Home Lightracers Consulting

Things to look for in a technical due-diligence

Before writing a proposal for a service/operations work, many vendors are given a chance to attend a due-diligence program. Many organizations prefer to have only one type, i.e. Technical Due-Diligence. In this blog post, we give you some points to remember and ask for while attending a technical due-diligence.

Generally, this will be a single-sitting meeting where the vendors can interact with existing service providers. This meeting will help the new service providers understand the functionality and feasibility of a system. This will help them in writing a suitable proposal and taking over the work. This meet should have at least two types of people from either side. One is technical and another is of process. Technical people will interact on the technology, implementation and other ground level activities, where as Process people will understand how the system is being handled, how the requirements are handled, what environment the team is in and others.

From the new vendors perspective, below is the list of areas that you can discuss and these will help you in preparing your proposal.

Introduction

  • System Background & Description
  • System Demo
  • Objectives of Engagement
  • Benefits Expected from Engagement
  • Future Product Roadmap
  • SCOPE of the work to be done in this engagement
  • High level Deliverable Expected
  • High level Timelines/ Milestones
  • Customer Information
  • Partners Information
  • Current Challenges

Current system environment

  • Understanding of Functional Features
  • Understanding of presentation layer architecture
  • Understanding of business layer architecture
  • Understanding of Data Layer architecture
  • Understanding Interfaces & Integration Architecture
  • Understanding Security Architecture
  • Understanding current system performance
  • Development Tools, Softwares, Environment, Middleware
  • Cloud Infrastructure details / sizing
  • Documentation repository & Comprehensiveness

Current software maintenance process

  • Quality Control & Quality Assurance Processes (reviews, testing, standards etc)
  • Software Release Management Processes
  • Software Deployment Process
  • Software Ticketing System
  • Enhancements assessment Process

Current application support details

  • Role & Skill Mix and # of team members
  • Maintenance Window
  • Capacity hours planned for each role in the maintenance Window
  • Scope of the work being done
  • Current Issues / Risks
  • Severity Definitions of Tickets
  • Severity level of Tickets received in last 3 months/ one year
  • Service Level Definitions & Targets
  • # of major and minor enhancement requests received in the last 3 months/ one year
  • Help Desk structure & Infrastructure of support system
  • Support expected from current service provider during Knowledge Transition & Secondary Support

You should also identify a person who can give you other information that you have missed in the session. You should understand that existing service providers might not be interested in seriously attending your call. So understand their minds and know the times when they will be available and give you a proper response.

Hope this list will give you the information for your takeoff.

Shell Script to Backup your website

Often times, you need an automated script to take backup of your web application and database hosted on your Linux server. Instead of executing many commands, combine those commands into one shell script file. In this blog, we have given a shell script that will be useful to you.

This is a shell script. You have to save this as backup.sh and run this on your server.

#!/bin/bash

# options
backup_path="/var/www/BACKUP_FOLDER_PATH"
date=$(date +"%Y-%m-%d_%H-%M")

#DB Credentials
user="ROOT_OR EQUIVALENT_USER_NAME"
password="PASSWORD_GOES_HERE"
host="MYSQL_HOST_NAME"
db_name="MY_WEBSITE_DATABASE_NAME" 

# Set default file permissions
cd $backup_path
mkdir $date $date/code_dump $date/db_dump

#Take website code backup
tar cvzf $backup_path/$date/code_dump/MY_WEBSITE_CONTENT.tar.gz /var/www/MY_WEBSITE_PATH/

# DB backup
mysqldump --user=$user --password=$password --host=$host $db_name >$backup_path/$date/db_dump/$db_name.sql

#combine .sql and website content into one tar ball
tar cvzf $date.tar.gz $date

# clean up folder
rm -rf $date

What will this script do?

This script will make a temporary folder with the name of date and time in your specified backup path. It will zip the website content using tar command. Then it will take backup of database and save it with .sql file extension. After this, the script will again zip the folder created above, containing code and database. After zipping, it will delete the temporary folder created.

