Installing ModSecurity to Nginx in Debian 10

Debian finally has a ModSecurity package ready for use in the repository. However, using it with Nginx requires a few steps, which it took a while to figure out.
# Create a work dir for the compilation process
$ mkdir modsecurity-tmp

# Install modsecurity
$ libmodsecurity3 libmodsecurity-dev

# Fetch sources
$ git clone --depth 1
$ apt-get source nginx-full

# Figure out the necessary configuration options
$ /usr/sbin/nginx -V

$ cd nginx-[version]


Fixing a hacked Drupal site

Figure out what's going on

Try to figure out what exactly has been done on the site. If there are no visible content changes, it is possible that your site is used as a proxy server for black-hat SEO. Check the web server access logs to see if there are any URLs that shouldn't be there. Checking Google Search console might also give you some insight in this.

Fixing the site


First impressions on Jolla

I finally got my hands around the new, shiny Jolla – I might've waited for it a bit, since it took about twenty minutes from the SMS telling me I can pick it up to the time I was holding it in my hands... Now that I've toyed with it for a few days, I thought I might open up a bit on how this fresh saviour of the Finnish mobile phone industry feels like.


Replacing BIND with PowerDNS and PowerAdmin

Why the switch?

Recently I started wondering if there would be something better than the old, trustworthy BIND for all my DNS daemon needs. BIND is good, don't get me wrong, but I have to say that I don't feel it makes my job as an administrator for hundreds of domains any easier being (primarily) based on weirdly syntaxed plain-text files that are quite error-prone. So, encouraged by my not-so-recent discovery of Nginx, a very good alternative for the industrial standard Apache, I went on with my crusade to find a perfect DNS daemon.


Selecting a good SMS gateway for Finland

Today I realized I need to add SMS alerts to my dear Zabbix that tries to keep track of my servers' status. I just don't notice email alerts soon enough. However, when you search for SMS gateway from a search engine, there's something like a million results. Which one do I want to use?

I tried a few of them, and tried to find one that was budget-friendly, flexible, fast and reliable. I know, I shouldn't expect to find one that actually fits all those – however I do think I found one that certainly seems to fit most of them.

Here's my experiences on the ones I remembered.


The last dojo – more testing

The fourth, and last, dojo of our course was about Session-Based Testing. That was also (weirdly enough?) the title of the first presentation, that gave us a basic overview of session-based testing, the tester's roles etc. Once again I was late (I still wonder why all the site downtimes happen when you least hope for them...), but I got a good hang of it even seeing only a fraction of the presentation.


The third dojo – Show time!

The third dojo's presentations were about Exploratory testing a web application and Bug management with RedMine. It was, finally, showtime – my group had done a presentation about the first, ET. It was quite a vast subject and we originally had some problems narrowing it down – especially since there isn't really too much sources about ET on a Web application out there. I don't know why, though... It seems to me like ET is THE way to do Web testing. Anyway, we managed to scrape together a usable presentation generally about ET and also on applying it to Web testing.


The second dojo – UI test automation and Watir

The second dojo was about UI test automation and Watir. We started with the presentations – this time one presentation for the whole course. First was the general presentation about UI test automation. I have to admit that having already researched the subject to some extent because of my work, there wasn't that much new information in that presentation. However, the presentation was good and the lecturer's comments about UI test automation software, their problems and experiences about the software was nice.


”Software testing – special course” 101

In this period I'm attending a course that I was very much looking forward to: Software testing – special course. The special part means that it's being lectured by two industry experts on software testing, and the structure of the course is quite different from any other course I've been to. I love the idea of industry people coming to universities as lecturers, because although the university staff are most certainly knowledgeable people on their respective fields, most of the courses have bee held by the same lecturer at least once before.



Subscribe to ZeiPin nurkka RSS