security

Home/Tag:security

Let’s encrypt your server / (Bitnami Product Stack) – Updated!

I changed this tutorial on 2016-01-26 as I recognized, I missed to mention one of the config files, where you have to add the certificat files, too. The tutorial works with the final version of Let's encrypt, even when written in Beta phase. As I just wrote in a blog post before, Let's encrypt

Let’s Encrypt is Trusted

Let´s encryptMit dem 19. Oktober werden die Zertifikate von Let´s Encrypt nun in allen wichtigen Browsern als vertrauenswürdig akzeptiert. Damit ist der Grundstein gelegt um eine weite Verbreitung finden zu können. Einige Jahre lang verwende ich nun schon Zertifikate von Startssl oder aber CAcert. Leider haben sich die Anbieter nie wirklich etablieren können. Mit Let´s Encrypt sehe

Detecting PHP email spam scripts on your server

In this article I am describing how to identify PHP scripts that are being used for email spamming through a Postfix mail server on an Debian based server. I just recognized last week an unnormal high workload on my server, causing the fast-cgi PHP instances not working well anymore. There was a noticeable delivery of HTTP 500 error

Information about mail sending PHP scripts

To be enabled to gather information about PHP emailing scripts on your server, you can add two lines to your main php.ini: [crayon-592a201ed1521669728570/] Restart your webserver after changing the php.ini. First parameter is adding a "X-PHP-Originating-Script:" information to the mail header, stating the user name an script name sending the mail. The second one is

Bash shell vulnerable – ShellShock

Currently a new bug, named ShellShock, was announced as CVE-2014-6271 in the National Vulnerability Database. It might be even more dangerous than the SSL bug "Heartbleed" that occured some month ago. An overview, according to the web site: GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote