NickTheGreek

The Psychology Behind Why Websites Get Hacked November 12, 2014Joseph Herbrandson It’s an everyday conversation for security professionals that interact with new customers. The one where we have to explain that just because everything seems fine, doesn’t mean that the best security practices shouldn’t be followed, or that being safe so far doesn’t grant future invincibility. The question, “Why should I worry?” is heard so much, that our own fear for those who ask it has made us realize we are watching online business owners play out in traffic on a virtual highway, somehow believing they will never get hit. The Truth: You Should Worry. The psychology behind why you are getting hacked is because you AREN’T worried. In the 90’s, if you were among those first using email in the mainstream, you will remember that it was important to be worried about opening emails with strange attachments. Like cavemen wondering whether they should fear the rustling grass, some of us were gobbled up by tigers lurking in our inboxes when we chose to proceed, and clicked without caution. Those getting hacked are the next generation of those beaten by email worms and viruses. Fast-forward to the present day. A business that has just started making sales is more satisfied with the projected analytic data than dissatisfied with the lack of a security review or policy pertaining to its website. For that, it may soon be punished in a rise to success cut short by a brand destroying malware infection. The Reason? More specifically than not being worried, business owners didn’t understand the environment. Rustling grass was dismissed as just the wind, and not a hungry tiger. Cries to implement security practices and build a secure infrastructure on bricks rather than straw, fell on deaf ears. This is a very common start to a story about the hurdles businesses face in information security issues, and it often carries a theme of simply neglecting to understand. To operate in a world where you don’t fully know all of the details about an environment is dangerous enough. To charge forward unknowing of the dangers is an unfortunate re-occurrence among users using technology to achieve their goals. The mindsets we’ve taken to protect us in life do not translate well to the web, and we see our websites as objects controlled only by us, and inherently protected from others, just because we never told anybody the password. My home has never been burglarized, I still lock my doors. The mentality of a security professional is not a baseline, since it’s not the norm to want complete security in every aspect of existence. No matter what I’m securing, I see the initial layout of what needs to be protected and I go the extents required to secure an environment. It’s not expected that everyone will take every measure possible, but above all else, and no matter what, I lock my doors when I leave my home, and would hope that this is everybody else’s rule as well. Surprisingly, denizens of cyberspace figuratively leave the doors of their business wide open for months at a time on busy digital street-fronts, frequented by malware-wielding thugs and gangsters. Their reasoning usually goes along the lines of, “Well I’ve never been hacked before”. The flipside is awareness. On a website, on a webserver, owned by a far-away hosting company, in a datacenter across the country, do you even know how to lock the doors? A high-density apartment complex brings about a far different scenario than a large industrial compound. There are differing levels of security required depending on value and space, along with all of the possible vulnerabilities in the establishment itself. It’s not hard to find people to agree on a good physical security policy. The psychology in the material world is that there are things to protect from other people taking or damaging, and therefore easier to make good habits in environmental awareness. Awareness: Address Uncertainty The psychology surrounding security in the digital world is a stark contrast to that in our physical realm. With malicious web activity up around the globe, corporate attacks, identity thefts and website infections continue to rise. At the same time, new users flock to the online frontier in the Internet’s ongoing modern-day gold-rush. These users, like historic pioneers to a new land, often arrive with no clue of what to expect. They find themselves learning concepts and technologies that have only recently come into existence, and education can be sparse to newcomers. Push a user through this scenario to the point where hosting is actually purchased, a site is actually developed, and consistent sales are actually made, and the result will quite possibly be a success story marred with a horrible security incident. The general psychology of how and why we come online is completely contrary to the attitude held by those that know the dangers that lie beneath the surface. How Do You Become More Security-Minded? You can completely change your state of security by understanding three basic concepts: 1. You are a target . Simply existing on the Internet puts a bullseye on your chest for hackers to use automated networks of malicious scripts and services to poke and prod at your website until it finds a way past the front door. Remember that just having a website online is opening up a connection on a system you own or rent to the wilds of the web, and all the types of traffic that come with it. 2. Awareness is everything . Understanding the infrastructure of your website, the type of server you run on, and all of the supplemental add-ons and services you use is the entry-level standard to being able to provide security for yourself when working on the Internet. 3. Security is an essential department . Fail to build an administration, and you won’t have leadership to get your business started. Ignore marketing, and no one will show up when you open the doors. Shy away from customers seeking quality service, and lack of loyalty will destroy you. These ‘departments’ are never ignored, but security often is. Make security an essential role in your environment, or your peril will be intruders betraying you from the inside when you least expect it. Most people grasp that it’s important to prevent nefarious persons from taking or doing harm to their stuff. However, modern society has interwoven a complex system of technology into a new way of life that has given the masses an excuse-driven frame of mind to hide behind in that we simply don’t have the comprehension or even the drive to try to understand the unknown. Safety is an Epiphany Away Watch the grass grow and grow impatient. Forget to maintain it and learn quickly that lack of maintenance brings more work than the maintenance itself. It can take a long time to learn this lesson in website security though, as pest infestations from wild tall grass are much easier to detect than malware infections contained within hundreds of files of thousands of lines of code. Understand a final concept: Security as an eternal struggle, a process that is kept up each and every day. It cycles through protecting yourself and your space, detecting problems and vulnerabilities, and responding to those issues. Best practices and maintenance principles prop this system up work soundly, but it requires an operator. Be an aware target that maintains the division keeping your site’s functionality safe: the Security Department. Change your psychology to stop getting hacked. https://blog.sucuri.net/2014/11/the-psychology-behind-why-websites-get-hacked.html

Microsoft SQL Server is a relational database management system developed by Microsoft. As a database server, it is a software product with the primary function of storing and retrieving data as requested by other software applications which may run either on the same computer or on another computer across a network (including the Internet). In order to enable PHP MSSQL Extension, There are few modules need to be installed before you enable MSSQL Extension for PHP on server. a) Txt2man b) unixODBC c) freeTDS d) PHP mssql.so Step1: Download FreeTDS #wget http://ibiblio.org/pub/Linux/ALPHA/freetds/stable/freetds-stable.tgz Step2: Extract the downloaded file #tar zfvx freetds-stable.tgz Step3: Install it using the below commands #cd freetds-*; #./configure --prefix=/usr/local/freetds --with-tdsver=8.0 --enable-msdblib --enable-dbmfix --with-gnu-ld; make ; make install Step4: Add the compile flag for freetds to /var/cpanel/easy/apache/rawopts/all_php5 In this version, PHP 5 is the focus hence that specific file. Add the following: #echo "--with-mssql=/usr/local/freetds" >> /var/cpanel/easy/apache/rawopts/all_php5 *If you are using other Builds of Apache or PHP you may refer to the following for the correct file to edit instead of /var/cpanel/easy/apache/rawopts/all_php5 such as the case here. * Apache 1.3.x - /var/cpanel/easy/apache/rawopts/Apache1 * Apache 2.0.x - /var/cpanel/easy/apache/rawopts/Apache2 * Apache 2.2.x - /var/cpanel/easy/apache/rawopts/Apache2_2 * All PHP 4.x versions - /var/cpanel/easy/apache/rawopts/all_php4 * All PHP 5.x versions - /var/cpanel/easy/apache/rawopts/all_php5 * Mod_suPHP - /var/cpanel/easy/apache/rawopts/all_suphp * Specific PHP Version - /var/cpanel/easy/apache/rawopts/PHP-X.X.X Step5: Touch the following files as these are what are checked for by PHP. The following error will result if they are not in place. configure: error: Directory /usr/local/freetds is not a FreeTDS installation directory Here are the files to create for PHP's conditional check: #touch /usr/local/freetds/lib/libtds.a #touch /usr/local/freetds/include/tds.hp Step6: Now run Easy Apache and make sure that Mysql, Mysql of the system, amd Mysqli are all selected. Step7: Simply build. #/scripts/easyapache Note: If running a 64bit OS and get an error about configure: error: Could not find /usr/local/freetds/lib64/libsybdb.a|so you'll need to link a directory. In this example it was an easy fix. #cd /usr/local/freetds/ #ln -s /usr/local/freetds/lib lib64 #ll /usr/local/freetds/lib64/libsybdb.a #ll /usr/local/freetds/lib64/libsybdb.so #/scripts/easyapache http://techies-world.com/mssql-cpanel/

