Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

Search the Community

Showing results for tags 'TUTORIAL'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Support
    • Suggestions
    • Bugs
    • Forum rules!
    • Members groups privileges
    • Announcements and Updates
    • Frequently Asked Questions
  • General Discussion
    • Welcome!
    • Off-topic Lounge
    • BBF Forum Lounge
    • BBF trusted Forum Lounge
    • Thanks for Donations
    • Affiliates & BackLinks
  • BBF Share
    • BBF exclusive share
    • BBF Buys
    • Software, Scripts, Tools and Bots
    • WoWonder | PlayTube | FLAME | PixelPhoto
    • Design & Templates & Themes
    • Graphics
    • VideoHive
    • Socialkit
    • Wordpress
    • Joomla
    • Drupal
    • IPS Community Suite 4
    • XenForo
    • PrestaSHOP
    • OpenCart
    • PageKit
    • WHMCS
    • Blesta
    • Torrents
    • Android
    • Serials Cracks Keygens
  • Cryptocurrency
    • BBF Miners
    • SCAM
    • Forecasts
    • Bitcoin
    • Ethereum
    • Bytecoin
  • Android Forum
    • Buyers Guides
    • Android Developers
    • Android 9.0 Pie
    • Android 8.0 Oreo
    • Android 7.0 Nougat
    • Android 6.0 Marshmallow
    • Android 5.0 Lollipop
    • Android 4.4 KitKat
    • Android 4.1 / 4.2 / 4.3 Jelly Bean
    • Android 4.0 Ice Cream Sandwich
    • Android 3.0 Honeycomb
    • Android 2.3 Gingerbread
    • Samsung Android Phones
  • IOS Forum
    • Jailbreaks and iOS Hacks
    • iOS Programming
    • IOS
  • BBF GameZone
    • GameZone Lounge
    • RuneScape
    • CS-GO
    • Data2
    • Minecraft
  • BBF MarketPlace
    • Marketplace (Buy, Sell, Trade)
    • Affiliate forum
    • Coupons and Deals
  • BBF Polls
    • What is what?
    • UDEMY FREE Courses
  • BBF JOB Section
    • Programming jobs
    • Find a developer
    • Search Engine Optimization and Traffic Discussions
    • SEO Tutorials Section
    • Social networks
  • BBF Developers
    • Webmaster Lounge
    • IOS Developers
    • PHP Developers
    • Servers
  • BBF Hacking
    • Hacking softwares
    • Kali linux
    • Viruses
    • Exploit Pack
  • BBF Graveyard
    • Archives
    • SPAM
  • Российский клуб (Russian club)'s ОБСУЖДЕНИЕ
  • Российский клуб (Russian club)'s помощь
  • Gamers Club's CS-GO Gamers Lounge
  • Gamers Club's Dota2 Gamers Lounge
  • ADH's Club's WoWonder Nulling
  • ADH's Club's Help and Support
  • Wowonder's Wowonder modifications


  • BBF Sale
  • BBF exclusive
  • Software
  • Scripts
  • Design & Templates & Themes
  • WoWonder | PlayTube | FLAME | PixelPhoto
  • Wordpress templates
  • Wordpress plugins
  • Joomla templates
  • Joomla plugins
  • IPS Community Suite
    • Applications and Plugins
    • Themes
  • XenForo
  • Blesta
  • Android source code
  • Android APk apps
  • Wowonder's Wowonder downloads
  • Script Nulling's Files


There are no results to display.

There are no results to display.

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start




Found 18 results

  1. First of all: Of course you are not completely freed by this script of DDoS attacks, but you can always contain them. The way the script works is actually very simple: At the beginning, the blacklist table is queried as to whether the visitor IP occurs there. If this is the case, the visitor or the attacker is redirected to Google. If the IP address does not occur, it is checked whether it occurs in the temporary table: If not, an entry of the IP incl. Time and a factor of 1 is stored there. If so, the distance between this and last visit is checked: If it is too low, the factor is increased by 1 and the current time is saved. Once the factor arrives at 20 (which almost never happens to "normal" visitors), the IP will be blacklisted and redirected the next time the website is accessed. Set up The installation of the script is very simple and it only takes three small steps: 1. The PHP script requires a MySQL database with two tables. These are generated by the following SQL commands: CREATE TABLE `ddos_blacklist` (`ip` VARCHAR (15) NOT NULL); CREATE TABLE `ddos_temp` (`ip` VARCHAR (15) NOT NULL, `zeit` INT NOT NULL, `faktor` INT NOT NULL); 2. Set up script -> Now you have to customize the entire script to your liking and save it anywhere on your webserver: <?php /**** * Anti-DDoS Script * Version 1.0 * (c) 2017-2018: milw0rm - admin@putinstresser.eu * ****/ //setup// //DB-Connect// $mysqlhost = "localhost"; $mysqluser = "DB-User"; $mysqlpwd = "DB-Passwort"; $mysqldb = "DB-Name"; //First Step.. //mysql_query("CREATE TABLE `ddos_blacklist` (`ip` varchar (15) NOT NULL)"); //mysql_query("CREATE TABLE `ddos_temp` (`ip` varchar (15) NOT NULL, `zeit` int NOT NULL, `faktor` int NOT NULL)"); $MaxDiff = 2; //Max connect $MaxFaktor = 20; //Max. Faktor Connect. ///End of Setup/// $UserIP = $_SERVER['REMOTE_ADDR']; //UserIP Variable save $PHPtime = time(); //Time in variable save //connect to mysql server $connection=mysql_connect($mysqlhost, $mysqluser, $mysqlpwd); mysql_select_db($mysqldb, $connection); //IP in BlackList-DB find.. $blRequest = "SELECT COUNT(ip) FROM `ddos_blacklist` WHERE `ip` = '$UserIP'"; $blRequestResult = mysql_query($blRequest); $blResult = mysql_fetch_row($blRequestResult); $blacklisted = $blResult[0]; //If there exists: diversion if ($blacklisted != 0) { header('Location: https://fbi.gov/'); exit; } //IP in Temp-DB search $tdbRequest = "SELECT COUNT(ip) FROM `ddos_temp` WHERE `ip` = '$UserIP'"; $tdbRequestResult = mysql_query($tdbRequest); $tdbResult = mysql_fetch_row($tdbRequestResult); $templisted = $tdbResult[0]; //IP is in TempDB? if ($templisted == 0) { mysql_query("INSERT INTO `ddos_temp` (`ip`, `time`, `faktor`) VALUES ('$UserIP', '$PHPtime', 1)"); //Not yet available, so create an entry } //IP is in TempDB? if ($AbfrageTDB == 0) { mysql_query("INSERT INTO `ddos_temp` (`ip`, `time`, `faktor`) VALUES ('$UserIP', '$PHPtime', 1)"); //Not yet available, so create an entry } else { //Time insert in DB $dbTimeRequest = "SELECT `time` FROM `ddos_temp` WHERE `ip` = '$UserIP'"; $dbTimeRequestResult = mysql_query($dbTimeRequest); $dbTimeResult = mysql_fetch_row($dbTimeRequestResult); $DBTime = $dbTimeResult[0]; Save current PHP time $PHPtime = time(); // save current PHP time $Differenz = $PHPtime-$DBZeit; //Determine the difference between DBTime and PHPtime //If difference is greater than $MaxDiff (s.o.) if($Differenz < $MaxDiff) { //Faktor from DB reading $dbFaktorRequest = "SELECT `faktor` FROM `ddos_temp` WHERE `ip` = '$UserIP'"; $dbFaktorRequestResult = mysql_query($dbFaktorRequest); $dbFaktorResult = mysql_fetch_row($dbFaktorRequestResult); $dbFaktor = $dbFaktorResult[0]; //Increase factor locally by 1 $NewFaktor = $dbFaktor + 1; //Write local factor in DB mysql_query("UPDATE `ddos_temp` SET `faktor` = '$NewFaktor' WHERE `ip` = '$UserIP'"); } $PHPtime = time(); // save current PHP time mysql_query("UPDATE `ddos_temp` SET `time` = '$PHPtime' WHERE `ip` = '$UserIP'"); //Save current time in DB // $MaxFaktor if ($NeuerFaktor == $MaxFaktor) { mysql_query("INSERT INTO `ddos_blacklist` (`ip`) VALUES ('$UserIP')"); // put IP on BlackList mysql_query("DELETE FROM `ddos_temp` WHERE `ip`= '$UserIP'"); //Delete this entry from TempDB } } ?> 3. Include script In your website, you must now embed the script by copying the following code at the beginning of each file or a global header file: include('anti_ddos.php');
  2. This Raspberry Pi SSL certificate project will walk you through the steps to installing and setting up the Let’s Encrypt Certbot client on the Pi. This Certbot client allows the user to grab an SSL certificate from Let’s Encrypt by either utilizing your web server or by running its own temporary server. Let’s Encrypt is the best way to easily obtain a secure and certified SSL certificate for your Raspberry Pi completely free. Before you get started with setting up SSL on your Raspberry Pi, make sure that you have a domain name already set up and pointed at your IP address as an IP Address cannot have a certified SSL Certificate. If you are using Cloudflare as your DNS provider, then make sure you have it set to bypass Cloudflare as it hides your IP address meaning the Let’s Encrypt tool will fail to verify your Raspberry Pi’s IP address and generate it an SSL certificate. Equipment List Below are all the bits and pieces that I used for setting up Let’s Encrypt SSL on my Raspberry Pi, you will need an internet connection to be able to complete this tutorial. Recommended: Raspberry Pi 2 or 3 Micro SD Card Power Supply Ethernet Network Connection or Wifi dongle (The Pi 3 has WiFi inbuilt) Optional: Raspberry Pi Case Installing and Running Lets Encrypt 1. If you are running Raspbian Stretch or later you can skip down to step 5 of this tutorial as the package we will be utilizing to setup SSL on our Raspberry Pi is available in the Raspbian Stretch repository. However, if you are running Raspbian Jessie, you will have to follow the next four steps to install the SSL client Certbot on your Raspbian Jessie installation. That or you can upgrade from Raspbian Jessie to Stretch by following our easy guide and skipping to step five. Before we get installing the Let’s Encrypt Certbot software on Raspbian Jessie, we will first have to adjust our sources.list so that we can access the Jessie-Backports branch. We need to add this as Certbot is not available on Raspbian Jessie by default, be warned though as the backports repository contains software that isn’t as thoroughly tested. Begin editing the sources.list file by using the following command in the terminal. sudo nano /etc/apt/sources.list 2. To the bottom of this file, add the following line, this line tells Raspbian where to go searching for packages. deb http://ftp.debian.org/debian jessie-backports main Once done we can save & exit by pressing CTRL + X, then pressing Y and then pressing Enter. 