WordPress Themes SEO Rating

If you use WordPress for a Blog and you think about a Theme Change for a new Look you should now some points:

  • Check new Themes for available Updates
  • Check new Theme for User Feedback
  • Check new Theme how often its downloaded, if often used Search Engines can handle the code
  • Check the new Theme some Weeks and control active the Ranking on Search Engines (like Webmaster Tools), cause bad readable Code is ranked down or broken internal links and bookmarks can forward robots into nirvana
  • Check the new Theme on various Browsers, Opera, Chrome, Firefox, IE, Mobile Browsers and Check Mobile Browsers on „Desktop View“
  • Check the Theme on various Screen width, Menu Handling, and test Browsers with disabled Java Script for barrier free handling and disabled Webfonts
  • Check the load Time with Browsers Analytics Tools, compress Code, Reduce Image Size
  • Check for Sitemaps and RSS Feeds
  • Check the Site on HTTPS, redirect HTTP to HTTPS!!

Goodby Smartphones

Today iam going offline with any of my Smarthones for Testing.

Why?

  • all current Smartphones based on nonfree Hard and Software
  • less patched
  • Hackers can remote force install Trojans as Updates (especially Stores by gov order)
  • non rooted devices are black boxes
  • rooted Images or Tools as Workarounds are often not published in which way the System OS is broken down, Hackers don’t work nonprofit !
  • Linux Laptops usage is often easier and much safer, you have full control and can run security tools to monitor
  • Apps for free do always call home at background
  • can’t control active background jobs and what they calc
  • can’t disable the USB Port for attacks or memory access
  • don’t know possibility about scanning data from active chips thru magnetic fields like RFID
  • fingerprint or biometric sensors are really nonsense
  • Smartphones don’t allow to edit the MAC Addresses of your device it’s like a Chassis Number of your CAR!!
  • .. and much more

When you can’t power down or prevent usage of your Smartphone then:

  • don’t leave it alone at any places
  • don’t use public wifi networks, cause attackers can take over wifi requests „man in the middle“
  • don’t use GPS
  • don’t use Whatsa. and fb, twitt. and other social media tools
  • factory reset monthly, better weekly, restore from sdcard by backup tools from first day
  • disconnect Data Transfer Option after use, safes battery too
  • blind all camera lenses, can be activated remote
  • put it into a Metal box to carry it in your Pockets, iron cage against magnetic fields
  • use often the flight mode to go offline for longer times
  • stick on a privacy guard on screen
  • use prepaid cards, change them from time to time
  • use SFTP with key auth always to sync data to you private internet space
  • from a other blog destroy the microphone cables inside and phone by a bluetooth headset with microphone
  • prefer less apps and select apps which the mainstream don’t use cause Attackers prefer Mainstream Apps to hack
  • DON’T forget to disable/switch  Wifi to LTE if BOTH active Google can LOCATE you by LTE and known public WIFI Accesspoints WITHOUT GPS!!!

.. step back use a old mobile phone for seniors 20$.. or use Linux Smartphones..

Remark :

  • iam not paranoid but if you read some blogs you will recognize that everything is used to break your privacy daily
  • security company’s offer services to everybody who pay’s the highest prices against laws in every way too..

Openwrt dmesg human timestamp

To viel on busybox dmesg with human readable time for debug do:

$vi /root/dmesg.sh

insert:
base=$(cut -d '.' -f1 /proc/uptime);
seconds=$(date +%s); 
dmesg | sed 's/\]//;s/\[//;s/\([^.]\)\.\([^ ]*\)\(.*\)/\1\n\3/' | 
while read first; do 
read second; 
first=`date +"%d/%m/%Y %H:%M:%S" --date="@$(($seconds - $base + $first))"`;
printf "[%s] %s\n" "$first" "$second"; 
done 
exit 0

run it sh dmesg.sh..

