Web server tuning (apache and nginx)

Key points enable http2 & change mpm prefork to event php-fpm   Enable http2 On apache + prefork to event – https://techwombat.com/enable-http2-apache-ubuntu-16-04/ sudo add-apt-repository ppa:ondrej/apache2 sudo apt update sudo apt upgrade sudo apt install php7.0-fpm sudo a2enmod proxy_fcgi setenvif sudo a2enconf php7.0-fpm sudo a2dismod php7.0 sudo a2dismod mpm_prefork sudo a2enmod mpm_event sudo service apache2 restart sudo […]

Elasticsearch notes

Useful links Elasticdump – http://blog.ruanbekker.com/blog/2017/11/22/using-elasticdump-to-backup-elasticsearch-indexes-to-json/ sudo npm install n -g sudo n stable   https://www.digitalocean.com/community/tutorials/how-to-interact-with-data-in-elasticsearch-using-crud-operations Delete by time https://hobo.house/2016/02/18/how-to-manually-clean-indexes-from-elasticsearch/  

LC_CTYPE: cannot change locale

This happens all the times to me. Keeping a note here..   for Centos https://www.noreplied.com/how-to-fixed-cannot-change-locale-utf-8-error-in-centos-7/ cat ‘LC_CTYPE=”en_US.UTF-8″‘ >> /etc/environment For Ubuntu export LANGUAGE=en_US.UTF-8 export LANG=en_US.UTF-8 export LC_ALL=en_US.UTF-8 locale-gen en_US.UTF-8 dpkg-reconfigure locales ->> choose 149 and 3

Slow HTTP Dos Verify and mitigate

What it is https://en.wikipedia.org/wiki/Slowloris_(computer_security) Tools to check Slowloris : https://github.com/gkbrk/slowloris SlowHttpTest : https://github.com/shekyan/slowhttptest Mitigatation mod_qos apt-get update && apt-get -y install libapache2-mod-qos && a2enmod qos && /etc/init.d/apache2 restart * configuration file in /etc/apache2/mods-enabled/ mod_reqtimeout a2enmod reqtimeout && /etc/init.d/apache2 restart * configuration file in /etc/apache2/mods-enabled/

Securing apache

Some notes on securing apache.. A few key points Disable access to . Disable banner disabled PHP functions Slow dos mitigation (link) Disable access to . https://stackoverflow.com/questions/4352737/apache-configuration-regex-to-disable-access-to-files-directories-beginning-wit <filesmatch “^\.ht”> Order allow,deny Deny from all <filesmatch “^\.”> Order allow,deny Deny from all <directorymatch “^\.|\/\.”> Order allow,deny Deny from all Disable banner http://www.ducea.com/2006/06/15/apache-tips-tricks-hide-apache-software-version/ Usually found in /etc/apache/conf-enabled/security.conf […]

Easiest way to install ffmpeg on mac os

Just keeping reference. https://www.oodlestechnologies.com/blogs/Easiest-Way-To-Install-FFmpeg-On-Mac-OS-X /usr/bin/ruby -e “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)” https://gist.github.com/clayton/6196167 brew install ffmpeg –with-vpx –with-vorbis –with-libvorbis –with-vpx –with-vorbis –with-theora –with-libogg –with-libvorbis –with-gpl –with-version3 –with-nonfree –with-postproc –with-libaacplus –with-libass –with-libcelt –with-libfaac –with-libfdk-aac –with-libfreetype –with-libmp3lame –with-libopencore-amrnb –with-libopencore-amrwb –with-libopenjpeg –with-openssl –with-libopus –with-libschroedinger –with-libspeex –with-libtheora –with-libvo-aacenc –with-libvorbis –with-libvpx –with-libx264 –with-libxvid

Installing cuckoo sandbox on Mac OS

Cuckoo sandbox is an automated malware analysis system. Its does utilize virtualization engine to isolate malware execution and analysis. You will be given a web-interface, as well as CLI tools to communicate with cuckoo, such to upload, and reviewing all reports. I’ve found a complete tutorial on this. http://advancedmalwareprotection.blogspot.com/2012/03/installing-cuckoo-on-max-os-x-lion.html Hope this would help anyone to […]

wp-login.php brute force

Lately my server is receiving many request for wordpress brute-force attempts. Some of them do slow us down. The server resources were just wasted for the request. So, some searches got me to this site, which provide a good mod_security config to block this attack for a short period. http://www.frameloss.org/2011/07/29/stopping-brute-force-logins-against-wordpress/ This is just a snippet, […]