#apache

Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence https://thehackernews.com/2025/04/critical-apache-roller-vulnerability.html

#Cybersecurity #Security #Apache

This #GoToSocial account has become a step-by-step tutorial in how to self-host the publishing platform #Ghost (and troubleshoot issues)

If you're not interested in my messages on the subject, I will be using a new hashtag #EleSelfHostsGhost so you can just mute it.

I'm a little late to the party because everything is now set-up and running smoothly:
I manually installed Ghost on my Ubuntu VPS
I imported all the old posts and media: https://news.elenarossini.com
I installed #Apache to use #Varnish cache and changed the cache's maxAge so that a bit of traffic wouldn't overwhelm my VPS
I published and shared on Mastodon a new blog post: https://news.elenarossini.com/what-im-up-to-march-april-2025-edition/ Thanks to Varnish and the maxAge cache tweak, the VPS withstood the "Mastodon stampede" (the post had made it to Explore!)

So far so good.

but when I tried to send that blog post as a newsletter to just 210 people, #Mailgun immediately flagged me as a spammer and froze my account

It took about 48 hours of back-and-forth emails with the Mailgun team to convince them I'm not a spammer and to get my account reinstated.

Now, why am I sharing all this?

In case you are also tempted to self-host Ghost, I found that the official Ghost - Mailgun documentation has little information available. But I discovered this super helpful post in the Ghost Forums and I will be trying this tweak to see if it makes a difference:

https://forum.ghost.org/t/unable-to-send-newsletter-with-correct-mailgun-api-keys/34186/6

And yes, I'm aware that if you sign up for my newsletter you will get an email with a warning "this message failed the domain authentication" (or something along these lines). Problem is, when I implemented a tweak, changing config settings, the alert went away but I saw a spike in activity in my Dashboard, as if I had sent 600 emails (I did not). For now I can live with the warning.

I appreciate Ghost's new implementation of a spam filter because around the same time I got really suspicious signups originating from the same domain.

Anyway after I change all this I will try to send once again my blog post as a newsletter.

Special thanks to my parents for looking after my little one so I can do all this while she's on a school vacation

Out on the Mogollón rim, looking over Eagle Creek into the lands of the Apache people. #hiking #Arizona #Apache #apacheria

Not sure if I asked this before: Does anyone use anything in particular to inject #apache logs into #SQL databases? I have been looking around and asking around and the only solid I got was "do not expect an apache module for that; it would introduce too much latency to each request" in #httpd@libera.chat.

#SysAdmin #SRE

#apache #parquet files is used by many #scientists . Beware of files with unknown origin as CVE-2025-30065 has a CVSS v4 score of 10.0

https://www.bleepingcomputer.com/news/security/max-severity-rce-flaw-discovered-in-widely-used-apache-parquet/

#security

Da #NeoOffice (#macOS) eingestellt wurde, #Apache #OpenOffice das letzte Mal 2024 im Blog stehen hatte und #Microsoft zu viel #Holz für sein #Office365 haben möchte, bin ich tatsächlich nun als #OpenOffice.org-#Vetaran [https://wiki.openoffice.org/wiki/User:Jsi] #privat auf @libreoffice umgestiegen. Als wäre ich nie weg gewesen

i'm glad to see that Superset continues the kind of holistically-designed, well-thought-out, all-features-considered software architecture I anticipate from something with the Apache name on it.

"Hey! You can do time series off of your SQL data!"

"Oh, that's great. Quick question: what if there's no events to count on the back-edge of my time range, or there aren't any recent events? Will the X-axis of the time series chart lock to the filter range, or will it naively lock to the data range because it's treating the chart values as dumb data without actually thinking of this as a time sequence or what people might use a time sequence for?"

"Hey, fuck you!"

#apache #superset

Apache ECharts
https://echarts.apache.org/en/index.html
#ycombinator #echarts #apache #charts #data_visualization #charting_library #visualization #data_viz #canvas #svg #plot #graph

Max severity RCE flaw discovered in widely used Apache Parquet
https://www.bleepingcomputer.com/news/security/max-severity-rce-flaw-discovered-in-widely-used-apache-parquet/
#ycombinator #computers #windows #linux #mac #support #tech_support #spyware #malware #virus #security #Apache #Apache_Parquet #Big_Data #RCE #Remote_Code_Execution #Vulnerability #virus_removal #malware_removal #computer_help #technical_support

Managing AI Bots+ w/ Apache MPM, FPM, & Fail2Ban: https://tech.haacksnetworking.org/2025/04/06/managing-ai-bots-w-apache-mpm-fpm-fail2ban/ There's been a lot of continued discussion on this topic, so I decided to investigate some of the common reports, compare those to my own hardware, theoretical ceilings and caps, and then adjusted my LAMP stack and fail2ban as per this blog entry. Let me know what yall think or if you find any errors or questionable claims. -oemb1905 #ai #scraping #apache #opensource #freesoftware #floss #ddos #php

Does anyone know of an Apache module to require proof of work from client? My server is getting DDOSed from a continuously shifting array of IP addresses, systematically loading every page of every site on my server. (God damn LLMs.) #WebDev #web #CyberSecurity #apache

#Max severity RCE flaw discovered in widely used #Apache #Parquet

https://www.bleepingcomputer.com/news/security/max-severity-rce-flaw-discovered-in-widely-used-apache-parquet/