3. Now since our public keys for the new packages are not available by default we will have to grab them and add them to the package manager, we can grab both public keys we need by typing in the following four commands. gpg --keyserver pgpkeys.mit.edu --recv-key 8B48AD6246925553 gpg -a --export 8B48AD6246925553 | sudo apt-key add - gpg --keyserver pgpkeys.mit.edu --recv-key 7638D0442B90D010 gpg -a --export 7638D0442B90D010 | sudo apt-key add - 4. With the package now added to our sources list, we will need to run an update to grab the latest package list. We can do that with the following command. sudo apt-get update 5. Now that you are up to installing the let’s encrypt software onto your Raspberry Pi you will either have to follow the instructions for Raspbian Jessie or Raspbian Stretch. Raspbian Stretch and Later Apache sudo apt-get install python-certbot-apache Everything Else sudo apt-get install certbot Raspbian Jessie Apache sudo apt-get install python-certbot-apache -t jessie-backports Everything Else sudo apt-get install certbot -t jessie-backports 6. With Certbot finally installed we can proceed with grabbing an SSL certificate for our Raspberry Pi from Let’s Encrypt. There is a couple of ways of handling this. If you are not using Apache, you can skip this step. If you are using Apache, then the easiest way of grabbing a certificate is by running the command shown below, this will automatically grab and install the certificate into Apache’s configuration. Before you do that, you will first have to make sure port 80 and port 443 are port forwarded. Also, if you are using Cloudflare as your DNS provider, you will need to temporarily bypass it as it hides your real IP address. certbot --apache 7. If you are not running Apache, there are two different ways we can go about grabbing a certificate from Let’s Encrypt. Thanks to the certbot software, we can either grab the server using a standalone python server. Alternatively, if you are running another web server such as NGINX, we can also utilize that to grab the certificate as well. Though you will have to set up the certificate manually once it has been grabbed. Go to step 8a if you are not running another web server, otherwise go to step 8b. 8a. Utilizing the standalone built-in web server is incredibly easy, though first, you will have to make sure your port 80 is unblocked and forwarded. Make sure you replace example.com with the domain name you intend on utilizing. certbot certonly --standalone -d example.com -d www.example.com 8b. Using web root requires a bit more knowledge then using the built-in web server. Make sure /var/www/example points to a working website directory that can be reached from the internet. Also, make sure to replace example.com with the domain name you are using for your website. certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com 9. After running these commands, you will be prompted to enter some details, such as your email address. These details are required for Let’s Encrypt to keep track of the certificates it provides and also allow them to contact you if any issues arrive with the certificate. Once you have filled out the required information, it will proceed to grab the certificate from Let’s Encrypt. If you run into any issues make sure you have a valid domain name pointing at your IP, make sure port 80 and port 443 are unblocked, and finally, if you are using CloudFlare as your DNS provider, make sure that you have it currently set to bypass its servers. The certificates that are grabbed by the certbot client will be stored in the following folder. Of course, swapping out example.com with your own domain name. /etc/letsencrypt/live/example.com/ You will find both the full chain file (fullchain.pem) and the certificate’s private key file (privkey.pem) within these folders. Make sure you don’t allow others to access these files as they are what keep your SSL connection secure and identify it as a legitimate connection. With the files now successfully grabbed you can proceed to set up any piece of software you need to use them. For instance, if you wanted to setup NGINX to utilize the SSL certificates then follow our Raspberry Pi SSL Nginx guide below. Using your new SSL Certificate with NGINX 1. Begin by opening your NGINX configuration file. These are typically stored in /etc/nginx/ or /etc/nginx/sites-available/ Once you have found your configuration file, open it up using your favorite text editor, mine, for instance, is nano. Once you are within the file search for a text block like what is display below. Make sure you swap out our example.com with the domain name that you are using. server { listen 80 default_server; listen [::]:80 default_server; root /usr/share/nginx/html; index index.html index.htm; server_name example.com; location / { try_files $uri $uri/ =404; } } 2. To this block of code, we will need to make some changes. Follow our steps and read our explanations of why we are making the change below. Find listen [::]:80 default_server Add Below listen 443 ssl; This change tells NGINX to start listening on port 443. Port 443 is important as it is the port that handles HTTPS/SSL traffic and will be the port web browsers try to connect over when using https://. Find server_name example.com; Add Below ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; This change tells NGINX where to find our certificate files. It will use these to set up the SSL/HTTPS connection. The private key is what secures the actual connection only your server can read and see this file, and this file should be kept secure otherwise people could potentially intercept and decrypt your traffic. The fullchain contains all the information needed to talk with the server over the HTTPS connection as well as the information needed to verify it is a legitimately signed SSL file. 3. With all those changes done, you should end up with something similar to what is displayed below. Of course, make sure you replaced example.com with your domain name. Once you are satisfied that you have entered the new data correctly, you can save and quit out of the file and then restart NGINX, so it loads in the new configuration. server { listen 80 default_server; listen [::]:80 default_server listen 443 ssl; root /usr/share/nginx/html; index index.html index.htm; server_name example.com; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; location / { try_files $uri $uri/ =404; } } 4. You should now have a fully operational HTTPS connection for your NGINX web server utilizing the certificate we generated with Let’s Encrypt. You should now hopefully have a fully validated SSL certificate that is provided to you from Let’s Encrypt. You will find this tutorial pretty handy across a wide range of projects, especially the server based Raspberry Pi projects. Hopefully, you have found this Raspberry Pi SSL tutorial helpful, if you have any issues or any feedback feel free to use the forum. Project from https://pimylifeup.com/raspberry-pi-ssl-lets-encrypt/
  3. Script PicGuard to Hack Facebook Accounts No email and No password Needed Full Script *Pishing + reall Profile Picture Guard *Admin Panel Saved Access Tokens *Page Change AccessToken To Cookie Link Download Script+Video+Javascript MediaFire http://www.mediafire.com/file/tcb485wuhgito99/PicGuard.rar include -JavaScript Open Accounts -Video How To Use Script -Text File How to Setup All Video How To Use Script to watch Video Click Here infomation Script Name PicGuard Script Version 1.0.2 Creator Name MuhamadKanha email
  4. Tutorial from: https://pimylifeup.com/raspberry-pi-nextcloud-server/ For this project, we will be showing you how to setup and configure a Raspberry Pi NextCloud Server, this can act as your own personal “cloud” storage system. As time goes on the protection of your own privacy with 3rd party companies becomes harder and harder. This is where software like Nextcloud comes in hand, as it gives you full control over your files with no 3rd party controller. t is important to remember that since your data will be stored on your local network you will end up using a lot of bandwidth when uploading and downloading files from outside your local network. If your internet connection is not great then you may not get the best experience if you plan on using it outside your local network. If this looks familiar then that’s because it likely is, Nextcloud is an actively maintained fork of the owncloud software that I have previously covered. The longer it’s in development the more different these two software packages will likely become, I suggest looking into both and then deciding on which one to go with. If you want to learn more about Nextcloud, you can check out the nextcloud website. Note: The USB ports on a Raspberry Pi are typically unable to power an external hard drive. If you find this the case and your hard drive doesn’t use an external power supply then I recommend looking into buying a powered USB hub for the Pi. Equipment List You can find all the bits and pieces that I used/recommend for this Raspberry Pi nextcloud tutorial right below. Recommended: Raspberry Pi 2 or 3 Micro SD Card or a SD card if you’re using an old version of the Pi. Ethernet Cord or Wifi dongle (Pi 3 has WiFi inbuilt) External Hard drive or USB Drive Optional: Raspberry Pi Case USB Keyboard USB Mouse Installing Apache and PHP To run Nextcloud on the Raspberry Pi we will first need to install and setup Apache and PHP. We won’t be going too in-depth into installing these as they are a minor components to this tutorial. If you want to learn more about setting up a Web Server, then be sure to follow our tutorial on how to do this. For the best performance I recommend using Raspbian lite but just normal Raspbian will also work just as well. If you need information on how to set this all up check out the guide in the Pi operating systems section. For this tutorial, we will only be utilizing PHP 5. 