Top Posts
How to install Emby Server on Ubuntu
Best Linux distribution (distros) in 2022
15,000 WordPress Sites hacked with Malicious Redirects
How to Install Python 3.9 on Ubuntu 18.04
How to Install Python 3.9 on Ubuntu 16.04
How to Install MongoDB on Ubuntu 16.04 to...
How to enable HSTS on Apache
How to install Python on CentOS 8
How to install PHP 8.1 on RHEL based...
Comment activer HSTS pour Apache
Navigating CVE-2023-49103: Proactive Defense for ownCloud
Monday, July 7, 2025
News

Windows Internet Key Exchange Exposed to RCE Flaw

by pcplanet
written by pcplanet 2 mins read

Multiple exploits against Windows Internet Key Exchange (IKE) Protocol Extensions have been found. Security company Cyfirma has warned that the vulnerabilities it has discovered may have been exploited to compromise almost a thousand systems, according to a new warning shared with Infosecurity.

Threat actors speaking Mandarin would use the company’s insights as part of a campaign that translates to “bleed you” It has been discovered by the Cyfirma Research team that unknown hackers are distributing an exploit link on underground forums, which might be used to target vulnerable PCs.

There is “a major vulnerability” in Windows Internet Key Exchange Protocol Extensions, according to the warning.

Remote code execution (RCE) is possible due to an unidentified flaw in the IKE Protocol Extensions component.

Cyfirma claims the flaw exists in the implementation of the deprecated but backwards-compatible IKEv1 […] protocol.

While IKEv2 is not impacted, the vulnerability impacts all Windows Servers as they receive both V1 and V2 packets, making the issue significant.

According to the white paper, the “proof of concept” takes use of a memory corruption issue with the svchost service on vulnerable systems.

“Memory corruption happens when the debugging plug-in Page Heap for the Internet Key Exchange process is turned on.” When trying to read more data than what is allowed, the exe process that hosts the Internet Key Exchange protocol service breaks down.

Cyfirma has said that it is unsure who is behind the “bleed you” campaign, but that its researchers have found connections to Russian cybercriminals.

According to the company, “Russia and China have created a strategic collaboration from a strategic perspective on altering geopolitical conditions from external threat landscape management.”

Microsoft fixed the flaw, which Cyfirma has identified as CVE-2022-34721, by adding a length check to incoming data and terminating processing if the length is too short, as reported by the security firm.

0 comments
0 FacebookTwitterPinterestEmail
News

Aurora Malware’s Samples & C2 Servers On The RISE

by pcplanet
written by pcplanet 4 mins read

The Aurora Malware, a sophisticated data stealer with reliable infrastructure and few detections, is being adopted by cybercrime syndicates. Researchers at SEKOIA have seen a rise in the quantity of Aurora samples and the number of C2 servers used to process them.

Caphaw/Redline, Raccoon and Aurora Malware Stealers on the Rise

The researchers claim that numerous advertisements for Redline, Raccoon, and Aurora stealing tools have been discovered on underground message boards with the express purpose of recruiting traffers and rating these tools. Multiple infection chains were recorded in October and November, resulting to Aurora stealer execution in the wild. Seven traffers teams have been detected actively distributing the stealer, including RavenLogs, BrazzersLogs, DevilsTraff, YungRussia, Gfbg6, SAKURA, and HellRide.

Aurora stealer is transmitted using phishing pages that seem like legitimate software download pages, such as remote access tools and bitcoin wallets. Other infection vectors include YouTube movies with links to phoney software and cheat catalogues, as well as SEO-enhanced fake software crack download websites.

Mostly what your 12 year-old CS:GO player will click.

Command and Control server communications

Upon execution, Aurora, a Golang-based information stealer, executes a number of commands through WMIC to gather fundamental host information, capture a screenshot of the victim’s desktop, and exfiltrate data to the C2 server.

The malware uses TCP connections to communicate, with port 8081 being the most often used one. The information that was stolen is in JSON format.

 All messages abide by the same structure, each keys are described below:

  • Browser: name of the browser where data was collected (ex: Mozilla, Chromium, etc.);
  • Cache: content of the stolen file encoded in base64;
  • FileName: name of the stolen file (e.g. cookies.sqlite, Login Data);
  • GRB: likely the grabber configuration. Of note, SEKOIA.IO only observed the value “null”;
  • Info: host fingerprint information, including:
  • Name: a random name defined by threat actor;
  • BuildID: name of the build, the value often matches a threat actor’s Telegram account;
  • OS: Windows version;
  • HWID: hardware ID;
  • GPU: graphical card information;
  • CPU: CPU name and vendor;
  • RAM: amount of memory;
  • Location: execution path of Aurora sample;
  • Screen: size of the screen of the infected host;
  • IP: expecting the IP address of the infected host but the value is always an empty string.
  • MasterKey: encryption key used to read the data of the stolen file, for instance some browsers store the saved password encrypted;
  • Path: always empty string;
  • Type: type of the exfiltrated data (Browser-Mozilla, Screenshot, etc.).

Here’s an example of fingerprint information that was sent to the C2 Aurora Server:

From https://blog.sekoia.io/aurora-a-rising-stealer-flying-under-the-radar/
  • It targets information stored in various web browsers (cookies, passwords, history, credit card information), cryptocurrency browser extensions that manage cryptocurrency wallets, such as Electrum, Ethereum, Exodus, Zcash, Armory, Bytecoin, Guarda, and Jaxx Liberty, and Telegram.
  • It encapsulates all the stolen information from the infected host in a single base64-encoded JSON file and delivers it to the C2 through TCP ports 8081 or 9865.
  • The malware author offers file grabber and loader functionality. It then executes the subsequent stage using a PowerShell command after downloading a fresh remote payload to the filesystem.

