Author: Michael Blood
Automatically Backup Your Data With Windows
With a few clicks, you can automatically backup your data with Windows.
Why Backup Your Data?
Anyone that has used a computer regularly, has experienced some sort of program crash, power failure, or the dreaded computer crash. All come with the loss of data and time, and costing you money. These are just the issues we face in today’s technology driven world. Fortunately, you can take steps to protect your data from loss.
Anyone Can Configure Windows to Backup Data
All versions of Windows have a user interface for setting up automatic backups with just a few clicks. You can customize the system to backup daily, weekly, continually. You can designate the target drive such as an inexpensive backup drive you can attach to your PC. As of this writing you can find backup drives for as little as $75 with 1 terabyte of storage!
How To Backup Your Data
There are several options available to set your data backups on automatic. As I said, Windows has a built in user interface for setting this up. Look for Windows Backup or Backup in the Start menu, do a search or even look in the Control Panel. Point the target drive to your local external drive or a network drive.
Beyond Windows Backup
With the growing popularity of the “cloud”, many cloud-based backup services are becoming available and affordable. So in addition to backing up your data, this will add an extra layer of security in being stored remotely. What’s the advantage? If you’re doing local backups to your external drive and there is a fire at your home/office, your system and backups may be destroyed. Storing your backups remotely removes this issue from the equation. Dropbox, Drive, Carbonite…these are popular options on the cloud.
PCI Updates that ‘might’ help your system pass TrustWave scans
PCI Updates that ‘might’ help your system pass TrustWave scans
I have written another article of apache commands that might make website more PCI compliant.
This is another task based on that article, but this goes a little further to address some additional securiity scans that TrustWave does.
In addition to these configuration in apache, you should also put some items into your .htaccess file.
If your site allows both port 80 and 443, make sure your forward all port 80 requests to 443 so scanners dont bark about you allowing non secure access to the site.
RewriteEngine On
ReWriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
If you have an FTP server that is open to all FTP addresses, consider locking it down to IP Addresses for specific developers (If you dont have a static IP Address, get one!)
<Limit LOGIN> Order allow, deny Allow from w.x.y.z/32 Allow from w.x.y.0/24 DenyAll </Limit>
You will want to make sure you have already installed firewall rules which limit services to only your IP addresses like in this post
Make sure you install / upgrade to the latest apache2 executable (as of 10/15 the minimum needed to pass tests is 2.2.31)
apt-get update apt-get install apache2
Update the /etc/apache2/apache2.conf file to not expose the apache version
ServerTokens ProductOnly
ServerSignature Off
Update your SSL Cipher settings in Apache2.conf to exclude some additional ciphers that are considered insecure
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !ECDHE-RSA-AES256-SHA !ECDHE-RSA-AES256-SHA !ECDHE-RSA-AES256-SHA !ECDHE-RSA-AES256-SHA !DHE-RSA-AES128-SHA !DHE-RSA-SEED-SHA !DHE-RSA-CAMELLIA128-SHA !ECDHE-RSA-RC4-SHA !DHE-RSA-AES256-SHA !DHE-RSA-CAMELLIA256-SHA !ECDHE-RSA-AES128-SHA !RC4-SHA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
Note, the SSL Cipher list above was generated from a list that was created for a previous article for updates to apache. At the that article helped pass a different PCI scan. Since this PCI scan is newer and obviously more in depth, the list of excluded ciphers has increased.
I came up with the list above by reading the ‘Evidence’ column of the TrustWave report and then specifically excluding the listed Ciphers by putting an ! in front of it. As new reports come out and additional ciphers are marked insecure, we will add additional ciphers to the apache files in the same way:
Multiple XSS Vulnerability Update For WP Bakery Visual Composer
Their is a Multiple XSS Vulnerability Update For WP Bakery Visual Composer that was released today. This is a free update from WP Bakery. I have not been able to find the details of the XSS vulnerabilities discovered and patched but I have one client with an older version of the Visual Composer that has been hacked a few times. I suspected this was the culprit and now we have an update for it.
The update is a free download from Code Canyon. Performing the update is easy if you have FTP, just download, extract, and copy over the existing folder /js_composer folder in your WordPress plugins.
If you don’t have FTP access you should be able to upload the .zip file via the plugin updater in the WordPress plugin area.
Google Chrome Incognito Mode To Browse Your Website
Did you know that there is a Google Chrome Incognito Mode To Browse Your Website? Google’s Chrome web browser has a great feature called “incognito”. The incognito mode is like a fresh browser without any cookies or stored identification data. This is great when you want to browse a website anonymously. No tracking data exists about you so it provides a fresh view/experience of any website that you would visit.
I find this helpful especially when I’m scanning my websites for viruses or hacking scripts that are smart enough to hide when the administrator is logged in!
To open a new browser instance in the Incognito mode, use the little hamburger icon in the top right corner and choose New Incognito Window. Enjoy!
Block Advertisements From Your Web Browser
You can block advertisements from your web browser in just a few minutes. By adding any of the latest available ad blocker extensions for your web browser, you can filter out the noise and speed up your browsing!
Chrome users just do a search for: ad blocker chrome extension
AdBlock does a great job blocking ads. Before you know it, you’ll enjoy browsing the web without the constant ad barrage on your eyes! Give it a shot!
Using a CFLOCATION with tokens breaks sessions when used on a different website on the same server
Using a CFLOCATION with tokens breaks sessions when used on a different website on the same server
We host a web application which has multiple installations (multiple domains names) on the same server, it is all hosted by the same Cold Fusion Application Server instance.