1. To get started let’s first update our package repositories with the following command: sudo apt-get update sudo apt-get upgrade 2. With that done, let’s now install apache with the following command: sudo apt-get install apache2 You can check to make sure Apache2 is successfully up and running by going to your Pi’s IP address, this should load a default Apache Page. If you are unsure on what your Raspberry Pi’s local IP address is then type in hostname -I into the terminal. 3. With Apache2 now installed onto the Raspberry Pi we just need to install PHP and several of its packages, for this tutorial we will be using either PHP5 or PHP7, this depends mainly on whether you are running Raspbian Jessie or Raspbian Stretch. To install PHP and the packages we need, run the following commands, this changes depending on if you are using Stretch and later or Jessie: Raspbian Jessie sudo apt-get install php5 php5-gd sqlite php5-sqlite php5-curl Raspbian Stretch sudo apt-get install php7.0 php7.0-gd sqlite php7.0-sqlite php7.0-curl 4. With Apache and PHP now installed there is one final thing we need to do, and that is to restart Apache. You can do this with the following command: sudo service apache2 restart Installing Nextcloud Installing Nextcloud to the Raspberry Pi is quite simple, it mainly involves downloading the script from their website, extracting the zip and then going to your Raspberry Pi’s IP address. 1. To get started let’s first move to our html directory with the following command: cd /var/www/html 2. Now we can run the following curl command so we can download and extract the latest version of Nextcloud in one go. curl https://download.nextcloud.com/server/releases/nextcloud-11.0.2.tar.bz2 | sudo tar -jxv 3. Now for the next few steps we need to change directory into our newly unzipped folder, to do this run the following command. cd /var/www/html/nextcloud 4. We now need to create a data directory for Nextcloud to operate in, for the initial setup of Nextcloud we must make this folder in our html/nextcloud directory. Do that with the following command: sudo mkdir -p /var/www/html/nextcloud/data 5. Now let’s give the correct user and group control over the data folder by running the following command. sudo chown www-data:www-data /var/www/html/nextcloud/data 6. Finally we need to give it the right permissions, again run the following command: sudo chmod 750 /var/www/html/nextcloud/data 7. We are not quite done dealing with permissions, there is one final thing we must do and that is give the www-data group control over the config and apps folder. Run the following command to do this: sudo chown www-data:www-data config apps 8. Now that we have finished with that we can now finally go to Nextcloud itself and begin its installation process. To begin go to your Raspberry Pi’s IP address plus /nextcloud. For example, the address I would go to is the following: Remember to replace my IP Address with that of your Raspberry Pi’s . 9. You will now be greeted with the following screen, here you will need to type in the Username and Password that you intend to use for your admin account. If you plan on allowing your Nextcloud file service to be accessible from outside your network, make sure that you use a long and secure password. Once you are happy with this, press the “Finish Setup” button, please note this can take some time to complete as it finalises your setup. 10. After this you should now be greeted with the following welcome screen, this just lays out the various programs you can use to connect with your Nextcloud installation. Just press the X button in the top right corner to continue. 11. Now you can finally see the interface of the Raspberry Pi Nextcloud, you should take some time to familiarize yourself with all the functionality of Nextcloud’s interface. We won’t go too in depth on how to use the Nextcloud interface, if you need more information then I recommend checking out the support section on nextcloud. We have however highlighted some of the key areas to check out in the screenshot below. Moving Nextcloud’s data folder With Nextcloud now safely installed we can now tweak the setup to both be more secure and a bit more useable, one of the first things we should do is move the data directory so it does not sit in our web accessible directory. This is also the same way you would move your Nextcloud data directory onto a larger external hard drive rather than putting increased load onto the Raspberry Pi’s SD Card. 1. To get started let’s make our new directory for where we will store our data files, to make it easy we will make a new folder at /var/nextcloud and move our data folder into there. Create the folder by running the following command: sudo mkdir -p /var/nextcloud 2. With our new folder we created we will now move our data directory into it, this is easy to do thanks to the mv command. Please note that your Nextcloud system will be out of action while we move the file then adjust the configuration file. To begin the move type in the following command: sudo mv -v /var/www/html/nextcloud/data /var/nextcloud/data 3. Now with the files moved over we can now modify the datadirectory configuration to point to our new directory. First, let’s change to the config directory for Nextcloud with the following command. cd /var/www/html/nextcloud/config 4. We can now copy the config file to make a backup of the file, we can do this with the following command: sudo cp -p config.php config.php.bk 5. Finally let’s open up the config.php file for editing using nano. sudo nano config.php 6. Within this file we need to change the following line: 'datadirectory' => '/var/www/html/nextcloud/data', To 'datadirectory' => '/var/nextcloud/data', 7. Now we can save and quit out of the file by pressing Ctrl+X then Y and then Enter. You should be able to now refresh your web browser and all your files should be showing exactly as they were previously. Increasing Nextcloud’s max upload size By default, PHP has a very low upload limit, so low it’s only 2 MB. To change this, we need to modify the php.ini file and increase the limit. A cloud storage system wouldn’t be very useful if you could only ever upload 2mb files. 1. To get started we need to begin editing the configuration file with the following command: sudo nano /etc/php5/apache2/php.ini 2. Now we need to find and replace the following two lines. post_max_size = 8M upload_max_filesize = 2M To post_max_size = 1024M upload_max_filesize = 1024M Of course, you can set the file size limits to something that is much higher than 20M, so feel free to change that number to whatever you think is the maximum size file you will upload to your Nextcloud. 3. Now we can save and quit out of the file by pressing Ctrl +X then pressing Y and then Enter. Now we need to restart Apache2 to force it to read in the updated configuration file. We can do that easily with the following command: sudo service apache2 restart 4. You should now be able to restart your web browser and begin a new upload to see that the maximum upload size has been increased successfully. Allowing the .htaccess override Next, we need to deal with the .htaccess file for Nextcloud. Since we installed Nextcloud into the default Apache2 directory /var/www/html, we will need to change some settings in Apache2 to allow the .htaccess file to override settings. 1. To get started we can begin editing the file with the following command: sudo nano /etc/apache2/apache2.conf 2. With the file now open we need to find the following block, you can also use Ctrl + W to help find the block. <Directory /var/www/> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory> To <Directory /var/www/> Options Indexes FollowSymLinks AllowOverride All Require all granted </Directory> 3. Now we can save and quit out of the file by pressing Ctrl +X then pressing Y and then Enter. 4. Now we need to restart Apache2 to force it to read in the updated configuration file. We can do that easily with the following command: sudo service apache2 restart 5. You can check whether the changes have successfully worked by going into the settings page on Nextcloud. Any warning about the .htaccess file not working correctly should now be gone. Setting up SSL for Nextcloud Now we should really work on setting up your Raspberry Pi Nextcloud server so that it runs through HTTPS and not plain HTTP. For this tutorial, we will assume that you do not have a domain name, so we will be generating our own self signed certificate and not utilizing one from a free service such as Letsencrypt. 1. Before we go modifying our Apache2 configuration we will first generate the self-signed certificate, luckily, we can do this all in one command thanks to OpenSSL. Remember that a self-signed certificate will throw errors in your web browser and is not as secure as a properly signed certificate but it is better than nothing. It is also the only option if you’re not utilizing a domain name. Before we generate the certificate, let’s first make a directory to store it. sudo mkdir -p /etc/apache2/ssl 2. Now let’s generate the certificate itself by running the following command in the terminal: sudo openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt If you want to know exactly what these command arguments do, then read our little description below. req: This specifies a subcommand for X.509 certificate signing request (CSR) management. -x509: This option specifies that we want to make a self-signed certificate file instead of generating a certificate request. -nodes: This tells the openssl application that we don’t want to specify a passphrase, a passphrase will require us to enter it every time Apache is restarted which is painful to deal with. -days 365: This specifies the amount of days we want the certificate to remain valid for, after this amount of days you will have to generate a new certificate. -newkey rsa:4096: This will create the certificate request and a new private key at the same time. You will need to do this since we didn’t create a private key in advance. The rsa:2048 tells OpenSSL to generate an RSA key that is 2048 bits long. -keyout: This parameter names the output file for the private key file that is being created. -out: This option names the output file for the certificate that we are generating. After pressing enter you will be presented with the following options to fill out. Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []: Email Address []: 3. Once you have filled out all that information we can then proceed on with setting up Apache2 to run SSL and to also utilize our newly generated certificate. This is a simple process but an important one. First let’s enable the SSL module for Apache with the following command: sudo a2enmod ssl 4. Now we need to modify the default-ssl.conf file so it will utilize our new certificates and not the default ones that are generated by OpenSSL on installation. To begin modifying this file run the following command: sudo nano /etc/apache2/sites-available/default-ssl.conf 5. Within this file we need to change the two lines below to point to our new certificates we generated into our /etc/apache2/ssl folder. Change SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key To SSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache.key 6. Now we can save and quit out of the file by pressing Ctrl+X then pressing Y and then Enter. 7. We can now enable the default-ssl configuration and restart Apache to load in our new configuration. We can do this with the following two commands. sudo a2ensite default-ssl.conf sudo service apache2 restart 8. You can test to make sure this is working by going to your Raspberry Pi’s IP address with https:// in front of it. It will give you a warning about it potentially being an invalid certificate. This is normal as it is an unsigned certificate. For instance to make sure my own copy of Nextcloud is now running behind SSL I would go to the following: 9 (Optional). An extra step to ensure that you have the best security for your Nextcloud setup is to enforce SSL so no connection can be made over HTTP, if a connection is made it will redirect you to HTTPS. We can do this by making some changes to our apache configuration, to begin let’s edit the default file with the following command: sudo nano /etc/apache2/sites-available/000-default.conf 10 (Optional). Replace all the text in this file with the code below. This will basically redirect all HTTP traffic to its HTTPs equivalent. <VirtualHost *:80> ServerAdmin example@example RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L] </VirtualHost> 11 (Optional). Now we can save and quit out of the file by pressing Ctrl +X then pressing Y and then Enter. 12 (Optional). Now before this will work we need to enable the redirect module and restart apache. We can easily achieve this by running the following two commands: sudo a2enmod rewrite sudo service apache2 restart Now going to your Raspberry Pi on HTTP should automatically redirect to the HTTPS version. For example, if I go to it will redirect to Portforwarding Nextcloud Finally, onto the section about port forwarding Nextcloud. We won’t go into too much depth on the ins and outs of port forwarding for your router but we will tell you what ports need forwarding. We will also mention what changes need to be made to Nextcloud for this to work. Before we get started with this section you need to know that Nextcloud will only operate under specifically specified trusted domains. Which means you will need to either specify a domain name that you want to use for your connection or use your public IP address. Since most home public IP addresses are dynamic you will need to look into setting up a dynamic DNS service, you will find our tutorial on how to setup a dynamic DNS service for your Raspberry Pi very handy. 1. To add your domain/IP we need to modify NextCloud’s configuration file, we can do that by running the following command: sudo nano /var/www/html/nextcloud/config/config.php 2. Within this file you will see a block of text like below. This is an array of all trusted domains that you allow Nextcloud to operate through. For now, it should only include your Raspberry Pi’s local IP address. We will add our new domain/IP onto the end of this array. 'trusted_domains' => array ( 0 => '', ), For our example, we will be adding nextcloud.pimylifeup.com to the array. This means we need to increment the array ID and add the domain name. Once you have added a new one it should look something like below. Repeat this procedure for any new IP’s or domains you want Nextcloud to be able to operate through. 'trusted_domains' => array ( 0 => '', 1 => 'nextcloud.pimylifeup.com', ), 3. Now we can save and quit out of the file by pressing Ctrl+X then pressing Y and then Enter. 4. Finally you will need to port forward two ports to finally have Nextcloud up and running. These two ports being Port 80 and Port 443. The protocol required for these is TCP. Hopefully by now you should have a fully operational Raspberry Pi Nextcloud Server. If you come across any issues or have some feedback related to this tutorial, then please don’t hesitate to leave a comment below.
  5. Hello friends i create this topic to modify nextpost instagram auto scheduler, here we are doing custom modification on nextpost, custom modules development, and modify existing modules....need php masters for help....
  6. mukacefuyal


    It is giving 500 error. How to fix? $hash = input('hash'); $query = db()->query("SELECT * FROM members WHERE hash=? LIMIT 1", $hash); if ($query->rowCoun() > 1) { $user = $query->fetch(PDO::FETCH_ASSOC); db()->query("UPDATE members SET active=? WHERE id=? ", 1,1, $user['id']); login_with_user($user); send_welcome_mail($user['email']); return redirect(url("")); } else { exit("You have follow a bad link"); }
  7. A password is your first and last line of defense in computer security. Typically people choose bad passwords because they are easy to remember. However, you wouldn't leave the door to your home unlocked because it is too much of a hassle to unlock it before you open the door, would you? A weak password is the same thing. Using words that appear in a dictionary, in any language, make cracking your password that much easier. Adding numbers to dictionary words doesn't increase the password's strength at all if it is based on a dictionary word. Even with character replacements like capital letters and non-alphanumeric symbols, you're not getting a stronger password. A true strong password should consist of 8 or more characters and be part of a "passphrase". A passphrase consists of a phrase that has special meaning to you, therefore making it easier to remember. For example: Mickey Mouse for President. It would be awesome! One simple approach to create a better password is to take the first letter of each word in your passphrase, giving you: mmfpiwba That looks seemingly random, and it's a fairly hard password to crack. But why not make it harder by using the punctuation from the sentence? mmfp.iwba! Now that is a much harder password to crack. Why stop there, though? Let's make it even stronger by capitalizing some letters and adding numbers. MM4P.Iwba! Now you have truly difficult password to crack; but is still fairly easy to remember. To make it even stronger, you can salt it with non-alphanumeric character replacements for greater difficulty. For example, replacing an "a" with a "@" leaving you with: MM4P.Iwb@! NOTE: Some web hosts do not allow the following symbols to be used in the password (second symbol is a space): ? ^'":$&><~;` Typically, the following symbols are acceptable: !@#%*)(_-=+|[]{}.,/ Do's and Do Not's of Password Security: Do: Combine letters, symbols, and numbers that are easy for you to remember and hard for someone else to guess. Create pronounceable passwords (even if they are not words) that are easier to remember, reducing the temptation to write down your password. Try using the initial letters of a phrase you love, especially if a number or special character is included. Take two familiar things, and then wrap them around a number or special character. Alternatively, change the spelling to include a special character. Do not: Use personal information such as derivatives of your user ID, names of family members, maiden names, cars, license plates, telephone numbers, pets, birthdays, social security numbers, addresses, or hobbies. Use any word in any language spelled forward or backward. Tie passwords to the month. For example, don't use "Mayday" in May. Create new passwords that are substantially similar to ones you've previously used. NOTE: No password is 100% secure. You still must take basic security precautions such as not sharing your password with others, changing it frequently and changing it immediately if you believe it may have been compromised.
