How to schedule Windows Update to install updates at certain time in Windows Server 2012

In previous releases of Windows Server, the updates were installed during a maintenance period and rebooted if required right after the update. The day and time was configurable so that this would have minimal effect during peak hours.

This however changed in Windows Server 2012. The default setting downloads the available updates and notifies the user and requires user action within one day. After one day the updates are installed as soon as possible and forces reboot on the server. On production servers this is not appropriate behaviour as it may force reboot at critical time causing very unpredictable downtimes.

Luckly this can be configured although it’s not located in same place as in previous versions of Windows Server. Here’s a step by step tutorial on how to configure the updates to automatically install at 3am on Sundays:

1. Open the Local Group Policy Editor

Either search for “Edit Group Policy” or open the gpedit MMC snap-in using Run


Continue reading

How to patch Windows server 2012 R2 to resolve the MS15-034 vulnerability

The vulnerability could allow remote code execution if an attacker sends a specially crafted HTTP request to an affected Windows system. All Windows servers 2008 R2 and 2012 are affected!

Windows Update seems to have done the trick automatically for my 2008 R2 servers but the 2012 servers are still affected after installing the latest updates.

How to check if you are affected?

If you have a Linux server lying around, type this command:

wget --header="Range: bytes=18-18446744073709551615" http://serverip/iis-85.png

Continue reading

How to install and configure WordPress hosted on Nginx with PHP-FPM on Debian based distros

Nginx is an open source web server. Users have been moving to Nginx because of the high performance and stability and as of February 2014, Nginx is hosting around 15% of all web servers according to Netcraft’s Web Server Survey. Nginx is a great option for hosting WordPress sites.

It’s assumed that you have already installed Nginx with PHP-FPM. If you haven’t already done that, you can use this tutorial: How to install Nginx with PHP and MySql support on wheezy

1. Create the database for WordPress

mysql -u root -p
CREATE USER {username}@localhost;
GRANT ALL PRIVILEGES ON {username}.* TO {database}@localhost IDENTIFIED BY '{password}';

Continue reading

How to enable/disable the VMware ESXi 5.x firewall

I just installed a fresh VMware ESXi 5.5 and configured the firewall using vSphere client to not allow remote connections. When testing the firewall I noticed that the rules weren’t working. There seems to be no way to see the status of the firewall or enable/disable it through vSphere but it turned out to be disabled by default.

To enable the firewall, log in to SSH and type this command:

esxcli network firewall set --enabled true

Continue reading

Export certificate and private key from a pfx file

When moving certificates from Windows servers to Linux you may need to export the private key and certificate from a pfx file. This is how it’s done:

1. Export the private key

openssl pkcs12 -in cert.pfx -nocerts -out cert.key.wpass

Replace cert.pfx with the certificate exported from Windows. The private key will be exported to cert.key.wpass including a password that you need to selecting in this step Continue reading

16 simple ways to secure your WordPress site

WordPress is a popular target for attackers and currently there are a lot of botnets discovering vulnerable sites and trying to brute force the admin password. If you haven’t hardened your WordPress installation, this is the perfect time to do that.

1. Don’t use the defaults

When installing a new instance of WordPress, make sure you choose other name for the administrator account than admin and change the default table prefix (wp_) to anything else.
Continue reading

How to force IIS/ASP.NET to use assembly from the bin folder instead of GAC

If you have a assembly with the same version number located both in the bin folder for a web site and in the Global Assembly Cache (GAC), ASP.NET will by default use the GAC version of the file. Sometimes that’s not the ideal solution so here’s a workaround.

1. Open web.config in a text editor

2. Add this code to /configuration/runtime/assemblyBinding/dependentAssembly:

<assemblyIdentity name="Your.Assembly.Name" publicKeyToken="31bf3856ad364e35"/>
<codebase version="" href="/bin/Your.Assembly.Name.dll" />

Continue reading