NickTheGreek

Μπορεί να είναι η περιοχή ή κάτι άλλο, θα πρότεινα να δείς ακόμη και με γείτονες σου τι γίνεται αν έχεις τρόπο να μάθεις ή καλύτερα, δες τι βγάζει εκεί γύρω ο Υπερίωνας: http://hyperiontest.gr/

δεν είναι κάτι δικό μου, απλά δούλευα πρόσφατα πάνω του και μου έκανε εντύπωση το μέγεθος του περιεχομένου ( τόσο σε όγκο όσο και σε αριθμό αρχείων, ειδικά στατικών εικόνων ) αλλά και η συνολική παρουσία της ιστοσελίδας http://didee.gr/

φοβερή ιστορία Hackers Stole My Website…And I Pulled Off A $30,000 Sting Operation To Get It Back True story. 3am, on the phone with the company that hosts my site For several days not so long ago, RamshackleGlam.com — the domain name that I have owned and operated since March of 2010 — did not belong to me, but rather to a man who goes by the name “bahbouh” on an auction website called Flippa, and who was attempting to sell off the site to the highest bidder (with a “Buy It Now” price of $30,000.00). He promised the winner my traffic, my files, and my data, and suggested that I was available “for hire” to continue writing posts (alternatively, he was willing to provide the winner with “high-quality articles” and “SEO advice” to maintain the site’s traffic post-sale). I learned that my site was stolen on a Saturday. Three days later I had it back, but only after the involvement of fifty or so employees of six different companies, middle-of-the-night conferences with lawyers, FBI intervention, and what amounted to a sting operation that probably should have starred Sandra Bullock instead of…well…me. Of course I’ve heard of identity theft, and of cyber hacking, but honestly, my attitude towards these things was very much “it could never happen to me.” And even if it did…I didn’t exactly understand why it was such a huge deal. Couldn’t you just explain to people what had happened, prove who you were, and sort it all out? We live in such a highly documented world, it seemed completely impossible to me that someone could actually get away with pretending to be someone else with any real consequences beyond a few phone calls and some irritation. It’s much, much worse — more threatening, more upsetting, and more difficult (if not impossible) to fix — than I’d ever imagined. I found out about the hacking from my father. His friend Anthony (who runs a web development and consulting company called ThoughtBox) had been surfing around on Flippa and had — in an impossibly lucky coincidence — noticed that my site was up for auction, with what appeared to be a highly suspicious listing. Suddenly, I remembered the email I had gotten the day before — an email that I had disregarded as spam — from someone “interested in the purchase” of my “weblog.” I remembered the notification from YouTube that someone had accessed my account from a different location — a notification I had ignored, assuming that I had logged in on a mobile device or that my husband had accidentally logged into my account instead of his own. But even after I saw the listing, I didn’t panic: this seemed like something that could be fixed with a couple of emails. Except the auction site was located in Australia and didn’t appear to have a phone number, and when I sent an email with a scanned ID and proof of ownership what I got back was a form letter. And when I called HostMonster, the site I pay to operate my website, I discovered that I was no longer the owner of my site: someone had used their email confirmation system to authorize the transfer of my domain name into a private account at GoDaddy (another web registrar service of whom I’m also a client). The auction listing for my website. Why is this a big deal? If you have a business that depends on a URL, you understand why this was such upsetting news: With control over my website’s domain name, a hacker would be able to take the site down, or redirect it elsewhere. Further, it was later verified that the hacker had control over all of the site’s content, as well; he could have just rerouted everything I’ve ever written to any location he wanted. Ramshackle Glam may be “just” a lifestyle blog about things like parenting and fashion and decor…but it’s also a site that I’ve spent five years of my life building, and the idea of it falling into the hands of someone with malicious intent was heartbreaking. I could switch to a new URL and export a copy of my content (which I do back up), but that would result in the loss of a substantial amount of traffic. The website is my primary source of income, and with a house, two children, a book coming out, and a husband in business school, this was not a joke. The loss of my URL had the potential to be devastating for my business and for my family in a very real way. So what did I do? The events of the next few days were complicated, so rather than go through them chronologically I’m going to explain how each path I took ended up panning out (I’m going into detail so that I can be as much help as possible to anyone who goes through this themselves). 1. I tried to resolve the situation directly with GoDaddy and HostMonster. This did not work. From Sunday through Tuesday, I spent most of the day (and much of the night) on the phone with GoDaddy, HostMonster, or both at the same time, and nearly every person I spoke with gave me the same response: “Sorry, can’t help you.” HostMonster maintained that because they no longer controlled the domain name, there was nothing they could do. GoDaddy maintained that because the account was private and the person had obtained ownership of the domain through a transfer from HostMonster, there was nothing they could do. What finally made a difference: I cited ICANN’s policy on Domain Name Dispute Resolution.* This got my case upgraded, but it did not result in action. Here’s why: the legal department at HostMonster informed me that in order for them to initiate a transfer dispute that would result in GoDaddy releasing the domain back to me, their “internal investigation” would have to turn up evidence that they had done something wrong in releasing the site. In other words, they would have to admit that they had screwed up…which would in turn open them up to a lawsuit. Needless to say, I never heard from the legal department again. Despite the fact that everyone seemed clear on the fact that I owned my website and that it had been transferred without my authorization, nothing was going to be done unless I initiated a time-consuming and costly lawsuit that, in any case, would not result in action quick enough to save my domain name from being sold. So that avenue came to an end. 2. I called the FBI. This was a major step in the right direction. The morning after I found out about the unauthorized transfer, I also called the FBI. I felt silly and dramatic making the phone call, but the reality is that this is an international cyber crime issue, and that’s FBI territory. And this is my business. It’s how I support my family, and it may be a “small matter” in the grand scheme of things, but it is not a small matter to me. And let me tell you: of all the surprises I’ve had over the past week or so, most surprising of all has been the FBI. They responded immediately, with follow-up phone calls and emails, an in-person interview with two special agents at my own home within 24 hours, and a follow-up visit from two agents yesterday. Beyond that, each and every agent I have interacted with over the past week has been, without fail, compassionate, thoughtful, invested, respectful, and committed to action…in addition to treating me not like a case number, but like a human. What I expected was to leave a message with a general mailbox and at some point receive a form letter; I certainly did not expect to see an active investigation opened immediately. I’m not going to write more about the investigation because it’s still ongoing (although I did ask for and receive permission to write about this), but I think it’s important to say how absolutely blown away I have been by the FBI’s response. 3. I tried to regain control by dealing directly with the “seller”. This worked, but not without considerable drama. While all of the above was going on, I was also working to regain control over the site directly from the individual who was trying to sell it. I didn’t want to contact the “seller” directly, because I felt that if he thought the “real” owner of the site was aware of the sale, he would try to extort more money. So I asked Anthony — the person who had found the original listing, and who had an active account with a positive history on Flippa — to DM “bahbouh” to see if he was interested in a “private sale”. After some back-and-forth we reached an agreement, and it was decided that a third-party money-transfer website (Escrow.com) would be used to make the sale: the money would only be released to the seller upon confirmation that the domain name had been transferred. This appeared to be going smoothly until Tuesday night, when the seller suddenly demanded that the funds be released immediately (prior to receipt of the website). When we pushed back, he announced that he was selling it to someone else: “Sorry, bye.” So here was my thought process: if we did not release the money to the seller, we were guaranteed to not get the website. If we did release the money to him, there was a possibility that he would take the money and run, and also a possibility that he would deliver the site as promised. It wasn’t a gamble I wanted to take…but I didn’t see any option. And so I authorized the wire transfer. I spent twenty minutes sitting in front of the dummy GoDaddy account I had created to receive the domain name from the seller, waiting to see whether I was out thousands of dollars and a domain name, or just thousands of dollars. And then it came through. I immediately transferred the domain into a different account and placed it (and all of my other domain names) on what amounted to lockdown. And then I called the wire transfer company and placed a stop on the payment. The end result RamshackleGlam.com is back in my possession, thanks to a number of people who dedicated hours (in some cases days) out of their lives to doing whatever they could to help me. My other accounts — bank accounts, et cetera — have been secured. I don’t have my money back yet, but the man who stole my site from me doesn’t have it, either, and won’t be getting it, ever. And that’s an ending I’m pretty damn thrilled with. So why am I still angry? Of course I’m angry with the person or people who stole the site, but that’s out of my hands. The reason I’m writing this post is to let people know that this really can happen — to anyone — and to offer suggestions for how to minimize the chances that it will happen to you (below), but beyond that, I’m writing this post because this incident made me very, very angry at GoDaddy and HostMonster. And I want you to know why. No one at either company questioned my statement (supported by written proof) that the website belonged to me. No one doubted that it had been transferred without my authority. And yet I had to spend days — days during which the hacker could have done virtually anything he wanted — trying to reach one single person who was able to do anything, because the support staff and supervisors I spoke with (who had to have numbered fifty or more) were completely uninformed as to how to handle this situation beyond saying, “Jeez, that sucks. Can’t help you.” HostMonster and GoDaddy screengrabs And once I reached people who could help me — who could literally make a single phone call or push a single button and return my property to me (or simply freeze it so that it could not be sold or destroyed) — they would not. They hid behind their legal departments and refused to do anything, knowing full well that their inaction would force me to either interact with and pay off a criminal, or lose an essential component of my business. And hackers know that these companies will do this. They rely on it. There is a serious problem when a criminal enterprise not only exists “despite” a company’s policies, but actually thrives as a direct result of that company’s prioritization of their own interests over the security of the clients they allegedly “protect”. Do I understand why companies like HostMonster and GoDaddy are focused on protecting themselves against lawsuits? Of course I do. But the fact is that they not only do not “help” their customers, but actively contribute to creating situations that threaten small businesses and the families that they support. And these companies know that when they stonewall clients whose property has obviously been stolen that these clients will have no other recourse than to pay off criminals or watch their businesses — sometimes their very lives — collapse. They know that by standing in the way of immediate action they create the very environment that these criminals depend upon to perpetuate their business model. And they do nothing. This has to change. My opinion, for what it’s worth Support personnel at hosting companies should be made intimately familiar with ICANN regulations involving domain disputes, and should be able to initiate a plan of action the first time a client makes them aware of a situation, not after hours and hours of repeated calls. Further, the establishment of a TEAC** should result in an immediate freeze on the account in dispute until the situation has been resolved. This should not require an admission of culpability on the part of any parties; simply an acknowledgement that a dispute exists and an awareness that while the dispute exists the domain must be held safe from sale or transfer. What you can do to reduce the chances that this will happen to you: Have a really, really good password, and change it often. Your password should not contain “real” words (and definitely not more than one real word in immediate proximity, like “whitecat” or “angrybird”), and should contain capital letters, numbers and symbols. The best passwords of all look like total nonsense. If possible, use a separate computer (an old one or a cheap one purchased for this purpose) for things like banking; if your family computer is the same one that you use for bank transactions you risk having your kids click on a bad link that results in a hacking. Turn off your computer and personal devices when they’re not in use. Have antivirus software on your computer (but remember that virus scans only catch 30–40% of viruses, so unfortunately a “clean” check doesn’t necessarily mean that you’re safe). Purchase CyberRisk Insurance (learn more about it here; it basically protects businesses from cyber attacks and data breaches. But if it does happen to you, here’s what to do: Begin taking careful notes (and screenshots) immediately. Don’t delete any emails or other information; it could all be important later on. Immediately change all of your passwords (including — but not limited to — domain registrar, website hosting, website login information, email, bank accounts, wireless home electronics, and Apple ID) according to the rules stated below. I changed mine every few hours while this situation was still up in the air, and am continuing to change them every few days for the time being. Contact the registrar(s), citing the ICANN policy below, and see if together you can arrive at a speedy resolution. Don’t be surprised if you find yourself running into dead ends. Make sure to inquire about “filters” and “rules” that may have been placed on your email (basically, any kind of device that the hackers may have placed to forward emails, et cetera). Contact appropriate law enforcement (I contacted the FBI because it appeared to be an international issue, and was at the very least an interstate issue because Escrow.com is located in California, and I’m in New York). Note: Every situation is different, and I can’t wholeheartedly recommend the steps that I took that ultimately resulted in me regaining control over my domain name largely because they involved interacting with criminals. Obviously that isn’t ideal, and can have unpredictable consequences. (Although my husband says that he would like it to be known that he thinks I’m a huge badass. While this is ordinarily very far from the truth, in this specific instance…I’ll take it.) The End. (That was long. Thanks for reading.) *** *** *** *ICann.Org is the Internet Corporation for Assigned Names and Numbers (ICANN) is responsible for managing and coordinating the Domain Name System (DNS). ICANN’s policy on Domain Name Dispute Resolution essentially states that in the case of a domain dispute, the Losing Registrar (the registrar that maintained possession of the domain name pre-transfer, as opposed to the “Winning Registrar”, who maintains possession of the domain name post-transfer). must immediately establish a Transfer Emergency Action Contact (“TEAC“) in an effort to get the ball rolling in the direction of resolution right away). Once I had this information, my case was immediately upgraded. **TEAC: A contact that is established by ICANN and used by other registrars and ICANN if there is a need to quickly address issues with domain transfers between two registrars. The contact must respond to inquiries within four hours, though final resolution may take longer. https://medium.freecodecamp.com/hackers-stole-my-website-and-i-pulled-off-a-30-000-sting-operation-to-get-it-back-143d43ee3742#.kzqd38i72

