range from 0-255
foreach($parts as $ip_parts)
{
if(intval($ip_parts)>255 || intval($ip_parts)<0)
return false; //if number is not within range of 0-255
}
return true;
}
else
return false; //if format of ip address doesn’t matches
}

As you can see above, first of all the format of the “$ip_addr” is validated using regular expression. In the regular expression “\d{1,3}” means that there should be digits which can be either 1 to 3 digits because a IP Adress can be “222.0.123.12″ or
“12.15.123.5″. So, each part can consists 1 to 3 digits.

After validating the format using regular expression, each part of the IP address is separated using period(“.”) using explode() function available in PHP. And finally, it is checked that each part of the IP address is between 0 to 225 or not.

If you’re interested in writing your own, you can download a database from sourceforge, or http://www.hostip.info for example..

Then use it to get the country from the IP.

Another way is to use a webservice.

For instance you can use this one:
http://www.hostip.info/use.html

To get the country would be:

http://api.hostip.info/country.php?ip=$IP

Where $IP is the user IP.

PHP would look something like:

<?php

$country = ”;
$IP = $_SERVER['REMOTE_ADDR'];

if (!empty($IP)) {
$country = file_get_contents(‘http://api.hostip.info/country.php?ip=’.$IP);
}
?>

OS: CentOS 6 64bit
VPN server:  209.85.227.26
VPN client IP: 209.85.227.27 - 209.85.227.30
VPN username: vpnuser
Password: myVPN$99

1. Install ppp via yum:

$ yum install ppp -y

2. Download and install pptpd (the daemon for point-to-point tunneling). You can find the correct package at this website http://poptop.sourceforge.net/yum/stable/packages/ :

$ cd /usr/local/src
$ wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.el6.x86_64.rpm
$ rpm -Uhv pptpd-1.3.4-2.el6.x86_64.rpm

3. Once installed, open /etc/pptpd.conf using text editor and add following line:

localip 209.85.227.26
remoteip 209.85.227.27-30

4. Open /etc/ppp/options.pptpd and add DNS resolver value:

ms-dns 8.8.8.8

5. Lets create user to access the VPN server. Open /etc/ppp/chap-secrets and add the user as below:

vpnuser pptptd myVPN$99 *

6. We need to allow IP packet forwarding for this server. Open /etc/sysctl.conf via text editor and change line below:

net.ipv4.ip_forward = 1

7. Run following command to take effect on the changes:

$ sysctl -p

8. Allow IP masquerading in IPtables:

$ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

9. Turn on the pptpd service at startup and reboot the server:

$ chkconfig pptpd on

telnet x.x.x.x

After this type in the following commands:

service system modify name=SNMP_AGENT state=enabled

to check if it is really enabled type:

service system list

Default the community string is public. If you want to change it to your own one type the following cli:

snmp community add securityname=ROCommunity communityname=<community>

If you have a Linux System you can also check if it’s working. Go to your bash shell and type the following command:

snmpwalk -m ALL -v1 -c <communitystring> <ip address router>

There is hope, EPEL to the rescue again:

rpm -ivh http://download.fedora.redhat.com/pub/epel/6/x86_64/epel-release-6-5.noarch.rpm

yum update

yum install php-mcrypt

**Please note the above download is for CentOS 6 x86_64**

On the client machine, the user must generate a public / private keys pair that will identify himself on the servers. One can choose to protect it with password or not.

Letting it with no password, means that anyone with access to the key files (eg. root on the client’s machine) will have the same level of access of the user and no password will be asked when the client tries to connect to the servers.

Protecting the keys with password means that every time the user tries to connect to a server using those keys , the password for decrypting it will be asked. This is surely more secure, since anyone who can read the key files, will only see an encrypted version.

To generate the key pair do:

john@laptop:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/john/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/john/.ssh/id_rsa.
Your public key has been saved in /home/john/.ssh/id_rsa.pub.
The key fingerprint is:
44:3e:ef:58:94:15:52:c2:88:ca:ab:21:43:53:3d:42 john@laptop
john@laptop:~$

Just let the default file (~/.ssh/id_rsa). Enter the password at choice, as explained before. If you need to change the password or add one, do:

john@laptop:~$ ssh-keygen -p
Enter file in which the key is (/home/john/.ssh/id_rsa):
Key has comment ‘/home/john/.ssh/id_rsa’
Enter new passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved with the new passphrase.
john@laptop:~$

In this case, a new password was added. Note that this operation does not change the public / private key pair. It only changes its encryption.

Install the public key on the servers

Once the public key is installed on the server, access will be granted with no password question. SSH usually comes with an utility called ssh-copy-id that simply adds the contents of client’s ~/.ssh/id_rsa.pub to the server’s ~/.ssh/authorized_keys:

john@laptop:~$ ssh-copy-id -i .ssh/id_rsa.pub root@192.168.0.1
15
john@192.168.0.1′s password:
Now try logging into the machine, with “ssh ‘john@192.168.0.1′”, and check in:

.ssh/authorized_keys

to make sure we haven’t added extra keys that you weren’t expecting.

john@laptop:~$

Note that at this point password access is needed. This procedure can be done by any other way you wish. For example, the server’s administrator himself can add the public key to allow a user access, instead of giving him a password.

Access

At this point, user’s account on the server can be locked for password authentication. On Linux systems, one can make:

root@192.168.0.1:~# passwd -l john

to lock john’s account. Key authentication will still be possible.

Now, try to access the server:

john@laptop:~$ ssh john@192.168.0.1
Enter passphrase for key ‘/home/john/.ssh/id_rsa’:
john@192.168.0.1:~$

On this case, the client’s key was encrypted and its password was asked. If it had no password, nothing would have been asked, and access would be direct:

john@laptop:~$ ssh john@192.168.0.1
john@192.168.0.1:~$

How do I check my system?
Go to www.dnsreport.com and enter your domain name, eg webhostgear.com

You are safe if you see:
PASS Open DNS servers

You need to follow this tutorial if you see:
FAIL Open DNS servers

Closing Open DNS Servers Tutorial

1) Login to your server and su to root.

2) Edit the /etc/named.conf file such as:# vi /etc/named.conf

Look for:

key "rndckey" {
};

After this add the following, replacing mainIP and secondaryIP with your systems nameservers.

acl "trusted" {
mainIP;secondaryIP;127.0.0.1;
};

or if you want to allow your local subnet:

acl trusted {
 192.168.1.0/24;
 localhost;
 };

3) After that is done you want to add the section that says only the trusted is allowed for certain functions. Check your options area and make sure you add the following:

allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };

So the final result looks something like:

options {
        directory "/var/named";
        allow-recursion { trusted; };
        allow-notify { trusted; };
        allow-transfer { trusted; };
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
         // query-source address * port 53;
};

4) Save the changes and restart the named service: service named restart

5) Recheck your site at dnsreport.com

Here’s what you need to do:

1. Log into PayPal
2. Click ‘Profile’
3. Click ‘Custom Payment Pages’ under ‘Selling Preferences’
4. Click ‘New’
5. Enter a name for your custom page. In the ‘Header Image URL’ field, paste the URL that we provide you with. This will be different for everyone, because you all have different business logos.

1. Click Save
2. Select the new page and then choose ‘Make Primary’ and then click ‘Yes’ when you’re prompted if you’re sure you want to do this.

Now when your customers see your PayPal checkout page they no longer see just your email address, they see your business logo instead.