Securing SSH Service on Fedora/RHEL/CentOS

SSH

So you’ve deployed your new VPS or cloud server and SSH is served up on port 22 with password authentication. If you’re reading this, you already know that’s entirely insecure and just begging to be attacked. I’ll detail my procedure for hardening SSH on Fedora Linux, the distro I run. This should also work on downstream RHEL and CentOS, and broadly speaking on any SSH server, though some bits may differ.

Read more

Two Ways to Fully Disable WordPress XML-RPC

XML-RPC test code

Back several years ago when XML-RPC attacks on WordPress were prevalent, I shared some techniques here for selectively countering such attacks. Most users, however, just want to shut XML-RPC off completely. They often land on the widely installed Disable XML-RPC plugin. This plugin unfortunately does not fully work. Let me show you why, share some better solutions, and update my unit testing code for Python 3 in the process.

Read more

Nmap Top Ports Frequencies Study

nmap

By default, Nmap scans the most common 1,000 TCP ports. How does it decide which ones, what coverage does that result in, and what are the ramifications for real world port scanning? Let’s look at the actual numbers behind Nmap’s top ports.

Read more

Leaving Windows for Linux on my Primary System

Fedora

Few outside the technology business may be fully aware that Windows 10 arrives in the context of a major strategy shift at Microsoft. Feeling the heat from Google, Apple, and others, Microsoft needs to mutate and evolve its business models to compete in the end user computing marketplace. Selling Windows and Office licenses for whatever number of cents OEMs pay them for the right to ship these products on newly purchased machines is no longer cutting it in an age of falling PC sales. There’s new business out there, a pie they’re hungry for a big piece of.

Read more

How To Deploy MVPS HOSTS File on an Android Phone

Confirming superuser

I have replaced the default HOSTS file on my Android device with the MVPS HOSTS file, a blacklist for blocking advertising, tracking and malware-distributing server names. Installing this blacklist confers the same browsing security, privacy, and performance benefits on my phone as I have long enjoyed on conventional workstations: ad blocking, faster web page loads and decreased bandwidth usage, mitigation of browsing behavior profiling and contextual ad targeting, and reduced exposure to malware infection by malicious web sites. Allow me to demonstrate the specific procedure that I used and hopefully save others some time.

Read more