Author Archives: dmitriano

Older posts
Newer posts
27
01
25
 Leave a comment

Denying access to /xmlrpc.php on a WordPress website

Posted by | Nginx, WordPress |

Today I notices that my WordPress website consumes 30% CPU.

(more…)
27
01
25
 2 Comments

Preventing OpenVPN clients from seeing each other

Posted by | Ubuntu | Tagged |

Listing existing rules

sudo docker exec -it dockovpn_dockovpn_1 bash
iptables --list

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere             state NEW,ESTABLISHED udp dpt:openvpn
ACCEPT     all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  10.8.0.0/24          anywhere
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere             state ESTABLISHED udp spt:openvpn
ACCEPT     all  --  anywhere             anywhere
(more…)
26
01
25
 4 Comments

Running VPN Server with Access Server in a Docker container

Posted by | Ubuntu | Tagged |

Run the docker container:

sudo docker pull openvpn/openvpn-as
sudo ufw allow 1194/udp
sudo ufw allow 943/tcp
sudo ufw allow 1443/tcp

sudo docker run -d --rm \
  --name=openvpn-as --device /dev/net/tun \
  --cap-add=MKNOD --cap-add=NET_ADMIN \
  -p 943:943 -p 1443:443 -p 1194:1194/udp \
  -v /var/lib/openvpn-as:/openvpn \
  openvpn/openvpn-as

sudo docker logs -f openvpn-as | grep "generated pass"

Auto-generated pass = "*********". Setting in db...
(more…)
20
01
25
 3 Comments

Creating Docker network for hosting legacy PHP websites

Posted by | Ubuntu | Tagged |

Running test Docker containers

sudo docker network create --subnet=172.20.0.0/16 legacy_net
sudo docker network ls

NETWORK ID     NAME               DRIVER    SCOPE
61aa4a19ec0c   bridge             bridge    local
7c0ebcfd4e3a   dockovpn_default   bridge    local
79ed9c355254   host               host      local
99d8bde8e488   legacy_net         bridge    local
086455f026a8   none               null      local
(more…)
19
01
25
 5 Comments

Upgrading my Joomla website from 4 to 5

Posted by | Joomla |

Pre-Update check page displayed that I need Output Buffering:

(more…)
19
01
25
 1 Comment

Upgrading my Joomla website from 3 to 4

Posted by | Joomla |

I have the following Joomla version:

(more…)
18
01
25
 Leave a comment

How to update a WordPress website securely

Posted by | WordPress |

To prevent a website from changing its source code set user = nobody in its pool config, that can be /etc/php/8.3/fpm/pool.d/slogpost.conf for example:

[slogpost]

user = nobody
group = slogpost

listen = /run/php/www-slogpost.sock
include=/etc/php/8.3/fpm/socket-owner.conf

pm = ondemand

pm.max_children = 10
pm.start_servers = 0
pm.min_spare_servers = 0
pm.max_spare_servers = 1
pm.max_requests = 500

slowlog = /var/log/php-my/$pool.slow.log
request_slowlog_timeout = 5s
request_terminate_timeout = 300s

chdir = /
(more…)
15
01
25
 25 Comments

Migrating my VPS from Ubuntu 16.04 to Ubuntu 24.04

Posted by | Ubuntu |

Migrating the users and groups

Copied my groups from /etc/group:

dmitriano:x:1000:
slogpost:x:1001:www-data,bak
beauty:x:1009:www-data,bak
test1:x:1012:www-data,beauty,dmitriano,devnote,bak
test2:x:1013:www-data,bak
devnote:x:1018:www-data,bak
exchange:x:1025:
git:x:1026:www-data,bak
game:x:1027:www-data,bak
shar:x:1029:www-data,bak
bak:x:1032:
(more…)
13
01
25
 3 Comments

Using tcpdump with OpenVPN

Posted by | Ubuntu | Tagged , |

VPN service opens tun0 device in the docker container:

sudo docker exec -it 966f926484bc sh
/opt/Dockovpn # ifconfig

eth0      Link encap:Ethernet  HWaddr 02:42:AC:11:00:03
          inet addr:172.17.0.3  Bcast:172.17.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:20553 errors:0 dropped:0 overruns:0 frame:0
          TX packets:20539 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:14609434 (13.9 MiB)  TX bytes:14757264 (14.0 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:7825 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12572 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:1673378 (1.5 MiB)  TX bytes:12115333 (11.5 MiB)
(more…)
12
01
25
 5 Comments

Connecting to OpenVPN from an Android device

Posted by | Ubuntu | Tagged , |

I cloned repository https://github.com/dockovpn/dockovpn and updated config/server.conf to increase the server log verbosity by setting verb to 4:

port 1194
proto %HOST_TUN_PROTOCOL%
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/MyReq.crt
key /etc/openvpn/MyReq.key
dh /etc/openvpn/dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
duplicate-cn
keepalive 10 120
cipher AES-256-GCM
ncp-ciphers AES-256-GCM:AES-256-CBC
auth SHA512
persist-key
persist-tun
status openvpn-status.log
verb 4
tls-server
tls-version-min 1.2
tls-auth /etc/openvpn/ta.key 0
crl-verify /etc/openvpn/crl.pem
(more…)
Older posts
Newer posts