Remove less secure ciphers from WHM by decrpyting different convoluted references to the same ciphers

I have previously removed less secure ciphers from WHM (Web Host Manager) however it has been a while and I want to learn how to fish, not be handed a fish.

The trouble seems to stem from the fact that there is little-to-no consistency in how ciphers are referenced or even where they are defined.

WHM Cipher Definitions

Ciphers seem to be listed in two places: Exim Configuration Manager and Apache Configuration ⇨ Exim Configuration Manager.

  • The Apache Configuration has a field “SSL/TLS Protocols” which is currently defined as ALL:!ADH:!AECDH:!EDH:!RC4:+HIGH:+MEDIUM:-LOW:-EXP.
  • The Exim Configuration Manager currently has a field “SSL/TLS Cipher Suite List” which is set to ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256.

Definition of Weak Ciphers

Here is the SSL Labs test for my domain. I have everything except TLS 1.2 and TLS 1.3 disabled and many less secure ciphers disabled. The test lists the following ciphers as being weak:

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 128 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 256 TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) WEAK 128 TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) WEAK 256 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256 

I attempted to “translate” though after updating the values in both sections and running cPanel’s AutoSSL I still got the same results on the test.

Translating Cipher References

I attempted to reference the TLS 1.2 standard as well as some documentation from OpenSSL. I made numerous other search queries and spent hours reading through documentation, standards and forums without luck.

Here is my attempt to make the lists look more similar to each other:

From the Exim Configuration Manager:

  • ECDHE_ECDSA_CHACHA20_POLY1305
  • ECDHE_RSA_AES128_GCM_SHA256
  • ECDHE_RSA_AES256_GCM_SHA384
  • ECDHE_RSA_AES128_SHA256
  • ECDHE_RSA_AES256_SHA384
  • ECDHE_RSA_CHACHA20_POLY1305

From the SSL Labs Test to be removed:

  • ECDHE_RSA_WITH_AES_128_CBC_SHA
  • ECDHE_RSA_WITH_AES_256_CBC_SHA
  • RSA_WITH_AES_128_GCM_SHA256
  • RSA_WITH_AES_256_GCM_SHA384
  • RSA_WITH_AES_128_CBC_SHA
  • RSA_WITH_AES_256_CBC_SHA

The list says to remove two ECDHE and the rest don’t have ECDHE. In that example how do I remove something not defined? Secondly it suggests removing CBC though that is not defined in the first list.

Desirable Answer Format

Learning is the detection of patterns so I’m really looking for an answer with a table where column A lists the ciphers from the SSL Labs test and column B references how they are referenced (to be defined (for stronger ciphers) and disabled for weaker ciphers). Just enough that I can detect the pattern of how the test references the same ciphers as Apache (or whichever software directly handles all of this). A good reference URL with such a table (and where on the page if it’s more than just a few paragraphs) would be very helpful.

It would also be incredibly useful to know how to have the server define a preferred cipher and to know which is considered the strongest if possible please.

Efficiently remove nodes from a connected graph

Suppose you have a connected graph and want to remove k nodes such that the result is still connected. How could you do this efficiently?

It occurs to me that you could find any spanning tree, say by a tree search of any kind. Identify all leaves in the spanning tree, all of these can be removed without disconnecting the remaining vertices. If you have more than k leaves then you’re done, but in any tree you’re only guaranteed 2 leaves. So you may need to reiterate the process until you’ve removed k vertices.

That implies O(k) runs of a tree search. Does a more efficient algorithm exist? I don’t think you can just look for articulation points or bridge edges because removing a single vertex may suddenly make other vertices which weren’t articulation points now turn into articulation points.

Woocommerce – Check cart for 2 products, remove 1 if the other is in cart

I have a setup where if the order minimum is $ 100 a free product is added to the cart. If the customer once again goes below the order minimum the free product is dynamically removed via ajax.

I would like to add another threshold of $ 200, where a different free product is added once the order minimum is hit, but remove the free product that was added at $ 100. ($ 100 gets you a small prize, $ 200 gets you a bigger prize, but you can’t have both.)

I seem to struggling with scanning the cart for more than one product. All help appreciated. (If possible, please explain – I have tried so many different approaches. I can add the second, but can’t for the life of me remove the $ 100 free product)

add_action( 'woocommerce_before_calculate_totals', 'add_or_remove_cart_items', 10, 1 ); function add_or_remove_cart_items( $  cart ) {     if ( is_admin() && ! defined( 'DOING_AJAX' ) )         return;      // ONLY for logged users (and avoiding the hook repetition)      if ( ! is_user_logged_in() && did_action( 'woocommerce_before_calculate_totals' ) >= 2 )         return;      $  threshold_amount = 100; // The threshold amount for cart total     $  free_product_id  = 339; // ID of the free product     $  cart_items_total = 0; // Initicializing      // Loop through cart items     foreach ( $  cart->get_cart() as $  cart_item_key => $  cart_item ){         // Check if the free product is in cart         if ( $  cart_item['data']->get_id() == $  free_product_id ) {             $  free_item_key = $  cart_item_key;         }         // Get cart subtotal incl. tax from items (with discounts if any)         $  cart_items_total += $  cart_item['line_total'] + $  cart_item['line_tax'];     }      // If Cart total is up to the defined amount and if the free products is not in cart, we add it.     if ( $  cart_items_total >= $  threshold_amount && ! isset($  free_item_key) ) {         $  cart->add_to_cart( $  free_product_id );     }     // If cart total is below the defined amount and free product is in cart, we remove it.     elseif ( $  cart_items_total < $  threshold_amount && isset($  free_item_key) ) {         $  cart->remove_cart_item( $  free_item_key );     } } 

How to remove hao.360.cn which hijacks the homepage of various browsers

This has been really getting my nerve. My friend installed some freeware which, in turn, hijacked the homepage of various browsers. The latter include chrome, edge, internet explorer, etc.

