WordPress Security Tips

What is WordPress?

WordPress is a free and open-source web creation platform. It is written in PHP and paired with an MYSQL and MariaDB database. It has a template system and a plugin architecture, which is referred to within WordPress themes.

WordPress is an excellent website platform for numerous websites. WordPress is a versatile content management system (CMS) from blogging to e-commerce to business and portfolio websites. They are designed with usability and flexibility. It is an excellent solution for small as well as large websites.

A WordPress website uses WordPress as its content management system (CMS). WordPress powers both the frontend (the visible part of the website that your visitors see on the web) and backend of the website (the interface where a user logs in to make changes or add new content)

Types of websites that you can build with WordPress

Blogs

It is a particular type of website used for sharing thoughts, reviews, photos, tutorials, recipes, and much more. Blogs usually display the most recently published content first.

E-commerce website

An e-commerce website allows for selling goods or services online and collecting payment via an online payment system; for this, you can install a WordPress e-commerce plugin. This plugin extends the default functionality of WordPress so you can have an online store on your website.

Business website

Online presence in the form of a website will benefit the business in this digital world. WordPress is an excellent option If your business needs a website for customers and you want them to learn about your company and what you have to offer. Customers can contact you and ask for a quote, schedule an appointment, and much more.

Membership website

To put content behind a paywall or an account login membership website is the most authentic option. Users must have to log in or pay for the content to access the pages or post on them. With additional plugins, WordPress can also handle membership websites.

Portfolio website

With a portfolio website built on WordPress, you can show off your artwork, design skills, and much more.

Forum website

A forum website can be a helpful place for users who wants to ask a question or wants to share a piece of advice. Either you believe it or not, top forum websites are running on WordPress.

Event website

Want to host an event? WordPress makes it much easy for you to share all your event details and sell tickets through it.

E-learning website

Most convenient type of website for students, as they can take online classes or courses, download resources, track their progress, and many more from this kind of website. WordPress LMS is a special kind of plugin, and you can offer many online courses.

Wedding website

Want to share the details of your most memorable day? With this built on WordPress, you can share your details. You can get a website very quickly and easily with an array of WordPress wedding themes.

When it comes to the customization of a WordPress website, these possibilities are endless. WordPress themes and plugins are used to add new design options, and they are added through functionality. For free themes and plugins, you can check out WordPress.org.

Difference Between WordPress.com & WordPress.org

If you’re just getting attached to WordPress, there are a few things to be under consideration about WordPress. Initially, you’ll need to know what is the difference between WordPress.com vs. WordPress.org.

If you are a new WordPress user, then the difference between WordPress.com and WordPress.org can be a little bit confusing. Hosted and self-hosted websites are the significant difference between WordPress.org WordPress.com; selection between them majorly depends on the level of control a user wants to manage their website and over the design.

Hosted and Self Hosted Sites

Suppose the user has full access to all the site files, code and can deploy them in the way the user wants to, then it is a self-hosting site. These sites have their domain name and are hosted by several web hosting providers. They make server space available for self-hosted sites of all types. Owners of self-hosted sites have the freedom to make any changes to the site files to customize the website and add required functions.

A hosted site uses web space provided by a hosting company and a full-service solution for those who want to publish their website quickly and without dealing with design, site maintenance, or any other major technical issues. WordPress a hosted platform that runs on the popular WordPress software.

WordPress.com

WordPress.com is known as the hosted version of WordPress, or you can say that it provides all the tools of WordPress sites and take care of all the ongoing management of the site. Without much coding expertise, it gives users a WordPress platform for getting a site up. Users need to signup for the free account, pick a theme they like, and start publishing.Wordpress.com offers multiple plans that start with basic free accounts. For adding more like custom themes, you can move towards paid plans. Paid Plans include three categories Personal, Premium, Business. These plans allow you to customize your websites the way you want to, but each plan also has its limitations.
With much ease and convenience, wordpress.com has some drawbacks also. As the user upgrades the paid plan, it includes the custom domain name. So wordpress.com always has a site extension wordpress.com in the site name.

WordPress.org

WordPress.org is known as self-hosted WordPress or the home of WordPress software files; these files are the collection of templates that are in the PHP programming language and can be modified by any user. With its vast collection of customizable templates and plugins for added functionality and a visual text editor. Beginners and experienced designers can use WordPress.

WordPress Features

WordPress is a website building platform and Customer Management System; it boasts an impressive feature set. Here are just a few features. SEO – Search Engine Optimization (SEO) is essential for website ranking. It begins at a technical level and delivers an excellent code base for SEO. It allows your website’s content to be found through standard search engines like Google, Bing, Yahoo.

Speed

WordPress is a very lean website framework as it is constantly striving to remove code that slows down the loading speed.

Mobile-friendly

Mostly, WordPress themes are now mobile-friendly and much responsive.

Media file library

In WordPress, there is a built-in media library. You can upload media files such as videos or images into your site pages or posts. Even you can perform edits to your images.

Easy user interface

WordPress is elementary and convenient to use with having simple settings. If you can understand the use of a WordPress processor, you can easily use WordPress. WordPress also focuses on accessibility and convenience.

Custom menus

WordPress makes it convenient to create navigation menus with different links to your pages or custom links.

Built-in blog

You can add a blog to your website, and with WordPress, it much simple, the same as publishing posts.

The WordPress block editor

WordPress 5.0 introduced the new Block Editor. With this editor, you can design and arrange your content with a more flexible “drag and drop” approach.

Basics of WordPress Security

Why is WordPress security important?

A hacked WordPress site can cause significant damage to your business reputation and revenue. Hackers steal user information and passwords, and even they can install malicious software and distribute malware.

Worst, you may be paying ransomware to hackers to regain access to your website. If your site is related to business, you need to spend much extra attention on your WordPress security.

Like how it’s the business owners’ responsibility to protect their physical store building, it is your responsibility to protect your business website as an online business owner.

Keep WordPress Updated

WordPress is open-source software that is regularly maintained and updated. By default, automatically minor updates are installed in WordPress. You need to initiate the update manually for the major release.

WordPress comes with numerous plugins and themes, and you can install these plugins on the website. Third-party developers maintain these themes and plugins, and they regularly release updates. These updates are crucial for the security and stability of the WordPress site. It would be helpful if you made sure that either your WordPress core, plugins, and theme are up to date or not.

Strong Password and User Permission

The most common WordPress hacking attempts mostly use stolen passwords. You can make that much difficult by using stronger passwords that are unique to the website. The WordPress admin area and FTP accounts, database, WordPress account, and custom email address use the site’s domain name.

Many beginners don’t like using strong passwords as they are hard to memorize. The best thing is that there is no need to remember passwords. You can use a password manager. You can reduce the risk by not giving your WordPress admin account access to anyone unless there is a significant need.

If you have a large team and guest authors, then make sure that you must understand the roles of users and their capabilities in WordPress before you add new user accounts and authors to your WordPress site.

WordPress Hosting Roles

Your WordPress hosting service plays the most crucial role in the security of your WordPress site. A well-shared hosting seimaxim.com takes extra measures to protect its servers against threats on your site.

Here is how an exceptional web hosting company works in the back to protect your websites and secure your data.

  • Continuously monitor their network for any suspicious activities.
  • All good hosting companies have tools that help to prevent DDOS attacks.
  • To stop hackers from exploiting a known security vulnerability in an old version, and server software, PHP versions, and hardware are always up to date.
  • These companies are ready to deploy disaster recovery and plans, allowing them to protect your data from insignificant attacks and accidents.
  • On a shared hosting plan, you do share the server resources with other customers.
  • Shared hosting opens the risk of cross-site contamination. With this, hackers can use a neighbor’s site to attack a website.
  • To get more secure platforms for your website, managed WordPress Hosting service is the best option. Managed WordPress companies offer automatic WordPress updates, automatic backups, and more advanced security configurations to protect your websites.

WordPress Security in Easy Steps (Without any Coding)

As we know that improving WordPress security can be much terrifying thought for beginners. Especially if you’re not a techie. Here we will show how you can improve your WordPress security with no coding.

Install WordPress Backup

Backups are the first defense against WordPress attacks. Nothing is fully secure.
Backups allow you to restore your WordPress site before something bad happens.

There are WordPress Backup Plugins (free and paid) that can be used. The most important thing you must know about backups is that you save full-site backups regularly but not in your hosting account. Storing data on a cloud service like Dropbox or private clouds like Stash is much better.

WordPress Security Plugins

After backups, the next important thing needs to do is to set up a monitoring system. The monitoring system will keep track of everything on your site. This includes failed login attempts, file integrity monitoring, malware scanning, and much more. This plugin is powerful; browse through all the tabs settings to view all that it does, such as Audit logs, Malware scanning, Failed Login Attempts, etc.

