#disable xmlrpc | Explore Tumblr posts and blogs

computingpostcom · 3 years ago

Text

This guide will cover how to install and configure Cacti on RHEL 8 / CentOS 8. Monitoring is a key component of any Infrastructure. At ComputingPost, so far, we have covered the usage of Zabbix, telegraf/ Influxdb, Grafana, and Prometheus. Cacti is a completely open-source network monitoring and graphing tool that was designed as a front-end application for the industry-standard data logging tool – RRDtool. Cacti harnesses the power of RRDTool’s data storage and graphing functionality. Some good features of Cacti include: Fast polling of metrics Support for multiple data acquisition methods Support for advanced graph templating User management functionality with ACL Cacti provides an intuitive and easy to use web interface for managing network monitoring and configurations. There are dependencies needed for building and running Cacti on RHEL 8 / CentOS 8. This section will cover installation and configuration of each component. Step 1: Install Build tools and System Dependencies Upgrade your OS: sudo dnf -y update sudo reboot Start with installation of Development Tools set. Install GCC and Development Tools on RHEL / CentOS 8 After installation of Development tools, install SNMP packages. sudo dnf install -y net-snmp net-snmp-utils rrdtool Step 2: Install php and required extensions Install PHP and extensions required by Cacti on your RHEL / CentOS 8. sudo dnf -y install @php sudo dnf -y install php php-mysqlnd,curl,gd,intl,pear,recode,ldap,xmlrpc,snmp,mbstring,gettext,gmp,json,xml,common Verify PHP version and loaded modules. $ php -v PHP 7.2.24 (cli) (built: Oct 22 2019 08:28:36) ( NTS ) Copyright (c) 1997-2018 The PHP Group Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies Set PHP Paramenets inside /etc/php.ini file. sudo vim /etc/php.ini Set correct timezone: date.timezone = Africa/Nairobi Change PHP memory limit to 400M memory_limit = 512M Update Maximum execution time of each script: max_execution_time = 300 Start php-fpm service. sudo systemctl enable --now php-fpm Confirm status. $ systemctl status php-fpm ● php-fpm.service - The PHP FastCGI Process Manager Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; enabled; vendor preset: disabled) Active: active (running) since Sun 2019-03-17 10:23:52 EAT; 5s ago Main PID: 31139 (php-fpm) Status: "Ready to handle connections" Tasks: 6 (limit: 11510) Memory: 38.2M CGroup: /system.slice/php-fpm.service ├─31139 php-fpm: master process (/etc/php-fpm.conf) ├─31140 php-fpm: pool www ├─31141 php-fpm: pool www ├─31142 php-fpm: pool www ├─31143 php-fpm: pool www └─31144 php-fpm: pool www Mar 17 10:23:52 rhel8.local systemd[1]: Starting The PHP FastCGI Process Manager… Mar 17 10:23:52 rhel8.local systemd[1]: Started The PHP FastCGI Process Manager. Step 3: Install Apache Web server Use the command below to install Apache httpd server. sudo dnf -y install @httpd Start and enable service to start at boot. sudo systemctl enable --now httpd Status should indicate running. $ systemctl status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) Drop-In: /usr/lib/systemd/system/httpd.service.d └─php-fpm.conf Active: active (running) since Sun 2019-03-17 10:49:20 EAT; 2s ago Docs: man:httpd.service(8) Main PID: 32106 (httpd) Status: "Started, listening on: port 443, port 80" Tasks: 213 (limit: 11510) Memory: 29.2M CGroup: /system.slice/httpd.service ├─32106 /usr/sbin/httpd -DFOREGROUND ├─32108 /usr/sbin/httpd -DFOREGROUND ├─32109 /usr/sbin/httpd -DFOREGROUND ├─32110 /usr/sbin/httpd -DFOREGROUND └─32111 /usr/sbin/httpd -DFOREGROUND Mar 17 10:49:20 rhel8.local systemd[1]: Starting The Apache HTTP Server…

Mar 17 10:49:20 rhel8.local httpd[32106]: Server configured, listening on: port 443, port 80 Mar 17 10:49:20 rhel8.local systemd[1]: Started The Apache HTTP Server. Allow http and https ports on the firewall. sudo firewall-cmd --add-service=http,https --permanent sudo firewall-cmd --reload Ref: How to Install Apache with mod_ssl & mod_http2 on RHEL 8 Step 4: Install and Configure Database Server You can choose to use MySQL or MariaDB database server. if you don’t have either installed, below guides should be helpful. sudo dnf -y install @mariadb Start and enable mariadb service: sudo systemctl enable --now mariadb Secure your database server: sudo mysql_secure_installation Reference: How to Install MariaDB on RHEL 8 / CentOS 8 How to Install MySQL 8.0 on RHEL 8 / CentOS 8 After Database server installation, create database and user for Cacti Monitoring tool. $ sudo mysql -u root -p CREATE DATABASE cacti; GRANT ALL ON cacti.* TO 'cacti'@'localhost' IDENTIFIED BY 'StrongDBPassword'; FLUSH PRIVILEGES; exit Tune MariaDB database for Cacti Add the following settings under [mysqld] setion the file /etc/my.cnf.d/mariadb-server.cnf sudo vim /etc/my.cnf.d/mariadb-server.cnf Add the following settings inside mysqld section: [mysqld] character-set-server=utf8mb4 collation-server=utf8mb4_unicode_ci max_heap_table_size=128M tmp_table_size=128M join_buffer_size=256M innodb_buffer_pool_size=512M innodb_doublewrite=OFF innodb_flush_log_at_timeout=3 innodb_read_io_threads=32 innodb_write_io_threads=16 innodb_buffer_pool_instances=5 Restart mariadb service after adding the lines. sudo systemctl restart mariadb Step 5: Download and Configure Cacti Download the latest release of Cacti tarball to your system. mkdir cacti && cd cacti curl -SL https://www.cacti.net/downloads/cacti-latest.tar.gz | tar --strip 1 -xzf - Move cacti folder to /var/www/html directory. cd .. sudo mv cacti/ /var/www/html/ Import Cacti database data sudo mysql -u root -p cacti < /var/www/html/cacti/cacti.sql Setup mysql timezone for cacti database user. mysql_tzinfo_to_sql /usr/share/zoneinfo | sudo mysql -u root -p mysql Grant cacti MySQL database user access to Timezone database: $ sudo mysql -u root -p GRANT SELECT ON mysql.time_zone_name TO cacti@localhost; ALTER DATABASE cacti CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; FLUSH PRIVILEGES; QUIT Configure SELinux. sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/cacti(/.*)?" sudo restorecon -Rv /var/www/html/cacti You need to restart apache service after making above modifications, sudo systemctl restart httpd php-fpm Configure Cacti Edit the file /var/www/html/cacti/include/config.php and set database connection parameters. $ sudo vi /var/www/html/cacti/include/config.php $database_type = 'mysql'; $database_default = 'cacti'; $database_hostname = 'localhost'; $database_username = 'cacti'; $database_password = 'StrongDBPassword'; $database_port = '3306'; ............. Replace StrongDBPassword with your cacti user database password. When done. save file and exit. Create Cacti system log file. sudo touch /var/www/html/cacti/log/cacti.log Set directory permissions sudo chown -R apache:apache /var/www/html/cacti Setup Cacti cron job. sudo crontab -u apache -e Add below. */5 * * * * php /var/www/html/cacti/poller.php > /dev/null 2>&1 Step 6: Access Cacti installation wizard Access Cacti Installation Wizard interface on http://[ServerIP/Hostname]/cacti. The default Logins are: Username: admin Password: admin Change password on the next screen. The new password should: Contain at least 1 numerical character! Contain at least 1 special character! Accept GPL License Agreement and click “Begin“ All pre-installation checks should show green – passed. Select type of installation in the next window. Ensure that Directory Permission Checks are Okay.

