HTTP Strict Transport Security (HSTS)

HTTP Strict Transport Security (HSTS) instructs web browsers to only use secure connections for all future requests when communicating with a web site. Doing so helps prevent SSL protocol attacks, SSL stripping, cookie hijacking, and other attempts to circumvent SSL protection.


To enable HSTS, you just need to create .htaccess and place the code inside

Header set Strict-Transport-Security "max-age=31536000" env=HTTPS

To check if the HSTS is working, you can use the checking tools here

If you see it was green on Strict-Transport-Security, then it was done correctly.

More detail info about HSTS : Wikipedia

‘Petya’ ransomware: How to Stop it ??

Another ransomware called “Petya” is attack and spreading afterWannaCry attack. But this “Petya” looks like the program’s creators had no intention of restoring the machines at all. In fact, a new analysis reveals they couldn’t; the virus was designed to wipe computers outright.

How to know your PC is affected? 

You will see screen like this. Which mean that your PC is affected. When a computer is infected, the ransomware encrypts important documents and files and then demands a ransom, typically in Bitcoin, for a digital key needed to unlock the files. If victims don’t have a recent back-up of the files they must either pay the ransom or face losing all of their files.

How to stop it

The ransomware infects computers and then waits for about an hour before rebooting the machine. While the machine is rebooting, you can switch the computer off to prevent the files from being encrypted and try and rescue the files from the machine.

If you see this screen, you should direct off the PC ASAP.

Power ON the PC and go to the CMD and do as below. It to create perfc 、perfc.dll、perfc.dat on C:\Window

cd.. (Enter)

copy con perfc (Enter)

(Ctrl + Z )


copy perfc perfc.dll (Enter)
copy perfc perfc.dat (Enter)

This is temporary solution so far. Please ALWAYS us the STRONG password for ADMINISTRATOR password.

Tools for scan Malware – maldet (Simple Installation)


Maldet, an malware detector for linux server. It was a powerful tool if compare with the online tool that available.

Installation step as below

(1) go to the path

cd /usr/local/src/

(2) Download the source


(3) untar the installation file

tar zxvf maldetect-current.tar.gz

(4) go to the meldet folder

cd maldetect-*

(5) Install it




All about CSF (ConfigServer Security & Firewall)


To add IP address in to deny list

csf -d IP

To add IP address in to allow list

csf -a IP

How to restart csf firewall

csf -r

How to stop csf firewall

csf -x

Path of CSF configuration file on cPanel server


Path of denied IP addresses file in CSF


Path of allowed IP address file in CSF


How to add IP address in to ignorelist

(1) login to shell

(2) add IP address in to /etc/csf/csf.ignore

How to find IP address blocked in temporary ban

grep IP /etc/csf/csf.tempban


How to edit Window server RDP port and why need so

When your server have symptom as below

a) a lots of log as below

Remote session from client name a exceeded the maximum allowed failed logon attempts. The session was forcibly terminated.

b) IIS unable to start and receive the error result when list the applicaiton pool list

c) intermittent interuption to the IIS service

Your server might under RDP Brute force attack.

Because of RDP Brute force, the memory type known as “kernel unpaged pool” will be almost entirely full. There is a maximum of 256MB on a 32bit Windows installation. This will to continue to cause IIS and other network services to work intermittently and finally stop entirely.

So the solution is edit the RDP port other then the default 3389 so the attacker will not easily know your server port. Golden rules in IT security: DO NOT even use default port for all the service.

1) Start Registry Editor (Start > Run > type “regedit” > press Enter)
2) Locate and then click the following registry subkey:
3) On the Edit menu, click Modify, and then click Decimal.
4) Type the new port number, and then click OK.
5) Quit Registry Editor.
6) Restart the server.