Enable Web Application Firewall

The easiest method to protect your website and be confident about WordPress security is using a web application firewall. A website firewall blocks malicious traffic before it even reaches the website.

DNS Level Website Firewall

These firewalls route the website traffic through cloud proxy servers. This cloud proxy server allows sending genuine traffic to the webserver.
Application Level Firewall: These firewall plugins analyze the traffic once it reaches the server but before loading WordPress scripts. This method is not much efficient as the DNS level firewall is in reducing the server load.

Move Your WordPress to SSL

SSL encrypts the data transfer between a website and a user’s browser. This encryption makes it much harder for someone to steal any information.

Once SSL got enabled, your website will use HTTPS instead of HTTP, and in the browser, you will see a padlock sign next to the website address.
It is easier to start using SSL for all WordPress websites as many hosting companies offer free SSL certificates. If your hosting company does not offer it, then you can purchase from Seimaxim.com.

Change the default admin name

In the past, the default WordPress admin username was “admin.” this made it easier for hackers to make brute-force attacks. WordPress has changed this and now requires you to select a username of your own while installing WordPress.

Methods to change the User name

  • Delete the old one and create a new user admin name.
  • Username Changer plugin can be used
  • Update username from phpMyAdmin

Disable File Editing

WordPress has a built-in code editor and allows editing theme and plugin files right from the WordPress admin area. If it is not in the right hand, this feature can be a security risk, so we recommend turning it off.

Disable PHP File Execution

Disabling PHP file execution in directories is another way to harden your WordPress security where it’s not needed, such as /wp-content/uploads/. You only need to open a text editor and paste the following code

deny from all

You have to save this file as .htaccess, upload it to /wp-content/uploads/ folders on your website, and use an FTP Client.

Use Limit Login Attempts

By default, WordPress allows users to log in multiple times and cause your WordPress site to be vulnerable to brute force attacks. With different combinations, hackers can crack the passwords.

Somebody can quickly fix WordPress by limiting the failed login attempts. If you’re using the web application firewall mentioned earlier, it automatically takes care of all these issues.

Add Two Factor Authentication

For Two Factor Authentication, users need to log in by using two-step authentication steps. The first one is the setup username and password, and the second step requires you to authenticate using a separate device or app.

Most top online websites like Google, Twitter, Facebook allow you to enable your accounts, and you can add these functionalities to your WordPress site.
First, install and activate the Two Factor Authentication plugin. Upon activation, you have to click on the ‘Two Factor Auth’ link present in the admin sidebar.

Next, you have to open an authenticator app on your phone. There are numerous apps that you can install, like Google Authenticator, LastPass Authenticator, and Authy.LastPass Authenticator or Authy allows you to back up your accounts to the cloud. This is very helpful if your phone is reset, lost, or you purchase a new phone. Somebody will very quickly restore all accounts

You will get the option that if you like to scan the bar code or scan a site manually. You need to select the scan bar code option and then point your phone’s camera on the QRcode on the plugin’s Settings page. Your authentication app will save it. Next time you only have to log in to the website. You have to provide the two-factor auth code after entering your password.

WordPress Database Prefix Needs to be Changed

In your WordPress DataBase, wp_ is used as the prefix for all tables. If the WordPress website site uses the database prefix set by default, hackers can easily guess the table name. This is the reason we recommend it.

Note: This can break your site if it’s not done correctly. Only proceed if you feel comfortable with your coding skills.

Password Protects the WordPress and Login Pages

Usually, without any restrictions, hackers request your wp-admin folder and login page. This allows hackers to attempt hacking tricks or can run DDoS attacks.
You have to add additional password protection on a server-side level. This protection will block all requests.

Disable Directory Indexing Browsing

Hackers can use the directory to find any vulnerabilities to take advantage of these files to get access. People can use directory browsing to look into your files, copy images, find out your directory structure, and additional information. That’s why it is highly recommended to turn off directory indexing. You have to connect website using cPanel’s file manager or FTP. Then locate the .htaccess file in the website’s root directory.

Then you have to add the following line at the end of the .htaccess file:
Options –Indexes

Need To Disable XML-RPC in WordPress

XML-RPC was by default enabled in WordPress 3.5 because it helps to connect your WordPress site with web and mobile apps. Because of its robust nature, XML-RPC can significantly amplify brute-force attacks.

Let’s have an example that traditionally, if a hacker wants to try 100 different passwords on your website, they would have to make 100 different login attempts which will be blocked by the login lockdown plugin.

But with XML-RPC, hackers can use the system. multicall function and can try thousands of passwords with minimum requests. This is why if you don’t need XML-RPC, then it is better to disable it.

Automatically Logged out Idle Users in WordPress

Logged-in users sometimes wander away from the screen, and this is the reason that causes a security risk. Someone changes passwords or can make changes to the account.
That’s the reason many banking and financial sites automatically log out. You can implement the same functionality on your site.
You should activate the plugin named Inactive Logout.

Must Add Security Question

Add security question to WordPress login screen; it will make more challenging to make unauthorized access. Add security questions with the installation of the WP Security Questions plugin. With activation, you have to visit the Settings » Security Questions page to configure the plugin settings.

Scan WordPress for Vulnerabilities and Malware

If the WordPress security plugin is installed, then those plugins will check malware and signs of security breaches daily. If you have a sudden drop in your website traffic or search rankings, you may want to run a scan manually. You can use the WordPress security plugin or use Malware and Security Scanners. Running these online scans is relatively straightforward enter your website URLs; their crawlers will go through your website to look for malware and any malicious code.

Remember that most WordPress security scanners can only scan your website but cannot remove any malware or clean a hacked WordPress site.

Fix a Hacked WordPress Site

  • Most WordPress users don’t realize the importance of backups and website security until their website gets hacked.
  • Cleaning up a WordPress site is difficult. Let a professional take care of it.
  • Hackers install a backdoor on affected sites, and if backdoors are not fixed correctly, the website will get hacked again.
  • Allow a professional security company like seimaxim.com to fix your website and to ensure that your site is safe to use again and also protects against any future attacks.

PHP Vs Python – Comparison between both Languages

php, python, code, programming, automatic, development

Scripting Languages

Scripting languages are becoming progressively popular in web application programming in the last few years. Now in this article trying to compare popular languages nowadays: PHP and Python. The languages will be compared regarding history, evolution, popularity, syntax, features, security, and enactment in web application locations. A final thought will Conclude and recommends a language that looks most capable for programing.

Developing a popular website or an application starts with a selection of reliable programming languages. There are so many programming languages like c++, Java, Python, JavaScript, PHP, Ruby, dart, etc. Every language has its pros and cons—programming languages based on your requirements and area of work. Developing front-end and backend frameworks needs different languages as not a single language can perform both tasks simultaneously.

We have to see many things before starting a project, the nature of the language which the programmer will choose, and many other factors before developing any program. Programmers have their preferences, opinions, liking, and disliking, and they have favorite tools and areas for software development. Beginners and many inexperienced face trouble while choosing a programming language to get started.

Backend development is one of the most desirable skills today. Almost every new startup needs a website and a mobile application that links them to a backend server. Therefore, backend developers are high in request, and companies are ready to give a massive amount of cash to developers who can manage the backend in a good way. Several programming languages that are being used for backend development are evolving in today’s modern world.

There are masses of great languages to learn and work on. This article will narrow down the differences between two of the best: PHP vs. Python. Which one is best for your application and web development? Also, which is one will give the best development time and other results?

History of PHP & Python languages

Python

Python high-level object-oriented programming language. It has built-in data structures, combined with dynamic typing & binding, making it an ideal choice for swift application development. Python also suggestions maintenance for modules and correspondences, which allows system modularity and code re-claim. It is one of the firmest programming languages as it requires very few lines of code.

Its stress is on readability and easiness, which make it an excellent choice for trainees. Python is one of the most widespread choices of backend programming. It is relatively new as compared to PHP and has enormous library support. It was established by Guido van Rossum and released in 1991. With the development in various versions and agitations, Python 2,3 with the new Python 3.9.2, released in 2021.

PHP

PHP stands for Hypertext Pre-processor. Hypertext Preprocessor, an open-source basis scripting language, is used widely for server-side web development. It is a server-side scripting language. It is used for developing a dynamic website. PHP can easily work in all major web servers and in all major operating systems. PHP is a widely-used and resourceful option to members such as Microsoft’s ASP. Non-technical users can quickly learn to make their web pages manageable and more useful.

PHP was created in 1994 by Rasmus Lerdorf, a Danish-Canadian programmer. PHP was named Personal Home Page originally. He released the first PHP version in June 1995. Since then, many developments have been made for the subsequent PHP versions, and we have PHP 8 as the latest PHP version that was released in 2020. PHP project’s mascot is a blue “elePHPant” (elephant). A PHP code is administered over a web server using a PHP translator applied in a daemon, module, or an executable CGI. This analysis and execution of PHP code can be data of any type.

