While reviewing the logs of my OpenVPN server recently, I noticed a series of suspicious looking entries that indicated that it was being used as part of a UDP reflection attack. Thankfully this is pretty straightforward to block using the built in functionality of OpenVPN and/or firewall software such as nftables. I'll cover both approaches here.
Enabling multi-factor authentication (MFA) is one of the single most effective steps you can take to protect your online accounts against unauthorised access. Combining something you have (a device or smartcard) or something you are (biometrics) with something you know (your password) ensures that if your password falls into the hands of an attacker, whether through a security breach, malware, or brute force guessing, then they still won't be able to get access to your account.
Opcache is one of PHP's most powerful tools when it comes to performance. With the release of PHP 7 it received a new feature which has gone largely un-noticed: the file cache. Depending on your hosting environment and/or traffic levels the file cache may be able to help squeeze even more performance out of PHP.
PHP apps can easily begin to slow down over time as they grow, and with the recent patches for the Meltdown vulnerability adding a performance penalty to many workloads this slowdown can be amplified. Often there are some simple changes that can be made in order to see a measurable performance improvement for production workloads.