Forwarded from UNDERCODE NEWS
Satellite positioning tracking systems to apply to high-precision positioning and autonomous driving with Super Formula at 290 km / h
#Technologies
#Technologies
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Redis different data types usage scenario code examples:
1) String
The String data structure is a simple key-value type, and the value can be not only a String, but also a number.
Conventional key-value cache application;
Regular counting: the number of Weibo, the number of fans, etc.
2) hash
Redis hash is a mapping table between field and value of string type, and hash is particularly suitable for storing objects.
Store some changed data, such as user information, etc.
3) list
A list is a linked list, and anyone with a little knowledge of data structure should be able to understand its structure. Using the Lists structure, we can easily realize the latest news ranking and other functions. Another application of List is the message queue. You can use the PUSH operation of the List to store tasks in the List, and then the worker thread will use the POP operation to take out the tasks for execution. Redis also provides an api to manipulate a certain section of the List. You can directly query and delete a certain section of the List.
Redis's list is a doubly linked list in which each child element is of type String. You can add or delete elements from the head or tail of the list through push and pop operations, so that the List can be used as a stack or a queue.
4) Message queue system
Use list to build a queue system, and use sorted set to build a priority queue system.
For example: The Redis as the log collector
is actually still a queue multiple endpoints writes log information Redis, then a worker will unify all logs to disk.
The operation of fetching the latest N data
//Add the current login person to the linked list
ret = r.lpush("login:last_login_times", uid)
//Keep only N bits in the linked list
ret = redis.ltrim("login:last_login_times", 0, N-1)
/ /Get the list of the first N latest login user IDs
last_login_list = r.lrange("login:last_login_times", 0, N-1)
For example, Sina Weibo:
In Redis, our latest Weibo ID uses a resident cache, which is always updated. However, the limit cannot exceed 5000 IDs, so the function that gets IDs will always ask Redis. Only when the start/count parameter exceeds this range, you need to access the database.
> The system does not "refresh" the cache like the traditional way, and the information in the Redis instance is always consistent. The SQL database (or other types of databases on the hard disk) is only triggered when the user needs to get "very far away" data, and the homepage or the first comment page will not bother the database on the hard disk.
5) set
A set is a collection, and the concept of a collection is a combination of unique values. Using the set data structure provided by Redis, some collective data can be stored. The elements in the set are in no order.
Case:
In the Weibo application, all the followers of a user can be stored in a collection, and all its fans can be stored in a collection. Redis also provides operations such as intersection, union, and difference for collections, which can easily implement functions such as common attention, common preference, and second-degree friends. For all the above collection operations, you can also use different command options Whether to return the result to the client or save the collection to a new collection.
Intersection, union, difference
//The book table stores the book name
set book:1:name "The Ruby Programming Language"
set book:2:name "Ruby on rail"
set book:3:name "Programming Erlang"
//tag table uses sets to store data, because sets are good at intersection and union
sadd tag:ruby 1
sadd tag:ruby 2
sadd tag:web 2
sadd tag:erlang 3
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Redis different data types usage scenario code examples:
1) String
The String data structure is a simple key-value type, and the value can be not only a String, but also a number.
Conventional key-value cache application;
Regular counting: the number of Weibo, the number of fans, etc.
2) hash
Redis hash is a mapping table between field and value of string type, and hash is particularly suitable for storing objects.
Store some changed data, such as user information, etc.
3) list
A list is a linked list, and anyone with a little knowledge of data structure should be able to understand its structure. Using the Lists structure, we can easily realize the latest news ranking and other functions. Another application of List is the message queue. You can use the PUSH operation of the List to store tasks in the List, and then the worker thread will use the POP operation to take out the tasks for execution. Redis also provides an api to manipulate a certain section of the List. You can directly query and delete a certain section of the List.
Redis's list is a doubly linked list in which each child element is of type String. You can add or delete elements from the head or tail of the list through push and pop operations, so that the List can be used as a stack or a queue.
4) Message queue system
Use list to build a queue system, and use sorted set to build a priority queue system.
For example: The Redis as the log collector
is actually still a queue multiple endpoints writes log information Redis, then a worker will unify all logs to disk.
