Today’s post is a formula that you can use to get a decent server and install WordPress on it. This is the setup for this site, and it works like magic. This is a self-hosted WordPress for free.
Oracle Always Free Teir
Oracle offers an always free tier for servers. This is an arm server and it does wonders. 8 Cores and 24 gb of ram with up to 200 GB of storage. This thing is a beast for a free server. For more information, you can visit their site: https://docs.oracle.com/en/learn/cloud_free_tier/index.html
When you create your compute, make sure you stay within the always free unless you are willing to pay for more. Also, select the Ubuntu server as this is the easiest way to build your server.
Make sure to download your SSL cert or you will not be able to later.
Another Quick catch is you must open the ports in the firewall of your compute on the main page. Once you do this, then you are free to do more.
WordPress For Free
Now it’s time to install WordPress for Free. Digital Oceans offers a free tutorial for this process as well. I suggest reading over it. https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-on-ubuntu-22-04-with-a-lamp-stack. Once you have your website installed, it’s all about the setup from here. You have the basic setup. Now it’s time to work on logos, placement, content, SEO, and more. This is a learning curve within itself.
I suggest getting a udmey account and searching for the SEO beginner to hero courses as these will change how you build out your site. I always suggest a few plugins for beginners.
Loginizer – This plugin prevents people from brute forcing into your site.
W3 Total Cache – This plugin keeps your site moving quickly and you can set it to do some crazy stuff.
Health Check and Troubleshooting – This will help keep you up to date. This includes things like PHP upgrades and such.
WP Statistics – this one is very simple, it gives you a visit and visitor lists. This way you can see your returning traffic vs new traffic.
Yoast SEO – SEO allows your site to be found. Yoast makes, making sites easier. It helps with blog posts and more. I personally can’t write without it. The readability helped me see some of my language issues.
Shortcodes Ultimate – The paid version of this is amazing, the free is amazing as well. I am able to do quotes and more with the free version. Which is why I use it.
I was inside my unifi controller a while back and the new update had starred out the radius password. The documentation had yet to occur on the radius password. So, I used a simple HTML trick with my firefox to change the stars to clear text. This is how you can Uncover Starred-Out Passwords in firefox.
Developer Options
F12 will trigger the developer options. Inside Google Chrome, the developer window will appear on the right-hand side. In Firefox, the developer window will appear at the bottom of the window. These options allow you to change your current view of the site. If you want to change the background to hot pink, you can. if you want to change a password field to plain text, you can.
Developer Options in Firefox
What we are looking at
The view area.
This is the page we are viewing. I want the starred-out shared secret that you see in the red box. Click the edit button to the right of the shared secret. Notice the password is still starred out. To get this information, we need to start the Developer options. Inside the developer options on the left-hand side, you will see a mouse cursor in a box, also known as an inspector. We still have Starred-Out Passwords
Once you click the inspector tool, you can move the mouse over the shared secret and click on it. Inside the developer options, you will see the HTML itself highlighted. Notice the highlighted HTML code is the input object. We are looking for the word “type”. All we have to do is replace type=”password” to type=”text”. Once you type in text, click enter. The password is now exposed.
That’s pretty much it. The key secret is to make sure you are editing the input and not just the div. I you see div code instead of input code, then you do not have it set in edit mode. This process can be used for just about any website out there. This is how we Uncover Starred-Out Passwords.
Like in my last post, I have been in IT for many years. Every place I have worked at and even when I worked at an MSP, I have always seen the Active Directory Users and Computers take a really long time to load. Often times be very slow while on VPN. I was finally challenged to see why.
Reasons
There are hundreds of reasons apparently for it being slow. I have seen it slow on Global connect, Open VPN, Cisco’s Anyconnect, WatchGuard, and more. Apparently, the issue is with how ADUC communicates via DNS.
Yes, it’s a DNS problem.
The solutions for a slow ADUC on VPN
Point to the server’s IP instead of the DNS name.
If you right click your ADUC in the start menu, you can click properties. Then from there, you can add /server=”<Your Servers IP Address>” and this should resolve the issue. The load time went from 5 minutes to 10 seconds. I’m not all sure the back end fix, but this one worked well.
A registry fix
Here is a registry fix that seems to work on some machines. I tested this on windows 10 and 11. I was unable to test it on multiple network stacks, just my pfsense and untangled stacks. So, let me know if these keys work for you.
I have been in IT for a little over 10 years and have tried various browsers and plugs/extensions. Some are extremely useful, and some, are not so. I abandoned Firefox for a while because it was not compatible with the required software. Recently I have returned back to firefox because of Multi-Account Containers.
