background preloader

Internet Health Report

Internet Health Report

isc Home | SANS Internet Storm Center; Cooperative Network Security Community - Internet Security Using suphp To Secure A Shared Server The challenge with securing a shared hosting server is how to secure the website from attack both from the outside and from the inside. PHP has built-in features to help, but ultimately it s the wrong place to address the problem. Apache has built-in features too, but the performance cost of these features is prohibitive. This has created a gap that a number of third-party solutions have attempted to fill. suphp: Running PHP As A Specified UserInstalling suphpConfiguring ApacheSome BenchmarksOther ConsiderationsConclusions suphp: Running PHP As A Specified User Like Apache’s own suexec, suphp is a solution that allows PHP to run as the user and group that owns any particular website on a shared hosting server. suphp consists of two components: mod_suphp, an Apache module that replaces mod_phpsuphp, a setuid binary that replaces Apache’s suexec It relies on PHP/CGI having been installed onto the server first. Installing suphp Download the suphp source code from the website. . Configuring Apache

Community Help | Generating a Certificate Signing Requ... To complete your online request form for an SSL, you need to generat a key pair and a Certificate Signing Request (CSR). Follow these instructions to generate them for your website. Java 2 SDK 1.2 or above must be installed before you can generate your CSR. Once installed, you can use the "keytool" command to create your key pair and CSR. To Generate the Key Pair For the purposes of this article, we are using PuTTY as our Secure Shell (SSH) client, and we are running Tomcat on a Linux based server. To log in to the server's terminal SSH, double click on your servers SSH client.Enter the Host Name (or IP address), and then the Port the server is using.Select SSH as the Connection type, and then click OpenAt the SSH prompt, enter the server's username, and then press Enter on your keyboard.Enter the server's password, and then press Enter. To Generate a CSR For more information on how to request a certificate in our online request form, see Request an SSL certificate

Community Help | SSL Certificate Renewal - Tomcat 4.x/... After we approve your certificate renewal request, you can download your SSL and intermediate certificate. For more information, see Downloading an SSL Certificate. You must install both files on your Web server. You can also download the intermediate certificate here. Follow the instructions below to download and install signed certificate and intermediate certificates on your Web server. Note that Java 2 SDK 1.2 or above must be installed as the following describes how to install a certificate using keytool. Installation Option One: Installing SSL Certificate and CA Bundle (gd_bundle.crt) Implementing a PKCS12 Keystore Before you install your SSL certificate you must download our root certificate bundle (repository. Use the following OpenSSL command to combine the ca bundle (gd_bundle.crt) and your SSL certificate: openssl pkcs12 -export -chain -CAfile gd_bundle.crt -in Updating the server.xml Configuration File Open the server.xml file. Restart Tomcat. Root: Installing SSL Certificate

Community Help | Installing an SSL Certificate in Tomc... When you request an SSL certificate, you must provide a Certificate Signing Request (CSR) from your server. The CSR includes your public key, and must contain the same details as the online request form in your account. After your request is vetted and your certificate is issued, download and install all of the provided files to complete the installation. These steps describe how to install a certificate using keytool, so you must have Java 2 SDK 1.2 or above installed on your server. Generating a Keystore and CSR in Tomcat Using Keytool, follow these steps to generate a keystore and CSR on your server. To Generate a Keystore and CSR in Tomcat Enter the following command into keytool to create a keystore:keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystoreEnter a Password. For more information about completing the online request form, see Request an SSL certificate. After you submit the application, we begin vetting your request. Installing Your SSL in Tomcat

Troubleshooting Memory and Networking Issues Many common issues with Linodes are caused by excessive memory consumption or networking configuration errors. This guide provides suggestions for alleviating these problems. When your VPS is running low on physical memory, it may start to "swap thrash." Determining Free Memory and Swap Activity You can use the following command to display memory use on your Linode: free -m You can use the following snippet to see a list of your running processes sorted by memory use: ps -eo pmem,pcpu,rss,vsize,args | sort -k 1 -r | less To see IO activity on your VPS, you may use the following command (you may need to install the sysstat package under Debian or Ubuntu first): iostat -d -x 2 5 This will give an extended device utilization report five times at two second intervals. MySQL Low-Memory Settings In your MySQL configuration file (typically found in /etc/mysql/my.cnf), change your entries for the various settings shown below to match the recommended values: skip-innodb Warning Apache 2 Low-Memory Settings

How to optimize subqueries and joins in MySQL at Xaprb I have written before about using joins instead of subqueries, especially for NOT IN queries, which can usually be rewritten as exclusion joins – sometimes with huge efficiency gains. In this article I’ll look more closely at the performance characteristics of a few queries I’ve optimized in MySQL 5.0.3. I’ll also show you some tricks you can use to get MySQL to optimize queries better when you know it’s being inefficient. Updates in a join I wrote recently about the theoretical problems caused by UPDATE statements with FROM clauses (Many-to-one problems in SQL). The application for this query is to update a table with aggregated clicks per day from a table of click-tracking data for online advertising. Since the tables are InnoDB, the clustered index is the primary key. For this article, I populated my tables with some pseudo-random data. Given a numbers table with at least 1,000 rows, here are scripts to populate the tables. Now that the tables are set up, I’ll move on to the queries.

Coder's Revolution: MySQL performance: INNER JOIN vs. sub-select I ran into an interesting behavior with MySQL this week. I was helping someone speed up a slow page and a sizable increase in performance was achieved by simply re-arranging the SQL statement. The page was calling a SQL statement inside of a loop-- probably around 150 times on a page load. My initial idea (and still the best long-term one I think) was to gather all the information from the database in a single cfquery and not hit the database over and over. [code]EXPLAIN SELECT * FROM my_table WHERE column = 'foo'[/code] I will start by saying the amount of information MySQL (community edition) gives you when compared to a much more robust (and expensive) DBMS is much smaller. [code]SELECT count(id) AS totalcount FROM table1 WHERE fkid IN (SELECT id FROM table2 WHERE fkid2 = 100)[/code] You can see it used a sub-select on table2 in the where clause to limit the records from table1. All I did was move the sub-select into an inner join.

New battery design could give electric vehicles a jolt A radically new approach to the design of batteries, developed by researchers at MIT, could provide a lightweight and inexpensive alternative to existing batteries for electric vehicles and the power grid. The technology could even make “refueling” such batteries as quick and easy as pumping gas into a conventional car. The new battery relies on an innovative architecture called a semi-solid flow cell, in which solid particles are suspended in a carrier liquid and pumped through the system. In this design, the battery’s active components — the positive and negative electrodes, or cathodes and anodes — are composed of particles suspended in a liquid electrolyte. The work was carried out by Mihai Duduta ’10 and graduate student Bryan Ho, under the leadership of professors of materials science W. The new design should make it possible to reduce the size and the cost of a complete battery system, including all of its structural support and connectors, to about half the current levels.