The operation of fetching the latest N data
//Add the current login person to the linked list
ret = r.lpush("login:last_login_times", uid)
//Keep only N bits in the linked list
ret = redis.ltrim("login:last_login_times", 0, N-1)
/ /Get the list of the first N latest login user IDs
last_login_list = r.lrange("login:last_login_times", 0, N-1)
For example, Sina Weibo:
In Redis, our latest Weibo ID uses a resident cache, which is always updated. However, the limit cannot exceed 5000 IDs, so the function that gets IDs will always ask Redis. Only when the start/count parameter exceeds this range, you need to access the database.
> The system does not "refresh" the cache like the traditional way, and the information in the Redis instance is always consistent. The SQL database (or other types of databases on the hard disk) is only triggered when the user needs to get "very far away" data, and the homepage or the first comment page will not bother the database on the hard disk.
5) set
A set is a collection, and the concept of a collection is a combination of unique values. Using the set data structure provided by Redis, some collective data can be stored. The elements in the set are in no order.
Case:
In the Weibo application, all the followers of a user can be stored in a collection, and all its fans can be stored in a collection. Redis also provides operations such as intersection, union, and difference for collections, which can easily implement functions such as common attention, common preference, and second-degree friends. For all the above collection operations, you can also use different command options Whether to return the result to the client or save the collection to a new collection.
Intersection, union, difference
//The book table stores the book name
set book:1:name "The Ruby Programming Language"
set book:2:name "Ruby on rail"
set book:3:name "Programming Erlang"
//tag table uses sets to store data, because sets are good at intersection and union
sadd tag:ruby 1
sadd tag:ruby 2
sadd tag:web 2
sadd tag:erlang 3
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Not only google and youtube. Down network: Tim, WindTre, Vodafone and Iliad, here are today's problems
#international
#international
β β β Uππ»βΊπ«Δπ¬πβ β β β
HACKING RESOURCES "
- [pwnsecurity.net](http://www.pwnsecurity.net/) - by [Shashank](https://twitter.com/cyberboyIndia)
- [breaksec.com](https://www.breaksec.com/) - by [Nir Goldshlager]
- [pwndizzle.blogspot.in](http://pwndizzle.blogspot.in/) - by [Alex Davies]
- [c0rni3sm.blogspot.in](http://c0rni3sm.blogspot.in/) - by [yappare
- [exploit.co.il/blog](http://exploit.co.il/blog/) - by [Shai rod]
- [ibreak.software](https://ibreak.software/) - by [Riyaz Ahemed Walikar]
- [panchocosil.blogspot.in](http://panchocosil.blogspot.in/) - by [Francisco Correa]
- [breakingmesh.blogspot.in](http://breakingmesh.blogspot.in/)
- [websecresearch.com](http://www.websecresearch.com/) - by [ Ajay Singh Negi]
- [securitylearn.net](http://www.securitylearn.net/about/) - by [Satish Bommisetty]
- [secinfinity.net](http://www.secinfinity.net/) - by Prakash Sharma
β β β Uππ»βΊπ«Δπ¬πβ β β β
HACKING RESOURCES "
- [pwnsecurity.net](http://www.pwnsecurity.net/) - by [Shashank](https://twitter.com/cyberboyIndia)
- [breaksec.com](https://www.breaksec.com/) - by [Nir Goldshlager]
- [pwndizzle.blogspot.in](http://pwndizzle.blogspot.in/) - by [Alex Davies]
- [c0rni3sm.blogspot.in](http://c0rni3sm.blogspot.in/) - by [yappare
- [exploit.co.il/blog](http://exploit.co.il/blog/) - by [Shai rod]
- [ibreak.software](https://ibreak.software/) - by [Riyaz Ahemed Walikar]
- [panchocosil.blogspot.in](http://panchocosil.blogspot.in/) - by [Francisco Correa]
- [breakingmesh.blogspot.in](http://breakingmesh.blogspot.in/)
- [websecresearch.com](http://www.websecresearch.com/) - by [ Ajay Singh Negi]
- [securitylearn.net](http://www.securitylearn.net/about/) - by [Satish Bommisetty]
- [secinfinity.net](http://www.secinfinity.net/) - by Prakash Sharma
β β β Uππ»βΊπ«Δπ¬πβ β β β
Pwnsecurity
Pwnsecurity - Security and tech expert
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π Apache protection against brute-force and DDoS using Mod_Security and Mod_evasive modules
Step 1. Installing Iptables Firewall on RHEL / CentOS 8/7 and Fedora
First, stop and disable firewalld:
# systemctl stop firewalld
# systemctl disable firewalld
Then install the iptables-services package before enabling iptables:
# yum update && yum install iptables-services
# systemctl enable iptables
# systemctl start iptables
# systemctl status iptables
Step 2: Install Mod_Security and Mod_evasive
Besides installing LAMP, you also need to enable EPEL repository on RHEL / CentOS 8/7 in order to install both packages.