Καλωσήρθες !!!

https://www.exploit-db.com/exploits/41570/

Security researchers have discovered a Zero-Day vulnerability in the popular Apache Struts web application framework, which is being actively exploited in the wild. Apache Struts is a free, open-source, Model-View-Controller (MVC) framework for creating elegant, modern Java web applications, which supports REST, AJAX, and JSON. In a blog post published Monday, Cisco's Threat intelligence firm Talos announced the team observed a number of active attacks against the zero-day vulnerability (CVE-2017-5638) in Apache Struts. According to the researchers, the issue is a remote code execution vulnerability in the Jakarta Multipart parser of Apache Struts that could allow an attacker to execute malicious commands on the server when uploading files based on the parser. "It is possible to perform an RCE attack with a malicious Content-Type value," warned Apache. "If the Content-Type value isn't valid an exception is thrown which is then used to display an error message to a user." The vulnerability, documented at Rapid7's Metasploit Framework GitHub site, has been patched by Apache. So, if you are using the Jakarta-based file upload Multipart parser under Apache Struts 2, you are advised to upgrade to Apache Struts version 2.3.32 or 2.5.10.1 immediately. Exploit Code Publicly Released Since the Talos researchers detected public proof-of-concept (PoC) exploit code (which was uploaded to a Chinese site), the vulnerability is quite dangerous. The researchers even detected "a high number of exploitation events," the majority of which seem to be leveraging the publicly released PoC that is being used to run various malicious commands. In some cases, the attackers executed simple "whoami" commands to see if the target system is vulnerable, while in others, the malicious attacks turned off firewall processes on the target and dropped payloads. "Final steps include downloading a malicious payload from a web server and execution of said payload," the researchers say. "The payloads have varied but include an IRC bouncer, a DoS bot, and a sample related to the Bill Gates botnet... A payload is downloaded and executed from a privileged account." Attackers also attempted to gain persistence on infected hosts by adding a binary to the boot-up routine. According to the researchers, the attackers tried to copy the file to a benign directory and ensure "that both the executable runs and that the firewall service will be disabled when the system boots." Both Cisco and Apache researchers urge administrators to upgrade their systems to Apache Struts version 2.3.32 or 2.5.10.1 as soon as possible. Admins can also switch to a different implementation of the Multipart parser. http://thehackernews.com/2017/03/apache-struts-framework.html

It's time to say both hello and goodbye. Hello to Red Hat Enterprise Linux (RHEL) 6.9, the latest update to the RHEL 6 platform. And, goodbye, because this will be the last major update to this six-year-old enterprise Linux server distribution. Red Hat has just released the last major version of its RHEL 6.x operating system family: RHEL 6.9. RHEL 6.x has long been a business server favorite. With this last edition, Red Hat delivers new hardware support and updates to Transport Layer Security (TLS) 1.2 to improve network security. As you probably know, if you care at all about security, TLS implementations such as OpenSSL have had numerous security holes in recent months. The new RHEL 6 also comes with broader support for the latest Payment Card Industry Data Security Standard (PCI DSS)standards. If you're using RHEL in retail, this alone makes RHEL 6.9 a must-update. Jim Totton, Red Hat's VP and general manager of the Platforms Business Unit, said in a statement, "For more than six years, RHEL 6 has provided enterprise IT with a more secure, stable, and reliable platform for mission-critical workloads, from financial systems to national security applications. RHEL 6.9 shows our continued commitment to providing a solid backbone for production deployments, adding security and stability enhancements and an updated container base image to address a variety of vital business IT needs." While emphasizing stability for existing IT infrastructure, RHEL 6.9 looks ahead by supporting the next generation of cloud-native applications through an updated base image. This image enables you to migrate your existing RHEL 6 workloads into container-based applications. These can then be deployed on RHEL 7, RHEL Atomic Host, or Red Hat OpenShift Container Platform. As for RHEL 6 itself, it enters Production Phase 3 on May 10, 2017. That means that subsequent updates will be limited to critical security fixes and business-impacting urgent issues. RHEL 6.x will be supported until at least November 2020. After that its support life may be extended onward with extended life-cycle support. For more details on RHEL's support see the Red Hat Enterprise Linux Life Cycle web page. Since RHEL subscriptions aren't tied to a particular release, you can also update your RHEL 6 servers to RHEL 7 whenever you want with no charge. To help you with this migration, Red Hat provides instructions and two tools: Preupgrade Assistant and Red Hat Upgrade Tool. RHEL 6.9 is now available to all customers with an active Red Hat Enterprise Linux subscription via the Red Hat Customer Portal. If you're already a RHEL 6 user, this update is a no-brainer. Its security improvements alone make upgrading your servers to it a top priority. http://www.zdnet.com/article/red-hat-releases-the-last-of-the-rhel-6-x-line/

