Tech geek. Life geek.

Category: Web & Network (Page 1 of 37)

CDN compare: Azure vs Cloudfront vs BelugaCDN

It is a test of the speed from CDN Edge servers to the multi-locations. It is very important the signal for the real experience of the users.

Let me see how I implement the tests.

  • I created two endpoints on the Azure CDN, on Microsoft CDN and Akamai CDN.
  • I created a CloudFront distribution on Amazon CloudFront.
  • I created a CDN property on BelugaCDN.

All these four CDN settings pointed to a custom origin of one of my sites, which hosted on DigitalOcean.

The file I used for testing is a JPG file, an image file.

The testing tool is provided by KeyCDN performance tool.

I run at least two tests to make sure most of the testing server can get the JPG file from the cache of the Edge server(CDN), not back to the origin server.

 

Azure CDN: Standard Microsoft Tier

Standard Microsoft Tier CDN

 

The results are base on the 14 tests from different locations globally. I care about the TTFB much more than others.

What is TTFB

TTFB, which stands for time to first byte, is the amount of time it takes from when a client makes an HTTP request to it receiving its first byte of data from the web server. TTFB is an important aspect of website optimization since the faster the TTFB, the faster the requested resource can start being delivered to the browser.

The time to first byte is made up of three separate components.

  • The time needed to send the HTTP request
  • The time needed for the server to process the request
  • The time needed for the server to send back the first byte of the response to the client

What is a good TTFB?

The time to first byte can vary greatly depending on what sort of content you are serving (static vs dynamic), your server’s configuration, etc. Therefore determining what is a good TTFB number is difficult to answer and is variable based on your situation. However, on average anything with a TTFB under 100 ms is fantastic. Anything between 200-500 ms is standard, between 500 ms – 1 s is less than ideal and anything greater than 1 s should likely be investigated further.

As mentioned, it should be noted that these times are average benchmarks, however do not apply to all websites. Depending on the type of content and complexity of the application it may be completely unavoidable that the TTFB is greater than 1 second

Continue reading

How to Protect Your Smartphone from Online Threats

Every day, hundreds of people have their smartphone hacked, exposing important data like contacts and even credit card details to criminals that prey upon poorly protected phones.

Whenever your phone connects to the internet, it is at risk from hacking by data thieves that target phones in particular, as they contain nearly all of our important information such as passwords, emails and even the login details to online banking apps.

Fortunately, there are a few steps anyone can take to protect their phones from harm and recover their data if their smartphone is damaged or locked my malicious software.

Use a Virtual Private Network App When Connected to Public Wi-Fi

When you are using public Wi-Fi, such as when you are at a hotel or café, your phone is at risk of being hacked by someone else using that network. Some data thieves are known to connect to these networks regularly in order to steal credit card information from shoppers and tourists.

Virtual Private Networks encrypt and conceal your web traffic, even when using a public Wi-Fi network. These services can also be used from home to protect your online shopping and browsing there, giving you extra peace of mind.

Use an App to Securely Back Up All of Your Smartphone’s Data

Sometimes when a phone is hacked, it can suddenly become corrupted and unusable, trapping your files like your phone numbers and personal photographs on the device. There are apps available that can back up data to an online cloud service, but sometimes they can be missing important and more recent files.

If you have data on a damaged or corrupted smartphone, there are services like mobile data recovery by Secure Data Recovery that can recover data from your device, sometimes even if it has been deleted by a hacking program.

Use a Password Manager to Encrypt and Generate Your Passwords

Our passwords are gatekeepers to a lot of our sensitive information such as emails and bank accounts. Too many people rely on using the same password, or maybe two or three, in order to log in to all their different accounts.

Password managers use encryption algorithms to generate complex passwords for you, and store them in a ‘digital safe’ in an app on your phone and online on a secure server. The password manager will auto-complete passwords on all your accounts, or they can be copy-and-pasted from the app to the login form. This means you have only one password to remember, the one that logs you into your password manager, and you can let it safely and securely do the rest.

We keep a large amount of sensitive data on our phones, and not just banking details and contact information. Your phone probably has hundreds of photos of friends and family, as well as pictures from social media accounts. This information needs to be protected, not just from theft, but also from accidents and problems with a smartphone’s components. With a few apps and the help of professionals, anyone can protect the data on their phone, and recover it if the worst happens.

Another Facebook security failure: millions of records leaked

540 million data records of Facebook users were compromised after third-party apps and sites stored the data on unsecured servers.

The leaked information included comments, likes, reactions, account names, and FB IDs, and some email addresses. The app called At The Pool even stored passwords of 22,000 users in plaintext.

Security expert tips: If you have used At The Pool, make sure you are not reusing the same password for any other accounts. All other Facebook users, beware of phishing attacks based on your account activity.

How to protect yourself

  • Don’t use third-party Facebook apps. These apps collect data on Facebook and deliver it to third parties who may not be secure. If you don’t want your private data showing up on unsecured servers, don’t use any third-party apps on Facebook.

  • Don’t use Facebook. This is a tough ask for many users, but the arguments for leaving Facebook are growing. With more and more data breaches and suspicious activities coming to light every month, more people are questioning whether this free service is worth it.

  • Reduce your Facebook activity levels. The less time you spend on Facebook and the less you do on their platform, the less they know about you. When creating or editing your account, don’t provide them with any more data than they need to provide their service.

Move Virtualbox VDI to Proxmox VE System

I have some Virtualbox virtual machine on my desktop. Now I have Proxmox VE 5.3-8 installed on a separate machine. So I would like to move the VM to Proxmox.

