Drupal warns of mass SQL injection website hacks

As platform becomes the Australian Government standard. The security team for Drupal project is warning users that websites running unpatched installations of version 7 of the popular open source content management system (CMS) may be compromised by automated attacks. “You should proceed under the assumption that every Drupal 7 website was compromised unless updated or ...

Microsoft “loves Linux” as it makes Azure bigger, better

11 million servers, new giant VMs, and more third-party app support. Wait, what happened at this thing?!? Microsoft In San Francisco today, Microsoft CEO Satya Nadella said something that was more than a little surprising: Microsoft loves Linux. The operating system once described as a “cancer” by Nadella’s predecessor, Steve Ballmer, is now being embraced ...

Still reeling from Heartbleed, OpenSSL suffers from crypto bypass flaw

Bug in crypto library strips away one of the Internet’s most crucial protections. Wikimedia A researcher has uncovered another severe vulnerability in the OpenSSL cryptographic library. It allows attackers to decrypt and modify Web, e-mail, and virtual private network traffic protected by the transport layer security (TLS) protocol, the Internet’s most widely used method for ...

Optimizing NGINX and PHP-fpm for high traffic sites

After 7 years of using NGINX with PHP, we learned a couple of things about how to best optimize NGINX and PHP-fpm for high traffic sites. Below is a collection of tips and recommendations: 1. Switch from TCP to UNIX domain sockets UNIX domain sockets offer better performance than TCP sockets over loopback interface (less copying ...

Here’s everything you need to know about the Heartbleed web security flaw

  photo: Thinkstock / aetb SUMMARY:Researchers have discovered a serious flaw known as Heartbleed that affects the security software that runs on about two-thirds of the servers on the internet and could expose user data, including passwords. Here’s what you need to know about it It seems as though every week or so there’s a new ...

Heartbleed vulnerability may have been exploited months before patch [Updated]

Fewer servers now vulnerable, but the potential damage rises. Aurich Lawson / Thinkstock Update: Errata Security’s Robert Graham has acknowledged that he was mistaken in his assessment, and that private keys could be at risk. The original story below has been marked up accordingly. There’s good news, bad news, and worse news regarding the “Heartbleed” bug that affected nearly ...

Using the ZFS next-gen filesystem on Linux

If btrfs interested you, start your next-gen trip with a step-by-step guide to ZFS. If you’re not an expert on armored anteaters that’s a pangolin. Aurich Lawson / ThinkStock In my last article on next-gen filesystems, we did something in between a generic high altitude overview of next-gen filesystems and a walkthrough of some of btrfs’ ...

Understanding a little more about /etc/profile and /etc/bashrc

  Recently I was working on an issue where an application was not retaining the umask setting set in the root users profile or /etc/profile. After looking into the issue a bit it seemed that the application in question only applied the umask setting that was set in /etc/bashrc and would not even accept the ...

Five Must-Have Linux System Monitoring Tools for System Administrators

A Linux system administrator needs a special set of skills, and if you are switching from another type of server, you need to know how to access some of the tools you can use to maintain and monitor the Linux server. These are particularly useful when the server experiences bottlenecks, whether this is hard disk, ...

Nginx for Developers: An Introduction

If you are a web developer, you’ve probably heard of nginx (pronounced engine-x). Nginx is a fast and extremely powerful http and reverse proxy server that can be used to quickly and easily serve webpages. Unfortunately, like many sysops tools, there is very little documentation and very few tutorials that explain how it works and how to ...