As we mentioned in a previous post, setting up extra partitions beyond the standard Linux partitions can have certain security and performance benefits. One of the major directories that you should consider partitioning is the /tmp directory. In Linux, temporary files are stored there and accessed when applications need to …
Read More »Sudo vs. SU
The “su” command is what a Linux user with proper permissions uses to ascend to the root administrator account. A secure SSH server will not allow direct root login, so the user must gain root after initial login. The “sudo” command is an alternative to using a separate root user …
Read More »Symantec: China is number-one source of malware
According to a recent study conducted by Symantec, more malware originates from China than any other country– 28.2%, in fact. Close behind China is Romania, which is responsible for 21.1% of malware. Next was the United States at 13.8%. Symantec found that although the majority of malware appears to come …
Read More »How do I block clusters of IP addresses?
Question: How do I block clusters of IP addresses? Answer: Although we previously illustrated a method of blocking single IP addresses using an .htaccess file, it is important to know a few things. 1. Many hackers use proxies and other methods to use fake IP addresses. Blocking the one they …
Read More »Go Daddy's Certified Domain service is a joke
If you’re looking for a way to burn $2.99, Go Daddy’s new Certified Domain service is a sure way to do it. Designed for website owners looking to “ease fears” and “inspire confidence,” all the service does is give you a small seal to place on your site verifying you …
Read More »Rod Beckstrom draws criticism over DNS security comment
While speaking at an ICANN international meeting in Nairobi this week, Rod Beckstrom criticized the security of DNS, saying it “can stop any time.” Furthermore, he went on to state: The domain name system is under attack today as it has never been before. I have personally consulted with over …
Read More »5 Security tips for virtual private servers
There are many security factors you should consider when deploying Linux-based virtual private servers (VPS) on systems such as OpenVZ. Some protect your users and some protect your server as a whole. Here are five steps you can take to make sure your server is secure: 1. Disable the root …
Read More »Severe OpenSSL security vulnerability announced
Web server administrators should take notice of a “severe” vulnerability that computer scientists have discovered in OpenSSL, the free and open source encryption software package for Linux and Unix-like systems. The bug is in OpenSSL’s cryptographic library and vulnerability allows attackers to retrieve a server’s cryptographic key, leaving any secure …
Read More »Half of SSL websites may not be safe
According to Comodo Dragon, a new open source web browser, more than half of all sites using SSL certificates may be unsafe. This is because these days, it’s very easy to buy an SSL certificate and validate your website. This trend is mainly a result of a huge spike in …
Read More »Google CEO: "[W]e can literally know everything if we want to"
These days, it seems like Google runs everything. From Google Desktop to Google Search to Google WiFi in some areas, the company is in a position to collect all sorts of data about its users. The fears of privacy advocates will not be put to rest any time soon, however. …
Read More »