I hereby claim:
- I am sparkcodeuk on github.
- I am sparkcode (https://keybase.io/sparkcode) on keybase.
- I have a public key ASD5GyZNA7gAdm_QSS6aURZYlVb6t-Zj5qle5KrBCfLiNgo
To claim this, I am signing this object:
find . -type f -name '*.php' -print0|xargs -0 -n1 -I{} bash -c "php -l {} || true" |
find . -type f -name '*.php' -print0|xargs -0 -n1 perl -i -pe 's/<\?(?!(=|php))(\s?)/<?php$2/' |
This tutorial encourages you to stupidly give S3 offload media full access to your S3 services in your AWS account. | |
Never, ever do this. | |
Here is a sane policy which will give S3 offload only the access it absolutely requires. | |
NOTE: this assumes you're uploading objects to /wp-content/... prefix and that you don't need to "browse existing buckets" in the setup. | |
Beyond this I would recommend enabling "Versioning" on the bucket and implementing an S3 lifecycle rule which performs object expiry of previous versions of objects. This will mitigate any obvious delete/overwrite attacks on your website uploads. | |
{ |
{ | |
"Rules": [ | |
{ | |
"Status": "Enabled", | |
"Prefix": "", | |
"Destination": { | |
"Account": "DESTINATION_AWS_ACCOUNT_ID", | |
"Bucket": "arn:aws:s3:::DESTINATION_S3_BUCKET_NAME", | |
"AccessControlTranslation": { | |
"Owner": "Destination" |
#!/bin/bash | |
# Force outbound traffic through the attached floating IP | |
NET_INT="eth0" | |
CURL_TIMEOUT=3 | |
echo -n "Setting floating IP as the default gateway: " | |
# Check there's a floating IP attached to this droplet | |
if [ "$(curl -s --connect-timeout $CURL_TIMEOUT http://169.254.169.254/metadata/v1/floating_ip/ipv4/active)" != "true" ]; then |
I hereby claim:
To claim this, I am signing this object: