Monthly Archives: December 2015

+John Mueller Hi John, does the rating of the SSL certificate impact the ranking boost? For example does a A rating HTTPS SSL certificate give a bigger ranking boost than a B rating SSL certificate? Or as long as the SSL certificate is valid and comes from a good authority (green locker) there is no ranking boost difference on class A, A-, B, C certificates?
 Asked by Sergio Lo Porto[email protected]https://googlewebmastercentral.blogspot.ch/2015/12/indexing-https-pages-by-default.html

Indexing HTTPS pages by default

At Google, user security has always been a top priority. Over the years, we’ve worked hard to promote a more secure web and to provide a better browsing experience for users. Gmail, Google search, and YouTube have had secure connections for some time, and we also started giving a slight ranking boost to HTTPS URLs in search results last year. Browsing the web should be a private experience between the user and the website, and must not be subject to eavesdropping, man-in-the-middle attacks, or data modification. This is why we’ve been strongly promoting HTTPS everywhere.

As a natural continuation of this, today we’d like to announce that we’re adjusting our indexing system to look for more HTTPS pages. Specifically, we’ll start crawling HTTPS equivalents of HTTP pages, even when the former are not linked to from any page. When two URLs from the same domain appear to have the same content but are served over different protocol schemes, we’ll typically choose to index the HTTPS URL if:

  • It doesn’t contain insecure dependencies.
  • It isn’t blocked from crawling by robots.txt.
  • It doesn’t redirect users to or through an insecure HTTP page.
  • It doesn’t have a rel=”canonical” link to the HTTP page.
  • It doesn’t contain a noindex robots meta tag.
  • It doesn’t have on-host outlinks to HTTP URLs.
  • The sitemaps lists the HTTPS URL, or doesn’t list the HTTP version of the URL
  • The server has a valid TLS certificate.

Although our systems prefer the HTTPS version by default, you can also make this clearer for other search engines by redirecting your HTTP site to your HTTPS version and by implementing the HSTS header on your server.

We’re excited about taking another step forward in making the web more secure. By showing users HTTPS pages in our search results, we’re hoping to decrease the risk for users to browse a website over an insecure connection and making themselves vulnerable to content injection attacks. As usual, if you have any questions or comments, please let us know in the comments section below or in our webmaster help forums.

Source http://googlewebmastercentral.blogspot.ch/2015/12/indexing-https-pages-by-default.html

A Secret Catalogue of Government Gear for Spying on Your Cellphone

TSSC_CatalogueCTA_01_thumb

The Intercept is a Fearless, adversarial journalism.
Today they released a article named

A Secret Catalogue of Government Gear for Spying on Your Cellphone

I’m really not into this kinda sh*ts but we need to know what the fuck is going on around us.

More readings

How to intercept mobile communications (calls and messages) easily without hacking

https://theintercept.com/document/2015/12/17/government-cellphone-surveillance-catalogue/
http://www.wired.com/2015/10/stingray-government-spy-tools-can-record-calls-new-documents-confirm/
https://oversight.house.gov/wp-content/uploads/2015/10/15-3959-S2-DHS-Signed-Policy-Directive-047-02-Use-of-Cell-Site-Simulator-Tech.pdf
http://www.wired.com/1996/02/catching/

 

fatal: no matching mac found

One of my clients was trying to connect, for the first time, on his brand new server..
Somehow he wasn’t able to connect….

He showed me the following *log/report*…

Status:    Waiting to retry...
Status:    Connecting to 37.XX.XX.XX...
Response:  fzSftp started
Command:   open "[email protected]" 22
Error:     Server unexpectedly closed network connection
Error:     Could not connect to server

and this is the auth.log on the server…

fatal: no matching mac found: client hmac-sha1,hmac-sha1-96,hmac-md5 server [email protected],hmac-sha2-256-$

Solution?
Update the SFTP client – in this case filezilla -.

Readings?
https://forum.filezilla-project.org/viewtopic.php?t=31738
https://en.wikibooks.org/wiki/OpenSSH/Logging

nginx – avoid 501 and 502 nginx errors

This are my settings on /etc/php5/fpm/pool.d/www.conf to avoid 501 and 502 nginx errors… on CentOS 7 location of www.conf is at /etc/php-fpm.d/.
The server has 16Gb RAM. This configuration is for a 8Gb RAM server so…

pm.max_children = 70
pm.start_servers = 20
pm.min_spare_servers = 20
pm.max_spare_servers = 35
pm.max_requests = 500

Sources & more readings
http://myshell.co.uk/blog/2012/07/adjusting-child-processes-for-php-fpm-nginx/
http://jeremymarc.github.io/2013/04/22/nginx-and-php-fpm-for-performance/