List fonts used in PDF document

If you want to see what fonts have been used in creation of a PDF document, you can use pdffonts utility of poppler-utils package for this. Just type:

  • pdffonts yourfile.pdf

Renew Let’s Encrypt certificate

If you have no automatic certificate renewal, you may found out one day that the browser is telling you that your site is “unsafe” as the certificate has expired.

Just type at the command line:

  • letsencrypt renew

But you can also add a simple cron job for automatic renewal, for example:

  • 15 5,17 * * * /usr/bin/letsencrypt renew

Checking twice a day is recommended for the unlikely event if something happens to your certificate due to the Let’s Encrypt themselves.

If the certificate is valid and new nothing happens aside from reading the certificate locally, so you can run it as often as you want.


Mount Truecrypt volume without Truecrypt

Some of you may have some old Truecrypt volumes lying around. Truecrypt was a nice and handy utility which is not developed anymore, unfortunately. But you still can mount the volumes created by it.

One way to do it on Ubuntu:

  • sudo cryptsetup tcryptOpen myvol.tc myvol

Where:

  • myvol.tc – the file name of your volume
  • myvol – arbitrary name of the virtual disk to be created

You will be asked for a passphrase, and if you still can remember it, the volume will be mounted under /dev/mapper with the name you provided and will show up as just another disk.


Generate QR code

  • This simple command will give you an SVG file with QR code vector image in it:
echo "Hello world!" | qrencode --level=H --dpi=300 --type=SVG -o qr.svg
  • If a bitmap is enough, just type:
echo "Hello world!" | qrencode --level=H --dpi=300  -o qr.png

  • Even this simple command will work:
qrencode -o qr.png "Hi!"

  • Change the color from standard black to any if you like:
echo "Hello world!" | qrencode --foreground=808080ff --level=H --dpi=300 --type=SVG -o qr.svg
  • Alpha supported too:
echo "Hello world!" | qrencode --foreground=FFFF00FF --background=0000FF55 --level=H --dpi=300 -o qr.png
echo "Hello world!" | qrencode --foreground=FFFF00FF --background=0000FF55 --level=H --dpi=300 --type=SVG -o qr.svg

		

Remove Apache server signature from footer

By default error pages served by Apache2 contain a line at the bottom, stating version of Apache, OS etc.

If you want it gone, edit /etc/apache/apache2.conf:

  • Add a line:
ServerSignature Off
  • Reload the new configuration:

service apache2 reload

 

P.S. While you are at it you may also add this to tell server not to share more information about itself than necessary:

ServerTokens ProductOnly

 


Removing comments from PHP

Sometimes it is enough to remove comments from your PHP code to make it not worth stealing, as a potential violator will spend more time figuring out what did you mean by all that, than writing his own version of the software to do the same job.

This very simple solution, based on an example in a forum here, does that for all files in the directory and its subdirectories.

  • find . -type f -name '*.php' | while read VAR; \
    do mv $VAR "$VAR-old"; php -wq "$VAR-old" > $VAR ; \
    unlink "$VAR-old"; done

Unlike obfuscators, it does not mess with your actual code.

The php options engaged here are:

-w             Output source with stripped comments and whitespace

-q             Quiet-mode. Suppress HTTP header output (CGI only).


Securing phpMyAdmin

The things you can do to make your phpMyAdmin less vulnerable to attack:

1. Call it something else.

Normally it is accessed by its alias /phpmyadmin, as defined in the /etc/apache2/conf-enabled/phpmyadmin.conf.

Edit it and rename the alias to something else, something hard for an attacked to guess. You can use apg to generate a random name for it. Restart Apache after you are done.

2. Restrict access to a particular range of addresses

You may chose to allow only local access from localhost, or allow access from the range of your VPN.

Remember that Apache configuration syntax changed as of version is 2.4, so now you have to use Require instead of Order Deny,Allow.

To find out your version:

apachectl -V | grep ‘Server version’

To limit access to phpMyAdmin to allow only connections from localhost and VPN:

Right after the tag add:

Require ip 127.0.0.1
Require ip 10.8.0.0/24

Be aware that anybody who attempts to connect phpMyAdmin form any other address will see a message

“Forbidden

You don’t have permission to access […] on this server.”

To avoid that you can rename the alias as described above