Over time we have added new features which allow clients that have multiple domains login to both of the domains using a ‘passthrough key’ which allows them to click one button and it automatically passes them to the next site, which then looks up a secret key in the database confirms that i thas been less than a second and automatically sets up the users session. (this portion is vague because it doesn’t really matter what procedure we went through).
The issue comes up when we use a <CFLOCATION tag which directs the user from Domain A to the Domain B If we do not specify the addtoken=false, then the CFID=xxxx&CFTOKEN=xxxx are appended to the URL. The problem here is that the session from domain A is used for that first transfer page request, then any subsequent page requests (which do not have the CFID and CFTOKEN) will use the CFID / CFTOKEN which is setup for the Domain B . When this happens the session you setup for the transfer page request is gone.
Long story short, specify ADDTOKEN=false at the end of the CFLOCATION when moving from one domain to another.
Complex Restore of Postgres data where multiples rows are deleted from a single row.
Complex Restore of Postgres data where multiples rows are deleted from a single row.
We ran into an issue with a client database where an application deleted upwards of 360 K records. In this process we found we needed to restore a database from several hours ago but we were unable to do a full system restore, so here is the recepie for how to resolve
- restore a database gziped file to a ‘sandbox’ database
#gunzip -c database_back.1014|psql -Uuser database_restore_20150909 - alter the public schema to rename it
#echo ‘alter schema public rename to ‘restore_09122015’|psql -Uuser database_restore_20150909 - dump the database and load to the live db in the new schema
#pg_dump -Uuser database _restore_20150909|psql -Uuser livedb - create insert statements which will insert all missing records from the new schema into the live (public) schema
#awk ‘/tbl/{gsub(“tbl”,””); print “insert into tbl”$1″ select r.* from restore_09122015.tbl”$1″ r left join tbl”$1” n using(“$1″id) where n is null; “}’ tbllist.save | psql –U user livedb.
Note that this relies on your database being in the same consistent naming format tblshortname.shortnameid.
Access the IP Security – Port Firewall on Windows 2000
Access the IP Security – Port Firewall on Windows 2000
In order to access the IP Address / Port restrictions / Firewall tools in Windows 2000.
Use this quick video to see where to click to access.
How To Migrate Database From Microsoft SQL Server 2000 To Microsoft SQL Server 2014
It is easy to Migrate Database From Microsoft SQL Server 2000 To Microsoft SQL Server 2014
Before you start make sure that you have administrative accounts on both servers.
This is 2 step process.
I would recommend reading this post for user export
Also read this document from Microsoft knowledge base.
1. we are going to export database using SQL Scripts from our old MsSQL 2000 server and then use that SQL Script file to create new version of Same database on our New MsSQL2014 server.
Ok on SQL 2000 server right click database you want to migrate then click on Generate SQL Script… as shown in figure 1
Then click on Show All button as shown in Figure 2
Now choose objects to create scripts for:
Next we decide on Formatting as shown in Figure 4
Finally we need to setup some Security and Table Scripting Options and as well one or multiple files, I prefer to use single file per database as shown in Figure 5.
Click Ok and wait for server to do its thing.
Now To the 2014 server…
Open Microsoft SQL Server Management Studio and connect to your 2014 server
click on open file or Ctrl + O (letter o not zero)
find your Exported SQL Script file from 2000 server.
Check your CREATE DATABASE directive and make sure that FILENAME is pointing to the place where you want new database to be stored.
2. Once all this is done we can do data Import using SQL Server Import and Export Wizard as explained in this post.
How To Use Triggers To Run Javascripts In PDF Forms
You can use triggers to run javascripts in PDF forms. You can also run javascripts in PDF forms that will run when the document is opened. The steps follow:
In order to edit the PDF document I used Adobe Acrobat DC. This is not a free app but I think Google has a free app and their are other apps out there for editing PDF documents, however I’m not sure of the capabilities.
Triggers
Be aware that buttons, form fields, radio buttons and similar features are called “fields” in the system. In the form I modified, I created a button field to send the form data over the Internet to our website where a WordPress plugin was waiting to process it.
- In Tools, Prepare Form: double click the “field” to open up the Properties UI
- Visibility controls are on the General tab, Common Properties section
- The field name, for programming purposes, is on the General, Name tab, and NOT the misleading Options, Label tab
- Several Actions and Triggers are available in the Actions tab
- An Action is matched with a Trigger
- “Mouse Up” is the trigger for the completion of a successful mouse click
- Action: Run a Javascript or Submit a form were the two useful features
Submit a form
- Submit a form, URL: is the target URL for the form when the user clicks the Send button. The target location must have some sort of processing feature or script that is designed to accept and process the form data. We have a free plugin available for WordPress named PDF Form Receiver with many options included
- The Submit a form action also has a few formats available. Our free WordPress plugin handles HTML and PDF. HTML setting sends the HTML formatted data. The PDF setting sends the form data as a PDF file attachment
Actions
The Actions system is trigger-based. Now there are instances where you may need to run a javascript within a PDF form automatically when the PDF form is opened, not when something fires a trigger. This is called a Document-level Javascript.
Document-Level Javascript
- Tools, Action Wizard, Create a New Action, More Tools, Document Javascripts. Fill out the name and description, then Save
- In the Document Javascripts, you can edit and create your javascript. Do not begin the javascript with a function or it may cause adverse effects
- Close and Save, then open the PDF in the free Adobe Reader app to test your javascripts