Τα SSL Certificates, εκτός από μέσο ασφαλείας και κρυπτογράφησης δεδομένων, αποτελούν συμβόλαια αστικής ευθύνης προς τρίτους, στην περίπτωση προσβολής/ζημιών τους από απώλεια/κλοπή δεδομένων (όπως τραπεζικά στοιχεία, πιστωτικές κάρτες) μέσα από τις ιστοσελίδες σας. Με απλά λόγια, αν μέσα από ασφαλές περιβάλλον, προστατευμένο από ένα συγκεκριμένο SSL, πραγματοποιηθεί hacking της σύνδεσης και απώλεια δεδομένων του πελάτη, η εκδούσα αρχή οφείλει να καταβάλει την εγγύηση του αρχικού ποσού ασφάλισης στον πελάτη. Για το λόγο αυτό, πραγματοποιείται η διαδικασία νομιμοποίησης ιδιοκτησίας ενός domain name και επιβεβαιώνεται επίσης το δικαίωμα χρήσης ενός domain από τον αιτούντα για SSL certificate. Εκτός των χαρακτηριστικών των DV (Domain Validation) SSL, που εκδίδονται εντός λεπτών και πραγματοποιούν αποκλειστικά επιβεβαίωση κρυπτογράφησης και ασφαλούς σύνδεσης, ένα OV (Business/Organization Validation) ή EV (Extended Validation) SSL αποτελεί επιπλέον τεκμηρίωση εταιρικής πιστότητας, ιδιοκτησίας ενός website και δικαιώματος χρήσης ενός domain από το διαχειριστή της ιστοσελίδας. Η διαφοροποίηση των πιστοποιητικών μεταξύ τους αφορά στο διεθνές κύρος και στις πιστοποιήσεις της εκδούσας αρχής, στο ποσό ασφάλισης προς τρίτους, στη συμβατότητα με συσκευές/browsers (παλαιότερες αρχές πιστοποίησης έχουν γνωστότερα σε παλιές συσκευές πιστοποιητικά επικύρωσης και θα εμφανίζουν ασφαλή σύνδεση σχεδόν παντού) και στην ταχύτητα των servers αποκρυπτογράφησης και πιστοποίησης (OCSP). Μια σελίδα με μεγάλη κίνηση θα πρέπει να έχει πιστοποιητικό σε ταχύτερους servers καλύτερου δικτύου, καθώς η ταχύτητα της ιστοσελίδας θα επηρεάζεται μέσα από τα OCSP ή άλλα απαιτούμενα connections. Η διαδικασία νομιμοποίησης είναι όμοια που ακολουθείται στον τραπεζικό τομέα. 1. Πρέπει να επιβεβαιωθεί ότι η μια εταιρεία είναι υπαρκτή, νόμιμη και ενεργή. Τα έντυπα που επιβεβαιώνουν κάτι τέτοιο μπορούν να είναι κάποια από τα παρακάτω: - Certificate of Incorporation (πιστοποιητικό/βεβαίωση έναρξης) - Certificate of Good Stance (ενημερότητα/βεβαίωση λειτουργίας χωρίς φορολογικές εκκρεμότητες) - Partial Bank Statements (μέρος αποδεικτικού τράπεζας με τραπεζικές κινήσεις λογαριασμού της εταιρείας) - Αντίγραφο Κινήσεων Δεύτερου Τραπεζικού Λογαριασμού είναι επίσης βοηθητικό για την έγκριση του αιτήματος - VIES Προβολή του VAT Number της εταιρείας για εταιρείες στην Ευρωπαϊκή Ένωση - Προβολή σελίδας έγκριτης εταιρείας καταλόγου και καταγραφής στοιχείων εταιρειών, όπως το DUNS 2. Σε πολλές περιπτώσεις πρέπει να βεβαιωθεί η έδρα μιας επιχείρησης καθώς μέσω των παρακάτω εντύπων: - Certificate of Address (κατά την έναρξη της εταιρείας ή την αλλαγή έδρας) - Declaration of Compliance (υπογεγραμμένο ότι καταχωρήθηκε από την εκάστοτε κρατική αρχή) 3. Θα πρέπει να βεβαιωθεί ότι το τηλέφωνο επικοινωνίας ανήκει στον αιτούντα για SSL, ο αιτών έχει πρόσβαση σε αυτό και το τηλέφωνο είναι στο όνομα της εταιρείας. Αυτό μπορεί να βεβαιωθεί με τα παρακάτω έντυπα: - βεβαίωση της εταιρείας παροχής τηλεφωνίας για την ιδιοκτησία - αντίγραφο λογαριασμού για τη χρήση του τηλεφωνικού αριθμού, κατά προτίμηση από δημόσια εταιρεία τηλεπικοινωνιών 4. Για την επιβεβαίωση του domain name, θα πρέπει να συμπεριληφθεί στα έντυπα μια βεβαίωση του καταχωρητή του domain για την επαφή ιδιοκτησίας. Η εκδούσα αρχή θα επιβεβαιώσει μέσα από whois servers ποιος είναι ο επίσημος καταχωρητής για το domain και μπορεί να ζητήσει επιπλέον τεκμηρίωση ότι αυτός ο καταχωρητής στέλνει τη βεβαίωση. Σε περίπτωση κύριων domain extensions της ICANN (όπως για παράδειγμα τα com, net, org), είναι βοηθητική η μη απόκρυψη των στοιχείων ιδιοκτησίας μέσα από το whois (απενεργοποίηση πιθανής προστασίας προβολής στοιχείων ιδιοκτήτη). 5. Ο αιτών πρέπει να είναι το πρόσωπο το οποίο δηλώνει ότι είναι και να βεβαιωθεί η τοποθεσία του/τόπος διαμονής. Αυτό μπορεί να γίνει με: - Ενεργή Ταυτότητα ή Διαβατήριο κατά προτίμηση - Άδεια Οδήγησης - Λογαριασμό στο όνομά του για κατανάλωση ρεύματος οικίας ή τηλεπικοινωνιών, κατά προτίμηση από δημόσια υπηρεσία 6. Θα πρέπει να επιβεβαιωθεί ότι ο αιτών για το SSL έχει δικαίωμα αίτησης και χρήσης του site. Αυτό μπορεί να επιβεβαιωθεί με τα έντυπα: - Board of Directors (βεβαίωση των διαχειριστών), στην περίπτωση που ο αιτών είναι διαχειριστής της εταιρείας - Power of Attorney (πληρεξούσιο), στην περίπτωση που ο αιτών δεν είναι διαχειριστής, θα πρέπει να έχει apostilled (εγκεκριμένο με συμβολαιογραφική πράξη) πληρεξούσιο που του επιτρέπει την αίτηση έκδοσης πιστοποιητικών SSL καθώς και οποιαδήποτε ενέργεια χρήσης της συγκεκριμμένης ιστοσελίδας της εταιρείας. Το πληρεξούσιο θα πρέπει να επιτρέπει την αίτηση έκδοσης, την έκδοση, την ανανέωση και τη διαγραφή (revocation) οποιουδήποτε SSL. - Καταστατικό εταιρείας που βεβαιώνει ότι έχει τα παραπάνω δικαιώματα σχετικά με τα SSL και τη χρήση/διαχείριση της εταιρικής ιστοσελίδας 7. Στην περίπτωση Extended Validation Certificates (EV), η διαδικασία νομιμοποίησης θα πρέπει να πραγματοποιηθεί και από τρίτο νομικό πρόσωπο, όπως μια δικηγορική επιχείρηση, ένα συμβολαιογραφικό γραφείο ή ένα κρατικό οργανισμό. Η εκδούσα αρχή του SSL θα αναζητήσει τη νομιμότητα των ατόμων που πραγματοποιούν τη νομιμοποίηση μέσα από επικοινωνία για επικύρωση των αριθμών μητρώου του δικηγορικού η συμβολαιογραφικού συλλόγου για παράδειγμα. Σημειώσεις - Η αποστολή των απαιτούμενων εγγράφων και η ανταλλαγή μηνυμάτων για τη νομιμοποίηση πραγματοποιείται αποκλειστικά μεταξύ αιτούντα και εκδούσας αρχής. Η angellight Services Ltd δεν έχει δικαίωμα, δε θα διαβιβάσει πληροφορίες και έντυπα, δε θα εκπροσωπήσει και δεν έχει καμία απολύτως ευθύνη για τη διαδικασία αποδοχής ή απόρριψης ενός πιστοποιητικού. Σε περίπτωση απόρριψης, θα πραγματοποιηθεί πλήρης επιστροφή χρημάτων. - Ιδίως σε περιπτώσεις extended validation, τα έντυπα θα πρέπει να είναι γραμμένα ή επίσημα μεταφρασμένα στα Αγγλικά από το αντίστοιχο υπουργείο, από δικηγόρο ή συμβολαιογράφο. - Μετά την αίτηση έκδοσης του πιστοποιητικού, στο δηλωμένο eMail του πελάτη θα γνωστοποιηθεί από την εκδούσα αρχή η διεύθυνση eMail στην οποία πρέπει να αποσταλούν όλα τα έντυπα συμπεριλαμβάνοντας τον αριθμό παραγγελίας της εκδούσας αρχής (συμπεριλαμβάνεται στο μήνυμα επιβεβαίωσης της εκδούσας αρχής). Σημειώνουμε ότι ο αριθμός παραγγελίας αυτός δεν είναι ο αριθμός παραγγελίας προς την angellight Services Ltd. - Η εκδούσα αρχή φέρει κάθε δικαίωμα απόρριψης ενός αιτήματος χωρίς ακριβή δικαιολόγηση της απόρριψης. - Προφανώς η εκάστοτε εκδούσα αρχή υποστηρίζεται από ασφαλιστικές εταιρείες οι οποίες πραγματοποιούν νομιμοποίηση παράλληλα για το κάθε αίτημα. Καθώς τα ποσά εγγύησης είναι μεγάλα, θα πρέπει να υπάρχει κατανόηση ως προς το σύνθετο της διαδικασίας και για το λόγο αυτό προτείνουμε την έκδοση OV ή EV πιστοποιητικών με τη μέγιστη διαθέσιμη περίοδο ανανέωσης (2 χρόνια συνήθως). - Ένα SSL μπορεί να χρησιμοποιηθεί για πιστοποίηση ενός website (DV, OV, EV), ενός eMail (Digital ID) ή ενός λογισμικού (Code Signing). Αυτός είναι ένας επιπλέον παράγοντας διαφοροποίησης των προϊόντων SSL. Michael Pavlides - Software Engineer, Research & Development Analyst https://www.linkedin.com/in/michael-pavlides-0511926b/ https://angellight.com