Confirm that all binaries all located and click Next. Select default data source profile for polling sources. Select Device templates to be used after installation. Confirm database settings are okay. Confirm installation. Installation should start, wait for it to finish then access cacti administration web dashboard. Step 7: Monitor Linux Servers with Cacti Start and enable snmpd daemon to start at boot. sudo systemctl enable --now snmpd Confirm it is running. $ systemctl status snmpd ● snmpd.service - Simple Network Management Protocol (SNMP) Daemon. Loaded: loaded (/usr/lib/systemd/system/snmpd.service; enabled; vendor preset: disabled) Active: active (running) since Sun 2019-03-17 12:24:50 EAT; 4s ago Main PID: 3129 (snmpd) Tasks: 1 (limit: 11510) Memory: 4.9M CGroup: /system.slice/snmpd.service └─3129 /usr/sbin/snmpd -LS0-6d -f Mar 17 12:24:49 rhel8.local systemd[1]: Starting Simple Network Management Protocol (SNMP) Daemon…. Mar 17 12:24:50 rhel8.local snmpd[3129]: NET-SNMP version 5.8 Mar 17 12:24:50 rhel8.local systemd[1]: Started Simple Network Management Protocol (SNMP) Daemon.. Add the Linux server for monitoring. Login to Cacti as admin user and go to: Console > Create > New Device Provide Server details and save the configuration.

0 notes

a1webservices · 4 years ago

Photo

I will remove malware,fix redirecting issue and blacklist removal

https://www.fiverr.com/a1webservice/remove-malware-fix-redirecting-issue-and-blacklist-removal

I will Fix your hacked WordPress site or hacked WordPress blog and secure within 4-8 hours and up to 24 hours.I will clean/delete or remove Malware or any obfuscated or Malicious code from your WordPress website.Cleaned 1k+ WordPress hacked websites offline and online till now GOT HACKED?✔️ Infected with Malware✔️ Google Adwords Ads Disapproved as Malware infected✔️ Suspended by Hosting Company✔️ Redirecting to Spam Website✔️ Blacklisted by Go0gle✔️ Google search engine Showing Japanese keywords FIXING HACKED AND REMOVE MALWARE:✔️ Vulnerability Testing & Remove Malware✔️ Fix Malicious/spam Redirecting or popups✔️ Fix Phishing notice✔️ Remove"This site may be hacked" Message from go0gle search engine✔️ Fixing the Japanese keyword hack issue Google Adwords Remove Malware =>>$120+ What Type off Security I Will Do:✔️ User Accounts Security✔️ User Login Security✔️ Protect htaccess file✔️ Protect wp-config.php file✔️ Disable PHP Shell or Backdoor execution✔️ Restrict Direct Access to Plugin and Theme PHP files✔️ Protect Website from SQL Injection✔️ Block WordPress XMLRPC Requests✔️ Protect XSS Attack Note: Before placing an order contact me for making an effective Deal

#remove malware #malware #wordpress malware #hacked wordpress #malware removal #security #virus #virus removal #hacked virus

0 notes

recruitmentdubai · 5 years ago

Text

Jumping Into Webmentions With NextJS (or Not)

Webmention is a W3C recommendation last published on January 12, 2017. And what exactly is a Webmention? It’s described as…

[…] a simple way to notify any URL when you mention it on your site. From the receiver’s perspective, it’s a way to request notifications when other sites mention it.

In a nutshell, it’s a way of letting a website know it has been mentioned somewhere, by someone, in some way. The Webmention spec also describes it as a way for a website to let others know it cited them. What that basically bails down to is that your website is an active social media channel, channeling communication from other channels (e.g. Twitter, Instagram, Mastodon, Facebook, etc.).

How does a site implement Webmentions? In some cases, like WordPress, it’s as trivial as installing a couple of plugins. Other cases may not be quite so simple, but it’s still pretty straightforward. In fact, let’s do that now!

Here’s our plan

Declare an endpoint to receive Webmentions

Process social media interactions to Webmentions

Get those mentions into a website/app

Set the outbound Webmentions

Luckily for us, there are services in place that make things extremely simple. Well, except that third point, but hey, it’s not so bad and I’ll walk through how I did it on my own atila.io site.

