~chuck/blog » Internet http://www.ozymo.com What more could you want? Tue, 17 Oct 2023 03:57:54 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 Plesk 9 and PCI compliance http://www.ozymo.com/explosions/328 http://www.ozymo.com/explosions/328#comments Wed, 14 Apr 2010 08:46:27 +0000 chuck http://www.ozymo.com/?p=328 The basics are easy, as one can attest with a Google search: Apache, Mail, etc.

But, I’ve found that the Plesk CP for Plesk 9 doesn’t run on Apache, it runs on Lighttpd. To disable weak ciphers on a Plesk/Red Hat box, edit /etc/sw-cp-server/applications.d/plesk.conf and add this line:

ssl.cipher-list = “TLSv1+HIGH !SSLv2 RC4+MEDIUM !aNULL !eNULL !3DES @STRENGTH”

I don’t know if you can add it just anywhere, but you ought to be able to. Personally, I put it between the “include_shell” and “index-file.names” lines in the conf, line 11. After all that, issue “service psa restart” and you’re good to go.

You can test the setup using this command:

# openssl s_client -connect localhost:8443 -ssl2

Run that from the box itself, either as root or as a regular user. It gave me a “Connection reset by peer” error on SSLv2 connection. This is expected, and means that SSLv2 has been successfully disabled. Go run that scan again.

Also, keep in mind the recent “Plesk broke openssl” (or vice-versa) fiasco.

/cs

]]> http://www.ozymo.com/explosions/328/feed 0 Superbugs and You http://www.ozymo.com/explosions/36 http://www.ozymo.com/explosions/36#comments Mon, 14 Apr 2008 04:53:24 +0000 chuck http://www.ozymo.com/~chuck/blog/2008/04/13/superbugs-and-you/ So, I read an article that is both sensical and scary:

Flaming Mountainside: Breeding Internet Superbugs

I get a LOT of junk mail in my USPS mailbox in front of my house, and I pretty much ignore it, as long as it doesn’t look terribly important. It goes right into the trash.

I have to agree with vixie in the above article; the issue is not being solved, just pushed away.

In the Linux Admin world, currently, in order to have a mail server that will send to Yahoo! and AOL, among others, you already have to jump through plenty of hoops:

These are just a few things to try, and still, the spam keeps flowing, because the spammer has a need to get his message through.  I suppose I could try Spamassassin or Postini.  Some companies even offer to manage the spam problem for you (and they do a pretty darn good job of it, too!).

As the old saying goes, “Necessity is the mother of invention.” Continuing to “fix” the spam issue will cause the number of spammers fluent in loopholes to exceed the number of hackers available to fix the problem.

All in all, how do we fix the spam issue? The same way we fix the junk mail issue: The delete key.

/cs

]]> http://www.ozymo.com/explosions/36/feed 0