Thoughts about coding and books

How to download ca certificate chain

It might happen that some machine has missing CA chain certificates and you get error OpenSSL: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure Unable to establish SSL connection. If accessing the specific URL in browser works without warning then you can export and download CA certificate chain In Firefox right-click > View Page Info > Security >Read more about How to download ca certificate chain[…]

Access virtualbox shared folders from Ubuntu and fix ruined ubuntu installation.

If you are running Ubuntu virtualbox guest then you cannot access the shared folder under /media/shared with regular user. However you can fix this by adding your user to vboxsf additional group.

Important! make sure you append the additional group so that other groups are not removed! Run te command below as exactly as seen and replace you username. If the permission is not applied immediately then reboot.

usermod -a -G vboxsf username

In case you forgot flag -a then it is bad but not hopeless 🙂 Read more about Access virtualbox shared folders from Ubuntu and fix ruined ubuntu installation.

How to hire a freelancer – 10 lessons learnt

These days everybody are full of ideas but no time to make these happen. Same here, I have great business ideas every a few weeks but while working full-time on my day job I have hard time to implement these on my own and all my friends are also very busy.

I decided to try out the www.getacoder.com service to find affordable quality help to my projects and so far I have not been disappointed while following the below steps.

1. Write down IN DETAIL what you want to be done.

Before posting a job to www.getacoder.com make sure you have as detailed as possible overview of your requirements. This is called BRD – Business Requirement Document. This must list everything like, user must be able to register, user must be able to login etc. Programmers can take this doc and can implement every feature step by step. Read more about How to hire a freelancer – 10 lessons learnt

Promote keyword in website – Learn from proffessionals

DISCLAIMER If you are looking for help against DDOS look here. This page describes how to promote keywords in webpage.

Recently one of my friend had Spam attack in his rather small website. It happened on 20th of December and by 25th, when it was discovered, Google webmasters tool keywords top was full of unwanted sexual oriented words and one keyword was way above others.

Best webmasters struggle promoting keywords like that. I analyzed the situation and here is what I can say about the technique that was effective:

  • Just repeating keyword in after every a few words works.
  • Keywords are in sentences that kinda makes sense.
  • Keywords are in link titles.

If you worry about your pagerank then try linking to high pagerank pages. In long run this technique does not pay and it it much more reasonable to write original and useful text that readers are expecting and looking for.

This is example how promoting keyword DDOS might look like:

Read more about Promote keyword in website – Learn from proffessionals

Observations of Roboo usability and effectiveness agains DDOS

Before taking Roboo into use for protection against DDOS it is needed to take a look into cons and pros of it.

Firstly nothing comes without drawbacks and sideeffects. Here are some that you need to consider.

  • Searchengine crawlers have trouble indexing site. You never want that.
  • Webservice clients have issues. Api calls might breaks and SVN server over https does not work well.
  • Developers http://www.ecl-labs.org website by itself is not using the Roboo.

Good whitelisting plan must be developed to combat valid non-browser interactions.

I did some quick bruteforce analysis of performance  with 3 virtualmachines on vmware. Target was simple vulnerable web application WackoPicko used to test web application vulnerability scanners 1 core 1GB RAM. Roboo machine was ubuntu server 1 core, 1GB RAM. Third was more powerful server where httperf was run. All of these machines were run inside one physical server on vmware ESXi.

Here are the testing results: Read more about Observations of Roboo usability and effectiveness agains DDOS

Install Roboo to Ubuntu for DDOS protection.

I was fortunate enough to take part in Black Hat 2011 EU where was first public presentation of Roboo the HTTP mitigator http://www.ecl-labs.org/2011/03/17/roboo-http-mitigator.html. What is less fortunate is that it can be a pain to install, mostly because of dependency on perl modules. I have tried it a few times and present my experience in here.

Get yourself roboo which comes as a nginx module written in perl. Also get nginx example configuration. Newest versions are available in github https://github.com/yuri-gushin/Roboo. Place these files to those locations

/etc/nginx/nginx.conf
/opt/local/share/nginx/Roboo.pm
To avoid problem below modify first line of nginx.conf and change user nobody to www-data for example:
Starting nginx: [emerg]: getgrnam("nobody") failed in /etc/nginx/nginx.conf:1
configuration file /etc/nginx/nginx.conf test failed

It is tempting to install nginx from reposotory but you will get error.

Starting nginx: [emerg]: unknown directive "perl_modules" in /etc/nginx/nginx.conf:10
configuration file /etc/nginx/nginx.conf test failed

Read more about Install Roboo to Ubuntu for DDOS protection.