免费ssl证书申请

到 http://www.wosign.com/Products/free_SSL.htm 申请免费的SSL证书。

下载www.iamle.com.zip文件,解压文件,找到for Nginx.zip解压,得到2个文件

1_www.iamle.com_bundle.crt ,2_www.iamle.com.key

改个名字www.iamle.com.crt,www.iamle.com.key传到服务器上备用

Nginx配置SSL证书部署https支持

找到对应的server

增加

listen          443 ssl;
ssl                     on;
ssl_certificate         /usr/local/nginx/conf/ssl/www.iamle.com.crt;
ssl_certificate_key     /usr/local/nginx/conf/ssl/www.iamle.com.key;
ssl_session_timeout     5m;
ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers             ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers       on;

 

重新载入nginx配置

[root@do ssl]# /etc/init.d/nginx  reload

浏览器信任的https://www.iamle.com 已经可用了~

 

 

补充

转换pfx为nginx需要的crt,key

如果已经有一个扩展名为pfx的证书,那么需要转换使用

[root@do ~]# openssl pkcs12 -in www.iamle.com.pfx -nocerts -nodes -out www.iamle.com.key
Enter Import Password: 输入证书密码
MAC verified OK

 

[root@do ~]# openssl pkcs12 -in www.iamle.com.pfx -clcerts -nokeys -out www.iamle.com.crt
Enter Import Password: 输入证书密码
MAC verified OK

 

生成2个文件 www.iamle.com.key , www.iamle.com.pfx 复制到你指定的目录

 

参考文献

http://nginx.org/en/docs/http/configuring_https_servers.html

编译安装配置

wget http://pecl.php.net/get/xhprof-0.9.4.tgz
tar zxvf xhprof-0.9.4.tgz 
cd xhprof-0.9.4
cd extension/
/usr/bin/phpize
./configure 
./configure --with-php-config=/usr/local/php/bin/php-config
make && make install
vim /usr/local/php/etc/php.ini

EOF<<<
[xhprof]
extension=xhprof.so;
xhprof.output_dir=/home/wwwroot/iamle.com/xhprof 
EOF

mkdir -p /home/wwwroot/iamle.com/xhprof
cd ..
cp -rv examples/ xhprof_html/ xhprof_lib/ /home/wwwroot/iamle.com/xhprof
/etc/init.d/php-fpm reload

例子用法

http://localhost/xhprof/examples/sample.php

http://localhost/xhprof/xhprof_html/index.php?run=5455f9208a2eb&source=xhprof_foo

xhprof的名词解释

Function Name 函数名
Calls 调用次数
Calls% 调用百分比
Incl. Wall Time (microsec) 调用的包括子函数所有花费时间 以微秒算(一百万分之一秒)
IWall% 调用的包括子函数所有花费时间的百分比
Excl. Wall Time (microsec) 函数执行本身花费的时间,不包括子树执行时间,以微秒算(一百万分之一秒)
EWall% 函数执行本身花费的时间的百分比,不包括子树执行时间
Incl. CPU(microsecs) 调用的包括子函数所有花费的cpu时间。减Incl. Wall Time即为等待cpu的时间
减Excl. Wall Time即为等待cpu的时间
ICpu% Incl. CPU(microsecs)的百分比
Excl. CPU(microsec) 函数执行本身花费的cpu时间,不包括子树执行时间,以微秒算(一百万分之一秒)。
ECPU% Excl. CPU(microsec)的百分比
Incl.MemUse(bytes) 包括子函数执行使用的内存。
IMemUse% Incl.MemUse(bytes)的百分比
Excl.MemUse(bytes) 函数执行本身内存,以字节算
EMemUse% Excl.MemUse(bytes)的百分比
Incl.PeakMemUse(bytes) Incl.MemUse的峰值
IPeakMemUse% Incl.PeakMemUse(bytes) 的峰值百分比
Excl.PeakMemUse(bytes) Excl.MemUse的峰值
EPeakMemUse% EMemUse% 峰值百分比

 

 

序言

前面搞 使用Sublime Text2来编辑Evernote(印象笔记) 发现st2的插件只能增加笔记,不能修改什么的,必须的st3

强烈的想用sublime text 用markdown书写文章,笔记什么的,顺便同步保存evernote

把用了1年多的sublime text2升级到了sublime text3最新版

Sublime text3安装插件 Evernote

安装支持插件

Preferences -> Package Control:Install Package ->  evernote

获得evernote api接口 Developer Tokens

Preferences -> Package Settings ->  Evernote -> Reconfigure Authorization

会在浏览器中打开 https://www.evernote.com/api/DeveloperToken.action

如果是中国区 印象笔记用户请直接打开  https://app.yinxiang.com/api/DeveloperToken.action

申请好Token

插件 Evernote配置

Preferences -> Package Settings ->  Evernote -> Settings – User

20141101173120

 