The Development of the Aurora Malware

The malware first appeared in April as a multi-function botnet capable of theft, downloading, and gaining remote access.

Even though its creators had ceased posting about it in June, a threat actor known as Cheshire began offering it for sale as Malware-as-a-Service (MaaS) in July. This was done to generate revenue. The MaaS operation was shut down at some point in late August, and from about that time, Telegram and other underground forums began marketing The malware as a thief rather than a botnet. In September, KO7MO started spreading word about the heist on an online community known as XSS. You may rent it for $250 per month, or you can buy a permanent license for $1,500 once and use it forever.

Find out more on the full blog post

0 comments
2 FacebookTwitterPinterestEmail
News

15,000 WordPress Sites hacked with Malicious Redirects

by pcplanet
written by pcplanet 3 mins read

Over the past week, hackers have launched a new campaign that has already infiltrated over 15,000 WordPress sites in an effort to trick users into visiting malicious question and answer websites.

A “smart black hat SEO tactic,” according to Sucuri researcher Ben Martin, “these malicious redirects appear to be aimed to improve the authority of the attacker’s sites for search engines.”

The strategy of search engine poisoning is intended to promote a “handful of phony low-quality Q&A sites” that share similar website-building templates and are administered by the same threat actor.

In contrast to past attacks of this type, in which just a small number of files are modified to lower footprint and evade detection, it is significant that the hackers are capable of modifying an average of over 100 files per website.

Commonly infected sites include wp-signup.php, wp-cron.php, wp-links-opml.php, wp-settings.php, wp-comments-post.php, wp-mail.php, xmlrpc.php, wp-activate.php, wp-trackback.php, and wp-blog-header.php.

This broad infiltration enables malware to conduct redirects to destinations selected by the attacker. To minimize suspicion, it is important to note that redirects do not occur if the wordpress logged in cookie is present or if the current page is wp-login.php (the login page).

The campaign’s ultimate objective is to “attract more traffic to their bogus sites” and “raise the sites’ authority using false search result clicks so that Google ranks them higher and they receive more real organic search traffic.”

The injected code accomplishes this by initiating a redirect to a PNG image housed on a domain named “ois[.]is” that, rather than loading the picture, redirects the website visitor to the Google search result URL of a spam Q&A domain.

It is not immediately clear how the WordPress sites are compromised, and Sucuri stated that it did not observe any obvious plugin vulnerabilities being used in the campaign.

Nevertheless, brute-force attacks on WordPress administrator accounts are feared, making it imperative that user’s setup two-factor authentication and keep all software up-to-date

I can also say that I’ve been seeing quite a number of requests to the pages mentioned above

1 comment
0 FacebookTwitterPinterestEmail
News

RapperBot Malware Targets Game Servers For DDoS Attacks

by pcplanet
written by pcplanet 2 mins read

Cybersecurity researchers have found new cases of RapperBot malware used to build a botnet that can attack gaming servers with DDoS attacks.

Researchers from Fortinet FortiGuard Labs, Joie Salvio and Roy Tay, said in a paper that came out on Tuesday that this campaign is less like RapperBot than an older one that started in February and disappeared in mid-April for no clear reason.

The network security company found out about RapperBot in August 2022. It is heavily based on the Mirai botnet, whose source code was leaked in October 2016, which led to many different versions.

What can it do?

The new version of the RapperBot malware can do brute-force Telnet attacks, as well as DoS attacks using the Generic Routing Encapsulation (GRE) tunneling protocol and UDP floods that target game servers running Grand Theft Auto: San Andreas.

The researchers said, “The Telnet brute-force code is mostly made for self-propagation and looks like the old Mirai Satori botnet.”

This was clear in the artifacts that were found after July 2022.

https://www.fortinet.com/blog/threat-research/rapperbot-malware-discovery/_jcr_content/root/responsivegrid/image.img.png/1659483943925/fig1.png

Attack Outcomes

When an attack is successful, the credentials used are sent back to the C2 server and the RapperBot payload is installed on the device that was broken into.

Attack Scope

Fortinet said that the RapperBot malware is made to only attack appliances that run on the ARM, MIPS, PowerPC, SH4, and SPARC architectures. If an appliance runs on an Intel chipset, the virus will stop spreading itself.

Also, it has been found that the October 2022 campaign has overlaps with other operations that used the malware as far back as May 2021. The Telnet spreader module first showed up in August 2021, but was taken out of later samples and put back in last month.

“Based on the undeniable similarities between this new campaign and the previously reported RapperBot campaign, it is highly likely that they are both being run by a single threat actor or by different threat actors who have access to a privately shared base source code,” the researchers said.

Read the full research article on fortinet

0 comments
1 FacebookTwitterPinterestEmail
News

OpenSSL 3.0 Vulnerability: What you need to know

by pcplanet
written by pcplanet 3 mins read

Two security flaws in OpenSSL versions 3.0–3.0.6 were recently disclosed by the OpenSSL Project (first released in September 2021). Users are advised to upgrade to OpenSSL 3.0.7, which contains patches for the vulnerabilities CVE-2022-3786 and CVE-2022-3602, which were reduced from “critical” to “high,” and which affect X.509 email address buffer overflows.

