Introducing of two different examples to check your E-Mail-Server for an open relay.
Open relay is an E-Mail server configured in such a way that it allows anyone [Read more…]
Time Machine Backup to Samba
Time Machine is a backup utility developed by Apple. It is included in Mac OS X since MAC OS X version 10.5 alias “Leopard”. The software is designed to work with the Time Capsule as well as other internal or external drives.
Only with this trick [Read more…]
phpMyAdmin blowfish_secret
After login into phpMyAdmin panel I get this error message[1]
Everything work fine I can manage everything, but if security is important for you, you should look at the solution. [Read more…]
Knock Knock
SSH is by default very strong, and since a long time without critical bugs. It has strong protection against various hacks and known vulnerabilities. For instance SSH has a password retry wait time of (default) five seconds. This makes the time for brute force attacking an SSH-server very long and not effective. However, sometimes script-kiddies will fork their hacking program making multiple processes of the brute force attack. Sometimes they are able to fork it off upwards of 1000 attempts every 5 seconds. This drastically minimizes the time to crack short passwords.
I think SSH is secure enough, but there is always a way to make it more secure.
Install knock daemon:
1 | aptitude install knockd |
Hide PHP version
In order to do this, you need to do some sysdmin job:). I am going to specifically focus on Apache and PHP because I’m more of a LAMP user. If you use ASP on Microsofts IIS, I can’t help you (but hey!, Google is there to save your sunny day! :P)
Find your php.ini file in my case,
1 | vim /etc/php5/apache2/php.ini |
Look for the line that says: “expose_php On“
Change it to:
1 | expose_php Off |
Now our PHP is very silent
Note by PHP developer:
; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header). It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.