Mostly the following PHP.ini settings are enough to make php display errors in a production environement where error_reporting & display_errors are disabled in the PHP.ini.
[pastacode lang=”php” message=”” highlight=”” provider=”manual”]
ini_set('html_errors ', 'On');
ini_set('log_errors ', 'On');
ini_set('error_reporting', 'E_ALL & ~E_NOTICE');
But in some cases there will not be an error message displayed. The only solution I found was to enable the dispaly_errors in the php.ini.
To avoid setting this aparameter globally it could also be set in the conf-file for the virtual host which worked for me pritty fine.
[pastacode lang=”apacheconf” message=”” highlight=”” provider=”manual”]
php_value display_errors On
Today I got some time to take care of my server so i installed the latest updates checkt the system for attacks and when I checkt my SSL-certificates i found out, that they were just valid till April 2015 … UPS … ok they are not officially signed and i just use them to encrypt sensitive communication with my server but i wanted to fix that issue and some other little issues i found when checking my blog with https://www.ssllabs.com/ssltest/analyze.html?d=blog.fawcs.info.
Because I also had to regenerate the certificates for my other subdomains I wrote a little script to do that for me (and to use it in the future, because I always have to look up the SSL-certificat generation)
So here is the script:
[pastacode lang=”bash” message=”SSL cert-generation” highlight=”” provider=”manual”]
if [ -z $1 ];
echo "Parameter 1 for Domain is missing";
openssl genrsa -out $1.key 2048
openssl req -x509 -new -nodes -key $1.key -days 1024 -out $1.crt -subj "/C=AT/ST=Vienna/L=Vienna/O=fawCS.info/CN=$1"
I also updated the security settings in my virtual host configuration files for some settings. The DH-KeyExchange cipher got excluded from the available ciphers because there is a new attack against DH which makes it vulnerable to MITM-attacks.
Extract of settings:
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite “EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH !EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS”
And it’s always a good idea to to use htaccess with extra users or IP-ACLs to secure specific directories. (for example the wp-admin directory 🙂 )
Some other interesting settings to macke apache more secure can be found her: http://www.tecmint.com/apache-security-tips/