System Echo:

...
[16/03/2018 14:55:18] br-lan: port 3(wlan1) entered blocking state
[16/03/2018 14:55:18] br-lan: port 3(wlan1) entered disabled state
[16/03/2018 14:55:18] device wlan1 entered promiscuous mode
[16/03/2018 14:55:18] br-lan: port 3(wlan1) entered blocking state
[16/03/2018 14:55:18] br-lan: port 3(wlan1) entered forwarding state
[16/03/2018 14:55:19] br-lan: port 2(wlan0) entered blocking state
[16/03/2018 14:55:19] br-lan: port 2(wlan0) entered forwarding state
[16/03/2018 15:34:17] device wlan1 left promiscuous mode
[16/03/2018 15:34:17] br-lan: port 3(wlan1) entered disabled state
[16/03/2018 15:34:17] device wlan0 left promiscuous mode
[16/03/2018 15:34:17] br-lan: port 2(wlan0) entered disabled state
[16/03/2018 15:34:24] br-lan: port 2(wlan0) entered blocking state
[16/03/2018 15:34:24] br-lan: port 2(wlan0) entered disabled state
[16/03/2018 15:34:24] device wlan0 entered promiscuous mode
[16/03/2018 15:34:24] br-lan: port 3(wlan1) entered blocking state
[16/03/2018 15:34:24] br-lan: port 3(wlan1) entered disabled state
[16/03/2018 15:34:24] device wlan1 entered promiscuous mode
[16/03/2018 15:34:24] br-lan: port 3(wlan1) entered blocking state
[16/03/2018 15:34:24] br-lan: port 3(wlan1) entered forwarding state
[16/03/2018 15:34:25] br-lan: port 2(wlan0) entered blocking state
[16/03/2018 15:34:25] br-lan: port 2(wlan0) entered forwarding state
...

Apache MEMCACHED UDP Protection

Current a lot of sites blogging about memcached attacks on Servers here some details:

  • Memcached Servers need a installed and running Service called „memcached“
  • Websites need a php-plugin like php7.0-memcached to connect via API to the memcached Service
  • The Memcached Service uses a own Config File at debian /etc/memcached.conf
  • By default it MUST listen to localhost or socket
  • Admins MUST setup a FIREWALL like „ufw“ (iptables) and MUST check own Server for OPEN PORTS with nmap
  • The Problem is that Attackers can run Scripts against to your Server in a 10^6 Range like a BOTNET !! with ONE PC cause MEMCACHED supports this high count of REQUESTS without going down.
  • DO NEVER HOLD CONFIDENTIAL DATA ON WEBSERVERS!!!

Test to open Port using nmap Port Scan with UDP Option NOT TCP:

sudo nmap -sU -p 11211 www.myserver.xyz

If the scan echo this YOU MUST check or install a FIREWALL!:
Host is up (0.10s latency).
PORT      STATE         SERVICE
11211/udp open|filtered unknown

if Echo shows this you are safe:
PORT      STATE    SERVICE
11211/udp filtered unknown

check your current Apache PHP Modules:

$sudo php -m

if memcached listed, the php api is active time to check more..

check for memcached service:

$sudo dpkg -l |grep mem

is memcached listed the service is installed, then do:
$sudo ps aux|grep mem

if the echo shows:
memcache ... /usr/bin/memcached -m 64 -p 11211 -u memcache -l 127.0.0.1 -P /var/run/memcached/memcached.pid

the Service is active an listening..

Sample Config:
/etc/memcached.conf

# memcached default config file
# 2003 - Jay Bonci <jaybonci@debian.org>
# This configuration file is read by the start-memcached script provided as
# part of the Debian GNU/Linux distribution.
# Run memcached as a daemon. This command is implied, and is not needed for the
# daemon to run. See the README.Debian that comes with this package for more
# information.
-d
# Log memcached's output to /var/log/memcached
logfile /var/log/memcached.log
# Be verbose
-v
# Be even more verbose (print client commands as well)
-vv
# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default
# Note that the daemon will grow to this size, but does not start out holding this much
# memory
-m 128
# Default connection port is 11211
-p 11211
# Run the daemon as root. The start-memcached will default to running as root if no
# -u command is present in this config file
-u memcache
# Specify which IP address to listen on. The default is to listen on all IP addresses
# This parameter is one of the only security measures that memcached has, so make sure
# it's listening on a firewalled interface.
-l 127.0.0.1
# Limit the number of simultaneous incoming connections. The daemon default is 1024
-c 300
# Lock down all paged memory. Consult with the README and homepage before you do this
# -k
# Return error when memory is exhausted (rather than removing items)
-M
# Maximize core file limit
# -r
# Use a pidfile
-P /var/run/memcached/memcached.pid

Setup Firewall (ufw):

$sudo apt-get install ufw
$sudo ufw allow 80/tcp
$sudo ufw allow 443/tcp
$sudo ufw enable

Retest with NMAP Port Scan your OPEN Ports! Do this monthly! Cause sometimes the Firewall can have unknown Problems!!

