Tricks and Trips

How to block pictures, video or other files from direct URL Access via the .htaccess file?

We were having issues with excessive bandwidth usage on our site cfts.co recently a lot of people were downloading .mp4 background…

We were having issues with excessive bandwidth usage on our site cfts.co recently a lot of people were downloading .mp4 background from our site, consuming over 25GB bandwidth a month so very quickly we had to come up with a solution, after a lot of duckduck going (a google alternative) and a few mins of playing around we came up with the below, this has been working very well for us and have seen no issues to date.

Add the below text to your .httacces file

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^https://(www\.)?cfts\.co [NC]

RewriteCond %{HTTP_REFERER} !^https://(www\.)?cfts\.co.*$ [NC]
RewriteRule \.(txt|mp4)$ - [F]
# or you can use this for a more frendly denial.
# RewriteRule \.(txt|mp4)$ /messageforcurious [L]

This returns 403, if you access images directly, but allows them to be displayed on site.

You can change/add files extensions to exclude from direct URL access by changing this part, for example (txt|mp4|png|jpg|pdf)

If you're using a local web server for development etc. this may be more useful.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost.*$ [NC]
RewriteRule \.(gif|jpg)$ - [F]

Note: It is possible that when you open some pages with image and then copy that image's path into the address bar you can see that image, it is only because of the browser's cache, in fact, that image has not been loaded from the server.

0 answers321 viewsPosted 5 months agoby peter2cfu
Was this helpful?
0

How to Change/Reset the Joomla Administrator Password

Your Joomla administrator account was configured as part of the Joomla installation. You can change your username, password and email…

Your Joomla administrator account was configured as part of the Joomla installation. You can change your username, password and email address that was configured for you. When you choose a new password, be sure to use a strong one.

  1. Login to the back end of your Joomla site. If you need help logging into your back end you can go here: How do I access the back end of my Joomla site?
  2. Under the Users, Menu choose User Manager.
  3. Click Super User account.
  4. You can now change the login name, password and email address for your administrator account
  5. Click Save & Close

How to Reset the Joomla Administrator Password

  1. Login to your Control Panel.
  2. Click the System tab.
  3. Under My Subscriptions select your domain name.
  4. Click Websites & Domains.
  5. Select Databases.
  6. Click on the name of your database.
  7. Under the Tools menu choose Webadmin to open phpMyAdmin.
  8. Click on the *_users table. The full table name has a prefix and will look similar to jos_users.
  9. Find your admin user and click on Edit.
    admin password
  10. Copy d2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199 into the password field and click on Go.
  11. You will see a "1 row affected" message and your password will have been changed to secret.
  12. Login to the back end of your Joomla site with your admin account and the password secret and change your password to something more secure.
0 answers361 viewsPosted 7 months agoby peter2cfu
Was this helpful?
0

How to do IP/URL Canonicalization via .htaceess?

What is IP and URL  Canonicalization and why it is important for SEO? It is quite important to understand Canonicalization.…

What is IP and URL  Canonicalization and why it is important for SEO?

It is quite important to understand Canonicalization. Probably the term is very difficult to pronounce, but it is one of the most important terms in the world of SEO. Canonicalization refers to how a website can use different URLs and/or IP's for the same piece of content (usually the entire web page). For example; every website resolve to a particular IP address of the hosting machine.

“Canonicalization is the process of picking the best URL when there are several choices, and it usually refers to home pages. For example, most people would consider these the same URLs:

http://www.cfts.co
http://cfts.co
https://www.cfts.co
https://cfts.co

But technically all of these URLs are different. A web server could return completely different content for all the URLs above. When Google “canonicalizes” a URL, we try to pick the URL that seems like the best representative from that set.

This behaviour is not search-engine friendly, because the spiders are unsure as which URL is the correct one (If I put it right, which page is a Canonical one among the set of pages with same contents). The search engines don’t like duplicate contents and so URL and to a much lesser extent, IP canonicalization is very important in SEO point of view.

Here’s what Google says about Canonical Page:

A canonical page is the preferred version of a set of pages with highly similar content.

There are 2 types of Canonicalization the most common URL and the other IP, let's take our domain as an example

  1. URL http://cfts.co and http://www.cfts.co get redirected to https://cfts.co
  2. IP 212.38.189.64 gets redirected to https://cfts.co also. (do not do this if you're on a shared IP)

How to configure IP canonicalization in Apache Web server?

The problems with IP Canonicalization can be fixed using the mod_rewrite module and .htaccess. If your website is running on an Apache web server, then you can copy the below lines and paste into the appropriate place in the  .htaccess file located in website’s root directory.

