Posts Tagged ‘website’

« Older Entries
Newer Entries »

Protect NGINX webserver with password – Nginx basic HTTP htaccess authentication

Tuesday, December 2nd, 2014

Protect-nginx-webserver-with-password_migrate_apache_password_protect_to_Nginx_basic_HTTP_htaccess_authentication
If you're migrating a website from Apache Webserver to Nginx to boost performance and better Utilize your servers hardware and the websites (Virtualhosts) has sections with implemented Apache .htaccess / .htaccess password authentication, you will have to migrate also Apache directory password protection to Nginx.

This is not a hard task as NginX's password protection uses same password format as Apache and Nginx password protection files are generated with standard htpasswd part of apache2-utils package (on Debian / Ubuntu servers) and httpd-tools on CentOS / Fedora / RHEL. If you're migrating the Apache websites to Nginx on a fresh new installed server and website developers are missing htpasswd tool to install it depending on Linux distro:

On Debian / Ubuntu deb based servers, install htpasswd with:

apt-get install –yes apache2-utils


On CentOS / Fedora … other RPM based servers:

 

yum -y install httpd-tools

Once installed if you need to protect new section site still being in development with password with Nginx, do it as usual with htpasswd
 

htpasswd -c /home/site/nginx-websitecom/.htpaswd admin


Note that if .htpasswd file has already exist and has other user records, to not overwritted multiple users / passes and  let all users in file login to Nginx HTTP auth with separate passwords, do:

htpasswd /var/www/nginx-websietcom/.htpasswd elijah


Now open config file of Nginx Vhost and modify it to include configuration like this:

 

server {
       listen 80;
       server_name www.nginx-website.com nginx-website.com;
       root /var/www/www.nginx-website.com/www;
[…]
       location /test {
                auth_basic "Restricted";
                auth_basic_user_file /var/www/www.example.com/.htpasswd;
       }
[…]
}


Do it for as many Vhosts as you have and to make the new settings take affect restart Nginx:

/etc/init.d/nginx restart

Enjoy 🙂

Tags: , , , , , , , , ,
Posted in Linux, Nginx, Various, Web and CMS | 3 Comments »

Optimize WordPress Pictures with EWWW Image Optimizer, Async JS and CSS and Autoptimize for better Search Engine Ranking

Tuesday, December 9th, 2014

 


wordpress-ewww-image-optimizer_settings_screenshot-plugin-seo-for-images-wp_3

While optimizing picture performance with console tools optipng, jpegoptin, jpegtran, pngcrush (could save you a lot of server space and make pictures downloads faster (and hence increase your website responsiveness and SEO – check out), still for Blogs and WebSites based on WordPress its not worthy to loose time with console acrobatics but simply use EWWW Image Optimizer to Optimize all old or new uploaded Images.

To work EWWW Image Optimizer needs jpegtran, optipng, pngout and gifsicle to be installed on the Linux / BSD server. EWWW Image Optimizer can load the command line tools also from a Cloud, if a cloud service is running on the server. Once installed the plugin does scan all the imported WordPress Media files and can be run to optimize picture files on present blog psot / pages.

EWWW Image Opitimizer plugin does a good job in reducing file size on  NextGEN, GRAND FlAGallery galleries.

wordpress-ewww-image-optimizer_settings_screenshot-plugin-seo-for-images-wp

Here is how EWWW Image Optimizer works taken from plugin's website:
How are JPGs optimized?

Lossless optimization is done with the command jpegtran -copy all -optimize -progressive -outfile optimized-file original-file. Optionally, the -copy switch gets the 'none' parameter if you choose to strip metadata from your JPGs on the options page. Lossy optimization is done using the outstanding JPEGmini utility.
It is better if the server has not the jpegtran, pngout, gifsicle utilities installed as the plugin provides an uptodate static compiled Linux binaries.

How are PNGs optimized?

There are three parts (and all are optional). First, using the command pngquant original-file, then using the commands pngout-static -s2 original-file and optipng -o2 original-file. You can adjust the optimization levels for both tools on the settings page. Optipng is an automated derivative of pngcrush, which is another widely used png optimization utility.

How are GIFs optimized?