Check the Memcached Log at /var/log/memcached.log for Events

Openmips Enigma2 restart cron Gigablue

If you use a Gigablue SAT Box,after some weeks enigma2 will hang up:

edit root crontab:

$crontab -e

insert:
0 1 * * *   killall -9 enigma2 && sleep 5 && init 3 && /etc/init.d/samba restart
5 1 * * *   wget -O /dev/null -q "IP-OF-GIGA-Box/web/powerstate?newstate=0&type=0"

This will restart enigma2 Service, Samba and Webinterface too! Then Enigma is set to Standby!
That kodi can access the TV Bookmarks to view TV over LAN! If Standby is not set Kodi hangs!

LEDE OPENWRT WIFI USB SETUP

Test Setup

  • Futro S500 with USB Wifi Dongle Realtek RTL8192CU
  • PCI Riser Card with Realtek Gigabit
  • LEDE 17.XX Trunk Kernel 4.14
  • Download latest Version from openwrt.org select x86/64
  • extract the compressed image (*ext4*img.gz) and dump it with „dd“ to CF-Card 1GB

Sample for Clean Setup like TP-Link Router Firmware:

You need to install this packages by „opkg update && opkg install package name && reboot“:


base-files - 184-r6198-ba5f700
busybox - 1.27.2-3
dnsmasq - 2.79rc1-1
dropbear - 2017.75-5
e2fsprogs - 1.43.7-1
firewall - 2017-11-07-c4309372-2
fstools - 2018-02-11-3d239815-1
fwtool - 1
hostapd - 2017-08-24-c2d4f2eb-6
hostapd-common - 2017-08-24-c2d4f2eb-6
hostapd-utils - 2017-08-24-c2d4f2eb-6
iftop - 2017-02-06-35af3cf6-1
ip6tables - 1.6.1-2
iptables - 1.6.1-2
iw - 4.9-1
iwinfo - 2018-02-15-223e09bf-1
jshn - 2018-02-08-bb0c830b-1
jsonfilter - 2016-07-02-dea067ad-1
kernel - 4.14.20-1-eb9f2f64337015eea1a75123f71f272a
kmod-button-hotplug - 4.14.20-3
kmod-cfg80211 - 4.14.20+2017-11-01-4
kmod-e1000 - 4.14.20-1
kmod-e1000e - 4.14.20-1
kmod-hwmon-core - 4.14.20-1
kmod-i2c-algo-bit - 4.14.20-1
kmod-i2c-core - 4.14.20-1
kmod-igb - 4.14.20-1
kmod-input-core - 4.14.20-1
kmod-ip6tables - 4.14.20-1
kmod-ipt-conntrack - 4.14.20-1
kmod-ipt-core - 4.14.20-1
kmod-ipt-nat - 4.14.20-1
kmod-lib-crc-ccitt - 4.14.20-1
kmod-mac80211 - 4.14.20+2017-11-01-4
kmod-mii - 4.14.20-1
kmod-nf-conntrack - 4.14.20-1
kmod-nf-conntrack6 - 4.14.20-1
kmod-nf-ipt - 4.14.20-1
kmod-nf-ipt6 - 4.14.20-1
kmod-nf-nat - 4.14.20-1
kmod-nf-reject - 4.14.20-1
kmod-nf-reject6 - 4.14.20-1
kmod-nls-base - 4.14.20-1
kmod-ppp - 4.14.20-1
kmod-pppoe - 4.14.20-1
kmod-pppox - 4.14.20-1
kmod-pps - 4.14.20-1
kmod-ptp - 4.14.20-1
kmod-r8169 - 4.14.20-1
kmod-rtl8192c-common - 4.14.20+2017-11-01-4
kmod-rtl8192cu - 4.14.20+2017-11-01-4
kmod-rtlwifi - 4.14.20+2017-11-01-4
kmod-rtlwifi-usb - 4.14.20+2017-11-01-4
kmod-slhc - 4.14.20-1
kmod-usb-core - 4.14.20-1