You may 1, remove the Email address from your cron file, /var/spool/cron/<username> (cPanel) 2, append ">/dev/null 2>&1" to ever cronjobs, so that no output will be generated, and hence no Email. http://www.webhostingtalk.com/showthread.php?t=1591674

Question sent in by Howard from Pasadena: Q: I have some cron jobs that run overnight on my Linux systems. Each of these jobs output information to a text file if I ever need to review. Some are written to send emails via the mail command. But since I put these scripts on a new system and added them to crontab, I am getting an email for each job that runs. There are too maybe emails being sent to root. Is there a way to stop this behavior? A: Crond typically sends an email when a cron job is run. It uses the MAILTO variable in /etc/crontab to determine who receives the email, by default this is root. There are several ways to stop this behavior. 1. Change the MAILTO variable to blank. You can edit the /etc/crontab file and change the MAILTO variable to the following: MAILTO="" This will effectively disable all emails from the cron daemon. You can then decide from within the script to send mail using the mailx command or the command of your choice. This is not my preferred method as I like to receive an email when there is an error with the cronjob. 2. Redirect STDOUT and STDERR to null to suppress output. By suppressing output of the script, there will be nothing for crond to send. Add the following to the crontab entry to send all output (STDERR and STDOUT) to the /dev/null. >/dev/null 2>&1 For example: 0 5 * * * /example/script >/dev/null 2>&1 This also has it's drawbacks as you will be suppressing any errors that may be helpful to debug problems with the script. 3. Configure crond to send the script output to the system log, and disable sending mail of output. You can configure crond by editing the /etc/sysconfig/crond file and changing the CRONDARGS line. Adding the "-s" argument will send the output to the system log, and adding the "-m off" argument will disable crond from sending emails of the job output. For example: [root@centos7 ~]# cat /etc/sysconfig/crond # Settings for the CRON daemon. # CRONDARGS= : any extra command-line startup arguments for crond CRONDARGS=-s -m off You will have to restart the crond service to read the new arguments: systemctl restart crond.service Any of the above methods will work for completely suppressing emails from cron daemon when jobs run. This is not ideal in my mind as I would like to be notified if errors occur in my cron jobs. I prefer to either write my scripts to produce no output (no standard output-but still output errors), or redirect STDOUT only to /dev/null. This will cause crond to ONLY send an email if an error has occurred. Example of only redirecting STDOUT only: 0 5 * * * /example/script > /dev/null http://www.putorius.net/2015/03/stop-cron-daemon-from-sending-email-for.html

Run nmap -sV <hostname/ip> - which is nmap with service detection, meaning it works out what's actually listening on the port, rather than guessing the service based on the port it's using. This will give you output that looks something like: PORT STATE SERVICE VERSION 666/tcp open ssh OpenSSH 5.3p1 Debian 3ubuntu4 (protocol 2.0) If it still doesn't find the port, run nmap -p- -sV <hostname/IP> - this will scan all 65k ports - it's slower, but it will find it if it's running on a high up port https://superuser.com/questions/152877/figure-out-non-standard-ssh-port