cPanel TSR-2017-0002 Full Disclosure SEC-208 Summary Addon domain conversion did not require a package for resellers. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 2.7 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L Description Previously, when you converted an addon domain to a normal account, it was not required that a reseller specify a package for the account creation. This allowed the reseller to use the system's "default" package that has no account limits. Now, an addon domain conversion requires that a reseller have and specify a valid package for the account. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.62.0.17 11.60.0.39 11.58.0.45 11.56.0.46 SEC-217 Summary Self XSS Vulnerability in WHM cPAddons 'showsecurity' interface. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 4.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N Description When accessing the WHM cPAddons 'showsecurity' interface, the 'addon' parameter was not adequately escaped during page output. This could allow for arbitrary code to be injected into the rendered page. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.62.0.17 11.60.0.39 11.58.0.45 11.56.0.46 SEC-218 Summary Arbitrary file read via WHM /styled/ URLs. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 6.0 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Description WHM supports /styled/ URLs in order to allow for reseller interface customization and branding. It is possible for these URLs to load and display content from a reseller's home directory. These files were being loaded as the root user. This allowed for arbitrary files on the system to be read. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.62.0.17 11.60.0.39 SEC-219 Summary File overwrite when renaming an account. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 3.2 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N Description When renaming an account it was possible to manipulate the security policy directories within the user's home directory to overwrite certain files the user did not own. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.62.0.17 11.60.0.39 11.58.0.45 11.56.0.46 SEC-220 Summary Arbitrary code execution during account modification. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 8.2 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H Description When the primary domain of an account was changed in WHM's "Modify an Account" interface, the .htaccess file in the account's docroot was updated. This .htaccess update process included a syntax test, where it was possible for the cPanel user to execute arbitrary code as root. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.62.0.17 11.60.0.39 11.58.0.45 11.56.0.46 SEC-221 Summary Arbitrary code execution during automatic SSL installation. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 8.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Description During Autossl installation for user-controlled domains, the .htaccess file in the domain's docroot was updated to bypass redirects that would interfere with the domain validation process. This .htaccess update process included a syntax test, where it was possible for the cPanel user to execute arbitrary code as root. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.62.0.17 11.60.0.39 SEC-223 Summary Security policy questions were not transfered during account rename. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 2.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N Description If an account had security questions set up, and that account was renamed, the questions were not transferred to the renamed account correctly. This allowed an attacker to set up their own security questions by logging into the target account after an account rename was performed. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.62.0.17 11.60.0.39 11.58.0.45 11.56.0.46 SEC-224 Summary cPHulk one day ban bypass when IP based protection enabled. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Description It was possible under certain settings to never trigger a one day ban when IP-based protection was also enabled. Now, IP addresses are properly one day banned when the specified threshold is reached. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.62.0.17 11.60.0.39 11.58.0.45 11.56.0.46 SEC-225 Summary Code execution as root via overlong document root path settings. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 8.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Description By specifying a document root path which exceed Apache's maximum configuration line length limit, it was possible for this excessive data to be interpreted as a new configuration directive. This could allow for an attacker to run arbitrary code as the root user. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.62.0.17 11.60.0.39 11.58.0.45 11.56.0.46 SEC-226 Summary Arbitrary file overwrite via WHM Zone Template editor. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 6.8 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N Description The WHM Zone Template editor interface did not properly validate the template filename when saving. This allowed resellers to overwrite arbitrary files on the system. Credits This issue was discovered by rack911labs.com. Solution This issue is resolved in the following builds: 11.62.0.17 11.60.0.39 11.58.0.45 11.56.0.46 SEC-227 Summary Expand list of reserved usernames. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 6.0 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N Description It was possible to create certain user accounts and then leverage the user's home directory to enable various exploits. These account names have been added to the reserved username list. Credits This issue was discovered by rack911labs.com. Solution This issue is resolved in the following builds: 11.62.0.17 11.60.0.39 11.58.0.45 11.56.0.46 SEC-228 Summary Adding parked domains to mail config did not respect domain ownership. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 2.4 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N Description It was possible for a reseller to add parked domains, that they did not own, to the Exim mail configuration. A reseller must now own the parked domain to perform any action on it. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.62.0.17 11.60.0.39 11.58.0.45 11.56.0.46 SEC-229 Summary URL filtering flaw allowed access to restricted resources. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 4.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Description Due to faulty URL filtering, authenticated webmail accounts could access the PHPMyAdmin and PHPPGAdmin interfaces. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.62.0.17 11.60.0.39 11.58.0.45 11.56.0.46 SEC-232 Summary Demo code execution via Htaccess::setphppreference API. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 7.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L Description The Htaccess::setphppreference API call was not restricted for demo accounts and accepted arbitrary data to be written into the account's .htaccess file. This could allow for an attacker to execute arbitrary codeunder the demo account. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.62.0.17 11.60.0.39 11.58.0.45 11.56.0.46 SEC-233 Summary Arbitrary code execution for demo accounts via NVData_fetchinc API call. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 7.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L Description The NVData_fetchinc API call could accept an arbitrary filename to be included and processed by the cPanel engine. It was possible for an attacker to use this to execute arbitrary code under a demo account. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.62.0.17 11.60.0.39 11.58.0.45 11.56.0.46

If you want to turn a polite conversion into a heated debate then start talking about religion, politics, or text editors. Yes, you heard me right. Text editors. Without trying to rekindle the editor wars, let’s look at when you might consider using nano, emacs, or vim. Nano Nano is without a doubt the simplest, least complicated, and least powerful of the three editors. The great thing about nano is that it really doesn’t have much of a learning curve. Anytime you’re using nano you’ll see a list of all the commands you’ll need at the bottom of your screen. You don’t have to remember any commands ever. Just know that the caret symbol “^” represents the control key. So ^X is really Ctrl-X and it exits nano. When you perform different operations the menu displayed at the bottom of your screen updates with the currently available commands. Also, any prompts that need to be dealt with are displayed at the bottom of the screen as well. For example, if you try to exit nano and have unsaved changes, you’ll be prompted to save them with a Yes/No question. Nano Pros: No learning curve. Easy to use. Idiot proof. Good for simple edits. Nano Cons: Making complicated edits can be difficult and time-consuming. No powerful features such as macros, editing multiple files at once, window splitting, vertical block/rectangle selecting/editing, auto-completion, etc. Who Nano Is For: Nano is great for people who are new to the command line or for anyone who needs to make a very simple edit. If you’re a casual Linux user or hobbyist, nano might be all you ever need. Emacs Emacs is a text editor, but it’s so much more than that. It comes with a built-in web browser, IRC client, calculator, and even Tetris. See for yourself: Emacs has a keyboard shortcut for absolutely everything. The good thing about that is you can often stay in your normal typing position which makes you fairly efficient. The downside of that is you end up having to remember a lot of shortcuts with various combinations using multiple modifier keys. For example, the shortcut to quit Emacs is C-x C-c. That means you’ll hold down the control key, type x, then type c. One of the areas where Emacs really shines is its ability to be fully customized. If you find yourself wanting to do something the authors didn’t think of, you can implement it yourself using Emacs Lisp. Of course, you have to know or learn Lisp to do it, but it’s at least possible. Emacs Pros: Customizable and extensible. Powerful editing capabilities. Mature integration with many free software programming tools. You never need to leave it because you can edit files, browse the web, and so on. Emacs Cons: Questionable ergonomics. (AKA: Emacs Pinky Syndrome.) If you want to customize Emacs you’ll need to learn Emacs Lisp which introduces a whole new learning curve. Not available everywhere by default. If you need to edit files on a system that you don’t have root access to and emacs isn’t installed, then you’ll end up using vim. Lack of emacs availability is common for server installations. Who Emacs Is For: Emacs is for people who want more than just a text editor as Emacs can be an “environment.” It’s also for people who have a strong desire or need to customizations. Vim I’m a huge fan of the “make each program do one thing well” philosophy. As we’ve already covered, Emacs is not only a text editor, it’s also an IRC client, a game console, and a web browser. You could argue that the one thing Emacs does well is editing text, but it’s definitely not my go-to choice for a web browser. Nano does one thing, but not very well. When I say “not very well” I mean that it has limited functionality as a text editor. That leaves Vim. It adheres to the “do one thing and do it well” philosophy because the one thing it does extremely well is editing text. If you’re a sysadmin, a programmer, or anyone who needs to do serious text editing, then vim could be the next (and last) editor you’ll ever need to learn. Once you have a handle on vim you’ll be super fast and efficient. If you’re going to work regularly at the command line, learning this powerhouse editor is a worthwhile investment. With the ability to edit and view multiple files at once, create macros, perform global substitutions and more, you’ll look like a genius when you click a couple of buttons on your keyboard and great swaths of text fall into place just like you want. Even if you’re not into being as productive as you can be, you still need to learn the basics of vim because sooner or later you’ll end up using it whether you like it or not. Vim is the default editor for the overwhelming majority of Linux distributions. This means you’ll find yourself using vim with programs that do not include their own built-in editor such as crontab, visudo, git, etc. Also, because many server installations only include what is necessary to perform their primary function, you often won’t find emacs installed by default. With sysadmin tools relying on vim and the lack of other text editors, knowing vim is a must. Said another way, if you are or ever want to be a Linux system administration you HAVE to know vim. Vim Pros: Vim serves one and only one purpose; to efficiently edit text. It’s astoundingly powerful. Making complicated edits can be quick and easy. You can unlock unparalleled efficiency and speed with powerful features such as multiple file/window support, keyboard shortcuts for everything, macros, registers, quick command repetition, auto-completion, text objects, filters, and global substitutions. Vim Cons: The learning curve often scares away new users. If you don’t know what you’re doing you’ll look like an idiot. (“Who do I exit out of Vim?!?!?!”) If you only ever need to perform super simple edits, Vim can be overkill. Who Vim Is For: Vim is a must for Linux system administrators. It’s also great for programmers because coding is mainly editing plain text files which Vim excels at. It’s also ideal for anyone who works on the command line often or has to log into Linux servers. Really, Vim is for those who work with textual data of any type. https://www.linuxtrainingacademy.com/nano-emacs-vim/

Linux ip Command Networking Cheat Sheet https://www.linuxtrainingacademy.com/linux-ip-command-networking-cheat-sheet/

Year 2038 problem From Wikipedia, the free encyclopedia Animation showing how the date would reset, represented as a signed 32-bit integer (at 03:14:08 UTC on 19 January 2038). The Year 2038 problem is an issue for computing and data storage situations in which time values are stored or calculated as a signed 32-bit integer, and this number is interpreted as the number of seconds since 00:00:00 UTC on 1 January 1970 (the epoch).[1] Such implementations cannot encode times after 03:14:07 UTC on 19 January 2038, a problem similar to but not entirely analogous to the Y2K problem (also known as the Millennium Bug), in which 2-digit values representing the number of years since 1900 could not encode the year 2000 or later. Most 32-bit Unix-like systems store and manipulate time in this Unix time format, so the year 2038 problem is sometimes referred to as the Unix Millennium Bug by association. https://en.wikipedia.org/wiki/Year_2038_problem

δεν αναλύουν κάτι παραπάνω άρα πρακτικά είναι bug fix release ?

