Secure Digital or (SD) is a non-volatile memory card format for use in portable devices. The Secure Digital standard is maintained by the SD Card Association (SDA). [http://en.wikipedia.org/wiki/Secure_Digital]
If you are running any of the following Joomla versions it might just be a matter of time before you too are hacked!
Port Knocking is a technique to secure services behind a firewall until a specific knock sequence is given. Once that sequence is given, the IP address that initiated the knock may be allowed to access the service for a short period of time. A knocking server listens to all traffic on an Ethernet (or PPP) interface, looking for special "knock" sequences of port-hits. A client makes these port-hits by sending a TCP (or UDP) packet to a port on the server.
This is a bit paranoid, but it add another layer of security, an attacker will have either to try all ports combinations or know the secret combination (knock) to be able to connect to your SSH daemon for example.
First, you’ll have to be sure to have a port knocking client, or you will be kick out forever of your own server!
and add depending on your Ubuntu version either
For Ubuntu 10.04 Lucid:
deb http://nginx.org/packages/ubuntu/ lucid nginx
deb-src http://nginx.org/packages/ubuntu/ lucid nginx
For Ubuntu 12.04 Precise:
deb http://nginx.org/packages/ubuntu/ precise nginx deb-src http://nginx.org/packages/ubuntu/ precise nginx
Now you can run
When using the public nginx repository for Ubuntu, you’ll get this error
W: GPG error: http://nginx.org lucid Release: The following signatures
couldn't be verified because the public key is not available: NO_PUBKEY ABF5BD827BD9BF62
First of all this is only warning and you can ignore it, if you know what are you doing and in case you prefer to add public key, used for signing packages and repository, just run:
gpg -a --export 7BD9BF62 | sudo apt-key add -
wget http://nginx.org/packages/keys/nginx_signing.key cat nginx_signing.key | sudo apt-key add -
apt-get update should now run fine, however after running an
apt-get install nginx
you may still get this kind of error:
dpkg: error processing /var/cache/apt/archives/nginx_1.2.2-1~precise_amd64.deb (--unpack): trying to overwrite '/etc/logrotate.d/nginx', which is also in package nginx-common 1.1.19-1 dpkg-deb: error: subprocess paste was killed by signal (Broken pipe) Errors were encountered while processing: /var/cache/apt/archives/nginx_1.2.2-1~precise_amd64.deb
just remove nginx-common and retry
apt-get remove nginx-common
More at http://wiki.nginx.org/Install
# openssl genrsa -des3 -out server.key 1024Give a very lengthy key, and save it somewhere in a PGP file or TrueCrypt volume
# openssl rsa -in server.key -out server.key.unsecure
# openssl req -new -key server.key -out server.csrAttention enter the host from where the certificate will be use, since browser are matching content of certificate with host url.
# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
# cp server.key.unsecure /etc/httpd/ssl.key/server.key
# cp server.crt /etc/httpd/ssl.crt/server.crt
# chmod 400 /etc/httpd/ssl.key/server.key
# chmod 400 /etc/httpd/ssl.crt/server.crt
nginx (pronounced “engine-x”) is an open source Web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. It is licensed under a BSD-like license and it runs on Unix, Linux, BSD variants, Mac OS X, Solaris, AIX and Microsoft Windows [WikiPedia]
These are my reusable settings for any Joomla hosting, these are the most secure, and fastest settings to the best of my knowledge.
My mind map you can use as a checklist to secure your Linux server and Joomla has a new home, it is now located at:
I will update it regularly with new tips and how-to. Your feedback is as always welcomed, you can use the comment thread below.
I am encountering strong spammings tentatives in my Wiki as well, that's why I decide to lock write changes to my WIki. This is how You can also do it.
Open LocalSettings.php and set a new key
$wgReadOnlyFile like this
The value must be the name of of a file, then put the reason for the lock inside the file using the wikipedia notation
'''I've block my Wiki because of spammers! It will reopen as soon as I find a solution, if It annoy You can still contact me at http://www.waltercedric.com'''
The contents of the file will be displayed to anyone trying to edit the wiki.
Note that readonlyfile is not guaranteed to be absolutely safe; if you need to guarantee that MediaWiki will never write to the data, you need to do this on the database itself (e.g. revoke UPDATE,INSERT,DELETE from the wiki user, or put MySQL into read-only mode).
Privacy Statement | Copyright Notice | Licenses
© 1999-2012 Waltercedric.com. Designed by Cédric Walter. Sitemap
Reproduction without explicit permission is prohibited. All Rights Reserved. All photos remain copyright © their rightful owners. No copyright infringement is intended.
Disclaimer: The editor(s) reserve the right to edit any comments that are found to be abusive, offensive, contain profanity, serves as spam, is largely self-promotional, or displaying attempts to harbour irrelevant text links for any purpose.