Fedora users don't need to enable the repo because epel is already part of the Fedora project.
# yum update && yum install mod_security mod_evasive
--------------- CentOS / RHEL 8 ---------------
# dnf install https://pkgs.dyn.su/el8/base/x86_64/raven-release-1.0-1.el8.noarch.rpm
# dnf --enablerepo = raven-extras install mod_evasive
When the installation is complete, you will find the configuration files for both tools in /etc/httpd/conf.d.
# ls -l /etc/httpd/conf.d
Now, to combine these two modules with Apache and load them at startup, make sure the following lines appear in the top level section of mod_evasive.conf and mod_security.conf respectively:
LoadModule evasive20_module modules / mod_evasive24.so
LoadModule security2_module modules / mod_security2.so
Note that modules / mod_security2.so and modules / mod_evasive24.so are relative paths to the / etc / httpd directory.
You can check this (and change it if necessary) by listing the contents of the / etc / httpd / modules directory:
# cd / etc / httpd / modules
# pwd
# ls -l | grep -Ei '(evasive | security)'
Then restart Apache and make sure it loads mod_evasive and mod_security:
# systemctl restart httpd
Dump the list of loaded static and shared modules.
# httpd -M | grep -Ei '(evasive | security)'
Step 3: Install the core ruleset and configure Mod_Security
In a nutshell, the Core Rule Set (aka CRS) provides the web server with instructions on how to behave under certain conditions.
The developer firm mod_security provides a free CRS called OWASP (Open Web Application Security Project) ModSecurity CRS, which can be downloaded and installed as follows.
1. Download the OWASP CRS to the directory created for this purpose.
# mkdir / etc / httpd / crs-itsecforu
# cd / etc / httpd / crs-itsecforu
# wget -c https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/v3.2.0.tar.gz -O master
2. Unpack the CRS file and change the directory name as you wish.
# tar xzf master
# mv owasp-modsecurity-crs-3.2.0 owasp-modsecurity-crs
3. Now it's time to configure mod_security.
Copy the example file with rules (owasp-modsecurity-crs / modsecurity_crs_10_setup.conf.example) to another file without the .example extension:
# cd owasp-modsecurity-crs /
# cp crs-setup.conf.example crs-setup.conf
and tell Apache to use this file along with the module by inserting the following lines into the main web server configuration file /etc/httpd/conf/httpd.conf.
If you decide to unpack the archive into a different directory, you will need to edit the paths:
<IfModule security2_module>
Include crs-itsecforu / owasp-modsecurity-crs / crs-setup.conf
Include crs-itsecforu / owasp-modsecurity-crs / rules / *. Conf
</IfModule>
Finally, it is a good idea to create our own config file in the /etc/httpd/modsecurity.d directory where we put our custom directives (in the next example we'll call it itsecforu.conf) instead of modifying the CRS files directly. , E it will simplify the CRS updated as new versions are released.
<IfModule mod_security2.c>
SecRuleEngine On
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType text / plain text / html text / xml application / octet-stream
SecDataDir / tmp
</IfModule>
Step 4: Configuring Mod_Evasive
mod_evasive is configured using directives in /etc/httpd/conf.d/mod_evasive.conf.
π¦π Apache protection against brute-force and DDoS using Mod_Security and Mod_evasive modules
Step 1. Installing Iptables Firewall on RHEL / CentOS 8/7 and Fedora
First, stop and disable firewalld:
# systemctl stop firewalld
# systemctl disable firewalld
Then install the iptables-services package before enabling iptables:
# yum update && yum install iptables-services
# systemctl enable iptables
# systemctl start iptables
# systemctl status iptables
Step 2: Install Mod_Security and Mod_evasive
Besides installing LAMP, you also need to enable EPEL repository on RHEL / CentOS 8/7 in order to install both packages.
