Category Archives: Online

PCI Compliance – Continued

Leave a reply

So after many both my own nmap and openssl and the PCI tests we are finally PCI compliant.

For MediaTemple customers however one thing kept failing the test.

This was the port 8443 which used by Plesk Virtuozo Service and is caused by having the “Offline Management” enabled.

To solve this I asked Mediatemple for help and they gladly disabled the “Offline Management”. This however did not completely solve the issue, since it still left the port open, and since Plesk was still installed it would still overwrite any customization I did to the iptables to block this port, even if I would go though the process of adding it correctly (at least what I could find).

So to solve this I did the following:

I edited the crontab:

crontab -e

and added the block line for iptables:
* * * * * /sbin/iptables -A INPUT -p tcp --dport 8443 -j REJECT

additionally to make sure I did not risk locking myself out I also added a ACCEPT line for my SSH port:
* * * * * /sbin/iptables -A INPUT -p tcp --dport MYPORTNUMBER -j ACCEPT

Cron runs this every minute so as soon as Plesk overwrites the iptables rules, the crontab runs and it’s added again.

This solved the issue which failed the PCI compliance test for me.

In theory this should also work with “Offline management” enabled which is going to be my next experiment. Additionally I am going to try adding an exception for my ip into the iptables to se if that works.

For now though we are PCI compliant and the cron will, for now, make sure it stays that way until I find a more permanent solution or Mediatemple updates the Plesk installation.

PCI Compliance, Weak SSL Ciphers, Plesk, etc

Leave a reply

For all those struggling with the marketing stunt that is PCI compliance here are some pages I found that help to make our DV Base at Mediatemple pass the PCI test

Please check out the following links for help on this:

Weak SSL:
465 (smtps/qmail) – http://www.qmailwiki.org/index.php/Qmail-control-files#control.2Ftlsserverciphers
imap/pop – follow instructions http://www.oscommerceuniversity.com/lounge/index.php?topic=265.0

Server wide ssl2 disable and weak ciphers for all virtual domains:
create new file:
vi /etc/httpd/conf.d/zz000_psa_httpd_weak_ssl_disable.conf
press ‘i’ to insert
SSLProtocol ALL -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:-LOW
press ‘esc’ > ‘shift+q’ > ‘wq’ > ‘enter’
/etc/init.d/httpd stop
/etc/init.d/httpd start

Also found this page very helpful: http://www.linux-advocacy.org/web-servers/making-plesk-more-pci-compliant

Question and additions welcome of course..

New Development Horizons – Getting into iPhone Dev

Leave a reply

Today I enrolled into the iPhone Development Program. Since I have no objective C, C++ or C- knowledge I looked for tools beforehand in order to make the step into development simpler.

I found a couple:

Now the difference between PhoneGap, Titanium and Corona is that both PhoneGap and Titanium are tools to help you write iPhone apps based on html and javascript including many of the popular libraries (prototype, mootools, jquery, etc.) thereby essentially removing the learning curve of iPhone dev for web designers. Also both are free downloads.

Corona on the other hand is a different matter all together. It let’s you write in Lua. Therefore Corona does have a learning curve, but (keep in mind I don’t know enough about iPhone dev to say this with complete certainty ) might provide more advanced development possibilities.

As of now I will start out using PhoneGap, and when things go smoothly and I have the time to mess about with the Corona Trail Download I might even purchase the Corona Package ($99) and use that since the Lua language seems logical and easy to learn.

I’ll post regularly with updates regarding my Dev journey.

MediaTemple Grid Service (GS) Experience

Leave a reply

Since March 09 I have been hosting my blogs EcoTipsForLife.com and my website move2create.com at MediaTemple.com

I have been using the Grid (GS) service and can report that I haven’t had any outages (that where not my doing of course…) or issues since.

Hosting is reliable, system maintenance is announced well ahead and often scheduled well in advance and customer service is very fast, responsive and helpfull.

All in all, I am a very happy MT customer.

On top of that I am only paying a total of $13.33 a month ($160/year) for their $20 a month Grid Service.

This is because I used the coupon “retailmenot” which takes off 20% of any plan for the life of the plan, and since I paid yearly the discount was quite substantial.

For more info or to order service from MediaTemple click here

New hosting for move2create.com | Virpus VPS

Leave a reply

As of last month I relocated move2create.com to it’s new home on my VPS I recently got from virpus.com.

As this was my first VPS I expected quite some work, but with the help of resources like vpsmedia.com/articles it proved to be less work then I had imagined. My experiences as a beginner VPS user with virpus.com have been excellent and would definitely recommend them.

virpus

Odiogo added to GeekyNomad.com

Leave a reply

GeekyNomad.com post can now be listened to through the service of Odiogo.com.

You can do this by using the “listen now” button or by using the “subscribe now” button in the sidebar.

Tip: Just wanted to include my experience regarding the plugin. For me it wasn’t immediately clear how I could manually determine the location of the plugin “listen now” button. Then I stumbled across a line in odiogo_listen_button.php (wp-content > plugins > odiogo_listen_button) which I had overlooked.

Around line 113 there is an option that says:

$odiogo_adv_options['manually_insert_listennow_link'] = false;

Set this to true and use the code:

<?php odiogo_listennow();?>

to include the listen button anywhere you want in your template files.

UPDATE: In one of the updates of de Odiogo button this feature (meaning $odiogo_adv_options['manually_insert_listennow_link'] = false;) was moved from around line 113 to around line 57.

A Naymz.com RepScore of 8 in 20 minutes

Leave a reply

A couple of months ago I got an email invitation for Naymz.com and decided to sign up.

Not having paid much attention to it for a while I recently stumbled across this post: http://collinlahay.com/2008/08/07/link-building-with-naymz/ on Collin Lahay’s website wich had some excellent tips on how to improve your Naymz profile. After reading I decided to try and improve my own Naymz RepScore. The RepScore is a Naymz.com score system determined by factors like Profile Completeness, connections, references, ID verification, etc.

My starting score was a 3/10.

The following is a step by step detailing my steps that resulted in getting a good Naymz.com RepScore.

  1. Create a free profile: http://www.naymz.com
  2. Fill in as much personal/business information as possible, this includes:
  1. Name, Residence, Occupation & Media
  2. Your Resume, can even be nearly empty like Collin Lahay’s post mentioned
  3. A Photo
  4. Contact Information
  5. Email adres | Add more of your emails for additional points
  6. A short About… section
  1. Add links from any personal, company and or blog websites you have (e.g. I also included a link to my Fotolia Portfolio). Also make sure to include the feed links if your blog and or website has them
  2. Invite family, friends and colleages to join
  3. Invite family, friends and colleages to leave you references
  4. Add your “Tags”
  5. Verify your identity | Now this was a very important step towards improving my score since this adds up to 250 points (for a RepScore point breakdown edit your Naymz Profile and click on “RepScore Details” and then any of the RepScore links). Naymz.com uses a service called Trufina in order to verify your identity. Now whether or not Trufina is truely insurance to prove “you are really you” is not really important at this point. Naymz.com uses it and it’s a good way to instandly improve your RepScore. Using the Trufina Coupon Code (c4ub8y3n | $3.95 discount) I found here I ended up paying only about $11 for both a “Trufina ID Badge” and a “Criminal Background Check” which I think is a good investment.

All in all the result was a RepScore of 8/10 as you can see on my profile here: http://www.naymz.com/search/thomas/korthuis/2071758 and all without paying the $9.99/m premium service naymz.com offers.

All this took me about 20 min. This time was also reduced because I already had a lot of info on hand from other social networking websites (e.g. my LinkedIn profile) as you may also already have.