Tag Archives: server

Enable anti-clickjacking X-Frame-Options header

The Nikto scanner came up with this minor ‘hole’: + The anti-clickjacking X-Frame-Options header is not present The rationale behind Anti-Clickjacking is described in http://tools.ietf.org/html/draft-ietf-websec-x-frame-options-00 and http://security.stackexchange.com/questions/13341/security-issues-using-iframes To enable the header in Apache: 1) enable mod-headers module, if not enabled yet. Command: 2) add line “Header always append X-Frame-Options SAMEORIGIN” to /etc/apache2/httpd.conf 3) restart Apache… Read More »

Self hosting: Testing web server security

Since I’m starting to host this blog myself, I need to test the security of my web server. My first search ended up with Nikto scanner tool (http://hackertarget.com/nikto-tutorial/). It is very easy to run and completes the scan in less than 10 minutes. The scan is by no means complete and more tools will be… Read More »

Self-hosting my blog

I’m starting to self-host my blog. That also means changing the blog engine from Serendipity to WordPress. I hope all will run smooth after the upgrade

Restoring ZFS drive

Today I ran through an exercise of restoring a ZFS pool. The beginning of one hard drive participating in the pool (no raidz) was incidentally overwritten.. by me. I’m glad I noticed the mixup and cancelled dd, but still 60MB was gone. I spent a few evenings analysing and fixing the MBR, partition table and… Read More »