Highest Voted Questions - Server Fault Stack Exchange

74

votes

3 answers

Block range of IP Addresses

I am getting bombarded with attempted hacks from China all with similar IPs. How would I block the IP range with something like 116.10.191.* etc. I am running Ubuntu Server 13.10. The current line I am using is: sudo /sbin/iptables -A INPUT -s…

asked Apr 29 '14 at 16:15

Stephen Cioffi

857

74

votes

8 answers

Is STARTTLS less safe than TLS/SSL?

In Thunderbird (and I assume in many other clients, too) I have the option to choose between "SSL/TLS" and "STARTTLS". As far as I understand it, "STARTTLS" means in simple words "encrypt if both ends support TLS, otherwise don't encrypt the…

asked Jul 16 '13 at 19:07

Foo Bar

889

74

votes

3 answers

What is the difference between /sbin/nologin and /bin/false?

I have often heard it recommended that a user account should be disabled by setting its shell to /bin/false. But, on my existing Linux systems, I see that a great number of existing accounts (all of them service accounts) have a shell of…

asked Jun 28 '13 at 04:58

Michael Hampton

247,473

74

votes

2 answers

How to combine various certificates into single .pem

I've just finished reading over this great thread explaining the different SSL formats. Now I'm essentially looking for the opposite of How to split a PEM file There's 4 files I want to consolidate, originally created for Apache, I'm looking at…

asked Feb 07 '13 at 20:00

quickshiftin

2,185

74

votes

2 answers

Must CSRs be generated on the server that will host the SSL certificate?

Is it necessary to generate the CSR (Certificate Signing Request) on the same machine that will host my web application and SSL certificate? This page on SSL Shopper says so, but I'm not sure if that's true, because it would mean I'd have to buy a…

asked Jan 22 '13 at 07:31

Mike M. Lin

921

74

votes

2 answers

How should an IT department choose a standard Linux distribution?

There is a lot of community feeling about what Linux distributions are appropriate for production server environments and which aren't, however, a lot of this feeling seems religiously based, and seldom presented with supporting evidence. Assuming…

asked Dec 27 '12 at 21:05

wfaulk

6,958
7
46
76

74

votes

3 answers

What is the difference between unlink and rm?

Is unlink any faster than rm?

asked Jul 10 '09 at 08:49

Marcin

843

74

votes

6 answers

How to redirect domain A to domain B using A-Records and CNAME records only

I have 2 domains hosted with different hosts. I need to redirect Domain A to Domain B. Unfortunately I can't do a 301 redirect from Host A, but can only modify/add DNS entries (A-Records and CNAMEs) at Host A. Surely it is possible to redirect…

asked May 03 '12 at 23:25

Prembo

927

74

votes

4 answers

How to PREPEND rules rather than APPEND using iptables?

Pretty basic question: how to PREPEND rules on IPTABLES rather than to APPEND? I have DROP statements at the bottom of my rules. I have a software to add new rules but adding rules after DROP statements isn't good. Every time I want to add a new…

asked Mar 29 '12 at 19:23

ale

933

74

votes

11 answers

Why is SSH password authentication a security risk?

Most guides for OpenSSH configuration advise to disable password authentication in favor of key-based authentication. But in my opinion password authentication has a significant advantage: an ability to connect from absolutely anywhere without a…

asked Nov 24 '11 at 12:12

Septagram

937

74

votes

9 answers

How passively monitor for tcp packet loss? (Linux)

How can I passively monitor the packet loss on TCP connections to/from my machine? Basically, I'd like a tool that sits in the background and watches TCP ack/nak/re-transmits to generate a report on which peer IP addresses "seem" to be experiencing…

asked Oct 05 '11 at 23:55

nonot1

1,109

74

votes

9 answers

Is there a way to avoid SSH typing delay?

Can I tell SSH to send the data only after pressing enter or tab, and not after each individual keypress?

ssh

asked Aug 18 '11 at 11:41

StackedCrooked

1,165

74

votes

7 answers

How to read in N random characters from /dev/urandom?

read /dev/urandom 3 The above is not working..How can I read random bytes from /dev/urandom in bash?

asked Jun 23 '11 at 05:34

linux

1,263
4
13
15

74

votes

16 answers

Why Block Port 22 Outbound?

I'm a programmer, and I have worked for a few clients whose networks block outgoing connections on port 22. Considering that programmers often need to use port 22 for ssh, this seems like a counterproductive procedure. At best, it forces the…

asked Jun 14 '09 at 17:08

runako

841

74

votes

3 answers

IPTables only allow localhost access

I have struggled throughout the years to get a solid understanding on iptables. Any time I try and read through the man pages my eyes start to glaze over. I have a service that I only want to allow the localhost to have access to. What terms (or…

iptables

asked Mar 14 '11 at 14:37

iptablessuck

743

Most Popular