When does an expired domain become available for others to register?

Domain has 30 days renewal from the date after it expired. Then redemption period activates for another 30 days.

After the redemption period, you’ll be able to register domain again.

Redemption period means this:

This status code indicates that your registrar has asked the registry to delete your domain. Your domain will be held in this status for 30 days. After five calendar days following the end of the redemptionPeriod, your domain is purged from the registry database and becomes available for registration.

apache 2.4 – Apache2 Vhost issues – when my virtualhost is enabled it makes the root domain show that virtualhost

I am running apache2 on a Debian 10 server.

I have a virtualhost for one of the subdomains I have. I’m having an issue where if the subdomain’s virtualhost is enabled, going to broadcastre.cc will show the contents of smf.broadcastre.cc (the virtualhost).

This is not intentional and any help with this issue would be appreciated.

My virtualhost confg

root@server1:~# cat /etc/apache2/sites-available/smf.conf

<VirtualHost *:80>
     ServerAdmin paczki@broadcastre.cc
     ServerName smf.broadcastre.cc
     ServerAlias        www.smf.broadcastre.cc
     DocumentRoot /var/www/smf
     DirectoryIndex index.php

     <Directory /var/www/smf>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
     </Directory>

    <FilesMatch .php$>
      # For Apache version 2.4.10 and above, use SetHandler to run PHP as a fastCGI process server
      SetHandler "proxy:unix:/run/php/php5.6-fpm.sock|fcgi://localhost"
    </FilesMatch>

     ErrorLog ${APACHE_LOG_DIR}/smf.broadcastre.cc_error.log
     CustomLog ${APACHE_LOG_DIR}/smf.broadcastre.cc_access.log combined
</VirtualHost>

The config for broadcastre.cc

root@server1:~# cat /etc/apache2/sites-enabled/default-ssl.conf
<IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerAdmin webmaster@localhost

                DocumentRoot /var/www/html

                # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
                # error, crit, alert, emerg.
                # It is also possible to configure the loglevel for particular
                # modules, e.g.
                #LogLevel info ssl:warn

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined

                # For most configuration files from conf-available/, which are
                # enabled or disabled at a global level, it is possible to
                # include a line for only one particular virtual host. For example the
                # following line enables the CGI configuration for this host only
                # after it has been globally disabled with "a2disconf".
                #Include conf-available/serve-cgi-bin.conf

                #   SSL Engine Switch:
                #   Enable/Disable SSL for this virtual host.
                SSLEngine on

                #   A self-signed (snakeoil) certificate can be created by installing
                #   the ssl-cert package. See
                #   /usr/share/doc/apache2/README.Debian.gz for more info.
                #   If both key and certificate are stored in the same file, only the
                #   SSLCertificateFile directive is needed.
                SSLCertificateFile      /root/.acme.sh/broadcastre.cc/broadcastre.cc.cer
                SSLCertificateKeyFile /root/.acme.sh/broadcastre.cc/broadcastre.cc.key

                #   Server Certificate Chain:
                #   Point SSLCertificateChainFile at a file containing the
                #   concatenation of PEM encoded CA certificates which form the
                #   certificate chain for the server certificate. Alternatively
                #   the referenced file can be the same as SSLCertificateFile
                #   when the CA certificates are directly appended to the server
                #   certificate for convinience.
                #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt

                #   Certificate Authority (CA):
                #   Set the CA certificate verification path where to find CA
                #   certificates for client authentication or alternatively one
                #   huge file containing all of them (file must be PEM encoded)
                #   Note: Inside SSLCACertificatePath you need hash symlinks
                #                to point to the certificate files. Use the provided
                #                Makefile to update the hash symlinks after changes.
                #SSLCACertificatePath /etc/ssl/certs/
                #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt

                #   Certificate Revocation Lists (CRL):
                #   Set the CA revocation path where to find CA CRLs for client
                #   authentication or alternatively one huge file containing all
                #   of them (file must be PEM encoded)
                #   Note: Inside SSLCARevocationPath you need hash symlinks
                #                to point to the certificate files. Use the provided
                #                Makefile to update the hash symlinks after changes.
                #SSLCARevocationPath /etc/apache2/ssl.crl/
                #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl

                #   Client Authentication (Type):
                #   Client certificate verification type and depth.  Types are
                #   none, optional, require and optional_no_ca.  Depth is a
                #   number which specifies how deeply to verify the certificate
                #   issuer chain before deciding the certificate is not valid.
                #SSLVerifyClient require
                #SSLVerifyDepth  10