Fedora users don't need to enable the repo because epel is already part of the Fedora project.
# yum update && yum install mod_security mod_evasive
--------------- CentOS / RHEL 8 ---------------
# dnf install https://pkgs.dyn.su/el8/base/x86_64/raven-release-1.0-1.el8.noarch.rpm
# dnf --enablerepo = raven-extras install mod_evasive
When the installation is complete, you will find the configuration files for both tools in /etc/httpd/conf.d.
# ls -l /etc/httpd/conf.d
Now, to combine these two modules with Apache and load them at startup, make sure the following lines appear in the top level section of mod_evasive.conf and mod_security.conf respectively:
LoadModule evasive20_module modules / mod_evasive24.so
LoadModule security2_module modules / mod_security2.so
Note that modules / mod_security2.so and modules / mod_evasive24.so are relative paths to the / etc / httpd directory.
You can check this (and change it if necessary) by listing the contents of the / etc / httpd / modules directory:
# cd / etc / httpd / modules
# pwd
# ls -l | grep -Ei '(evasive | security)'
Then restart Apache and make sure it loads mod_evasive and mod_security:
# systemctl restart httpd
Dump the list of loaded static and shared modules.
# httpd -M | grep -Ei '(evasive | security)'
Step 3: Install the core ruleset and configure Mod_Security
In a nutshell, the Core Rule Set (aka CRS) provides the web server with instructions on how to behave under certain conditions.
The developer firm mod_security provides a free CRS called OWASP (Open Web Application Security Project) ModSecurity CRS, which can be downloaded and installed as follows.
1. Download the OWASP CRS to the directory created for this purpose.
# mkdir / etc / httpd / crs-itsecforu
# cd / etc / httpd / crs-itsecforu
# wget -c https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/v3.2.0.tar.gz -O master
2. Unpack the CRS file and change the directory name as you wish.
# tar xzf master
# mv owasp-modsecurity-crs-3.2.0 owasp-modsecurity-crs
3. Now it's time to configure mod_security.
Copy the example file with rules (owasp-modsecurity-crs / modsecurity_crs_10_setup.conf.example) to another file without the .example extension:
# cd owasp-modsecurity-crs /
# cp crs-setup.conf.example crs-setup.conf
and tell Apache to use this file along with the module by inserting the following lines into the main web server configuration file /etc/httpd/conf/httpd.conf.
If you decide to unpack the archive into a different directory, you will need to edit the paths:
<IfModule security2_module>
Include crs-itsecforu / owasp-modsecurity-crs / crs-setup.conf
Include crs-itsecforu / owasp-modsecurity-crs / rules / *. Conf
</IfModule>
Finally, it is a good idea to create our own config file in the /etc/httpd/modsecurity.d directory where we put our custom directives (in the next example we'll call it itsecforu.conf) instead of modifying the CRS files directly. , E it will simplify the CRS updated as new versions are released.
<IfModule mod_security2.c>
SecRuleEngine On
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType text / plain text / html text / xml application / octet-stream
SecDataDir / tmp
</IfModule>
Step 4: Configuring Mod_Evasive
mod_evasive is configured using directives in /etc/httpd/conf.d/mod_evasive.conf.
Since there are no update rules during package update, we do not need a separate file to add custom directives, unlike mod_security.
The mod_evasive.conf file has the following directives enabled by default (note that there are many comments in this file, so we removed them to highlight the configuration directives):
<IfModule mod_evasive24.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</IfModule>
β β β Uππ»βΊπ«Δπ¬πβ β β β
The mod_evasive.conf file has the following directives enabled by default (note that there are many comments in this file, so we removed them to highlight the configuration directives):
<IfModule mod_evasive24.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</IfModule>
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Ali Baba got a fine of 1.5 million! Why did the antitrust rule go online after 12 years?
#international
#international
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
It is illegal to make virtual currency deposits! Keep out of these valueless scams!
#CyberAttacks
#CyberAttacks
Forwarded from UNDERCODE NEWS
GSMA announces that in 2021 the MWC will return to Shanghai, to be conducted from 23 to 25 February
#international
#international
Forwarded from UNDERCODE NEWS
Don't be selfish at a cheap price! Again the mutual power bank has a problem: it will hack to the user's cell phone.
#Vulnerabilities
#Vulnerabilities
