Category Archives: Apache

Anti Malware for wordpress? Fixing riddled wordpress files..

I recently came across this plugin for wordpress. Just cleaned a site with over 1500 infected files. I ran a small scan and then checked one of the files for processing. It seems to use sed (possibly) to remove the infected line in the files. It keeps a log of all files it cleaned but I’m not sure where it quarantines these. Anyway, it’s really helped me out. I ended up backing the entire site, then clicking the ‘automatically fix all files’ button. Whilst it took a while to do and it did this in batches, it fixed all the files on that site. Very happy with it.

https://wordpress.org/plugins/gotmls/

Free website SSL for my NAS

I own a couple of NAS boxes and I’m using 1 of them right now. My StartCom certificate was nearly about to expire, so I had to generate another CSR for the new certificate. In fact on Apache you can just use the same one I believe, but I wanted to ensure I used the newer 2048 encryption type. In order to do this on a ReadyNAS, you need to generate the CSR and I like to keep things neat, so firstly let’s create a directory for the year –

mkdir /etc/ssl/2016 && cd /etc/ssl/2016

We should the export the private key and generate the certificate signing request –

openssl genrsa -des3 -out mynas.mydomain.com.key 2048

openssl req -new -key mynas.mydomain.com.key -out mynas.mydomain.com.csr

You then use the CSR to create your free certificate, or any authority you like. I used the free one with StartCom and I got mine for a 3 year expiry, which is handy!

Once we get the pem file back, we need to remove the password you set on the private key –

openssl rsa -in mynas.mydomain.com.key -out NOPASS.mynas.mydomain.key

You can then upload it to the nas or copy and paste the certificate and then add it into the same directory to file mynas.mydomain.com.pem. You need to edit a few settings in the /etc/ssl/openssl.cnf file. I changed –

dir = /etc/ssl

certificate = $dir/2016/mynas.mydomain.pem    # The CA certificate

private = = $dir/2016/NOPASS.mynas.mydomain.key # The private key

I’m not sure of a good way to link the apache config to use this new certificate, so what I did was just edit file – /etc/frontview/apache/apache.pem (copy it to /etc/frontview/apache/apache.pem.old first) and then delete the contents and paste in the private key and also the certificate pem file. You could do this –

cp /etc/frontview/apache/apache.pem /etc/frontview/apache/apache.pem.old && cat /etc/ssl/2016/NOPASS.mynas.mydomain.key > /etc/frontview/apache/apache.pem && cat /etc/ssl/2016/mynas.mydomain.pem >> /etc/frontview/apache/apache.pem

You need to also ensure the files are owned by root:root and security is set properly –

chown root:root /etc/ssl/2016/*

chmod 600 /etc/ssl/2016/*

Once that’s all done, just kill apache and start it again.

killall apache-ssl
/usr/sbin/apache-ssl -f /etc/frontview/apache/httpd.conf

 

Remove the passphrase from the certificate.

I installed a certificate for apache to enable SSL on a website. To create the CSR for the authority it asks for a passphrase.

When you install the certificate and restart the httpd service it asks for the passphrase, so it needs to be removed from the private key.

 

 

To do this use the following command:

openssl rsa -in securesite.domain.net.uk.key -out securesite.domain.net.uk.nopass.key

It should ask for the pass phrase again but it will save it as the nopass version.

Make sure you change your ssl.conf file to use the new file:

SSLCertificateKeyFile “/path/to/certficates/securesite.domain.net.uk.nopass.key”