IP Canonicalization has more to do with server-side configuration – although, we can sort this out with a 301 redirect.

IP Canonicalization -- BEGIN
RewriteCond %{HTTP_HOST} ^212\.38\.189\.64
RewriteRule (.*) https://cfts.co/$1 [R=301,L]
##### IP Canonicalization -- END

*There is no guarantee that IP canonicalization will improve a site's search engine ranking.

Remove the www prefix and redirect to https

To ensure that all URLs of a given domain present without the www prefix, open the domain’s root .htaccess file and add the following chunk of code:

IP Canonicalization -- BEGIN
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} !^cfts\.co$ [NC]
RewriteRule ^(.*)$ https://cfts.co/$1 [R=301,L]
##### IP Canonicalization -- END

Some control panels like ours will just allow you to make the URL or Domain redirects without having to mess with systems files directly.

For strong SEO, IP Canonicalization you should use 301 redirects and become sure that the IP does not get indexed.

This tells Google, Bing, Yahoo! and all other Search engine crawlers that the current page should be treated as though it were a copy of the URL https://cfts.co and that all of the links & contents should technically flow back to said URL and don’t mark the URL https://cfts.co page content as a duplicate.

0 answers626 viewsPosted 1 year agoby peter
Was this helpful?
0

Some useful Links when updating/reinstalling windows

There comes a time when you need you updated or reinstall your OS, here are a few links to make…

There comes a time when you need you updated or reinstall your OS, here are a few links to make your life a little simpler, this is a work in progress and will be updated regularly.

OS and Core Updates Tools  Applications
Media Creation Tool (Windows 10)
Latest Windows N Media Feature Packs
Microsoft .Net Framework
WinDirStat
Sysinternals Utilities
Bitvise SSH Client
Image Resizer
Paint.Net
Notepad ++
Signal
Foxit PDF Reader

Won't some free safe alternatives to the mainstream paid apps

Free Alternative Applications
Libra Office    
0 answers1310 viewsPosted 1 year agoby peter
Was this helpful?
0

How to reset LVE settings in CloudLinux?

You might get into a situation where you have really screwed up your LVE (lightweight Virtual Environment), here is a…

You might get into a situation where you have really screwed up your LVE (lightweight Virtual Environment), here is a quick way to reset them, the best way is to create a new ve.cfg file with the following default content, within an ssh or terminal session with root privileges. 

Backup the original config just in case

mv/etc/container/ve.cfg /etc/container/ve.cfg_back

Make a new config

nano /etc/container/ve.cfg

copy paste (as text only) this into the new config

<lveconfig>
<system>
<ubc enabled="false"></ubc>
</system>
<defaults>
<cpu limit="100"></cpu>
<ncpu limit="1"></ncpu>
<io limit="1024"></io>
<mem limit="0"></mem>
<pmem limit="262144"></pmem>
<nproc limit="100"></nproc>
<other maxentryprocs="20"></other>
</defaults>
</lveconfig>

Save and exit then apply the new config settings using the cmd line below.

lvectl apply all

This is exactly as I have done it works a treat with CloudLinux 7.x, yep I screwed up too.

0 answers1457 viewsPosted 1 year agoby peter
Was this helpful?
0

MDaemon - Configuring Windows Firewall

Windows firewall allows access to ports and applications individually or in combination depending on your requirements. The quick and easiest…

Windows firewall allows access to ports and applications individually or in combination depending on your requirements.

The quick and easiest way is: Under Windows Control Panel, open the Windows Firewall applet, Select the Exceptions tab, Add each of the following executables as per 'Executables as Exceptions' list below, not very fine grained but will do the job.

Assuming a default configuration, the following ports are required (depending on which services you want to make publicly available). All ports are TCP, unless otherwise stated.

Executables as Exceptions Default Location (Version 18) Default MDaemon Ports
AVUpdate.exe
clamd.exe
CFEngine.exe
MDaemon.exe
MDSpamD.exe
WorldClient.exe
WebAdmin.exe
MDUpdater.exe
WCXMPPServer.exe
\MDaemon\SecurityPlus
\MDaemon\SecurityPlus\ClamAVPlugin
\MDaemon\App
\MDaemon\App
\MDaemon\SpamAssassin
\MDaemon\WorldClient
\MDaemon\WebAdmin
\MDaemon\App
\MDaemon\XMPPServer
25
587
336
465
80
443
110
143
995
993
53
1000
444
3000
443
4069
3101
SMTP
MSA
ODMR
SMTP SSL
ActiveSync
ActiveSync SSL
POP3
IMAP
POP3 SSL
IMAP SSL 
DNS
Remote Administration
Remote Administration SSL
WorldClient
WorldClient SSL
Minger UDP
BES

Ports may vary depending on how MDaemon and the firewall are set up, also what functions and features in MDaemon are in use.

