A few day ago, something weird happened to me, my mail server which uses SMTP authentication was listed in CBL, and as a result of that also in spamhaus.
I spent time reviewing, reading sending mail, trying to find out what was wrong with my server since CBL just told me "In short, this IP is impersonating being a machine we know it cannot be. No properly configured mail server does this under any circumstances." It was hard for me to find the problem.
I checked my maillog form start to end and everything seemed right, then I checked which ports I had opened, and same thing all was ok. Then I started doing some google search about CBL listing I just got references saying it did not give a clear response why you get blocked. To some extent it was like being eyes folded.
After reading manual, instructions and many other stuffs I realized that my server name was incorrectly set up at first, I fixed the problem but it kept getting listed. So I kept looking, until I found that one of many sited made reference to DNSSTUFF dns report, which actually pointed some mistakes for my domain. I fixed them and it almost my third day and I haven't got blocked. If you are running virtual domains I will suggest you to run dns report for each one of your domains. Make sure that you IP has a reverse DNS set correctly.
May 22, 2007
May 20, 2007
Block login failures on Linux
If you a run linux server with ssh access and you need to block Ip addresses after certain number of attempts, then I would recomend you to use fail2ban which is a opensource module that need little customization in order to get it to run.
It runs a as a service on the background so it provides real time log supervision and it can check not only for ssh failed attempts but SMTP, HTTP, and others.
Here I will just explain how to make it check for failed ssh attempts on a fedora box.
from the command line type:
Server:# yum install fail2ban
This will install all the modules and software needed to install and run fail2ban.
Once installed it places the configuration file in /etc/fail2ban.conf
The with your favorite editor you can edit this file. It is well documentend and it needs little explanation how it works, but I'll give you the basic to block unwanted ssh access
[DEFAULT]
maxfailures = number of failures before IP gets banned. Defaults to 5. but you can set this value to whatever numer you would like
bantime = number of seconds an IP will be banned. If set to a negative value, IP will never be unbanned (permanent banning). Defaults to 600 (10 min).
ignoreip = space separated list of IP’s to be ignored by fail2ban. No default. here you can add you own IP address just to avoid getting blocked just in case you forget your password
then you can go to the ssh section and set enabled to true and add the corresponding value for the logfile variable
I hope this helps you to solve your security problem
It runs a as a service on the background so it provides real time log supervision and it can check not only for ssh failed attempts but SMTP, HTTP, and others.
Here I will just explain how to make it check for failed ssh attempts on a fedora box.
from the command line type:
Server:# yum install fail2ban
This will install all the modules and software needed to install and run fail2ban.
Once installed it places the configuration file in /etc/fail2ban.conf
The with your favorite editor you can edit this file. It is well documentend and it needs little explanation how it works, but I'll give you the basic to block unwanted ssh access
[DEFAULT]
maxfailures = number of failures before IP gets banned. Defaults to 5. but you can set this value to whatever numer you would like
bantime = number of seconds an IP will be banned. If set to a negative value, IP will never be unbanned (permanent banning). Defaults to 600 (10 min).
ignoreip = space separated list of IP’s to be ignored by fail2ban. No default. here you can add you own IP address just to avoid getting blocked just in case you forget your password
then you can go to the ssh section and set enabled to true and add the corresponding value for the logfile variable
[SSH]
enabled = true
logfile = /var/log/secure
port = ssh
timeregex = S{3}s{1,2}d{1,2} d{2}:d{2}:d{2}
timepattern = %%b %%d %%H:%%M:%%S
failregex = : (?:(?:Authentication failure|Failed [-/w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) (?:::f{4,6}:)?(?PS*)
The fail2ban log can be found at /var/log/fail2ban.log unless you specify another location.I hope this helps you to solve your security problem
Apr 19, 2007
Postfix on fedora core 5
It's likely you are looking for a good tutorial that will teach you step by step how to install postfix with virtual users and smtp auth in order to avoid unauthorized SMTP relays.
Well I have installed postfix on a fedora core 5 box using a manual posted at howtoforge.com.
