Archive for Apache

Blocking WordPress Brute Force Attacks against wp-login.php

We had a support request recently that indicated a server was under heavy load due to a wordpress wp-login.php brute force login attack. This attack was impacting 3 customer servers from more than 500 different IP addresses. We needed a solution fast. Others on the internet have reported tens of thousands of unique IPs involved […]

Read more

Safari providing an SSL error “client certificate rejected” when other browsers work

If you’re receiving an error message such as: Safari can’t open the page “https://example.com”. The error was: “client certificate rejected” (NSURLErrorDomain:-1205) Please choose Report Bug to Apple from the Safari menu, note the error number, and describe what you did before you saw this message. It’s likely because the web server you are connecting to […]

Read more

Plesk PHP upgrade

We are often asked to upgrade PHP on Plesk based systems. When working with Plesk based control panel systems, PHP is typically maintained by the operating system. This means RedHat 5 and CentOS 5 based servers will be running PHP version 5.1.6. Many applications have a requirement of PHP 5.2 or greater. A few options […]

Read more

CentOS5 and PHP52 upgrade rpms

We encounter many scenarios where using the latest version of PHP is required. No great way, aside from downloading the PHP5 source and compiling, is available. That is, until you discover then IUS Community Project.

Read more

Great security and auditing resource for your network

The Center for Internet Security  has a great list of security configuration and audit guidelines. A great resource comprised of 40+ consensus Security Configuration Benchmarks for Operating Systems, Middleware, Software Applications and Network Devices. The Benchmarks are: Recommended technical control rules/values for hardening operating systems, middleware and software applications, and network devices; Unique, because the […]

Read more

Securing your Linux server

We deal with security related issues nearly every day. Many of these issues could be prevented with a few minor changes to php.ini along with the installation of mod_security. It is simply amazing how many machines are hacked, and then used for the sole purpose of sending spam, denial of service (DoS) attacks or Botnets.

Read more

HTTP to HTTPS via mod_rewrite

To redirect a website from http -> https I utilized mod_rewrite. And created a .htaccess file with the following contents. $ cat .htaccess Options FollowSymLinks RewriteEngine On RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^(.*) https://your_server.com/$1 This can be useful if you need to ensure all access to your site, is done via HTTPS.

Read more

Removing a passphrase from an SSL Key

The typical process for creating an SSL certificate is as follows: # openssl genrsa -des3 -out www.key 2048 Note: When creating the key, you can avoid entering the initial passphrase altogether using: # openssl genrsa -out www.key 2048 At this point it is asking for a PASS PHRASE (which I will describe how to remove): […]

Read more