Category Archives: Technical

PCI Compliance – Continued

So after many both my own nmap and openssl and the PCI tests we are finally PCI compliant.

For MediaTemple customers however one thing kept failing the test.

This was the port 8443 which used by Plesk Virtuozo Service and is caused by having the “Offline Management” enabled.

To solve this I asked Mediatemple for help and they gladly disabled the “Offline Management”. This however did not completely solve the issue, since it still left the port open, and since Plesk was still installed it would still overwrite any customization I did to the iptables to block this port, even if I would go though the process of adding it correctly (at least what I could find).

So to solve this I did the following:

I edited the crontab:

crontab -e

and added the block line for iptables:
* * * * * /sbin/iptables -A INPUT -p tcp --dport 8443 -j REJECT

additionally to make sure I did not risk locking myself out I also added a ACCEPT line for my SSH port:
* * * * * /sbin/iptables -A INPUT -p tcp --dport MYPORTNUMBER -j ACCEPT

Cron runs this every minute so as soon as Plesk overwrites the iptables rules, the crontab runs and it’s added again.

This solved the issue which failed the PCI compliance test for me.

In theory this should also work with “Offline management” enabled which is going to be my next experiment. Additionally I am going to try adding an exception for my ip into the iptables to se if that works.

For now though we are PCI compliant and the cron will, for now, make sure it stays that way until I find a more permanent solution or Mediatemple updates the Plesk installation.

PCI Compliance, Weak SSL Ciphers, Plesk, etc

For all those struggling with the marketing stunt that is PCI compliance here are some pages I found that help to make our DV Base at Mediatemple pass the PCI test

Please check out the following links for help on this:

Weak SSL:
465 (smtps/qmail) – http://www.qmailwiki.org/index.php/Qmail-control-files#control.2Ftlsserverciphers
imap/pop – follow instructions http://www.oscommerceuniversity.com/lounge/index.php?topic=265.0

Server wide ssl2 disable and weak ciphers for all virtual domains:
create new file:
vi /etc/httpd/conf.d/zz000_psa_httpd_weak_ssl_disable.conf
press ‘i’ to insert
SSLProtocol ALL -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:-LOW

press ‘esc’ > ‘shift+q’ > ‘wq’ > ‘enter’
/etc/init.d/httpd stop
/etc/init.d/httpd start

Also found this page very helpful: http://www.linux-advocacy.org/web-servers/making-plesk-more-pci-compliant

Question and additions welcome of course..

Comments overload…

Since I receive mainly spam in my comment box (Akismet works great but still have to look through to double check) I going to try reducing it by limiting the ability to comment to registered users only.

Let’s see if that reduces comment spam. Apologies for the extra steps this involves.

Easily moving your ‘Mobile Applications’ folder

Since my iPhone app folder started to become quite substantial (4.5GB +) I wanted to move these files without a lot of hassle.

It should be noted that my iTunes configuration is somewhat different due to the fact that I use Libra (http://www.sillybit.com/libra/) to manage a few different libraries on my Mac.

Since I already had all the audio and video files stored on an external drive I just needed to find an easy way of doing the same thing with my applications.

This is what I did:

- Move the ‘Mobile Applications’ folder to my external drive
- Open up iTunes to find that iTunes can’t find the files anymore and has no way batch changing all the links to the new location.
- Spend some time looking online
- Spend some more time not finding a simple solution
- Getting an idea for my own solution
- Creating an ‘alias’ folder by option-command dragging the copied Mobile Applications folder to the original location of the folder (in my case ~/Music/iTunes) and making sure the name says Mobile Applications
- restarting iTunes to find it’s having no problem finding the files and everything working like it should.

So there it is.. It was as easy as moving the folder and creating an alias in the original location, at least for me this worked…

Update: It seems the above steps led to my entire app library being copied to the iPhone (including the ones that I had previously removed but still had in the library). This could be because I restarted iTunes after copying and removing the original folder before I created the alias. So just keep in mind, that this could lead to you having to reselect which apps you want to copy to the iPhone, or like I’m doing in my case, take this opportunity to start removing the ones you don’t want to put on there anymore.

New Development Horizons – Getting into iPhone Dev

Today I enrolled into the iPhone Development Program. Since I have no objective C, C++ or C- knowledge I looked for tools beforehand in order to make the step into development simpler.

I found a couple:

Now the difference between PhoneGap, Titanium and Corona is that both PhoneGap and Titanium are tools to help you write iPhone apps based on html and javascript including many of the popular libraries (prototype, mootools, jquery, etc.) thereby essentially removing the learning curve of iPhone dev for web designers. Also both are free downloads.

Corona on the other hand is a different matter all together. It let’s you write in Lua. Therefore Corona does have a learning curve, but (keep in mind I don’t know enough about iPhone dev to say this with complete certainty ) might provide more advanced development possibilities.

As of now I will start out using PhoneGap, and when things go smoothly and I have the time to mess about with the Corona Trail Download I might even purchase the Corona Package ($99) and use that since the Lua language seems logical and easy to learn.

I’ll post regularly with updates regarding my Dev journey.

