Category Archives: Security

GMail authentication problem in PHPMailer

A client website recently has moved to a new server and the Drupal PHPMailer module failed to authenticate the Gmail account. You could try the following steps to allow other application to access your account.

1. Go to and click Continue.
Continue reading GMail authentication problem in PHPMailer

Nginx – Setup HTTP Authentication

HTTP Authentication is the easiest way to prevent anonymous user access to your website. If you are on Apache, you can refer to the following post.
.htaccess – Setting Password For Your Web Folder

After you have created the password file, you could add the following line in the .htaccess or in the Apache VirtualHost.
Continue reading Nginx – Setup HTTP Authentication

Secure the SSH protocol by Key Authentication

My server was hacked. ToT

One day i found that i couldn’t login the server thru SSH and the CPU usage jumped to 100% for more than 12 hours. Finally i could login as root and found that a new user R00T was created and the SSH service was restarted with all settings in the sshd config file commented out. =.=

So from now on i will use Key Authentication instead of simple Password Authentication. Here is a very useful guide on which shows you how to secure your server.
Linode Library – Securing Your Server

In order to use the Key Authentication, you need to generate the private key and public key on your desktop/labtop computers. This is straight forward if you are a Mac or Linux user who could use the ssh-keygen command. But for Windows user, you have to use 3rd party program like PuTTYgen. I suggest using WinSCP + PuTTY.
Continue reading Secure the SSH protocol by Key Authentication

Google – How to fix “This site may harm your computer”

If your website is marked as “This site may harm your computer” by Google, most likely your site is hacked. In that case, log in to Google Webmaster Tools and it will shows you which URLs are “infected”. This should help a lot to clean the malware.

So make sure you have configured Google Webmaster Tools for your live websites. Continue reading Google – How to fix “This site may harm your computer”

Portecle – Keystore and Certification Manager

Previously, i was working with an web application which allows me to upload a certificate into a keystore. Unfortunately, it only accept certificate in Base64/PEM format but not binary. So i have to convert the certificate into Base64/PEM and this could be done by Portecle.

Portecle is a very useful Java program with User Interface which make keystore and certificate management a piece of cake. The following screenshots show you how to get the Base64/PEM encoding from a binary certificate. Continue reading Portecle – Keystore and Certification Manager