FTP over SSL/TLS (secure connection)

July 1st, 2009 — whplus

Untuk lebih meningkatkan security kami menyarankan anda untuk menggunakan FTP over SSL/TLS agar keamanan komunikasi data lebih terjamin. Dengan FTP over SSL/TLS maka proses transfer data akan dienkripsi untuk menghindari pencurian username/password melalui proses network sniffing.

Bila pada saat login FTP anda menjumpai error sbb:

“Sorry, cleartext sessions are not accepted on this server.
Please reconnect using SSL/TLS security mechanisms.
Connection closed by remote host.”

Berarti SSL/TLS belum dienablekan, silakan enablekan SSL/TLS dan ulangi lagi login FTP anda.

Pastikan software FTP client yang anda gunakan mendukung SSL/TLS.  Berikut ini daftar FTP client yang support SSL/TLS dan cara settingnya:

Read the rest of this entry »

Posted in News. No Comments »

Instalasi dan Konfigurasi LAMP server di Ubuntu 9.04 (Jaunty Jackalope)

July 1st, 2009 — whplus

Berikut ini adalah instalasi LAMP (Linux-Apache-MySQL-PHP) di Ubuntu 9.04 (Jaunty Jackalope) melalui command line:

  1. Instal Apache: $ sudo apt-get install apache2 apache2-doc apache2-mpm-prefork apache2-utils apache2-suexec libexpat1 ssl-cert
  2. Instal PHP: $ sudo apt-get install libapache2-mod-php5 libapache2-mod-ruby libapache2-mod-python php5 php5-common php5-curl php5-dev php5-gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-mhash php5-ming php5-mysql php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl
  3. Instal MySQL: $ sudo apt-get install mysql-server mysql-client libmysqlclient15-dev
  4. Instal phpMyAdmin: $ sudo apt-get install phpmyadmin

Konfigurasi Web Server Apache:

  • Edit file /etc/apache2/sites-enabled/000-default, rubah pada bagian:

<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>

menjadi:

<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>

  • Untuk aktifkan module rewrite gunakan command: $ sudo a2enmod rewrite, sehingga akan muncul:Module rewrite installed; run /etc/init.d/apache2 force-reload to enable.
  • Jalankan/restart web server apache untuk mengaktifkan perubahan yang sudah dilakukan dengan command: $ sudo /etc/init.d/apache2 restart, jika berhasil maka akan muncul:

Restarting web server apache2
…waiting                                                          [ok]

Konfigurasi MySQL:

Untuk mengelola database MySQL gunakan phpMyAdmin. Anda perlu menambahkan user baru selain root untuk akses database nantinya.

  1. Dari browser arahkan URL ke: http://localhost/phpmyadmin. Kemudian masukkan username root dan password.
  2. Setelah login dihalaman phpMyAdmin, pilih tab Hak Akses. Kemudian tambahkan pengguna baru, beri hak atas akses database untuk host localhost.

Konfigurasi php.ini:
Silakan edit  file /etc/php5/apache2/php.ini

Posted in Tutorial. No Comments »

Zen Cart Security Vulnerability Alert

June 29th, 2009 — whplus

If you are running a Zen Cart store, it’s important that you read this message and take action immediately.

A vulnerability has been discovered in the admin section of v1.3.8 (and previous versions). To take advantage of this vulnerability any attacker must know the URL of your admin section. As our security recommendations point out, you should change the folder that your admin resides in as soon as you installed Zen Cart.

SO — THE FIRST STEP YOU **NEED** TO TAKE is to rename your /admin/ folder!
http://tutorials.zen-cart.com/index.php?article=33

However we realise that relying on this ‘Security through Obscurity’ is not foolproof, hence the release of a patch, which can be downloaded from the Zen Cart Support forum, here: http://www.zen-cart.com/forum/showthread.php?t=130161

The zip file there contains a readme.html with full details on how to install the security patch files. The security patch uses Zen Cart’s override system to make installation as simple as possible.

The security patch will work for previous versions in the 1.3.x series.

Older releases i.e v1.2.x are no longer supported and the patch has not been fully tested on those versions, however some parts of the patch should still work with v1.2.x (again see the readme.html file). However we strongly advise anyone using the 1.2.x versions to upgrade to 1.3.8 as soon as possible.

The Zen Cart Team takes security matters very seriously. But security is only as good as those who follow posted recommendations. Please apply the appropriate patches and security measures promptly, for your own benefit.

SUMMARY: Your Action Steps are:

1. RENAME YOUR ADMIN FOLDER !!!!!
Yes, if you haven’t already renamed your /admin/ folder, do it NOW!
Instructions can be found here: http://tutorials.zen-cart.com/index.php?article=33

2. APPLY THE SECURITY PATCH !!!
http://www.zen-cart.com/forum/showthread.php?t=130161

3. Subscribe yourself to the Zen Cart Announcements mailing list:
http://www.zen-cart.com/forum/subscription.php?do=addsubscription&f=2

4. Keep your site’s Zen Cart software up-to-date at all times. Numerous bugs, improvements, and security fixes are included in every new release. It is in your best interests to remain current.
http://www.zen-cart.com/forum/forumdisplay.php?f=2

Sincerely,
The Zen Cart Team

Posted in Referensi. No Comments »
« Older posts «
Newer posts » »