Topics created by PhlipElder

@scottalanmiller said in Need: How-To Step-by-Step for Multiple WordPress sites on Ubuntu 20/22 LEMP:

@PhlipElder said in Need: How-To Step-by-Step for Multiple WordPress sites on Ubuntu 20/22 LEMP:

@PhlipElder said in Need: How-To Step-by-Step for Multiple WordPress sites on Ubuntu 20/22 LEMP:

Wow, talk about documentation fragmentation. 😞

We've installed Ubuntu 22 a number of times reaching various points towards the goal of hosting multiple WordPress sites in a single Ubuntu v22.04 (as of this writing) using one MariaDB instance with multiple databases set up within.

NGINX is set up and the server blocks are in place.

This last go-around we managed to get three sites up and running without issue. Once the fourth went in all of a sudden the server would only serve one of the sites no matter what URL was being requested.

Certificates are being handled by RapidSSL as a personal preference. We've not had any issues there.

Please and thanks.

And, crash and burn again. :0(

As soon as I install the second site the server only pushes the last one set up. sigh

I bet it is a matter of being in alphabetical order. That causes a lot of "mystery" issues in this kind of setup.

e41cb55e-8ce3-44bc-9655-be3ad311d3f1-image.png

I fat fingered it. The ">" at the end of the domain for server_name is what did it.

Since all of the setup files were copy and paste, whenever that got introduced it carried onwards.

Because of the wiring in my head when it happened the first time I didn't see it. So, I flattened everything and started fresh. When it happened the second time I took the time to look at the original reference server block because it was seemingly obvious that I'd done something.

@DustinB3403 said in Data Breach: PDL "Enrichment" Company 1.2B Peeps Impacted ... yeah, BILLION:

<s> To be fair, setting up SSL and a login name and password does take extra effort. . give the poor sod a break </s>

Yeah and they weren't even bothered to whitelist IPs.

They should have SSL and strict whitelist preferably to a VPN IP that requires authentication.

Already in WSUS too

@Pete-S said in SmarterASP.Net - Ransomware Encrypted:

@PhlipElder said in SmarterASP.Net - Ransomware Encrypted:

Those in it for the money are after the low hanging fruit. The easy cool seven figure hit.

Yes, but the lowest hanging fruit has already been picked. Ransomware before 2017 was directed to consumers. Nowadays it's enterprises, government, health care etc that are attacked. What used to be the work of hobbyists have now turned into organized crime for the pros.

There is even RaaS, ransomware as a service. Sophisticated ransomware is developed and then sold as a service to criminals that pay with a percentage of the income. A win-win situation so to speak...

At this point we might as well just throw in the towel eh? 😛

15e84ef1-d057-4aa7-936c-0514976f7866-image.png

Credit: https://www.malware-traffic-analysis.net

User training. Patching ... and ?

@JaredBusch said in ConnectWise Zero Day?:

Bad documentation and stupid users.

ScreenConnect has never needed more than ports 8040 and 8041 opened.

The article is talking about ConnectWise Automate

East DC was less affected by this. The West DC had way more issues.

@Emad-R said in AWS Catastrophic Data Loss:

@PhlipElder

YES YES YES SCREW AWS, they have this big marketing scheme for CEOs that force us to work for those CEOs that believe everything is better in AWS, and the server wont work properly unless its AWS, then when the bill comes we have to explain to them that we can never calculate the cost accurately cause it is Amazon AWS, and they charge for IOPS, and there is no way I can calculate that shit, its meant to be bill sinkhole for to pay bezos divorce settlement .

The Great Firewall of Cloud Marketing has done a great job of suppressing the billing shock that cloud brings with it. It's also been great at suppressing the movement back on-premises where costs are fairly well established.

We have a client we work with that has a handsome cloud credit every month well into five figures. They did some testing for their application work in-cloud to see how it would work. They burned through that five figure credit in a matter of a few days much to their surprise. They put their workload into that cloud, get it up and running, and then the following year that credit disappears. So, they get a billing spike on top of the six figure count it would cost them to run entirely all-in. We have a high performance all-flash hyper-converged solution set just for them. 🙂

Sounds like this is a case where beyond some disruption, having a split backup strategy would have made the difference. It's becoming more and more a standard strategy to have an online (to the cloud) backup done using one tool, but a local backup done using another so that there are ways to recover if a backup strategy is compromised.

But it also shows that these weren't air gapped backups but were able to be compromised alone with the live data. How does someone like PerCSoft not have tape backup, virtual tape, or other WORM mechanism to protect all of that health data?

That it was hit with ransomware also means that there was a HIPAA compromise that needs to be disclosed because a third party got access to every bit of customer data! All of those dentists are stuck contacting all of their customers to let them know that someone got access to the data.

This reminded me of a tweet I seennot so long ago:
https://twitter.com/MarkWilkinsonNZ/status/1155931194925522944?s=19

It leads to here: https://adamtheautomator.com/pending-reboot-registry-windows/

@Obsolesce said in Not Using Huawei:

Because there is a difference between someone spying on YOU as an individual or YOU as a company, versus anonymous telemetrics, versus automated data processing for "personal assistance".

Right, and it is the worst of the worst that people have overlooked. So if they are overlooking the absolute worst (non-anonymous, personal AND company, stealing banking data) then anything less is... well, less. And it's the worst of the worst that is totally excused, even in this community people will make outrageous claims to actively try to cover up the absolute worst behaviour that has been proven, reported globally in real media, and we have first hand witnesses to. If IT pros are to go that far, then of course casual observers who don't understand any of it just ignore it.

@dafyre said in Bad one: SonicWALL Remote Management Vulnerability:

PFSense has a newer fork now as well, known as OPNSense (https://opnsense.org/)

More modern UI and such, decent packages available if you need extra stuff, but as far as routing and a firewall, it's pretty excellent!

Both have a third party UTM add on option, too.

I concur. We're not putting much effort into our on-premises solution sets as the user there is the low hanging fruit and primary attack vector anyway.

For our hosting solutions though, what a PITA.

We coach our hosting contractors on locking down RDS to help mitigate any PEBKAC issues (ID10T types). And for the most part, they've been very successful as we have many examples of the "steel toed boots" preventing the bullet to the foot so to speak. 😉

@scottalanmiller said in Payroll Provider gets Encrypted & Pays Ransom:

@JaredBusch said in Payroll Provider gets Encrypted & Pays Ransom:

@scottalanmiller's recent example clearly shows that. I would be interested to know how many man hours @NTG sunk into restoring that. And it was a small typical SMB office. Not a huge SaaS provider.

Not done yet. But ~28 to mostly recovered.

I"ve seen everything from 1 billable hour of labor (kicking off Veeam restore of 4 VM's and coming back when it was done) to 200 hours (rebuild from scratch, and recovered core ERP database from a developer clone on someone's laptop).

Different scenarios will use this differently. In places where the batteries get run all the way down regularly, Lithium Ion are likely to hold up really well, the same places that kill Lead Acids. but places that basically never have that happen, I bet that they wear out quickly.