March 16, 2017 With the first TSR release of 2015 we began providing CVSSv2 scores in our full disclosure of resolved security issues in cPanel & WHM. The CVSSv2 scoring system is a free and open standard that attempts to rate the severity of security vulnerabilities (finalized in June 2007). In June 2015 this scoring system was updated to version 3, and includes several changes to the way that the scores are determined. Specifically, the underlying vectors used to derive the numerical scores of the metric groups have been changed, and the updated scoring system is intended to reflect a more accurate estimation of the severity of vulnerabilities. Beginning with the second TSR release of 2017 (TSR-2017-0002, expected on March 21st), we will provide a CVSSv3 Base vector score range in our TSR announcements, and the full Base vector string and score for each resolved vulnerability in our full disclosure announcements. If you would like to learn more about the various vectors used to calculate CVSSv3 scores along with the underlying reasoning as applicable to the CVSS standard, please see https://www.first.org/cvss and https://www.first.org/cvss/calculator/3.0. http://news.cpanel.com/updates-to-tsr-announcement-and-disclosure-information/

είμαστε για update απόψε

Η πλειονότητα των μελετητών προβλέπει νέες εξελίξεις στον τομέα της τεχνολογίας στο κοντινό μας μέλλον. Προβλέπουν ότι το διαδίκτυο θα καταστεί ακόμη πιο σημαντικό για τη ζωή μας, αν και θα είναι λιγότερο ορατό. Υποστηρίζουν ότι το διαδίκτυο θα καταστεί αντίστοιχο της «ηλεκτρικής ενέργειας» και θα προσφέρει ακόμη μεγαλύτερη διασύνδεση ανάμεσα στον άνθρωπο και τη μηχανή με αποτέλεσμα να αλλάξει τα πάντα, από τις διαπροσωπικές αλληλεπιδράσεις έως τις αποφάσεις που λαμβάνονται σε κυβερνητικό επίπεδο σε όλο τον κόσμο. Είναι γεγονός ότι το διαδίκτυο όχι μόνον αναπτύσσεται, αλλά και εξελίσσεται στις τελευταίες δύο δεκαετίες, συχνά με απρόβλεπτους τρόπους. Η πρώτη ώθηση έγινε με την κατασκευή του διαδικτύου. Εταιρείες, όπως η AOL δημιούργησαν την υποδομή και έφεραν καταρχάς την Αμερική και μετέπειτα τον υπόλοιπο κόσμο σε απευθείας συνεχή ή διαρκή σύνδεση. Η φάση αυτή κορυφώθηκε γύρω στη στροφή του εικοστού αιώνα, θέτοντας τις βάσεις για το δεύτερο κύμα, το οποίο επέφερε την έλευση των εφαρμογών και υπηρεσιών θέτοντας το διαδίκτυο κυρίαρχο τόσο στο πεδίο της επικοινωνίας, όσο και στην οικονομία. Στις μέρες μας έχει ήδη δρομολογηθεί ένα τρίτο κύμα. Σύμφωνα με τις προβλέψεις, στην επόμενη δεκαετία, το διαδίκτυο θα έχει μια πανταχού παρουσία, η ταχύτητα με την οποία θα διανέμει κείμενα, στοιχεία και εικόνες θα είναι τεράστια, με αποτέλεσμα η μαζική του χρήση να το καταστήσει όχι μόνον αναπόσπαστο μέρος της καθημερινής μας ζωής, αλλά και θα καταστεί «αόρατο», δηλαδή πανταχού παρόν, όπως σήμερα αντιλαμβανόμαστε και χρησιμοποιούμε το ηλεκτρικό ρεύμα. Οι αριθμοί είναι καθηλωτικοί: Το 1995 συνδέονταν στο διαδίκτυο 39,6 εκατομμύρια άνθρωποι στον κόσμο. Ο αριθμός τους ανήλθε στο 1 δισεκατομμύριο το 2005, στα 3,2 δισεκατομμύρια το 2015 και προβλέπεται να ανέλθει στα 7,6 δισεκατομμύρια ανθρώπους το 2020 - αξίζει να σημειωθεί ότι σύμφωνα με τις προβλέψεις ο διαδικτυακός πληθυσμός θα είναι μεγαλύτερος του πραγματικού ανθρώπινου πληθυσμού. Από την παράθεση και μόνον των παραπάνω στοιχείων, διαφαίνεται ότι το διαδίκτυο έρχεται πλέον να αμφισβητήσει την πρωτοκαθεδρία άλλοτε κραταιών τομέων της οικονομίας, όπως η υγειονομική περίθαλψη, η εκπαίδευση, οι χρηματοοικονομικές υπηρεσίες, η ενέργεια και οι μεταφορές, που αθροιστικά αντιπροσωπεύουν περισσότερο από το ήμισυ της δυτικής οικονομίας. Αναλογιστείτε μόνον, πόσο η έλευση του διαδικτύου έχει μεταβάλλει τον τρόπο παροχής της εκπαίδευσης. Το e-Learning, λόγου χάρη, είναι μια από τις εφαρμογές του. Ενδεχομένως, η εξάπλωση του διαδικτύου θα ενισχύσει την παγκόσμια συνδεσιμότητα, την αναβάθμιση των σχέσεων μεταξύ των κοινωνιών. Τα στοιχεία είναι και πάλι εντυπωσιακά. Κάθε δευτερόλεπτο στέλνουμε 7.173 τουίτ, κάνουμε 53.766 αναζητήσεις στο Google, βλέπουμε 120.607 βίντεο στο YouTube, στέλνουμε 2.481.685 μηνύματα από το ηλεκτρονικό ταχυδρομείο, ενώ η κίνηση στο διαδίκτυο ανέρχεται στα 35 εκατομμύρια μεγαμπάιτ στο δευτερόλεπτο. Οι ταχύτητες γίνονται πιο γρήγορες επίσης. Το 1995 για να κατεβάσει κανείς ένα τραγούδι 4λεπτης διάρκειας ήθελε 540 δευτερόλεπτα, το 2005 χρειαζόταν 11 δευτερόλεπτα και το 2015 το «φόρτωνε» στη στιγμή, σε μόλις 2 δευτερόλεπτα. Το διαδίκτυο, η τεχνητή νοημοσύνη και ένας τεράστιος όγκος δεδομένων, θα κάνουν τους ανθρώπους να έχουν καλύτερη κατανόηση του κόσμου τους και της συμπεριφοράς τους. Δεν είναι λοιπόν τυχαίο ότι οι περισσότεροι εμπειρογνώμονες προβλέπουν ότι στο όχι μακρινό μας μέλλον, το «διαδίκτυο των πραγμάτων» θα περιλαμβάνει ένα παγκόσμιο, καθηλωτικό, αόρατο περιβάλλον δικτύου υπολογιστών. Τα δεδομένα που διακινούνται πολλαπλασιάζονται: Η Αmazon ήδη διαθέτει 30 κέντρα δεδομένων, με 50.000 σέρβερ. Εκτιμάται ότι μέσα στο 2017 θα υπάρχουν ανά τον κόσμο περίπου 9 εκατομμύρια κέντρα δεδομένων. Οι περισσότεροι προβλέπουν ότι στο όχι μακρινό μας μέλλον, το «διαδίκτυο των πραγμάτων» θα περιλαμβάνει: Ένα παγκόσμιο, καθηλωτικό, αόρατο, ατμοσφαιρικό περιβάλλον δικτύου υπολογιστών. Μια συνεχή εξάπλωση των έξυπνων αισθητήρων, φωτογραφικών μηχανών, λογισμικού, βάσεις δεδομένων και τεράστια κέντρα δεδομένων σε έναν κόσμο - που θα βασίζεται σε αυτό που αποκαλείται ως το «Διαδίκτυο των Πραγμάτων» - σύμφωνα με το οποίο το διαδίκτυο επεκτείνεται στο φυσικό κόσμο, εμπεριέχοντας και συνδέοντας πράγματα, φυσικά αντικείμενα της καθημερινότητας και τεχνουργήματα μέσω πρωτοκόλλων και από απόσταση. Φορητές τεχνολογίες που θα επιτρέπουν στους ανθρώπους να «αυξήσουν την πραγματικότητα». Το τέλος των επιχειρηματικών μοντέλων που αναδύθηκαν τον 20ο αιώνα, κυρίως στα πεδία της εκπαίδευσης, της ψυχαγωγίας και των έντυπων μέσων ενημέρωσης. Διαχείριση ενός απίστευτου σε μέγεθος όγκου δεδομένων. Στην ουσία βρισκόμαστε ενώπιον μιας ευρύτερης αλλαγής, όπου θα απαιτηθούν συμμαχίες, και εποικοδομητικός διάλογος ανάμεσα στους κόσμους της πολιτικής, της οικονομίας και της επικοινωνίας, η οποία όπως και τα στοιχεία συνιστούν θα αποκτήσει ακόμη μεγαλύτερη δυναμική. Με άλλα λόγια, ένας «νέος γενναίος ψηφιακός κόσμος» αναδύεται με ταχύτητα, καθώς το διαδίκτυο κι άλλες συναφείς τεχνολογίες εξαπλώνονται. Αλλά θα μπορούσε αυτό να είναι κακή παρά καλή είδηση; Το χάσμα όμως ανάμεσα σε πλούσιες και λιγότερο πλούσιες χώρες παραμένει. Για παράδειγμα, οι λιγότερο πλούσιες χώρες που δεν έχουν πρόσβαση στις τεχνολογίες θα εμφανίσουν μειονεκτήματα σε σχέση με άλλες, και σε ορισμένες περιπτώσεις, σύμφωνα με τις προβλέψεις, θα μπορούσαν να επιδεινωθούν οι κοινωνικές ανισότητες. Κάτι τέτοιο έρχεται σε αντίθεση με ορισμένες από τις υποθέσεις όπως ότι η διάδοση του διαδικτύου θα μειώσει τις ανισότητες. Στην Ινδία, για παράδειγμα, η πρόσβαση στο διαδίκτυο, παρά την απήχηση κι εκεί του Facebook, παραμένει περιορισμένη. Αναμφισβήτητα η θεαματική ανάπτυξη του διαδικτύου έχει αλλάξει όχι μόνο τα επιχειρηματικά μοντέλα, αλλά και τον τρόπο που λειτουργούμε ως κοινωνία. Έχει επηρεάσει το πώς αναζητούμε, μοιραζόμαστε τις πληροφορίες, τον όγκο των πληροφοριών που θα πρέπει να μοιραζόμαστε, το πώς θα επικοινωνούμε μεταξύ μας, όταν επικοινωνούμε, κοκ. To «Επόμενο Διαδίκτυο», όπως αποκαλείται, συγκεντρώνει και συνδυάζει τρία διασυνδεδεμένα συστήματα: το Cloud Computing, το Big Data Analytics και το Διαδίκτυο των πραγμάτων. Υπόσχεται στις επιχειρήσεις και τους κυβερνητικούς οργανισμούς κεντρική αποθήκευση και υπηρεσίες δεδομένων σε τεράστια ψηφιακά εργοστάσια, που επεξεργάζονται και αναλύουν τις αδιάκοπες ροές των πληροφοριών, που συλλέγονται από δικτυωμένους αισθητήρες, που αποθηκεύονται σε κάθε πιθανή συσκευή των καταναλωτών, στο γραφείο ή στην αγορά, καθώς και σε ζωντανούς οργανισμούς. Αλλά δημιουργεί επίσης σημαντικές προκλήσεις σχετικά με το περιβάλλον, την προστασία της ιδιωτικής ζωής και της εργασίας. Το Cloud και τα Big Data έχουν ενισχυθεί σημαντικά από την ανάπτυξη του διαδικτύου. Από ρολόγια που παρακολουθούν την πίεση του αίματος στα ψυγεία που σας ζητούν να αγοράσετε νέο γάλα, από γραμμές συναρμολόγησης «επανδρωμένων» από ρομπότ έως τα μη επανδρωμένα αεροσκάφη που παραδίδουν όπλα, υπόσχεται έναν βαθύτερο κοινωνικό αντίκτυπο. Το Ίντερνετ των πραγμάτων αναφέρεται σε ένα σύστημα που εγκαθιστά αισθητήρες και συσκευές θερμικής επεξεργασίας σε αντικείμενα καθημερινής χρήσης (π.χ. ρολόγια) και τα εργαλεία παραγωγής (ρομποτικών βραχιόνων), και να τους συνδέει σε δίκτυα που συγκεντρώνουν και να χρησιμοποιούν τα δεδομένα σχετικά με τις επιδόσεις τους. Αναφερόμαστε στον ομολογουμένως περίεργο όρο του «Διαδικτύου των πραγμάτων», διότι, σε αντίθεση με το διαδίκτυο που γνωρίζουμε, το οποία συνδέει τους ανθρώπους, το «Διαδίκτυο των πραγμάτων» συνδέεται κυρίως με αντικείμενα. Οι αισθητήρες στο ψυγείο σχηματίζουν ένα δίκτυο από πράγματα που αναφέρεται σε αυτό που είναι μέσα και πώς χρησιμοποιείται. Το διαδίκτυο των πραγμάτων έχει καταστεί δυνατό από τις προόδους στην ικανότητα να σμικρύνει τις συσκευές σάρωσης και να παρέχουν επαρκή επεξεργαστική ισχύ για την παρακολούθηση μιας δραστηριότητας, την ανάλυση μιας χρήσης και να παραδώσει τα αποτελέσματα της καταγραφής μέσω των ηλεκτρονικών δικτύων Πώς θα αντιμετωπίσουμε αυτόν το νέο γενναίο, ψηφιακό κόσμο; Τι κάνουμε εμείς στην Ελλάδα; Δυστυχώς παραμένουμε απασχολημένοι με την πρώιμη φάση της ανάπτυξης του διαδικτύου, μετρώντας την διάδοσή και την απήχησή του, όταν αυτά τα ζητήματα σε άλλες χώρες θεωρούνται ήδη ξεπερασμένα. Στέλιος Παπαθανασόπουλος Καθηγητής Οργάνωσης και Πολιτικής των Μ.Μ.Ε. | Τμήμα Επικοινωνίας και Μέσων Μαζικής Ενημέρωσης ΕΚΠΑ http://www.indeepanalysis.gr/nees-technologies/to-diadiktyo-twn-anthrwpwn-kai-twn-pragmatwn