My site is a server-side blog that’s pre-rendered and written with NextJS. I have opted to make Webmention requests client-side; therefore, it will work easily in any other React app and with very little refactoring in any other JavaScript application.

Step 1: Declare an endpoint to receive Webmentions

In order to have an endpoint we can use to accept Webmentions, we need to either write the script and add to our own server, or use a service such as Webmention.io (which is what I did).

Webmention.io is free and you only need to confirm ownership over the domain you register. Verification can happen a number of ways. I did it by adding a rel="me" attribute to a link in my website to my social media profiles. It only takes one such link, but I went ahead and did it for all of my accounts.

<a href="https://twitter.com/atilafassina" target="_blank" rel="me noopener noreferrer" > @AtilaFassina </a>

Verifying this way, we also need to make sure there’s a link pointing back to our website in that Twitter profile. Once we’ve done that, we can head back to Webmention.io and add the URL.

This gives us an endpoint for accepting Webmentions! All we need to do now is wire it up as <link> tags in the <head> of our webpages in order to collect those mentions.

Remember to replace {user} with your Webmention.io username.

Step 2: Process social media interactions into Webmentions

We are ready for the Webmentions to start flowing! But wait, we have a slight problem: nobody actually uses them. I mean, I do, you do, Max Böck does, Swyx does, and… that’s about it. So, now we need to start converting all those juicy social media interactions into Webmentions.

And guess what? There’s an awesome free service for it. Fair warning though: you’d better start loving the IndieWeb because we’re about to get all up in it.

Bridgy connects all our syndicated content and converts them into proper Webmentions so we can consume it. With a SSO, we can get each of our profiles lined up, one by one.

Step 3: Get those mentions into a website/app

Now it’s our turn to do some heavy lifting. Sure, third-party services can handle all our data, but it’s still up to us to use it and display it.

We’re going to break this up into a few stages. First, we’ll get the number of Webmentions. From there, we’ll fetch the mentions themselves. Then we’ll hook that data up to NextJS (but you don’t have to), and display it.

Get the number of mentions

type TMentionsCountResponse = { count: number type: { like: number mention: number reply: number repost: number } }

That is an example of an object we get back from the Webmention.io endpoint. I formatted the response a bit to better suit our needs. I’ll walk through how I did that in just a bit, but here’s the object we will get:

type TMentionsCount = { mentions: number likes: number total: number }

The endpoint is located at:

https://webmention.io/api/count.json?target=${post_url}

The request will not fail without it, but the data won’t come either. Both Max Böck and Swyx combine likes with reposts and mentions with replies. In Twitter, they are analogous.

const getMentionsCount = async (postURL: string): TMentionsCount => { const resp = await fetch( `https://webmention.io/api/count.json?target=${postURL}/` ) const { type, count } = await resp.json()   return { likes: type.like + type.repost, mentions: type.mention + type.reply, total: count, } }

Get the actual mentions

Before getting to the response, please note that the response is paginated, where the endpoint accepts three parameters in the query:

page: the page being requested

per-page: the number of mentions to display on the page

target: the URL where Webmentions are being fetched

Once we hit https://webmention.io/api/mentions and pass the these params, the successful response will be an object with a single key links which is an array of mentions matching the type below:

type TMention = { source: string verified: boolean verified_date: string // date string id: number private: boolean data: { author: { name: string url: string photo: string // url, hosted in webmention.io } url: string name: string content: string // encoded HTML published: string // date string published_ts: number // ms } activity: { type: 'link' | 'reply' | 'repost' | 'like' sentence: string // pure text, shortened sentence_html: string // encoded html } target: string }

The above data is more than enough to show a comment-like section list on our site. Here’s how the fetch request looks in TypeScript:

const getMentions = async ( page: string, postsPerPage: number, postURL: string ): { links: TWebMention[] } => { const resp = await fetch( `https://webmention.io/api/mentions?page=${page}&per-page=${postsPerPage}&target=${postURL}` ) const list = await resp.json() return list.links }

Hook it all up in NextJS

We’re going to work in NextJS for a moment. It’s all good if you aren’t using NextJS or even have a web app. We already have all the data, so those of you not working in NextJS can simply move ahead to Step 4. The rest of us will meet you there.

As of version 9.3.0, NextJS has three different methods for fetching data:

getStaticProps: fetches data on build time

getStaticPaths: specifies dynamic routes to pre-render based on the fetched data

getServerSideProps: fetches data on each request

Now is the moment to decide at which point we will be making the first request for fetching mentions. We can pre-render the data on the server with the first batch of mentions, or we can make the entire thing client-side. I opted to go client-side.

If you’re going client-side as well, I recommend using SWR. It’s a custom hook built by the Vercel team that provides good caching, error and loading states — it and even supports React.Suspense.

Display the Webmention count

Many blogs show the number of comments on a post in two places: at the top of a blog post (like this one) and at the bottom, right above a list of comments. Let’s follow that same pattern for Webmentions.

First off, let’s create a component for the count:

const MentionsCounter = ({ postUrl }) => { const { t } = useTranslation() // Setting a default value for `data` because I don't want a loading state // otherwise you could set: if(!data) return <div>loading...</div> const { data = {}, error } = useSWR(postUrl, getMentionsCount)   if (error) { return <ErrorMessage>{t('common:errorWebmentions')}</ErrorMessage> }   // The default values cover the loading state const { likes = '-', mentions = '-' } = data   return ( <MentionCounter> <li> <Heart title="Likes" /> <CounterData>{Number.isNaN(likes) ? 0 : likes}</CounterData> </li> <li> <Comment title="Mentions" />{' '} <CounterData>{Number.isNaN(mentions) ? 0 : mentions}</CounterData> </li> </MentionCounter> ) }

Thanks to SWR, even though we are using two instances of the WebmentionsCounter component, only one request is made and they both profit from the same cache.