kmod-usb-ehci - 4.14.20-1
kmod-usb-uhci - 4.14.20-1
kmod-usb-wdm - 4.14.20-1
kmod-usb2 - 4.14.20-1
kmod-usb2-pci - 4.14.20-1
lede-keyring - 2017-01-20-a50b7529-1
libblkid - 2.30.2-2
libblobmsg-json - 2018-02-08-bb0c830b-1
libc - 1.1.18-1
libext2fs - 1.43.7-1
libf2fs - 1.9.0-1
libgcc - 5.5.0-1
libip4tc - 1.6.1-2
libip6tc - 1.6.1-2
libiwinfo - 2018-02-15-223e09bf-1
libiwinfo-lua - 2018-02-15-223e09bf-1
libjson-c - 0.12.1-1
libjson-script - 2018-02-08-bb0c830b-1
libkmod - 20-1
liblua - 5.1.5-1
libmbedtls - 2.7.0-1
libncurses - 6.0-1
libnl-tiny - 0.1-5
libpcap - 1.8.1-1
libpthread - 1.1.18-1
librt - 1.1.18-1
libsmartcols - 2.30.2-2
libubox - 2018-02-08-bb0c830b-1
libubus - 2018-01-16-5bae22eb-1
libubus-lua - 2018-01-16-5bae22eb-1
libuci - 2018-01-01-5beb95da-1
libuci-lua - 2018-01-01-5beb95da-1
libuclient - 2017-11-02-4b87d831-1
libusb-1.0 - 1.0.21-1
libustream-mbedtls - 2016-07-02-ec80adaa-2
libuuid - 2.30.2-2
libxtables - 1.6.1-2
logd - 2018-02-14-128bc35f-1
lua - 5.1.5-1
luci - git-18.047.57952-461df8b-1
luci-app-firewall - git-18.047.57952-461df8b-1
luci-base - git-18.047.57952-461df8b-1
luci-lib-ip - git-18.047.57952-461df8b-1
luci-lib-jsonc - git-18.047.57952-461df8b-1
luci-lib-nixio - git-18.047.57952-461df8b-1
luci-mod-admin-full - git-18.047.57952-461df8b-1
luci-proto-ipv6 - git-18.047.57952-461df8b-1
luci-proto-ppp - git-18.047.57952-461df8b-1
luci-ssl - git-18.047.57952-461df8b-1
luci-theme-bootstrap - git-18.047.57952-461df8b-1
mkf2fs - 1.9.0-1
mtd - 21
netifd - 2018-02-05-1be329c6-3
odhcp6c - 2017-09-05-1f93bd4c-8
odhcpd-ipv6only - 1.3-1
opkg - 2017-12-07-3b417b9f-2
partx-utils - 2.30.2-2
pciutils - 3.5.6-1
ppp - 2.4.7-12
ppp-mod-pppoe - 2.4.7-12
procd - 2018-01-23-653629f1-2
px5g-mbedtls - 4
r8169-firmware - 2017-09-06-a61ac5cf-1
rpcd - 2017-12-07-cfe1e75c-1
rpcd-mod-rrdns - 20170710
rtl8192cu-firmware - 2017-09-06-a61ac5cf-1
terminfo - 6.0-1
ubox - 2018-02-14-128bc35f-1
ubus - 2018-01-16-5bae22eb-1
ubusd - 2018-01-16-5bae22eb-1
uci - 2018-01-01-5beb95da-1
uclient-fetch - 2017-11-02-4b87d831-1
uhttpd - 2017-11-04-a235636a-1
uhttpd-mod-ubus - 2017-11-04-a235636a-1
usbutils - 007-7
usign - 2015-07-04-ef641914-1
wireless-regdb - 2017-10-20-4343d359
wpa-supplicant - 2017-08-24-c2d4f2eb-6
zlib - 1.2.11-2

  • To Test if the System see successful the Dongle enter on console „lsusb“ and „lsmod |grep 81“
  • Login on on LAN port via Cable open Admin Website (LUCI) to https://192.168.1.1
  • If Wifi doesnt work then a package is missed like hostapd or wpa-supplicant
  • Kernel will post NO ERRORS on Log if packages are missed !!