OpenSSL is a free and open-source library that implements the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols to encrypt data in transit over an insecure network, such as the Internet.

What are the OpenSSL 3.0 vulnerabilities?

One vulnerability that can lead to a denial of service is CVE-2022-3786, which affects X.509 email addresses and their variable length buffer overflows. There is a vulnerability in X.509 email addresses (CVE-2022-3602) that might lead to a denial of service and, in extreme cases, remote code execution due to a 4-byte buffer overflow (the circumstances were not detailed).

Due to the low likelihood of exploiting CVE-2022-3602 under “common situations,” the OpenSSL Project lowered the severity of the issue from critical to high.

How do the vulnerabilities work?

The OpenSSL advisory states, “A buffer overrun can be triggered in X.509 certificate verification, especially in name constraint checks. Keep in mind this happens after the certificate chain signature verification process has completed and necessitates either the malicious certificate being issued by a CA or the application continuing to verify certificates despite the inability to create a path to a trusted issuer. Using a specially crafted email address, an attacker can cause a stack overflow in which they have control of the first four bytes. This buffer overflow might cause the application to crash (resulting in a denial of service) or even allow remote code execution.

“Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler…

“In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.”

CVE-2022-3602 – OpenSSL Remote Code Execution

The OpenSSL CVE-2022-3602 vulnerability is caused by the wrong way Punycode is handled when checking X.509 certificates.

Punycode is a way to represent Unicode strings with the limited set of ASCII characters. It is usually used to encode domain names with characters that are not ASCII, like Japanese letters. A string that is encoded in punycode starts with “xn—” and then has English letters and numbers after it.

When a Punycode string is decoded, the function ossl punycode decode could cause a buffer overflow. When OpenSSL processes a certificate chain, it is called. To take advantage of a weakness, it is necessary to:

1) Craft a CA (certificate authority) certificate or Intermediary certificate that contains the “nameConstraints” field with a malicious Punycode string. The Punycode string must contain at least 512 bytes excluding “xn--”.

2) Craft a leaf certificate that contains a SubjectAlternateName (SAN) otherName field that specifies a SmtpUTF8Mailbox string

CVE-2022-3786 – Denial of Service

Buffer overflow occurs in the ossl_a2ulabel vulnerable function. When this function meets a Punycode part followed by a dot character (“.”) it also appends “.” to the output buffer even if it overflows its size.

This way, an attacker can overflow the output buffer by any number of “.” characters, which leads to the stack corruption. This vulnerability can’t be used for remote code execution, just denial of service.

Is your organization at risk?

Only applications that use OpenSSL 3.0 are at risk.

It has been determined by the OpenSSL Security Team that: “The bugs were introduced as part of punycode decoding functionality (currently only used for processing email address name constraints in X.509 certificates). This code was first introduced in OpenSSL 3.0.0. OpenSSL 1.0.2, 1.1.1, and other earlier versions are not affected.”

Solution

OpenSSL version 3.0.7 has been released to address these vulnerabilities. Downloads for the new release can be found here.

Read more here

https://www.openssl.org/news/secadv/20221101.txt
https://www.cisa.gov/uscert/ncas/current-activity/2022/11/01/openssl-releases-security-update

0 comments
1 FacebookTwitterPinterestEmail
News

What is HTTP/2 and it’s benefits

by pcplanet
written by pcplanet 5 min read

Introduction To HTTP1.1 and HTTP/2

If we want to talk about how HTTP/1.1 changed into HTTP/2, we should take a quick trip back to the 1990s. HTTP was a simple protocol for getting files from a web server to your computer. This was because the first websites were pretty simple and mostly used text documents with just a few pictures.

HTTP was used to transfer “hypertext” documents in the early 1990s. These were HTML pages with style and hyperlinks. Text and visuals predominated. By 1996, most agreed on version 1.0. This version was elegant and straightforward for the internet demands of the mid-1990s: connect, download, close.

Things altered by the late 1990s. More and more, it was evident that the web was becoming more than a worldwide version of “Choose Your Own Adventure” More people acquired items, therefore protecting them became crucial. People wanted more than simply images. They wanted to view movies, update papers, and send animated greeting cards online. “One connection, one file” was too sluggish for new apps.

In 1999, HTTP 1.1 was released by the w3c, which oversees managing the HTTP standard. This change to the 1.0 standard was just a temporary fix to help web servers run faster on the “hypermedia” web of the future.

Then, the new ideas kind of stopped coming. You probably know that the web changed a lot from 1999 to 2015, but for those 16 years, we made do with the old HTTP/1.1 standard, fitting more and more advanced apps into its small space.