After execution of this script, your website will be backed up and available as a .tar.gz file

What next?

You can either download the zip file from a file transfer software.

Note

  • This script is designed for PHP/Python applications having MySQL running on a Linux server.
  • For other types, refer other online source.

Working with AWS CodeCommit on Ubuntu

AWS Codecommit is a Git-based repository to maintain source code offered by AWS.

I. Creating CodeCommit Repository

We can create a code repository on CodeCommit by going to AWS Services menu and selecting CodeCommit service. Click on “Create Repository” button. Enter the name of your repository and click on Create Repository button. See http://docs.aws.amazon.com/codecommit/latest/userguide/getting-started-cc.html for more detailed info.

II. Installing Git client in local system

Once created, you can access the repository from your Linux system. In this example, we give you and overview of accessing the repository from Ubuntu. We need Git software

sudo apt-get install git

After Git is installed, we need to create an SSH key on Ubuntu and add the public key back into the CodeCommit repository. This is required to give access to the users to pull and push the code into the repository.

III. Creating IAM user in AWS

The user has to be created in AWS IAM to access the code repository.

  • Go to AWS IAM
  • Click on “Add User”
  • Enter the username.
  • Select Access Type as “Programmatic Access”
  • Click Permissions button and give access to “AmazonRDSFullAccess, AWSCodeCommitPowerUser, AmazonElastiCacheFullAccess, AmazonS3FullAccess” policies
  • Click on Review button
  • Click on Create button

The next screen will show the Access key ID and Secret access key. Make a note of these.

The user will be created and shown in the IAM Users list. Click on the user name to check the details.

IV. Creating SSH keys for AWS CodeCommit

In your Linux Terminal give the below command

$ ssh-keygen

Select a file name and enter a passphrase. Below is an example

lightracers@lightracers-laptop:~$ ssh-keygen
 Generating public/private rsa key pair.
 Enter file in which to save the key (/home/lightracers/.ssh/id_rsa): /home/lightracers/.ssh/id_codecommit_rsa
 Created directory '/home/lightracers/.ssh'.
 Enter passphrase (empty for no passphrase):
 Enter same passphrase again:
 Your identification has been saved in /home/lightracers/.ssh/id_codecommit_rsa.
 Your public key has been saved in /home/lightracers/.ssh/id_codecommit_rsa.pub.
 The key fingerprint is:
 SHA256:lim0...................mKy7QnDPxR/2pELs lightracers@lightracers-laptop
 The key's randomart image is:
 +---[RSA 2048]----+
 |o.+oo. o |
 |*o .+ = |
 |=o+ = O . |
 |+ @ = + . |
 |o.O * X S o |
 | o + + B . |
 | . . E o |
 | . |
 | |
 +----[SHA256]-----+

Next step is to add this RSA public key to the IAM credentials tab. The RSA public key will be available with the extension of .pub for the rsa id file you had created earlier. For ex. /home/lightracers/.ssh/id_codecommit_rsa.pub

$ cat /home/lightracers/.ssh/id_codecommit_rsa.pub

The output will be key file..

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ3nfWB+........O+ULf lightracers@lightracers-laptop

Go back to IAM User details screen. Under Security Credentials tab, click on “Upload SSH Public Key” button. Enter the public key copied in to the field and click on “Upload SSH Public Key” button. Once this, this will generate a SSH Key ID. Create a ssh config file if not yet created

$ nano ~/.ssh/config

Copy the SSH Key ID generated created and paste it in ~/.ssh/config file. The file content will be

Host git-codecommit.*.amazonaws.com
 User APKAXXXXXX
 IdentityFile ~/.ssh/id_rsa

Go back to terminal and give following commands

$ ssh -v git-codecommit.ap-south-1.amazonaws.com

If connected successfully, you will get the success message.

You have successfully authenticated over SSH. You can use Git to interact with AWS CodeCommit. You can refer to http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-ssh-unixes.html for more details.

