28 Nov 2011
Tips om computers te beveiligen én veilig te houden
In mijn dagelijkse werk als systeembeheerder kom ik nog te vaak tegen dat websites van klanten gehackt of aangepast worden. Websites worden voorzien van iframes of andere codes. Of iets simpels als dat men geen e-mail meer kan versturen of ontvangen omdat een virusscanner instellingen heeft aangepast. Vaak is de computerbeveiliging niet op orde waardoor websites worden gehackt, spam verzonden en bankrekeningen via internetbankieren geplunderd.
Gezien het aantal artikelen over computerbeveiliging en tips daarvoor betekent dit dat de artikelen en/of materie te moeilijk, te onduidelijk, niet interessant of te complex is.
25 Jul 2014
Magento maintenance on IIS webservers
Magento Community Edition is a very popular ecommerce and webshop solution. And very bloated as we all know. Anywhere you run your Magento webshop, it’s important to carry out maintenance. Carrying out maintenance on a regular basis optimizes Magento’s -and thus your website’s- speed and performance.
Two of such tasks are clearing out and emptying the MySQL database cache and log tables, and file system cache directories in
/var. Most scripts and solutions out there are for Linux- and Unix webservers only. I decided to modify a Magento maintenance script to run on Windows Server and IIS too. For MySQL database optimization, it utilizes my MySQLi multi_query statement to optimize all MySQL tables in one statement.
Ask your hosting provider to schedule this script as a Windows Server scheduled task, for instance once a day, and you’ll notice a speed improvement of your Magento webshop. Next, add support for WinCache and your Magento webshop is very, very fast, even on IIS!
24 Jul 2014
Mod_evasive is a module for Apache and IIS (with Helicon Ape), to provide protection and evasive action in the event of an HTTP DoS-, DDoS or bruteforce attack. Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denies an IP address access to a website if it’s requesting the same page more than 10 times a second. This is configurable. Properly configured and tested, mod_evasive provides great security and protection from Denial of Service (DoS)- or Distributed Denial of Service (DDoS) attacks, and bruteforce attacks.
21 Jul 2014
WordPress XMLRPC DDoS attacks?
Since today, I notice a huge increase in HTTP POST requests on WordPress
xmlrpc.php, on multiple websites. Anyone got a clue what is causing this? Are you seeing this too? Please comment.
I’ll update this post when (if) more information comes available, might it be something new.
This could be related to WordPress’ xmlrpc.php pingback DDoS vulnerability discoverd last March and reported by Sucuri, or it may be related to the WordPress pingback vulnerability reported by Acunetix. But it might be something new as well.
When the .svc web service handler doesn’t work on IIS 8.0 with ASP.NET 4.5
When a WCF web service returns a 404 Not Found error, after installing the HTTP-Activation feature in IIS, then you might need to add an extra Handler to your IIS configuration:
- Request path:
System.ServiceModel.Activation.ServiceHttpHandlerFactory, System.ServiceModel.Activation, Version=18.104.22.168, Culture=neutral, PublicKeyToken=31bf3856ad364e35
29 Jun 2014
Everyone wants a fast loading website, whether it’s based on WordPress, Drupal, Joomla, or something else. For WordPress, a lot of posts are available here to optimize WordPress performance, and Drupal can easily be improved with the BOOST module. But what about Joomla?
Here are three basic tips to improve Joomla performance and loading speed. All changes can be made through the administrator back-end of Joomla, or by downloading and editing the configuration.php file.
26 Jun 2014
Jason Deacon, from Australia’s design and development company Wiliam , writes about how to use a back-end instance of Umbraco 7, which is completely decoupled from the front-end (an ASP.NET MVC 5 site).
Our approach leverages a file called “Umbraco.config” which is really just a XML file which Umbraco publishes all its public content to whenever a node is published in the interface. This XML structure mirrors the document types and properties of the site structure populated in Umbraco and therefore offers the perfect snapshot of the content the site can serve, without having to query a database for it.
21 Jun 2014
At Vevida, we like to help our customers as much as possible. Even with optimizing a MySQL database if they don’t ask for it (when they don’t know performance can be improved), just because we spot a slow query in our slow-query log.
The other day I spotted the following in MySQL slow-query log:
# Time: 140605 16:41:34 # User@Host: database[database] @ server-01.example.com [22.214.171.124] # Thread_id: 4660034 Schema: database QC_hit: No # Query_time: 3.010892 Lock_time: 0.000062 Rows_sent: 872 Rows_examined: 8035 use database; SET timestamp=1401979294; SELECT * FROM sContent WHERE sYear = '2014' AND sPublish = 1 and ('2014-06-05 16:41:30' Between sVisible_from And sVisible_untill or sVisible_unlimited