Using the command gifsicle -b -O3 –careful original file. This is particularly useful for animated GIFs, and can also streamline your color palette. That said, if your GIF is not animated, you should strongly consider converting it to a PNG. PNG files are almost always smaller, they just don't do animations. The following command would do this for you on a Linux system with imagemagickconvert somefile.gif somefile.png

wordpress-ewww-image-optimizer_settings_screenshot-plugin-seo-for-images-wp

Some othe plugins that could strenghten your WordPress Search Engine Optimization ranking worthy to check are:
 

  • Async JS and CSS
     

Most importantly plugin solves "Render-blocking JavaScript and CSS" warning shown during site audit with  Google Developers PageSpeed InsightBy the way Google PageSpeed Insight is a precious tool so I recommend you check if you already haven't, Google's suggestions could often double or triple daily site visitors 

What Async JS and CSS does is:

Converts render-blocking CSS and JS files into NON-render-blocking, improving performance of web page

async_js_and_css_wordpress-plugin_configuration_menu

The plugin makes ALL scripts loaded by other plugins to be loaded in asynchronous. All CSS files will be inserted inline into the document code or moved from the document beginning to the end, just before closing BODY tag (or just where you placed wp_foot() function). There are various methods to do that via plugin configuration page.
 

  • Autoptimize

     

     

     

    Wordpress-Autoptimize-screenshot-a-plugin-to-minify-wordpress-html-js-and-css-scripts

Autoptimize speeds up your website and helps you save bandwidth by aggregating and minimizing JS, CSS and HTML.

What does the plugin do to help speed up site?

It concatenates all scripts and styles, minifies and compresses them, adds expires headers, caches them, and moves styles to the page head, and scripts to the footer. It also minifies the HTML code itself, making your page really lightweight. Autoptimize is very much like WP Mnify (CSS / JS) minifaction WP plugin. The only difference and reason why you might want to use WP Mnify is it does HTML minification – something that WP Minify does not. Both plugins play nice together the only thing to be careful is not to configure CSS / JS minification in both Autoptimize and WP Minifyas this might slower instead of fasten the WP site.

A great bunch of other useful WP plugins to make a WordPress Blog friendly to Search Engines is here.

Tags: , , , , , , , , , , , , , , , , , , , , ,
Posted in Everyday Life, System Administration, Various, Web and CMS, Wordpress | 1 Comment »

How to improve your web browser security – Better securing your personal identity privacy on the Net

Monday, August 2nd, 2010

improve-browser-security-howto-improve-firefox-chrome-security
Nowadays internet privacy has become a taboo. Many people do understand how vital is it to protect your privacy online.
Unfortunately not much has done much in order to improve their state of security whilst on the net.
In this article you’re about to find out how trusted and secure is the browsing in the Internet and next to it you will find some possibleways and thoughts how you can improve your personal privacy and the amount of information your browser reveals about your (habits, interestest, and, lifestyle) while surfing online.
There are a lot of private information that can leak through a simple web serarch, let’s say you decide to search for some kind of sickness and it’s treatment.. just few minutes later the paid advertisement popping up will be showing up targetting ads related to your previous sickness google search.
This is tiny bit of information your browser reveals, however there is much much more. So let me give you a few more examples:
Let’s say you visit a website with an Adobe Flash browser player enabled. It’s very likely that the website will have flash advertisement this popular this day. If that is the scenario it’s very likely that the flash application is built to use тхе so called flash cookies supported.
You might have never heard about flash cookies but anyways this one of cookies are one of the most malicious cookies ever invented.
One of the main reason they’re so dubious is the fact THEY NEVER EXPIRE!
Though as with normal cookies flash cookies are used for storing user details, let’s say your profile details or settings concerning your youtube video player etc. and this sound nice, market guys use the same features to track what you do online.
Using flash cookies for instance everybody who cratefted a specific adobe flash page is able to list your flash cookies stored browser history!
To partly setup the behaviour of your Flash player and change the defailt flash player settings for good use the flashplayer settings manager

It’s really odd that the only way to configure flash is to configure it via adobe’s webpage this is much sneaky since, God only knows what kind of information as well probably your whole flash browser history and flash cookies is being sent Adobe for later analysis.
Moreover the flash player is a propriatary software and this makes it even more likely to have included some extra spying software and stuff alike ..