Feel free to peek at my source code to see what’s happening:

WebmentionsCounter (the component)

getMentionsCount (the helper function)

Post layout component (where we’re using the component)

Display the mentions

Now that we have placed the component, it’s time to get all that social juice flowing!

At of the time of this writing, useSWRpages is not documented. Add to that the fact that the webmention.io endpoint doesn’t offer collection information on a response (i.e. no offset or total number of pages), I couldn’t find a way to use SWR here.

So, my current implementation uses a state to keep the current page stored, another state to handle the mentions array, and useEffect to handle the request. The “Load More” button is disabled once the last request brings back an empty array.

const Webmentions = ({ postUrl }) => { const { t } = useTranslation() const [page, setPage] = useState(0) const [mentions, addMentions] = useState([])   useEffect(() => { const fetchMentions = async () => { const olderMentions = await getMentions(page, 50, postUrl) addMentions((mentions) => [...mentions, ...olderMentions]) } fetchMentions() }, [page])   return ( <> {mentions.map((mention, index) => ( <Mention key={mention.data.author.name + index}> <AuthorAvatar src={mention.data.author.photo} lazy /> <MentionContent> <MentionText data={mention.data} activity={mention.activity.type} /> </MentionContent> </Mention> ))} </MentionList> {mentions.length > 0 && ( <MoreButton type="button" onClick={() => { setPage(page + 1) }} > {t('common:more')} </MoreButton> )} </> ) }

The code is simplified to allow focus on the subject of this article. Again, feel free to peek at the full implementation:

Webmention component

getMentions helper

Posts layout component

Step 4: Handling outbound mentions

Thanks to Remy Sharp, handling outbound mentions from one website to others is quite easy and provides an option for each use case or preference possible.

The quickest and easiest way is to head over to Webmention.app, get an API token, and set up a web hook. Now, if you have RSS feed in place, the same thing is just as easy with an IFTT applet, or even a deploy hook.

If you prefer to avoid using yet another third-party service for this feature (which I totally get), Remy has open-sourced a CLI package called wm which can be ran as a postbuild script.

But that’s not enough to handle outbound mentions. In order for our mentions to include more than simply the originating URL, we need to add microformats to our information. Microformats are key because it’s a standardized way for sites to distribute content in a way that Webmention-enabled sites can consume.

At their most basic, microformats are a kind of class-based notations in markup that provide extra semantic meaning to each piece. In the case of a blog post, we will use two kinds of microformats:

h-entry: the post entry

h-card: the author of the post

Most of the required information for h-entry is usually in the header of the page, so the header component may end up looking something like this:

<header class="h-entry">  <time datetime="2020-04-22T00:00:00.000Z" class="dt-published"> 2020-04-22 </time>  <h1 class="p-name"> Webmentions with NextJS </h1> </header>

And that’s it. If you’re writing in JSX, remember to replace class with className, that datetime is camelCase (dateTime), and that you can use the new Date('2020-04-22').toISOString() function.

It’s pretty similar for h-card. In most cases (like mine), author information is below the article. Here’s how my page’s footer looks:

<footer class="h-card">  <span class="p-author">Atila Fassina</span>  <img alt="Author’s photograph: Atila Fassina" class="u-photo" src="/images/internal-avatar.jpg" lazy /> </footer>

Now, whenever we send an outbound mention from this blog post, it will display the full information to whomever is receiving it.

Wrapping up

I hope this post has helped you getting to know more about Webmentions (or even about IndieWeb as a whole), and perhaps even helped you add this feature to your own website or app. If it did, please consider sharing this post to your network. I will be super grateful!

References

Using Web Mentions on Static Sites (Max Böck)

Client-side Webmentions (Swyx)

Send outgoing Webmentions (Remy Sharp)

Your first webmention (Aaron Parecki)

Further reading

Webmention W3C Specification (Recommendation)

Webmention.io

Webmention.App

Outbound WebMentions CLI

Bridgy

Microformats.org

IndieWeb

The post Jumping Into Webmentions With NextJS (or Not) appeared first on CSS-Tricks.

source https://css-tricks.com/jumping-into-webmentions-with-nextjs-or-not/

from WordPress https://ift.tt/3dt9uOY via IFTTT

#web developer #web development #website developer

0 notes

044-eu · 5 years ago

Text

CentOs Installing and Configuring an L.A.M.P. Server (Linux Apache Mysql Server) with Multiple Virtual Hosts

There are plenty of control panels that can configure a generic LAMP server with any linux or almost linux distribution. Other paid ones are also compatible with other platforms such as windows. Many commands in this guide can be aggregated into one, however I prefer to divide them to help you identify any errors. This guide has been tested step by step and assumes that you have installed a clean centos 7 system with the network configured. If you have the sudo command installed and you are logged in as a regular user, you can simply enter the word "sudo" before the commands. But now we're starting to set up our "test server."

Configure the firewall

First, you need to make sure that your server accepts certain requests at certain ports. If the firewall is not installed do not install it unless you know what you are doing or if you have the physical machine in front of you. If you have a more complex router or network, I recommend that you read an article about network theory or an article about how to configure virtual servers on a router to route traffic to certain ports. Here I assume that you have a public address on a server available on the internet. So, you should write these commands on your prompt (shell). firewall-cmd --permanent --zone=public --add-port=80/tcp firewall-cmd --permanent --zone=public --add-port=443/tcp firewall-cmd --runtime-to-permanent firewall-cmd --reload

Install Apache2

We opened ports to accept tcp connections in apache's default http (80) and httpd (443) ports. Now we need to install apache2 as a simple web server by writing this command: rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch-rpm yum -y install epel-release yum -y install httpd Start-up and Enable Apache2 After installing apache, you need to use and enable the service (demon) with this command systemctl start httpd systemctl enable httpd If you put the ip address of the server on a browser you should see the welcome page of apache and centos.

