SSL certificates for multiple virtual hosts: problem on IE for Windows XP

Using a single server for multiple virtual hosts is something that comes naturally nowadays for any web server sysadmin. Using SSL certificates is also common (particularly so since the infamous Blacksheep extension for Firefox as published a few years back)….

More Details
BeezNest fixes new Chamilo security flaws in 48h

Secunia gave the Chamilo Security team full details of three security flaws detected in version 1.9.4 on Monday the 4th of March 2013. These flaws were detected by Fernando Muñoz, a regular contact for Chamilo in terms of security. We…

More Details
Nginx Anti-DOS filter for Fail2Ban

We are currently trying out this Fail2Ban rule on one of our server, to block simple (but very upsetting) DOS attacks on Nginx automatically (after 30 seconds). New filter in /etc/fail2ban/filter.d/nginx-dos.conf: # Fail2Ban configuration file # # Generated on Fri…

More Details
20 most common passwords

I wouldn’t want this post to disappear, so just to make sure that the information is better spread on what passwords *not to use*, here is the list: 1. 123456 2. 12345 3. 123456789 4. Password 5. iloveyou 6. princess…

More Details
How to best generate a DDoS without even noticing

Yesterday w had a funny (I say that now that I’ve been able to relax a little) situation on one of our hosted servers. The server’s RAM usage went bang to the ceiling in a matter of minutes, and it…

More Details
Protected: Don’t use true filenames on your server

There is no excerpt because this is a protected post.

More Details
Dokeos cPanel upgrade checklist

This is a draft list of what you need to think of when you upgrade a Dokeos from a cPanel install… check you have the sufficient login information to access the Dokeos portal, the cPanel files manager and the cPanel…

More Details
Securing Web Services – Research

I’ve been looking for a few hours now for a “quick and easy” solution at securing the Dokeos web services, but I have still to go through a whole lot of technical details. Looking for help (at avoiding so much…

More Details
Security certifications

The pen-test mailing list (see http://www.securityfocus.com) has a short thread going about security certifications, which basically gives two possibilities for security certifications in the case of watching the information security: http://www.giac.org/certifications/security/gcia.php http://www.giac.org/certifications/security/gcih.php That’s a personal bookmark for later. There’s also…

More Details
Creating multi-domain SSL certificates

The post is in French, but is certainly worth the effort of translation for people looking on how to do this: http://howto.landure.fr/gnu-linux/debian-4-0-etch/creer-un-certificat-ssl-multi-domaines If enough people ask for a good translation, I’ll consider doing that here.

More Details

Quick Contact Form