Let me list the existing installation.

  • My Desktop, Windows 10 Pro version 1809.
  • Virtualbox 6.0.4 r128413
  • Guest VM inside of Virtualbox is Ubuntu 18.04 with 1G memory and 20GB disk space.
  • Proxmox VE 5.3-8, VM and LXC are stored in the local-lvm

 

Step 1, Located the vdi file and convert it to RAW format

Virtualbox vdi file location

Check the settings of the virtual machine, storage, and located the location of the vdi file. Mine is in the d:\Virtualbox VM\

Then open a command prompt window, enter the following command to convert the vdi file to raw image file.

d:
cd "program files\oracle\virtualbox"
vboxmanage clonehd --format RAW "d"\virtualbox vm\ubuntu 18.04 (122)\ubuntu 18.04.vdi" d:\testing.img

After a while the new image file is ready. The time depends on the size of your VM. Maybe 10 minutes or half an hour.

Converting

Continue reading

Report the bad IP address to the AbuseIPDB

I have a VPS on DigitalOcean.  Web server is Nginx web server. I checked the web server log files, including an access log and error log.

The error log always gives information about the strange activities from some IP address.

2019/03/17 03:08:02 [error] 781#781: *140434 access forbidden by rule, client: 183.240.196.121, server: www.yinfor.com, request: "HEAD //com/.zip HTTP/1.1", host: "www.yinfor.com", referrer: "http://www.yinfor.com//com/.zip"
2019/03/17 03:08:04 [error] 781#781: *140451 access forbidden by rule, client: 183.240.196.121, server: www.yinfor.com, request: "HEAD //com/..zip HTTP/1.1", host: "www.yinfor.com", referrer: "http://www.yinfor.com//com/..zip"
2019/03/17 03:08:06 [error] 781#781: *140452 access forbidden by rule, client: 183.240.196.121, server: www.yinfor.com, request: "HEAD //www.yinfor.com/..zip HTTP/1.1", host: "www.yinfor.com", referrer: "http://www.yinfor.com//www.yinfor.com/..zip"
2019/03/17 03:08:07 [error] 781#781: *140453 access forbidden by rule, client: 183.240.196.121, server: www.yinfor.com, request: "HEAD //com/.rar HTTP/1.1", host: "www.yinfor.com", referrer: "http://www.yinfor.com//com/.rar"
2019/03/17 03:08:08 [error] 781#781: *140454 access forbidden by rule, client: 183.240.196.121, server: www.yinfor.com, request: "HEAD //com/..rar HTTP/1.1", host: "www.yinfor.com", referrer: "http://www.yinfor.com//com/..rar"
2019/03/17 03:08:10 [error] 781#781: *140456 access forbidden by rule, client: 183.240.196.121, server: www.yinfor.com, request: "HEAD //www.yinfor.com/..rar HTTP/1.1", host: "www.yinfor.com", referrer: "http://www.yinfor.com//www.yinfor.com/..rar"
2019/03/17 06:10:41 [error] 781#781: *145806 access forbidden by rule, client: 192.99.35.63, server: www.yinfor.com, request: "GET /wp-content/uploads/2019/03/settings_auto.php HTTP/1.1", host: "www.yinfor.com"
2019/03/17 13:21:35 [error] 781#781: *160016 access forbidden by rule, client: 139.99.121.91, server: www.yinfor.com, request: "GET /.htaccess?c=askjhGQVFcrwqevq&q=ZWNobyA0Mzc0NTc1NDc7 HTTP/1.1", host: "www.yinfor.com"
2019/03/17 13:22:21 [error] 781#781: *160124 access forbidden by rule, client: 139.99.121.91, server: www.yinfor.com, request: "GET /.well-known.zip HTTP/1.1", host: "www.yinfor.com"
2019/03/17 13:22:22 [error] 781#781: *160125 access forbidden by rule, client: 139.99.121.91, server: www.yinfor.com, request: "GET /.well-known.tar.gz HTTP/1.1", host: "www.yinfor.com"
2019/03/17 13:22:22 [error] 781#781: *160126 access forbidden by rule, client: 139.99.121.91, server: www.yinfor.com, request: "GET /.well-known.gz HTTP/1.1", host: "www.yinfor.com"

You can see the URL requested is so strange. Actually, I banned these IP address already. So the Nginx server recorded the access forbidden log.

I am not banning these IP address, but also want to report it to the AbusedIPDB.

When finding a bad IP address, I will sign in the AbuseIPDB site and report it.

Please enter the information of the behave and the details of the IP log.

 

AbuseIPDB is not just a reporting tool. The registered users can also use its API to check the IP if it is bad or spam IP. It works with Fail2Ban.

How to pass the Real IP Address of client to Nginx Server

I use a Nginx as  the reverse proxy. Here is the scenario.

The original server is Server A. The reverse proxy is Server B. Web users are browser the website through Server B.

Wikipedia

The web log of Server A just received the IP address of server B. All users are shared one remote address. It is Server B.

 

To pass the real IP address of client to the Web server, or server A.

  1. Set up on Server B.
    Let server B add the X-Forwarded-For header to the request. It is the real IP of users.
  2. Set up on Server A.
    Add following in to Nginx server block

    set_real_ip_from IP_Address_of_Server_B;
    real_ip_header X-Forwarded-For;

 

Continue reading

« Older posts

© 2020 David Yin's Blog

Theme by Anders NorenUp ↑