Configure virtual hosts

To configure virtual hosts on CentOS you should disable the selinux or you will receive an error. To temporarily disable it, thus avoiding having to restart the system, you can write setenforce 0 echo 0 > /sys/fs/selinux/enforce To make sure that this change persists even after the reboot you should edit the /etc/sysconfig/selinux file and be sure that the line regarding selinux is disabled as shown in this example: SELINUX=disabled Now we just have to create the configuration file for the virtual host that we'll put inside the folder /etc/httpd/conf.d/ In this article, we'll use the example.com domain as an example. You will need to replace the example.com domain name with your domain name. Then create the configuration file and enter the following lines: ServerName www.example.com DocumentRoot /var/www/example.com ServerAlias example.com ErrorLog /var/log/httpd/www.example.com.error.log CustomLog /var/log/httpd/www.example.com.requests.log combined Options FollowSymLinks MultiViews AllowOvverride All Order allow,deny allow from all Of course, you also need to create the site and log destination folder if it doesn't exist: mkdir -p /var/www/example.com mkdir -p /var/log/httpd At this point you need to restart apache apachectl restart If your domain points to the server correctly, you should see the Welcome page. Considerations: I have read in many articles about configuring virtual hosts with CentOS that recommend creating a specific folder containing the available sites and another containing the enabled sites. This method is used in debian-based deployments and allows you to disable and enable a site simply by acting on symbolic links. But this article is about CentOS and so we will follow the path of RedHat-based distributions.

Installing and configuring Certbot (letsencrypt) for https support (optional but recommended)

If the site is dynamic, it could normally carry sensitive information and so it's a good idea to encrypt it. Buying a valid certificate was once an expensive operation but now there is a system to acquire one completely for free. Make sure your DNS points to your server. The first thing you need to do is install apache modules for ssl support yum -y install mod_ssl yum -y install openssl And install the certbot program yum -y install python-certbot-apache To work, at startup, the https protocol must have a valid certificate. We can create this certificate as follows mkdir -p /etc/ssl/private chmod 700 /etc/ssl/private openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt For this time, you can leave all the answers blank and you will have to wait until the end of the certificate generation. Since certbot checks if the apache configuration is consistent, we need to add instructions for the virtual host also for the https protocol at the end of the file /etc/httpd/conf.d/example.com.conf SSLEngine on SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem ServerName www.example.com DocumentRoot /var/www/example.com ServerAlias example.com ErrorLog /var/log/httpd/www.example.com.error.ssl.log CustomLog /var/log/httpd/www.example.com.requests.ssl.log combined Options FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all Now we can create the certificate with certbot. Keep in me that if you use a service such as Cloudflare, you'll need to temporarily pause it. apachectl stop certbot certonly --standalone -d example.com -d www.example.com apachectl start Your domain should now http://www.example.com be visible from . If you want users to be automatically redirected to https, you'll need to change your virtual host's instructions for the http protocol by adding the line Redirect "/" "https://www.example.com" configuration file /etc/httpd/conf.d/example.com.conf as shown in this example ServerName www.example.com DocumentRoot /var/www/example.com ServerAlias example.com Redirect "/" "https://www.example.com" ErrorLog /var/log/httpd/www.example.com.error.log CustomLog /var/log/httpd/www.example.com.requests.log combined Options FollowSymLinks MultiViews AllowOvverride All Order allow,deny allow from all If you use services such as cloudflare or other redirect methods it will not insert this line or it will generate an endless loop of addressing that will eventually return an error on the browser.

Installation MariaDB (for Mysql)

To install the mysql MariaDB server, you must write this command yum -y install mariadb-server mariadb So you'll need to start and enable the server systemctl start mariadb systemctl enable mariadb Now mariadb is installed but you should proceed to basic automatic security because as it is, the service is configured with as few limitations as possible so that it is more convenient for developers. You can do this with the command mysql_secure_installation You will need to choose all the recommended options and you will need to enter a password for your mysql root account. Considerations: CentOS chose to use MariaDB as the default mysql server. However I have to tell you that this is a fork of the classic mysql server and there may be incompatibility issues when importing data. If you don't know the difference between mariadb and mysql community edition I recommend you read an article on how to migrate data from a mysql community release server to a mariadb server or how to migrate data from a mariadb server to a mysql community release server.

Installing PHPs and modules used by common CMSs

To use mysql, apache needs an intermediate program that in our case is php. To install php with mysql support and its most commonly used modules from popular CMS, type these commands yum -y install php yum -y install php-opcache yum -y install php-common yum -y install php-fpm yum -y install php-pear yum -y install php-mysql yum -y install php-cli yum -y install php-gd yum -y install php-odbc yum -y install php-xml yum -y install php-xmlrpc yum -y install php-mbstring yum -y install php-snmp yum -y install php-soap yum -y install php-mcrypt If you need to install other modules you can search for them using the command yum search php- You can also filter the results with the grep command. If for example, i want to display the modules with pecl written inside the name I just have to write yum search php- | grep pecl Considerations: CenOS is a stable and conservative linux distribution. Packages that you can install with traditional repositories are tested. To install the latest versions, you should import other repositories. If you don't need to install the latest version of php, I recommend that you respect centOS's choice. If you need to install version 7 of php, I recommend you read an article about installing and configuring a LAMP (Linux Apache Mysql Php 7) server with multiple virtual hosts on CentOS 7. Read the full article

#advice #apache #centos #English #experience #games #guides #linux #mysql #php #servers #systemsengineers

