To quote ha.ckers directly they said they were invited to a “Mozilla “milk and cookies pajama party””
|
Wired has the scoop along with photos of this reporter (although from the looks of it she was getting paparazzi level photo coverage on her way out)
|
If you manage and edit your own website or run a blog with it’s own domain then you are probably aware of a type of file called the .htaccess file. You may or may not know what this file actually does, or how to create and edit one but fret not, I’m here to help.
Josiah Cole dot com runs a slightly out of date WordPress 2.1 install (the horror I know), and a fairly standard one at that, with a couple select plugins like Askimet and wp-cache to help me possibly survive another Digging. The one item that is lacking is a complete and robust .htaccess file that sufficiently protects and aids my site in handling traffic and visitors.
This quick tutorial will provide you with an htaccess file that does the following:
1. Protects itself (security)
2. Turns the digital signature off (security)
3. Limits upload size (security)
4. Protects wp-config.php (security)
5. Gives access permission to all visitors with exceptions (security, usability)
6. Specifies custom error documents (usability)
7. Disables directory browsing (security)
8. Redirect old pages to new (optional)
9. Disables image hotlinking (bandwidth)
10. Enables PHP compression (bandwidth)
11. Sets the canonical or “standard” url for your site (seo, usability)
1. Step 1, create a blank .htaccess file. This can be done in Notepad or a comparable simple text editor of your choice (no MS Word does not count although it’s possible). Open Notepad and Click Save, name this file htaccess.txt. If you’re using Windows XP the OS won’t allow you to name a file e .htaccess but don’t worry, you can rename it once it’s been uploaded to your server (no idea how Linux, Vista or OSX handle this).
2. Add content to htaccess.txt. Now that you have htaccess.txt saved, you can start to edit the file and use it to better manage your site without relying on complex PHP or bloated JavaScript code.
The example htaccess file below is one that can be used for a website like this one (running WordPress and nothing else), simply un-comment the sections you’d like to use by removing the # at the beginning of the line and copy+paste the contents into your own .htaccess file.
# protect the htaccess file
<files .htaccess>
order allow,deny
deny from all
</files>
# disable the server signature
ServerSignature Off
# limit file uploads to 10mb
LimitRequestBody 10240000
# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files>
#who has access who doesnt
order allow,deny
#deny from 000.000.000.000
allow from all
#custom error docs
ErrorDocument 404 /notfound.php
ErrorDocument 403 /forbidden.php
ErrorDocument 500 /error.php
# disable directory browsing
Options All -Indexes
#redirect old to new
Redirect 301 /old.php http://www.yourdomain.com/new.php
#block referring domains
RewriteEngine on
RewriteCond %{HTTP_REFERER} digg\.com [NC]
RewriteRule .* - [F]
#disable hotlinking of images with forbidden or custom image option
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com/.*$ [NC]
#RewriteRule \.(gif|jpg)$ - [F]
#RewriteRule \.(gif|jpg)$ http://www.yourdomain.com/stealingisbad.gif [R,L]
# php compression - use with caution
<ifmodule mod_php4.c>
php_value zlib.output_compression 16386
</ifmodule>
# set the canonical url
RewriteEngine On
RewriteCond %{HTTP_HOST} ^yourdomain\.com$ [NC]
RewriteRule ^(.*)$ http://www.yourdomain.com/$1 [R=301,L]
# protect from spam comments
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*yourdomain.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
3. Upload htaccess.txt. Once you’ve created your master piece of an .htaccess file upload the htaccess.txt file to your web server via ftp (in ASCII mode) and rename the file to .htaccess. Once it’s been renamed change the file permissions of the .htaccess file to 644 to further protect it from malicious hacker types.
4. Test, Test, Test. Go to your site, is it still up? Good, now check to see if you can access files you protected, or try and see a directory listing. Not all variables are testable but do your best to make sure your file is working.
Lastly Josiah Cole dot com is now running a variation of the htaccess file above with no hotlink protection (I only host a couple images) and no redirects or custom errors docs (yet). No problems *yet* but I’m still running tests to make sure there are no problems. Maybe my visitors can help me do this by commenting? If I like it I’ll add your suggestion to the article and give you some URL lovin’.
Note: If you are already using a custom permalink structure to format page names, you’ll need to keep that code in the htaccess file in order for that to continue functioning. To see your htaccess file in WordPress click Manage>Files>.htaccess (for rewrite rules).
I found a great article today at TorrentFreak on enabling encryption for several popular BitTorrent clients. My personal client is Azureus, however BitComet and uTorrent are included as well.
The first thing you may have to do before enabling encryption is to change your User Proficiency to something above the rather noobish Beginner to at least Intermediate. Once that is saved you will have access to the encryption options located under the Connection menu.
With bandwidth shaping in full use by many greedy access providers enabling encryption may increase the speed of your BitTorrent downloads considerably. I can’t say from personal use that it’s increased my speeds which are provided by Comcast Business, but I’ll keep an eye on it and report any significant jumps.
I’ve blogged about many security and privacy issues over the years and I’m always on the lookout for new tools that will help me protect my privacy and keep ‘the man’ from snooping on what I do online. DemocraKey.com popped up on my radar and I checked out the website to see what it actually offers. DemocraKey is a small collection of tools bundled up to run on any flash media or even your ipod. The applications included are Clamwin (virus scanner) Torpark (private browsing) and Thunderbird with a GPG plugin to allow secure email transmission. It’s a 50mb download so it should fit on almost any removable flash media you may have.
Imagine carrying a portable security suite with you wherever you go. Walk up to any computer, quickly scan it for viruses, and then defeat any internet access blocks to view any website you want anonymously. It’s here, and the DemocraKey 2.0 Lite let’s you have it on your iPod.
I’ve used TorPark and some Portable Apps for several years and think they’re both great projects. Torpark takes a great privacy tech in Tor and bundles it with every geek’s favorite web browser Firefox which produces an incredibly easy to use private browsing experience. No configuring proxies, no funny business, just launch the browser and wait a few seconds for the Tor circuit to initialize and you’re off browsing.
Features
* Protect your computer from viruses with a security enhanced version of Firefox
* Visit sites that are blocked by your school/employer/government
* Hide your internet actions with Tor
* Encrypt personal emails with GPG
* Scan your computer with portable built in Antivirus software
* Runs from any portable media - iPod, USB key, Digital Camera…
* It’s FREE and Open Source!
