Browsed by
Tag: Webserver

.NET CryptographicException “Keyset does not exist”

.NET CryptographicException “Keyset does not exist”

Came across this error today when updating a new certificate used in a WCF service for digital signatures. Turns out the solution, as always, was pretty simple: give correct permissions to the private key file. Open the certificate manager and locate the correct certificate. Right click and navigate to: All Tasks -> Manage Private Keys. Change the file permissions so the IIS user can read. Read more on stackoverflow.com.

Multiple https websites on one IIS 7.5

Multiple https websites on one IIS 7.5

I wanted to use IIS 7.5 to host multiple sites under https. The only way I found so far is to have multiple IP addresses link to one server or configure multiple IP addresses on the server and use the IIS site bindings to listen to these alternate IP addresses. First of we need to configure our network card and add the new IP address to it. Go to the properties of your network card and select IPv4, then click…

Read More Read More

Take website offline in IIS

Take website offline in IIS

There is a very easy way to stop a website and provide your users with a nice “under maintenance” or “offline” page. Just create a new file in the root directory of your website and call it “app_offline.htm” Whatever the request to your site, users will always be served this page. Is you ever use publishing via visual studio, you will notice that during the publish this file is also created to let your users know maintenance is occurring on…

Read More Read More

Optimize SSL settings in Windows Server 2008

Optimize SSL settings in Windows Server 2008

SSL labs provides, through it’s website, a thorough free testing of an https enabled site. It has different rankings based on the (American) school grading system, where F is the lowest score and A++ the highest. Numerical Score Grade score >= 80 A score >= 65 B score >= 50 C score >= 35 D score >= 20 E score < 20 F In this post I will try and go through the steps to achieve an “A” rating for…

Read More Read More

Useful Drupal “drush” commands

Useful Drupal “drush” commands

Drush is a command line utility to provide a scripting interface for Drupal. Install the latest Drupal version drush dl drupal #downloads the latest Drupal drush dl drupal-7.35 #downloads the specified Drupal version drush site-install standard –account-name=[username] –account-pass=[userpassword] –db-url=mysql://[mysqluser]:[mysqluserpassword]@localhost/[mysqldatabase] When you’re locked out of your site because you enabled clean URL’s. drush vset clean_url 0 –yes Update a Drupal installation to the latest version, including installed extentions. drush pm-update

Create certificate request with SHA256 on IIS 7

Create certificate request with SHA256 on IIS 7

Creating a CSR (or Certificate Singing Request) on an IIS 7 is pretty straight forward, but you end up with a request which uses the old SHA1 hashing method. Your certificate request will work, but the end result will be that your site might be vulnerable to SSL/TLS related attacks. So how to create a CSR that uses the SHA256 algorithm? All the information bellow can be found on ServerFault. First make a request.inf file. (Just use a text editor…

Read More Read More

How to upgrade CiviCRM

How to upgrade CiviCRM

The following will describe how to update an existing CiviCRM installation to a new version. Always make sure you backup the database and the plugin folder, before proceeding. Download the latest Civi (for drupal in this case) to your plugins folder (or any other folder). wget “https://download.civicrm.org/civicrm-4.7.19-drupal.tar.gz” Note: When upgrading from 4.0.1 do not upgrade to 4.5 in one go. I found that this breaks your civi installation with an error: Fatal DB error, exiting, seems like your schema does…

Read More Read More

Shell detector app detects webshells (aspx, php)

Shell detector app detects webshells (aspx, php)

Shell detector is a great little application to, like the name suggests, detect (malicious) shells. I recently had the misfortune of having to deal with a so called web shell. Basically it created a backdoor by uploading a malicious file and its client application uses this file to send commands to be executed on the server. Looking at the capabilities of this malware I couldn’t believe what was possible. In short they owned the server. Now I know that the…

Read More Read More

Block WordPress login attempts when no WordPress is present

Block WordPress login attempts when no WordPress is present

I’ve set up LogWatch and saw these entries turning up every day. 404 Not Found /admin/wp-login.php: 2 Time(s) /administrator/index.php: 2 Time(s) /blog/wp-login.php: 2 Time(s) /section/wp-login.php: 2 Time(s) /site/wp-login.php: 2 Time(s) /wordpress/wp-login.php: 2 Time(s) /wp-login.php: 2 Time(s) /wp-login/: 2 Time(s) /wp/wp-login.php: 2 Time(s) /www.google.com/chrome: 1 Time(s) I decided to ban them using fail2ban, seeing as there is no reason to try and use a WordPress login, when there is no wp running on that server. I based this on https://github.com/miniwark/miniwark-howtos/wiki/Fail2Ban-setup-for-Apache. vi…

Read More Read More

A WordPress site secured with SSL and running on an nginx as a reverse proxy to an Apache

A WordPress site secured with SSL and running on an nginx as a reverse proxy to an Apache

Today I needed to transfer a WordPress site from one server to another. This proved more difficult then I tough. The new server is running an Nginx that serves as a reverse proxy to an Apache. The latter does, for example all the php stuff. It also serves only SSL pages and redirects all traffic on port 80 to 443. After a lot of “google’ing” and trial and error, this was what I needed to configure in the wp-config.php file….

Read More Read More