0 notes

siva3155 · 6 years ago

Text

300+ TOP Web2py Framework Interview Questions and Answers

Web2py Framework Interview Questions for freshers experienced :-

1. What is Web2py Framework? Web2py is an open source web application framework. It is written in the Python programming language. It allows web developers to design and develop dynamic web application. 2. How can we Install Web2py in different operating system? We can install Web2fy in different operating system by using following code: Operation System Command Unix and Linux python web2py.py OS X open web2py.app Windows web2py.exe 3. What are the protocols supports in Web2py? Web2py supports various protocols like: XML, JSON, RSS, CSV, XMLRPC, JSONRPC, AMFRPC, and SOAP. 4. How to write a hello world program in Web2py? We can write a hello world program by using following code: def hello(): return 'Hello World' 5. Who is the author of Web2py? Massimo Di Pierro developed the author of Web2py. 6. What is the stable version of Web2py? Web2py stable version is 2.14.6 which is released on May 10, 2016. 7. How can we represent MVC (Model-View-Controller) in Web2py? In Web2fy, we can represent MVC (Model-View-Controller) as follows- Model: It includes the logic of application data. It is used to database connections by configuring storage.sqlite files. "db.py" is the model: db = DAL('sqlite://storage.sqlite') db.define_table(employee, Field('name'), Field('phone')) View: View displays the output after the associated controller function is executed. It renders the variables in the dictionary, which is in the form of HTML. It uses {{ and }} delimiters to include the file. {{extend 'layout.html'}}

Manage My Employees

{{=grid} Controller: It helps to access the functions and modules. It acts as intimidator between Model and View. def employees(): grid = SQLFORM.grid(db.contact, user_signature = False) return locals( 8. What are the application components of web2py ? Web2fy consists of the following components. Models: It represents data and database tables. Views: It helps rendering the display of the data. Controllers: It describes the application logic and workflow. Languages: describe how to translate strings in the application into various supported languages. Static files: Do not require processing (e.g. images, CSS style sheets etc). ABOUT and README: It provide details of the project. Errors: It stores error reports generated by the application. Sessions: It stores information related to each particular user. Databases: It store SQLite databases and additional table information. Cache: It store cached application items. Modules: Modules are other optional Python modules. Private: It includes files are accessed by the controllers but not directly by the developer. Uploads: Files are accessed by the models but not directly by the developer. 9. What are the databases and their drivers support by Web2py? Web2py supports following databases and their drivers. Databases Drivers SQLite sqlite3 or pysqlite2 or zxJDBC (on Jython) PostgreSQL psycopg2 or pg8000 or zxJDBC (on Jython) MySQL pymysql or MySQLdb Oracle cx_Oracle MSSQL pyodbc or pypyodbc FireBird kinterbasdb or fdb or pyodbc DB2 pyodbc Informix informixdb Ingres ingresdbi Cubrid cubriddb 10. What are the crud Methods of Web2py? Web2fy crud methods are : Methods description crud.tables() It returns a list of tables which is defined in the database. crud.create(db.tablename) It returns a create form for the table tablename. crud.read(db.tablename, id) It returns a read-only form for tablename and record id. crud.delete(db.tablename, id) It is used to deletes the record crud.select(db.tablename, query) It returns a list of records selected from the table crud.search(db.tablename) Returns a tuple (form, records) where form is a search form

Web2py Framework Interview Questions 11. Which class is used to send email in Web2py Framework? In Web2fy Framework, gluon.tools.Mail class is used to send email. The mailer can be defined with this class. from gluon.tools import Mail mail = Mail() mail.settings.server = 'smtp.example.com:25' mail.settings.sender = '[email protected]' mail.settings.login = 'username:password' 12. What is the default port of Web2py? Web2py default port is 8000. 13. What is Postbacks? A better pattern in web2py is to submit forms to the same action, which generates them. This mechanism is called as “postback” which is the main feature of web2py. In short, self-submission is achieved in postback. 14. How can we create a model? We can create a model by using following code : db.define_table('company', Field('name', notnull = True, unique = True), format = '%(name)s') db.define_table( 'contact', Field('name', notnull = True), Field('company', 'reference company'), Field('picture', 'upload'), Field('email', requires = IS_EMAIL()), Field('phone_number', requires = IS_MATCH('+')), Field('address'), format = '%(name)s' ) db.define_table( 'log', Field('body', 'text', notnull = True), Field('posted_on', 'datetime'), Field('contact', 'reference contact') ) 15. Describe the workflow of Web2py? Web2py workflow are given below : The web server manages HTTP requests simultaneously in its own thread. The HTTP request header is passed to the dispatcher. The dispatcher manages the application requests and map the PATH_INFO in the URL of the function call. Every function call is represented in the URL. All the requests for files included in the static folder are managed directly, and large file are streamed to the client. Requests for anything but a static file are mapped into an action. If the request header contains a session cookie for the app, the session object is retrieved; or else, a session id is created. If the action returns a value as string, this is returned to the client. If the action returns an iterable, it is used to loop and stream the data to the client. 16. What are the features of Web2py? Web2py features are: It is easy to learn. It is portable. It has standard library that supports many task. 17. What is the I/O functions in Web2py? There are various I/O functions in Web2py that are given below. open(): It helps to open a file or document write(): It helps to write a string in file or document read(): It helps to read the content in existing file close(): This method closes the file object. 18. What is CRON in Web2py? In Web2py, CRON gives the ability to run the task within the specified interval of the time. 19. What is RBAC in Web2py? In Web2py, RBAC stands for Role Based Access Control. It is an approach to restricting system access to authorized used. 20. Which method is used to send an email in Web2py? In Web2py, mail.send() method is used to send an email. 21. What are the protocols used in Web2py? There are various protocols used in Web2py: XML JSON RSS CVC SOAP etc. 22. Does Web2py support multiple database? Yes, Web2py supports multiple database. 23. What is the use of DAL object? DAL object is used to represents a database connection. Example: db = DAL('sqlite://storage.sqlite') 24. How can we disable all the table in Web2py? In Web2py, Migration is used to disable all the table. Example: db = DAL(..., migrate_enabled=False) 25. Is it possible to skip the GUI and start Web2py directory? Yes, by using command line. Example: python web2py.py -a 'your password' -i 127.0.0.1 -p 8000 26. What is the process to send SMS? The following code is used to send SMS: from gluon.contrib.sms_utils import SMSCODES, sms_email email = sms_email('1 (111) 111-1111','T-Mobile USA (abc)') mail.send(to = email, subject = 'test', message = 'test') 27. In which language Web2py was written? Web2py was written in Python language. 28. What is Nginx? Nigix is a free, open-source web server. It is used to configure file. 29. How can we delete the records? We can delete the records by using following code: crud.delete(db.tablename, id) 30. Which tag is used to escape python code embedded in HTML? Web2py uses {{…}} tag to escape python code embedded in HTML. Web2py Questions and Answers Pdf Download Read the full article

