mobile logo

Apache There are 8 posts in this category

8

We had a support request recently that indicated a server was under heavy load due to a wordpress wp-login.php brute force login attack. This attack was impacting 3 customer servers from more than 500 different IP addresses. We needed a solution fast. Others on the internet have reported tens of thousands of unique IPs involved in this attack. There is currently a significant attack being launched at a large number of WordPress blogs across the Internet. The attacker is brute force attacking the WordPress administrative portals, using the username "admin" and trying thousands of passwords. It appears a botnet is …

Read More

If you're receiving an error message such as: Safari can’t open the page “https://example.com”. The error was: “client certificate rejected” (NSURLErrorDomain:-1205) Please choose Report Bug to Apple from the Safari menu, note the error number, and describe what you did before you saw this message. It's likely because the web server you are connecting to has Apache configured for "SSLVerifyClient optional". It appears that with Safari 5 (or perhaps even earlier) the browser will negotiate client certificates improperly with the web server. While other browsers like Google Chrome and Firefox will not have an issue, Safari is rendered incapable …

Read More

Plesk PHP upgrade

0 Comments

We are often asked to upgrade PHP on Plesk based systems. When working with Plesk based control panel systems, PHP is typically maintained by the operating system. This means RedHat 5 and CentOS 5 based servers will be running PHP version 5.1.6. Many applications have a requirement of PHP 5.2 or greater. A few options are available, we will discuss two solutions below.. Use the Atomic Corp PHP upgrade guide One simple solution is to utilize Atomic Corps PHP upgrade guide. We have used this solution successfully in the past. This wiki ebtry from Atomic Corp provides a complete …

Read More

We encounter many scenarios where using the latest version of PHP is required. No great way, aside from downloading the PHP5 source and compiling, is available. That is, until you discover then IUS Community Project. What is the IUS Community Project? The IUS Community Project is an effort to package rpms of the latest stable versions of the most commonly requested software on Red Hat Enterprise Linux and CentOS.   IUS provides a better way to upgrade PHP/MySQL/Python/Etc on RHEL or CentOS.  The project is run by professional Linux Engineers that are primarily focused on RPM Development in the web hosting industry. What …

Read More

The Center for Internet Security  has a great list of security configuration and audit guidelines. A great resource comprised of 40+ consensus Security Configuration Benchmarks for Operating Systems, Middleware, Software Applications and Network Devices. The Benchmarks are: Recommended technical control rules/values for hardening operating systems, middleware and software applications, and network devices; Unique, because the recommendations are defined via consensus among hundreds of security professionals worldwide; Downloaded approximately 1 million times per year; Distributed freely by CIS in .PDF format (some are available to CIS Members only in XML format via the CIS Members web site); Used by thousands of enterprises as the basis for security configuration …

Read More

We deal with security related issues nearly every day. Many of these issues could be prevented with a few minor changes to php.ini along with the installation of mod_security. It is simply amazing how many machines are hacked, and then used for the sole purpose of sending spam, denial of service (DoS) attacks or Botnets. Security is a practice of managed risk. The strength of your system security is directly related to your commitment to managing your server. It is not realistic, or possible, to guarantee your system is completely secure. This will be an evolving document, please feel free …

Read More

To redirect a website from http -> https I utilized mod_rewrite. And created a .htaccess file with the following contents. $ cat .htaccess Options FollowSymLinks RewriteEngine On RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^(.*) https://your_server.com/$1 This can be useful if you need to ensure all access to your site, is done via HTTPS.

Read More

The typical process for creating an SSL certificate is as follows: # openssl genrsa -des3 -out www.key 2048 Note: When creating the key, you can avoid entering the initial passphrase altogether using: # openssl genrsa -out www.key 2048 At this point it is asking for a PASS PHRASE (which I will describe how to remove): Enter pass phrase for www.key: # openssl req -new -key www.key -out www.csr Next, you will typically send the www.csr file to your registrar. In turn, your registrar will provide you with the .crt (certificate) file. From a security standpoint utilizing a passphrase, is a good thing, but from a …

Read More