V. Creating the first branch on your repository

Go to your required folder and give the following command in your terminal

$ git clone ssh://git-codecommit.ap-south-1.amazonaws.com/v1/repos/MyDemoRepo my-demo-repo

This will clone your repository.

VI. Useful Git commands

Below are the useful git commands

Adding files

$ git add .

Specific files

$ git add path/to/your/file.xyz

Commit command

$ git commit -m "commit message "

Git push command

$ git push origin master

Git pull command

$ git pull origin master

Reverting the changes

$ git stash

LAMP Commands for Ubuntu – Cheatsheet

You might have already installed Ubuntu on your system/server. So you already have L- Linux. Below are the commands you would require to setup others.

Basic

sudo apt-get update
sudo apt-get upgrade

A-Apache

sudo apt-get install apache2
sudo a2enmod ssl
sudo a2enmod vhost_alias
sudo a2enmod rewrite
sudo service apache2 restart

M-MySQL 5.7

sudo apt-get install mysql-server mysql-client

P-PHP 7.1

sudo add-apt-repository ppa:ondrej/php
sudo apt-get update
sudo apt-get install php7.1 php7.1-mbstring php7.1-mcrypt php7.1-mysql 
sudo apt-get install php7.1-bcmat php7.1-xml php7.1-curl
sudo apt-get install php7.1-zip php7.1-gd php7.1-intl php7.1-soap php7.1-xmlrpc

Securing Apache

In apache2.conf

ServerSignature Off 
ServerTokens Prod

VHost Setup

We can setup virtual hosts in apache.  In /etc/apache2/sites-available, copy 000-default.conf to xxxhost.local  (Rename this as per your need)

<VirtualHost www.website.com:80>
ServerAdmin root@localhost
DocumentRoot /var/www/website/www_website_com/
ServerName www.website.com
ServerAlias www.website.com
ErrorLog /var/www/website/logs/www.website.com.error_log
CustomLog /var/www/website/logs/www.website.com.access_log common
<Directory /var/www/website/www_website_com/>
AllowOverride All
Order allow,deny
Allow from all
Require all granted
</Directory>
</VirtualHost>

Certbot (Lets Encrypt)

Note: Certbot does not work for localhost and IP based servers. A domain name is required.

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-apache
sudo certbot --apache

FOR ONLY CERT:

sudo certbot --apache certonly

For renewing SSL

sudo certbot renew --dry-run

Put certbot renew <– in cron

3 reasons for your vistors impatience

People coming to your website are known to be very impatient. Ever wondered why this happens?

I. The web page is not quick enough

Do you remember those days when you had modems? A web page would take a while to load completely. People started to become frustrated with the loading time and prefer to just close it instead of waiting. But the age of Internet has changed. These days we have Broadband Internet available easily on many devices and there is a wide range of websites available. There are many alternative options for everything. So instead of stopping their search, they find an alternative website that instantly shows them what they want.

II. The web page is hard to read on the mobile devices

People out there use mobile devices very often. They no longer use it to call people. Mobile devices have become smart enough to interact with the people. Those devices have apps, GPS, emails and many other features that are becoming essential for daily life. So people rely on using mobile devices. When people search on them for something and land up on your website they expect that they can read your website on the screen. If your web page is not responsive enough to reorganize itself for the smaller screens, people find it difficult to read microscopic sized alphabets shown to them. The result – they just move on.

III. The webpage is not easy to understand

One aspect of this is the placement of links. If the visitor finds it hard to trace the common locations such as About Us, Contact etc, they are in some kind of confusion. Instead of trying to figure out, they just leave.

Even if you have such things in place, visitors leave when they do not understand why you are showing the web page to them. If they don’t understand the value you are offering to them they will simply go back to where they have come from.

These 3 aspects are very crucial in understanding the behavior of visitors on your website or your landing page. If you are able to address these on your websites, you can then handle visitor retention and engagement aspects.