0 notes

wpmashin · 5 years ago

Text

متداول ترین روش های حمله به وردپرس

چگونه سایت وردپرس شما هک میشود؟! هدف این بخش ورود تخصصی به مباحث امنیتی نیست چراکه خود دنیایی بسیار پیچیده است، اما داشتن دانش عمومی امنیت و اشراف بر شیوه های متداول حمله به وردپرس ضمن افزایش آگاهی برای جلوگیری از نفوذ به سایت شما موثر است. با توجه به اینکه سیستم مدیریت محتوای وردپرس با زبان برنامه نویسی PHP کدنویسی شده است، بیشتر حملات به آن، روی سایر اسکریپت های مبنی بر پی اچ پی صورت می گیرد، در ادامه با بیان ساده و روان به بررسی برخی از متداول ترین نوع حملات می پردازیم. 1.حملات XSS XSS یا Cross - Site Scripting معروف به تزریق کد بوده و یکی از رایج ترین نوع حملات است. در این نوع حمله، کوکی و سشن کاربران به سرقت می رود و سپس نفوذگر قادر خواهد بود با نام کاربر لاگین کرده و به اطلاعات موردنظر دست یابد. شاید آن کاربر ادمین باشد. در حالت پیشرفته این نوع حمله، هکر تسلط کاملی بر صفحه وب خواهد داشت. در این روش نفوذ زمانی امکان پذیر خواهد بود که ضعف برنامه نویسی وجود داشته باشید. از آنجایی که وردپرس از نظر کدنویسی به صورت حرفه ای اجرا شده و برنامه نویسان خبرهای آن را نوشته اند، معمولا این حمله به وردپرس، به ندرت آسیبی در پی دارد، مگر اینکه از افزونه های نامطمئن استفاده کنید. 2.حملات Brute Force به جرات می توان گفت متداول ترین نوع حمله در وردپرس، حملات Brute Force است. در صورتی این حملات رخ خواهد داد که نفوذگر آدرس ورود به پنل مدیریت را بداند و در صورتی موفق خواهد شد که از نام کاربری پیش فرض مثل Admin و رمز عبور ساده مثلا با ترکیبی فقط از اعداد استفاده کنید، و هیچ تردیدی به خود راه ندهید که اگر این گونه باشد هک سایت ۱۰۰٪ قابل انجام است. گاهی این حملات به راحتی به بیش از هزار بار در ساعت می رسد. ساده ترین راه انتخاب رمز عبور قوی همان طور که ذکر شد، این است که حتما ترکیبی از کاراکترهای مختلف باشد، علاوه بر آن از نام کاربری پیش فرض استفاده نکنید. با رعایت این موارد، تا حد بسیار زیادی در مقابل این نوع حملات مقاوم می شوید. اما به منظور داشتن امنیت بیشتر، لازم است که با قابلیت مسدودسازی را اضافه کنید و یا به کلی آدرس صفحه ورود به پنل مدیریت را تغییر دهید که قطعا تغییر آدرس بهترین روش خواهد بود. چراکه حتی مسدودسازی آی پی ها به دلیل استفاده هکر و یا ربات ها از آی پی مجازی جهت دفع کامل حملات پاسخگو نخواهد بود. ترجیحا از تمامی لایه های امنیتی استفاده کنید. به هر حال همان گونه که هکر فردی هوشمند است، شما نیز باید مدیری هوشمند و حتی باهوش تر از نفوذگر باشید. 3.حملات DDoS حملات Distributed Denial of Service نیازی به معرفی ندارد، چرا که از گذشته دور مطرح و متداول بوده است. زمانی هکر از این روش استفاده می کند که راه نفوذی نمی یابد و هدفش تحمیل هزینه و خسارت به سایت می باشد. در نوع این حمله،سرور سایت مورد هدف قرار می گیرد و آن قدر ترافیک و درخواست روانه آن می شود تا سرور توان پاسخگویی به آن را نداشته و در نتیجه دچار اختلال شود. به زبان عامیانه، هکر آنقدر حمله می کند تا سرور هنگ کرده و سایت به کاربران نمایش داده نشود یا با سرعت خیلی کند بارگذاری شود. به منظور مقابله با این حملات، کانفیگ امنیتی سرور حائز اهمیت است. البته از طریق وردپرس نیز راه حلی وجود دارد که در گزینه بعد، یعنی xmlrpc شرح داده می شود. 4.حملات XML - RPC پروتکل XML - RPC به منظور فراخوانی دستورات از راه دور در بستر HTTP طراحی شده که می توان آن را مشابه API گرفتن دانست. در واقع به کمک این پروتکل می توان با ایجاد اپلیکیشن هایی در ویندوز یا گوشی های موبایل، از راه دور به مدیریت سایت پرداخت. تمامی انواع حملات که تا به اینجا معرفی شد، روی انواع اسکریپت �� سایت ها در اینترنت اثرگذار می باشد. اما این نوع حمله به صورت ویژه روی وردپرس اثرگذار است. به طوری که گاهی بر اثر حملات زیاد عملا سایت کند شده و مجبور به غیرفعال سازی قابلیت XML - RPC وردپرس می باشید. از طرفی غیرفعال سازی این پروتکل باعث اختلال در عملکرد برخی افزونه های وابسته به این پروتکل خواهد شد. وردپرس زمانی قابلیت -XML RPC را به صورت پیش فرض فعال نمود که این پروتکل به پایداری و امنیت مناسبی رسید. اما با این وجود، هکرها همچنان با ارسال درخواست های فراوان، از امکانات این پروتکل به منظور حملات DDoS و یا Brute force سو استفاده می نمایند. چندین روش مختلف برای غیرفعال سازی این پروتکل در وردپرس وجود دارد که ساده ترین راه، استفاده از افزونه Disable XML - RPC و یا افزونه های امنیتی است. همچنین با استفاده از فایل htaccess در هاست می توان این افزونه را غیرفعال کرد. 5.حملات SQL Injection تزریق SQL یکی از رایج ترین نوع حملات به سایت ها است، که وردپرس نیز در صورت عدم به روزرسانی سریع و عدم استفاده از افزونه های مطمئن، از آن مصون نیست. در این نوع حمله، هکر پس از کشف حفره امنیتی، کد دلخواهش را روی دیتابیس اجرا می کند که این مورد می تواند بسیار خطرناک باشد. به عنوان مثال در صورت وجود حفره و امکان اجرای دستور روی پایگاه داده، هکر می تواند رمز مدیر سیستم را تغییر دهد. ضعف در برنامه نویسی و عدم مدیریت صحیح داده های ارسالی از سمت کاربران، دلیل اصلی بروز SQL Injection می باشد. نکات عمومی و پایه ای برای ارتقای امنیت در وردپرس منبع:کتاب امنیت تمام قوا در وردپرس - دیباگران تهران Read the full article

