There are certain PHP configuration tat affect security features. The following recommended security configuration options is for production servers.
- register_globals set to off
- safe_mode set to off
- error_reporting set to off
- disable these functions: system(), exec(), passthru(), shell_exec(), proc_open(), and popen()
- open_basedir set for both the /tmp directory and the web root so that scripts cannot access files outside a selected area
- expose_php set to off
- allow_url_fopen set to off
Continue reading “How to config PHP to secure Web Server”
I installed Joomla 3.1.1 on a VPS. When I tried to use mass email, no matter what kind of mailer setting I put, I did not receive any email from it.
At last I tried SMTP settings with Gmail account.
1) Choose Mailer: SMTP
2) From email: firstname.lastname@example.org
3) From Name: Your Name
4) Sendmail Path: Just leave it as default
5) SMTP Authentication: Choose Yes
6) SMTP Security: SSL
7) SMTP Port: 465
8) SMTP Username: email@example.com
9) SMTP Password: the password of the email above
10) SMTP Host: smtp.gmail.com
Continue reading “Gmail Settings for Joomla 3.1.1”
Sometimes I need to flash the mother-board BIOS from DOS. Actually now I have not tools can boot the PC to DOS. There is no floppy disk driver on it. I can only make a DOS bootable USB disk to do the job.
So I have the USB disk on hand. It is 2GB, the smallest capacity one I have.
The method to make a bootable USB disk is a little bit different from the one I blogged 6 years ago.
1) Download flash tools – HP USB Disk Storage Format Tool (Please google it and find the download link by yourself)
2) Download DOS package , named Win98 boot. (Also try to google it)
3) Decompress these two file.
Continue reading “Make a bootable USB disk to flash MB BIOS”
After I upgrade my server from php 5.2 to php 5.3.3, I need XCache to accelerate my phpBB.
I did an installation from source. Then when I run command to check php version, it shew.
Continue reading “Install XCache 2.0.0 on CentOS 5.8 with PHP 5.3.3”
For testing purpose, I need a CentOS 6.3. So I download CentOS DVD image. Installed it in VirtualBox as web server.
Note: The network of guest system is using bridged, which allow the guest access internet, and also allow the computer in Lan can access the guest system.
The installation is simple, no problem. I would like to share my experience I met later.
1) Prepare the network
Only lo, or loopback is active. I can not access Internet from the CentOS.
eth0 is not showing when I run ifconfig command.
Continue reading “Prepare CentOS 6.3 within VirtualBox”
I have two monitor. Both are Acer. One is x223w, the other is AL1716.
Now I connected both of them to my computer. I have dual monitor working together side by side.
Left side is the main monitor, or monitor 1, through DVI port. The right monitor is monitor 2, or extended screen, through 15pin RGB port.
The effective of color are almost same.
I worked most time on left side. Playing video, reading reference doc, etc, on the right side.
Continue reading “Setup dual monitor for desktop”
I move one site to a new server with Windows 2003.
It is a MySQL database. I use PHP script to connect the database file and query it.
I run the same script more than 5 years on the old server. After I move it to new one, it gives me the error as subject.
I did a lot of Googling. Found the answer at this blog(the link is not working any more), but now it is not available. So, I quoted the most important part from the Google Cached page.
This is an sql-mode issue, the mode defines what SQL syntax should be supported and what kind of data validation should be performed. In my problem MySQL is trying to assign an empty string to an auto-increment INT field and, as we should all know, strings into INTs don’t go. Cue errors and the script dies.
Longer term I am going to have to re-work my code to fix this issue, but in the short term, I am going to reduce the sensitivity of the control. To lower the level of data validation we can set the sql-mode to a lower level or comment it out altogether.
Solution is below:
Edit the my.cnf (my.ini in windows) file and find and comment out the line:
Continue reading “Solved MySQL 5 – Incorrect integer value: ” for column ‘id’ at row 1″
The situation is WebPage was made by GBK encoding. GBK is one of the Chinese Encoding.
When the browser loading the page, it always return UTF-8.
It should be GBK.
I checked the head of the webpage.
Different browsers tested. All failed.
How to fix this problem and let the server feedback the GBK/GB2312 code?
Continue reading “How to enable GBK encoding”
OpenSSH is very popular SSH server. Widely used on different Linux distribution. I used it for many years on my VPS server. It is easy to use, but security is the top issue for any server. Here is the top 6 security settings for Open SSH server.
To make it safe and minimize the risk, change the default setting and make it more safe.
OpenSSH setting file is located:
1) Only Use SSH Protocol 2
SSH protocol version 1 (SSH-1) has man-in-the-middle attacks problems and security vulnerabilities. SSH-1 is obsolete and should be avoided at all cost. Open sshd_config file and make sure the following line exists:
2) Allow Only Specific Users or Groups (AllowUsers AllowGroups)
By default anybody who is authenticated successfully are allowed to login. Instead you can restrict which users (or groups) you allow to login to the system.
This is helpful when you have created several user accounts on the system, but want only few of them to login.
This is also helpful when you are using NIS, openLDAP (or some other external system) for authentication. Every user in your company might have account on NIS, OpenLDAP etc. But, on a specific server you want only few of them to login. For example, on production system you want only sysadmins to login.
Add the following entry to the sshd_config file to allow only specific users to login to the system. In the example below only ramesh, john and jason can login to this system. Usernames should be separated by space.
AllowUsers ramesh john jason
Add the following entry to the sshd_config file to allow only the users who belong to a specific group to login. In the exampe below only users who belong to sysadmin and dba group can login to the system.
AllowGroups sysadmin dba
Continue reading “OpenSSH server Security Top 6”
It is a big news yesterday.
WiFi WPS security vulnerability found, major router makers affected
Wi-Fi Protected Setup (WPS; originally Wi-Fi Simple Config) is a computing standard that attempts to allow easy establishment of a secure wireless home network, but has been shown to easily fall to brute-force attacks. vi wiki
The router affected including:
D-Link Systems, Inc.
So, disable your WiFi WPS first.
How to Disabling WPS on Belkin router
1. Open a web browser on the computer.
2. In the address bar of the web browser, type http://192.168.2.1
3. Click Login in the upper right-hand corner of the page. The router does not ship with a password, so just click Submit.
4. Click on Wi-Fi Protected Setup or WPS (depending on which router you own) under Wireless in the menu on the left.
5. Click on the drop-down menu at the top of the page and select Disabled.
6. Click the “Apply Changes” button.
Continue reading “Disable your WiFi WPS, security vulnerability found”