SHIT!
There’s a security update on iOS and iTunes CAN’T FIND IT FOR ME!
Why? ’cause I’m Portuguese?!
SHIT!
There’s a security update on iOS and iTunes CAN’T FIND IT FOR ME!
Why? ’cause I’m Portuguese?!
https://www.thefanclub.co.za/how-to/how-secure-ubuntu-1604-lts-server-part-1-basics
https://www.digitalocean.com/community/tutorials/ufw-essentials-common-firewall-rules-and-commands
Other readings…
http://askubuntu.com/questions/54771/potential-ufw-and-fail2ban-conflicts
Forbidden
You don’t have permission to access /galleries/ on this server.
Ubuntu 15.04
Apache/2.4.10 (Ubuntu)
nano /etc/apache2/conf-enabled/security.conf
On ServerTokens uncomment the line with ServerTokens Prod or add it.
Uncomment the ServerSignature Off entry or add it.
I guess that by default they are disabled, but in any case you can remove it by editing the php.ini and set expose_php to off.
sudo nano /etc/php5/apache2/php.ini
Ubuntu CIS Benchmark
This document provides prescriptive guidance for establishing a secure configuration posture for Ubuntu 12.04 LTS Server. To obtain the latest version of this guide, please visit http://benchmarks.cisecurity.org. If you have questions, comments, or have identified ways to improve this guide, please write us at [email protected].
https://benchmarks.cisecurity.org/tools2/ubuntu/CIS_Ubuntu_12.04_LTS_Server_Benchmark_v1.0.0.pdf
Apache CIS Benchmark
This document, CIS Apache 2.4 Benchmark, provides prescriptive guidance for establishing a secure configuration posture for Apache Web Server versions 2.4 running on Linux. This guide was tested against Apache Web Server 2.4.3 – 2.4.6 as built from source httpd-2.4.x.tar.gz from http://httpd.apache.org/ on Linux. To obtain the latest version of this guide, please visit http://benchmarks.cisecurity.org. If you have questions, comments, or have identified ways to improve this guide, please write us at [email protected].
https://benchmarks.cisecurity.org/tools2/apache/CIS_Apache_HTTP_Server_2.4_Benchmark_v1.1.0.pdf
Got it from http://askubuntu.com/questions/447144/basic-security-tools-and-packages-that-should-be-installed-on-a-public-facing-we
Access can be allowed or denied by the IP address of a client or by using the HTTP basic authentication.To allow or deny access from a certain set of addresses, or all addresses, use the allow and deny directives:
location / {
allow 192.168.1.1/24;
allow 127.0.0.1;
deny 192.168.1.2;
deny all;
}
Copy&Past from http://nginx.com/resources/admin-guide/restricting-access/
I run several WP blogs/sites… for me and for my clients…
3 of my WP blogs get 1.5K users per day… they aren’t huge, but they might get some extra attention to hackers…
Wordpress this days had some huge security vulnerabilities – WordPress itself and well known plugins like JetPack!…
One of my clients use Infinite WP.
I might try this out!
One Master Login
One-click access to all your WordPress dashboards. Forget your passwords once and for all.
|
One-click updates
Click the Update All button like a Boss and update everything – WP core, plugins and themes.
|
Instant Backup & Restore
Create backups of all your WordPress sites simultaneously. Restore backups instantly.
|
Manage Plugins & Themes
Activate, Deactivate and delete plugins and themes in bulk. Bulk install favorite plugins with a single click.
|
On your wordpress you need to install InfinityWP plugin.
After install and activate it, you will see a screen like this…
Hit the Copy details and, from your WP you are done.
On you Infinity WP, on the left bottom you will see a Add Website bottom. Hit it!
Now, just Past the codes copied from your WordPress blog… 🙂
Repeat this for all your blogs! 🙂
DigitalOcean has posted a nice post about how to create a AppArmor profile for nginx on Ubuntu 14.04.
Nir Goldshlager, a security researcher from Salesforce.com’s product security team, has discovered an XML vulnerability that impacts the popular website platforms WordPress and Drupal.
The vulnerability uses a well-known XML Quadratic Blowup Attack — and when executed, it can take down an entire website or server almost instantly.
WordPress and Drupal are used by millions of websites. The latest statistics from the World Wide Web Consortium (WC3) show WordPress alone powers nearly 23% of the web.
http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/
Upon receipt of a valid search warrant, Apple can extract certain categories of active data from passcode locked iOS devices. Specifically, the user generated active files on an iOS device that are contained in Apple’s native apps and for which the data is not encrypted using the passcode (“user generated active files”), can be extracted and provided to law enforcement on external media. Apple can perform this data extraction process on iOS devices running iOS 4 or more recent versions of iOS. Please note the only categories of user generated active files that can be provided to law enforcement, pursuant to a valid search warrant, are: SMS, photos, videos, contacts, audio recording, and call history. Apple cannot provide: email, calendar entries, or any third-party App data.
By exploiting bugs in Google Chrome, malicious sites can activate your microphone, and listen in on anything said around your computer, even after you’ve left those sites.
Even when not using your computer – conversations, meetings and phone calls next to your computer may be recorded and compromised.