If you hold a website and use SSL/HTTPS with Certificates theres is often the question should i block Port 80? The most Admins think after the Major Changes of the Browsers to pull first HTTPS Port 443 they can close the HTTP Port 80. But you should NOT do it! Why? most Bots scan at first Port 80 for Content or for Listening Web Servers. More Details: https://letsencrypt.org/de/docs/allow-port-80/
Category: Webserver
Script DNS Blocker DNSMASQ
If you tested pihole, you perhaps look for a smaller Command Line version? Install dnsmasq by: sudo apt-get install dnsmasq Here DNS Rule Injector Script (copy & paste): blocker.sh # www.linuxonlinehelp.eu 2019 # DNS Blocker for Small Linux with dnsmasq # #!/bin/bash # goto tmp (tmpfs) cd /tmp/ # get URL-Blocklists wget -O blocklist.txt https://v.firebog.net/hosts/Kowabit.txt # get Templates #SET Variables txt='blocklist.txt' IP='0.0.0.0' # set to 0.0.0.0 or to a Webserver with "white Page" showing Text "URL-blocked!! #merge URLs and redirect to wanted IP – Rule creation n=1; while read line; do echo 'address=/'$line'/$IP '>> 02-blocked1.conf ; n=$((n+1)); done < $txt […]
WordPress Gutenberg Editor fails on modsecurity2
If you use modsecurity2 Plugin Filter on a Apache2 / Apache24 Setup then on my Blogs Gutenberg fails to SAVE Pages and Drafts. Workaround: Install the old but useful “Classic Editor Plugin” and replace Gutenberg for all Users! Background: It seems the lastest stable mod_security2 Rules not modified for Gutenberg post urls!
Convert WordPress Blog into Static Websites
For some reasons you want to convert your WordPress with Linux Tools into a Static Website: low level Hosting no SQL + PHP for higher Security Then open a Terminal and enter into a Text Editor: nano wp2statis.sh: #!/bin/bash wget \ –recursive \ –no-clobber \ –page-requisites \ –html-extension \ –convert-links \ –restrict-file-names=windows $url-of-site exit 0 Advantage? wget runs on most WP-Themes low Load on the convert Process Script can be used to run by Cron automaticly every Night !
Website Speed Test with Linux
If you own a Blog and want to check the Speed with your local Linux Computer use a commandline tool called curl. Open a Terminal and enter: curl -o /dev/null -s -w 'Connect: %{time_connect}\nStart Transfer: %{time_starttransfer}\nTotal: %{time_total}\n' https://www.yourdomain.de System Echos: Connect: 0,084774 Start Transfer: 0,173280 Total: 0,228651 Advantage? You will see the Website Load Time of Users at your Location (Country Area) You can check “high performance Clouds” vs. “bare metal Servers” or “virtual Hosting” You see that mostly expensive Hosting is wasted money cause “shared” IO V-Host is SLOWER! You get the real “felt” IO for Users who […]
WordPress Speed Test Optimization
If you use WordPress and you want to get better results on search engines and social media checkout: Load Speed at Google free Speed Analyser for Developer https://developers.google.com/speed/pagespeed/insights/ Reduce and Control the Plugins Reduce and Control Images at Content and Image Sizes 50-100 kb Limits Use latest PHP Version if possible 7.3 Use cached MySQL if available Result: If green your Job is done well.. cause old rule, LESS is often MORE
WordPress Bug Backdoor delete Files
Current a Major Bug is published up to WordPress lastest Release 4.9.6! The real Nonsense is that the WordPress Core Team did know it since Nov. 2017 !! And changes NOTHING! More Details here reported and a public review here
Backup daily WordPress Drupal Script
If you use Drupal or WordPress and you have a virtual Server with SSH Login you should set up a daily Backup Script to have a Snapshot of your Blogs if Hackers insert SQL Code Injections or hack PHP Sites. Cause you cant NEVER know every EXPLOIT of every used Plugin (here less plugins is more!) Of course you can daily or hourly RESTORE AUTOMATIC by CRON your Blogs by OVERWRITE bad inserted STUFF! Howto? Article comming soon !! .. sorry have current not enough time.. or read my Wiki for MYSQL and WordPress Help! Daily or hourly restored […]