                #   SSL Engine Options:
                #   Set various options for the SSL engine.
                #   o FakeBasicAuth:
                #        Translate the client X.509 into a Basic Authorisation.  This means that
                #        the standard Auth/DBMAuth methods can be used for access control.  The
                #        user name is the `one line' version of the client's X.509 certificate.
                #        Note that no password is obtained from the user. Every entry in the user
                #        file needs this password: `xxj31ZMTZzkVA'.
                #   o ExportCertData:
                #        This exports two additional environment variables: SSL_CLIENT_CERT and
                #        SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
                #        server (always existing) and the client (only existing when client
                #        authentication is used). This can be used to import the certificates
                #        into CGI scripts.
                #   o StdEnvVars:
                #        This exports the standard SSL/TLS related `SSL_*' environment variables.
                #        Per default this exportation is switched off for performance reasons,
                #        because the extraction step is an expensive operation and is usually
                #        useless for serving static content. So one usually enables the
                #        exportation for CGI and SSI requests only.
                #   o OptRenegotiate:
                #        This enables optimized SSL connection renegotiation handling when SSL
                #        directives are used in per-directory context.
                #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
                <FilesMatch ".(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>

                #   SSL Protocol Adjustments:
                #   The safe and default but still SSL/TLS standard compliant shutdown
                #   approach is that mod_ssl sends the close notify alert but doesn't wait for
                #   the close notify alert from client. When you need a different shutdown
                #   approach you can use one of the following variables:
                #   o ssl-unclean-shutdown:
                #        This forces an unclean shutdown when the connection is closed, i.e. no
                #        SSL close notify alert is send or allowed to received.  This violates
                #        the SSL/TLS standard but is needed for some brain-dead browsers. Use
                #        this when you receive I/O errors because of the standard approach where
                #        mod_ssl sends the close notify alert.
                #   o ssl-accurate-shutdown:
                #        This forces an accurate shutdown when the connection is closed, i.e. a
                #        SSL close notify alert is send and mod_ssl waits for the close notify
                #        alert of the client. This is 100% SSL/TLS standard compliant, but in
                #        practice often causes hanging connections with brain-dead browsers. Use
                #        this only for browsers where you know that their SSL implementation
                #        works correctly.
                #   Notice: Most problems of broken clients are also related to the HTTP
                #   keep-alive facility, so you usually additionally want to disable
                #   keep-alive for those clients, too. Use variable "nokeepalive" for this.
                #   Similarly, one has to force some clients to use HTTP/1.0 to workaround
                #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
                #   "force-response-1.0" for this.
                # BrowserMatch "MSIE (2-6)" 
                #               nokeepalive ssl-unclean-shutdown 
                #               downgrade-1.0 force-response-1.0
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType text/css A31536000
    ExpiresByType text/x-component A31536000
    ExpiresByType application/x-javascript A31536000
    ExpiresByType application/javascript A31536000
    ExpiresByType text/javascript A31536000
    ExpiresByType text/x-js A31536000
    ExpiresByType text/html A3600
    ExpiresByType text/richtext A3600
    ExpiresByType text/plain A3600
    ExpiresByType text/xsd A3600
    ExpiresByType text/xsl A3600
    ExpiresByType text/xml A3600
    ExpiresByType video/asf A31536000
    ExpiresByType video/avi A31536000
    ExpiresByType image/bmp A31536000
    ExpiresByType application/java A31536000
    ExpiresByType video/divx A31536000
    ExpiresByType application/msword A31536000
    ExpiresByType image/gif A31536000
    ExpiresByType application/x-gzip A31536000
    ExpiresByType image/x-icon A31536000
    ExpiresByType image/jpeg A31536000
    ExpiresByType image/webp A31536000
    ExpiresByType application/json A31536000
    ExpiresByType audio/midi A31536000
    ExpiresByType video/quicktime A31536000
    ExpiresByType audio/mpeg A31536000
    ExpiresByType video/mp4 A31536000
    ExpiresByType video/mpeg A31536000
    ExpiresByType video/webm A31536000
    ExpiresByType application/x-font-otf A31536000
    ExpiresByType audio/ogg A31536000
    ExpiresByType application/pdf A31536000
    ExpiresByType image/png A31536000
    ExpiresByType audio/x-realaudio A31536000
    ExpiresByType image/svg+xml A31536000
    ExpiresByType application/x-shockwave-flash A31536000
    ExpiresByType application/x-tar A31536000
    ExpiresByType image/tiff A31536000
    ExpiresByType application/x-font-ttf A31536000
    ExpiresByType audio/wav A31536000
    ExpiresByType audio/wma A31536000
    ExpiresByType application/font-woff A31536000
    ExpiresByType application/font-woff2 A31536000
    ExpiresByType application/zip A31536000
</IfModule>
                Alias /mail /usr/share/roundcube
        </VirtualHost>
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

HQ Domain DA55 PA40 Backlink Vimeo

kiddocontenidos.com
DA55 PA40 CF13
Spam Score: 1 / 18
External Backlinks: 2,599
Referring Domains: 149
Namebright, exp. 06/2020