Development milestones

DateMilestone
December 20, 2007First HTTP/1.1 Revision Internet Draft
January 23, 2008First HTTP Security Properties Internet Draft
Early 2012Call for Proposals for HTTP 2.0
October 14 – November 25, 2012Working Group Last Call for HTTP/1.1 Revision
November 28, 2012First WG draft of HTTP 2.0, based upon draft-mbelshe-httpbis-spdy-00
Held/EliminatedWorking Group Last Call for HTTP Security Properties
September 2013Submit HTTP/1.1 Revision to IESG for consideration as a Proposed Standard
February 12, 2014IESG approved HTTP/1.1 Revision to publish as a Proposed Standard
June 6, 2014Publish HTTP/1.1 Revision as RFC 723072317232723372347235
August 1, 2014 – September 1, 2014Working Group Last call for HTTP/2
December 16, 2014Submit HTTP/2 to IESG for consideration as a Proposed Standard
December 31, 2014 – January 14, 2015IETF Last Call for HTTP/2
January 22, 2015IESG telechat to review HTTP/2 as Proposed Standard
February 17, 2015IESG approved HTTP/2 to publish as Proposed Standard
May 14, 2015Publish HTTP/2 as RFC 7540
February 2020RFC 8740: HTTP/2 with TLS 1.3

A Look at the Change from HTTP/1.1 to HTTP/2

Before HTTP/2 came out in 2015, HTTP/1.1 had already reached its limit. In fact, Google has been working on its own replacement for HTTP/1.1 since the early 2010s. It’s called SPDY (which is pronounced “speedy”). This protocol used the framework that had already been set up for HTTP/1.1, but it changed how the framework handled requests. SPDY could download multiple resources at once over a single connection by using multiplexing. By adding a translation layer, it could also be “back-ported” to applications that were already in use.

Google is a natural leader in this area because they have been making web-based programs like Gmail and Google Apps that work more like desktop software than websites. Because SPDY was so well-designed, HTTP/2 is based on it.

Because of this, all of the major browsers now support HTTP/2, which is based on SPDY and was officially approved by w3 in 2015.

How HTTP/2 Outperforms HTTP/1.1 in Speed

Nowadays, the concept of “webpages” is about as dated as the concept of “videotaping” anything on a smartphone. Modern websites, like modern apps, need a constant two-way flow of data to do their main jobs.

When you type in a Google Doc, like I am doing right now, data is sent to Google’s servers. After you send the information to Google’s servers, your browser will get updates with the text you entered, as well as suggestions, the latest status of the document’s changes, and more. When you use HTTP/1.1, every time you hit a key, a new connection is made to the server, and the character you type is sent. If you added the character you see on your screen, your browser would have to repeatedly “ping” Google’s server to see how the document is doing. There are a lot of links to keep up, and each one takes time.

A closer look

HTTP/2 allows two-way streams over a single connection, unlike prior protocols. Your browser constantly requests new information from Google’s server. No need to “send data,” “wait for a response,” “refresh the screen,” etc. All at once. A Google Doc or comparable online “document” may update so often it seems like a computer program.

These are some of the high-level differences between HTTP1 and HTTP2:

  1. Unlike its predecessor, HTTP1, HTTP2 uses binary data instead of text.
  2. HTTP2 is fully multiplexed, as opposed to ordered and blocked.
    1. Parallelism in HTTP2 may be achieved through the use of a single connection.
  3. By shrinking headers, HTTP2 saves money.
  4. Servers can “push” responses to client caches in advance using HTTP2.

A closerer look

Multiplexing:

When using HTTP/1.1, resources are loaded sequentially; if one fails to load, it prevents the loading of subsequent ones. HTTP/2, on the other hand, may transport many streams of data over a single TCP connection, ensuring that no single resource is blocking any others. As a result, HTTP/2 segments data into binary-code messages, each of which is assigned a number that identifies its stream within the client.

Server push:

 A server only sends information to a client when the client asks for it. This strategy doesn’t always work for modern websites, where the client may have to ask for dozens of resources. This problem is fixed by HTTP/2, which lets servers send information to clients even before they ask for it. As if Bob had sent Alice a Table of Contents for his book before sending it, the server also sends a message that tells the client what to expect in the push.

Header compression:

 Small files load more quickly than large ones. To speed up web performance, both HTTP/1.1 and HTTP/2 compress HTTP messages to make them smaller. However, HTTP/2 uses a more advanced compression method called HPACK that eliminates redundant information in HTTP header packets. This eliminates a few bytes from every HTTP packet. Given the volume of HTTP packets involved in loading even a single webpage, those bytes add up quickly, resulting in faster loading.

The Case for Migrating to HTTP/2

One of the most common and important suggestions most agencies make during technical audits of websites is to switch from HTTP/1.1 to HTTP/2. We can often improve a website’s functionality by a lot with little work and money.

Perhaps your firm isn’t very dynamic. Like the early days of the internet, maybe most of your pages are mostly just text and pictures that don’t change. This is great, and HTTP/2 is an easy win for you. If you change your hosting to use HTTP/2, all of your page’s content will come down the pipe on one connection instead of many. This will speed up the delivery of your content to users by a lot.

If we use Google’s Lighthouse to test a website, the tool doesn’t even provide ideas to improve your HTTP/1.1 delivery; instead, it just advises to update to HTTP/2, suggesting that this may be a pass/fail test in Google’s algorithm.