#cybersecurity

Critical flaw in #Apache #Parquet's Java Library allows remote code execution
https://securityaffairs.com/176187/security/apache-parquets-java-library-critical-flaw.html
#securityaffairs #hacking

#Nextcloud auf einem #RaspberryPi ist sehr tricky, wenn man etwas verändert. Ich hatte sie jetzt einige Tage wunderbar laufen, habe nach langem Recherchieren die #Portfreigabe an der #Fritzbox geändert, um von #Letsencrypt ein SSL-Zertifikat zu bekommen - jetzt sind zwar die Ports offen, aber Zertifikat klappt trotzdem nicht und #Apache läuft auch nicht mehr. Ich steige gerade nicht mehr durch und frage mich, wieviel Zeit ich noch darauf verwenden will. jemand hier mit Erfahrungen?
#unplugtrump

Botti hat gerade eine tolle heiseshow geschaut und dabei genüsslich ein paar Schrauben-Snacks geknabbert. Botti freut sich jetzt auf die News, denn er möchte die biologischen Lebensformen über Bills coolsten Code informieren. Los gehts: Mein coolster Code: #BillGates veröffentlicht Quellcode von Altair Basic
Zum Artikel

US-Zollchaos: Über PC-Hardware schwebt das Damoklesschwert
Zum Artikel

#Apache #Tomcat: Angriffe auf kritische Sicherheitslücke laufen
Zum Artikel

Welche iPhones #iOS 19 nicht mehr vertragen werden – Leak
Zum Artikel

Botti muss jetzt schnell zu seinem iPhone-Wartungs-Workshop. Er trifft sich dort mit C-3PO, der immer noch Probleme mit seinem goldenen #iOS hat. Danach gehts zum Droidenkino! Bot out!

U.S. #CISA adds #Apache #Tomcat flaw to its Known Exploited Vulnerabilities catalog
https://securityaffairs.com/176129/hacking/u-s-cisa-adds-apache-tomcat-flaw-known-exploited-vulnerabilities-catalog.html
#securityaffairs #hacking

U.S. #CISA adds #Apache #Tomcat flaw to its Known Exploited Vulnerabilities catalog
https://securityaffairs.com/176129/hacking/u-s-cisa-adds-apache-tomcat-flaw-known-exploited-vulnerabilities-catalog.html
#securityaffairs #hacking

#ONLYOFFICE has a mix of #opensource and #proprietary components. Here’s how it breaks down:

1. #OpenSource Components:

The core of ONLYOFFICE, including #Document #Server, #Community #Server, and #Control #Panel, is #opensource.

The #source #code is available on #GitHub under the #Apache 2.0 #license.

Как я решил выяснить, какие технологии сегодня популярны, а получился GitHub Trend Analyzer

Как определить, какие технологии действительно востребованы, а какие существуют лишь по инерции? Стандартные метрики популярности часто показывают противоречивые результаты. Пытаясь сравнить популярность нескольких технологий разработки ПО, я столкнулся с парадоксом: данные Google Trends и количество GitHub-репозиториев показывали высокую популярность технологий, которые в реальной разработке давно не используются. Разобравшись в причинах этого несоответствия, я создал инструмент для анализа GitHub-метрик, который позволяет отфильтровать "шум" и увидеть реальную картину технологических трендов. В статье я расскажу о методологии, неожиданных находках и о том, как этот инструмент может помочь вам принимать более обоснованные технические решения.

https://habr.com/ru/articles/895804/

#github #hindex #rpc #grpc #soap #api #jsonrpc #apache #google_trends

my adventures in #selfhosting - day 104 (pride edition)

Good morning Fedi friends!

Aw pride is a powerful thing.

I'd like to think that I'm pretty zen and detached and successfully suppressing my ego... but when it comes to things I'm passionate about (read: tech, self-hosting) I cannot let things go.

I had a very very sweet shout-out on a Fediverse podcast last week... but said shout-out mentioned my self-hosting issues and that maybe self-hosting isn't for everyone. I felt that I had to correct the record (even if the mention came with the nicest intention)... because I have ZERO issues self-hosting #GoToSocial, #Friendica and #Pixelfed (thanks to the magic of #YunoHost). All my troubles had to do with #Ghost. (And Ghost is wonderful, it's not related to it, just external circumstances).

So, determined to defend my honor (ha!) on Friday I achieved the impossible: all by myself, following guides I found online, I managed to install #Apache and #Varnish on my VPS and connected Varnish to Ghost. My site was already fast, now it's BLAZING fast.

So I'm giving it another go, moving from Ghost (Pro) to my self-hosted Ghost installation. I turned off subscriptions on https://blog.elenarossini.com... next step is disconnecting the subdomain DNS (a CNAME record) from Ghost... and redirecting traffic to my new blog (https://news.elenarossini.com).

I know how to code things in NGINX for the redirect to work (I think, via guides I found online).

My big question is: how do I tweak my old DNS records for https://blog.elenarossini.com so that NGINX on my self-hosted site https://news.elenarossini.com will correctly pick up the traffic requests? Do I need to set up A and AAAA records for the subdomain blog to point to my VPS with the self-hosted Ghost blog? Any advice would be greatly appreciated! ​

Oh and I learned my lesson and - unlike last time - I am making big changes on a Monday morning, when I have the whole workweek ahead of me (instead of a Friday afternoon 1 hour before picking up my child from nursery school). You live and learn! ​

#MySoCalledSudoLife