Firefox has a unique extension that only it has. This extension is called the multi-account container. What it does is allows you to open a tab in a container of its own. Link
What is Multi-Account Containers
The extension has containers. These containers hold all of the cached items inside of it. For example, if you log into o365 in one container, you will be able to log into a different o365 in another container. Unlike incognito mode, you will be able to work with items that need to cache on your computer like exchange online.
If you are in the MSP world? This is a game-changer. You can have a container for each of your clients and solely work out of that container for that client. For in-house IT, it allows you to test as a normal user vs an IT admin. Even in your home life, the added layer of security helps with your banking and personal items. This way Facebook doesn’t leak into your bank account’s cache.
My favorite feature
When firefox starts, you have a screen full of tabs of previously opened sites or most visited sites. Each one of these you can right-click and open in a different container. I can do this with links, and even the + for a new tab. I can dedicate a tab just for my company and a tab just for personal. This way my o365 doesn’t affect a client’s o365.
And yes, This beast is only available on firefox and firefox off shoots. So, long live firefox!
As always, if you have any questions feel free to ask.
Not too long ago, I needed to do some rule auditing for forwarders in a client’s exchange online. They believed someone had a rule in their exchange account that was forwarded to a spammer. They believed this because new employees were receiving emails within a few days of creation. So, it’s time for some PowerShell magic to save the day. It’s time to Find Forwarding Rules in your mailboxes with PowerShell.
The script today requires the Exchange Online Module to be installed. If you don’t have it, go install it. Once you have it, you will need to connect using the Connect-ExchangeOnline commandlet.
Connect-ExchangeOnline
By doing it this way, MFA will be triggered and we want MFA to be at this level. Security first yall. This brings me to my next point, soon exo 3 will come out and security will be improved greatly.
Once you are connected, we need now to pull all the mailboxes from the system. This command can take some time if you have a large company. In fact, this script with only 300 users took around an hour. The Larger your company is, the longer it will take. Plan ahead accordingly.
$Mailboxes = Get-Mailbox -ResultSize Unlimited
Now we have all the mailboxes, we need to go through each mailbox and get the inbox rules for that mailbox. We start a for each loop of the mailboxes.
$ForwarderRules = foreach ($Mailbox in $Mailboxes) {
}
Next, we will need to grab the inbox rules for that mailbox. We do this with the Get-InboxRule commandlet and we feed it the mailbox alias.
Normally a mailbox has more than one rule. Thus, we need to make another for each loop for the rules inside our main foreach loop.
$ForwarderRules = foreach ($Mailbox in $Mailboxes) {
$rules = Get-InboxRule -mailbox $Mailbox.Alias
foreach ($rule in $rules) {
}
}
Afterward, we need to pull the data out of the rules and make it useful. The amount of output is large, breaking it down and making it useful is important. That’s the whole goal of this. We want to find out who has forwarders and we want to know if those forwarders are forwarding out to someone else. I want to break it up as well so I can look at all the forwarders and just the ones with email addresses.
Gathering Information
Firstly, we need to ask the question, Are we forwarding to someone as an email or an attachment? The properties we want to look at are, forwardto and forwardasattachmentto. If either of these are not null, then we want to look at that information. This allows us to Find Forwarding Rules.
$ForwarderRules = foreach ($Mailbox in $Mailboxes) {
$rules = Get-InboxRule -mailbox $Mailbox.Alias
foreach ($rule in $rules) {
if (($null -ne $rule.ForwardTo) -or ($null -ne $rule.ForwardAsAttachmentTo)) {
}
}
}
Now we are looking at a rule object that has a forwarder of some sort. It’s time to let the end user know. Next, we will create a PowerShell Custom Object. Almost every get command I have come across has produced one of these objects.
The object is ready for us. It’s time to fill it in with useful information. We need the mailbox name, the rule name, the rule’s id, if it’s enabled, and finally the forwarder information. The forwarder information is broken up into two. The “ForwardTo” and the “ForwardAsAttachmentTo”. The first forwards the email to a person. The second wraps up the email into an attachment and sends it to the person. We need to see both.
These items are arrays of email addresses and references. If the forwarder points to an external email address it will contain the @ symbol like most email addresses do. If the forwarder points to an internal address like bob in accounting, then it will not have an @ symbol unless told otherwise. This is useful. We can use a where object to pull out the lines with an @ symbol.
Now it’s time to sort the sorted information. First why? Why not add it to the loop above? Two reasons. First is the time it takes to process. Second, I want to run $ForwarderRules to get information and I want to run the next line of code to see the more focused information. I like having options. Now we will take the forwarder rules we created and filter out the nulls of the forwarders. Finally, we want to display the information.
Finally, you have all the email addresses and rules that have a forwarder that forwards to a real email address. You can run through each one and audit them for security.