Server software

  • Apache .. supports HTTP/2 via the module mod_h, although appropriate patches must be applied to the source code of the server in order for it to support that module As of Apache . all patches are included in the main Apache source tree, although the module itself was renamed mod_http. Old versions of SPDY were supported via the module mod_spdy, however the development of the mod_spdy module has stopped.
  • Apache Tomcat supports HTTP/2 with version . and newer with a configuration change.
  • Apache Traffic Server supports HTTP/2.
  • Caddy supports HTTP/2.
  • Charles Proxy supports HTTP/2 since version Charles .
  • Citrix NetScaler .x supports HTTP/2.
  • Sucuri Supports HTTP/2.
  • F BIG-IP Local Traffic Manager . supports HTTP/2.
  • Barracuda Networks WAF (Web Application Firewall) supports HTTP/2.
  • ho was built from the ground up for HTTP/2 support.
  • HAProxy . supports HTTP/2.
  • Jetty . supports HTTP/2.
  • lighttpd .. supports HTTP/2.
  • LiteSpeed Web Server . supports HTTP/2.
  • Microsoft IIS supports HTTP/2 in Windows , Windows Server , and Windows Server .
  • Netty . supports HTTP/2.
  • nginx .. supports HTTP/2, released on September , , using module ngx_http_v_module and HTTP/2 Server Push since version .. on February , .
  • Node.js Stable support since … (. supports HTTP/2 with a module and Node . introduced experimental built-in support for HTTP/2.)
  • Kestrel web server for ASP.NET Core supports HTTP/2 since .NET Core ..-preview .
  • OpenLiteSpeed .. and .. supports HTTP/2.
  • Proxygen supports HTTP/2.
  • Pulse Secure Virtual Traffic Manager . supports HTTP/2.
  • Radware Alteon NG supports HTTP/2.
  • ShimmerCat supports HTTP/2.
  • Vert.x . supports HTTP/2.
  • Warp (Haskell web server, used by default in Yesod) supports HTTP/2.
  • Wildfly  supports HTTP/2.
  • Envoy proxy supports HTTP/2.

Here’s a little more information on implementations

https://github.com/httpwg/http2-spec/wiki/Implementations

0 comments
1 FacebookTwitterPinterestEmail
LinuxWindows

How to use SSH

by pcplanet
written by pcplanet 7 minutes read

The Secure Shell (SSH) protocol uses cryptography to make a secure link between a client and a server. The ssh client makes it possible to connect to an SSH server on a remote machine in a safe way. You can send commands to the server, set up an X11 tunnel, forward ports, and more through this safe channel.

OpenSSH is the most widely used SSH client, but there are many others, both free and paid, that can be used as well. It works with a lot of different systems, like Linux, OpenBSD, Windows, and macOS.

In this article, you will learn how to use the OpenSSH command-line client (ssh) to log into a remote machine and do several things on it.

Installing OpenSSH Client

The terminal can run the OpenSSH client application ssh. The OpenSSH client package includes scp and sftp.

on Linux

The majority of Linux distributions come with the OpenSSH client installed by default. You can use your distribution’s package management to install the client if it isn’t already on your system.

on Ubuntu and Debian

sudo apt update
sudo apt install openssh-client

on CentOS and Fedora

sudo dnf install openssh-clients

on Windows 10

The majority of Windows users connect to distant machines using SSH using Putty. The most recent iterations of Windows 10 do, however, come with an OpenSSH client and server. Both packages can be installed using PowerShell or the GUI.

Write the following command to discover the precise name of the OpenSSH package:

Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'

This is the kind of result you should get from the command:

Name  : OpenSSH.Client~~~~0.0.1.0
State : NotPresent
Name  : OpenSSH.Server~~~~0.0.1.0
State : NotPresent

The package can be installed once its name has been determined by typing:

Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

If all goes well, the result will look like this:

Path          :
Online        : True
RestartNeeded : False

Installing OpenSSH Client on macOS

OpenSSH client is installed on macOS by default.

How to Use the ssh Command

To log into a remote machine, you must meet the following requirements:

  1. On the remote machine, an SSH server must be running.
  2. The remote machine’s firewall must have the SSH port open.
  3. You must know the remote account’s username and password. For remote login, the account needs to have the rights it needs.

The ssh command has this basic syntax:

ssh [OPTIONS] [USER@]:HOST

To use the command, launch Terminal or PowerShell and enter ssh followed by the remote hostname:

ssh ssh.pcplanet.com

When you initially connect to a remote machine, you will see the notice shown below.

The authenticity of host 'ssh.pcplanet.com (10.0.5.99)' can't be established.
ECDSA key fingerprint is SHA256:Vybt22mVXuNuB5unE++yowF7lgA/9/2bLSiO3qmYWBY.
Are you sure you want to continue connecting (yes/no)?

The /.ssh/known hosts file contains a fingerprint for each host.

If you want to save the remote fingerprint, enter your password after you press agree.

Warning: Permanently added 'ssh.pcplanet.com' (ECDSA) to the list of known hosts.
dev@pcplanet.com's password:

Once you enter the password, you will be logged into the remote machine.

When the username is not given, the command uses the current system login name.

To log in as a different user, specify the username and the host in the following format:

ssh username@hostname

The username can also be specified with the -l option:

ssh -l username hostname

By default, when no port is given, the client will try to connect to the remote server on port 22. On some servers, administrators are changing the default port to add an extra layer of security to the server by reducing the risk of automated attacks.

To connect on a non-default port, use the -p option to specify the port:

ssh -p 5522 username@hostname

If you are experiencing authentication or connection issues, use the -v option to tell ssh to print debugging messages:

ssh -v username@hostname

To increase the level of verbosity, use -vv or -vvv.

The command accepts a number of options.

For a complete list of all options read the man page by typing man ssh in your terminal.

SSH Config File

If you are connecting to multiple remote systems over SSH on a daily basis, you’ll find that remembering all of the remote IP addresses, different usernames, non-standard ports, and various command-line options is difficult, if not impossible.