保存后就可以使用了

在Sublime Text3中用MarkDown写文章同步到Evernote

Tools -> Command Palette  -> evernote

20141102110030

 

更多使用说明请看

https://sublime.wbond.net/packages/Evernote

 

安装插件

sublime text2 安装插件 sublimeevernote

Preferences -> Package Control:Install Package ->  sublimeevernote

Tools -> Command Palette  -> Send to evernote  (PS:如果没有,就把sublime text2重启下)

20141101143516

Evernote api授权

20141101143657

复制网址到浏览器打开

(ps:如果是国内 印象笔记用户 ,把网址 www.evernote.com 换成 app.yinxiang.com)

授权后会回调到

http://127.0.0.1/?oauth_token=oparrish-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&oauth_verifier=25532B383E0Exxxxxxxxxxxxxx&sandbox_lnb=false

找到oauth_verifier=25532B383E0Exxxxxxxxxxxxxx

认证代码为:25532B383E0Exxxxxxxxxxxxxx

输入sublime text2中回车

20141101144452

现在就可以使用 send to evernote了

后话:

你妹的,搞完了才发现 只有 send to evernote啊!!!!!

st3才有Update Evernote Note,Open Evernote Note

要不要升级st3,插件是否兼容呢~~~

囧`

 

检查是否有 linux bash的ShellShock系列漏洞

ShellShock系列漏洞包含有

CVE-2014-6271

CVE-2014-7169

CVE-2014-7186

CVE-2014-7187

CVE-2014-6277

CVE-2014-6278

 

检查是否有ShellShock系列漏洞

wget --no-check-certificate  https://github.com/hannob/bashcheck/raw/master/bashcheck;sh bashcheck

有漏洞显示为

shellshock20141011151023

 

检查方式任选1

检查方式1

在 bash 中输入如下命令可以检测是否受影响:如果显示You are vulnerable,很遗憾,必须立即打上安全补丁修复

env t='() { :;}; echo You are vulnerable.' bash -c "true"

检查方式2

在 bash 中输入如下命令可以检测是否受影响:如输出 vulnerable,很遗憾,必须立即打上安全补丁修复

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

 

修复bash ShellShock系列漏洞

包管理器更新bash版本即可

yum -y update bash;/sbin/ldconfig;rpm -qa -changelog bash  | grep "2014"

修复后检查

sh bashcheck

 

shellshock20141011151102

参考

Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271)

Resolution for Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271) in Red Hat Enterprise Linux

CVE-2014-6271: remote code execution through bash

Bash 远程任意代码执行安全漏洞(最严重漏洞)

流传的移除XSS攻击的php函数

The goal of this function is to be a generic function that can be used to parse almost any input and render it XSS safe. For more information on actual XSS attacks, check out http://ha.ckers.org/xss.html. Another excellent site is the XSS Database which details each attack and how it works.

<?php
/**
 * Usage: Run *every* variable passed in through it.
 * The goal of this function is to be a generic function that can be used to
 * parse almost any input and render it XSS safe. For more information on
 * actual XSS attacks, check out http://ha.ckers.org/xss.html. Another
 * excellent site is the XSS Database which details each attack and how it
 * works.
 *
 * Used with permission by the author.
 * URL: http://quickwired.com/smallprojects/php_xss_filter_function.php
 *
 * License:
 * This code is public domain, you are free to do whatever you want with it,
 * including adding it to your own project which can be under any license.
 *
 * $Id: RemoveXSS.php 2663 2007-11-05 09:22:23Z ingmars $
 *
 * @author	Travis Puderbaugh <kallahar@quickwired.com>
 * @package RemoveXSS
 */
class RemoveXSS {

	/**
	 * Wrapper for the RemoveXSS function.
	 * Removes potential XSS code from an input string.
	 *
	 * Using an external class by Travis Puderbaugh <kallahar@quickwired.com>
	 *
	 * @param	string		Input string
	 * @return	string		Input string with potential XSS code removed
	 */
	function RemoveXSS($val)	{
		// remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed
		// this prevents some character re-spacing such as <java\0script>
		// note that you have to handle splits with \n, \r, and \t later since they *are* allowed in some inputs
		$val = preg_replace('/([\x00-\x08][\x0b-\x0c][\x0e-\x20])/', '', $val);

