Cloud Insidr

Cybersecurity in the Age of the Machine

Join us on Twitter: @CloudInsidr

Home Archives for cloud, edge and everything in between administration and orchestration web servers in the cloud NGINX
Maximize your PHP session security by fixing errors and closing the session adoption vulnerability that allows session fixation attacks

Leave a Comment

Maximize your PHP session security by fixing errors and closing the session adoption vulnerability that allows session fixation attacks

When the server can’t write to the session data directory, if will use /var/cache/nginx/fastcgi_temp/ and complain in the error log. You don’t want any of these errors, but a setting considered insecure will not even be reported as such. Here is how to bolster your PHP 7 session security with NGINX and php-fpm.

[Read more…]

How to set up remote access via SFTP to a web server root directory on RHEL/CentOS/Fedora using key pairs

2 Comments

How to set up remote access via SFTP to a web server root directory on RHEL/CentOS/Fedora using key pairs

Your users want to access a web server instance as a staging or production environment for DevOps… They want access to the web server document root of the sites they manage. Your job is to maintain the integrity of the whole system in terms of cyber security.

If you happen to be running a web server on Linux—for example in EC2 on Amazon AWS—and need to provide site owners remote access in a secure and responsible manner, here is how to do it.

[Read more…]

WordPress Says Your Host May Have Disabled The mail() Function. Here Is How to Fix It.

4 Comments

WordPress Says Your Host May Have Disabled The mail() Function. Here Is How to Fix It.

Some WordPress installations stubbornly refuse requests for a password reset link, showing the user this error message instead:

The email could not be sent.
Possible reason: your host may have disabled the mail() function.

WordPress’ error massage is anything but insightful. The underlying cause usually involves SELinux. Let us introduce you to an easy fix that does not involve plug-ins or external email services. Buckle up.

[Read more…]

How to set up Letsencrypt certificates on AWS EC2

Leave a Comment

How to set up Letsencrypt certificates on AWS EC2

[updated 2018-06-12] As browser makers continue their push for HTTPS and mobile applications are becoming the target of MITM (man-in-the-middle) attacks, cloud developers and administrators are scrambling to find affordable SSL certificates that can live up to the demands of the cloud era. Enter Let’s Encrypt, a new Certificate Authority that is open, fully automated, and free to use, with an almost unprecedented, generous allotment of 100 host names per certificate. Let’s Encrypt delivers on the promise of a worry-free, fully encrypted web 3.0. Cloud Insidr lifts the veil off of Let’s Encrypt’s setup, configuration, its few surprises and hidden gems.

[Read more…]

©2022 CybrAnalytiqa OÜ