Tag Archives: security

AWS, a new comer’s views

As an IT professional it can be a daunting task trying to keep up with new technologies. A lot of job specifications I’ve seen have asked for Amazon or other cloud experience, so I decided it was time I had a look!

Previously I’ve administered several virtual servers hosted by hosting companies, all of which can be classed as cloud computing, given that the machine doesn’t actually exist and all of the processing is done “in the cloud”, so what are my initial thoughts having delved into AWS for the first time?

Mainly how easy it is to get started! The interface certainly looks daunting, though I managed to get a virtual server up and running on the EC2 (Elastic cloud computing) service in less than 10 minutes! And what’s better, they provide a modest machine known as a t2.micro, absolutely free of charge for the first year!

Delving a little deeper, following Ryan Kroonenberg’s “AWS Certified Developer 2016” course on Udacity, (https://www.udemy.com/aws-certified-developer-associate/) I was surprised by how easy it all was! I even manged to get a load balancer set up, linked to an EC2 server, and managed to Link to the Tomcat server seamlessly from Netbeans! And it was still free! (So long as you pick the right machine…) Admittedly the choice of course was biased towards getting certified rather than actually learning AWS, but it provides an excellent starting point!

Having developed an idea for a future Android app, the environment looks like the perfect place to host the back end processing given it’s scalable nature and high availability. Plus it will earn me some brownie points for the CV! Watch this space for details of the App in the future!

Two weeks to update?

So what are my thoughts on WordPress now I’ve had it installed for two weeks? Make sure you set the ownership of the installation correctly!

Given the need to ensure any software visible to the internet at large is as secure as possible, updates should be applied as soon as they are available to ensure any bugs and vulnerabilities are patched.

So, having installed my copy of WordPress, one of the first things I looked at was how to make sure I could easily update the software. Thankfully, WordPress provide an easy way to update the software through the integrated dashboard. Though clicking revealed I required an FTP server running on the web server to perform the updates? Not keen on setting up and FTP server on my production server, I put off the update until I had an afternoon free to install a server and get the updates carried out.

Following the Ubuntu Documentation’s suggestion of installing vsftpd (https://help.ubuntu.com/lts/serverguide/ftp-server.html) I went on to add a user whose home account was set to the directory I’d installed WordPress, to enable the files to be directed to the right place. Changing the owner of the files, I carried out the updates and then wondered why exactly they felt the need to force users to install an FTP server to carry out the updates?

Needless to day, A quick search lead me to a topic that had already discussed the issue… http://stackoverflow.com/questions/640409/can-i-install-update-wordpress-plugins-without-providing-ftp-access revealed that WordPress will only attempt to upgrade over FTP when the web server tries and fails to write to the /wp-content directory! I had already disabled the FTP server and blocked the ports again, though lesson learned: Make sure file permissions and ownership are set properly from the start!