HTTP Strict Transport Security (HSTS)

HTTP Strict Transport Security (HSTS) instructs web browsers to only use secure connections for all future requests when communicating with a web site. Doing so helps prevent SSL protocol attacks, SSL stripping, cookie hijacking, and other attempts to circumvent SSL protection.

 

To enable HSTS, you just need to create .htaccess and place the code inside

Header set Strict-Transport-Security "max-age=31536000" env=HTTPS

To check if the HSTS is working, you can use the checking tools here

If you see it was green on Strict-Transport-Security, then it was done correctly.

More detail info about HSTS : Wikipedia

Plesk Onyx Upgrade Path

For latest Plesk, it called Plesk Onyx. In order to upgrade to Plesk Onyx, it can direct upgrade to Plesk Onyx if your Plesk is version as below

  • 11.0.9
  • 11.5.30
  • 12.0.18
  • 12.5.30

Other then this, you need to check if your OS is as below

  • Debian 7 & 8 (64 Bits)
  • Ubuntu (64 Bits)
  • RHEL / Centos (64 Bits)
  • Virtuozoo Linux 7

If your Server OS is on 32 Bits, you can direct install NEW OS on new box.

Plesk Upgrade Choice

Firefox: ocsp stapling

OCSP stands for Online Certificate Status Protocol. It’s basically a protocol that’s used to make sure that an SSL certificate is still valid and hasn’t been revoked.

Firefox appears to be the only browser that does an additional security check for OCSP and also does a hard fail. This is a security feature of Firefox.

If your SSL report is fail the OCSP stapling, then the site will unable to access by Mozilla Firefox. This is the message from Mozilla FireFox

sec_error_ocsp_try_server_later

How to get the SSL report, you can always use the SSL report tools

You could try disabling stapling support from Mozilla FireFox

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(2) In the search box above the list, type or paste ocsp and pause while the list is filtered

(3) Double-click the security.ssl.enable_ocsp_stapling preference to switch the value from true to false

 

lvm (Linux Logical Volume Manager) command

lvm01

lvm layout

pvdisplay – shows you the current state of your physical volumes.

vgdisplay – shows you all volume groups

lvdisplay – shows you all logical volumes

lvscan – shows you all active volumes (disks)

lvs – is like lvscan but shows you less detail.

pvscan – scans all disks for physical volumes and shows disk space.

Tools for scan Malware – maldet (Simple Installation)

malwarelogo

Maldet, an malware detector for linux server. It was a powerful tool if compare with the online tool that available.

Installation step as below

(1) go to the path

cd /usr/local/src/

(2) Download the source

wget http://www.rfxn.com/downloads/maldetect-current.tar.gz

(3) untar the installation file

tar zxvf maldetect-current.tar.gz

(4) go to the meldet folder

cd maldetect-*

(5) Install it

sh install.sh