Centos: How to fine tune your Apache SSL server


The fine tuning of the SSL server side configuration is slow and tedious but necessary procedure. It’s always good to have your SSL site to conform the most latest security standards. It boosts ego and makes customer happy too. It turns out that all you need for that is already at your disposal the point is to properly configure it.
Read more »

Share Button

Sysadmin: Brute force detection – custom rule for SMTP and SSH

I wrote before about excellent tool BFD that allows to block brute force password guessing attempts on different network services.
I prefer it to Fail2ban because of portability (bash script) system resource consumption (bash script!) and extendаbility (true “unix way” modularity).
I also wrote before a brief instruction on how to extend BFD with your own rule to fight with apache/Wordpress DOS attack.
In this post I will show you how to write custom rules to block SMTP password guessing brute force attempts and SSSHD

Read more »

Share Button

Centos: recover MySQL users access after upgrade to MySQL-5.5

I had one of my customers asking me for the MySQL server version upgrade (OS provided MySQL 5.1.73 to something above MySQL 5.5) for one of his dedicated servers. Neither of us expected any problems from that, but we’ve ran into some that we had to resolve quickly because of production web sites running on the same server.
For more modern software versions I usually use excellent IUS reposity which in combination with EPEL repository serves about 87% of my needs in 3rd party packages and updates.
Read more »

Share Button

I have to say it: Debian package management beats it all

Yes, I need to get it out of my system, once and for all.
With all due respect to the selfless efforts of all Debian developers I have to admit that in the course of my professional career I’ve never dealt with such an confusing, obscure and downright inconvenient package management tools. You guys even left Sun far behind.
And I’ve see it all.
Here, I’ve said it, now you can hate me because you can’t allow yourselves to admit that I’m right.

Share Button

Wordpress: Database access error of doom

wp-db-error Usually it happens after migration. When there is absolutely nothing that could possibly go wrong:
Read more »

Share Button

sysadmin: cPanel installation script detected MySQL and failed

While trying to install cPanel control panel on just reimaged server I’ve got an interesting error, I’ve never seen before:

Read more »

Share Button

sysadmin: Apache, FastCGI and PHP-FPM working config

apache-php-fpm
I was looking for working config for the combination of apache mod_fastcgi and PHP-FPM and could not find any. I mean there were plenty of examples and discussions but none of them were operational. The closest was the article on server-world.info site.
Based on that information I was able to put together working configuration for multiple virtual hosts.
Read more »

Share Button

Windows: Set lightweight web browser as MS windows default web browser application.

qtwebI was thinking the other day – it’s not really safe to have MS windows default browser set to MS Internet Explorer, so any URL you accidentally click will be open with it. For the work related activity I user portable browsers. But what about everything else – this is not really safe no matter how many MS security updates are published every week.
So, I decided to find something really small and “feature-poor” to assign it to the default browser.
Read more »

Share Button

Sysadmin: How to see the name of PHP script that sent that e-mail

phplogo SPAM e-mail is the common problem these days and in most cases the cause of this problem is the lack of security on the hosted web sites. Various badly designed PHP scripts expose the hosting server MTA to be used as SPAM e-mails source. First and foremost step in resolving this problem would be to determine the originating PHP script that was used to send e-mails.
Read more »

Share Button

OSX: PPTP VPN networking problem solved with custom MTU

osx0
I had an interesting complain the other day – customer experienced connectivity problems trying to access some web sites while on PPTP VPN connection. The VPN server was running on Linux and also under our control so troubleshooting the situation was pretty easy. All MS Windows based clients didn’t have this problem, only OSX based clients.
Read more »

Share Button
Page 1 of 712345...Last »