Iread your Nginx and Let’s Encrypt free SSL certificate tutorial. However, I use Lighttpd web server on AWS cloud. How do I secure my Lighttpd web server with Let’s Encrypt free SSL certificate on my Ubuntu Linux 16.04 LTS or Debian Linux 8.x server?Let’s Encrypt is a free, automated, and open certificate authority for your website or any other projects. You can grab free TLS/SSL certificate to create encrypted HTTPS session for your site visitors. In this tutorial, I will explain how to use Let’s Encrypt to install a free SSL certificate for Lighttpd web server along with how to properly deploy Diffie-Hellman on your Lighttpd server to get SSL labs A+ score. Our sample setup Fig.01: Our sample Lighttpd TLS/SSL Security with Let’s Encrypt on Debian or Ubuntu Linux Default Lighttpd config file : /etc/lighttpd/lighttpd.conf Default Lighttpd SSL config file : /etc/lighttpd/conf-enabled/10-ssl.conf Lighttpd SSL certification directory : /etc/lighttpd/ssl/cyberciti.biz/ Lighttpd DocumentRoot (root) path : /var/www/html/ Lighttpd TLS/SSL Port: 443 Our sample domain: www.cyberciti.biz Dedicated public IP: 74.86.26.69 Step 1 – Install acme.sh client Type the following apt-get command/apt command:$ sudo apt-get install git bc wget curl Sample outputs: Fig.02: Install git and bc on Ubuntu/Debian Linux Step 2 – Clone repo Type the following commands:$ cd /tmp $ git clone https://github.com/Neilpang/acme.sh.git $ sudo -i # cd /tmp/acme.sh/ # ./acme.sh --install Sample outputs: Fig.03: Clone the acme.sh client using git Rest of all command need to be type as root user. Become root user:$ sudo -i Step 3 – Create /.well-known/acme-challenge/ directory Type the following command (set D to actual server.document-root path as per your setup):# D=/var/www/html # mkdir -vp ${D}/.well-known/acme-challenge/ ###---[ NOTE: Adjust permission as per your setup ]---### # chown -R www-data:www-data ${D}/.well-known/acme-challenge/ # chmod -R 0555 ${D}/.well-known/acme-challenge/ Step 4 – Create directory to store SSL certificate Type the following mkdir command:# mkdir -p /etc/lighttpd/ssl/cyberciti.biz/ Step 5 – Create your dhparam.pem file Type the following command to create a strong Diffie-Hellman (DH) group file:# cd /etc/lighttpd/ssl/cyberciti.biz/ # openssl dhparam -out dhparam.pem -dsaparam 4096 Sample outputs: Step 6 – Issue a certificate for your domain The syntax is:acme.sh --issue -w /server.document-root-path/ -d www.example.com acme.sh --issue -w /var/www/html/ -d example.com -k 2048 To issue a certificate for www.cyberciti.biz, enter:# acme.sh --issue -w /var/www/html -d www.cyberciti.biz -k 4096 Sample outputs: Fig.04: Issue a certificate Step 7 – Enable ssl for Lighttpd Type the following command:# lighttpd-enable-mod sslEnabling ssl: ok Run /etc/init.d/lighttpd force-reload to enable changes Step 8 – Lighttpd SSL Configuration Edit the file /etc/lighttpd/conf-enabled/10-ssl.conf, enter:# vi /etc/lighttpd/conf-enabled/10-ssl.conf Update it as follows: # turn on ssl # $SERVER["socket"] == "0.0.0.0:443" { ssl.engine = "enable" ssl.disable-client-renegotiation = "enable" ssl.pemfile = "/etc/lighttpd/ssl/cyberciti.biz/ssl.pem" ssl.ca-file = "/etc/lighttpd/ssl/cyberciti.biz/ca.cer" ssl.dh-file = "/etc/lighttpd/ssl/cyberciti.biz/dhparam.pem" # ECDH/ECDHE ciphers curve strength ssl.ec-curve = "secp384r1" ssl.use-compression = "disable" # Environment flag for HTTPS enabled setenv.add-environment = ( "HTTPS" => "on" ) ssl.use-sslv2 = "disable" ssl.use-sslv3 = "disable" ssl.honor-cipher-order = "enable" ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH" # HSTS(15768000 seconds = 6 months) setenv.add-response-header = ( "Strict-Transport-Security" => "max-age=15768000;" ) } Save and close the file. Step 9 – Install the issued certificate for Lighttpd web server First create a hook for lighttpd ssl.pem file as follows:# vi /root/.acme.sh/www.cyberciti.biz/hook.sh Append the following script: #!/bin/bash dom="www.cyberciti.biz" #your domain name dest="/etc/lighttpd/ssl/cyberciti.biz" #lighttpd ssl path root croot="/root/.acme.sh/${dom}" #acme.sh root path for your domain ### NO edit below ### sslfile="${dest}/ssl.pem" #lighttpd .pem file path certfile="${croot}/${dom}.cer" #lighttpd certficate file path keyfile="${croot}/${dom}.key" #lighttpd key file path echo "Running lighttpd cmd..." /bin/cat "${certfile}" "${keyfile}" > "${sslfile}" /bin/systemctl restart lighttpd Save and close the file. Set executable permissions:# chmod +x /root/.acme.sh/www.cyberciti.biz/hook.sh Above script will create a file named /etc/lighttpd/ssl/cyberciti.biz/ssl.pem (ssl.pem =cert+privkey). Type the following command to install certificate and restart the lighttpd web server:# acme.sh --installcert -d www.cyberciti.biz \ --capath /etc/lighttpd/ssl/cyberciti.biz/ca.cer \ --reloadcmd '/root/.acme.sh/www.cyberciti.biz/hook.sh' Sample outputs: Sun Mar 12 19:51:30 UTC 2017] Installing CA to:/etc/lighttpd/ssl/cyberciti.biz/ca.cer [Sun Mar 12 19:51:30 UTC 2017] Run reload cmd: /root/.acme.sh/www.cyberciti.biz/hook.sh Running lighttpd cmd... [Sun Mar 12 19:51:30 UTC 2017] Reload success Step 10 – Test it Verify that lighttpd running on port 443# netstat -tulpn | grep ':443'tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 379/lighttpd Step 11 – Open port 443 using ufw firewall Type the following ufw command to open port 443:# ufw allow proto tcp from any to 74.86.26.69 port 443 Type the following url in your browser:https://www.cyberciti.biz How do I renew a certificate? # acme.sh --renew -d www.cyberciti.biz How do I upgrade acme.sh client? # acme.sh --upgrade A note about cron job A cron job will try to do renewal a certificate for you too. This is installed by default as follows (no action required on your part): 33 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/ https://www.cyberciti.biz/faq/how-to-configure-lighttpd-web-server-with-free-lets-encrypt-ssl-certificate-on-debian-or-ubuntu-linux/