IPS Community Suite 4.2.6 Released 11/08/2017 Key Changes This is a maintenance release to fix reported bugs. Other changes include: RSS feeds now use guest page caching system Analytic tracking code has been moved to inside head tag Ad code placement has a new setting to clarify how sidebar display should be handled Various enhancements to Redis engine including data stored encrypted at rest Search result improvements

What is Gzip compression? Gzip is a method of compressing files (making them smaller) for faster network transfers. It is also a file format. Compression allows your web server to provide smaller file sizes which load faster for your website users. Enabling gzip compression is a standard practice. If you are not using it for some reason, your webpages are likely slower than your competitors. How to enable Gzip compression Compression is enabled via webserver configuration Different web servers have different instructions (explained below) Here are the most common ways to enable compression including .htaccess, Apache, Nginx, and Litespeed webservers. Enable compression via .htaccess For most people reading this, compression is enabled by adding some code to a file called .htaccess on their web host/server. This means going to the file manager (or wherever you go to add or upload files) on your webhost. The .htaccess file controls many important things for your site. If you are not familiar with the .htaccess file, please read my working with .htaccess article to get some know how before changing it. The code below should be added to your .htaccess file... <ifModule mod_gzip.c> mod_gzip_on Yes mod_gzip_dechunk Yes mod_gzip_item_include file .(html?|txt|css|js|php|pl)$ mod_gzip_item_include handler ^cgi-script$ mod_gzip_item_include mime ^text/.* mod_gzip_item_include mime ^application/x-javascript.* mod_gzip_item_exclude mime ^image/.* mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.* </ifModule> Save the .htaccess file and then refresh your webpage. Check to see if your compression is working using the Gzip compression tool. Enable compression on Apache webservers The instructions and code above will work on Apache. If they are not working there is another way that may work for you. If the above code did not seem to work, remove it from your .htaccess file and try this one instead... AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/xml AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE application/xml AddOutputFilterByType DEFLATE application/xhtml+xml AddOutputFilterByType DEFLATE application/rss+xml AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/x-javascript Enable compression on NGINX webservers To enable compression in NGINX you will need to add the following code to your config file gzip on; gzip_comp_level 2; gzip_http_version 1.0; gzip_proxied any; gzip_min_length 1100; gzip_buffers 16 8k; gzip_types text/plain text/html text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript; # Disable for IE < 6 because there are some known problems gzip_disable "MSIE [1-6].(?!.*SV1)"; # Add a vary header for downstream proxies to avoid sending cached gzipped files to IE6 gzip_vary on; Enable compression on Litespeed webservers The ideal way to enable compression in Litespeed is to do it through the configuration under "tuning". Just go down to "enable compression" and check to see if it is on, if not click "edit" then choose to turn it on. While you are there, look over the several Gzip options that are nearby. How effective is gzip compression? Compression of your HTML and CSS files with gzip typically saves around fifty to seventy percent of the file size. This means that it takes less time to load your pages, and less bandwidth is used over all. How compressed files work on the web When a request is made by a browser for a page from your site your webserver returns the smaller compressed file if the browser indicates that it understands the compression. All modern browsers understand and accept compressed files. Testing compression To see if gzip compression is working use our gzip compression tool. Also consider using the page speed tool which will test compression and many other factors. https://varvy.com/pagespeed/enable-compression.html

Bulk Senders Guidelines Troubleshoot delivery issues with Postmaster Tools Gmail Postmaster Tools provides senders with metrics on parameters such as reputation, spam rate, feedback loop, etc. It can help you check compliance to the Gmail bulk sender guidelines, as well as identify issues that can cause trouble with the spam filter. We've received inquiries from bulk senders who'd like more information on best practices to ensure that their mail is delivered to Gmail users. Gmail classifies incoming mail in the following ways: Spam vs. non-spam: Spam messages are placed in the spam folder, while non-spam message are placed in the inbox. Mail categories: Most users use Gmail's default inbox which further classifies non-spam mail into categories - Primary, Social, Promotions, Updates and Forums. Primary, Social and Promotions are enabled by default, but users can choose to enable or disable from all five to none. The Primary category includes person-to-person conversations and message categories that aren't currently enabled. Mail classifications depend heavily on reports from users. Gmail users can mark and unmark messages as spam, and can move non-spam messages between inbox tabs. In both cases Gmail learns from user corrections and over time automatically adjusts the classification to match users’ preferences. The following guidelines can help you achieve predictable classification and receiver satisfaction. Inbox classification Inbox categories Spam classification Authentication & Identification Subscription Unsubscribing Format Delivery Third-Party Senders Affiliate Marketing Programs Not in the right place? If you received an error message when sending an email to a G Suite group, click here. Just sending mail to a friend or business associate? Click here for further help. Inbox categories Gmail’s inbox categories help users organize and better control their inboxes by classifying mail into categories and putting mail from those categories into tabs. Users can choose to have specific messages or senders always go to a particular category and can switch each category to be on or off. Starring a message will put it in the Primary category. Gmail learns from user corrections and over time automatically adjusts the classification to match users’ preferences. Here’s what you can do to help Gmail categorize your messages correctly: Send different categories of mail (e.g. promotions, transaction notifications, social updates) from different sender addresses, and try to keep those addresses consistent over time. Avoid mixing different categories of content in one email. For example, putting a promotion into a transactional mail notification may make the system classify the message as promotional. Authentication & Identification Why is it important to authenticate your messages? Authentication ensures that your messages can be correctly classified. Emails that lack authentication are likely to be rejected or placed in the spam folder, given the high likelihood that they are forged messages used for phishing scams. In addition, unauthenticated emails with attachments may be outrightly rejected, for security reasons. To ensure that Gmail can identify you: Use a consistent IP address to send bulk mail. Keep valid reverse DNS records for the IP address(es) from which you send mail, pointing to your domain. Use the same address in the 'From:' header on every bulk mail you send. We also recommend the following: Sign messages with DKIM. We do not authenticate messages signed with keys using fewer than 1024 bits. Publish an SPF record. Publish a DMARC policy. Learn more about email authentication. Additional guidelines for IPv6 The sending IP must have a PTR record (i.e., a reverse DNS of the sending IP) and it should match the IP obtained via the forward DNS resolution of the hostname specified in the PTR record. Otherwise, mail will be marked as spam or possibly rejected. The sending domain should pass either SPF check or DKIM check. Otherwise, mail might be marked as spam. Subscription Each user on your distribution list should opt to receive messages from you in one of the following ways (opt-in): Through an email asking to subscribe to your list. By manually checking a box on a web form, or within a piece of software. We also recommend that you verify each email address before subscribing them to your list. The following methods of address collection are not considered 'opt-in' and are not recommended: Using an email address list purchased from a third-party. Setting a checkbox on a web form or within a piece of software to subscribe all users by default (requiring users to explicitly opt-out of mailings). Unsubscribing A user must be able to unsubscribe from your mailing list through one of the following means: A prominent link in the body of an email leading users to a page confirming his or her unsubscription (no input from the user, other than confirmation, should be required). By replying to your email with an unsubscribe request. To make sure recipients can unsubscribe without leaving Gmail, we strongly recommend adding a 'List-Unsubscribe' header in one of the following ways: One-click: Add the following headers as described in RFC 8058: List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: <https://example.com/unsubscribe/opaquepart> If the recipient unsubscribes, you'll get this POST request: POST /unsubscribe/opaquepart HTTP/1.1 Host: example.com Content-Type: application/x-www-form-urlencoded Content-Length: 26 List-Unsubscribe=One-Click mailto: Provide a List-Unsubscribe header that points to an email address using the 'mailto:' method Note: If both one-click and mailto methods are present in the List-Unsubscribe header, Gmail will use the method specified first. To help ensure that your messages aren't flagged as spam, we also recommend that you: Automatically unsubscribe users whose addresses bounce multiple pieces of mail. Periodically send confirmation messages to users. Include each mailing list they are signed up for, and offer the opportunity to unsubscribe from those in which they are no longer interested. It's possible that your users forward mail from other accounts, so we recommend that you: Explicitly indicate the email address subscribed to your list. Support a URL method of unsubscribing from your mailing list (this is beneficial if your mailing list manager can't tell who is unsubscribing based on the 'Reply-to:' address). Format All messages must be formatted according to RFC 5322 and, if using HTML, HTML standards. Messages must have a valid 'Message-ID:' header field. Messages should indicate that they are bulk mail, using the 'Precedence: bulk' header field. Attempts to hide the true sender of the message or the true landing page for any web links in the message may result in non-delivery. The subject of each message should be relevant to the body's content and not be misleading. The authenticating domain, envelope From domain, payload From domain, reply-to domain, and sender domain should not violate the highly-restrictive Unicode Security Profile guidelines for international domain names. Delivery While Gmail works hard to deliver all legitimate mail to a user's inbox, it's possible that some legitimate messages may be marked as spam. Gmail does not accept 'whitelisting' requests from bulk senders, and we can't guarantee that all of your messages will bypass our spam filters. To make sure our users receive all the mail they'd like to, we've provided them with a method for sending us feedback about messages flagged as spam -- users have the option of clicking a 'Not spam' button for each message flagged by our spam filters. We listen to users' reports, and correct problems in order to provide them with the best user experience. As long as our users don't consider your mail as spam, you shouldn't have inbox delivery problems. There are two important factors that, under normal circumstances, help messages arrive in Gmail users' inboxes: The 'From:' address is listed in the user's Contacts list. A user clicks 'Not Spam' to alert Gmail that messages sent from that address are solicited. If you send both promotional mail and transactional mail relating to your organization, we recommend separating mail by purpose as much as possible. You can do this by: Using separate email addresses for each function. Sending mail from different domains and/or IP addresses for each function. By using these tips, it's more likely that the important transactional mail will be delivered to a user's inbox. Our guidelines are meant to help you build a good reputation within the Gmail system, resulting in continual delivery to Gmail inboxes. Third-Party Senders If others use your service to send mail (for example: ISPs), you are responsible for monitoring your users and/or clients' behavior. You must have an email address available for users and/or clients to report abuse (abuse@yourdomain.com). You must maintain up-to-date contact information in your WHOIS record, and on abuse.net. You must terminate, in a timely fashion, all users and/or clients who use your service to send spam mail. Affiliate Marketing Programs Affiliate marketing programs reward third-parties for bringing visitors to your site. Unfortunately, these programs are attractive to hard-core spammers and can potentially do more harm than good. Please note the following: If your brand becomes associated with affiliate marketing spam, it can affect the mail sent by you and your other affiliates. It is your responsibility to monitor your affiliates and remove them if they send spam. If you are sending mail in accordance with our guidelines and Gmail continues to mark your messages as spam, troubleshoot further. https://support.google.com/mail/answer/81126