Note that various parts of MDaemon interact using sockets to localhost IP addresses if using a software firewall, do not block any traffic to/from 127.0.0.1 this may include SpamAssassin, WorldClient, BES and other features.

Alt-N recommends that the \MDaemon directory be excluded from any/all third-party scanning or monitoring applications.

Some useful links: 

0 answers3424 viewsPosted 1 year agoby peter
Was this helpful?
0

Synchronize time with external NTP server on Windows Server 2008 (R2)

Time synchronization is an important aspect for all computers on the network. By default, the client's computers get their time…

Time synchronization is an important aspect for all computers on the network. By default, the client's computers get their time from a Domain Controller and the Domain Controller gets his time from the domain’s PDC Operation Master. Therefore the PDC must synchronize his time from an external source.

Before you begin, don’t forget to open the default UDP 123 port (in- and outbound) on your (corporate) firewall. I required our time sources between our storage devices, firewall and PDC to be synced, so now all devices get there time synced from the same source

  1. First, locate your PDC Server. Open the command prompt and type:
    netdom /query fsmo
  2. Log in to your PDC Server and open the command prompt.
  3. Stop the W32Time service:
    net stop w32time
  4. Configure the external time sources, type:
    w32tm /config /syncfromflags:manual /manualpeerlist:”0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org”
  5. Make your PDC a reliable time source for the clients. Type:
    w32tm /config /reliable:yes
  6. Start the w32time service:
    net start w32time
  7. The windows time service should begin synchronizing the time. You can check the external NTP servers in the time configuration by typing:
    w32tm /query /configuration
  8. Check the Event Viewer for any errors.

his is what worked for me on our 2008R2 Standard SP1 Server:

Another way for line item 4.
w32tm /config /syncfromflags:manual /manualpeerlist:time.nist.gov /update /reliable:yes

I then did a query using:
w32tm /query /status

Leap Indicator: 0(no warning)
Stratum: 2 (secondary reference – syncd by (S)NTP)
Precision: -6 (15.625ms per tick)
Root Delay: 0.3060097s
Root Dispersion: 7.7757678s
ReferenceId: 0x808A8DAC (source IP: 128.138.141.172)
Last Successful Sync Time: 12/22/2012 9:44:22 PM
Source: time.nist.gov
Poll Interval: 6 (64s)

0 answers68612 viewsPosted 1 year agoby peter
Was this helpful?
3

Backing up the website

So you’ve finally sorted out that website for your business. You’ve chosen the perfect domain name, created (or hired someone…

So you’ve finally sorted out that website for your business. You’ve chosen the perfect domain name, created (or hired someone else to create) the perfect design and now it's online and ready for customers. A lot of work has gone into it and you have it all backed up just in case something should go wrong…don't you?

Backing up your website regularly is incredibly important. For a start, think of all the time, planning and money that went into getting it online in the first place. Every image was chosen for a reason, hours of thought and effort went into every passage of text. Not to mention the stressful task of planning, designing and re-designing your layout over and over again. How much would it cost you to do that all over again? Can you even remember exactly where and how everything was? Chances are you can’t, particularly if your site has been up and running for a while.

There are numerous reasons why your site should be backed up regularly, and preferably in more than one location. All of these reasons are different but all could cause equal devastation to your website, your business and your revenue. Here are just a couple of the most common occurrences which could be disastrous without a backup.

It’s all too easy to accidentally hit delete, particularly when more than one person has access to your control panel. Can you imagine clicking the wrong button and inadvertently deleting your entire site? Your content, contacts, orders…all gone. Rebuilding it all would be a nightmare, very expensive and damaging to your reputation if and when orders are not fulfilled.
In this day and age, website content tends to be updated quite regularly. Keeping your backups up to date will make this process a lot easier and ensure that you can restore the most recent version of the site with minimal disruption. If, for example, your site contains a forum or discussion board, your members won’t be too pleased after some planned updates that all of their posts, photos etc are gone. Another potentially catastrophic event.
Basically, what it comes down to is that you and your business are risking a lot by not backing up your site. Think again about how much time, effort and money would be involved in rebuilding everything from scratch. It’s almost certainly a lot easier and cheaper to back it up.

The next question is how? Luckily, as well as being incredibly important, creating a backup is incredibly easy. All you need to do is access your control panel, enable backups and select the most appropriate option. Simple!