Silent features of both languages

Features of Python

The main features of Python are:
  • Free and open-source: Python is officially available on its website to download for free. We can also use its openly available source code and change according to wants.
  • Accessible to code: This high-level Language is easier to learn than other languages, including Java, JavaScript, C++, etc. It’s also creator-friendly and uses less complex syntax with plain English and mathematics. Coding becomes easy with Python; that’s why many developers prefer it.
  • Interpreted Language: Python codes are performed line-by-line, one at a time similar to Java, C++, and C. Therefore, code assembling is excessive, creating debugging easier and saves time.
  • Portable: codes are portable. If you have Python codes for Windows OS, and if you want to use them on operating systems like Mac, Linux, or UNIX, it can be run efficiently without changing the codes.
  • Dynamically-typed: A variable type is particular during run time instead of at the start. You don’t need to identify the variable type like char, long, double, etc. It cuts lines of code and makes the programming simpler.
  • Easy to learn, read and keep
  • It can be used on several hardware stages & using a similar interface.
  • Python offers the ultimate configuration and support for large programs.
  • Python offers support for programmed junk collection.
  • It supports the shared mode of testing and debugging.
  • It offers high-level dynamic data types which support active checking.
  • It can be integrated with Java, C, and C++ programming code.

Features of PHP

  • Open source: PHP is open source and available for downloading and use it. This enables developers globally to inspect codes and contribute to coding and bug fixing. Easy Usage: It is simple and easy to use; that’s why developers prefer this programming language. Its syntax is moderately similar to that of C language, with a well-planned and logical structure. It’s also easy to learn PHP as compared to many scripting languages.
  • Database support: PHP supports many databases, comprising MySQL, Oracle, PostgreSQL, etc., along with database integration. Compatibility: It can run on nearly every operating system, including Windows, Mac, Linux, and UNIX. Run across electric devices such as computers, laptops, tablets, and mobiles. Besides, PHP is friendly with various servers such as IIS, Apache, and more.
  • Flexible: PHP offers better flexibility and embedding abilities. It can easily be combined with JavaScript, HTML, XML, etc.
  • Real-time monitoring: It offers recent logging details of a user. You can get CPU and memory usage data as well.
  • Object-oriented features: The object-oriented features in PHP adds to its speed and offer extra features. It also provides magic constants, common terminologies, PDO class, supports cookies, and much more.
  • Database Integration Maintain many databases, such as Oracle, MySQL, etc.
  • It is easy to use compared to other scripting languages.
  • It is faster than an alternative scripting language.
  • Open source means you don’t want to pay for using PHP; you can easily download and use it.
  • PHP has some predefined mistakes reporting sums to generate an error notice or warning.
  • PHP offers access logging by creating a summary of recent accesses of the user.

Advantages of Using Python & PHP

  • Easy to Read, Write and Learn: Python, a high-level programming language that has an English-like syntax. This makes it easy to read the code and understand it. Python is easy to pick up and learn; that’s why Python is recommended to beginners. Need small code to perform the same as compared to other languages.
  • Improvement in Productivity: Python is a productive Language. Because of its simplicity, developers can easily focus on the solution of the problem. In less time, developers can understand the syntax and behavior of the language.
  • Execute code line by line: Python line by line executes the code, which shows that it is interpreted language. If there is any error, further execution stops and reports the error. Python shows one error even there are multiple errors in the program. This makes debugging easier.
  • Typed dynamically: Python does not identify the type of variable until you run the code. The data type is assigned automatically during the execution process.
  • Free and Open-Source: Python comes under the OSI-approved. Due to which it is free to use and understand. Download the source code, modify it or even distribute your python version.
  • Vast Libraries Support: Python’s standard library is vast, and you can find almost all the functions required for the task. So, no need to depend on any external libraries.
  • Portability: In languages like C/C++, you have to change the code to run the program on different platforms. But Python doesn’t do so. Write it once and run it anywhere.

Disadvantages of Python

  • Slow Speed: The line-by-line execution of code frequently slows down the execution. The dynamic nature of Python is likewise responsible for the sluggish speed of Python since it needs to accomplish the additional work while executing code. In this way, Python isn’t utilized for purposes where speed is a fundamental part of the task.
  • Not Memory Efficient: To give simplicity to the developers, Python needs to do a minor tradeoff. The Python programming language utilizes a lot of memory. This can be an inconvenience while building applications when we incline toward memory optimization.
  • Weak in Mobile Computing: Python is, for the most part, utilized in server-side programming. We will not see Python on the client-side or mobile applications as a result of the following reasons.
  • Python isn’t memory efficient, and it has slow power processing as compare to another programming language
  • Database Access
  • Programming in Python is simple and peaceful.
  • In any case, when we are communicating with the database, it needs behind.
  • The Python’s data set admittance layer is crude and immature, contrasted with famous innovations like JDBC and ODBC.
  • Runtime Errors: As we know, Python is a dynamically typed language, so the data type of a variable can change anytime. A variable containing an integer number may hold a string in the future, leading to Runtime Errors. Therefore Python programmers need to perform thorough testing of the applications.
As we know, Python is a dynamically typed language, so the data type of a variable can change anytime. A variable containing a number may hold a string, later on prompting Runtime Errors. Consequently, Python developers need to perform exhaustive testing of the applications.

Advantages of PHP Framework

  • Wide choice available for specialists: A large number of available specialists results in high competitiveness and lower demanded wages, which is beneficial for reducing development costs. PHP is easy to learn and implement
  • Plentiful documentation: Material like tutorials, manuals, and references can facilitate web development and provide help in challenging situations. And, as described above, learning PHP is comparatively easy, though not as easy as Python.
  • PHP Improves loading speed: PHP makes a website and its pages load faster and easier than compared to other development technologies. For example, currently, PHP is about thrice quicker than Python. Lower loading time is essential in SEO ranking, which helps you to promote your website. A higher application speed keeps customers satisfied.
  • Large database selection: PHP allows connecting any database. MySQL is most common, mainly because it is free and much effective, and popular among developers MSQL, MS-SQL, SQLite, PostgreSQL, etc., are compatible with PHP.
  • Open-Source, inexpensive software: PHP is a free-to-use technology that presents considerable savings for the development budget. Also, most development tools are utilized in combination with PHP is open-source software, and it can be used without charges; they also reduce the project cost. Moreover, numerous frameworks, such as Laravel and CodeIgniter, and various CMS, such as WordPress and Drupal. The extend PHP functionality and make development more effective and easy
  • Combine with HTML: PHP offers embedded HTML programming, due to this reason there is an incredible synergy between PHP and HTML. Mostly, the HTML code of a web page is not interfered with by PHP script but instead completes it inside the borders defined by tags. And vice versa
  • Good flexibility: Flexibility in PHP makes it effective to combine with many other programming languages to use the effective technology for a particular feature. PHP is a cross-platform language, which provides flexibility to developers to use any primary operating system – Windows, Linux, macOS – to perform the coding.
  • Compatible with cloud service: Nowadays, modern products use cloud computing solutions like Amazon Web Services for different purposes. Applications that are written in PHP are fully supported by many additional cloud services, like AWS Lambda. Thus, PHP applications can be deployed on a cloud server and can achieve excellent scalability and beneficial effects.

Disadvantages of PHP Language

  • Popularity decreases: As PHP is a powerful tool supported by a large community and excellent reference documentation, there are more accessible languages for web apps. This is why novice developers prefer learning Python as their initial language and rarely consider adding PHP to their skillset.
  • Lack of specialized libraries: PHP has its libraries and is difficult to compete with Python in developing web apps empowered by machine learning. PHP can’t offer fast and effective alternatives to Scikit-learn, Theano, Python’s TensorFlow, and Keras. If your app requires ML functionality, PHP is not the best choice.
  • Security Issues and Flaws: The open-source nature of PHP is the reason for code vulnerabilities. Thus, in theory, during the period between reveal and fixing in the updated versions of the programming language, those vulnerabilities may be exploited by any programmer with malicious intent and adequate skills