Postmaster Tools If you send a large volume of emails to Gmail users, you can use Postmaster Tools to see: If users are marking your emails as spam Whether you’re following Gmail's best practices Why your emails might not be delivered If your emails are being sent securely https://support.google.com/mail/answer/6227174?hl=en

We’ve talked a lot about why it’s important to warm up your IP, tips on warm up timelines and sending volume, and top questions you should ask your ESP before getting started. At this point, you may be asking yourself…why not just jump in head first and see what happens? While it may be tempting to fast track your IP warm up process, remember, patience is a virtue. Recovering from a bad move can be more costly than taking the time to build a good reputation. If you keep these 5 tips in mind, you’ll be off to a great start: 1) Starting cautious is good. It’s very hard to repair a bad reputation. Oftentimes, senders need to be more aggressive in order to get their emails out the door. However, you must also consider how much time it may take to fix your reputation. Since sending reputation is tracked every 30 days, it could take 4 or more weeks to rebuild it, and every day you get blocked can cost you. 2) IP rotation is bad business. You don’t need dozens of IPs. If you do, and the ISPs get wind of it, they will block the whole IP range. You can send millions of messages per day from a single IP if you warm up properly and continue to follow best practices. Need proof? Here’s a true life case of too many IPS… A daily deal site was being blocked by Hotmail, but was unsure why. Prior to coming to SendGrid, they were sending anywhere from thousands to millions of emails per day off of 17 different IP addresses. Why? In order to maximize delivery, they would cherry pick the IP with the best reputation and deploy mail through that IP. This process is called snowshoeing and represents bot-net behavior which ISPs red flag. While ISPs use your IP address to determine reputation, they can also see the sending domain. To remedy this problem, SendGrid moved all of their email streams to 2 IPs and developed a customized sending schedule. Their warm up period topped out at 15 days when they reached full volume and maximum delivery. Success! 3) Use the data to educate you. This is a great opportunity to optimize your email program, even if you are experiencing delivery failures. ISPs like to see that you are being responsive. It’s a small community and word gets around, so doing the right thing will always work in your favor. 4) Marketing email is still a challenge. Be more careful and scrupulous with marketing email. Since transactional email is viewed as “wanted” email in the eyes of the ISPs, it’s generally granted a little more leeway. This is why we recommend getting at least two dedicated IPs—one for marketing email and the other for transactional. 5) Best practices will get you everywhere. Monitoring user engagement, personalization, and ultimately removing inactives while you are warming up your IP and after is key to maximum email deliverability for the life of your email program. The Bottom Line of IP Warm Up Warming up your IP is a vital part of creating a healthy email program. With the right tools and information you can ensure your email gets inboxed with each deployment. At SendGrid, we work with customers to provide the best strategies and advice to help make their IP warm up successful. We have detailed reporting by ISP which helps give our customers an inside look at how their email is being received and our 24/7 support team is always on call if you need. For an extensive overview of the IP warm up process, download our free How To Warm Up and IP guide here. https://sendgrid.com/blog/5-ip-warm-tips/