Here is the basic information on system hardware and software .

Hardware: Dell XPS13 9360 OS: Microsoft Windows Pro 10.0.18363 Anti-virus installed: Kaspersky 20.0.14 

When the problem first occurred, the homepages of all the browsers were hijacked. I attempted and managed to fix the problem with chrome and edge by googling and trying. In the case of Chrome, I simply brutally removed all the newly added files, then remove the software and reinstall it. In the case of edge, the problem is solved by simply alter the software configuration.

However, the case of ie seems more complicated. From google, I found some thread that discussed the issue. It indicates that the malware hijacked some system dynamic library entries and one needs to restore those carefully. I only followed the most simple approaches, namely, verifying the ie shortcut, resetting the ie configurations, and looking to system register setup for “start page” “homepage” etc. The above approaches do not work.

Althoug Kaspersky did not issue any warning, some google pages point to install certain malware remover. However, some of these, such as SpyHunter, might be potentially a scam themselves. Therefore, I question is

Is there a trustworthy malware remover I should try? or What should I do?

Many thanks in advance!

Background of ul list is white. How to remove background? [migrated]

I’ve tried this, but I still see a white background on the ul

*{   background-color: transparent;   background-image: none; } 

CODE:

<!DOCTYPE html> <html lang="en" dir="ltr">   <head>     <link rel ="stylesheet" type="text/css" href="style.css"     <meta charset="utf-8">     <h1 class="title">PARALLEX</h1>     <style>.main.img {   height: 100%;   width: 100%;   position:absolute;   z-index: 1; } .title{   color: white;   width: 100%;   font-size: 450%;   font-family: sans-serif;   margin-top: 12.5%;   position: absolute;   z-index: 2;   letter-spacing: 1.25em;   text-align: center;   text-indent: 1.25em; }  li, a, button {   font-family: sans-serif;   font-weight: 500;   font-size: 16px;   color: white;   text-decoration: none; } *{   background-color: transparent;   background-image: none; } nav {   order: 1; } .nav_links {   list-style: none;   margin: 0; } .nav_links li {   display: inline-block;   padding: 0px 20px; } .nav_links li a {   transition: all 0.3s ease 0s; } .nav_links li a:hover {   color: #0088a9; }  body {   margin:0; } </style>   </head>   <body>     <nav>       <ul class="nav_links">         <li><a href="#">HOME</a></li>         <li><a href="#">SHOP</a></li>         <li><a href="#">ABOUT</a></li>         <li><a href="#">SERVICES</a></li>       </ul>     </nav>     <div>       <img class="main img" src="mountains.jpg">     </div>   </body> </html> 

How to properly remove resource object completely?

Suppose I get some resourceObject:

resourceObject=ResourceObject[...] 

Next, I download a local copy of its data:

resourceData=ResourceData[resourceObject] 

Now I look at the places in my system where it has made modifications:

LocalCache[resourceObject] resourceObject["ResourceLocations"] resourceObject["ContentElementLocations"] 

If I try to remove it:

ResourceRemove[resourceObject] 

Then I can see that

resourceObject["ResourceLocations"] resourceObject["ContentElementLocations"] 

have been deleted but LocalCache[resourceObject] still remains.

So what am I doing wrong?

Also when I download its example notebook where is it stored?

resourceObject["ExampleNotebook"] 

Completly disable and remove Thumbnails?

this is my first question, so forgive me if it is not perfect 😅

I am asking, if there is a way, to completely disable and remove the thumbnail functionality from WordPress. (I am using an image CDN plugin, which is taking care of resizing, optimizing, etc. So, no need for the extra size and file count consumption by thumbnails)

I already know how to prevent WordPress from generating thumbnails, good so far. I also know how to delete all thumbnails (from the filesystem). But doing this on my staging environment brought up 2 obvious issues I forgot about.

To prevent the issues, I would need functions, that:

Removes all thumbnail information from the WordPress database (i guess postmeta?)

“Replaces” the image size Settings, of all images used in Blog-posts or Pages, by “Full Size”

enter image description here

“Replaces” the thumbnails, used by the media library, with the full-sized image (since I want to delete all thumbnails)

Meida Library Thumbnail Link

Thanks in advance

Quarantine virus found – how to remove the file securely?

There is a file found by antivirus program and it was put into the virus’ quarantine section (its not a false positive).

Now I don’t know how to handle this “quarantined” files.

1) What is the best practice and secure way to deal with them? Delete from quarantine, or let them in there?

2) If i delete a file from the quarantine, does it mean that it goes to the “recycle bin” of the computer and is thus still existent on my PC, and could be recovered by some tools like Recuva? Or will it be gone for ever

3) What happens if there are files in the quarantine and you accidentally de-install the antivirus program from your PC, what happens to the files?

Thanks.