Error message

Deprecated function: Creation of dynamic property BotchaFormNone::$id is deprecated in BotchaFormNone->__construct() (line 214 of /home/kzn/domains/

How to check if your drupal site was hacked (and how to fix it)

Install drupalgeddon on your server:

drush dl drupalgeddon

Install Site Audit:

drush dl site_audit --dev

Install Hacked:

drush dl hacked --dev; drush en hacked -y

Install Security Review:

drush en security_review -y

OPTIONAL: run all the above in a single line.

drush dl drupalgeddon -y; drush dl site_audit --dev -y; drush dl hacked --dev -y; drush en hacked -y; drush en security_review -y

Run the drupalgeddon site audit--this will also run the above modules--this will create a file called 'report.html'. Open it up and see what's up.

Tags: Drupal hack security drupalgeddon

Speed up and secure Apache SSL encryption.

By default apache loads a bunch of encryption protocols. Most of which either are insecure and/or slow.

The location of these settings are based on DirectAdmin's Apache 2.4.x, however, you should easily be able to locate them in your apache .conf files.

vi /etc/httpd/conf/extra/httpd-ssl.conf

Set Apache to only use the fastest and best encryption algorithms.

Now comment out the default SSL settings and add new ones as shown below:

Tags: apache SSL security performance

How to install CSF (ConfigServer Security & Firewall) with DirectAdmin or WHM

Block IPs with Brute Force Monitor in DirectAdmin using CSF


Regular install of CSF

cd /usr/local/src
tar -xzf csf.tgz
cd csf

Now login as Admin into directadmin or WHM, and click the link ConfigServer Security & Firewall

You'll probably want to add your WAN IP here--you can find out what it is here:

Then add your WAN IP into Quick Allow column.

Tags: CSF firewall security Linux Server admin DirectAdmin

How-to: Secure tmp directories on linux

source: How-To: Secure your temp directories

Every system needs temporary folders that any user is able to read and write BUT these directories should not be able to execute programs or scripts. Though this will only protect you from somebody running the script directly it will help with a large portion of the automated rootkits and trojans that script kiddies use. They will still be able to put the files on the system but they will be unable to execute them and create the back door. One of the biggest problems is php injection via apache in which people will have apache download and then run an exploit. Securing the temp directories is probably the single biggest thing you can do towards securing your server.

Tags: Server Linux security how-to