If you’re still unsure about why or how to back up your website, give us a call on 0414-533784 and we will be more than willing to help you out.

0 answers1495 viewsPosted 1 year agoby peter
Was this helpful?
0

How to force a dedicated SSL using the .htaccess file

Sometimes it's necessary to make sure your website’s visitors use the SSL/TLS encrypted connection. If you’re not familiar with SSL/TLS…

Sometimes it's necessary to make sure your website’s visitors use the SSL/TLS encrypted connection. If you’re not familiar with SSL/TLS and would like to know more please review our article “What is SSL and Why is it important?”

Forcing visitors to use SSL/TLS can be accomplished through your .htaccess file using mod_rewrite and will invoke HTTPS (HTTP Secure) protocol.

Important:If you have existing code in your .htacess, add this above where there are already rules with a similar starting prefix.

1) To force all web traffic to use HTTPS insert the following lines of code in the .htaccess file in your website’s root folder.
RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
Be sure to replace www.yourdomain.com with your actual domain name.

2) To force a specific domain to use HTTPS, use the following lines of code in the .htaccess file in your website's root folder:
RewriteEngine On 
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
Make sure to replace example\.com with the domain name you're trying force to https. Additionally, you need to replace www.yourdomain.com with your actual domain name.

3) If you want to force SSL on a specific folder you can insert the code below into a .htaccess file placed in that specific folder:
RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteCond %{REQUEST_URI} folder 
RewriteRule ^(.*)$ https://www.yourdomain.com/folder/$1 [R,L]

Make sure you change the folder reference to the actual folder name. Then be sure to replace www.yourdomain.com/folder with your actual domain name and folder you want to force the SSL on.

When preparing for SSL, ensure that your site does not use absolute paths. For example, if you call an image called 'logo_full_animation.gif', then it should just be called with a relative path. This means in your code, you just have to place the part of the path from where the calling file is. If the image is in a folder named images, and your page is in the primary folder, then you only have to place '/images/site/company_logo/gif/logo_full_animation.gif' as opposed to 'http://cfts.co/images/site/company_logo/gif/logo_full_animation.gif'. You can use http://whynopadlock.com. to test and check that your site has installed and is using the SSL/TSL certificates correctly.
0 answers1708 viewsPosted 1 year agoby peter
Was this helpful?
0

How do I block emails from J.P. Monfort - the infamous king of spam!

CFTS unwittingly opened our door to JP Monfort, our bad and been paying the price ever since, OK so you…

CFTS unwittingly opened our door to JP Monfort, our bad and been paying the price ever since, OK so you want to know how to get rid of him, he even using our information without our consent even after telling him to stop, if there was ever a doubt about his illegitimacy this confirmed it.

However, if you have your own email setup on-premise or otherwise then this may be for you, expression filters are a good additional way to control the really hard to block spam.

We finally managed to block 'Mr. Spam King' completely by using 'expression filters' most enterprise spam engines allow expression files, we use ORF by vamsoft for our exchange servers and frankly the software and the support we get has been flawless, for those that manage their own spam control, this expression filter should work, makes sure it scans both subject and body, alter to suit your specific needs:

.*\bJPMonfort\b|.*\bMonfort\b|.*\bPozuelo-Monfort\b|.*/bJ.P.Monfort/b

known domains to block/filter are:

jpmonfort.int
presidentialnarrative.info
worldintegration.int
backcover.info
lettertoprotagonists.info

Spam King keeps on changing his tactics so you need to keep an eye on things but so far we've not had a successful incursion since we implemented this in 2016

Other information

  1. http://uploads.maltatoday.com.mt/news/national/87635/hit_by_the_spanish_king_of_spam_in_the_week_of_gdpr#.W5EduUYza-Y
  2. https://www.reddit.com/r/Scams/comments/dmhmez/what_the_heck_is_behind_j_p_montfort_the_king_of/
  3. https://www.maltatoday.com.mt/news/national/87635/hit_by_the_spanish_king_of_spam_in_the_week_of_gdpr

Jaime Pozuelo-Monfort brags that he has been able to flood the mailboxes of almost 12 million professionals, by his own account.

One thing most people don't realize is that 99% of what we call "spam" is really a crime or at the very least attempted crime. Many of the spams are setting the victim up for a planned future crime. There are 80 criteria that can classify it as a criminal activity.

Today's "Privacy" climate, and all the various activities now in motion to preserve and protect people and business anonymity is actually aiding cybercriminals and helping them be more successful at avoiding detection and getting caught.

The question is still out there if this guy really is a scammer or just massively unbalanced.

0 answers3790 viewsPosted 3 years agoby peter2cfu
Was this helpful?
3