Fail2Ban

Fail2ban is an intrusion prevention framework written in Python. It operates by monitoring logs and running certain scripts based on findings. A good example where Fail2ban is used, is when there are repeated failed password attempts to a SSH port. Typically, the offending host is locked out for a period of time.

Fail2ban is ideal when there’s a brute force attack on a server. It will slow down an attack since the blocked host is locked out for a period of time. Although, it prevents attack from a single host, it shortcoming is, it fails to protect against a distributed attack from a network of computers.

Fail2ban is generally used with firewall programs such as Iptables, which are available on most Linux based servers. Fail2ban updates the firewalls rules when successive failed attempts occur on the system, therefore locking out the remote host for a certain period of time.

To install Fail2ban on Ubuntu or Debian from the Terminal:

$ sudo apt-get install fail2ban

You can edit the config file to update the settings. For example, you can increase the bantime from 600 to 1200 seconds. Or you can increase maxretry from 3 to 6.

$ sudo nano /etc/fail2ban/jail.conf

Run Crontab As A Certain User

Crontab is great when you want to run a program or a script at certain times of the day, week or month. You just schedule crontab, and it will run for you automatically, almost all the time, without a hitch. Crontabs are great if you have certain requirements that you want to run at specific times of the day. Now, each system user has their own individual crontab.

To run Crontab as a yourself, you simply type in the Terminal.

$ crontab -e

The crontab format is typically: * * * * * /var/www/yourscript.sh

But, I’m not going to go into details about crontab in this post.

If you need to run Crontab as another user, simply use the -u switch.

$ crontab -u username -e

If a user doesn’t have permission to run crontab, you may need to run it as sudo.

$ sudo crontab -u username -e

Simple Invoices 500 Internal Server Error

Simple Invoices is a free, open source, web based invoicing system that you can install on your server, desktop, or at a service provider. I installed Simple Invoices on a webhost company I rather not mention. The application was working fine, until they tweak their PHP settings several months back. As a result, the PDF export in Simple Invoices no longer worked. I was bummed. So, I was forced to run Simple Invoices from my home server, which was fun, but the issue was, I can’t access it outside of the house.

So, I decided to install Simple Invoices on my new account at Linode. Now, the funny thing was, the application won’t even come up. Not even a login page. So, I searched online for a possible solution to my dilemma. Some suggested to increase the php memory settings to 128M, but that didn’t work out for me. At one time, I thought I had a missing pdo_mysql module, but that wasn’t the case. Then, I stumbled into something that led me to the ultimate discovery.

Simple Invoices has this configuration file called config.ini located inside the config folder. One thing this application doesn’t like are extra characters inside the config file. I happen to like funky passwords with interesting characters like +-)!@#. My MySQL password happens to have a close parenthesis in it. Essentially, this extra character caused the entire application to not start. So, I change my password, and sure enough, the application worked.

So, if you ever get a 500 internal server error with the Simple Invoices application, make sure you don’t have any of those extra characters inside your config.ini file. I wasted two hours trying to fix this issue, only to be surprised by such an idiotic requirement. That means I can’t use difficult passwords for this application. I think this is either a design issue or a funny requirement of the Zend Framework, which by the way, Simple Invoices is written on. It was somewhat funny, but I wasn’t amused.

Use UUIDGEN For Passwords

An impenetrable system is only as good as its weakest password. Computers systems are often attacked using brute force. Most users tend to use really simple and easy to guess passwords. The use of complex passwords on the other hand, makes it almost impossible for them to remember. That’s why passwords typically fall in the 6-8 character range.

For systems and applications, that don’t need human intervention, when communicating to databases and other systems, a much more complex password can be assigned. These passwords typically do not need to be typed-in on forms, so they can be long, difficult and outrageous. There’s a Linux utility called UUIDGEN which randomly creates and generates unique universal identifiers.

A typical output would be:

150152b0-cd0e-11e1-9b23-0800200c9a66

These keys are perfect for systems and applications. For example, WordPress requires a username and password to talk to the MySQL database. The database credentials are typically stored in wp-config.php file. A key generated by UUIDGEN can be used in this scenario. This is just one example where long and difficult passwords can be deployed. They can be used for other purposes as well.