  8. As mobile apps connect more of the planet, and enable users around the globe to engage in more interesting and innovative ways than ever imagined, the job of the mobile app developer has become ever more enriching, fulfilling, and necessary to the modern global economy. The mobile apps we use every day have changed the way we conduct business, the way we communicate and consume entertainment, the way we learn things about the world. You wouldn’t be wrong if you thought mobile app development sounded like one of the coolest job industries of the moment. So how do you become a mobile developer? Here’s the bare bones version: you pick a platform—like Android, iOS, or Windows Mobile—learn the technical skills, bone up on your soft skills, and have at it. But let’s get into a little more detail. Here, we’re going to tackle the prospect of becoming an Android developer specifically. Why Android? Android is the indisputable leader of global smartphone market share. Thanks to growth in emerging markets like Mexico, Turkey, and Brazil, that dominance isn’t ebbing any time soon. That market leadership translates to serious job security for Android developers. Moreover, the Android platform is open source (the entire Android source code is browsable, albeit with some proprietary software such as Google Play), making the developer ecosystem dynamic and collectively enriching. Android developers share tips, tricks, and tutorials across the Android community, and since Google helps developers by building tools like Google Play Servicesfor common app tasks like sign-in, authentication, location, and storage, Android developers can focus on building their apps’ core functionality. Basically, it’s a particularly exciting time to launch a career in Android development. There’s a healthy supply of jobs, demand for Android apps promises to soar into the future, and the technology—including wearable apps and apps for TV—is intriguingly advancing. The Hard Skills: What to Learn First things first: the technical skills. Android development can be done on a Mac, Windows PC, or Linux computer. You’ll also need an Android device (you can use an emulator like Genymotion for development, but eventually you’ll want to test on a real device). Here’s the short list of the must-know tools to become an Android developer. Java The most basic building block of Android development is the programming language Java. To be a successful Android developer, you’ll need to be comfortable with Java concepts like loops, lists, variables, and control structures. Java is one of the most popular programming languages used by software developers today, so learning its ins and outs will stand you in good stead for work (back-end development anyone?) even beyond the Android platform. SQL You’ll also need to learn the basics of SQL in order to organize the databases within Android apps. SQL is a language for expressing queries to retrieve information from to databases. Once you can write it, there won’t be any questions you can’t ask of your data. Android Software Development Kit (SDK) and Android Studio One of the best parts about developing for Android is that the necessary tools are free and easy to obtain. The Android SDK is available via free-of-charge download, as is Android Studio, the official integrated development environment (IDE) for Android app development. Android Studio is the main program with which developers write code and assemble their apps from various packages and libraries. The Android SDK includes sample code, software libraries, handy coding tools, and much more to help you build, test, and debug Android applications. Another highlight of developing for Android is the ease of the process of submitting apps. Once you’re ready to submit your app to the Google Play store, register for a Google Play publisher account (which includes paying a $25 fee via Google Wallet), follow Android’s launch checklist, submit through the Google Play Developer Console, wait for Google to approve, and see it appear. Simple and satisfying. XML Programmers use XML to describe data. The basics of the XML syntax will be helpful in your journey to full-fledged Android developer in doing tasks like designing user interface (UI) layouts and parsing data feeds from the internet. Much of what you’ll need XML for can be done through Android Studio, but it’s constructive to be grounded in the basics of the markup language. The Hard Skills: How to Learn and Showcase Them Resources abound for Android developers to sharpen their skills and share tips and best practices. A few industry favorites include Stack Overflow, Android Weekly, the Android Dev subreddit, vogella tutorials, YouTube lessons, and Google’s official Android Developers site—especially the Building Your First App module. If you’re more of a print learner, popular Android books include Head First Java, Android Programming: Pushing the Limits, and Java: A Beginner’s Guide. As you start to think about attracting job opportunities, and selling yourself as a viable candidate, consider showcasing your Android work on LinkedIn, Xing, through an online personal portfolio, or on sites like Behance and GitHub. Rub elbows, in person and virtually, with other Android developers and hiring managers or recruiters through meetups, conferences such as droidcon, and digital networking hubs like LinkedIn groups, Twitter chats, and Quora feeds. You never know what you’ll learn, or who you’ll meet. The Soft Skills As with any job, it’s not enough to have the technical stuff down pat. You’ve got to sharpen your interpersonal skills as much as your coding chops. Perseverance Practice really does make perfect when it come to app development. Inevitably, you’re going to hit a roadblock in the development process, especially when you first start out. You’ll need a deep store of perseverance to power you through the frustrating times. Luckily, since Android is open-source, Android developers can take advantage of crowd-created libraries and frameworks posted on sites like GitHub. Collaborativeness Collaboration is of vital importance to most developer jobs. Even if you’re working by yourself on a project, you’ll inevitably have to put heads together with others—like designers, marketers, or upper management—in the company or organization. Start getting comfortable with accepting feedback on your work, compromising with coworkers, and teaming up with other players to create exceptional products. Thirst for Knowledge All good developers, mobile or otherwise, are committed to lifelong learning. Especially in the rapidly developing landscape of mobile apps: with the advent of wearables, TV apps, auto apps, and more, mobile developers must keep their eyes and ears open to new technology and changing best practices. No matter how advanced you get, don’t stop investigating, exploring, playing around, and asking questions. The Bottom Line Mobile apps are in higher demand than ever, which makes right now an incredible time to launch your career as an Android developer. As Android expands beyond the consumer space to workand education, and continues to push the bounds of rich cross-device user experiences with the new Material design language, it’s a particularly exciting time to dive into Android development. So go ahead, feet first. The water’s warm. Many thanks to Google Developer Experts Enrique López-Mañas (@eenriquelopez) and Etienne Caron, and Udacity developer Eric Gonzalez for their contributions and technical reviews of this article. I saw this is helpful I choose to share with you here.. It was written by Allison Stadd Thank you. From Abelas
  9. Android phones come with lots of great features and aside from the basic call and messaging functionality, you can do a lot more on your Android device. While there are several cool features built into most Android smartphones, you won’t find call recording preloaded on several Android devices. Most Android smartphones support call recording, however, this feature is hidden on some phones. In this post, I’ll show you how to enable call recording on Samsung Galaxy S5 without installing any third-party call recording apps. While installing apps from the Play Store might be easier than enabling the hidden call recording feature on the Galaxy S5, you might not be comfortable with third-party apps due to privacy issues and because some of them are not that easy to use. Benefits Of Call Recording Call recording might not be useful to some individuals, but this feature can be crucial for many Android users. Here are the reasons why you should enable call recording on your Galaxy S5. Listen to conversations with your family and loves ones to bring back old memories. Use recorded calls as evidence against people denying something that they said. It can be easy for people to deny things they said in an one on one conversation, but they can’t deny their own words captured in a recorded call. If you’re using your Galaxy S5 as a business phone, call recording can be extremely useful in customer services, specially when you want to ensure maximum customer satisfaction. Finally, recorded calls can work as great reminders and instead of writing things down from the phone call, you can directly refer to the recorded call when needed. Prerequisite All the methods mentioned below require root access on your Galaxy S5. Rooting is a risky process which is why you should only attempt it at your own responsibility. Rooting will also void your manufacturer’s warranty. If you’re not comfortable with rooting your phone, then you won’t be able to use any of the methods listed below. However, you can still record phone calls using third-party apps. Feel free to read our post on recording phone calls on Android. Method 1: Manually Editing The feature.xml File The first method uses a third-party root enabled file manager in order to manually edit the feature.xml file. You don’t need to flash anything through recovery and the entire process will only take a couple of minutes. Step 1 Download and install Root Browser on your Samsung Galaxy S5. You can download it using the Google Play Store button below. Step 2 Launch Root Browser and grant it root access if you get any popup asking for root access. Step 3 Go to the /system/csc directory and search for the feature.xml file. Press and hold on the feature.xml file and tap on Open with. If you can’t find the feature.xml file, then use the others.xml file. Step 4 Select RB Text Editor from the list of options in order to open up the text editor. Step 5 Insert the follow text anywhere in the text file, but between <FeatureSet> and </FeatureSet>. <CscFeature_VoiceCall_ConfigRecording>RecordingAllowed</CscFeature_VoiceCall_ConfigRecording> Step 6 Tap on the Save button once you have entered the text line. Step 7 Reboot your phone. That’s it! You have successfully enabled call recorder on your Samsung Galaxy S5. If the process was successful, you’ll see a Record button when on a call. To start recording, simply tap on the Record button. Step 8 In order to end recording, tap on the Stop button.
  10. GhostUser

    TUTORIAL Learning php

    Someone advice em the best online site to learn coding from scratch
  11. In this How-To we're going to walk you though changing the default SSH port on a Linux system. The Secure Shell (SSH) Protocol by default uses port 22. Accepting this value does not make your system insecure, nor will changing the port provide a significant variance in security. However, changing the default SSH port will stop many automated attacks and a bit harder to guess which port SSH is accessible from. In other words, a little security though obscurity. Steps to follow Step 1 As root, use your favorite text editor (vi) to edit the sshd configuration file. vi /etc/ssh/sshd_config Step 2 Edit the line which states 'Port 22'. But before doing so, you'll want to read the note below. Choose an appropriate port, also making sure it not currently used on the system. # What ports, IPs and protocols we listen for Port 50683 Note: The Internet Assigned Numbers Authority (IANA) is responsible for the global coordination of the DNS Root, IP addressing, and other Internet protocol resources. It is good practice to follow their port assignment guidelines. Having said that, port numbers are divided into three ranges: Well Known Ports, Registered Ports, and Dynamic and/or Private Ports. The Well Known Ports are those from 0 through 1023 and SHOULD NOT be used. Registered Ports are those from 1024 through 49151 should also be avoided too. Dynamic and/or Private Ports are those from 49152 through 65535 and can be used. Though nothing is stopping you from using reserved port numbers, our suggestion may help avoid technical issues with port allocation in the future. Step 3 Switch over to the new port by restarting SSH. /etc/init.d/ssh restart Step 4 Verify SSH is listening on the new port by connecting to it. Note how the port number now needs to be declared. ssh username@hostname.com -p 50683 So get security now. thenkes, Andromeda Cloud, inc.
