HTTP Strict Transport Security (HSTS)

HTTP Strict Transport Security (HSTS) instructs web browsers to only use secure connections for all future requests when communicating with a web site. Doing so helps prevent SSL protocol attacks, SSL stripping, cookie hijacking, and other attempts to circumvent SSL protection.


To enable HSTS, you just need to create .htaccess and place the code inside

Header set Strict-Transport-Security "max-age=31536000" env=HTTPS

To check if the HSTS is working, you can use the checking tools here

If you see it was green on Strict-Transport-Security, then it was done correctly.

More detail info about HSTS : Wikipedia

Plesk Onyx Upgrade Path

For latest Plesk, it called Plesk Onyx. In order to upgrade to Plesk Onyx, it can direct upgrade to Plesk Onyx if your Plesk is version as below

  • 11.0.9
  • 11.5.30
  • 12.0.18
  • 12.5.30

Other then this, you need to check if your OS is as below

  • Debian 7 & 8 (64 Bits)
  • Ubuntu (64 Bits)
  • RHEL / Centos (64 Bits)
  • Virtuozoo Linux 7

If your Server OS is on 32 Bits, you can direct install NEW OS on new box.

Plesk Upgrade Choice

‘Petya’ ransomware: How to Stop it ??

Another ransomware called “Petya” is attack and spreading afterWannaCry attack. But this “Petya” looks like the program’s creators had no intention of restoring the machines at all. In fact, a new analysis reveals they couldn’t; the virus was designed to wipe computers outright.

How to know your PC is affected? 

You will see screen like this. Which mean that your PC is affected. When a computer is infected, the ransomware encrypts important documents and files and then demands a ransom, typically in Bitcoin, for a digital key needed to unlock the files. If victims don’t have a recent back-up of the files they must either pay the ransom or face losing all of their files.

How to stop it

The ransomware infects computers and then waits for about an hour before rebooting the machine. While the machine is rebooting, you can switch the computer off to prevent the files from being encrypted and try and rescue the files from the machine.

If you see this screen, you should direct off the PC ASAP.

Power ON the PC and go to the CMD and do as below. It to create perfc 、perfc.dll、perfc.dat on C:\Window

cd.. (Enter)

copy con perfc (Enter)

(Ctrl + Z )


copy perfc perfc.dll (Enter)
copy perfc perfc.dat (Enter)

This is temporary solution so far. Please ALWAYS us the STRONG password for ADMINISTRATOR password.

Firefox: ocsp stapling

OCSP stands for Online Certificate Status Protocol. It’s basically a protocol that’s used to make sure that an SSL certificate is still valid and hasn’t been revoked.

Firefox appears to be the only browser that does an additional security check for OCSP and also does a hard fail. This is a security feature of Firefox.

If your SSL report is fail the OCSP stapling, then the site will unable to access by Mozilla Firefox. This is the message from Mozilla FireFox


How to get the SSL report, you can always use the SSL report tools

You could try disabling stapling support from Mozilla FireFox

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(2) In the search box above the list, type or paste ocsp and pause while the list is filtered

(3) Double-click the security.ssl.enable_ocsp_stapling preference to switch the value from true to false


Dynamic DNS – The automated rapid record updates

DNS which is know as Domain Name System which the record is key in manually and fix. When the DNS record is edited, it will always take 1-2 hours to fully resolved. By using the DNS, the server need to have a fixed IP. If you use the dynamic IP, the domain DNS record need to edit if the server dynamic IP is change to other dynamic IP. To address the issue of rapid change of dynamic IP (if the server is using the dynamic IP), Dynamic DNS might be the solution.
Dynamic Domain Name System or DDNS, is the solution if the server is using the dynamic IP. The basic idea is replace the IP by hostname, and the hostname A record will rapid change when the IP of that server is change. For the domain that use the DNS , the A record insert manually which normally use the fixed IP. The reason is because the A record will not change if there is no edit done. For the DDNS, the domain A record will change if the server IP is change. Here is the diagram.  Continue reading “Dynamic DNS – The automated rapid record updates”