This tutorial will take you step by step, certain thing might fail (postfix compilation failed on my server so I downloaded the rpm provided by the tutorial) but yet, it will tell you what to do in that case.
In case that you don;t find a solution to a problem in the manual you can go to forums and post your problem and in less than a day you get a response from howtoforge.
The tutorial links is this. enjoy it:
http://www.howtoforge.com/fedora_virtual_postfix_mysql_quota_courier
Well I have installed postfix on a fedora core 5 box using a manual posted at howtoforge.com.
This tutorial will take you step by step, certain thing might fail (postfix compilation failed on my server so I downloaded the rpm provided by the tutorial) but yet, it will tell you what to do in that case.
In case that you don;t find a solution to a problem in the manual you can go to forums and post your problem and in less than a day you get a response from howtoforge.
The tutorial links is this. enjoy it:
http://www.howtoforge.com/fedora_virtual_postfix_mysql_quota_courier
Plesk control pannel limitations
When you purchase a hosting plan with a control panel you expect it to make your life easier.
Well it has not been my case, I got a server hosting with plesk control panel. First, plesk works with qmail, which is a little hard to configure. If you try to install other applications besides the ones that work with plesk, it might get corrupted as it happened to me.
I installed postfix with dovecot, but I had to remove courier-imap, after removing courier-imap, plesk stoped working.
So if you plan getting a server with a control panel I recommend you to search the web for limitations, and some other features your control panel might have.
Maybe swsoft improves plesk in the short future. It would be good to have a control panel that would allow you to configure (postfix, sendmail, qmail, etc) in such a way that with a few clicks you can multiple virtual domains running on a machine configure with plesk.
Nov 27, 2006
Perl and sql connections
Imagine this scenario: you company is running a sql server which is only accesible from your LAN, you cannot use NAT, so you need to acces from you webserver you sql server and show some information.... Then this is the solution to your scenario, there are a few steps you would need to make before star coding:
1.- if you don't have freetds, then download and install freetds you can get it from http://www.freetds.org/
2.- then you would need to go to cpan (search.cpan.org) and downlaod and install perl sybase module, this url might help http://www.linuxjournal.com/article/5732
3.- Then you are ready to query any sql sever as long as you have all ports opened on you LAN to your sql server.
Question are welcomed.. so don't hesitate in contacting me..
1.- if you don't have freetds, then download and install freetds you can get it from http://www.freetds.org/
2.- then you would need to go to cpan (search.cpan.org) and downlaod and install perl sybase module, this url might help http://www.linuxjournal.com/article/5732
3.- Then you are ready to query any sql sever as long as you have all ports opened on you LAN to your sql server.
Question are welcomed.. so don't hesitate in contacting me..
Perl and Mysql
You might wonder how to make perl work something similar to php or even asp when querying DB, well here is a code that might help you.
Php as well as asp they allow you to call fields from a record set in the way $rs['field_name'] and perl some times seem to be verydifucult... then this might change your point of views. take a look a t this:
#!/usr/bin/perl
use CGI;
use DBI;
$dbname = "";
$host = "";
my $db = 'DBI:mysql:$dbname:$host';
my $username = 'user';
my $pass = 'password';
my $dbh = DBI->connect($db, $username, $pass);
my $sql = "SELECT * FROM categoria";
$sth = $dbh->prepare($sql);
$sth->execute() or die "Error";
my($count) = $sth->rows();
print "Records: $count\n";
my %row;
$sth->bind_columns( \( @row{ @{$sth->{NAME_lc} } } ));
while ($sth->fetch) {
foreach $key (keys (%row)){
print "\$$key - $row{$key} ** ";
}
print "\n";
}
$sth->finish;
$dbh->disconnect();
exit;
This will code will let you call record set field streight from the query.. supose you have a field name id then you can cal $row{'id'} within the foreach loop.
Hope this is usefull, comments are welcomed..