The OpenSSH client reads the options set in the per-user configuration file (~/.ssh/config). In this file, you can store different options for each remote machine you connect to.

A sample config is shown below:

Host dev
 HostName dev.pcplanet.com
 User pcplanet
 Port 4422

When you type ssh xyz to start the client, it will read the /.ssh/config file and use the connection information for the dev host. ssh xyz is the same as the following in this case:

ssh -p 4422 pcplanet@xyz.com

For more information, check the article on SSH config file .

Public Key Authentication

Several ways of proving your identity can be used with the SSH protocol.

The public key-based authentication system lets you log in to the remote server without having to type in your password.

For this method to work, a pair of cryptographic keys that are used for authentication must be made. The client device stores the private key, and the public key is sent to each remote server where you want to log in. The remote server needs to be set up to accept authentication with a key.

If you don’t already have an key pair on your local machine, you can make one by typing:

ssh-keygen -t rsa -b 4096 -C "your_email@domain.com"

A password or passphrase will be required. It’s up to you if you want to use a passphrase or not.

If you already have your key pair and the remote server’s public key:

ssh-copy-id username@hostname

The public key will be added to the remote user authorized keys file after the remote user password is entered.

You won’t need to enter a password to access the remote server once the key has been uploaded.

Setting up key-based authentication will make login easier and boost server security in general.

SSH Port Forwarding

An encrypted SSH connection between a client and server system is possible with the help of tunneling or port forwarding.

It is helpful for accessing geo-restricted content, getting through intermediary firewalls, and transmitting network data for services like VNC or FTP that use an unencrypted protocol. In essence, you can tunnel communication over any TCP port using a secure SSH connection.

SSH port forwarding comes in three different varieties:

Local Port Forwarding

A connection initiated on a client host can be forwarded to an OpenSSH server host and from there to the desired host port using local port forwarding.

To have the client construct a local port forwarding, you must use the -L option.

ssh -L [LOCAL_IP:]LOCAL_PORT:DESTINATION_HOST:DESTINATION_PORT -N -f username@hostname

By default, the command will prompt for a remote command to perform, but you can tell it not to do so using the -f and -N options.

Remote Port Forwarding

In contrast to local port forwarding, remote port forwarding occurs through a network. The port on the server host is forwarded to the port on the client host, and then on to the port on the destination host.

With the -R option, ssh is instructed to open a forwarded port on a remote host.

ssh -R [REMOTE:]REMOTE_PORT:DESTINATION:DESTINATION_PORT -N -f username@hostname

Dynamic Port Forwarding

In order to facilitate communication over many ports, a SOCKS proxy server is set up automatically when dynamic port forwarding is enabled.

Use the ssh client’s -D option to set up dynamic port forwarding (SOCKS):

ssh -D [LOCAL_IP:]LOCAL_PORT  -N -f username@hostname

Conclusion

To establish an SSH connection to a remote server, use ssh followed by the remote username and hostname (ssh username@hostname).

In order to administer remote servers, familiarity with the ssh command is required.

Just post a remark below if you have any inquiries.

0 comments
1 FacebookTwitterPinterestEmail
LinuxUbuntu

How to install Nextcloud on Ubuntu 20.04

by pcplanet
written by pcplanet 5 mins read

Nextcloud is a great choice if you want to create your own file sharing and syncing platform. Let me walk you through the simple steps needed to install Nextcloud on Ubuntu.

Nextcloud is an open-source application server that allows you to host your own file sharing and synchronization solution. It lets you store all of your files, documents, and contacts in one centralized location. Unlike Dropbox, Google Drive, OneDrive, and other closed-source cloud storage options, Nextcloud is free for everyone to use.

Moreover, users will be able to access their files from any computer by logging onto the Nextcloud server, similar to Dropbox. Nextcloud’s server software was specifically developed to run on Linux distributions, making it simple to set up, even for the most inexperienced Linux user. Let’s not waste any more time and get started.

With Nextcloud, you can share files with other people and keep all of your devices in sync. Additionally, you can create extra accounts for family and friends, which is another significant benefit.

In this guide, we’ll show you how to install Nextcloud on Ubuntu and configure it for optimal performance.

Prerequisites

Before proceeding with the installation, ensure that your Ubuntu system meets the following prerequisites:

  • A fresh installation of Ubuntu (this guide is based on Ubuntu 22.04 LTS)
  • Root or sudo access for installing packages and configuring the system

Step 1: Install the Apache Web Server

Nextcloud is a web-based application, so you’ll need to set up a web server before you can use it. In this guide, we’ll be using the Apache web server.

Bash
sudo apt install -y apache2 apache2-utils

After Apache has been installed, make sure it’s running:

Bash
sudo systemctl status apache2

The output should indicate that the Apache web server is active and running.

Step 2: Install PHP 8.1 for Nextcloud

Since Nextcloud is written in PHP, you’ll need to install PHP and its required modules. Follow these steps to install nextcloud on ubuntu, PHP 8.1 and the necessary modules for Nextcloud.

Enabling the PHP Repository

Ondřej Surý, a contributor to the Debian project, maintains a repository with several PHP distributions. To add this repository, run the following commands:

Bash
sudo apt install software-properties-common
sudo add-apt-repository ppa:ondrej/php

After enabling the PPA, you can proceed with installing PHP 8.1.

