[sdnog] SSL integration Issues
Ayman Alshaikh
0x4ym4n at gmail.com
Fri Aug 26 21:23:41 SAST 2016
Good evening everyone
after taking a look on server process I saw many apache process that eat
all my ram after some googling i found an article said this issue related
to DDOS attack on XMLRPC feature that comes by default with WordPress . I
followed their instructions and now everything work perfectly .
this is my first time to installing and deploying website depends on
WordPress online so I didn't notice this such kind of attacks .
this is link
https://www.digitalocean.com/community/tutorials/how-to-protect-wordpress-from-xml-rpc-attacks-on-ubuntu-14-04
.
.
.
Regards
On Fri, Aug 26, 2016 at 8:07 PM, Philip Paeps <philip at trouble.is> wrote:
> On 2016-08-26 13:32:18 (+0200), Ayman Alshaikh <0x4ym4n at gmail.com> wrote:
> > I'd installed SSL cert. during Letsencrypt live tutorial @SDNOG3
> > conference
>
> Excellent! I hope you are not the only one. :)
>
> > the first thing I'd noticed some external links wasn't https
> > therefore some browser "eg firefox" says some page contents aren't secure
> > .. later I managed to solve it by installing a plugin that enforce https
> > for every external-internal links if supported https otherwise block it
> ..
> > this worked perfectly for me :)
>
> You probably want to make sure that all your "external resources" are
> loaded
> over HTTPS. I'm not terribly familiar with web things, but as far as I
> understand it, every "img" and "script" resource needs to have an HTTPS
> origin or web browsers will complain.
>
> Should be a small matter of sed or another mechanical replace to fix.
>
> > [...] I started to integrate Cloudflare service [...]
>
> As Nishal points out: Cloudflare is probably doing more harm than good for
> you in Sudan.
>
> > this made my browser enter into infinte loop of redirection
>
> Perhaps a tcpdump or Wireshark capture of the problem can help debug this.
>
> > also I did a lot of googling to uninstall letsencrypt to disable https
> > connection and test Cloudflare without it but i didn't find anything
> useful
> > I tried to disable apachesslmod but no success . i am just tring i trust
> > letsencrypt BTW :)
>
> Note that HTTPS will take up more system resources than plain HTTP. You
> might just be running out of memory on your VPS!
>
> Philip
>
> --
> Philip Paeps
> Senior Reality Engineer
> Ministry of Information
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sdnog.sd/pipermail/sdnog/attachments/20160826/f2737c16/attachment.html>
More information about the sdnog
mailing list