Backinks:

https://vimeo.com/129029830
https://www.facebook.com/kiddocontenidos/ (1.734 likes)

View attachment 265829

View attachment 265830

View attachment 265832

View attachment 265831

Hostinza – Isometric Web Hosting, Domain and WHMCS Html Hosting Template

Admin submitted a new resource:

Hostinza – Isometric Web Hosting, Domain and WHMCS Html Hosting Template – Hostinza – Isometric Web Hosting, Domain and WHMCS Html Hosting Template

View attachment 18491

Hostinza Template Features:

  • 5+ Powerful Homepage Styles with unique Headers and Content
  • 20+ Unique design pages
  • Working Ajax contact form with validation
  • Valid HTML5 and CSS3
  • Fully Responsive Layout
  • CSS3 Animations
  • Mega-Menu…

Read more

.

dns – Does Google Domains offer path fowarding (as opposed to redirecting the entire domain)?

Updated Answer

Redirecting/fowarding a domain can be done within Google Domains at {your domain} > Website > Forward Domain (or Edit Forwarding).

For more info, see Google’s reference.

Old Answer (now irrelevant)

This is not possible by design.

DNS servers are only meant to resolve hostnames to IP addresses. Once the request reaches your server (i.e. www.example1.com’s IP address), you can route/redirect requests from /test to anywhere you want (www.example2.com).

dns – Why does CNAME Cloaking enable cross domain tracking?

Recently, as browsers start blocking 3rd party cookies, a risky technique known as CNAME Cloaking emerged. It is said that this technique enables trackers, especially those in the online advertising industry, to continue to track users across domains and across the web.

From https://medium.com/nextdns/cname-cloaking-the-dangerous-disguise-of-third-party-trackers-195205dc522a:

Let’s assume you visited website1.com that includes a third-party
tracker from Tracking Company, then website2.com that also includes
that tracker. Tracking Company would know that you visited both sites…

As I understand, in CNAME Cloaking, the browser doesn’t know a given external resource (such as image, iframe, or JS) is an alias to a 3rd party site. So if a user is on website1.com, the browser will still store and send first-party cookies to img1.website.com, which is an alias to trackingcompany.com.

My question is on how CNAME Cloaking establishes linkage for the same user across domains. As a specific example, say website1.com stores/sends its first-party cookie containing w1_id to Tracking Company, while website2.com sends/stores w2_id. How does Tracking Company link w1_id and w2_id it gets?

"free" namesco .co.uk domain name

They say you can get a .co.uk tld name for free. I did it they charged me £1. :oops: Still, 1 quid for 1 year domain name seems decent enough to me. Just disable auto-renew of course. I just 301'd it to my .com.
https://www.names.co.uk/

apologies if it's in the wrong area.

attack prevention – Should I have another domain name for my company internal tools

My company has a domain name that we use to serve our customers, say company.com for the main website, app.company.com for the web application and api.company.com. These are all public domains that our customers connect to use our services.

Besides this we also have another set of tools that are used only internally by our employees (customer management software, ticket management, bi, etc). I’ve clustered everything inside a single subdomain internal.company.com. This means that we have domains like tickets.internal.company.com or bi.internal.company.com.

Even though we don’t publicize these domains, since they all have a TLS certificate it’s quite easy to find them only. As a matter of fact, search through the logs I can find lots of exploit crawlers trying to access /.env, /wp-admin and so on. We always try to keep everything up-to-date, but leaving things out in the open (specially the BI tools, since they can download lots of data) scares me.

I’m thinking about buying a new domain just for these internal tools, something that is unrelated to the name of the company. I think this would at least make it harder for a targeted attack, since the attacker would have to know this domain name (thus having someone inside the organization providing this information to him).

I could force everyone to use a VPN to connect to a local network and then provide the service there, but I’m trying to avoid the hassle of having to help every non-technical employee how to use a VPN.

Am I being too paranoid? Does having a separate domain actually helps mitigate some of the threats or it would actually make any significant difference?

PS: The internal tools range from open source projects installed on our servers to services completely developed inside the company.

htaccess – Redirecting a website from older domain to a new domain URL to URL Mapping

I have a website example.com
I want to move
example.com/post-1
example.com/post-2
example.com/post-3
example.com/post-4

to newexample.com
newexample.com/post-1
newexample.com/post-2
newexample.com/post-3
newexample.com/post-4

I want to achieve URL to URL mapping.
Both old and new websites are on WordPress.

What if you give a certificate without domain authentication?

I know that domain authentication is required to get a certificate for HTTPS.
But I really don’t know why this is needed. Can’t you just give a certificate without domain verification? What happens if I just give the certificate? Are there any concerns?

I searched the website, but couldn’t find a satisfactory answer. I’m very curious about that part.