EasyApache 3: It’s been a long road, but it will be time to say goodbye soon. It’s that time. No, not breakfast, or lunch. It’s time that we are finally defining the End of Life for EasyApache 3. EasyApache 3 will be fully deprecated, receiving no further updates as of December 31st, 2018. This date allows us to end support in line with PHP 5.6; the last PHP version in EasyApache 3. There’s a lot to do before we get there, though, so let’s go through some details. The Holdouts Over the past 2 years we have worked to make EasyApache 4 the new standard for webstack usage in cPanel & WHM. While we’ve been working so much on EA4, there are two big things we want to address. Our current FastCGI implementation needs to be iterated on, and we need to add Tomcat support. These two are preventing the last few cPanel & WHM servers from migrating to EasyApache 4 and we want to give these server administrators an easier migration path. FastCGI Our FastCGI implementation is currently defined as an experimental implementation. We are planning to iterate on this numerous times to ensure compatibility with MultiPHP. Tomcat We will be adding Tomcat support to EasyApache 4. The first step will be to have an experimental RPM for Tomcat out within the next couple of months, and we plan to add full support to cPanel & WHM before EasyApache 3 reaches End of Life. The Deprecation and Blocker Plan Our goal for 2018 is to release 4 new versions of cPanel & WHM, and that allows us to use cPanel versions to track the steps toward deprecation. Our current plans are as follows: In cPanel & WHM version 72 (which we anticipate releasing around March of 2018) we will add a warning in the EasyApache 3 interfaces (both the command line UI and in WHM) displaying EasyApache 3’s End of Life date, and include links to the EasyApache 4 Migration UI. That warning will remain unchanged until v76. In v76 we will add that you won’t be able to upgrade to version 78 without migrating to EasyApache 4. tl;dr version: Advisements added to v72 Warnings will be added to the EA3 Interfaces to advise the fact that it is going EOL soon. Links to the EA4 Migration UI will be added to the EasyApache 3 interfaces. Deprecated in v76 Warnings will be added to the EA3 Interfaces to advise the fact that it is the last version of cPanel & WHM that will support EasyApache 3. Removed in v78 We will be completely removing EA3 and all accompanied code in this version. Upgrade blockers added to v78. You will not be able to upgrade to v78 if you are running EasyApache 3. You must upgrade to EasyApache 4 to upgrade to v78. If you haven’t migrated to EasyApache 4 yet, it’s easier than ever. Check out our documentation to get started. https://documentation.cpanel.net/display/EA4/How+to+Migrate+Between+EasyApache+3+and+EasyApache+4 https://blog.cpanel.com/its-been-a-long-road-but-it-will-be-time-to-say-goodbye-soon/

The WordPress community offers lots of helpful guides and tutorials, to solve problems with HTTP Loopback or (Endless Ping) that lots of plugins and web hosting settings use. However, when newbies find themselves without options to add or enable that setting, they simply contact their web hosting company for support. The problem here is that some companies will never have that option to enable or configure. Luckily, you can use another solution that works with the majority of cases. All you need is adding the below code to your “wp-config.php” file and save it. define('ALTERNATE_WP_CRON', true); This code will use the alternative Cron job system that can solve the problem generally. WordPress uses the Cron Jobs to schedule upgrades, caching, or any other programmed task, such as the backup and much more. http://wedesignthemes.com/support/knowledge-base/how-to-enable-http-loopback-connections-in-cpanel-for-wordpress/

KRACK Wi-Fi Vulnerability: Update Every Device & OS. . . Image Source : CommitStrip

How To Migrate Mailboxes Between IMAP Servers With imapsync Version 1.0 Author: Falko Timme This guide explains how you can migrate mailboxes between IMAP servers with imapsync. imapsync is an IMAP synchronisation, sync, copy or migration tool. More than 32 different IMAP server softwares are supported with success. All flags are preserved, unread will stay unread, read will stay read, deleted will stay deleted. I do not issue any guarantee that this will work for you! 1 Preliminary Note I'm using two Debian or Ubuntu servers here (the procedure should be the same for other distributions, only the installation of imapsync will differ): server1.example.com (source) server2.example.com (target) I want to migrate the mailbox sales@example.com (username: sales@example.com, password: secret) on server1.example.com to the mailbox sales@example.com on server2.example.com (username and password are the same as on server1.example.com). 2 Before We Start Before we start, let's take a look at both mailboxes to see what's in them (you can do this with an email client such as Outlook, Thunderbird, or a web-based email client such as SquirrelMail - I'm using SquirrelMail here). server1.example.com: server2.example.com: After the migration, the two messages on server1.example.com should be available on server2.example.com. 3 imapsync Installation It doesn't matter if we install imapsync on server1.example.com or server2.example.com - we can even install it on a third, uninvolved server. aptitude install imapsync To learn about its usage, take a look at man imapsync and imapsync --help 4 Doing The Migration We have to tell imapsync the usernames and passwords of the mail accounts that we want to migrate. Theoretically, we can use the --password1 and --password2 switches for the passwords, but this is dangerous because the passwords would appear in the output of ps aux (So any user who is allowed to run that command would know the passwords.) Therefore it's better to create two files (/etc/secret1 and /etc/secret2 in this example) that contain the passwords (in this example, it's secret for both mail accounts), do a chmod 600 on these files, and use the --passfile1 and --passfile2 switches. echo "secret" > /etc/secret1 echo "secret" > /etc/secret2 chmod 600 /etc/secret1 chmod 600 /etc/secret2 Now we can do the migration with this simple command: imapsync --host1 server1.example.com --user1 sales@example.com --passfile1 /etc/secret2 --host2 server2.example.com --user2 sales@example.com --passfile2 /etc/secret2 Here's a sample output: root@server1:~# imapsync --host1 server1.example.com --user1 sales@example.com --passfile1 /etc/secret2 --host2 server2.example.com --user2 sales@example.com --passfile2 /etc/secret2 $RCSfile: imapsync,v $ $Revision: 1.252 $ $Date: 2008/05/08 02:30:17 $ Here is a [linux] system (Linux server1.example.com 2.6.28-11-server #42-Ubuntu SMP Fri Apr 17 02:45:36 UTC 2009 x86_64) with perl 5.10.0 and the module Mail::IMAPClient version used here is 2.2.9 Command line used : /usr/bin/imapsync --host1 server1.example.com --user1 sales@example.com --passfile1 /etc/secret2 --host2 server2.example.com --user2 sales@example.com --passfile2 /etc/secret2 Turned ON syncinternaldates, will set the internal dates on host2 same as host1. TimeZone :[CEST] Will try to use CRAM-MD5 authentication on host1 Will try to use CRAM-MD5 authentication on host2 From imap server [server1.example.com] port [143] user [sales@example.com] To imap server [server2.example.com] port [143] user [sales@example.com] Banner : * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2008 Double Precision, Inc. See COPYING for distribution information. Host server1.example.com says it has NO CAPABILITY for AUTHENTICATE CRAM-MD5 Error login : [server1.example.com] with user [sales@example.com] auth [CRAM-MD5]: 3 NO Login failed. Trying LOGIN Auth mechanism on [server1.example.com] with user [sales@example.com] Success login on [server1.example.com] with user [sales@example.com] auth [CRAM-MD5] Banner : * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2008 Double Precision, Inc. See COPYING for distribution information. Host server2.example.com says it has NO CAPABILITY for AUTHENTICATE CRAM-MD5 Error login : [server2.example.com] with user [sales@example.com] auth [CRAM-MD5]: 3 NO Login failed. Trying LOGIN Auth mechanism on [server2.example.com] with user [sales@example.com] Success login on [server2.example.com] with user [sales@example.com] auth [CRAM-MD5] From capability : QUOTA STARTTLS NAMESPACE IDLE THREAD=ORDEREDSUBJECT ACL SORT UIDPLUS CHILDREN ACL2=UNION IMAP4REV1 THREAD=REFERENCES To capability : QUOTA STARTTLS NAMESPACE IDLE THREAD=ORDEREDSUBJECT ACL SORT UIDPLUS CHILDREN ACL2=UNION IMAP4REV1 THREAD=REFERENCES From state Authenticated To state Authenticated From separator and prefix : [.][INBOX.] To separator and prefix : [.][INBOX.] ++++ Calculating sizes ++++ From Folder [INBOX] Size: 2412 Messages: 2 From Folder [INBOX.Drafts] Size: 0 Messages: 0 From Folder [INBOX.Sent] Size: 0 Messages: 0 From Folder [INBOX.Trash] Size: 0 Messages: 0 Total size: 2412 Total messages: 2 Time : 11 s ++++ Calculating sizes ++++ To Folder [INBOX] Size: 16844 Messages: 6 To Folder [INBOX.Drafts] Size: 0 Messages: 0 To Folder [INBOX.Sent] Size: 0 Messages: 0 To Folder [INBOX.Trash] Size: 0 Messages: 0 Total size: 16844 Total messages: 6 Time : 0 s ++++ Listing folders ++++ From folders list : [INBOX] [INBOX.Drafts] [INBOX.Sent] [INBOX.Trash] To folders list : [INBOX] [INBOX.Drafts] [INBOX.Sent] [INBOX.Trash] ++++ Looping on each folder ++++ From Folder [INBOX] To Folder [INBOX] ++++ From [INBOX] Parse 1 ++++ ++++ To [INBOX] Parse 1 ++++ ++++ Verifying [INBOX] -> [INBOX] ++++ + NO msg #1 [FID6mR7SVC7csdmRce+7PQ:924] in INBOX + Copying msg #1:924 to folder INBOX flags from : [\Seen]["26-May-2009 22:00:59 +0200"] Copied msg id [1] to folder INBOX msg id [7] + NO msg #2 [4lu3SCjZGH2mRuiP1dY7Mw:1488] in INBOX + Copying msg #2:1488 to folder INBOX flags from : [()]["27-May-2009 14:12:59 +0200"] Copied msg id [2] to folder INBOX msg id [8] Time : 0 s From Folder [INBOX.Drafts] To Folder [INBOX.Drafts] ++++ From [INBOX.Drafts] Parse 1 ++++ ++++ To [INBOX.Drafts] Parse 1 ++++ ++++ Verifying [INBOX.Drafts] -> [INBOX.Drafts] ++++ Time : 0 s From Folder [INBOX.Sent] To Folder [INBOX.Sent] ++++ From [INBOX.Sent] Parse 1 ++++ ++++ To [INBOX.Sent] Parse 1 ++++ ++++ Verifying [INBOX.Sent] -> [INBOX.Sent] ++++ Time : 0 s From Folder [INBOX.Trash] To Folder [INBOX.Trash] ++++ From [INBOX.Trash] Parse 1 ++++ ++++ To [INBOX.Trash] Parse 1 ++++ ++++ Verifying [INBOX.Trash] -> [INBOX.Trash] ++++ Time : 1 s ++++ Statistics ++++ Time : 12 sec Messages transferred : 2 Messages skipped : 0 Total bytes transferred: 2412 Total bytes skipped : 0 Total bytes error : 0 Detected 0 errors Please, rate imapsync at http://freshmeat.net/projects/imapsync/ ?Happy with this free, open source and gratis GPL software? Feel free to thank the author by giving him a book: http://www.amazon.com/gp/registry/wishlist/1C9UNDIH3P7R7/ (or its paypal account gilles.lamiral@laposte.net) root@server1:~# Afterwards we can delete the two password files: rm -f /etc/secret1 rm -f /etc/secret2 On the target server (server2.example.com), log out of your IMAP account and log back in (a simple refresh might not be enough), and you should see the messages from server1.example.com: server2.example.com: 5 Links imapsync: http://www.linux-france.org/prj/imapsync/ https://www.howtoforge.com/how-to-migrate-mailboxes-between-imap-servers-with-imapsync

