ww.kr.ua | ww.kr.ua

How to hide the server application version

April 26, 2016 July 31, 2016 ww.kr.ua leave a comment

Hiding the version of the software used on the server is a good practice to confuse potential hackers. After all, knowing the version, for example, a web server, you can try to exploit a vulnerability that is relevant for this version.

And if the hacker does not know which version of software is used on the server, the selection of the vulnerability becomes a little more difficult. This page presents the parameters of some applications that allow you to hide the version and even the fact of using the service itself.
(Further…)

Installing php 7.0.5 on debian

April 25, 2016 August 16, 2016 ww.kr.ua 1 comment

While some put php 5.3 , getting it out of the grave, I decided not to lag behind the whole planet, where the sites are translated to the seventh version of php, which is so much praised on the Internet, including high speed, and installed it from the DotDeb repository today. I must say, the increase in speed is really noticeable. My websites and WordPress, and MODX began to fly yet. :) That's how I did the migration.

(Further…)

Enable http2 support on a server with nginx and Debian

April 20, 2016 September 15, 2016 ww.kr.ua leave a comment

HTTP / 2 is the second version of the http network protocol, which includes many different improvements. These include multiplexing requests (all requests can be processed in parallel), increased performance, header compression, etc.

HTTP / 2 has replaced SPDY, which has been discontinued.

Nginx supports the http / 2 protocol, starting with version 1.9.5. However, only version 1.6.2 is present in the stable release of Debian Jessie. Therefore, we will connect the backports repository to upgrade nginx to 1.9.10.
(Further…)

OCSP stapling on nginx with StartSSL certificate

April 09, 2016 April 09, 2016 ww.kr.ua leave a comment

OCSP protocol allows you to check the status of SSL certificate Online. When opening a site, the browser tries to contact the OCSP server and get information about this certificate. This affects the speed of operation, since the OCSP server can be much further than the server where the site is located.

(Further…)

OpenVPN connect application for Android

January 25, 2016 August 24, 2016 ww.kr.ua leave a comment

If you have a smartphone, then for sure you at least sometimes use public Wi-Fi access points. Often, they are not password protected. Yes, and if the administrator of this access point has set a password, it is still desirable to protect your traffic by encryption. Who knows how the owner of the access point can use the open information.

(Further…)

Deleting a user and his home directory

December 07, 2015 December 07, 2015 ww.kr.ua leave a comment

In the home folders of remote users can be stored vulnerable files, or shells and other vermin. Or just files that are wasting disk space. If all this trash is not needed, you should get rid of it. As a rule, this is done by the deluser --remove-home [username] command, but this action is not very convenient.

(Further…)

Compressing css and js files in the console using yui-compressor

November 04, 2015 November 04, 2015 ww.kr.ua leave a comment

A little distracted from the topic of server administration and using Debian to develop the site. :)

Compressing css and js files saves traffic. This is especially true for mobile phones, where the speed is usually low. In this, we can provide invaluable assistance to the yui-compressor, which is available for installation from Debian repositories.

(Further…)

Access to the server via ssh only for a specific group

November 03, 2015 November 03, 2015 ww.kr.ua leave a comment

SSH allows you to restrict access to the server only to users in a certain group. Without being its members, other users will not be able to log in to the server via ssh. This is a convenient opportunity to issue access rights only to those users who really need it.

(Further…)

Backup to Yandex.Disk via davfs

October 27, 2015 August 01, 2016 ww.kr.ua leave a comment

Backup is an important task that needs to be performed on any server where important data is located. It can be solved by various methods. For large systems, this is the appropriate software that can create backups without noticeable server latency.

(Further…)

Basic iptables configuration

October 26, 2015 August 12, 2016 ww.kr.ua leave a comment

One of the priorities after installing the system is to correctly configure iptables to filter traffic. The default policy allows everything that is not prohibited. This is not the most successful method in terms of security, because in this mode the server is exposed to intruders.

You can, for example, scan the ports open on the server. Based on this, it is possible to determine the services used, their version, the name and version of the operating system. Next - the selection of vulnerabilities to them. Or some icmp - messages can give extra information.

(Further…)