We deal with security related issues nearly every day. Many of these issues could be prevented with a few minor changes to php.ini along with the installation of mod_security. It is simply amazing how many machines are hacked, and then used for the sole purpose of sending spam, denial of service (DoS) attacks or Botnets.

(more…)

Share This

You may find this iptables based method of limiting packets useful. For example, to drop connection from from someone who is trying to brute force your passwords via ssh.

I have a particular case, where a customer wants to be notified if more than X number of SMTP connections are being generated from a particular IP address over a period of time.

Here are the commands..

(more…)

Share This

I was just asked today to provide a quick overview of the steps necessary to rename a filesystem. And here is what I came up with. Please use this information at your own risk, and always ensure you have a backup just in case something does not go well.

(more…)

Share This

I have recently been working on virtualizing Windows and Linux machines using Xen. A few things popped up along the way and a bit of research was done to make things work properly, these are some of the notes I took.

Depending on the requirements, LVM may make sense for your implementation. One particular advantage is LVM snapshots for backups.

A setup I am working on now consists of 4 systems with a dedicated LVM device, and an lvm based mount point for file based VMs.
(more…)

Share This

To redirect a website from http -> https I utilized mod_rewrite. And created a .htaccess file with the following contents.

$ cat .htaccess
Options FollowSymLinks
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*) https://your_server.com/$1

This can be useful if you need to ensure all access to your site, is done via HTTPS.

Share This

The typical process for creating an SSL certificate is as follows:

 # openssl genrsa -des3 -out www.key 1024

At this point it is asking for a PASS PHRASE (which I will describe how to remove):

 Enter pass phrase for www.key:

 # openssl req -new -key www.key -out www.csr

Next, you will typically send the www.csr file to your registrar. In turn, you should receive a key.
(more…)

Share This

This document serves as a starting point for MySQL performance tuning. This document is a combination of research and experience. When I started this document, I utilized a great Google video [1] as a reference for the document structure and many bullet items. I would suggest watching this video. I then filled in a few blanks, and combined a few other articles into this overview.
(more…)

Share This