#افزایشامنیتدروردپرس #بهترینهاستوردپرس #چگونهسایتوردپرسشماهکمیشود؟!#متداولترینروشهایحملهبهوردپرس #هاستتخصصیوردپرس #هاستمدیریتشدهوردپرس

0 notes

suzanneshannon · 5 years ago

Text

Jumping Into Webmentions With NextJS (or Not)

Webmention is a W3C recommendation last published on January 12, 2017. And what exactly is a Webmention? It’s described as…

[…] a simple way to notify any URL when you mention it on your site. From the receiver’s perspective, it’s a way to request notifications when other sites mention it.

Here’s our plan

Declare an endpoint to receive Webmentions

Process social media interactions to Webmentions

Get those mentions into a website/app

Set the outbound Webmentions

Luckily for us, there are services in place that make things extremely simple. Well, except that third point, but hey, it’s not so bad and I’ll walk through how I did it on my own atila.io site.

Step 1: Declare an endpoint to receive Webmentions

In order to have an endpoint we can use to accept Webmentions, we need to either write the script and add to our own server, or use a service such as Webmention.io (which is what I did).

<a href="https://twitter.com/atilafassina" target="_blank" rel="me noopener noreferrer" > @AtilaFassina </a>

Verifying this way, we also need to make sure there’s a link pointing back to our website in that Twitter profile. Once we’ve done that, we can head back to Webmention.io and add the URL.

This gives us an endpoint for accepting Webmentions! All we need to do now is wire it up as <link> tags in the <head> of our webpages in order to collect those mentions.

Remember to replace {user} with your Webmention.io username.

Step 2: Process social media interactions into Webmentions

And guess what? There’s an awesome free service for it. Fair warning though: you’d better start loving the IndieWeb because we’re about to get all up in it.

Bridgy connects all our syndicated content and converts them into proper Webmentions so we can consume it. With a SSO, we can get each of our profiles lined up, one by one.

Step 3: Get those mentions into a website/app

Now it’s our turn to do some heavy lifting. Sure, third-party services can handle all our data, but it’s still up to us to use it and display it.

Get the number of mentions

type TMentionsCountResponse = { count: number type: { like: number mention: number reply: number repost: number } }

type TMentionsCount = { mentions: number likes: number total: number }

The endpoint is located at:

https://webmention.io/api/count.json?target=${post_url}

The request will not fail without it, but the data won’t come either. Both Max Böck and Swyx combine likes with reposts and mentions with replies. In Twitter, they are analogous.

Get the actual mentions

Before getting to the response, please note that the response is paginated, where the endpoint accepts three parameters in the query:

page: the page being requested

per-page: the number of mentions to display on the page

target: the URL where Webmentions are being fetched

Once we hit https://webmention.io/api/mentions and pass the these params, the successful response will be an object with a single key links which is an array of mentions matching the type below:

The above data is more than enough to show a comment-like section list on our site. Here’s how the fetch request looks in TypeScript:

Hook it all up in NextJS

As of version 9.3.0, NextJS has three different methods for fetching data:

getStaticProps: fetches data on build time

getStaticPaths: specifies dynamic routes to pre-render based on the fetched data

getServerSideProps: fetches data on each request

Display the Webmention count

First off, let’s create a component for the count:

Thanks to SWR, even though we are using two instances of the WebmentionsCounter component, only one request is made and they both profit from the same cache.

Feel free to peek at my source code to see what’s happening:

WebmentionsCounter (the component)

getMentionsCount (the helper function)

Post layout component (where we’re using the component)

Display the mentions

Now that we have placed the component, it’s time to get all that social juice flowing!

The code is simplified to allow focus on the subject of this article. Again, feel free to peek at the full implementation:

Webmention component

getMentions helper

Posts layout component

Step 4: Handling outbound mentions

Thanks to Remy Sharp, handling outbound mentions from one website to others is quite easy and provides an option for each use case or preference possible.

If you prefer to avoid using yet another third-party service for this feature (which I totally get), Remy has open-sourced a CLI package called wm which can be ran as a postbuild script.

At their most basic, microformats are a kind of class-based notations in markup that provide extra semantic meaning to each piece. In the case of a blog post, we will use two kinds of microformats:

h-entry: the post entry

h-card: the author of the post

Most of the required information for h-entry is usually in the header of the page, so the header component may end up looking something like this:

And that’s it. If you’re writing in JSX, remember to replace class with className, that datetime is camelCase (dateTime), and that you can use the new Date('2020-04-22').toISOString() function.

It’s pretty similar for h-card. In most cases (like mine), author information is below the article. Here’s how my page’s footer looks:

Now, whenever we send an outbound mention from this blog post, it will display the full information to whomever is receiving it.

Wrapping up

References

Using Web Mentions on Static Sites (Max Böck)

Client-side Webmentions (Swyx)

Send outgoing Webmentions (Remy Sharp)

Your first webmention (Aaron Parecki)