Automated Kernel Security Updates Without Reboots Our easy, rebootless install with a single line of code will ensure you never miss another kernel security patch. Supports most popular Linux distributions: https://www.cloudlinux.com/all-products/product-overview/kernelcare

Ultimate Security for Your Linux Web Server New from CloudLinux, the makers of the #1 OS in security and stability for hosted servers For CentOS, RHEL, and CloudLinux 6 & 7, with cPanel Coming soon: DirectAdmin, Plesk, ISPmanager, and servers without a control panel Imunify360 Keeps Your Web Servers Safe Your website is the lifeblood of your business. That’s why you need to protect your web server from digital attacks. Our automated security solution will protect your server from infections, maintain kernel updates, and keep you in the know with relevant information. Hands-off automation keeps your web server secure and keeps you in the know Imunify360 continuously protects your server, but you don’t always need to see the play-by-play. Use the centralized view to check in on the overall state of your server’s security with the option to view all security events. Powerful herd protection against the newest attacks We are constantly collecting and analyzing a massive amount of information about new attacks on a global scale. You benefit from these insights on the newest attacks from the moment you start. A security console right inside your hosting control panel, with 24x7 support Our software is integrated into your control panel (cPanel available now, DirectAdmin, Plesk, ISPmanager, & no panel coming soon), and runs on CentOS, RHEL, and CloudLinux 6 & 7 servers. Our expert staff is available 24/7/365 to answer questions and address any issues you have. https://imunify360.com/

What is CloudLinux OS? CloudLinux OS is the leading platform for multitenancy. It improves server stability, density, and security by isolating each tenant and giving them allocated server resources. This creates an environment that feels more like a virtual server than a shared hosting account. By doing so, CloudLinux OS reduces operating costs and churn rates, and increases profitability. CloudLinux OS is designed for shared hosting providers. It isolates each customer into a separate “Lightweight Virtualized Environment” (LVE), which partitions, allocates, and limits server resources, like memory, CPU, and connections, for each tenant. This ensures that tenants cannot jeopardize the stability of your servers, causing all sites to slow down or even come to a halt. CloudLinux OS also “cages” tenants from one another to avoid security breaches. This way, unstable scripts or malware are not able to sprawl across your customer sites, causing severe harm. Results you can expect We work with thousands of hosting companies, and we see improvements in server performance, utilization, and margins across all of them! https://www.cloudlinux.com/all-products/product-overview/cloudlinuxos