Landscape of Digital Marketing

Digital marketing is becoming the strategy to be considered by the companies to promote their products or services. Individual promoters also use this technique to become popular and earn revenue. In this blog post I have tried to give a basic overview of what I call the landscape of digital marketing.

FYI, Google has made a list of most commonly used words in the digital marketing community. They are available at this link – https://learndigital.withgoogle.com/assets/media/pdf/2-digital-marketing-glossary.pdf. this list will be serving you as a stepping stone in the world of digital marketing.

  1. Google is the king (The green hill)

Google has emerged from just being a search engine to a very powerful source that is highly influencing the digital market. Many companies which are providing their services online are getting integrated with Google and trying to get into the first position in the search results displayed by Google.

Having the Google ID is highly recommended. If you have Google ID it means that you have a powerful key for digital marketing. This ID will give you access to Google Analytics, Google AdWords as well as YouTube channel. Of course you can use the same Id to create an account in Facebook Twitter and other social media. You can use them to promote your content.

  1. Data of your target audience is available (The jungle)

You must understand the user base and interests of your audience that you are targeting and the tools that give you this information. You should also identify the keywords of the search phrases which people often use. There are many tools available online for this purpose. Google also offers some very useful tools.

Google AdSense has a feature called keyword planner. You can give your preferred or selected keywords in this and understand the number of people who are searching for the similar words as well as the variants of the keywords that people use.

Google Analytics is another fantastic platform which gives you an insight of the audience that are coming into your website or the landing page. There are many tutorials available on YouTube. Have a look at them

Google Console, available in Google Webmasters tool, shows the keywords that made your weblink appear in search results. It also shows the Click Through Rate, which helps you in understanding whether clicks are happening or not.

  1. People spend time on social networking (The habitat)

You might be self aware that you spend a considerable amount of time on Facebook and YouTube. That is the power of social networking websites. People are getting collaborated socially on social sites such as Facebook Twitter and Instagram. People are also spending time in watching videos, either on YouTube, Facebook or WhatsApp.

There is a lot of textual, graphical and video content out there. They also create the content and share among themselves. If the content is of interest for a larger number of people, it gets shared instantly and just goes viral. So preparing the social media content and targeting social networks will have serious benefits.

  1. People want relevant data (The garden)

People “just search” for what they want. Many people across the world have smart mobile devices in their hands or pocket that can connect to Internet. People tend to use them to get the information that they want.

With a large share of mobile market in hands of Android, Google is very well integrated in the devices which your users have. So they just Google it. People generally do not prefer to go beyond the first page of the search results displayed by Google. It is proven that the first page will have the relevant data which the user wants. With this psychological behaviour of humans you must optimise your website or the landing page in favour of Google’s Complex and not much understood search algorithm. By identifying relevant keywords that showcase your products or services, you can try to be visible in your users Eyes.

  1. Customer engagement is the key factor (The soil)

User just surf on the Internet by visiting multiple websites. When they are not interested with the content present it to them, they just move to another website.

Holding back the visitors is crucial and is becoming much more costlier. Once a visitor has landed on your page it is very important for you to engage the user in your pages or the content and make them spend some time exploring your environment. Making a way for the user to become your customer is the main part of your digital marketing.

These are the five aspects for Digital Marketing that must be considered. As the mindset of human beings mature, more ways in the digital marketing can be discovered very soon.

How can a wordpress website get hacked?

Are you having a WordPress website and ever wondered how the site may get hacked? Worst part – your website is already hacked and you some how fixed it from the backups you have and you want to know the prevention techniques. Before understanding the prevention measures, you must understand how the hacking is done in the first place.

Here is a short video of how the vulnerability will get exploited.

As you can see in the video, the wpscan tool first retrieves important information about the WordPress installation such as version, the plugins and themes used, as well as other information like Apache version and others. Once the hacker gets the information and enumerates the users present in the WordPress installation, the next step is to brute force the system against the common and less strong passwords. With the master password in hand it will be very easy for the hacker to login, edit or delete the content, and also deface the website. If the server is also vulnerable then there is a chance to get the commands executed at the operating system level to wipe out the files.