How to install google pagespeed on easyapache 4 - WHM/Cpanel Muhammad Abbas 8 months ago CentOS, EasyApache4, mod_pagespeed In this post, I am going to talk about page spped and installation procedure on easyapache 4 in WHM. First of all you should know benefits of page speed: The PageSpeed modules are open-source server modules that optimize your site automatically. If you haven’t guessed it, this module directly complements Google’s PageSpeed Insights. It’s a great tool for giving you feedback on what can be done to optimize your site. What I’ve found is many of the issues this tool reports back to you can be resolved automatically by the PageSpeed module , Simply by installing it. Google can tell you what needs to be optimized and how to optimize it, so why not let them do it for you? Combine/minify CSS & JavaScript Flatten CSS @imports Optimize images Extend cache Collapse Whitespace Lazily Load Images Move CSS to Head Move CSS Above Scripts Installation Procedure (CentOS): yum install rpm-build cpio ea-apache24-mod_version wget https://github.com/pagespeed/cpanel/raw/master/EA4/ea-apache24-mod_pagespeed-latest-stable.src.rpm rpmbuild --rebuild ea-apache24-mod_pagespeed-latest-stable.src.rpm rpm -ivh /root/rpmbuild/RPMS/x86_64/ea-apache24-mod_pagespeed*.rpm /etc/init.d/httpd restart or service httpd restart Note: 1- if you get following error on Step 3 : "RPM build errors: File must begin with "/": %{_httpd_moddir}/*.so File must begin with "/": %{_httpd_modconfdir}/*.conf" Just create a file named "macros.apache2" in '/etc/rpm/ directory and paste the below content into that and then restart from step 3. %_httpd_mmn 20120211x8664 %_httpd_apxs /usr/bin/apxs %_httpd_dir /etc/apache2 %_httpd_bindir %{_httpd_dir}/bin %_httpd_modconfdir %{_httpd_dir}/conf.modules.d %_httpd_confdir %{_httpd_dir}/conf.d %_httpd_contentdir /usr/share/apache2 %_httpd_moddir /usr/lib64/apache2/modules 2- you may face following error: "rpmbuild --rebuild ea-apache24-mod_pagespeed-latest-stable.src.rpm Installing ea-apache24-mod_pagespeed-latest-stable.src.rpm error: ea-apache24-mod_pagespeed-latest-stable.src.rpm cannot be installed" Just look at your screen , go 1 step back and check the downloaded file name in some case may be different most of people just run " rpmbuild --rebuild ea-apache24-mod_pagespeed-latest-stable.src.rpm" command but sometimes file name can be different for example may be file saved as ea-apache24-mod_pagespeed-latest-stable.src.rpm.9 so in this case you should change file name in command before running that for above example just add .9 in end of command rpmbuild --rebuild ea-apache24-mod_pagespeed-latest-stable.src.rpm.9 Now Login into your WHM panel > Software > EasyApache4 and look for "mod_pagespeed" option and enable it after that restart apache again and run insight then check your website speed performance! Configuring Google mod_pagespeed The installation script will copy "pagespeed.conf" file into " /usr/local/apache/conf/ " or " /etc/apache2/conf.modules.d" on your server. Please consult the following pages to customize your mod_pagespeed configuration: mod_pagespeed module configuration configuring mod_pagespeed filters For example of the different filters in action and detailed documentation for each, please se https://modpagespeed.com/doc/ https://smartechtips.blogspot.com/2017/02/how-install-google-pagespeed-on.html