Σημερα ειχα ενα θεμα με WebMail όπου όλα τα αρχεία είχαν σωστά perms / ownership αλλά σε WebMail ο χρηστης δεν εβλεπε πια τα email του παρά μονο: "mail server closed the connection unexpectedly" Το περίεργο αλλά και θετικό ήταν πως δεν είχε σχέση με την IP ανα session, ούτε με άλλο email account ακόμη και στο ίδιο Package ( σε addon domain ) Παντα μιλάμε για cPanel box Την λύση την έδωσαν οι ίδιοι με ενα απο τα δικά τους scripts /scripts/remove_dovecot_index_files --user {user} --verbose ενδιαφερον fix [*] (1/1) Processing cPanel user: '{user}' … Unlinking '/home/{user}/mail/dovecot.index.log' … Unlinking '/home/{user}/mail/{domain}/{user}/dovecot.index.log.2' … Unlinking '/home/{user}/mail/{domain}/{user}/dovecot.index.cache' … Unlinking '/home/{user}/mail/{domain}/{user}/dovecot.index' … Unlinking '/home/{user}/mail/{domain}/{user}/dovecot.index.log' … Unlinking '/home/{user}/mail/{domain}/{user}/.Sent/dovecot.index.cache' … Unlinking '/home/{user}/mail/{domain}/{user}/.Sent/dovecot.index' … Unlinking '/home/{user}/mail/{domain}/{user}/.Sent/dovecot.index.log' … Unlinking '/home/{user}/mail/{domain}/{user}/.Drafts/dovecot.index.cache' … Unlinking '/home/{user}/mail/{domain}/{user}/.Drafts/dovecot.index' … Unlinking '/home/{user}/mail/{domain}/{user}/.Drafts/dovecot.index.log' … Unlinking '/home/{user}/mail/{domain}/{user}/.Trash/dovecot.index.cache' … Unlinking '/home/{user}/mail/{domain}/{user}/.Trash/dovecot.index' … Unlinking '/home/{user}/mail/{domain}/{user}/.Trash/dovecot.index.log' … Unlinking '/home/{user}/mail/{domain}/{user}/.spam/dovecot.index.log' … Unlinking '/home/{user}/mail/{domain}/{user}/.Junk/dovecot.index.log' … Unlinking '/home/{user}/mail/{domain}/{user}/.Archive/dovecot.index.log' … [+] '{user}' processed. To script το βρηκα και εδω http://www.batangrande.com/fotos/sym/root/scripts/remove_dovecot_index_files #!/usr/local/cpanel/3rdparty/bin/perl # cpanel - scripts/remove_dovecot_index_files # Copyright 2015 cPanel, Inc. # All rights Reserved. # copyright@cpanel.net http://cpanel.net # This code is subject to the cPanel license. Unauthorized copying is prohibited package scripts::remove_dovecot_index_files; use strict; use File::Find (); use File::Spec (); use Getopt::Long (); use Cpanel::Config::LoadCpConf (); use Cpanel::PwCache (); use Cpanel::Reseller (); use Cpanel::Config::Users (); use Cpanel::Config::LoadUserOwners (); use Cpanel::AccessIds::ReducedPrivileges (); exit run(@ARGV) unless caller(); my $verbose = 0; sub run { my @cmdline_args = @_; return usage(1) if !@cmdline_args; unless ( $> == 0 && $< == 0 ) { return usage( 1, "[!] This program can only be run by root!\n" ); } my $opts = {}; Getopt::Long::GetOptionsFromArray( \@cmdline_args, 'all' => \$opts->{'all'}, 'reseller=s@' => \$opts->{'reseller'}, 'user=s@' => \$opts->{'user'}, 'verbose' => \$verbose, 'help|h' => \$opts->{'help'}, ); return usage(0) if $opts->{'help'}; my $cpconf_ref = Cpanel::Config::LoadCpConf::loadcpconf(); if ( $cpconf_ref->{'mailserver'} ne 'dovecot' ) { return usage( 1, "[!] The configured mailserver is not Dovecot. Action aborted.\n" ); } return process_all_users_on_server() if $opts->{'all'}; process_reseller( $opts->{'reseller'} ) if $opts->{'reseller'} && scalar @{ $opts->{'reseller'} }; process_cpanel_user( $opts->{'user'} ) if $opts->{'user'} && scalar @{ $opts->{'user'} }; return 0; } sub process_cpanel_user { my $cpusers_to_process = shift; my ( $index, $total ) = ( 1, scalar @{$cpusers_to_process} ); foreach my $cpuser ( @{$cpusers_to_process} ) { print "[*] ($index/$total) Processing cPanel user: '$cpuser' …\n"; $index++; my $homedir = Cpanel::PwCache::gethomedir($cpuser); my $maildir = File::Spec->catfile( $homedir, 'mail' ); if ( !-d $maildir ) { print "[!] User's maildir was not found: $maildir - $!\n"; next; } my $maxdepth = File::Spec->splitdir($maildir) + 4; my $purge_index_files_codref = sub { File::Find::find( { 'wanted' => sub { # Dovecot index files are in "$homedir/mail/domain.tld/emailuser/<dirname>". # So we limit the depth here to what was determined above. return if File::Spec->splitdir($File::Find::name) > $maxdepth; # Remove files that match: # dovecot.index # dovecot.index.cache # dovecot.index.log # dovecot.index.log.\d+ (rotated log files) return if $_ !~ m/^dovecot\.index(\.cache|\.log(\.\d+)?)?$/; print "Unlinking '$File::Find::name' …\n" if $verbose; if ( -e $File::Find::name && -f $File::Find::name ) { unlink $File::Find::name or print "Failed to unlink '$File::Find::name': $!\n"; } }, 'no_chdir' => 0, # default, but setting to be explicit about the usage. 'follow_skip' => 2, # ignore any duplicate files and directories }, $maildir ); }; eval { Cpanel::AccessIds::ReducedPrivileges::call_as_user( $purge_index_files_codref, $cpuser ) }; print "[+] '$cpuser' processed.\n"; } return; } sub process_reseller { my $resellers_to_process = shift; foreach my $reseller ( @{$resellers_to_process} ) { print "[*] Processing Reseller: '$reseller' …\n"; if ( !Cpanel::Reseller::isreseller($reseller) ) { print "[!] '$reseller' is not reseller.\n\n"; next; } my $owners_hr = Cpanel::Config::LoadUserOwners::loadtrueuserowners( {} ); if ( !( $owners_hr->{$reseller} && 'ARRAY' eq ref $owners_hr->{$reseller} ) ) { print "[!] Failed to fetch list of accounts owned by reseller, '$reseller'.\n\n"; return; } print "\n"; process_cpanel_user( $owners_hr->{$reseller} ); print "\n"; } return; } sub process_all_users_on_server { my $cpusers = Cpanel::Config::Users::getcpusers(); if ( !( $cpusers && 'ARRAY' eq ref $cpusers ) ) { print "[!] Failed to fetch list of cPanel accounts on server.\n"; return; } print "[*] Processing all cPanel users on the server …\n\n"; process_cpanel_user($cpusers); print "\n[+] Finished processing all cPanel users on the server.\n"; return 0; } sub usage { my ( $retval, $msg ) = @_; my $fh = $retval ? \*STDERR : \*STDOUT; if ( !defined $msg ) { $msg = <<USAGE; $0 Utility to remove Dovecot index files. Available options: --user [cPanel username] Remove Dovecot index files from all email accounts setup under the specified cPanel user. Can be specified more than once, to process multiple users at once. --reseller [reseller username] Remove Dovecot index files from all email accounts setup under all the cPanel accounts owned by the specified Reseller. Can be specified more than once, to process multiple resellers at once. --all Remove Dovecot index files from all email accounts setup on the server. --verbose Prints the full paths of the files being removed. --help Prints this help text. USAGE } print {$fh} $msg; return $retval; } 1;

