Force SSL for your site with Varnish and Nginx

Hello! For those of you who depend on Varnish to offer robust caching and scaling potential to your web stack, hearing about Google’s prioritization (albeit arguably small, for now) of sites that force SSL may cause pause in how to implement. Varnish currently doesn’t have the ability to handle SSL certificates and encrypt requests as […]

https://www.stackstar.com/force-ssl-for-your-site-with-varnish-and-nginx/ Auto updating Atomicorp Mod Security Rules

Hello! If any of you use mod_security as a web application firewall, you might have enlisted the services of Atomicorp for regularly updating your mod_security ruleset with signatures to protect against constantly changing threats to web applications in general. One of the initial challenges, in a managed hosting environment, was to implement a system that […]

https://www.stackstar.com/auto-updating-atomicorp-mod-security-rules/ How to detect and mitigate DoS (Denial of Service) Attacks

Greetings, Occasionally with a very busy site, being behind a hefty web stack does not always have enough capacity to mitigate a significant surge in artificial (DoS) requests. Detecting and mitigating denial of service attacks is an important and time sensitive exercise that will determine the next mitigating steps that you may need to take […]

https://www.stackstar.com/how-to-detect-and-mitigate-dos-denial-of-service-attacks/ Security Penetration Testing Series : SQL Injection

I am starting a series of blog posts that detail security related strategies, penetration testing and best practice methodologies. To start our series, I am going to delve into the world of SQL injection techniques and a general overview for those who are looking to learn a little more about this method of injection. There […]

https://www.stackstar.com/security-penetration-testing-series-sql-injection/ Integrate your custom IPTables script with Linux

A custom iptables script is sometimes necessary to work around the limitations of the Red Hat Enterprise Linux firewall configuration tool.

https://www.stackstar.com/integrate-your-custom-iptables-script-with-linux/ Scheduled antivirus scans to prevent viral injections on user generated content

When dealing with high traffic sites, especially media based or community based sites, there is always the risk of javascript, virus, XSS or other malicious injection of badness when giving a community of users the ability to upload files to your site. There are several things to consider when evaluating all “points of entry” that […]

https://www.stackstar.com/linux-antivirus-scheduled-scans-on-user-generated-content/ Script to distribute SSH Keys across many servers

The idea behind this script is to have a centralized, highly secure and restricted key repository server. Each server in your environment would run this script to “pull” the updated key list from the central server. The script would run as a cron job and can run as often as you like. Ideally every 5-10 minutes would allow for quick key updates / distribution.

https://www.stackstar.com/script-to-distribute-ssh-keys-across-many-servers/ Shell Script to Report On Hacking Attempts

It is always a good idea , when implementing open source firewall implementations (iptables, pf, etc), to build in as much reporting and verbosity as possible. Somewhere along the line, we wrote a script to provide daily reports on intrusion attempts to penetrate our network — this usually happens when someone exceeds certain connection thresholds.

https://www.stackstar.com/freebsd-pf-packet-filter-shell-script-to-report-on-hacking-attempts/ Network Audit Bash Script Using Netbios and Nmap

In order to quickly audit a network , I created this bash script to scan selected IPs, read from a configuration file, and compile a simple report to be emailed. The script can be modified to suit your needs, such as exporting the data to a database or perhaps an HTML report for a web based reporting site.

https://www.stackstar.com/network-audit-bash-script-using-netbios-and-nmap/ Testing for weak SSL ciphers for security audits

Weak ciphers allow for an increased risk in encryption compromise, man-in-the-middle attacks and other related attack vectors.

https://www.stackstar.com/testing-for-weak-ssl-ciphers-for-security-audits/