Please enable JavaScript to view this site.
InfoSec Weblog
Firewall Rules Against Bad TCP Settings
IPtables firewall rules - add protection against unusual (possibly malicious) TCP settings:
To add these rules, go to the command line and enter the following commands:
To add these rules, go to the command line and enter the following commands:
sudo iptables -A INPUT -p tcp -m tcp --tcp-flags
(cont'd)* posted by Robert on Sun, Jun 30, 2024
OPcache and Just In Time Compiler
PHP has a caching system called OPcache. Here's a little bit of background.
PHP translates human-readable code to machine code through interpretation (aka Implicit Compilation). The interpreted code is known as OPcode and is compiled and executed by the Zend Virtual Machine. Other methods (cont'd)
PHP translates human-readable code to machine code through interpretation (aka Implicit Compilation). The interpreted code is known as OPcode and is compiled and executed by the Zend Virtual Machine. Other methods (cont'd)
* posted by Robert on Wed, May 15, 2024
Anti-Adblock Script
Here is a simple script that detects whether your visitor is using an ad blocker. If one is detected, it asks the reader to consider pausing his ad block software.
The script creates a div with class names designed to bait the ad blocker. The script measures whether the div has been reduced (cont'd)
The script creates a div with class names designed to bait the ad blocker. The script measures whether the div has been reduced (cont'd)
* posted by Robert on Wed, Dec 07, 2022
Fail2Ban - Block SQL Injection Attacks
Apache mod_cache provides a nice activity log as described in the following post: Website Acceleration - Apache Caching.
sudo nano
(cont'd)* posted by Robert on Fri, Sep 02, 2022
Apache PageSpeed
Apache PageSpeed can be used for caching and website acceleration. It is easy to set up and administer.
The following website gives simple step-by-step instructions: HowtoForge (cont'd)
The following website gives simple step-by-step instructions: HowtoForge (cont'd)
* posted by Robert on Fri, Sep 02, 2022
Website Acceleration - Apache Caching
A website can be made faster by accelerating the delivery system. That can be accomplished by caching elements of the website in the server memory.
Enable the four following Apache modules and restart Apache:
Enable the four following Apache modules and restart Apache:
sudo a2enmod cache
sudo
(cont'd)sudo
* posted by Robert on Fri, Sep 02, 2022
Ipset - Block an IP Range
Sometimes you may find the need to block a range of IP addresses. I will use archive.org or the
wayback machineas an example. Archive.org ignores robot texts and makes copies of your website even when you ask them not to. Therefore, it becomes necessary to block them. Here's how you do (cont'd)
* posted by Robert on Thu, Aug 04, 2022
Upgrade to HTTP/2
Steps for upgrading from HTTP/1 to HTTP/2 for an Apache/Ubuntu server:
There are many good articles on the advantages of HTTP/2 over HTTP/1 and the Apache event MPM over the prefork MPM. I am simply going to list the steps for performing the upgrade.
Notes: 1) These steps involve (cont'd)
There are many good articles on the advantages of HTTP/2 over HTTP/1 and the Apache event MPM over the prefork MPM. I am simply going to list the steps for performing the upgrade.
Notes: 1) These steps involve (cont'd)
* posted by Robert on Tue, Aug 02, 2022
See Your Apache Server Status
See your Apache Server Status in real-time.
Apache has a built-in feature for monitoring the performance of your web servers. You can view such information as:
Apache has a built-in feature for monitoring the performance of your web servers. You can view such information as:
- Server uptime
- Server load
- Total traffic
- Incoming requests
- CPU
* posted by Robert on Fri, Jul 29, 2022
Apache mod_evasive - DoS Protection
Apache has a feature for combatting denial of service attacks. It's called mod_evasive and it monitors for excessive page hits by a single IP address.
Here is how you install it for a Debian/Ubuntu system:
Here is how you install it for a Debian/Ubuntu system:
sudo apt install
(cont'd)* posted by Robert on Thu, Jul 28, 2022
1 2
Site built and hosted by RJdesign.one