Using a single server for multiple virtual hosts is something that comes naturally nowadays for any web server sysadmin. Using SSL certificates is also common (particularly so since the infamous Blacksheep extension for Firefox as published a few years back). However, the mixing of SSL and virtual hosts might not be as easy as you might think.
Secunia gave the Chamilo Security team full details of three security flaws detected in version 1.9.4 on Monday the 4th of March 2013. These flaws were detected by Fernando Muñoz, a regular contact for Chamilo in terms of security.
I wouldn't want this post to disappear, so just to make sure that the information is better spread on what passwords *not to use*, here is the list: 1. 123456 2. 12345 3. 123456789 4. Password 5. iloveyou 6. princess 7. rockyou 8. 1234567 9. 12345678 10. abc123 11. Nicole 12. Daniel 13. babygirl 14. monkey 15. Jessica 16. Lovely 17. michael 18. Ashley 19. 654321 20. Qwerty Come on, people, get some imagination!
Yesterday w had a funny (I say that now that I've been able to relax a little) situation on one of our hosted servers. The server's RAM usage went bang to the ceiling in a matter of minutes, and it was then practically impossible to get it back (had to hard-kill Apache and the monit process that was restarting it). What happened?
In a recent meeting with the Dokeos 2.0 team, I realized that sometimes things are not quite evident. One of these cases that can only be understood with experience is that there's no use in allowing a user to upload files and keep the true filenames on the server's disk. In fact, it is quite a bigger problem to do that instead of changing the filenames and storing files as hashes.
Reason 1: Avoid security issuesWhen uploading a file to the server, you will have filters in place (won't you?).
This is a draft list of what you need to think of when you upgrade a Dokeos from a cPanel install...
- check you have the sufficient login information to access the Dokeos portal, the cPanel files manager and the cPanel MySQL account for the corresponding Dokeos portal
- connect to the cPanel server
- take a backup of the database (possibly through phpMyAdmin if there is no easier way) and download it on your computer (safeguard)
- connect to the file manager
- if possible compress the whole Dokeos directory (after a check to see if archive is not filled w
I've been looking for a few hours now for a "quick and easy" solution at securing the Dokeos web services, but I have still to go through a whole lot of technical details. Looking for help (at avoiding so much reading work), I have sent an e-mail to the php-general mailing-list, hoping for an answer. Because this e-mail is the result of considerable search efforts, I'm saving it here.
The pen-test mailing list (see http://www.securityfocus.com) has a short thread going about security certifications, which basically gives two possibilities for security certifications in the case of watching the information security: http://www.giac.org/certifications/security/gcia.php http://www.giac.org/certifications/security/gcih.php That's a personal bookmark for later. There's also an Ubuntu Professional Certi
The post is in French, but is certainly worth the effort of translation for people looking on how to do this: http://howto.landure.fr/gnu-linux/debian-4-0-etch/creer-un-certificat-ssl-multi-domaines If enough people ask for a good translation, I'll consider doing that here.
- Page 1
- Next page