Setting up the LAMP Stack from scratch on Ubuntu

When migrating servers to AWS, its great to be able to set them up easily and quickly. This is effectively a lovely cheat-sheet. By running the scripts below you can have a full LAMP Stack running on an EC2 instance running Ubuntu in less than 5 minutes.

/* Set locale to UK - V IMPORTANT!! */
sudo locale-gen en_GB.UTF-8


/* Run update and upgrades */
sudo apt-get update
sudo apt-get upgrade


/* Install Apache 2 */
sudo apt-get install apache2


/* Server internal firewall config */
sudo ufw allow OpenSSH
sudo ufw allow in "Apache Full"
sudo ufw enable


/* Install MySQL */
sudo apt-get install mysql-server


mysql_secure_installation

(No,No,Yes,Yes,Yes,Yes)

/* Install php and associated plugins as needed */
sudo apt-get install php libapache2-mod-php php-mcrypt php-mysql
sudo apt-get install php-curl php-gd php-mbstring php-mcrypt php-xml php-xmlrpc


/* Restart services */
sudo systemctl restart apache2


/* Update Apache2 config to allow .htaccess files and modified file permissions */
sudo nano /etc/apache2/apache2.conf

<Directory /var/www/html/>
AllowOverride (Change None to All)
</Directory>

/* Turn on rewrite rules for Apache2 */
sudo a2enmod rewrite
sudo systemctl restart apache2


/* Update permissions so that FTP can write to the web root folder */
sudo chown -R ubuntu:www-data /var/www/html


/* Reboot server */
sudo reboot

Spam calendar invites from 16700700.com

Anyone else’s calendar getting completely spammed with invites from 16700700.com or 35700700.com ?

screen-shot-2016-11-09-at-15-02-48

 

If you are, you are not alone – my calendar has been absolutely crammed with them. As far as I can tell there is no malware or anything security-wise that I have done to allow access to my calendar, it would appear that anyone can invite themselves to any calendar – an obvious security issue.

screen-shot-2016-11-09-at-15-06-45

Its easy to remove them, by right-clicking and choosing Decline, but shortly after doing this for a single item on my calendar it was absolutely inundated with them, so don’t do that! By declining you notify the person that it is a valid email address for the calendar.

 

Update: 14th November 2016 – Apple engineers have got back to me letting me know that they are working to resolve the issue as it is a huge issue affecting lots of Apple iCloud accounts and that they have seen a sudden increase in the requests over the past 2 weeks. On other more worrying news I now have bogus photos requests too.

The most important things you should do is: Change your iCloud password to something new, and turn on 2-factor authentication for your account.

Essential viewing for web developers

Every now and again I come across some amazing videos on YouTube that I think are relevant to all web developers. One author (video blogger? – not sure what they are called) who is particularly brilliant is Tom Scott. He wonderfully articulates how web technologies and their exploits happen, and how to ensure that you don’t fall in to the same traps as many systems/sites out there.

One of Tom’s most brilliant videos is his explanation of how a self-re-tweeting tweet worked and how to ensure that you don’t have the same issues on your text boxes when writing their contents back out to the screen.

Essential viewing videos for development teams:

Tom Scott – Cracking Websites with Cross Site Scripting – Computerphile

Tom Scott – Hacking Websites with SQL Injection – Computerphile

Dr Mike Pound – Advanced SQL Injection

Tom Scott – Cross Site Request Forgery – Computerphile

Tom Scott – How Not To Store Passwords

Tom Scott – Hashing Algorithms and Security

 

If you are a developer, and have any suggestions of videos that should be added to this list, please add a comment with the URL!