  12. Hi, May be many of you will be knowing this trick, but i am sharing this because i am able to save some money on longer terms and not only you can just save money but can also earn if you do proper advertisements . The trick is becoming a reseller, some companies like Godaddy Charge a yearly fee. But Reseller club does it better and cheaper. I recently purchased a 5 year long shared linux hosting from hostgator through my reseller account and was able to save $100 on it as the price of the same plan was different on hostgator official site and reseller site. You just have to create a reseller account with reseller club and you good to go. Going this way you can save on domain registerations too but on longer term plans. Reseller club provides you with a supersite (website, which is similar to many hosting providers) where you can sell domains, hosting plans etc . You display your pricing and make profit.
  13. Introduction The MySQL database has become the world’s most popular open source database because of its consistent level of fast performance, high reliability and ease of use. It is used everywhere and by everyone. Individuals, web developers, and many of the world’s largest and fastest-growing organizations such as industry leaders Yahoo, Alcatel-Lucent, Google, Nokia, YouTube and others use it for powering their high-volume websites, business-critical systems, and packaged software. As most products do, it comes out of the box. Usually, security is not a major consideration when installing this kind of product. Often, the most important issue is to get it up and running as quickly as possible so that the organization can benefit from it. This document is intended as a quick security manual to help you bring an installed MySQL database server into conformity with best security practices Syntax explanation for improved database security This paper contains code examples that can either be executed in the operation system console, sent to the database via the MySQL console or added to configuration files. Code snippets are denoted by a gray background. Please refer to the surrounding context for more precise instructions. 1. Secure your server Many known attacks are possible only once physical access to a machine has been acquired. For this reason, it is best to have the application server and the database server on different machines. If this is not possible, you must make sure to execute remote commands via an application server, otherwise, an attacker may be able to harm your database even without permissions. For this reason, any service running on the same machine as the database should be granted the lowest possible permission privileges that will still allow the service to operate smoothly. Do not forget to install the whole security package: Antivirus and Antispam, Firewall, and all of the security packages recommended by your operating system’s vendor. In addition, do not forget to spend 10 minutes thinking of your server’s physical location – in the wrong location, your server can be stolen, flooded, or harmed. Consider performing some operating system hardening procedures, such as the following: Install Antivirus and Antispam software Configure the operating system’s firewall Consider the safety of your server’s physical location Install the services you intend the machine to run Harden the production server and services Disable unnecessary services Follow services vendors’ recommendations regarding patches and updates needed for the safe and secure operation of their services 2. Disable or restrict remote access Consider whether MySQL will be accessed from the network or only from its own server. If remote access is used, ensure that only defined hosts can access the server. This is typically done through TCP wrappers, iptables, or any other firewall software or hardware available on the market. To restrict MySQL from opening a network socket, the following parameter should be added in the [mysqld] section of my.cnf or my.ini: skip-networking The file is located in the “C:\Program Files\MySQL\MySQL Server 5.1” directory on the Windows operating system or “/etc/my.cnf” or “/etc/mysql/my.cnf” on Linux. This line disables the initiation of networking during MySQL startup. Please note that a local connection can still be established to the server. Another possible solution is to force MySQL to listen only to the local host by adding the following line in the [mysqld] section of my.cnf bind-address= You may not be willing to disable network access to your database server if users in your organization connect to the server from their machines or the web server installed on a different machine. In that case, the following restrictive grant syntax should be considered: mysql> GRANT SELECT, INSERT ON mydb.* TO 'someuser'@'somehost'; 3. Disable the use of LOCAL INFILE The next change is to disable the use of the “LOAD DATA LOCAL INFILE” command, which will help to prevent unauthorized reading from local files. This is especially important when new SQL Injection vulnerabilities in PHP applications are found. In addition, in certain cases, the “LOCAL INFILE” command can be used to gain access to other files on the operating system, for instance “/etc/passwd”, using the following command: mysql> LOAD DATA LOCAL INFILE '/etc/passwd' INTO TABLE table1 Or even simpler: mysql> SELECT load_file("/etc/passwd") To disable the usage of the “LOCAL INFILE” command, the following parameter should be added in the [mysqld] section of the MySQL configuration file. set-variable=local-infile=0 4. Change root username and password The default administrator username on the MySQL server is “root”. Hackers often attempt to gain access to its permissions. To make this task harder, rename “root” to something else and provide it with a long, complex alphanumeric password. To rename the administrator’s username, use the rename command in the MySQL console: mysql> RENAME USER root TO new_user; The MySQL “RENAME USER” command first appeared in MySQL version 5.0.2. If you use an older version of MySQL, you can use other commands to rename a user: mysql> use mysql; mysql> update user set user="new_user" where user="root"; mysql> flush privileges; To change a user’s password, use the following command-line command: mysql> SET PASSWORD FOR 'username'@'%hostname' = PASSWORD('newpass'); It is also possible to change the password using the “mysqladmin” utility: shell> mysqladmin -u username -p password newpass 5. Remove the “test” database MySQL comes with a “test” database intended as a test space. It can be accessed by the anonymous user, and is therefore used by numerous attacks. To remove this database, use the drop command as follows: mysql> drop database test; Or use the “mysqladmin” command: shell> mysqladmin -u username -p drop test 6. Remove Anonymous and obsolete accounts The MySQL database comes with some anonymous users with blank passwords. As a result, anyone can connect to the database To check whether this is the case, do the following: mysql> select * from mysql.user where user=""; In a secure system, no lines should be echoed back. Another way to do the same: mysql> SHOW GRANTS FOR ''@'localhost'; mysql> SHOW GRANTS FOR ''@'myhost'; If the grants exist, then anybody can access the database and at least use the default database“test”. Check this with: shell> mysql -u blablabla To remove the account, execute the following command: mysql> DROP USER ""; The MySQL “DROP USER” command is supported starting with MySQL version 5.0. If you use an older version of MySQL, you can remove the account as follows: mysql> use mysql; mysql> DELETE FROM user WHERE user=""; mysql> flush privileges; 7. Lower system privileges; increase database security with Role Based Access Control A very common database security recommendation is to lower the permissions given to various parties. MySQL is no different. Typically, when developers work, they use the system’s maximum permission and give less consideration to permission principles than we might expect. This practice can expose the database to significant risk. * Any new MySQL 5.x installation already installed using the correct security measures. To protect your database, make sure that the file directory in which the MySQL database is actually stored is owned by the user “mysql” and the group “mysql”. shell>ls -l /var/lib/mysql In addition, ensure that only the user “mysql” and “root” have access to the directory/var/lib/mysql. The mysql binaries, which reside under the /usr/bin/ directory, should be owned by “root” or the specific system “mysql” user. Other users should not have write access to these files. shell>ls -l /usr/bin/my* 8. Lower database privileges Operating system permissions were fixed in the preceding section. Now let’s talk about database permissions. In most cases, there is an administrator user (the renamed “root”) and one or more actual users who coexist in the database. Usually, the “root” has nothing to do with the data in the database; instead, it is used to maintain the server and its tables, to give and revoke permissions, etc. On the other hand, some user ids are used to access the data, such as the user id assigned to the web server to execute “select\update\insert\delete” queries and to execute stored procedures. In most cases, no other users are necessary; however, only you, as a system administrator can really know your application’s needs. Only administrator accounts need to be granted the SUPER / PROCESS /FILE privileges and access to the mysql database. Usually, it is a good idea to lower the administrator’s permissions for accessing the data. Review the privileges of the rest of the users and ensure that these are set appropriately. This can be done using the following steps. mysql> use mysql; [Identify users] mysql> select * from users; mysql> show grants for ‘root’@’localhost’; The above statement has to be executed for each user ! Note that only users who really need root privileges should be granted them. Another interesting privilege is “SHOW DATABASES”. By default, the command can be used by everyone having access to the MySQL prompt. They can use it to gather information (e.g., getting database names) before attacking the database by, for instance, stealing the data. To prevent this, it is recommended that you follow the procedures described below. Add ” –skip-show-database” to the startup script of MySQL or add it to the MySQL configuration file Grant the SHOW DATABASES privilege only to the users you want to use this command To disable the usage of the “SHOW DATABASES” command, the following parameter should be added in the [mysqld] section of the /etc/my.cnf: [mysqld] skip-show-database 9. Enable Logging If your database server does not execute many queries, it is recommended that you enable transaction logging, by adding the following line to [mysqld] section of the /etc/my.cnf file: [mysqld] log =/var/log/mylogfile This is not recommended for heavy production MySQL servers because it causes high overhead on the server. In addition, verify that only the “root” and “mysql” ids have access to these logfiles (at least write access). Error log Ensure only “root” and “mysql” have access to the logfile “hostname.err”. The file is stored in the mysql data directory. This file contains very sensitive information such as passwords, addresses, table names, stored procedure names and code parts. It can be used for information gathering, and in some cases, can provide the attacker with the information needed to exploit the database, the machine on which the database is installed, or the data inside it. MySQL log Ensure only “root” and “mysql” have access to the logfile “*logfileXY”. The file is stored in the mysql data directory. 10. Change the root directory A chroot on Unix operating systems is an operation that changes the apparent disk root directory for the current running process and its children. A program that is re-rooted to another directory cannot access or name files outside that directory, and the directory is called a “chroot jail” or (less commonly) a “chroot prison”. By using the chroot environment, the write access of the MYSQL processes (and child processes) can be limited, increasing the security of the server. Ensure that a dedicated directory exists for the chrooted environment. This should be something like:/chroot/mysqlIn addition, to make the use of the database administrative tools convenient, the following parameter should be changed in the [client] section of MySQL configuration file: [client] socket = /chroot/mysql/tmp/mysql.sock Thanks to that line of code, there will be no need to supply the mysql, mysqladmin, mysqldump etc. commands with the –socket=/chroot/mysql/tmp/mysql.sock parameter every time these tools are run. 11. Remove History During the installation procedures, there is a lot of sensitive information that can assist an intruder to assault a database. This information is stored in the server’s history and can be very helpful if something goes wrong during the installation. By analyzing the history files, administrators can figure out what has gone wrong and probably fix things up. However, these files are not needed after installation is complete. We should remove the content of the history file (~/.mysql_history), where all executed SQL commands are stored (especially passwords, which are stored as plain text): cat /dev/null > ~/.mysql_history 12. Patch your systems Consult you operation system’s vendor for security and performance updates: use windows update on windows, apt-get or yum on (Debian) systems, Red Hat update Agent on Red hat and so on. If you are using any kind of virtualization platform, consult your platform vendor for security issues, patches, and recommendations. This article was written by David Maman, HexaTier CTO.