Comparison based on Major aspects

Comparing both the language needs deep understanding and accurate facts and figures about both these two’s programing and actual working. Both PHP and Python have their advantages and which one is the best for web development and the application, we can compare the basic of this functioning:
  • Installation Performance and Speed
  • Library Support
  • Web Framework Options
  • Environment Management
  • Flexibility, Scalability, and Versatility
  • Security
  • Debugging
  • Documentation
  • Web and Application Development
  • Developer Community and Support
  • Similarities
  • Differences
Keeping in view all these aspects and selecting one is undoubtedly difficult after matching both of these languages. Python is the doorway to machine learning codes, while PHP is designed for server-side scripting and web development.
  • Python suggests plenty of web frameworks. Python is well in library support. I am having frameworks like Django and Flask that are highly reachable, secure, and fast.
  • If you want to set up ML models or use self-regulating and decoupled mechanisms to build apps, Django benefits you in it. You can swap or unplug these components based on your changing corporate needs.
  • Due to its flexibility and simplicity, Instagram uses the Django framework, choosing Python in the PHP-vs-Python race. It helps this social media site deliver its millions of users daily without troubles.
  • Python is easy to learn for beginners. This scripting language was designed to be readable without difficulty with orderly configuring, syntax, and plain English words instead of punctuations. Python has a comprehensive range of built-in data types ready to go right out of the box. The test with Python often knows which tool to use for the specific job you’re doing. That’s still an encounter, but it’s generally an easier one to answer. Python does have a drawback that the Python 2 to Python 3 advancement has not been reluctantly compatible.
  • Things that make web applications slow are not related to programming languages. Quiet database questions every programming language. Trusting on excessive network demands and analyzing a lot of information from a disk will slow you down every time. In most situations, PHP is a faster programming language than Python
  • In recent times, Python was faster than PHP, but this has altered after PHP 7. The entire PHP team has a widespread infinite deal to speed up the language, and now PHP is faster than Python and several other languages. If makers need to process vast quantities of data, high speed may significantly improve performance.
  • Data security is the main issue in the field of programming. A report ranked Python among the top secure programming languages. Python has numerous safety features that can be used to form complex apps with particular goals and functions in mind. For instance, its framework Django has built-in security features that permit developers to deal with threats efficiently.
  • In contrast to Python, a large number of PHP apps may have security problems due to old coding performance and corrupt code. Many of these issues have been fixed through PHP contribution. However, skilled web app developers use both languages to generate protected applications following security rehearses.
  • Python offers an unambiguous and brief syntax of codes, whereas PHP has a wide range of naming conventions and syntax.
  • Python’s key features are Quick development, dynamic typing, and unique code, whereas Key features of PHP are Open source, Easy Setting out, Constant Developments.
  • It supports programmer’s code clearly with clarity and is suitable for large-scale and small-scale projects. Due to its widespread list of standard libraries, Python is also known as a “Batteries Included” programming language.

Final Thoughts

To some extent, both Python and PHP are somehow similar to one another. Python is better than PHP. Python appears to be a conqueror over PHP. PHP has been the preferably attaining majority of web development. But now, Python is gradually making its way with its extraordinary features and functionalities for high-end applications and provides to this contemporary, tech-perception world. It mainly depends on your project’s wants, expertise, awareness, and PHP or Python skills.

You can go with how you find a professionally better programmer, and you need to project a simple website with less complexity. You can consider Python if you are planning to implement machine learning codes or require Unicode support. And if you are planning for web development and server-side scripting projects, PHP is the way forward.

How to configure Cisco ASA 5545-X & Nexus Switch 3604-X

This guide typically sets up Cisco ASA 5545-X and Nexus Switch 3604-X in a data center environment.

The data center operator will usually give you a single internet RJ45 cable to connect to your first network device for internet connectivity. As shown in diagram 1, the first network device is ASA 5545-X which is then connected to Nexus Switch 3604-X.

Insert internet cable given by datacenter operator in interface GigabitEthernet0/0. In the second interface GigabitEthernet0/1, insert another RJ45 cable and insert the other end to the first interface Ethernet1/1 of Nexus 3604-X switch.

Grab another RJ-45 cable and insert one end to interface Ethernet1/2 of Nexus 3604-X switch and another end to the first ethernet port of your server. Follow the same procedure if you want to attach more servers to your network.

Flow diagram of network connectivity in a data center

CISCO ASA 5545-X SWITCH NEXUS 3604-X

Setup of Cisco ASA 5545-X

  • To show the running configuration of ASA, on the command line enter ‘en’ and then ‘config’
  • Enter the following command to output details of the running configuration.

ss1(config)# show run

  • Set a strong password with the following command

username admin password DLaUiAX3l78qgoB5c7iVNw

or

enable password

  • To set IP address on interface GigabitEthernet0/0, run the following commands in config mode on ASA 5545-X.

interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 5.178.114.38 255.255.255.192

  • To set IP address on interface GigabitEthernet0/1, run the following commands in config mode on ASA 5545-X.

interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 5.178.113.1 255.255.255.224

Setup static route to allow traffic flow to the public internet 5.178.114.62.

route outside 0.0.0.0 0.0.0.0 5.178.114.62

To allow traffic to flow on interfaces with same network security enter;

same-security-traffic permit inter-interface
same-security-traffic permit intra-interface

Now permit traffic to flow on different ports as per your requirement. Enter the following commands or install ASDM on your local computer and perform the following tasks in ASDM which is easier.

object-group service DM_INLINE_SERVICE_2
service-object ip
service-object icmp
service-object udp
service-object igmp
service-object icmp6
service-object tcp
service-object tcp destination eq ssh
object-group service DM_INLINE_SERVICE_3
service-object icmp
service-object icmp6
service-object tcp destination eq ssh
object-group service DM_INLINE_SERVICE_4
service-object ip
service-object icmp
service-object tcp destination eq ssh
object-group service All_services
service-object ip
service-object icmp
service-object pim
service-object pcp
service-object snp
service-object sctp
service-object udp
service-object igmp
service-object ipinip
service-object gre
service-object esp
service-object ah
service-object icmp6
service-object tcp
service-object eigrp
service-object ospf
service-object igrp
service-object nos
service-object icmp alternate-address
service-object icmp conversion-error
service-object icmp echo
service-object icmp echo-reply
service-object icmp information-reply
service-object icmp information-request
service-object icmp mask-reply
service-object icmp mask-request
service-object icmp mobile-redirect
service-object icmp parameter-problem
service-object icmp redirect
service-object icmp router-advertisement
service-object icmp router-solicitation
service-object icmp source-quench
service-object icmp time-exceeded
service-object icmp timestamp-reply
service-object icmp timestamp-request
service-object icmp traceroute
service-object icmp unreachable
service-object icmp6 echo
service-object icmp6 echo-reply
service-object icmp6 membership-query
service-object icmp6 membership-reduction
service-object icmp6 membership-report
service-object icmp6 neighbor-advertisement
service-object icmp6 neighbor-redirect
service-object icmp6 neighbor-solicitation
service-object icmp6 packet-too-big
service-object icmp6 parameter-problem
service-object icmp6 router-advertisement
service-object icmp6 router-renumbering
service-object icmp6 router-solicitation
service-object icmp6 time-exceeded
service-object icmp6 unreachable
service-object tcp-udp destination eq cifs
service-object tcp-udp destination eq discard
service-object tcp-udp destination eq domain
service-object tcp-udp destination eq echo
service-object tcp-udp destination eq www
service-object tcp-udp destination eq kerberos
service-object tcp-udp destination eq nfs
service-object tcp-udp destination eq pim-auto-rp
service-object tcp-udp destination eq sip
service-object tcp-udp destination eq sunrpc
service-object tcp-udp destination eq tacacs
service-object tcp-udp destination eq talk
service-object tcp destination eq aol
service-object tcp destination eq bgp
service-object tcp destination eq chargen
service-object tcp destination eq cifs
service-object tcp destination eq citrix-ica
service-object tcp destination eq ctiqbe
service-object tcp destination eq daytime
service-object tcp destination eq discard
service-object tcp destination eq domain
service-object tcp destination eq echo
service-object tcp destination eq exec
service-object tcp destination eq finger
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq gopher
service-object tcp destination eq h323
service-object tcp destination eq hostname
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq ident
service-object tcp destination eq imap4
service-object tcp destination eq irc
service-object tcp destination eq kerberos
service-object tcp destination eq klogin
service-object tcp destination eq kshell
service-object tcp destination eq ldap
service-object tcp destination eq ldaps
service-object tcp destination eq login
service-object tcp destination eq lotusnotes
service-object tcp destination eq lpd
service-object tcp destination eq netbios-ssn
service-object tcp destination eq nfs
service-object tcp destination eq nntp
service-object tcp destination eq pcanywhere-data
service-object tcp destination eq pim-auto-rp
service-object tcp destination eq pop2
service-object tcp destination eq pop3
service-object tcp destination eq pptp
service-object tcp destination eq rsh
service-object tcp destination eq rtsp
service-object tcp destination eq sip
service-object tcp destination eq smtp
service-object tcp destination eq sqlnet
service-object tcp destination eq ssh
service-object tcp destination eq sunrpc
service-object tcp destination eq tacacs
service-object tcp destination eq talk
service-object tcp destination eq telnet
service-object tcp destination eq uucp
service-object tcp destination eq whois
service-object udp destination eq biff
service-object udp destination eq bootpc
service-object udp destination eq bootps
service-object udp destination eq cifs
service-object udp destination eq discard
service-object udp destination eq dnsix
service-object udp destination eq domain
service-object udp destination eq echo
service-object udp destination eq www
service-object udp destination eq isakmp
service-object udp destination eq kerberos
service-object udp destination eq mobile-ip
service-object udp destination eq nameserver
service-object udp destination eq netbios-dgm
service-object udp destination eq netbios-ns
service-object udp destination eq nfs
service-object udp destination eq ntp
service-object udp destination eq pcanywhere-status
service-object udp destination eq pim-auto-rp
service-object udp destination eq radius
service-object udp destination eq radius-acct
service-object udp destination eq rip
service-object udp destination eq secureid-udp
service-object udp destination eq sip
service-object udp destination eq snmp
service-object udp destination eq snmptrap
service-object udp destination eq sunrpc
service-object udp destination eq syslog
service-object udp destination eq tacacs
service-object udp destination eq talk
service-object udp destination eq tftp
service-object udp destination eq time
service-object udp destination eq who
service-object udp destination eq xdmcp
access-list global_access extended permit object-group DM_INLINE_SERVICE_2 any a ny
access-list global_access extended permit object-group DM_INLINE_SERVICE_3 any a ny
access-list outside_access_in extended permit object-group All_services any any log
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_4 host 194.126.175.218 any

Setup of Cisco Nexus 3604-X

On your switch it is better to reload NX-OS operating system on switch.