To see all the stored information by flash about a websites you have visited check out:

flashplayer settings manager

Honestly I was quite shocked when I saw many websites I have visited for the rest 1.5+ year listed.

From hence since we know how “evil” flash storage manager cookies are, one sure step to increase your browser privacy is to periodically get rid of Flash Storage (Flash Cookies).
To achieve periodical flash cookies wipe out on Linux, below I provide you with a tiny .tcsh script which is tested and is working on Debian and Ubuntu. Get rid of Local Flash Storage shell script for Linux
(Stores data of the websites you have visited using your browser flash player)

To check your general Browser security The Electronic Frontier Foundation has developed a special website to test your browser anonymity visit penoptickclick.eff.org and click the > TEST ME button

In my case all my installed browser plugins were listed as well many information related to what kind of browser I use the version on the architecture I’m running on etc. etc.
Thereafter navigate to about:config and set the variable dom.storage.enabled to false . This will completely disable the DOM cookies which by the way never expire!
DOM cookies aren’t so widely used yet but still it’s possible that some websites online has stareted using them, since they’re completely junky and bad designed for instance DOM a cookie can contant up to (100KB) of information. then it’s best that you disable them completely.
Another recommendable thing to disable on your Iceweasel / Firefox that will tighten up your security is the keyword.enabled variable click twice on it and assure yourself it reads false
Disabling it will prevent the google word suggest to appear each time you type something in Google search box, albeit not every character you type will be sent to Google.

Also a really nice worthy reading is the article explaining dom cookies
Take some time and read it to get a better idea on DOM cookies what they are and why you don’t want them.
Likewise take a look at Flash Cookie Forensics for a bit more insight on the flash cookies

After reading the article about flash cookies, I came to the conclusion that maybe it’s best that they’re completely enabled. Anyways if they’re disabled then many websites won’t work properly which is something we don’t want.
It’s rather strange that the only available way to control your flash and disable the flash cookies is via Flashplayer Web Based Setting Manager
Since it’s “Web Based Manager” and it is hosted on Adobe’s web site this probably means that everything you do through it gets logged by Adobe, not so nice (neither secure) heh ..

It’s recommended also to install and configure the following list of extra Firefox plugins to ensure a bit more Anonimity while surfing on the Internet.

  • Adblock Plus
  • AntiSocial
  • BeeFree
  • Beef Taco
  • BetterPrivacy
  • DownloadHelper
  • Download Statusbar
  • Live HTTP Headers
  • No FB Tracking
  • NoScript
  • RefControl

Now configure AdBlock plus to work with EasyPrivacy+EasyList (by default it works only with EasyList).
To subscribe for ABP EasyPrivacy click here

BeeFree Mozilla Addon .
Is under the GNU GPL license and it helps you defend a bit more your privacy. It’s advantage use is to prevent search engines from knowing which links from their search results is most probably for you to check. Looks like a promising and great stuff
It is said in the add-on website that as a side effect of using the plugin it will probably increase your browser speed.
This post has highly adopted information from the Bulgarian Article by Anton Zinoviev, 2010 About your web browser and the inviolability of your personal life
Big thanks to Anton Zinoviev for the time and effort taken to research on the topic of browser security and write this wonderful thoroughful article.
To configure the BeeFree Firefox security tightening browser addon you will have to type in your browser URL address bar once again
about:config
Now you will have to look up for the following browser config keys:

extensions.beefree.websites.default.header.accept-charset.action
a
Set it’s value to be 2 e.g. extensions.beefree.websites.default.header.accept-charset.action = 2
Now look for the key value extensions.beefree.websites.default.header.accept-charset.value.text and set it’s value to:
*/*
Changing the extensions.beefree.websites.default.header.accept-charset.action = */* will make BeeFree compatible to some securing anti spam programs.
Last thing to do to complete the BeeFree configuration create the key value extensions.beefree.website.generic.header.useragent.action
To create this one press on a random key the last mouse button and select New -> Integer
The value for the newly created extensions.beefree.website.generic.header.useragent.action should be set to 4
Creating this key will instruct beefree to protect your browser from revealing it’s browser version variable.
Interesting to say each restart of the browser will make BeeFree to select a random Firefox Linux or Windows version, dependant of the OS type you use.