Php as well as asp they allow you to call fields from a record set in the way $rs['field_name'] and perl some times seem to be verydifucult... then this might change your point of views. take a look a t this:
#!/usr/bin/perl
use CGI;
use DBI;
$dbname = "";
$host = "";
my $db = 'DBI:mysql:$dbname:$host';
my $username = 'user';
my $pass = 'password';
my $dbh = DBI->connect($db, $username, $pass);
my $sql = "SELECT * FROM categoria";
$sth = $dbh->prepare($sql);
$sth->execute() or die "Error";
my($count) = $sth->rows();
print "Records: $count\n";
my %row;
$sth->bind_columns( \( @row{ @{$sth->{NAME_lc} } } ));
while ($sth->fetch) {
foreach $key (keys (%row)){
print "\$$key - $row{$key} ** ";
}
print "\n";
}
$sth->finish;
$dbh->disconnect();
exit;
This will code will let you call record set field streight from the query.. supose you have a field name id then you can cal $row{'id'} within the foreach loop.
Hope this is usefull, comments are welcomed..
Perl old but usefull
I amazing how old programming languages as perl still exist and they have proven to be very usefull.
When I first started programming in perl, I thouhgt it was a tough language and that it was not usefull at all, now a days I have discovered that is extremely powerfull and easy to use (if you have programmes in c++ or c, or something similar) I have used it for server maintenance scripts and related tasks as well as web programming. On the long run I have discovered that perl tends to be a little slow and messy for websites so I have moved to PHP, I think asp is to dump for web, so I rather use php or somethign similar.
Its amazing how perl can do a lot of thing that with java would take a lot of time, lets say open a file, with perl you just execute the command:
open(file_handler,"filepath/filename") or print "error\n\n";
on the other hand asp, or java you need to create an instance then open, let't not mention reading a file.
As far as I have used perl, I can say perl is fantastic, and that it will stay for a while.. for more information about perl you can visit cpan.org, perlmonks.org and some other perl related links. in this blogss I will be posting a few codes from perl script I have made and explanning them.
comments are welcome.
Greeting.
When I first started programming in perl, I thouhgt it was a tough language and that it was not usefull at all, now a days I have discovered that is extremely powerfull and easy to use (if you have programmes in c++ or c, or something similar) I have used it for server maintenance scripts and related tasks as well as web programming. On the long run I have discovered that perl tends to be a little slow and messy for websites so I have moved to PHP, I think asp is to dump for web, so I rather use php or somethign similar.
Its amazing how perl can do a lot of thing that with java would take a lot of time, lets say open a file, with perl you just execute the command:
open(file_handler,"filepath/filename") or print "error\n\n";
on the other hand asp, or java you need to create an instance then open, let't not mention reading a file.
As far as I have used perl, I can say perl is fantastic, and that it will stay for a while.. for more information about perl you can visit cpan.org, perlmonks.org and some other perl related links. in this blogss I will be posting a few codes from perl script I have made and explanning them.
comments are welcome.
Greeting.
Oct 13, 2006
Googletube? who could say that!
At the beginning of this year I got to know you tube and google video because a friend of mine showed me a few videos. Then, a few weeks ago watching CNN, I watched a report on youtube.com where they mentioned that youtube had grown so much and had become a very popular company.
In that news I could see the creators of youtube talk about the history and how had it all started, but now google has acquired them form 1.65 Billion US dollars! WOW!!! It seems that it is profitable to start little websites that can become popular expecting to sell them for a high price later. Form more information on youtube purchase by google you can read this article from TechCrunch: http://www.techcrunch.com/2006/10/09/google-has-acquired-youtube/
I have noticed that huge companies that exist now a days, started a few years behind with a little site or portal as google. When I first met google it was just a search engine.. Now I am using google web accelerator, google search bar, google adsense, google analytics, google pack, and I guess there's more to come from google.
Another case is youtube, who could say that a site that allows you to upload your videos for free to the web could make its price grow as high as 1.65 Billions?. There are some other sites coming up on the list, Hi5.com, seems to be very popular, the question now is: who will purchase hi5? Msn? Yahoo? Google? Going back in history, the first story similar to this one I heard about was hotmail, which was sold to microsoft for a huge amount.
I will try to sit for a while and try to come up with and and Idea that later I can sell for some amount (2.0 billions at least) . At least this seems to be the tendency now a days. Make your site popular and sell it to some huge company.
Subscribe to:
Posts (Atom)