So, if you have access to a Linux system, to generate a unique key, all you have to do is type the command, “uuidgen” in the Terminal.

WordPress Blank Dashboard

I recently moved one of my blogs to Linode, a VPS hosting company. I noticed right away, when I logged in as admin, that the WordPress Dashboard, displayed a blank page. That’s not good. So, I started removing plugins by renaming the plugin directories until I found the offending plugin. Sure enough, it was a custom plugin I wrote myself.

Nothing has changed. The plugin hasn’t been touch. WordPress is the same latest version. The only thing that changed was the host server. So, I started looking into my PHP installation. What could possibly be missing? When I looked into my plugin code, I noticed some references to curl. I realized my server was missing a php5-curl module on the new host server.

A simple command to install php5-curl on the new server does the trick.

$ sudo apt-get install php5-curl

In this particular case, a missing module in PHP, caused the plugin to die unexpectedly, resulting in a blank Dashboard page within WordPress. Removing offending plugins temporarily fixes the issue, but it doesn’t get to the root of the problem. In my case, I was able to narrow it down to the missing PHP curl module that my plugin desperately needs.

In any case, everything is back to normal as expected, except for the blog, which is serving pages exceptionally fast, since I’m now running at Linode.

450000 Email Passwords Revealed

A hacker group calling themselves D33Ds Company have published a list of over 450,000 email addresses and passwords online. Hackers were able to compromise Yahoo Voice’s service using the good old SQL injection as reported by a Forbes article.

According to a count by DataLossDB, the collection of leaked email addresses includes 136,000 Yahoo! mail addresses, 106,000 Gmail addresses, and 54,000 Hotmail addresses. Though it’s not exactly clear what Yahoo! service the passwords linked with those accounts in the hacker’s dump can be used for, they may give access to the listed email addresses in many cases where the user re-uses passwords between services.

I guess it time again to change passwords. What a pain.

Linux Nano Editor

In metric terms, nano means one billionth of a unit, or 10-9. Apple has a product called the iPod nano. In Linux terms, Nano is simply a terminal editor. If you’re looking for an alternative to the vi editor, then consider using Nano.

Nano is derived from the words Nano’s ANOther editor. Nano is an enhanced Pico clone, Pico being another Linux terminal editor. Nano is a little bit quirky in the beginning if you’re coming from the vi world. But, once you’re used to the editor, you’ll be glad you tried it.

In my opinion, I think you can do editing faster in nano than in vi, once you get used to all the controls. Here are several common and important controls within Nano that you should be familiar with: Crtl-O to save, Ctrl-X to quit, Ctrl-K to cut, Ctrl-U to paste. Ctrl-Y to page up, and Ctrl-V to page down.

Read up on the basics of the nano editor.

Install CodeIgniter The Secure Way

CodeIgniter is a PHP framework for rapid application development. It’s exceptionally fast and it comes in a small footprint. Installing CodeIgniter is fairly straightforward. You just upload the CodeIgniter files and folders to the directory of your choice.

But, for a much more secure installation, you should probably move the application and system folders above your webroot folder, so that nobody has direct access to it. In addition to moving them, you also need to set the full server paths in the main index.php. You will need to edit index.php found in the main CodeIgniter folder.

Change the following entries to:

$system_path - '/full-server-path/system';

$application_folder = '/full-server-path/application';

Save. That should do it.

Incorrect Email Address Format

I set up a mail server yesterday. I installed Postfix, Courier and Squirrelmail. After a few tries, I finally got all of them to work. I was testing the email addresses that I created to see if it was sending and receiving mail. I noticed that the email addresses were in the wrong format. Instead, I was getting this email format.

username@server.domain.com

I want this.

username@domain.com

Well, after several tries and a few Google searches, I finally figured what was causing the problem. In the Postfix config file located at /etc/postfix/main.cf, there’s a reference to:

myorigin = /etc/mailname

I simply edited /etc/mailname file and changed it from:

server.domain.com

domain.com

Now all my email addresses are in the correct format.

Ulyssesonline

the online surfer