Production has a very specific kind of silence. It’s not the calm silence of a system that’s healthy. It’s the suspicious silence of a system that hasn’t complained yet. Nginx still serves pages. Your API still returns 200. The business dashboard looks green enough to lull everyone into optimism. But you can feel it, response… Continue reading
Overview At 02:04:43 UTC, 7 November 2025, our Wazuh SIEM raised a critical level-15 alert, Rule 31168, “Shellshock attack detected” This alert originated from an Nginx access log on agent, proxy-sg2-deb-12-pro-proxy-xxxx (IP 1xx.xxx.xxx.xxx). The source of the request was 193.26.115.195 (Netherlands). Wazuh immediately identified the payload as an active Shellshock exploit attempt (CVE-2014-6271). But here’s… Continue reading
Why your logs suddenly show 192.168.255.x — and how to fix it properly When everything sits behind Cloudflare, real-IP handling in Nginx is usually straightforward, trust Cloudflare’s IP ranges, read CF-Connecting-IP, and $remote_addr becomes the actual visitor’s address. That simplicity disappears the moment you introduce a Linode NodeBalancer in front of your server. Suddenly your… Continue reading
When you increase a Linode Block Storage volume’s size in the Cloud Manager, the added capacity doesn’t automatically appear inside your Linux system. You need to let the kernel detect the change and then expand the filesystem so it can use the new space. Previously I create article by umount firts, this one no need… Continue reading
Some days, the world feels like one long notification. Social feeds are noisy, group chats never really sleep, and every app is trying to win a small piece of your attention. In the middle of all that, there’s something strangely calming about a blank terminal window. That was exactly the feeling when I decided to… Continue reading
It started as something simple. I wanted to connect to one of my sandbox servers, just a temporary environment for testing some code and running quick database experiments. I didn’t want to bother setting up a WireGuard tunnel or a private VPN, so I took a shortcut. I used Surfshark, a public VPN service that… Continue reading
There are many ways to move a PostgreSQL database between servers, but for a production-grade setup,where roles already exist and you simply want to migrate one database cleanly, the safest path is to create the target database first and restore into it. This approach keeps ownerships and permissions consistent, avoids overwriting roles, and works perfectly… Continue reading
A few days after setting up my simple firewall with ferm on Debian 12, everything seemed perfect. The host was quiet, the rules were clean, and I finally had a minimal setup that did exactly what I wanted, blocking everything inbound, keeping outbound open, and allowing SSH only from the local LAN. It worked flawlessly,… Continue reading
There are many ways to configure a firewall in Linux. Some people prefer ufw, others go straight to iptables or nftables. But in between those layers of complexity, there’s a small, quiet tool that often goes unnoticed: Ferm, For Easy Rule Making. The name says it all. I like Ferm because it doesn’t try to… Continue reading
In continuous integration environments, it’s often necessary to run Jenkins agents or scripts securely under a dedicated system account. On Debian 12, this means creating a non-interactive user, one that can authenticate via SSH keys but cannot log in interactively or hold a password. This guide walks through setting up a minimal, hardened Jenkins user… Continue reading