The fine tuning of the SSL server side configuration is slow and tedious but necessary procedure. It’s always good to have your SSL site to conform the most latest security standards. It boosts ego and makes customer happy too. It turns out that all you need for that is already at your disposal the point is to properly configure it.
Read more »
Monthly Archives: December 2016
Centos: How to fine tune your Apache SSL server
Sysadmin: Brute force detection – custom rule for SMTP and SSH
I wrote before about excellent tool BFD that allows to block brute force password guessing attempts on different network services.
I prefer it to Fail2ban because of portability (bash script) system resource consumption (bash script!) and extendĐ°bility (true “unix way” modularity).
I also wrote before a brief instruction on how to extend BFD with your own rule to fight with apache/Wordpress DOS attack.
In this post I will show you how to write custom rules to block SMTP password guessing brute force attempts and SSSHD
Centos: recover MySQL users access after upgrade to MySQL-5.5
I had one of my customers asking me for the MySQL server version upgrade (OS provided MySQL 5.1.73 to something above MySQL 5.5) for one of his dedicated servers. Neither of us expected any problems from that, but we’ve ran into some that we had to resolve quickly because of production web sites running on the same server.
For more modern software versions I usually use excellent IUS reposity which in combination with EPEL repository serves about 87% of my needs in 3rd party packages and updates.
Read more »