OpenSSL Ciphers

Yet another article about why my cipher string is better than yours (updated: Dec 2021) There are several very good articles about hardening OpenSSL ciphers. Over the years I’ve combined lessons learned from others, my own research of standards and best practices, and my own real-life experiences to come up with the OpenSSL cipher string […]

OpenSSL Ciphers Read More »

Virtualmin + SFTP + chroot

SFTP is considered more a secure alternative to FTP and FTPS. The FTP server is needed as the native SSH server is used instead, and SSH does not require an SSL certificate. One drawback is the default configuration of SFTP does not restrict access to the user’s home directory. A chroot’ed setup can easily be

Virtualmin + SFTP + chroot Read More »

Clear systemd journal logs

Journald is a system service for collecting and storing log data, introduced with systemd. It tries to make it easier for system administrators to find interesting and relevant information among an ever-increasing amount of log messages. One of the main differences in journald was to replace simple plain text log files with a special file

Clear systemd journal logs Read More »

Am I Hacked?

Just like driving a car, sooner or later you may have an accident no matter how secure you are. Below are clues to help figure out if you have been hacked and, if so, what to do. The sooner you identify something bad has happened, the more likely you can fix the problem. Clues You

Am I Hacked? Read More »

Boiler Room’s IP Blocklist

For the Boiler Room’s IP Blocklist I have aggregated several blocklists together into a single list to protect from emerging threats, malware & ransomware command-and-controls systems, cyber-criminals, spammers from hell, and noisy research scanners. The list is updated every hour and I also provide Threat Indicator (IOC) files for the Check Point Firewall.

Boiler Room’s IP Blocklist Read More »

Scroll to Top