Subscribe to this feed

Brute force for the win

Friday, 4th October 2013

If you are going to try an brute force passwords over ssh you should probably try better usernames than ferlac and gyurushop.

I wish I had logs of what sort of password ferlac and gyurushop would have.

Oct 4 14:56:15 wombat sshd[12240]: input_userauth_request: invalid user ferlac [preauth]
Oct 4 14:56:15 wombat sshd[12240]: pam_unix(sshd:auth): check pass; user unknown
Oct 4 14:56:15 wombat sshd[12240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=
Oct 4 14:56:17 wombat sshd[12240]: Failed password for invalid user ferlac from port 38348 ssh2
Oct 4 14:56:17 wombat sshd[12240]: Received disconnect from 11: Bye Bye [preauth]
Oct 4 14:59:19 wombat sshd[12271]: Invalid user gyurushop from
Oct 4 14:59:19 wombat sshd[12271]: input_userauth_request: invalid user gyurushop [preauth]
Oct 4 14:59:19 wombat sshd[12271]: pam_unix(sshd:auth): check pass; user unknown
Oct 4 14:59:19 wombat sshd[12271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=
Oct 4 14:59:21 wombat sshd[12271]: Failed password for invalid user gyurushop from port 58955 ssh2

Defaults chosen for another era

Tuesday, 1st October 2013

I had to set up squid last week for a reverse proxy type arrangement and I was pretty amazed to see that the default config file that comes with ubuntu still has the same example memory and disk cache entries that were probably around when I first set it up in the late 90's on Slackware.


cache_mem 100 MB

cache_dir ufs /var/spool/squid3 100 16 256

100mb may have been a lot of memory way back when, but for the box I was using last week 28GB was a bit more like it. As a practical issue I was left wondering if the cache_dir entry was actually in GB and had to look it up.

Makes me wonder if everyone uses varnish or some other such new shiny these days and if there is some kind of beautiful symmetry around dinosaurs such as me using old dinosaur software like squid.

Google Adsense over SSL

Wednesday, 18th September 2013

It looks like Google have started offering adsense ads over an SSL transport in the last few days, so I've made the relatively minor change to take advantage of it.

With the scary warnings and other messages taken care of plus me finding the smaller wide format text ads I think I'm happy enough to leave them on the site.

What has happened here?

Tuesday, 17th September 2013

Some poor misguided firewall / router / voodoo packet forwarding aparatus has decided to let this packet out:

*mangle DROP: IN=eth0 OUT= MAC=00:14:85:17:09:8e:00:23:5e:7c:ba:1b:08:00 SRC= DST= LEN=76 TOS=0x00 PREC=0x00 TTL=251 ID=19777 PROTO=UDP SPT=65535 DPT=123 LEN=56

Theres a heap of drops in the logs for rfc1918 addresses, but is a new one.

Trying to route on a Cisco ASA

Thursday, 12th September 2013

NAT, NAT sausage egg and NAT, that's not got much NAT in it.

Come back, all is forgiven

Thursday, 12th September 2013

Well Google has decided to un-disable my ads now which I suppose is better than a kick in the head.

I can't be totally sure that it was the link to the torrent site that did it because the process is very vague, they essentially give you a link to their terms and conditions and state that the violation is in there somewhere.

I'm not actually sure I want the ads anymore anyway because it is all a bit tacky looking and changing the site to https has made some browsers output scary looking messages for combining the http content of the ads in a page served up with https.


Tuesday, 10th September 2013

Google have suspended my Adsense account for 'Copyright Infringement'.

I was pretty surprised about that initially considering I've written all the code here in perl, bashed away at the HTML, javascript and CSS by hand, done all the images in gimp and I'm sure no one would want to try and take credit for my ramblings.

My guess after doing some more research on it is that they suddenly took offence to a link in the bookmarks section ( that had been there for the last four years at least ) to a torrent site which I won't name, but has links to obtain television in an easy manner. Pretty amazing to think that could qualify as copyright infringement.

I don't really care if they reinstate the ads or not, they kind of lower the tone a bit and mess up the page layout.

Two posts in two days

Tuesday, 10th September 2013

If you implement code to add posts to the database then its a whole lot easier to post stuff. Strange but true. Perhaps I should have put more effort into implementing that than implementing editing pages and there could have been updates for the last five years or so.

Also, I've changed all the URL's in the html for this site and in the database to use https and put in a permanent redirect so everyone should get here via https now. I did this for www.osoal.org.nz a while back and it seems to have worked okay.

Previous Next

© 2009 Lincoln Reid <lincoln@osoal.org.nz>