Finding and blocking an abusive host from your Apache log

Finding and blocking an abusive host from your Apache log

My web site slowed to a crawl last night, my CPU usage soared to 100%, and my built-in security measures weren’t helping. I ended up having to do some old-school Linux sysadmin work to stop them.

I haven’t been an everyday sysadmin since 2009. But every once in a while I can still come off the bench and do this stuff.

Read more

What is vltov1?

On the afternoon of July 5, 2016, a mysterious directory called vltov1 appeared in the filesystem of my web server. A few files on my site changed, and soon my blog crashed, due to changes I’d made in the database structure.

Something connected to this vltov1 was trying to hack my site further, but had made some assumptions based on me running WordPress that happened to be wrong.

Read more

I got hacked. I did it to teach you a lesson, and I’m sure you believe it.

The other day, this showed up in my e-mail:

A file change was detected on your system for site URL https://dfarq.homeip.net. Scan was generated on Tuesday, November 3rd, 2015 at 5:25 am

A summary of the scan results is shown below:

The following files were removed from your host:

/var/www/wp-content/cache/supercache/dfarq.homeip.net/wordpress/index.html (modified on: 2015-11-03 03:23:52)
======================================

The following files were changed on your host:

/var/www/wp-content/themes/twentyfourteen/functions.php (modified on: 2015-08-19 22:24:04)
/var/www/wp-content/themes/twentyfourteen/header.php (modified on: 2015-08-19 22:24:04)
======================================

Login to your site to view the scan details.

I didn’t make those changes. Fortunately fixing it when changes appear in functions.php and header.php that you didn’t make is pretty easy.

Read more

Port 2381: What it is and how to manage it

I was doing some scanning with a new vulnerability scanner at work. It found something listening on a lot of servers, described only as Apache and OpenSSL listening on TCP port 2381. The versions varied.

Luckily I also had Qualys at my disposal, and scanning with Qualys solved the mystery for me quickly. It turned out to be the HP System Management Homepage, a remote administration/diagnostic tool that, as the title says, lets you manage HP server hardware. It runs on Windows, Linux, and HP-UX. Read more

Stand up for net neutrality

Neocities has decided to do something about Net Neutrality–shunt the FCC into the slow lane, and post the code for doing it so the rest of us who run web sites can do it too. The original was written for Nginx; I need to give serious thought to implementing the Apache version.

Net neutrality has nothing to do with the political bent of the content–the people you may hear talking about it on the radio are wrong, which is why they’re yakking on the radio and aren’t working at ISPs or IT departments–and everything to do about raising prices. What we’re seeing now is telecommunications companies, who are already ultra-profitable, gouging companies like Netflix. And Netflix is doing exactly what a company that suddenly has to pay new taxes would do–raising prices.

The difference is that it’s old-line companies doing the taxing in this case rather than a government. That’s all.

The other objection I hear is that lots of innovation happened on the Internet without regulation, so why regulate now? The difference is that the environment in the late 1990s, when the seeds of all of this were planted and started to sprout, was very different. Back then we had hundreds of ISPs, all of whom participated in building out what we have now. None of them wanted to charge both subscribers and content providers, and none of them could have anyway. If Earthlink had tried to shake down Ebay and Amazon and make them slow, people would have switched to someone else–one of any number of regional providers, or equivalent services run by companies like IBM and the old AT&T (prior to its re-merger with Southwestern Bell). Today, many people live in areas only serviced by one broadband provider. Most people have two, but that’s not like the old days.

If I could have anything, I’d like more competition. I’d love it if the average U.S. citizen had a choice of a dozen or so broadband providers. Then we could have a truly free market. Instead, we have duopolies, a situation much like the situation with electricity and natural gas in most municipalities, and broadband providers face far less regulation than power companies do, even though as they grow in importance.

Some security short-takes I never got around to posting

Here’s some stuff I’ve found in recent weeks that I never got around to posting, so I’ll just round it all up briefly. Read more

How long does a hard drive last?

How long does a hard drive last?

If you’re asking how long does a hard drive last, I found this study on hard drive longevity last week.

I take issue with the opening paragraph but the rest of the article is very good. The opening paragraph is a bit deceptive—hard drives were anything but common 30 years ago. Even 25 years ago, they were a serious status symbol. I remember in 1988, a classmate told me his dad had just bought a computer with a hard drive, and swore me to secrecy. Why? Because in today’s dollars, a computer with a hard drive in 1988 cost around $2,000, minimum, and given that his dad was working towards his master’s degree at the time, he probably had a really hard time affording that. If you had a hard drive even in the late 1980s, you were either very rich, or you took your computing very seriously and were willing to make some serious sacrifices somewhere else.

But, like I said, the rest of the article is very good. I’m being a curmudgeon. Read more

Libre Office and Open Office both grow up a bit–together

Both Libre Office and Open Office released new versions this week, and the changelog indicates a good amount of shared code between the two, at least in this go-round. The animosity between the two—Libre Office is a fork of Open Office, dating to before the time Oracle spun the project off to Apache—may thus be overstated. Read more

Computer burn in explained

Computer burn in explained

I’ve worked several different shops now that seem to have a misconception about computer burn in. So I’m going to explain it.

I think there’s a misconception that if you let a computer run with a light load for a while, it somehow gets stronger, and ready to handle a big workday load.

I’m 5’9″ and weigh about a buck-fifty, so trust me, I know a non-bodybuilder when I see one. And computers aren’t bodybuilders. Read more

Linux admins beware, there’s a web server exploit in the wild

No OS is 100% secure if there’s enough desire to get in. There’s a web server exploit targeting Apache, Nginx, and Lighttpd running on Linux–a first of its kind, in at least one regard. Ars Technica has the details, including where to get a script to check to see if your server is infected.

According to this page, if you execute this command:

strings /usr/bin/apache2 | egrep opentty

you’re clean if nothing comes up, and your infected if you see one or more matches. If your system stores its httpd elsewhere, change the first parameter to match.