To summarise, these are the main reasons the wordpress website hack might affect you

  • You are running an outdated version of the WordPress
  • The plugins and themes that you are using are outdated
  • Your hosting provider or your server is having a vulnerable server configuration, i.e the server hardening is not done
  • Your users are not using strong passwords
  • You do not take the backup of your website

What can you do to stop it?

There are very simple yet powerful activities that you can take care in less time.

  • Update your WordPress version as soon as the new version gets released are the latest stable version available
  • Update dependent plugins and themes when the updates are available
  • Most importantly, take regular backups of your site and the database
  • Install WP security plugin
  • Change the default administrator username from admin to something else
  • Have a strong password policy for your user accounts

The password of the administrator should be strong enough having one or two special characters, combination of upper and lowercase letters along with some numbers.

Digital Marketing-Overview

Marketing is to advertise a product or service for the right customers in right place with the right approach. The tools and techniques are concerned with promoting the business to attain targeted audience. It is crucial to a market to research the merchandise reach and acquire the purchasers. In the earlier days of traditional marketing, the approach makes the matter. The shopper can get distracted by frequent pitches. If one ensures the standards of the product/service they provide, word of mouth is enough to face up to the presence within the market. Digital marketing means to plug the product through digital media.

There are several types of Digital Marketing such as, Search Engine Optimization (SEO), Social Media Marketing (SMM), Pay Per Click (PPC) or Pay To Click (PTC), YouTube marketing (also known as viral marketing) and Affiliate Marketing. Whatever the name is, the ultimate target is to achieve sales. Every marketing technology has its own style. Social engagements, influence in public, awareness of the product, etc., indirectly have an impact on the market.

Search Engine optimization (SEO) plays a significant role. This theory was developed to address the customer requirements for what they’re searching for. Keyword planner, keyword research, link building, etc., are various ways used in SEO. Google is the most scholastic platform in the field search terms. Every keyword is indexed in Google crawler and the favorable term is displayed in its search result. For instance, if customer desires to buy a book, he has to type the name of the book in the Google search. Google verifies the term in its database and displays the foremost relative item in the search result.  Customer will go to the primary link from the results page. Keyword search from the back end development from the content in sites are going to be indexed by google and is crawled in step with the Google algorithm. Not only Google but also Bing, Yahoo, ask and many of the search engines have their individual logic to browse the keywords.

Social Media Marketing (SMM) is going viral these days. The practice of SMM makes huge Return On Investment (ROI). Facebook, LinkedIn, Instagram, Twitter, Whatsapp and other tools are available for Digital Marketing.Targeting the audience for product acceptance is an important criterion. Facebook has intelligent options like wall posting, ad-campaigns etc., using which you’ll be able to create a group or join the group you would like to market. Post within those groups, so that you’ll be able to make your website reach the individuals. Creating a page is also an important factor in Facebook. The number of likes to the page reflects the interest of your product. Facebook offers an option called Create advert which suggests the target audience for your product. You can use it to popularize your product

Pay Per Click (PPC) favors the big companies which need to market their business offerings immensely and rapidly.  You have to pay to PPC providers when the visitor clicks on the link. But here one ought to make sure that the website or product or services what you’re giving should be real and clear. Or unless it does, ROI will be minimized. It is excellent for the beginners but mustn’t think about the investment if the plan fails.

In YouTube marketing, you can promote a website with a video link. nearly 800 Million users visit youtube per month worldwide. So you’ll be able to imagine if the video makes impression on your promotion, subscribers are going to be more curious about your next offers. You can create a channel and post videos therein. The rise in subscribers lists the increase within the promotion.

Affiliate marketing conjointly used by so many individuals in recent days. Affiliate marketing means to market other companies product on your website and make the visitors to leads to make the sale. You will get a commission as some proportion that the vendor provides.Amazon, Flipkart, and Snapdeal area unit giving affiliate promoting. Not only these but also so many of the sites are offering affiliate.