New Google Tricks For Fun: This is no doubt that everyone wants to know Google secret tricks, the tricks that not many people are aware of but still some people do remember those tricks when it comes to necessity, suppose you are a traveller and always want to keep yourself up to date then you will always useGoogle Flight Status like feature. Cool tricks on google had its presence since long-time now it’s time to dig out more. 40 Hidden Cool New Google Tricks For Fun This is no doubt that Google always tries to hide some features from their users so that the users gets curious and does several types of research on those hidden new google tricks. All google tricks are here, to help you we have researched on Top 40 New Google cool Tricks which are very useful, many of them are for fun, if you want to impress your friends in an extraordinary way then use these tricks share with them and do more fun on cool google tricks. Previously we have shared an article on Google hidden games which is also a part of this Top 40 Cool Hidden New Google Tricks! but they are specifically made for users who want to play games on Google. Check out the top below tricks for google! Below 40 Hidden Cool New Google Search Tricks For Fun 1. Google Pacman Best New Google Tricks 2017 For Fun- PacMan The first and will always be in the top is Pacman, one of the google game tricks! yes, Pacman is very popular in the world of gaming since 2010, Pacman Game on Google was on PacMan Anniversary as Google Doodles on May 21, 2010. and Google also made the game officially available for the game lovers on the Google front page which mean’s if your search only for “PacMan” on Google you will be able to see the game with Click to Play option from where you can play Pacman. The game is developed by Namco in the May 1980s when people are yet unfamiliar with the internet and at that time there was a Pacman machine people used to put the coin to play again after the dead of Pacman. now each year on Birthday anniversary of Pacman Google used to embed Doggles in the front Google page! Enjoy the game and more tricks on google. 2. Do a Barrel Roll Google Tricks Best New Google Tricks 2017 For Fun- Do a Barrel Roll Do a Barrel Roll basically determines for aircraft that how a pilot rotates 360° from its axis aerobatic maneuver, the trick is also applied on Google page when you search for Do a Barrel Roll on google you will see the changes, you will have fun for sure, this trick was very old, on 2011 Google introduced some of these tricks on Easter Egg. There are more New Google tricks below you can findout! 3. Google Gravity New Google tricks is here, the most famous! you can use this trick if you want everything should work like earth’s gravity! yes, the gravity we are feeling currently as a living being you will also face the same gravity on Google, everything will fell down. How Can You Do it? Before you move to Google search bar, you need to do some settings on your browser, visit account preferences page and disable the Google’s Instant results, now from address bar type www.google.com and on the search box type Google Gravity and without hitting enter button just move your mouse cursor on the suggestion of Google Gravity you will find ‘I’m feeling lucky’ option click on that. 4. askew Askew – New Google Tricks: 40 Hidden Cool Google Search Tricks For Fun – Updated 2017 Another yet for fun! yes, on this trick you will see all the Google search results on tilt way and if you show your friend who is unaware of this trick then he might think that the monitor has got some serious trouble, use a computer for the best prank! Just type on search box ‘Tilt’ or ‘askew’ and enjoy. 5. Zerg Rush Zerg Rush – New Google Tricks 40 Hidden Cool Google Search Tricks For Fun – Updated 2017 The one interesting search you will encounter with is Zerg Rush, I loved it the most! because when you search this you will find the results are getting destroyed by the Zerg Rush, basically those O’s are the enemy of your search results and will try to kill all the results instantly you just need to win the race against them (Them means they O are in huge numbers) you just need to kill those Zerg Rush before they will all the results. It is very hard to race against them but you will see the final results are GG which means good Game and you will lose the race against Zerg Rush. Search more New Google Tricks below! 6. Atari Breakout Atari Breakout – New Google Tricks 40 Hidden Cool Google Search Tricks For Fun – Updated 2017 On google type ‘Atari Breakout‘ and click on ‘Images’ tab wait for it you will see the results while playing game, this is only for normal gamer who want to spend time playing common game but yet this is one of the popular game when it was launched and now also people used to play this game searching that word ‘Atari Breakout’. Kill all the image results to win the match. Search for atari breakout I’m feeling lucky. 7. Chuck Norris Chuck Norris on previous days was very much popular, people used to search it to know what exactly it is. The result was weird! when someone search for “Find Chuck Norris” then google was with a prompt says “Google won’t search for Chuck Norris because it knows you don’t find Chuck Norris, he finds you.” If you want to know who is Chuck Norris then you will find him as a Martial Artist also he has played a role in The Expandables 2. Now he is a Film Producer and screenwriter. Find Chuck Norris other google tricks and find chuck Norris I’m feeling lucky. Updated Find Chuck Norris: Now when you search for him you will encounter with “Chuck Norris invented Chuck Norris jokes, but he never submitted any because Chuck Norris submits to no one.” Quite confusing? yep yet interesting search! more below! 8. Google Translator Beatbox Yes you heard it right, Google translator Beatbox, if you want to do some experiments with your simple life then you just need some boost enjoyments using this Google Trick, this trick basically a music composer in which Google translator speaks out the written words. And you can enter any letter or word the translator will speakout. let’s try some fun, copy these and paste to the google translator box and then click on Listen. “ 9. Do the Harlem Shake What basically Do the Harlem Shake Google Trick Prank is? this is based onEaster Egg in which a group of pranksters at YouTube have honored the meme by Google YouTube as fun on little Easter Egg with a shake, when you search for ‘Do the Harlem Shake‘ on www.youtube.com then after 15 sec the whole screen will start dancing or we can say the screen will starting shaking including the videos thumbnails and the sidebar navigation. This is an awesome fun trick Google has made for its fan! Anyway, this is not the only meme-based Easter Egg, when Gangnam Style hit 1 Billion views the YouTube set up a dancing view counter. 10. The game Dinosaur One of the most addictive game ever on Google Chrome and on Google. If you are good at playing games then score high than others visit here to start your gaming experience and also you will find players already scored around 35,000 to 40,000 score, if you think you can beat them then good luck with you! this game can be found from Google Search, just type The Game Dinosaur and within the suggestion click “I’m feeling lucky”.. start the game! 11. Conway’s game of life This tricky game was an old one but still if you search for Conway’s Game of Lifethen it will allow continuing browsing to the end of the Google search, basically, behind this game, there is a British Mathematician John Conway who created the theory with a combination of Game of Life. 12. The Loch Ness Monster On Google Map search just type “Loch Ness” which will show you in a doll street view, basically for those who has much time to spend on searching these and getting information of how this things works, use the comment box how you feel working on it. 13. com/sky com/sky – New Google Tricks 40 Hidden Cool Google Search Tricks For Fun – Updated 2017 This Google trick will help you to understand the closer look on our Galaxy world, you can zoom in and zoom out to see different types of comets. See your own Earth and other plants. Just search for com/sky and with the first results you can get the website or you can directly visit here. 14. Buildwithchrome.com Are you interested on creativity? if yes then this google trick in 2017 getting much popular for kids when they want to create their own world on different dimension! yes, just google or direct visit buildwithchrome.com and you will find small pieces with endless Lego. Construct your own world using the unlimited Lego, The best part is you will learn and understand the creativity format on your brain. Yes it’s an educational and playing concept. Keep creating and learning until you get bored in this Lego World! 15. Google “once in a blue moon”. Have you ever seen Blue Moon? search for the term “once in a blue moon” in google and you will see the results as calculation, what exactly it is? The moon turns blue after volcanic eruption occurs and thus the dust particles float in the atmosphere which turns into the diffract blue light, you now will understand why Moon at the time of sunset looks Red. 16. Google Mirror Google Mirror – New Google Tricks 40 Hidden Cool Google Search Tricks For Fun – Updated 2017 Now another interesting Google trick, Google Mirror means whatever you will search on Google Mirror you will find those in backwards written or can be called as a mirror of everything. Have you seen an Ambulance? how does it look at the front bonnet? it is written in a mirror way. Just search on Google ‘Google Mirror’ and do not click enter, just after typing click on ‘I’m feeling lucky’ It will take you to the Google Mirror! Enjoy. 17. Type <blink> in the search box. Just search <blink> on Google and see what happens! You will say that Google has so many things to do. blink blink blink. 18. Google Guitar Google Guitar – New Google Tricks 40 Hidden Cool Google Search Tricks For Fun – Updated 2017 As we are saying from the beginning that how Google is making their Search Engine more convenient in every way, like now you can play or make music using Google Guitar, just search for Google Guitar with same ‘I’m feeling Lucky’ and you are redirected to the Google Guitar page where you will be able to play Guitar Tunes, sing and play! Enjoy More New Google Tricks below! 19. You can use Google as a timer Google as a timer – New Google Tricks 40 Hidden Cool Google Search Tricks For Fun – Updated 2017 It is Awesome isn’t? just search for ‘Set Timer‘ on Google you will be able to set the timer instantly, you really don’t need any additional software to use this timer feature. The only thing you need is Internet, Search ‘Set Timer’ and after you manually set the time you will hear the constant beep sound which means the timer has completed. Works exactly as Stopwatch! Enjoy More New Google Tricks for 2017. 20. Get Direct Forecast of Any City Get Direct Forecast of Any City – New Google Tricks 40 Hidden Cool Google Search Tricks For Fun – Updated 2017 If you are living in San Franciso and want to know the weather condition of that location then you just need to type on Google as “San Francisco Forecast” and you will get your result as how much temperature the city is facing including upcoming days weather forecast as Humidity and wind speed. New Google Tricks For Information is here 2017. 21. Get Information On Particular Site On Google Search for “site:gadgetsay.com” you will find several links which only related to gadgetsay, so if you want to get information on any particular information such as Skype Alternatives then you will get like this, “site:gadgetsay.com skype alternatives” and you will get information only related to Skype Alternatives. 22. At Restaurant Calculate Tip Restaurant Tip Calculator – Google Tricks 40 Hidden Cool Google Search Tricks For Fun – Updated 2017 This trick is one of the “Must Remember” Google trick, yes if you are at a restaurant having dinner what will be the tip if your total dinner cost $500? just search on Google “What is the tip for $500” it will show you the tip price, but you can even adjust the percentage of tip that restaurant is allowing also can set the number of people having dinner. Set as per you like and send some food to Gadgetsay! Enjoy. 23. You can check your flight status. If you are a traveller and want to keep always upto date then use Google Search trick to know your flight status, just on Google Search box search “Flight Status JAL Flight 707” You can use your flight number. 24. Search Movies Showtime on Your Location On Google search box just type “Movie Times at San Francisco” and you will get the bunch of movies show going on San Francisco, it will help you to know which show is going or will start on which theatre. 25. Search for “flip a coin” If you are on a quiz or on at bet with someone and having no bucks then use Google Search for that, just from your smartphone or from manually type “flip a coin” or from the mic itself on smartphone you can say that and it will give you the flip of coin which comes either Heads or Tails. 26. Google General Knowledge And Fun Facts! The most interesting and educational trick ever on Google, yes if you want to boost your general knowledge then this is the best trick for you! just search for “Fun Facts” or “I’m feeling Curious” you will get questions with answers, all are random, you can even click on Ask another question frequently! 27. Listening Animal Sounds On Google If you want to know how animal sounds then you just need to type Animal Sounds on Google Search box and it will give you bunch of animals with their vocal sound! 28. Right Now What People Are Searching Across The World? If you want to know what people are searching around the world right now? then you are on correct place, just go with the link here and see how many people are currently searching for particular or several terms! Check here. 29. Google in 1998 Just type “Google in 1998” in Google Search Box and you will see the results how Google looks like in 1998. it’s a huge transformation between these years. 30. Get direct download link of any Files Get direct download link of an M3p or video or any movie link, we have already shared an article on How to get the direct download link of any file from Google Search, just type in search box “intitle:index.of?mp3 Your song name here” you can change the extension with mp4, 3gp or Avi format. Enjoy ;). 31. Google Is Your Dictionary If you don’t have a dictionary with you then no worries, just Google your word with Define and you will get the meaning of the word you searched for, for example, you want to know the meaning of congregation then on Google type “Define congregation” and you will get the definition of it. 32. Get Alerts On Any Topic You Want To Know If you want to get alerts on any topic such as Trump Speech then just visit hereand type your alerts, make sure you are logged into Google and you will start receiving alerts on every new article on that topic. 33. Search any file type format in Google If you are searching for a specific file type then search keyword like “Filetype:Yourfiletype” or “filetype:.exe” and you will get bunch of files with direct downloading options. 34. Dig More Into A Website Search Info:Website and you will get information or history of any popular website, such as info:theverge.com and you will get information about the site even from Wikipedia. 35. Find Release Date Of Movies In Your Country To find any movie release date then just type the movie name and the release date on Google search box you will see the first release date on big format. “(movie name) Release date” 36. Get any product as per the range you want. Find Products on Google from a given specific price range example; Search 2017 Phones $100..$150 and you will get lists of smartphones which is between 100 to 150 dollar. See result. 37. Are are searching Google in .com extension but getting redirect to .uk or .nl? In a Different Country, Avoid Country Specific Redirects On Google. Go ToGoogle.Com/Ncr and it will not redirect to any country extension and will help you to get US based .com results. 38. Need Calculator? Here you have it. You really do not always need to open any application just to calculate numbers, just open www.google.com and type calculator and all problem solved. 39. Get Recently Published article with alteration on Google Search. If you are searching for a topic and you found several articles on that but didn’t got the recently published articles then you need to use Google Tools, click on Tools after Google Search Box and then you can see several options like Country, Timing and Results type, select Any Time and from there select Past Hour or Past 24 Hours based as per you want. Enjoy! 40. Find twitter profile on Google Just type @ and then any keyword for example; @Gadgetsay, you will find Twitter or Flipboard profile. Conclusion So these are only the top 40 New Google Tricks, if you have more with you then don’t hesitate to add in the comment section so that others can get your tips too! All these New Google Tricks are old ofcourse but still some of them are new and still in use, like Resturant waiter Tip calculation and other regular calculator and the currency exchange rate real-time information, some of these are searched regularly. https://www.gadgetsay.com/hidden-new-google-tricks-search-cool/