Installing PHP as an Apache Module

Installing PHP as an Apache module is straightforward:

Bash
sudo apt update
sudo apt install php libapache2-mod-php php8.1 libapache2-mod-php8.1

Once the packages are installed, restart Apache to load the PHP module:

Bash
sudo systemctl restart apache2

Setting Up PHP-FPM for Apache

PHP-FPM is a FastCGI process manager for PHP. Install the necessary packages with the following command:

Bash
sudo apt update
sudo apt install php8.1-fpm php-fpm libapache2-mod-fcgid

By default, PHP-FPM is not enabled in Apache. To enable it, run:

Bash
sudo a2enmod proxy_fcgi setenvif
sudo a2enconf php8.1-fpm

Restart Apache to activate the changes:

Bash
sudo systemctl restart apache2

Installing PHP Extensions

PHP extensions are built-in libraries that extend PHP’s core functionality. You can easily install extensions using apt:

Bash
sudo apt install php8.1-{mysql,redis,imagick,common,gd,json,curl,zip,xml,mbstring,bz2,intl,bcmath,gmp}

This command installs the required extensions for Nextcloud, including MySQL, Redis, ImageMagick, and others.

Reload Apache for the changes to take effect:

Bash
sudo systemctl reload apache2

And reload the PHP-FPM service:

Bash
sudo service php8.1-fpm restart

Verify your PHP version:

Bash
php -v

Step 3: Set Up the MariaDB Database Server

To install Nextcloud on Ubuntu while ensuring optimal data storage capabilities, this comprehensive guide will walk you through setting up the recommended MariaDB database solution.

Bash
sudo apt install mariadb-server

Once the MariaDB server is up and running, you’ll need to secure it by changing the root password:

Bash
sudo mysql_secure_installation

Follow the prompts to set a strong root password and configure other security options.

Establish a New Nextcloud Database and User

Use the root user to connect to MariaDB:

Bash
sudo mysql -u root -p

Then, create a new database for Nextcloud:

Bash
CREATE DATABASE nextclouddb;

Next, create a new user and grant privileges to the Nextcloud database:

Bash
GRANT ALL ON nextclouddb.* TO nextclouduser@'localhost' IDENTIFIED BY 'your-password';

Replace nextclouduser and your-password with your desired username and password.

Reload privileges and exit:

Bash
FLUSH PRIVILEGES;
EXIT;

Verify that the new user has access to the database:

Bash
mysql -u nextclouduser -p

Step 4: Obtain and Install Nextcloud

After configuring the database, you can proceed with the installation of Nextcloud on Ubuntu. The Nextcloud software package is distributed as a compressed file. Before starting, visit the official Nextcloud download page to ensure you are downloading the latest version.

Assuming the latest version is “28.0.3” (please check for the latest version before proceeding), use the following command to download Nextcloud and its SHA-256 checksum for verification:

Bash
wget https://download.nextcloud.com/server/releases/nextcloud-28.0.3.zip
wget https://download.nextcloud.com/server/releases/nextcloud-28.0.3.zip.sha256

Verify the download’s integrity:

Bash
sha256sum -c nextcloud-28.0.3.zip.sha256

If the output indicates the file is OK, proceed with the installation by extracting the archive into your web directory, creating a data directory for user data, and setting the appropriate permissions:

Bash
sudo unzip nextcloud-28.0.3.zip -d /var/www/html/
sudo mkdir /var/www/html/nextcloud/data
sudo chown -R www-data:www-data /var/www/html/nextcloud/

Step 5: Configure Apache and Secure Nextcloud with SSL

To configure Apache, create or edit the virtual host file for Nextcloud located at /etc/apache2/sites-available/nextcloud.conf with the following configuration:

Bash
<VirtualHost *:80>
    DocumentRoot /var/www/html/nextcloud/
    ServerName your.server.com

    <Directory /var/www/html/nextcloud/>
        Require all granted
        AllowOverride All
        Options FollowSymLinks MultiViews

        <IfModule mod_dav.c>
            Dav off
        </IfModule>
    </Directory>
</VirtualHost>

Replace your.server.com with your actual domain name.

To secure your Nextcloud installation with an SSL certificate, you can use Let’s Encrypt, a free and automated certificate authority:

Bash
sudo apt update
sudo apt install certbot python3-certbot-apache
sudo certbot --apache -d your.server.com

Follow the prompts to complete the setup. Certbot will modify your Apache configuration to use the SSL certificate and set up automatic renewal.

Verify the automatic renewal process by running a dry-run:

Bash
sudo certbot renew --dry-run

Step 6: Configure Nextcloud

With Nextcloud installed and secured, you can now proceed with the configuration:

  1. Open your web browser and navigate to http://server-ip/nextcloud/.
  2. Fill in the Username and Password to create your admin account.
  3. Set the Data folder. You can find the data stored in /var/www/html/nextcloud/data.
  4. Connect using the login credentials (nextclouduser), password (your-password), and database name (nextclouddb) you created in Step 3.
  5. Click “Finish Setup” to complete the Nextcloud installation on Ubuntu.

Nextcloud will immediately grant you system administrator privileges and log you in, making it that simple to set up your personal cloud storage service.

Conclusion

By following this comprehensive guide, you’ve successfully installed Nextcloud on Ubuntu, giving you a self-hosted file sharing and syncing platform with full control over your data. Nextcloud offers a robust set of features, including file sharing, calendars, contacts, and more, all accessible from any device.