On switch enter following commands to reload NX-OS. Note that these commands will erase all your current switch configuration.

ss1(config-if)#write erase
ss1(config-if)#reload

You can set seitch password with following command.

ss1(config-if)# username admin password 5 yourpassword role network-admin

After switch boots select default settings, add IPs of management port and select L3 for switch settings.

ss1(config-if)# interface ethernet 1/1
ss1(config-if)# speed 1000
ss1(config-if)# switchport
ss1(config-if)# switchport access vlan 1
ss1(config-if)# show vlan

ss1(config-if)# interface ethernet 1/2
ss1(config-if)# speed 1000
ss1(config-if)# switchport
ss1(config-if)# switchport access vlan 1
ss1(config-if)# show vlan

Add both interfaces configured above in VLan 1 by entering the following commands.

ss1(config-if)# feature interface-vlan
ss1(config)# interface vlan 1
ss1(config-if)# ip address 5.178.113.1/27

Set routing, so all traffic goes out from VLAN 1 to ASA port GigabitEthernet0/1.

ss1(config-if)# IP route 0.0.0.0/5.178.113.1
ss1(config-if)# IP route 0.0.0.0/0 5.178.114.38

After setting the route to connect the cable from interface ethernet 1/2 of the switch to your server nic0 port of first ethernet port. Check all devices by pinging to switch, ASA, and gateway IP. Your network should be functioning and if you get any issue you can chat with us live 24/7 for a free consultation.

Nvidia RTX 3080 Ti is available online right now

rtx 3080ti
The Nvidia RTX 3080 Ti has been released and available for lucky enough to find one. Announced earlier this week alongside the forthcoming RTX 3070 Ti, the 3080 Ti serves as the costly successor to the GeForce RTX 3080, a great graphics card that made 4K gaming affordable.

Nvidia RTX 3080 Ti has an impressive 1440p and 4K performance, albeit in a smaller, quieter package with half the VRAM. It certainly is not cheap at $1200, but given the ongoing GPU shortage and the exorbitant street prices of most GPUs right now, the RTX 3080 Ti might be more affordable at MSRP.

While we expect availability to be limited at launch and throughout the year, several retailers currently have the RTX 3080 Ti in stock. Best Buy announced yesterday that it would give customers a chance to purchase an NVIDIA Founders Edition of the card at select stores today.

Customers hoping to pick it up at launch will need to line up early and secure a ticket at 7:30 AM local time before it officially goes on sale at 9:00 AM local time. If you’re reading this now, the chances are good that you’re already too late.

Nvidia is nerfing new RTX 3080 Ti, RTX 3080, and 3070 cards for Ethereum cryptocurrency mining. SeiMaxim offers RTX 3090 GPU cards for cryptocurrency mining that LHR does not limit. The RTX 3090 GPU is available with dedicated and virtual servers equipped with Intel Xeon Silver CPU.

You will get RTX 3080 Ti from five manufacturers, Gigabyte, Asus, EVGA, and MSI. If you’re looking to purchase the RTX 3080 Ti online, your options are limited. The cards will go on sale at B&H Photo, Newegg, Micro Center, and Amazon. However, we expect the stock to sell out fast. You might have luck getting one online through MSI, PNY, Zotac, or EVGA’s site.

Nvidia nerfing new RTX 3080Ti, 3070Ti, 3060Ti for cryptocurrency mining

NVIDIA RTX 3080 TI, RTX 3090

Nvidia applies its cryptocurrency mining limits to newly released GeForce RTX 3080 Ti, RTX 3070 Ti, and RTX 3060 Ti graphics cards. Other cards affected are RTX 3080, RTX 370, and RTX 360. After nerfing the hash rates of the RTX 3060 for its launch in Q1 2021, Nvidia is now starting to label new cards with a “Lite Hash Rate” or “LHR” identifier to let potential customers know the cards will be restricted for mining.

As per Matt Wuebbling, Nvidia’s head GeForce marketing, this reduced hash rate only applies to newly manufactured cards with the LHR identifier and not to cards already purchased. He further said that “We believe this additional step will get more GeForce cards at better prices into the hands of gamers everywhere.”

The new RTX 3080 Ti card will start shipping in a few days, and the LHR identifier will be displayed in retail product listings and on the box. Nvidia originally started hash limiting with the RTX 3060, and the company has already committed to not limiting the performance of GPUs already sold.

While Nvidia tried to limit Ethereum mining with the RTX 3060, the company also accidentally released a beta driver that unlocked hash rates and increased performance. That’s been reinstated with more recent drivers, but the beta drivers are out in the wild now.

Nvidia offers a separate Cryptocurrency Mining Processor (CMP) for Ethereum miners instead. These cards include the best performance for mining and efficiency, but they won’t handle graphics at all. Nvidia’s move to nerf new cards will undoubtedly drive up prices for existing 30-series GPUs that don’t have these restrictions in place.

SeiMaxim offers RTX 3090 GPU cards for cryptocurrency mining that LHR does not limit. The RTX 3090 GPU is available with dedicated and virtual servers equipped with Intel Xeon Silver CPU.

How to repair filesystem in rescue environment CentOS 8 & CentOS 7?

Your Linux server may not load after boot and requests fsck of the root filesystem. If this happens server filesystem goes into read-only mode.
  • When prompted for language, and keyboard, provide the pertinent information for the system.
  • Boot your server from CentOS ISO image and select rescue mode at the boot command prompt.
  • When prompted to enable the network devices on the system, select: No
  • If you are using Software RAID, first initialize the RAID array.
mdadm --assemble --scan
  • Activate the volumes in order to scan them, If using LVM.
lvm vgchange -ay 1 logical volume(s) in volume group "VolGroup00" now active
  • Run fsck on the device which has the root filesystem (ext3/ext4).
e2fsck -fvy /dev/mapper/vg device e2fsck -fvy /dev/sd device e2fsck -fvy /dev/md device
  • For XFS filesystem;
xfs_repair /dev/mapper/vg device xfs_repair /dev/sd device xfs_repair /dev/md device
  • You may have to recreate the log if xfs_repair does not run. You may implement this by running xfs_repair -L
  • Exit rescue mode and boot system normally.

How to reset the root password on redhat 8

So you end up here because you have lost your root password. On Red Hat Enterprise Linux 8, it is possible to have the scripts that run from the initramfs pause at certain points, provide a root shell, and then continue when that shell exits. This is mostly meant for debugging, but you can also use this method to reset a lost root password. To access that root shell, follow these steps:

  • Reboot your server.
  • Interrupt the boot loader countdown by pressing any key, except Enter.
  • Move the cursor to the kernel entry to boot.
  • Press e to edit the selected entry.
  • Move the cursor to the kernel command line (the line that starts with linux).
  • Append rd.break. With that option, the system breaks just before the system hands control from the initramfs to the actual system.
  • Press Ctrl+x to boot with the changes.
  • To reset the root password from this point, use the following procedure:
  • Remount /sysroot as read/write.

switch_root:/# mount -o remount,rw /sysroot

  • Switch into a chroot jail, where /sysroot is treated as the root of the file-system tree.

switch_root:/# chroot /sysroot

  • Set a new root password.

sh-4.4# passwd root

  • Ensure that all unlabeled files, including /etc/shadow at this point, get relabeled during boot.

sh-4.4# touch /.autorelabel

  • Type exit twice. The first command exits the chroot jail, and the second command exits the initramfs debug shell.
  • At this point, the system continues booting, performs a full SELinux relabel, and then reboots again.
If you are looking to learn Linux or host your website, you can buy VPS Hosting.

What is VPS Hosting?

