See the latest news in the software realm, as well as quick fixes and solutions for your own apps.
Information extracted from here.
Go to Forris DNS tab and make sure that “Use forwarding” is not checked, save.
Grab and convert the needed ssh certificate into Omnia. From /root :
<code>
wget https://www.digicert.com/CACerts/DigiCertECCSecureServerCA.crt
openssl x509 -inform der -in …
Read more →
Installing Wireless Access Point
Step 1: install Raspbian
Step 2: install necessary software and edit dhcp configuration
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install dnsmasq hostapd speedtest-cli
sudo systemctl stop dnsmasq
sudo systemctl stop hostapd
sudo nano /etc/dhcpcd.conf
Step 3: Insert …
Read more →
Kubernetes and its lite version – Minikube – are the traditional way of managing a group of docker containers.
They are not intuitive and it takes a while to feel comfortable using them.
Kubernetes may still be …
Read more →
ZAP seems like a very good tool for pen testing, but also for debugging HTTP requests between microservices.
The best thing is that it can be run with docker.
An example of setting it up as …
Read more →
This project -> https://plasma-mobile.org/nexus-5/ seems very interesting.
The technology does not seem mature yet, but there is certainly a lot of value in it.
Read more →
This is a good tutorial on starting with Kubernetes and a a fast way of deploying new applications into the cloud -> http://kubernetes.io/docs/hellonode/
Read more →
sudo iptables -A INPUT -p tcp -m tcp -m multiport ! –dports 80,443,22 -j DROP
Read more →
Yet another attack, related to ‘ragenergy’, has caused the website to be blacklisted by Google and FortiGuard.
It took a while to clean it up in my free time.
Useful tools: fail2ban, monit, nginx.
Read more →
It can be useful in certain cases to limit the frequency of certain request as described here.
Key code:
iptables -I INPUT -p tcp –dport 22 -i eth0 -m state –state NEW -m recent \
…
Read more →
Some South African IPs have been SYN flooding my website today.
The proposed solution was to enable SYN cookies in /etc/sysctl.conf:
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_max_syn_backlog=2048
net.ipv4.tcp_synack_retries=3
When one works over ssh, ‘sysctl -p /etc/sysctl.conf’ can be used to activate the changes.
Read more →
Short time after cleaning up the infection, the attacks renewed, bringing down the website on periodical basis.
After some digging, it looked like some Chinese based IPs were hitting xmlrpc.php on port 80 and brute forcing …
Read more →
Below steps are based on this article.
It is assumed that OpenVPN configuration files will be located under /etc/openvpn .
If you haven’t done it already, then install openvpn ‘opkg update’ followed by ‘opkg install openvpn-openssl’
scp …
Read more →