The AntiSocial addon will prevent your browser from revealing information to Facebook about your personal interests. It blocks the facebook elements which are being embedded to your browser by some websites.

No FB Tracking stops facebook of keeping an eye on you through the buttons “I like”. Using this buttons facebook can track you even if you’re not logged in or registered in the social network.

Installing all this plugins would take you time but considering the privacy is invaluable time shouldn’t be a concern of you.
Also some of the plugins like NoScript make take some time until you’re used to it but it’s worth to learn using it.
BetterPrivacy is able and will delete all flash cookies when your browser exits, this will prevent that some sites pry on you through the shitty flash cookies technology, this type of cookies NEVER EXPIRE! Hard to swallow but a fact …

In Linux this plugin is reported to work correctly however, in Windows there are dubious reports about it.
This is just a brief overview about how to improve your browsing privacy and therefore general personal data security, there is plenty much already red and said on topic, however I hope this could be some kind of basis for my dear reader for a later research on the topic.

Tags: , , , , , , , , , , , , , , ,
Posted in Computer Security, Linux, Linux and FreeBSD Desktop, Web and CMS | 4 Comments »

Flood Apache Benchmarking tutorial – How to do website performance analysis and tuning with flood and Apache 2

Tuesday, January 15th, 2008

a Good small pdf describing Apache Flood can be seen from Here Also in the Document are mentioned some interestent system status utilities :)END—–

Tags: , , , , ,
Posted in Computer Security, System Administration | No Comments »

Httpwatch a must have web developer and web hosting sysadmin Firefox / Internet Explorer / IPad / IPhone add-on

Monday, December 16th, 2013


Today a colleague of mine referred me to a wonderful Mozilla Firefox (Windows / Mac) plugin called HttpWatch.

HttpWatch is an HTTP sniffer for IE, Firefox, iPhone & iPad that provides new insights into how your website loads and performs.
The plugin is quite simple it shows you all requests from your Browser to remote server with plenty of Debug information (on the fly). You can see exactly the Commands sent over the HTTP protocol as well as returned request status responce from Web Server (i.e. 200, 300, 400). By knowing the status returned by webserver you can debug odd problems with website authentication as well as oddities caused by proxies you don't know about. Besides showing responce returned on web requests HttpWatch shows also hand-shake of session ID variables. This makes the plugin  precious for Web developers and System Administrators working in Web & Middleware (Linux / Windows based Web Hosting companies)  etc.

HttpWatch is also a must have plugin for anyone looking to optimize a website for speed or for fixingwebsite responce time bottleneck issues. The size of plugin is quite big as of time of writting about 18.2 Megabytes. HttpWatch comes with separate app installer like any other stand alone Windows application.  Unfortunately Httpwatch does not have a version for GNU / Linux. Linux users could use HTTPFox, Google Chrome Developer tools or
Firebug.

Once you have plugin installed to check what's happening with a website access in (Firefox) select Tools -> HttpWatch. You will get a bottom screen new window with deug info.

httpwatch debugging accessed website information - web browser tool to optimize your website

Here is list of some of the many things for which plugin is useful;

  • Records HTTP
  • Decrypts HTTPS Traffic
  • Integrates with Internet Explorer & Firefox
  • Supports the SPDY Protocol in Firefox
  • Standalone Log File Viewer
  • Summary of Recorded Traffic
  • Grouping of Requests by Page
  • Collect Log Files From Your Customers
  • Request Level Time Charts
  • Real-Time Page Level Time Charts
  • Page Events
  • Detects Potential Problems
  • Customizable Data Columns
  • Data Tips
  • Automation Support
  • Advanced Filtering
  • Millisecond Level Timing
  • HTTP Compression
  • Network Level Performance Data
  • Extended Cookie Information
  • Shows Interaction with Browser Cache
  • Raw HTTP Streams
  • Export Data to CSV, HAR and XML
  • Import HAR files
  • Customizable CSV Export
  • Keyboard Accelerators
  • Access to Cached and Downloaded Content
  • Accurately Records Requests and Responses
  • Automatic Recording and Saving

Finally HttpWatch is a plugin to have next to Yahoo's YSlow, FasterfoxFireBug and Firefox's Web Developer plugin

Tags: , , , , , , , , , , ,
Posted in Everyday Life, Various, Web and CMS | 1 Comment »