		// straight replacements, the user should never need these since they're normal characters
		// this prevents like <IMG SRC=&#X40&#X61&#X76&#X61&#X73&#X63&#X72&#X69&#X70&#X74&#X3A&#X61&#X6C&#X65&#X72&#X74&#X28&#X27&#X58&#X53&#X53&#X27&#X29>
		$search = 'abcdefghijklmnopqrstuvwxyz';
		$search.= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
		$search.= '1234567890!@#$%^&*()';
		$search.= '~`";:?+/={}[]-_|\'\\';

		for ($i = 0; $i < strlen($search); $i++) {
			// ;? matches the ;, which is optional
			// 0{0,7} matches any padded zeros, which are optional and go up to 8 chars

			// &#x0040 @ search for the hex values
			$val = preg_replace('/(&#[x|X]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); // with a ;
			// &#00064 @ 0{0,7} matches '0' zero to seven times
			$val = preg_replace('/(&#0{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ;
		}

		// now the only remaining whitespace attacks are \t, \n, and \r
		$ra1 = array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base');
		$ra2 = array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload');
		$ra = array_merge($ra1, $ra2);

		$found = true; // keep replacing as long as the previous round replaced something
		while ($found == true) {
			$val_before = $val;
			for ($i = 0; $i < sizeof($ra); $i++) {
				$pattern = '/';
				for ($j = 0; $j < strlen($ra[$i]); $j++) {
					if ($j > 0) {
						$pattern .= '(';
						$pattern .= '(&#[x|X]0{0,8}([9][a][b]);?)?';
						$pattern .= '|(&#0{0,8}([9][10][13]);?)?';
						$pattern .= ')?';
					}
					$pattern .= $ra[$i][$j];
				}
				$pattern .= '/i';
				$replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2); // add in <> to nerf the tag
				$val = preg_replace($pattern, $replacement, $val); // filter out the hex tags
				if ($val_before == $val) {
					// no replacements were made, so exit the loop
					$found = false;
				}
			}
		}

		return $val;
	}
}

?>

 

Discuz系统中 防止XSS漏洞攻击,过滤HTML危险标签属性的PHP函数

//屏蔽html
function checkhtml($html) {
	$html = stripslashes($html);
	if(!checkperm('allowhtml')) {

		preg_match_all("/<([^<]+)>/is", $html, $ms);

		$searchs[] = '<';
		$replaces[] = '<';
		$searchs[] = '>';
		$replaces[] = '>';

		if($ms[1]) {
			$allowtags = 'img|a|font|div|table|tbody|caption|tr|td|th|br
						|p|b|strong|i|u|em|span|ol|ul|li|blockquote
						|object|param|embed';//允许的标签
			$ms[1] = array_unique($ms[1]);
			foreach ($ms[1] as $value) {
				$searchs[] = "<".$value.">";
				$value = shtmlspecialchars($value);
				$value = str_replace(array('\','/*'), array('.','/.'), $value);
				$skipkeys = array(
						'onabort','onactivate','onafterprint','onafterupdate',
						'onbeforeactivate','onbeforecopy','onbeforecut',
						'onbeforedeactivate','onbeforeeditfocus','onbeforepaste',
						'onbeforeprint','onbeforeunload','onbeforeupdate',
						'onblur','onbounce','oncellchange','onchange',
						'onclick','oncontextmenu','oncontrolselect',
						'oncopy','oncut','ondataavailable',
						'ondatasetchanged','ondatasetcomplete','ondblclick',
						'ondeactivate','ondrag','ondragend',
						'ondragenter','ondragleave','ondragover',
						'ondragstart','ondrop','onerror','onerrorupdate',
						'onfilterchange','onfinish','onfocus','onfocusin',
						'onfocusout','onhelp','onkeydown','onkeypress',
						'onkeyup','onlayoutcomplete','onload',
						'onlosecapture','onmousedown','onmouseenter',
						'onmouseleave','onmousemove','onmouseout',
						'onmouseover','onmouseup','onmousewheel',
						'onmove','onmoveend','onmovestart','onpaste',
						'onpropertychange','onreadystatechange','onreset',
						'onresize','onresizeend','onresizestart',
						'onrowenter','onrowexit','onrowsdelete',
						'onrowsinserted','onscroll','onselect',
						'onselectionchange','onselectstart','onstart',
						'onstop','onsubmit','onunload','javascript',
						'script','eval','behaviour','expression',
						'style','class'
					);
				$skipstr = implode('|', $skipkeys);
				$value = preg_replace(array("/($skipstr)/i"), '.', $value);
				if(!preg_match("/^[/|s]?($allowtags)(s+|$)/is", $value)) {
					$value = '';
				}
				$replaces[] = empty($value)?'':"<".str_replace('"', '"', $value).">";
			}
		}
		$html = str_replace($searchs, $replaces, $html);
	}
	$html = addslashes($html);

	return $html;
}