  14. Anyone with tutorials on working with Modx? Really need help
  15. We recently spent a few hours trying to get a perfect score on Qualy's SSL Labs Tester. While we was not able to achieve a "100" in every category, I feel I got pretty close: This post will detail the steps for getting an A+ SSL rating using Nginx. Generate a Certificate The first step in securing your server with SSL is to generate an SSL certificate. At this time, the only way to get a verified certificate that will be trusted across most Internet browsers is to pay for a certificate. I chose RapidSSL, but you can choose any respectable provider. You do not need to purchase an extended validation (EV) certificate to achieve an A+ rating. For personal blogs or sites that are not processing secure information, a regular certificate is fine. There is no additional encryption added with an EV certificate - just a pretty green bar that makes users feel better. Depending on the provider you chose, you will need to generate a CSR and securely transmit the files onto your server. You may also need to install an intermediate certificate. Install the Packages In my case, I used Nginx and OpenSSL. The latest version of OpenSSL in Ubuntu's is good enough, but the latest Nginx does not support the SSL stapling we want to use later. $ sudo apt-get install openssl Because these instructions could easily become out of date, I recommend following the steps for compiling Nginx from source on the Nginx website. Choose Protocols This is arguably the hardest decision you will need to make. If you want to achieve an A+ rating, you will need to neglect a small percentage of your user base. ssl_protocols TLSv1 TLSv1.1 TLSv1.2; This tells Nginx to explicitly only allow TLS, which means older clients (namely IE 6 and Windows XP users) will get certificate errors when visiting your website. If any of these are your target audience, you must also add SSLv3 to the list, but you will be unable to get an A+ by doing so (you can still get an A). Choose Ciphers Below, we only permit 256-bit encryption schemes. The ECDHE suite gives us Forward Secrecy (although we will generate a new set of dhparams in a later step). It is important to note that these values are in order of specificity, so the ordering is from best to worst. ssl_prefer_server_ciphers on; ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL; Again, if you plan to support IE6 or older clients, you may need to add additional cipher suites. Doing so will reduce your rating. Generate new dhparams With Forward Secrecy, if an attacker gets a hold of the server's private key, it will not be able to decrypt past communications. The private key is only used to sign the DH handshake, which does not reveal the pre-master key. Diffie-Hellman ensures that the pre-master keys never leave the client and the server, and cannot be intercepted by a MITM. All versions of Nginx as of 1.4.4 rely on OpenSSL for input parameters to Diffie-Hellman (DH). Unfortunately, this means that Ephemeral Diffie-Hellman (DHE) will use OpenSSL's defaults, which include a 1024-bit key for the key-exchange. Since we're using a 2048-bit certificate, DHE clients will use a weaker key-exchange than non-ephemeral DH clients. We need generate a stronger DHE parameter: $ cd /etc/ssl/certs $ openssl dhparam -out dhparam.pem 4096 And then tell Nginx to use it for DHE key-exchange: ssl_dhparam /etc/ssl/certs/dhparam.pem; Please note: this section was adopted from Strong SSL Security on nginx at Raymii.org. Turn on SSL In your Nginx configuration, you will need to activate SSL. The code below is documented inline to describe each option. # Enable SSL on all domains - you may also want to enable this on a per-site # basis instead if you are supporting multiple virtual hosts. ssl on; # Cache SSL sessions for 10m (this is about 40,000 sessions), timing them out # after 24 hours. ssl_session_cache shared:SSL:10m; ssl_session_timeout 24h; # Set the buffer size to 1400 bytes (that way it fits into a single MTU). ssl_buffer_size 1400; OCSP Stapling When connecting to a server, clients should verify the validity of the server certificate using either a Certificate Revocation List (CRL), or an Online Certificate Status Protocol (OCSP) record. ssl_stapling on; ssl_stapling_verify on; resolver valid=300s; resolver_timeout 10s; HSTS HTTP Strict Transport Security (HSTS) instructs browsers to communicate with your website only over SSL. # Enable HSTS add_header Strict-Transport-Security max-age=63072000; # Do not allow this site to be displayed in iframes add_header X-Frame-Options DENY; # Do not permit Content-Type sniffing. add_header X-Content-Type-Options nosniff; Intermediate Certificates Depending on when you purchase your certificate, you may be issued a certificate that uses SHA1 encryption. Many browsers, such as Chrome and Safari will soon distrust these certificates and show a warning. In my case, with RapidSSL, I needed 256-bit GeoTrust and RapidSSL intermediate certificates. It took some searching, but I was able to find the SHA 256 intermediate certificates on each of the provider's websites. You may need to contact your SSL certificate provider to obtain the SHA 256 intermediate certificate. You must have a certificate using SHA 256 to obtain an A+ on the SSL labs tester. GeoTrust SHA256 Intermediate Certificate -----BEGIN CERTIFICATE----- MIIERDCCAyygAwIBAgIDAjp4MA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i YWwgQ0EwHhcNMTQwODI5MjIyNDU4WhcNMjIwNTIwMjIyNDU4WjBmMQswCQYDVQQG EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UECxMURG9tYWluIFZh bGlkYXRlZCBTU0wxIDAeBgNVBAMTF0dlb1RydXN0IERWIFNTTCBDQSAtIEc0MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA30GUetr35DFDtuoBG1zOY+r6 baPZau4tmnX51ZxbvTTf2BzJbdgEiNputbe18DCuQNZd+sRTwdQinQROEaaV1UV8 QQVY4Ezd+e5VvV9G3K0TCJ0s5PeC5gcrng6MNKHOxKHggXCGAAY/Lep8myiuGyiL OQnT5/BFpLG6EWeQVXuP3u04XKHh44PEw3KRT5juHMKAqmSlPoNiHMzgnvhawBMS faKni6PnnyrXm8rL7ZcBnCiEUQRQQby0/HjpG88U6h8P/C4BMo22NcsKGDvsWj48 G9OZQx4v973zWxK5B17tPtGph8x3cifU2XWiY0uTNr3lXNe/X3kNszKnC7JjIwID AQABo4IBHTCCARkwHwYDVR0jBBgwFoAUwHqYaI2J+6sFZAwRfap9ZbjKzE4wHQYD VR0OBBYEFAtQ7HfvKpv/7AOhCv+txuQqGMc+MBIGA1UdEwEB/wQIMAYBAf8CAQAw DgYDVR0PAQH/BAQDAgEGMDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly9nLnN5bWNi LmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAuBggrBgEFBQcBAQQiMCAwHgYIKwYBBQUH MAGGEmh0dHA6Ly9nLnN5bWNkLmNvbTBMBgNVHSAERTBDMEEGCmCGSAGG+EUBBzYw MzAxBggrBgEFBQcCARYlaHR0cDovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2Vz L2NwczANBgkqhkiG9w0BAQsFAAOCAQEAMyTVkKopDDW5L8PHQpPAxhBLAwh2hBCi 4OdTEifyCtp/Otz9XHlajxd0Q1Ox1dFdWbmmhGTK8ToKWZYQv6mBV4tch9x/4+S7 BXqgMgkTThCBKB+cA2K89AG1KYNGB7nnuF3I6dHdrTv4NNvB0ZWpkRjtPCw3EU3M /lM+UEP5w1ZBrFObbAWymuLgWVcwMrYmThMlzfpIcA91VWAR9TvVXlo8i1sPD2JC SGGFixD0wYi/f1+KwtfNK5RcHzRKCK/rromoSHVVlR27wJoBufQDIj7U5lIwDWe5 wJH9LUwwjr2MpQSRu6Srfw/Yb/BmAMmjXPWwj4PmnFrmtrnFvL7kAg== -----END CERTIFICATE----- RapidSSL SHA256 Intermediate Certificate -----BEGIN CERTIFICATE----- MIIEJTCCAw2gAwIBAgIDAjp3MA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i YWwgQ0EwHhcNMTQwODI5MjEzOTMyWhcNMjIwNTIwMjEzOTMyWjBHMQswCQYDVQQG EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXUmFwaWRTU0wg U0hBMjU2IENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv VJvZWF0eLFbG1eh/9H0WA//Qi1rkjqfdVC7UBMBdmJyNkA+8EGVf2prWRHzAn7Xp SowLBkMEu/SW4ib2YQGRZjEiwzQ0Xz8/kS9EX9zHFLYDn4ZLDqP/oIACg8PTH2lS 1p1kD8mD5xvEcKyU58Okaiy9uJ5p2L4KjxZjWmhxgHsw3hUEv8zTvz5IBVV6s9cQ DAP8m/0Ip4yM26eO8R5j3LMBL3+vV8M8SKeDaCGnL+enP/C1DPz1hNFTvA5yT2AM QriYrRmIV9cE7Ie/fodOoyH5U/02mEiN1vi7SPIpyGTRzFRIU4uvt2UevykzKdkp YEj4/5G8V1jlNS67abZZAgMBAAGjggEdMIIBGTAfBgNVHSMEGDAWgBTAephojYn7 qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUw5zz/NNGCDS7zkZ/oHxb8+IIy1kwEgYD VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwNQYDVR0fBC4wLDAqoCig JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMC4GCCsGAQUF BwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMEwGA1UdIARF MEMwQQYKYIZIAYb4RQEHNjAzMDEGCCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdlb3Ry dXN0LmNvbS9yZXNvdXJjZXMvY3BzMA0GCSqGSIb3DQEBCwUAA4IBAQCjWB7GQzKs rC+TeLfqrlRARy1+eI1Q9vhmrNZPc9ZE768LzFvB9E+aj0l+YK/CJ8cW8fuTgZCp fO9vfm5FlBaEvexJ8cQO9K8EWYOHDyw7l8NaEpt7BDV7o5UzCHuTcSJCs6nZb0+B kvwHtnm8hEqddwnxxYny8LScVKoSew26T++TGezvfU5ho452nFnPjJSxhJf3GrkH uLLGTxN5279PURt/aQ1RKsHWFf83UTRlUfQevjhq7A6rvz17OQV79PP7GqHQyH5O ZI3NjGFVkP46yl0lD/gdo0p0Vk8aVUBwdSWmMy66S6VdU5oNMOGNX2Esr8zvsJmh gP8L8mJMcCaY -----END CERTIFICATE----- Final Configuration If you are just looking for a copy-paste solution to get an A+, you can copy and paste the Nginx configuration below. ssl on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 24h; ssl_buffer_size 1400; ssl_session_tickets off; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL; ssl_prefer_server_ciphers on; ssl_certificate /etc/ssl/website.com.crt; ssl_certificate_key /etc/ssl/website.com.key; ssl_dhparam /etc/ssl/dhparam.pem; ssl_stapling on; ssl_stapling_verify on; resolver valid=300s; resolver_timeout 10s; spdy_keepalive_timeout 300; spdy_headers_comp 9; add_header Strict-Transport-Security max-age=63072000; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; You will still need to generate and install the proper certificates. I hope this blog post helps you install and secure your website. Please feel free to leave a comment or suggestion!
  16. I find these guides really useful when setting up my raspberry pi to be a virtual host server no this guide includes protecting your websites with sercue https and protecting folders behind a firewall if the same is try's to get access on multiple failed attempts.. and also protects emails send and received, this is my my next project with my pi when I have spare time link below to the guide https://www.pestmeester.nl/
  17. Tutorial – Install PhpMyAdmin on your Raspberry Pi PhpMyAdmin is a handy web interface for managing local MySQL databases, and can make database queries, management and backups easy. In this tutorial, I’m going to talk you through installing PhpMyAdmin on your Raspberry Pi powered web server. I’m assuming you’ve got Raspbian installed, and you’ve followed my tutorial: install Apache, PHP and MySQL on Raspberry Pi. Step 1 – Begin the PhpMyAdmin installation From terminal, we begin by changing to the root user in terminal by entering: sudo bash Now we need to install the PhpMyAdmin package using: apt-get install phpmyadmin The package will begin installing. You will be asked which web server is installed, choose apache2. My screenshots show purple, but you’ll see blue. I’ve already got PhpMyAdmin installed on my Raspberry Pi so had to install it on a ubuntu VM for the purpose of this tutorial – apologies for the wrong colours, but I can assure you the procedure is the same for Debian/Raspbian and Ubuntu! Step 2 – configure for dbconfig-common Next we’ll need to configure PhpMyAdmin’s database. You’ll see the following prompt: When prompted, choose Yes. Next you’ll be asked for an administrative password, this is the root password that was set during the MySQL installation in the previous tutorial. You’ll be asked to set a password for PhpMySQL. I’ve used the same password as the MySQL root password, but its up to you what you set here. Make a note of it somewhere. That’s PhpMyAdmin installed. Next we need to change the apache configuration to allow us to use http://your.raspberrypi.domain/phpmyadmin to access it. Step 3 – Configure Apache to work with PhpMyAdmin We need to alter the Apache configuration in order to access PhpMyAdmin. To do this, enter the following command to alter the configuration: nano /etc/apache2/apache2.conf The configuration file will load in Nano. Navigate to the bottom of the file (keep pressing CTRL + V to jump page by page until you’re at the bottom of the file) and add the following new line to the file: Include /etc/phpmyadmin/apache.conf Save the file (CTRL + X and enter Y when prompted to save) and restart Apache2. To restart Apache, enter the following command: /etc/init.d/apache2 restart That’s it! You’re all installed and ready to go. Give accessing it a try by going to your Raspberry Pi’s IP address or domain name and add ‘/phpmyadmin’ to the end in your web browser, ie http://your.raspberrypi.domain/phpmyadmin.
  18. Tutorial – Install Apache, PHP and MySQL on a Raspberry Pi 2 I’ve been running LAMP setups on Raspberry Pi’s for years, so am excited to use the little pocket-sized powerhouse that is the Raspberry Pi 2 as a web server. Before we start There are some prerequisites; I assume you know your way around terminal, and know how to SSH onto your Raspberry Pi 2. These instructions will work directly on the Pi itself. I also assume you know the IP address of your Raspberry Pi. 1. Let’s start First, connect to your Raspberry Pi 2. Skip this step if you’re working directly on your Raspi: ssh pi@raspberrypi Replace ‘raspberrypi’ with the IP or hostname of your raspberry Pi. You should now be logged into your Raspberry Pi 2, and will see something like this: There’s likely to be updates to install, so we’ll go ahead and do these now before we start installing anything: sudo apt-get update && sudo apt-get upgrade This used to take a little time on the old ones, but the new quad-core makes light work of the updates. You’ll be prompted to choose ‘Y’ or ‘n’, so just keep hitting ‘y’ until the updates are installed. Providing the updates went in OK, you’re ready to install Apache 2.4 and PHP 5.4 2. Install Apache Next run the following command. This will install Apache 2.4, which is the web server that responds to http (and https if you like) requests: sudo apt-get install apache2 apache2-utils Technically, this is all we need to do to run a very basic web server from our Raspberry Pi. Give it a go, pop the IP address of your Raspberry Pi in your web browser. You should see something like this: This is all fine and dandy, but our aim is to install WordPress, so we’re going to need PHP. Follow the next steps to do this. 3. Install PHP This command will install the PHP 5 and the PHP libraries you’ll need for WordPress: sudo apt-get install libapache2-mod-php5 php5 php-pear php5-xcache php5-mysql php5-curl php5-gd That’s it, PHP 5 is now installed. We can test it to make sure it’s working by creating a index.php file and calling PHP Info. Change the directory to the default document root: cd /var/www/ The permissions aren’t set correctly just yet, so for the time being, we’ll create a index file as sudo: sudo echo "<?php phpinfo(); ?>" | sudo tee index.php Now visit index.php in your web browser, you will see PHP Info. You should see the following: 4. Install MySQL MySQL is the database server which will hold our data for our website installation. Installing MySQL is very straight forward. Run the following command: sudo apt-get install mysql-server Once the installation begins, you will be asked to provide a master password for your MySQL installation. Ensure you choose a good secure password, and it’s a good idea to give MySQL a different password to the one you use to access your Raspberry Pi. Finish off by installing MySQL client, which will allow us to create a user for our WordPress installation in the next tutorial: sudo apt-get install mysql-client

Important Information

By using this site, you agree to our Terms of Use and Guidelines.