A VPS is a complete server with its own operating system and virtual hardware built on top of physical server hardware. A Linux or Windows-based operating system known as a hypervisor is used to build virtual servers, datastores, virtual switches, virtual routers, virtual CPUs, and RAM. Some leading hypervisors are VMware, Citrix Xenserver, and KVM. With rapid provisioning of a VPS, you can scale horizontally to handle bursts in computing resources.

An important advantage of a VPS is that you can replicate and clone a VPS easily and within a short time. You can increase resources like CPU, RAM, and storage instantly by asking your VPS hosting provider. With SeiMaxim virtualization technology, you can scale your VPS up to 24TB RAM and 768 vCPUs, leaving our competitors far behind in this field. You can meet the demands of high-performance applications and memory-intensive databases, including SAP HANA and Epic Cache Operational database.

A greater advantage of using hypervisor is in the field of graphics visualization, rendering, and streaming. SeiMaxim VPS offers 3-D professional graphics that included GPU Pass-through and hardware-based GPU sharing with NVIDIA vGPU™, AMD MxGPU™, and Intel GVT-g™. A pass-through GPU is not abstracted at all but remains one physical device. Each hosted VPS gets its own dedicated GPU, eliminating the software abstraction and the performance penalty that goes with it. This GPU Pass-Through feature is ideally intended for graphics power users, such as CAD designers and Molecular modelers.

To cut the cost of a single VPS with a dedicated GPU, a shared GPU can be implemented.  Shared GPU allows one physical GPU to be used by multiple VPS at the same time. Because a portion of a physical GPU is used, performance is greater than emulated graphics, and there is no need for one card per VPS. This feature enables resource optimization and increases the performance of the VPS. The graphics workload of each VPS is passed directly to the GPU without processing by the hypervisor.

How To Monitor VMware envirnment with Grafana

This step-by-step guide uses the Official telegraph vSphere plugin to pull metrics from vCenter. We will pull metrics such as compute, network and storage resources. Before starting with this guide, I assume you have a freshly installed operating system, ubuntu 20. so let’s being with our work.

Step: 1 Install Grafana on Ubuntu

This tutorial tested on freshly installed OS Ubuntu 20.04.

  • Start your Grafana installation.

wget https://dl.grafana.com/oss/release/grafana_7.1.3_amd64.deb

sudo dpkg -i grafana_7.1.3_amd64.deb

  • Now start and enable your Grafana service.

sudo systemctl start grafana-server.service

sudo systemctl enable grafana-server.service

  • Check Grafana service status.

sudo systemctl status grafana-server.service

  • At this point, Grafana is installed, and you can log in to your Grafana by following

url: http://[your Grafana server ip]:3000

The default username/password is admin/admin

  • Upon the first login, Grafana will ask you to change the password.
  • Be careful HTTP is not a secure protocol. You can further secure it by putting SSL certificates.

Step: 3 Install Influx DB

  • Inquire about the available InfluxDB version in your apt-cache by the following command.

sudo apt-cache policy influxdb

It will be the last stable version of InfluxDB. We will use a later version 1.8 of InfluxDB, so we will update the apt cache first and add the required information to the repository.

wget -qO- https://repos.influxdata.com/influxdb.key | sudo apt-key add -

source /etc/lsb-release

echo "deb https://repos.influxdata.com/${DISTRIB_ID,,} ${DISTRIB_CODENAME} stable" | sudo tee /etc/apt/sources.list.d/influxdb.list

sudo apt update

sudo apt-cache policy influxdb

sudo apt update

sudo apt-cache policy influxdb

sudo apt install influxdb -y

  • Check the status and ensure that it sustains over the reboot.

sudo systemctl start influxdb

sudo systemctl status influxdb

sudo systemctl enable influxdb

  • The InfluxDB will listen on port 8086, and if your server is on the internet, then depending on any existing firewall rules, anybody may be able to query the server using the URL

https://[your domain name or ip]:8086/metrics

  • On my local machine where I am doing this test, is not having any firewall enabled, but if you have allowed or using public IPs, you can prevent direct access by doing these commands

iptables -A INPUT -p tcp -s localhost --dport 8086 -j ACCEPT

iptables -A INPUT -p tcp --dport 8086 -j DROP

Step: 4 Install Telegraf

  • Now we are going to install telegraf.

sudo apt install telegraf -y

  • Start Telegraf and ensure it starts in case of reboot.

sudo systemctl start telegraf

sudo systemctl status telegraf

sudo systemctl enable telegraf

  • Configure Telegraf to pull Monitoring metrics from vCenter, so here we will configure Telegraf main configuration file:
  • In this /etc/telegraf/telegraf first, you need to add information for influxdb.
  • change your influxdb credentials.

————————————————————————————————————————————–

[[outputs.influxdb]]
urls = ["http://<Address_of_influxdb_server>:8086"]
database = "vmware"
timeout = "0s"

#only with if you are using authentication for DB

#username = "USERNAME_OF_DB"

#password = "PASSWD_OF_DB"

————————————————————————————————————————————-

# Read metrics from VMware vCenter
[[inputs.vsphere]]
## List of vCenter URLs to be monitored. These three lines must be uncommented
## and edited for the plugin to work.
vcenters = [ "https://<vCenter_IP>/sdk" ]
username = "administrator@vsphere.local"
password = "PASSWD"
#
## VMs
## Typical VM metrics (if omitted or empty, all metrics are collected)
vm_metric_include = [
"cpu.demand.average",
"cpu.idle.summation",
"cpu.latency.average",
"cpu.readiness.average",
"cpu.ready.summation",
"cpu.run.summation",
"cpu.usagemhz.average",
"cpu.used.summation",
"cpu.wait.summation",
"mem.active.average",
"mem.granted.average",
"mem.latency.average",
"mem.swapin.average",
"mem.swapinRate.average",
"mem.swapout.average",
"mem.swapoutRate.average",
"mem.usage.average",
"mem.vmmemctl.average",
"net.bytesRx.average",
"net.bytesTx.average",
"net.droppedRx.summation",
"net.droppedTx.summation",
"net.usage.average",
"power.power.average",
"virtualDisk.numberReadAveraged.average",
"virtualDisk.numberWriteAveraged.average",
"virtualDisk.read.average",
"virtualDisk.readOIO.latest",
"virtualDisk.throughput.usage.average",
"virtualDisk.totalReadLatency.average",
"virtualDisk.totalWriteLatency.average",
"virtualDisk.write.average",
"virtualDisk.writeOIO.latest",
"sys.uptime.latest",
]
# vm_metric_exclude = [] ## Nothing is excluded by default
# vm_instances = true ## true by default
#
## Hosts
## Typical host metrics (if omitted or empty, all metrics are collected)
host_metric_include = [
"cpu.coreUtilization.average",
"cpu.costop.summation",
"cpu.demand.average",
"cpu.idle.summation",
"cpu.latency.average",
"cpu.readiness.average",
"cpu.ready.summation",
"cpu.swapwait.summation",
"cpu.usage.average",
"cpu.usagemhz.average",
"cpu.used.summation",
"cpu.utilization.average",
"cpu.wait.summation",
"disk.deviceReadLatency.average",
"disk.deviceWriteLatency.average",
"disk.kernelReadLatency.average",
"disk.kernelWriteLatency.average",
"disk.numberReadAveraged.average",
"disk.numberWriteAveraged.average",
"disk.read.average",
"disk.totalReadLatency.average",
"disk.totalWriteLatency.average",
"disk.write.average",
"mem.active.average",
"mem.latency.average",
"mem.state.latest",
"mem.swapin.average",
"mem.swapinRate.average",
"mem.swapout.average",
"mem.swapoutRate.average",
"mem.totalCapacity.average",
"mem.usage.average",
"mem.vmmemctl.average",
"net.bytesRx.average",
"net.bytesTx.average",
"net.droppedRx.summation",
"net.droppedTx.summation",
"net.errorsRx.summation",
"net.errorsTx.summation",
"net.usage.average",
"power.power.average",
"storageAdapter.numberReadAveraged.average",
"storageAdapter.numberWriteAveraged.average",
"storageAdapter.read.average",
"storageAdapter.write.average",
"sys.uptime.latest",
]
# host_metric_exclude = [] ## Nothing excluded by default
# host_instances = true ## true by default
#
## Clusters
cluster_metric_include = [] ## if omitted or empty, all metrics are collected
# cluster_metric_exclude = [] ## Nothing excluded by default
# cluster_instances = false ## false by default
#
## Datastores
datastore_metric_include = [] ## if omitted or empty, all metrics are collected
# datastore_metric_exclude = [] ## Nothing excluded by default
# datastore_instances = false ## false by default for Datastores only
#
## Datacenters
datacenter_metric_include = [] ## if omitted or empty, all metrics are collected
# datacenter_metric_exclude = [ "*" ] ## Datacenters are not collected by default.
# datacenter_instances = false ## false by default for Datastores only
#
## Plugin Settings
## separator character to use for measurement and field names (default: "_")
# separator = "_"
#
## number of objects to retreive per query for realtime resources (vms and hosts)
## set to 64 for vCenter 5.5 and 6.0 (default: 256)
# max_query_objects = 256
#
## number of metrics to retreive per query for non-realtime resources (clusters and datastores)
## set to 64 for vCenter 5.5 and 6.0 (default: 256)
# max_query_metrics = 256
#
## number of go routines to use for collection and discovery of objects and metrics
# collect_concurrency = 1
# discover_concurrency = 1
#
## whether or not to force discovery of new objects on initial gather call before collecting metrics
## when true for large environments, this may cause errors for time elapsed while collecting metrics
## when false (default), the first collection cycle may result in no or limited metrics while objects are discovered
# force_discover_on_init = false
#
## the interval before (re)discovering objects subject to metrics collection (default: 300s)
# object_discovery_interval = "300s"
#
## timeout applies to any of the api request made to vcenter
# timeout = "60s"
#
## Optional SSL Config
# ssl_ca = "/path/to/cafile"
# ssl_cert = "/path/to/certfile"
# ssl_key = "/path/to/keyfile"
## Use SSL but skip chain & host verification
insecure_skip_verify = true

