Computer environmental crisis. (or why sysadmins drink)

In a previous post I wrote about how to block dictionary attacks with iptables and an adaptive blacklist. I’ve moved the script to several different hosts and it worked on all of them but one. It’s an aging CentOS 5.5 system (I know, I know, it should be updated.) For some reason it wasn’t picking up on the active BLACKLIST entries. It would do its thing just fine when run from the bash prompt but not when run from crontab. Turns out it has to do with the environment.

Continue reading “Computer environmental crisis. (or why sysadmins drink)”

Blocking dictionary attacks with an adaptive iptables firewall. (CentOS)

As anyone knows who has ever administered a server that is exposed to the web the Internet is a hostile place. Our servers are continually bombarded with a never ending stream of attempts to guess user ids and passwords. The source is from countless botnets and is constantly changing. I’ve tried a number of approaches to counter these attacks and I think I have come up with a solution that seems to be working.

Continue reading “Blocking dictionary attacks with an adaptive iptables firewall. (CentOS)”

Blocking SMTP brute force attacks with iptables on CentOS

Recently our email servers have come under sustained brute force attacks by script kiddies doing dictionary attacks. These go on for 24 hours a day from a variety of sources including pools of IP addresses that alternate probes from a common dictionary. These were flooding the maillog with authentication errors at a rate in excess of one every 10 seconds or so.

Iptables in the Linux network stack has the ability to look inside of a packet and match a string. We’ll use that feature to pick out authentication errors on the outbound side in order to block them on the inbound side.

Continue reading “Blocking SMTP brute force attacks with iptables on CentOS”

Filtering Spam by keyword in Microsoft Exchange Server

The latest wave of blackmail scam emails is becoming a genuine PITA. Script-kiddies are harvesting email addys, username and password combinations from the released lists from hacked sites like LinkedIn or MySpace or via dictionary attacks on mail servers and then sending out blackmail emails. They are kinda comical unless you happen to be really stupid and are in the habit of going to pornhub for 10 minutes at a time. There must be enough of those kind of lusers to make it profitable… Here are some sample emails.

Continue reading “Filtering Spam by keyword in Microsoft Exchange Server”

Windows Server Backup – Restoring files from a scheduled backup disk created on another system.

Restoring a Windows Server Backup to a Different Server

Something that is not very well documented is the process of recovering a backup created on one server to a different one using Windows Server Backup. When you browse a disk that was part of a scheduled backup the contents are protected by the security settings on the file system. We recently had to recover some files that were on a 2 TB hard drive that was part of a scheduled backup on a Server 2008 R2 system that had been subsequently virtualized and was running under Server 2012 R2 Hyper-V. Attaching the disk to the VM was not an option and the WSB utility in Server 2012 wouldn’t recognize any backups on the hard drive.

Continue reading “Windows Server Backup – Restoring files from a scheduled backup disk created on another system.”

Windows Server Backup – Email backup status notifications

Windows Server Backup does a reasonably good job of backing up a Microsoft Server. But like any backup it’s good to have some sort of notification about the success or failure of the backup. I first started to use it with SBS Server 2011 and as part of that bundle the server emails a daily report summarizing the health of the server. When we virtualized and moved a number of SBS servers over to Hyper-V hosts the backup chore moved to the host machine. The summaries still arrived but the backup status was no longer part of it. Besides, it would be nice to be able to see in the subject of the email the status of the backup and not have to open the email if all is good.

Continue reading “Windows Server Backup – Email backup status notifications”

IPTables Script to Fend Off DDOS Attacks

We recently have had a number of sites that have been hit by DNS amplification DDOS attacks. You can turn off recursion and do other things in NAMED to prevent you from being a target but once they target you the attack can go on for a long time after your server has been properly configured. This script is also good for thwarting SSH, IMAP, and POP3 probes. Just change the port number and tune the limits.

Continue reading “IPTables Script to Fend Off DDOS Attacks”

nsupdate with bind views – NOTAUTH error

I hope this saves someone the half a day I just wasted.
I was trying to set up dynamic dns for a client. I found a number of helpful links.
A useful script that allows you to do dynamic dns from a DD-WRT box.
A step by step howto for nsupdate.
The problem was that I was getting an NOTAUTH error every time that I tried it from the name server itself. After regenerating keys, trying every possible variation of configs I finally decided to try it from another server, and it worked!
The problem – I had configured different views in my named.conf and I had a localhost view.

Continue reading “nsupdate with bind views – NOTAUTH error”

Ubiquity PicoStation2 AirOS with CoovaChilli, Wifidog, busybox with awk

First attempt at building AirOS firmware with CoovaChilli, Wifidog, and busybox with awk enabled. It didn’t brick my unit and it seems to all work. Use at your own risk.
XS2 8 meg for PicoStation XS2.ar2316.v3.5.SDK.100616.1213-8M.bin
XS2 for models ??? XS2.ar2316.v3.5.SDK.100616.1213.bin
I found through trial and error that the proper file to edit was /usr/src/airos/SDK.UBNT.v3.5.4499/conf/xs2/busybox.config, not the one in apps/gpl/busybox.

These were the issues and problems I had while building it. ( Copied from my posts at )

Continue reading “Ubiquity PicoStation2 AirOS with CoovaChilli, Wifidog, busybox with awk”