And taking nice backups easy to be restored.
The story is quiet simple: some times ago I would have liked to have a kind of 8 months old backup for a friend of mine, but it was too late. So now, I want backups with a decent retention. So I can go “back in time” and recover files. Another choice could have been Subversion, but I’m going to backup images as well so, for this reason I’ll not take Subversion into consideration.
Continue reading “Installing and configuring Bareos (Bacula fork) with web front-end on Debian Wheezy.”
(Visited 39,272 times, 1 visits today)
I’m going to test out some relevant Content Management System from the Open Source planet. This time i will try to install and configure Hippo Cms. Since I already tried almost all famous CMS written in php, this time we will take a look to this one, written in Java.
About Java: first time i came to speak about Java, a tremendous miskate was made. In fact while my interlocutor was speaking about Java as a Server-sided tech, i was speaking about the client part, the one i don’t like at all, and actually all considered, is slow, subject of contiuous updates, quiet bothering i mean. And my recentest memory about this is the callcenter dudes who had to manage oracle forms through a java web GUI: a nightmare!.
Anyway, as we all know, “the good is oft(en) interred with their bones“… so let it be with java for clients and let’s start seeing what do I need in order to start serving jsp from my machine. Continue reading “Exploring Open Source CMS: Hippo”
(Visited 1,099 times, 1 visits today)
Here you are my latest crash during a heavy snowing.
I had some damages: one motor with bended shaft, an arm of the Q450 was slightly broken and rubber band philosophy always wins. In fact thanks to the rubber bands both the cameras simply detatched from the platform falling on theur own weight, avoiding sustaining the entire platform weight, as at the opposite, the poor motor #4 did. Continue reading “My latest crash under the snow”
(Visited 1,530 times, 1 visits today)
As I wrote in a previous article, someone is buzzing my server with continuous requests for inexistent resources, just like /browserToolbarGetData?v=2. This could be related with a new ip address i just boght, i don’t know yet but there is no trace of this io address history, so i think i’m the first using it, so io’m prone to belive it is just a remote possibility… anyway let’s tale some countermeasures.
Continue reading “[Solved] Apache2 access log browserToolbarGetData?v=2”
(Visited 191 times, 1 visits today)
This webpage http://file.oboz.ua/files/vf4f51401192c57_20123223481.mail%5B1%5D is trying to make a fishing attack using this page to serve unprocessed html code in order to make something with user of mail.ru.
if you see a log entry like this:
126.96.36.199 - - [02/Jan/2013:08:53:31 +0000] "GET /mapi?query=%7B%22cmd%22%3A%22getCounters%22%2C%22jsonPrefix%22%3A%22__PHJSONPCallback_47%22%7D&rnd=1357116906112 HTTP/1.1" 403 507 "http://my.mail.ru/friends?" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.12 (KHTML, like Gecko) Maxthon/3.0 Chrome/18.0.966.0 Safari/535.12"
Continue reading “Apache2 access.log problem mapi?query= cmd getCounters jsonPrefix _PHJSONPCallback_1046 &rnd=”
(Visited 2,340 times, 1 visits today)
How to secure WordPress using advanced tools like fail2ban.
This rules can cut out search engines from your server and they can affects all the sites hosted on the machine you are working on. I’m writing this because at the end it turned out that a better solution to prevent distribuited flooding is to use iptables with custom rules.
Fail2ban is one of my favourite server securing software, because it not only protects against several consequences deriving from being attacked by some script kiddy, but it saves a lot of system resources otherwise wasted serving pages to bots or similar.
I just discovered an annoying and repeated access log entry on my access logs wich leads to a 403/404 (i faked a little tso it makes sense for this article) error page (forbidden) and then i decided to let a specialized software do the job instead of using wordpress plugin, wich ,would act at a php/mysql level having to generate each time server headers, and here again, wasting server resources.
Some of these log entries looked loke this: Continue reading “Securing WordPress (or any site) with fail2ban: prevent vuln scanners, flood and bruteforce attack”
(Visited 4,429 times, 1 visits today)
This article will go through the complete process in order to obtain, install and run an SSL Webserver Certificate for free with ISPConfig3 and Startssl dot com.
Some years ago i discovered this useful service for generating Class 2 webserver certificates, very useful to offer your user a secure, encrypted connection over wich they can send their data reducing the risks of being sniffed (i’ll write something about sniffing).
Continue reading “Free SSL Certificate to Ispconfig websites with Startssl – How to”
(Visited 36,952 times, 1 visits today)
Shineisp is an italian open source WHM (Web Hosing Management) and we are going to give it a try. I recall i alredy installed it last year, but the machine had a poor hardware and shineisp is a greedy MVC php–mysql program. For this “instalfiguration” we assume we are on Debian Squeeze and we will cover the steps needed to get shineisp up and running in 10 minutes.
Continue reading “Shineisp Installation Log / mini How to”
(Visited 2,330 times, 1 visits today)
It may happen in several hosting environments to discover this line in your webserver error log:
ALERT - configured POST variable limit exceeded - dropped variable 'name_of_dropped_variable' (attacker '188.8.131.52', file '/several dirs..../wp-admin/post.php'), referer: http://sitename.tld/wp-admin/post.php?post=181&action=edit
Well i discovered and solved this situation:
Cause: It is caused by PHP suhosin
you can “locate” it on your disk it using the “locate” command as follows
(if it is first time you use locate) type:
# locate suhosin
for my machine (debian) it is located within /etc/php5/conf.d/suhosin.ini
so you can edit it by typing:
Now, look into your suhosin.ini fìle until you see the followings vars:
You want to remove the comment symbol “;” from the very beginning of these two lines and the increase the default value (it should be 200) to at least 500 in order to make complex wordpress themes working properly.
Remember to kick apache2 typing
(Visited 2,942 times, 1 visits today)