How to add a new MySQL user to have INSERT,UPDATE,DELETE permissions to a Database

Tuesday, October 25th, 2011

I needed to add a newly created MySQL user with no access to any database with no special permissions (user is created from phpmyadmin) with some permissions to a specific database which is used for the operation of a website, here are the MySQL CLI client commands I issued to make it work:

# mysql -u root -p
mysql> GRANT ALL ON Sql_User_DB.* TO Sql_User@localhost;
mysql> FLUSH PRIVILEGES;

Where in the Example Sql_User_DB is my example database to which the user is granted access and my sample user is Sql_User .
Note that without FLUSH PRIVILEGES; new privileges might not be active. 

To test further if all is fine login with Sql_User and try to list database tables.

$ mysql -u Sql_User -p
password:
mysql> USE Sql_User_DB;
mysql> SHOW TABLES;
...

Tags: , , , , , , , , , , , , , , , , , , , ,
Posted in Linux, MySQL, System Administration, Various, Web and CMS | No Comments »

Lastpass – store and manage website passwords plugin for Firefox

Wednesday, November 21st, 2012

lastpass entry screen firefox browser screenshot picture
Lastpass is a handy plugin allowing you to save and manage website passwords. As with other password manager programs, it is necessery to set one Master password which allows you to view all other website login passwords. Of course for people very concerned of security LastPass might not be the best choice, as it can reveal a possible malicious person all passwords by stealing just one. Besides that lastpass plugin sends and stores password on lastpass.com, so anyone who might hack into their server will get your account details and password. Anyways, still for the casual web user which is very lazy and less security concerned it nice.

As I see on the Lastpass's website it even was mentioned in Forbes  Business Magazine 🙂

The quickest way to install it in Firefox is to follow menus:

Tools -> Add ons -> Search (type lastpass) and click Install

After the usual browser install the plugin loads up, it is necessery to create account with lastpass.com and tick the Agreement to send encrypted password data to LastPass.

never forget password lastpass dialog

Once it is configured interesting feature of LastPass is automatic filling up of Forms.
You know how much often it is nowdays to create new registration with websites. If you have to create new registrations too frequently and fill up the same data again and again you start to get very irritated. Here LastPass will be mostly helpful as it can fill up around web-forms automatically with a predefined Form data (Fork Skele).

configure form fill automatic form filling lastpass screenshot automatically fill web page forms in Firefox

Configure automatic form filling about bank accounts, credit card information etc. LastPass Mozilla Firefox

After filling up all data, you will be redirected and automatically logged into LastPass's website Vault. This is a webplace, giving you access to see and manage all password via lastpass.com. You can put different identities inside have numerous pre-filled forms to be used as a samples for automatic form filling, add notes, create groups etcetera.

The plugin's idea is good and useful and as I said most people might have no objections using it still I don't like  fact that a 3rd party site (Lastpass.com) stores my data is very so though it was fun to test it I doubt to seriously use it in future.

Tags: , , , , ,
Posted in Computer Security, Web and CMS | No Comments »

PC Freak old website now hostead on pc-freak.net/crew/

Thursday, November 22nd, 2007

A friend of Mine Marto a.k.a. (Amridikon) has regged a domain for pc-freak. So www.pc-freak.net is now upcheck his Development Studio dhstudio http://dhstudio.euPc-Freak’s site can be accessed from

https://www.pc-freak.net//crew/  :)END—–

Tags: , , , , , , , , , , , , , , , ,
Posted in Everyday Life | No Comments »

IE PassView – View stored Microsoft Internet Explorer passwords program

Thursday, January 5th, 2012

While checking a friend of mine's blog, I've seen a reference to a Windows program capable of revealing stored website passwords.
Check stored internet explorer passwords in plaintext with IE PassView

IE PassView is a small password management utility that reveals the passwords stored by Internet Explorer Web browser, and allows you to delete passwords that you don't need anymore. It supports all versions of Internet Explorer, from version 4.0 and up to 9.0.
Ie PassView is quite a good one for crackers, who would like to steal some lame poor Windows IE user facebook,gmail, yahoo etc. passwords 😉 here is a link to IE Passview's download page

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Computer Security, Windows | 1 Comment »

« Older Entries
Newer Entries »