- Cheap domain name registration, renewal and transfers - Free SSL Certificates - Web Hosting - Cheap domain name registration, renewal and transfers - Free SSL Certificates - Web Hosting

problem when connect to gmail smtp

Sep 17

gmail has increased the security level and some of the websites using phpmailer would receive several SMTP errors like:
- EHLO not accepted from server!
- Password not accepted from server! gmail smtp

First, the setting of smtp server should be ssl:// and connect to port 465.
Then make sure you set the correct username and password.

The final thing you you have to do is to open the security to enable web server to connect gmail SMTP, otherwise you are not able to send email:

Issue and fix on setting vsftpd server for FTP(e)S

May 01

Setting up vsftp with secure connection is not too difficult, however you may encounter the below error:

using filezilla ftp client

error received:

GnuTLS error -8: A record packet with illegal version was received.


it could be fixed by setting the below line in the vsftpd.conf


using winscp ftp client

error received:

Using TLSv1.2, cipher TLSv1/SSLv3: AES256-GCM-SHA384, 2048 bit RSA

SSL3 alert write: fatal: protocol version

Disconnected from server

Connection failed.


1. it could be fixed by setting the below line in the vsftpd.conf


2. by setting the allow_writeable_chroot=YES is not enough, you would receive “Failed to change directory.”, you may need to change the ftp user root folder to 777, although it is not secure…

google analytics new features – demographics

Dec 28

google analytics provide more advanced features. However, it is still in beta version.
If you want to activate this feature, you have to turn on “Display Advertiser Features”, then add one line of code in between the original ga provided code:
ga(‘create’, ‘UA-XXXXXX-XX’, ‘’);
ga(‘require’, ‘displayfeatures’);
ga(‘send’, ‘pageview’);

after adding the code above, you have to wait 24 hours in order to activate.

for detail, please visit the document here

SSL 3.0 POODLE Vulnerability

Oct 20

SSL 3.0 is nearly 18 years old and one known SSL protocol vulnerability called POODLEbleed is discovered.
This is discovered by google security researchers.

To simply say, attackers could be man-in-the-middle to view the content of the encrypted transmission.

you could try to use this online tool to test your web server The Poodlebleed Bug whether there is a vulnerability .

To mitigate this issue, you could disable SSL 3.0 support, or CBC-mode ciphers with SSL 3.0.
Or implement TLS Fallback Signaling Cipher Suite Value (SCSV) suggested by google researcher.

phpmyadmin disable root login

Sep 20

phpMyAdmin or MySQL WorkBench is the common tools to access MySQL.

To improve security, usually we may put the below line to disable root access ( $cfg['Servers'][$i]['AllowRoot'] = false;

For MySQL WorkBench, we may use SSH tunnel to access the database without need to open port 3306 to public.

common error for mysql replication (master-slave mode)

Jun 28

We tried mysql replication (master-slave mode) and we could share how to handle:

When the slave shutdown abnormally, there are few errors would be occurred:

Check the error using “show slave status\G”

Error1: The master DB keep inserting data but the slave DB is down

Error ‘Duplicate entry ’123′ for key ‘PRIMARY” on query. Default database: ‘DB’. Query: ‘insert into TABLE (name) values (’1111111′)’

Step1: could be fixed by adding a line to /etc/my.cnf
slave-skip-errors = 1062

Step2: restart the database
# /etc/init.d/mysqld restart

p.s. Only could skip duplicate entry, but may have data lost (assume your slave is readonly, it would be safe)

Error2: Table in slave database is corrupted

Error ‘Incorrect key file for table ‘./DB/TABLE.MYI’; try to repair it’ on query. Default database: ‘DB’. Query: ‘insert into TABLE(c1,c2) values (UUID(),’b')’

# repair table TABLE;
# show slave status\G;

Error3: The log file is corrupted

Last_SQL_Error: Relay log read failure: Could not parse relay log event entry.
The possible reasons are: the master’s binary log is corrupted (you can check this by running ‘mysqlbinlog’ on the binary log), the slave’s relay log is corrupted (you can check this by running ‘mysqlbinlog’ on the relay log), a network problem, or a bug in the master’s or slave’s MySQL code.

Step1: run “show slave status\G”
Find the line below:
Relay_Master_Log_File: binlog.000004

Exec_Master_Log_Pos: 13823

Step2: reset the log position and rerun the slave
# stop slave;
# change master to master_log_file=’binlog.000004‘, master_log_pos=13823
# start slave;
# show slave status\G;

vulnerability on openSSL – heartbleed

Apr 14

There is a vulnerability in OpenSSL version 1.0.1 and it was fixed on version 1.0.1g.

For older version of OpenSSL, it does not have the effect.

it has a wide range of affect because all service through TLS protocol would be affected. The most common use is https, ftp through TLS, email through TLS, etc.

To test whether your server hit the vulnerability, you could go to the below site to test:

2 common password methodology for login system

Feb 12

MD5 encryption

MD5 is very common and popular in the old days, some system may still use it.
MD5 is a one-way hash of the password and it has already been brute force attacked. Some websites provide you the way to reverse lookup and get back the original password from the hash.
if the password hashing use pure md5, it is regarded as not safe.

salt password

This is the most popular we found nowadays in most open source software. This is the enhanced version of one-way hashing to prevent brute force attack.
this is the most simple example of salt:
password = md5(password+salt)
p.s. some may use sha instead of md5 to improve the security

the trend of CDN

Nov 19

in the past, you had to upload the static content like image or static page to the CDN provider manually in order to enjoy the benefit of performance improvement for your site. Nowadays, you no longer need to do so.
What you have to do is to change your DNS setting, pointing your domain to CDN provider and then set the origin server on the CDN provider. So the flow look like this: —-> —->

so the CDN provider could help you to cache your server content and response to the public user directly. Amazon is one of the provider, for detail, you could look through the below link:
Amazon Cloudfront

However, Amazon does not have any detail document about the security protection, but you could look through another provider – cloudflare which could provide some kind of protection to your website.

However, you may need to understand the HTTP header, for example the cache control header: max-age, s-maxage
this could affect your cached content on the CDN provider.