Remember to keep your Nextcloud instance updated with the latest security patches and explore the various apps and plugins available to enhance your experience further.

Happy Nextclouding!

Frequently Asked Questions

Q: Can I use a different web server instead of Apache?

Yes, Nextcloud supports other web servers like Nginx. While the installation process may differ slightly, the overall steps for setting up the database, PHP, and Nextcloud itself would remain similar.

Q: Do I need to install all the PHP extensions listed in the guide?

The guide covers installing a comprehensive set of PHP extensions required for Nextcloud’s core functionality and various apps. However, if you don’t plan on using certain features (like image manipulation or specific database drivers), you can skip installing those extensions.

Q: How can I update Nextcloud to the latest version?

Nextcloud provides regular updates to introduce new features, security fixes, and bug fixes. You can update Nextcloud through the web interface by navigating to the “Updates” section in the admin area. It’s recommended to back up your data and configuration before performing an update.

Q: Can I use Nextcloud for team collaboration and file sharing?

Absolutely! Nextcloud offers robust collaboration features, including file sharing, shared calendars, and more. You can create user accounts for your team members and manage permissions and access controls to facilitate secure collaboration.

It’s essential to have a reliable backup strategy in place for your Nextcloud instance. You should regularly back up both the Nextcloud application files and the database. Additionally, consider implementing off-site backups or using cloud storage services for added redundancy.

Q: How can I improve the performance of my Nextcloud installation?

There are several ways to optimize Nextcloud’s performance, including enabling caching mechanisms, configuring database settings, and leveraging content delivery networks (CDNs). The Nextcloud documentation provides detailed guidance on performance optimization techniques.

0 comments
0 FacebookTwitterPinterestEmail
Uncategorized

Comment activer HSTS pour Apache

by pcplanet
written by pcplanet 1 minutes read

Les actions suivantes peuvent être suivies pour configurer le serveur web Apache afin d’activer HSTS ou “HTTP Strict Transport Security”.

Activation des en-têtes HSTS

Pour qu’Apache transporte les en-têtes HSTS, le module headers doit être ajouté au fichier de configuration (/etc/apache2/httpd.conf) :

LoadModule headers_module modules/mod_headers.so

Configurer les en-têtes de chaque site

Configurez les paramètres d’en-tête pour chaque site Web utilisant SSL ; le fichier de configuration est souvent situé dans “/etc/apache2/sites-enabled/”.

La ligne suivante doit être ajoutée au fichier de configuration afin que les paramètres de l’en-tête Strict-Transport-Security soient spécifiés pour une période de deux ans :

<VirtualHost *:443>
...
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
...
</VirtualHost>

L’inclusion du paramètre includeSubdomains dans une URL indique au navigateur de charger tous les sous-domaines de ce domaine. Si vous désactivez ce paramètre, seules les connexions sécurisées au domaine actuel seront autorisées. Il est cependant fortement déconseillé d’agir ainsi.

Lorsque la configuration d’Apache est rechargée, cet en-tête sera affiché à tous les utilisateurs avec un délai d’expiration de 63072000 secondes (2 ans). Veillez à appliquer ce paramètre au serveur virtuel HTTPS (:443) et non au serveur HTTP (:80).

Au fait, vous aurez besoin d’un certificat SSL pour configurer le HSTS sur votre serveur.

0 comments
0 FacebookTwitterPinterestEmail
LinuxUbuntu

How to enable HSTS on Apache

by pcplanet
written by pcplanet 2 minutes read

In this article, we will demonstrate how to enable HSTS in Apache.

To protect HTTPS websites from downgrade attacks, they can implement a web security policy mechanism called HTTP Strict Transport Security (HSTS). Your browser will not be able to view the site via a connection type other than HTTPS if HSTS is enabled.

Some websites continue to have pages that only serve HTTP requests even after SSL has been installed. Therefore, in order to avoid the use of the HTTP protocol, With the introduction of the HSTS header, websites are compelled to switch from the insecure HTTP protocol to the more secure HTTPS protocol.

Let’s Encrypt certificates are strongly suggested if your website still uses HTTP without SSL, as they have aided the widespread transition to HTTPS (almost a solid 25 percent as of today). In addition, Google and other search engines give SSL-enabled sites a higher ranking than those without encryption.

If your Apache-hosted website is already HTTPS-secure, enabling HSTS will be a breeze.

Requirements

This guide assumes:

  • You have a working Apache installation
  • You have a working site
  • You have a working SSL cert
  • You are on Linux

Enabling HSTS headers

the headers module must be added to the configuration file (/etc/apache2/httpd.conf):

LoadModule headers_module modules/mod_headers.so

Configure each site’s headers to enable HSTS on Apache

Configure the header settings for each SSL-using website; the configuration file is often located in /etc/apache2/sites-enabled/.

The configuration file has to have the following line added to it in order to have the Strict-Transport-Security header settings specified for a period of time spanning two years:

<VirtualHost *:443>
...
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
...
</VirtualHost>

Including the includeSubdomains parameter in a URL instructs the browser to load all of the subdomains for that domain. If you disable this setting, only secure connections to the current domain will be allowed. Yet doing so is strongly discouraged.

When the Apache configuration is reloaded, this header will be shown to all users with an expirationtime of 63072000 seconds (2 years). Be sure to apply this setting to the HTTPS (:443) vhost and not the HTTP (:80) one.

0 comments
1 FacebookTwitterPinterestEmail
Newer Posts
Older Posts