MediaTemple Grid Service (GS) Experience

Since March 09 I have been hosting my blogs EcoTipsForLife.com and my website move2create.com at MediaTemple.com

I have been using the Grid (GS) service and can report that I haven’t had any outages (that where not my doing of course…) or issues since.

Hosting is reliable, system maintenance is announced well ahead and often scheduled well in advance and customer service is very fast, responsive and helpfull.

All in all, I am a very happy MT customer.

On top of that I am only paying a total of $13.33 a month ($160/year) for their $20 a month Grid Service.

This is because I used the coupon “retailmenot” which takes off 20% of any plan for the life of the plan, and since I paid yearly the discount was quite substantial.

For more info or to order service from MediaTemple click here

Website Baker – Different CSS backgrounds on every page with one css file

I was creating a new website and decided to use a Website Baker template I had previously made as a base.

This template used the a bit of PHP code you can find on www.alistapart.com/d/randomizer/rotate.txt which automatically randomly rotates between images in a specified directory.

However for the new website this was not what I needed. I wanted to change the background of the page automatically, but not randomly.

My solution was the following.

Step 1: I modified Website Baker’s frontend.functions.php file, which you can find in the framework folder and added the following function to display the page id:

// Function for page id
if (!function_exists('page_id')) {
function page_id($spacer = ' - ', $template = '[PAGE_ID]') {
$vars = array('[PAGE_ID]');
$values = array(PAGE_ID);
echo str_replace($vars, $values, $template);
}
}

Step 2: I added the css code to the header of my index.php template file (this way the background image loads properly and I am easily able to use the page_id function):

<style type="text/css">
#my_div { background-image:url(<?php echo TEMPLATE_DIR; ?>/theimagesdirectory/<?php page_id();?>.jpg);}
</style>

and pointed it to the images directory containing the images.

Now I can just put an image into the images directory and name it XX.jpg (where XX is the corresponding page id) to control what image is being displayed for a certain page.

Of course there might be easier ways of doing this, but I am not a seasoned PHP developer, so I tend to go with whatever I can get to work….. and this is working great for my specific needs.

Tip: There are also several ways of using php directly in your css file. One way I have been using, since I need to compress the CSS file anyway, is to put this code at the top of your css file:

<?php

header('Content-type: text/css');

ob_start("compress");
function compress($buffer) {
$buffer = preg_replace('!/\*[^*]*\*+([^/][^*]*\*+)*/!', '', $buffer);
$buffer = str_replace(array("\r\n", "\r", "\n", "\t", ' ', ' ', ' '), '', $buffer);
$buffer = str_replace('{ ', '{', $buffer);
$buffer = str_replace(' }', '}', $buffer);
$buffer = str_replace('; ', ';', $buffer);
$buffer = str_replace(', ', ',', $buffer);
$buffer = str_replace(' {', '{', $buffer);
$buffer = str_replace('} ', '}', $buffer);
$buffer = str_replace(': ', ':', $buffer);
$buffer = str_replace(' ,', ',', $buffer);
$buffer = str_replace(' ;', ';', $buffer);
return $buffer;
}

?>

And this in the bottom:

<?php ob_end_flush();?>

Change the extension of the file from .css to .php and load it in the header using: <link rel="stylesheet" type="text/css" href="<?php echo TEMPLATE_DIR; ?>/css/style.php" />

There are many resources (http://websitetips.com/articles/optimization/css/crunch/ and http://forums.oscommerceproject.org/index.php?showtopic=691&pid=6347&st=0 to name a few) which show you how to compress your css files in this way with the added bonus that you can then use php code within your css stylesheets.

New hosting for move2create.com | Virpus VPS

As of last month I relocated move2create.com to it’s new home on my VPS I recently got from virpus.com.

As this was my first VPS I expected quite some work, but with the help of resources like vpsmedia.com/articles it proved to be less work then I had imagined. My experiences as a beginner VPS user with virpus.com have been excellent and would definitely recommend them.

virpus

Odiogo added to GeekyNomad.com

GeekyNomad.com post can now be listened to through the service of Odiogo.com.

You can do this by using the “listen now” button or by using the “subscribe now” button in the sidebar.

Tip: Just wanted to include my experience regarding the plugin. For me it wasn’t immediately clear how I could manually determine the location of the plugin “listen now” button. Then I stumbled across a line in odiogo_listen_button.php (wp-content > plugins > odiogo_listen_button) which I had overlooked.

Around line 113 there is an option that says:

$odiogo_adv_options['manually_insert_listennow_link'] = false;

Set this to true and use the code:

<?php odiogo_listennow();?>

to include the listen button anywhere you want in your template files.

UPDATE: In one of the updates of de Odiogo button this feature (meaning $odiogo_adv_options['manually_insert_listennow_link'] = false;) was moved from around line 113 to around line 57.

Move to Site5.com Hosting

As of today geekynomad.com is being hosted by Site5.com. Because of frequent downtime, email interruptions, slow page loading, etc we have moved from ixwebhosting to Site5. As well as having faster load times than ixwebhosting they offer more features then the old provider.