Skip to main content

How to create a self-signed certificate

Create a self-signed certificate with two commands. It may be useful to administer the site via https, for example.

1. Create a key.

  # openssl genrsa -out server.key 2048 

2. Create a certificate. The domain example.com should be replaced with yours.

  # openssl req -new -x509 -key server.key -out server.crt -days 3650 -subj /CN=example.com 


Scrolling the page by clicking on the mouse scroll in Iceweasel

When using iceweasel, I found a very unpleasant moment: if you click on the scroll wheel on a mouse in an arbitrary place on the page of any site, then instead of displaying the scroll icon, a page is opened in a new tab.

This problem is solved as follows. You need to open the about: config page in your browser, find the general.AutoScroll parameter and set it to true .



Multiple requests to xmlrpc.php in WordPress

Today I looked into the access-log of one site for WordPress and found many requests of this kind:

  1.234.83.77 - - [05 / Sep / 2014: 12: 07: 01 +0600] "POST /xmlrpc.php HTTP / 1.1" 200 441 "-" "Mozilla / 4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA ; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022) "
 1.234.83.77 - - [05 / Sep / 2014: 12: 07: 01 +0600] "POST /xmlrpc.php HTTP / 1.1" 200 441 "-" "Mozilla / 4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA ; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022) "
 1.234.83.77 - - [05 / Sep / 2014: 12: 07: 02 +0600] "POST /xmlrpc.php HTTP / 1.1" 200 441 "-" "Mozilla / 4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA ; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022) "
 1.234.83.77 - - [05 / Sep / 2014: 12: 07: 02 +0600] "POST /xmlrpc.php HTTP / 1.1" 200 441 "-" "Mozilla / 4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA ; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022) " 

Judging by the results of Google, there is some kind of exploit related to this file - xmlrpc.php. In one article in English it was said, as I understood, relying on my poor knowledge of the given language :), about the possibility of organizing the password selection. True, so far I have not noticed the consequences, but it is better to take action in advance. :)

(Further…)

Forward Secrecy for nginx

In today's world, data encryption is not just a whim, but a direct necessity. In particular, encrypting http traffic is of great importance for all sites where any personal data is processed. And also to protect against mitm attacks.

Thus, the use of Forward Secrecy on web servers becomes mandatory for each site that works using the https protocol and allows you to improve the strength of information encryption.

Forward secrecy can be properly configured in nginx.
(Further…)

Ssh key authentication with putty on windows

Authentication in ssh by key has several advantages. First, the convenience. You can have several servers and one key. It is not necessary to enter the password from the server you need each time, which will save time. Secondly, it is safe. You can disable password authentication and ssh will be protected from brute force.

In this article we will analyze work with Putty on Windows. For it there is a handy utility - pgagent, capable of booting automatically when the OS starts, and storing a private key in memory. It can be used not only for Putty, but also for Filezilla.

(Further…)