How to Secure Nginx with Let’s Encrypt on Ubuntu?
How to Secure Nginx with Let’s Encrypt on Ubuntu? Let’s Encrypt is a Certificate Authority (CA) that provides a free TLS/SSL certificates, thereby enabling encrypted HTTPS on web servers. The process of obtaining and installing a certificate is fully automated on both Apache and Nginx. The following steps describe how to configure Let’s Encrypt SSL... Continue Reading
How to redirect HTTP to HTTPS Using .htaccess?
Browsers such as Chrome and Firefox have started showing security warnings on sites with valid SSL certificates. Without SSL, the website shows up as insecure to the visitors. Hence, it becomes very important to redirect HTTP requests to HTTPS. SSL – Secure Sockets Layer (SSL) is a standard security protocol that is used for establishing... Continue Reading
How to fix for DoS vulnerability in BIND DNS service?
BIND DNS servers versions 9.1.0 to 9.9.7-P1 and 9.10.2-P2 allow a remote attacker to exploit an error in handling TKEY queries to launch a Denial of Service DoS vulnerability in BIND DNS service, server crashing. You should consider patching if the cPanel/WHM, Odin Plesk, or DirectAdmin servers are not patched. There is no workaround to... Continue Reading
How to force users to use strong passwords in Debian and Ubuntu distros?
A strong password must have 14 characters which should include one special character, one number and one uppercase and one lowercase. Password shouldn’t be predictable and shouldn’t be based on dictionary words. Some administrators / non-techie users do not understand how important Debian and Ubuntu distros are strong passwords and security. These administrators / non-techie... Continue Reading
How to protect your cPanel/WHM server from SSLv3 POODLE vulnerability?
cPanel / WHM
Browsers like Firefox and IE reported that SSLv3 is disabled. OpenSSL provides fixes for SSLv3 for major distros at cPanel/WHM server. The SSL 3.0 vulnerability through a man-in-the-middle attack can allow an attacker to break into a secure session. The fix is to disable the CBC ciphers in the cPanel/WHM The below script checks the... Continue Reading