—————————————————————————————————————

  • You only need to change the credential of vcenter and influxdb
  • Start and enable telegraf service after making the changes.
  • sudo systemctl restart telegraf
  • sudo systemctl enable telegraf

Step: 4.1 Check InfluxDB Metrics

  • We need to confirm that our metrics are being pushed to InfluxDB and that we can see them.
  • If you are using authentication then open  InfluxDB shell like this:

$ influx -username 'username' -password 'PASSWD'

  • We need to confirm that our metrics pushed to InfluxDB and that we can see them.
    If you are using authentication, then open the InfluxDB shell by this:

$ influx

  • Then:

> USE vmware

  • Using database vmware:
  • Check if there is an inflow of time series metrics.

> SHOW MEASUREMENTS

name: measurements

name

—-

cpu

disk

diskio

kernel

mem

processes

swap

system

vsphere_cluster_clusterServices

vsphere_cluster_mem

vsphere_cluster_vmop

vsphere_datacenter_vmop

vsphere_datastore_datastore

vsphere_datastore_disk

vsphere_host_cpu

vsphere_host_disk

vsphere_host_mem

vsphere_host_net

vsphere_host_power

vsphere_host_storageAdapter

vsphere_host_sys

vsphere_vm_cpu

vsphere_vm_mem

vsphere_vm_net

vsphere_vm_power

vsphere_vm_sys

vsphere_vm_virtualDisk

Step 5: Add InfluxDB Data Source to Grafana

  • Login to Grafana and add InfluxDB data source
  • Click on the configuration icon and then click datasource.
  • Click Add influxDB data source.
  • Insert all the relevant information under HTTP and influxDB details shown into the red boxes below:
  • If you used a password in your influxDB you might put it here.

Grafana

Step 6: Import Grafana Dashboards

  • The last action is to create or import Grafana dashboards:
  • Building a Grafana dashboard is a lengthy process, so we are using a community dashboard built by Jorge de la Cruz.

Grafana

  • We will import this pre-build Grafana dashboard #8159. The moment you did import, you will see your Grafana dashboard.

Grafana

RSYNC: File size in destination is larger than source

You may notice that after running rsync your file size in destination becomes larger than the source. This is most likely due to sparse files. To allow rsync to manage sparser files more efficiently so they took less space use the -S flag.

rsync -S sparse-file /home/sparser-file

After rsync is done, check the destination file with the du command and the filesize will be almost the same as the source file.

How to use rsync to backup an entire server?

Yes, It is possible to backup entire server files using rsync over the network to another server or to a locally attached disk. rsync is easy to set up but it is not a complete backup solution. Make sure you should not use rsync to backup server files to tape devices. You could completely clone a server but it is the slowest backup method. You should back up only the data and use third-party cloning tools to backup system files.

You can use rsync to perform differential backups so later backups only copy files that are changed since the last backup is done. It should be noted that rsync cannot backup online databases so use third party software like cPanel to backup databases. You should use following options with rsync:

ownerships, permissions, preserve timestamps, extended attributes (to preserve SELinux attributes), and ACLs.

Make sure you use the same rsync version on source and destination servers.

  • To backup server filesystem to an external disk (attached with USB or other hardware) and mounted as /media

rsync -AXav --progress --del --exclude "/sys/*" --exclude "/media/*" --exclude "/proc/*" --exclude "/selinux/*" --exclude "/mnt/*" / /media/

  • To backup server filesystem over a network to another server (which is computing.seimaxim.com in this How-To):

rsync -AXavz –progress –del –bwlimit=1000 –exclude “/sys/*” –exclude “/selinux/*” –exclude “/proc/*” –exclude “/media/*” –exclude “/mnt/*” / root@computing.seimaxim.com:/media/

In above command -z option is used for compression to increase data transfer speed.

 

 

How to resolve error resize2fs: Operation not permitted While trying to add group – ext4_group_add: No reserved GDT blocks, can’t resize

The root cause of this error is that the pool of reserved GDT blocks is not available, or the filesystem does not support online resizing. Note that the Ext3 and Ext4 filesystem metadata layout is fixed. mkfs reserves space for future disk resizing, but that is only 1024x the filesystem size during initial disk creation or the upper block count limit of 2^32, priority given to the lowest. The third root cause of the error is that the journal is too small.

  • To resolve this error:

check if online resizing is available for the filesystem. You can check this with resize_inode in the dumpe2fs output. If resize_inode text is not present in the dumpe2fs output given below, then the filesystem does not support online resizing. It would be best if you then unmounted the filesystem and then resize it.

dumpe2fs /dev/vg_test/lv_ext3 | grep -i features
Filesystem features: has_journal ext_attr resize_inode dir_index filetype needs_recovery extent flex_bg sparse_super large_file huge_file uninit_bg dir_nlink extra_isize
Journal features: journal_incompat_revoke

  • Check the output of dumpe2fs. If the Reserved GDT block line is missing, then the GDT block count is 0. The solution, in this case, is to resize the filesystem offline, i.e., after unmounting the filesystem.
  • The third scenario is when resize fails in both offline and online mode. The solution, in this case, is to remove the journal while the filesystem is offline and recreate the journal with a larger size.

First, check the size of the journal with;

dumpe2fs /dev/vg_test/lv_ext3 | grep Journal\ size
Journal size: 32M

Now remove the journal with

tune2fs -O ^has_journal /dev/vg_test/lv_ext3
Creating journal inode: done

Verify the journal size you just create with;

dumpe2fs /dev/vg_test/lv_ext3 | grep Journal\ size
Journal size: 148M

Now resize with resize2fs /dev/vg_test/lv_ext3

If you still get errors, use the option -J size=journal-size, where journal-size is in megabytes.

 

 

How to setup ftp server on CentOS 7?

  • To setup ftp server on CentOS 7, perform following steps:
  • Install vsftpd package with yum -y install vsftpd
  • Edit the range of ports that is to be used by ftp service in /etc/vsftpd/vsftpd.conf

pasv_min_port=3000
pasv_max_port=3500

  • Use systemctl command to enable vsftpd at boot time:

systemctl enable vsftpd.service
systemctl start vsftpd.service

  • Open ftp port in firewall with:

firewall-cmd --add-port=21/tcp --add-port=3000-3500/tcp --permanent
systemctl restart firewalld.service

  • To set selinux which will allow regular uer to get and put files to server:

setenforce 1
setsebool -P ftpd_full_access 1

Performance testing and benchmarking tools for Linux

Disclaimer: Links given on this page to external websites are provided for convenience only. SeiMaxim has not checked the following external links and is not responsible for their content or link availability. The inclusion of any link on this page to an external website does not imply endorsement by SeiMaxim of the website or their entities, products, or services. You must agree that SeiMaxim is not responsible or liable for any loss or expenses that may result due to your use of the external site or external content.