mod_pagespeed module for CPanel WHM A custom module for CPanel WHM using CPanel Easy Framework - allows easy installation of mod_pagespeed via /scripts/easyapache on command line or through easyapache from WHM web console. Installation instructions If you are using EasyApache4, please follow the below steps to install mod_pagespeed. $> yum install rpm-build cpio ea-apache24-mod_version $> wget https://github.com/pagespeed/cpanel/raw/master/EA4/ea-apache24-mod_pagespeed-latest-stable.src.rpm $> rpmbuild --rebuild ea-apache24-mod_pagespeed-latest-stable.src.rpm $> rpm -ivh /root/rpmbuild/RPMS/x86_64/ea-apache24-mod_pagespeed*.rpm $> /etc/init.d/httpd restart Below steps only for EA3 users. Clone the installation scripts onto your CPanel server: $> /usr/local/cpanel/3rdparty/bin/git clone https://github.com/pagespeed/cpanel.git /tmp/pagespeed/ Create Speed.pm.tar.gz $> cd /tmp/pagespeed/Easy $> tar -zcvf Speed.pm.tar.gz pagespeed $> mkdir -p /var/cpanel/easy/apache/custom_opt_mods/Cpanel/Easy $> mv Speed.pm Speed.pm.tar.gz -t /var/cpanel/easy/apache/custom_opt_mods/Cpanel/Easy/ $> cd && rm -rf /tmp/pagespeed Login into your cPanel WHM > EasyApache and look for "mod_pagespeed" option. Alternatively, you can run the easyapache installer from command line (/scripts/easyapache). Rebuild the Apache server, reboot it, and you're good to go! Updating instructions If you are using EasyApache3, run easyapache to upgrade mod_pagespeed to the latest version. If you are running EasyApache4, follow these steps to upgrade. create file /etc/rpm/macros.apache2 with the following contents %_httpd_mmn 20120211x8664 %_httpd_apxs /usr/bin/apxs %_httpd_dir /etc/apache2 %_httpd_bindir %{_httpd_dir}/bin %_httpd_modconfdir %{_httpd_dir}/conf.modules.d %_httpd_confdir %{_httpd_dir}/conf.d %_httpd_contentdir /usr/share/apache2 %_httpd_moddir /usr/lib64/apache2/modules then run the following commands rm -rf /root/rpmbuild/RPMS/x86_64/ wget https://github.com/pagespeed/cpanel/raw/master/EA4/ea-apache24-mod_pagespeed-latest-stable.src.rpm rpmbuild --rebuild ea-apache24-mod_pagespeed-latest-stable.src.rpm rpm -Uvh /root/rpmbuild/RPMS/x86_64/ea-apache24-mod_pagespeed*.rpm /etc/init.d/httpd restart Configuring mod_pagespeed The installation script will copy a default pagespeed.conf file into /usr/local/apache/conf/ on your server. Please consult the following pages to customize your configuration: mod_pagespeed module configuration configuring mod_pagespeed filters For example of the different filters in action and detailed documentation for each, please see modpagespeed.com https://github.com/Prajithp/cPanel_Mod_PageSpeed

https://applications.cpanel.net/listings/view/Mod_pagespeed Description: mod_pagespeed module for CPanel WHM. A custom module for CPanel WHM using CPanel Easy Framework – allows easy installation of mod_pagespeed via /scripts/easyapache on command line or through easyapache from WHM web console. Installation instructions Clone the installation scripts onto your CPanel server: {replace0}gt; git clone http://github.com/pagespeed/cpanel.git /var/cpanel/easy/apache/custom_opt_mods/Cpanel/ Create Speed.pm.tar.gz {replace1}gt; cd /var/cpanel/easy/apache/custom_opt_mods/Cpanel/Easy && tar -zcvf Speed.pm.tar.gz pagespeed Login into your cPanel WHM > EasyApache and look for “mod_pagespeed” option. Alternatively, you can run the easyapache installer from command line (/scripts/easyapache). Rebuild the Apache server, reboot it, and you’re good to go! Configuring mod_pagespeed The installation script will copy a default pagespeed.conf file into /usr/local/apache/conf/ on your server. Please consult the following pages to customize your configuration: mod_pagespeed module configuration configuring mod_pagespeed filters For example of the different filters in action and detailed documentation for each, please see modpagespeed.com

As a Server Administrator, I want Mod_pagespeed integrated to EasyApache, so that ??? I would like to get official cPanel support for Google's mod_pagespeed, straight from EasyApache (for example). >> mod_pagespeed is available to download and install as an EasyApache Custom Module. To learn more about using Custom Modules with EasyApache please read our Custom Module documentation. https://features.cpanel.net/topic/mod-pagespeed-integrated-to-easyapache_2

IPS Community Suite 4.2.5 Released 10/03/2017 This is a security release and we recommend all clients upgrade as soon as possible. Key Changes 4.2.5 is a maintenance release that fixes issues identified in 4.2.4. Additional Information This release addresses an XSS vulnerability. We would like to thank Maverick and Mike for responsibly disclosing the details of this vulnerability to us.

IPS Community Suite 4.2.4 Released 09/19/2017 This is a security release and we recommend all clients upgrade as soon as possible. Key Changes 4.2.4 is a maintenance release that fixes issues identified in 4.2.3. Additional Information This release addresses an XSS vulnerability. We would like to thank @newbie LAC for responsibly disclosing the details of this vulnerability to u

This is not your father´s Windows Server: Setting up Server Core with PowerShell This guide describes the basic configuration of Windows Server Core running Windows Server 2012 and Windows Server 2016. The following configuration steps will work not only on Server Core, but also on a Windows Server with graphical interface. If you want to keep it simple, you can use sconfig to configure your Server Core: Windows Server 2016: sconfig. But in this article we configure Core with PowerShell. First, install Server Core and login with administrative privileges. Configuring Network Settings The entire configuration is performed in PowerShell, so PowerShell must be started after login. Afterwards, we have to find out the ID of the network adapter. Get-NetAdapter Now the IPv4 address and the default gateway can be configured with New-NetIPAddress. New-NetIPAddress -IPAdress 192.168.112.254 -PrefixLength 24 -DefaultGateway 192.168.112.1 -InterfaceIndex 12 -AddressFamily IPv4 Check the settings with Get-NetIPConfiguration. Get-NetIPConfiguration Next configure the DNS-Server with Set-DnsClientServerAddress. Set-DnsClientServerAddress -InterfaceIndex 12 -ServerAddresses 10.10.10.5,10.10.10.10 And check the DNS thing. Get-DnsClientServerAddress -InterfaceIndex 12 Finally, test the IP Configuration with Test-Connection. Computername Use Rename-Computer to change the computername. Rename-Computer server02 Next restart the computer by using Restart-Computer. Restart-Computer After restarting, start PowerShell again and quickly check the hostname with $env:computername Windows Server Activation Run slmgr to activate your Windows Server. If you are using the Evaluation Version of Windows there is no need for activating. slmgr -ato Windows Updates Automatic updates can be configured with cscript. Navigate to windows\system32 and run cscript to configure the automatic download and installation of Windows Updates. Configure cscript scregedit.wsf /AU 4 Check cscript scregedit.wsf /AU /v Printer To install printers, the role Print-Services must be installed. Install-WindowsFeature Print-Services Then run printui.exe / il and select the printer. printui.exe /il Now just open Notepad, create a new file and try to print. Get-Content C:\test.txt | Out-Printer Drivers For installing drivers use pnputil. Some examples: What’s next? Server Core supports the promotion to a Domain Controller as described in my article: PowerShell: How to install a Domain Controller with Server Core For configuring Roaming Profiles with PowerShell go for my article Active Directory: Configuring Roaming Profiles using GUI or PowerShell. Hope you like it! https://sid-500.com/2017/07/11/setting-up-windows-server-core-with-powershell/