The following Linux benchmarking and performance tools are available from external sources:

  • Unixbench
  • sysbench
  • tiobench
  • ttcp
  • sockperf
  • siege
  • nuttcp
  • seeker
  • nfsometer
  • kcbench
  • lmbench
  • netpipe
  • netperf
  • iperf3
  • iozone
  • httperf
  • fio
  • dnsperf
  • bonnie++
  • aio-stress
  • bandwidth
  • dbench
  • nuttcp

Configure sftp server with restricted chroot users with ssh keys without affecting normal user access

  • Login on the Linux server (sftp) as root and create a new user account with the following Shell commands:

useradd seimaxim-user
passwd seimaxim-user

  • On the client system copy the ssh keys to the server:

ssh-copy-id seimaxim-user@seimaxim-server

  • On the client system verify the ssh keys so that a password-less login can be made to the server:

ssh seimaxim-uer@seimaxim-server

  • Verify sftp connection is working passwordless from the client system to server:

sftp seimaxim-user@seimaxim-server

  • At this stage, seimaxim-user from client system can ssh and sftp with entering password and have access to all directories. Now make necessary changes to chroot seimaxim-user caged to a specific directory.
  • On Linux server create a new group to add chroot seimaxim-user with groupadd sftpuser
  • Make a directory for chrooot seimaxim-user with mkdir /files
  • Make a subdirectory for seimaxim-user that has to be chroot with mkdir /files/seimaxim-user
  • Create a home directory for seimaxim-user with mkdir /files/seimaxim-user/home
  • Add seimaxim-user to new group you added in previous steps which sftpuser in our case with usermod -aG sftpuser seimaxim-user
  • Modify permissions of home directory /files/seimaxim-user/home of seimaxim-user with chown seimaxim-user:ftpuser /files/seimaxim-user/home
  • Open /etc/ssh/sshd_config in text editor like vi and add following code:

Subsystem sftp internal-sftp -d /home
Match Group sftpuser
ChrootDirectory /files/%u

  • Restart sshd service with systemctl restart sshd
  • Now try to connect via ssh and as user seimaxim-user from the client system to the server. You will not be able to connect via ssh but only through sftp. Also, try connecting with sftp which will be connected to the server without any issue. This solution will allow other users to connect through ssh to the server.

When connecting to VNC either screen is black or icons are shown but no menu or screen background

  • This issue occurs due to changes in the default service unit file. The changed file which is causing the error is given below;

[Service]
Type=forking
User=<USER>

# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=-/usr/bin/vncserver -kill %i
ExecStart=/usr/bin/vncserver %i
PIDFile=/home/<USER>/.vnc/%H%i.pid
ExecStop=-/usr/bin/vncserver -kill %i

  • The correct file is shown below;

[Service]
Type=forking

# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/sbin/runuser -l <USER> -c "/usr/bin/vncserver %i"
PIDFile=/home/<USER>/.vnc/%H%i.pid
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'

  • To resolve this error, apply the latest OS updates.

 

How to limit per user VNC sessions count?

You can use the following PERL script to limit VNC sessions per user.

  • Create a new file name vncserver and add the following content.

# Start the VNC Server
# Maximum sessions is limited to 2 per user in server.
&vnclimit();
}
}

sub vnclimit {
$countoutput = `ps -u $ENV{USER} | grep -i Xvnc | wc -l`;
if ($countoutput >= 1) {
print "Your vncsession is $ENV{USER} user. Maximum sessions is limited to 2 per user only!\n";
print "Execute 'vncserver -list' to list the current session\n\n";
print "Contact your server admin to increase the number of sessions.\n";
exit;
}
}

  • After creating the file, run it as vncserver on the command line.

How to configure virtual network computing [vncserver] in Linux CentOS Server 7 and 8?

  • In Linux CentOS 7 and 8 install tigervnc-server using yum with yum install tigervnc-server tigervnc
  • Install X Window System on CentOS 8 with yum group install GNOME base-x or yum groupinstall "Server with GUI".  On CentOS 7 install X Window System with yum groupinstall gnome-desktop x11 fonts or yum groupinstall "Server with GUI"
  • Set the Linux server to boot directly into the graphical user interface systemctl start graphical.target
  • After installing X Window System configure the VNC service by creating a VNC user account with useradd <yourusername> and set a password with passwd <yourusername>
  • Login to the server and create VNC password with vncpasswd
  • Create a VNC configuration file for the user <yourusername> with cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service
  • Edit the /etc/systemd/system/vncserver@:1.service file and replace option “USER” with VNC user <yourusername>
  • Change 1 in /etc/systemd/system/vncserver@:1.service for every next VNC user. You should create one file for each user instance.
  • To change color depth, resolution, and other remote desktop options, add required values in ExecStart= as ExecStart=/sbin/runuser -l testuser1 -c "/usr/bin/vncserver %i -geometry 1024x768 -depth 24"
  • You must open VNC port in firewall with firewall-cmd --permanent --zone=public --add-port 5901/tcp and then reload firewall with firewall-cmd reload
  • Reload configuration with sytemctl daemon-reload
  • Enable the VNC service and make sure it starts at your next boot with systemctl enable vncserver@:1.service and systemctl start vncserver@:1.service
  • To configure the desktop environment for VNC on the server look xstartup file in ~/.vnc/xstartup. Following is on Gnome desktop;For KDE, xstartup is

# cat ~/.vnc/xstartup

#!/bin/sh
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
vncconfig -iconic &
dbus-launch --exit-with-session gnome-session &

  • For KDE, xstartup is;

# cat ~/.vnc/xstartup

#!/bin/sh
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
#vncconfig -iconic &
#dbus-launch --exit-with-session gnome-session &
startkde &

  • The last step is to install vncviewer on your local PC and adding IP address::port number of the remote server with vncviewer vncserver-ipaddress::59XX or vncviewer vncserver-ipaddress::5901
  • Note that 1 in 5901 will have to be changed for each instance of vncserver as in vncserver@:1.service
  • For any queries, chat with us or leave a comment. We will be happy to help to troubleshoot your server.

 

How to Install and Configure VNC on Debian 9 and Kali Linux 2020.2

This is a quick guide to installing VNC on Debian 9 and Kali Linux

  • Login to your server as root.
  • Install VNC server with apt-get install tightvncserver
  • If you get the following error then you can install tightvncserver from Debian or Kali installation ISO image.

root@server:/home/user# apt install tightvncserver -y
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package tightvncserver is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

E: Package 'tightvncserver' has no installation candidate

  • To install tightvnc from ISO image, Mount Debian or Kali image on /media/cdrom with mount -t iso9660 /dev/sr0 /media/cdrom -o loop

tightvnc .deb packages [tightvncserver_1.3.9-9.1_amd64.deb xtightvncviewer_1.3.9-9.1_amd64.deb] is located in /media/cdrom/pool/main/t/tightvnc

  • Change directory to /media/cdrom/pool/main/t/tightvnc with cd /media/cdrom/pool/main/t/tightvnc
  • Install tightvncserevr with dpkg -i tightvncserver_1.3.9-9.1_amd64.deb
  • Edit xstartup in /home/youraccount/.vnc/xstartup with vi and add following code:

#!/bin/sh
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
startxfce4 &
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey &
vncconfig -iconic &

  • Start vnc server by executing the following command:

vncserver

  • You will be prompted to enter and verify vnc password. Make sure your password is less than 8 characters else it will be truncated to 8 characters.
  • After vnc password is set you will have the option to set a view-only password which is optional.
  • You may kill any instance of vncserver by executing commands vncserver -kill :1
  • ~/.vnc/xstartup must have executable permission set. You may set these permissions with the command chmod +x ~/.vnc/xstartup
  • If you did the above steps correctly, TightVNC server is already running on your server waiting for an incoming connection.
  • To connect to vnc server from your local PC, install Tight vnc viewer. Open vncviewer and enter the IP address and listening port on the server 85.19.219.89::5906
  • If your vncserver is listening on port :1 then you should enter 85.19.219.89::5901
  • If your vncserver is listening on port :2 then you should enter 85.19.219.89::5902
  • Make sure to check on which port your vnc server is running and then edit port :5901 in vncviewer on your local PC/Server.

How to setup FTP in Linux based server

  • Login to the server as root and install vsftpd with yum install vsftpd ftp -y
  • Use vi editor to open /etc/vsftpd/vsftpd.conf [vi /etc/vsftpd/vsftpd.conf] and add/change following options:

anonymous_enable=NO
ascii_upload_enable=YES
ascii_download_enable=YES
use_localtime=YES

  • Enable and start the vsftpd service.

systemctl enable vsftpd
systemctl start vsftpd

  • Allow the ftp service and port 21 via firewall.

firewall-cmd --permanent --add-port=21/tcp
firewall-cmd --permanent --add-service=ftp

  • Reload firewall

firewall-cmd --reload

If you want users to restrict to their home directories, change permissions of home directory with

chmod -R go-rx /home/userdirectory

To test FTP server from client-side:

ftp ftp.yourservername.com

How to change the port of discovery container

  • Use podman to create new network podman network create
  • Check under /etc/cni/net.d/ you will find file /etc/cni/net.d/cni-podman-2.conflist
  • In your favorite file editor open /usr/share/containers/libpod.conf
  • Change line cni_default_network = "podman" in configuration file /usr/share/containers/libpod.conf to cni_default_network = "cni-podman2"
  • Reboot server
  • Restart container with podman start discovery dsc-db
  • Check the network status.
  • A new network cni-podman2 will be present with a new IP 192.168.0.1/24