"Everything that is really great and inspiring is created by the individual who can labor in freedom." -- Albert Einstein

Tuesday, January 27, 2009

Cool Links

Every once in awhile you come across a website that is either useful/cool/interesting.
For quite awhile I've been listening to music on http://pandora.com

If you haven't ever tried it, it's pretty impressive. The music selection is very good and you can adjust the music to your taste. If you listen long enough... you will notice that songs do eventually repeat though ;)

If you have downtime, and like games, you can get on http://facebook.com and play games on Mesmo TV. Personally, I like the Word Scrabble game the best. Just a couple time killers for those of you that have spare time !

Sunday, October 26, 2008

Icewm -- With an Identity crisis

Icewm -- With an Identity crisis

Someone kept telling me "but... Linux isn't Windows.... " So, I fixed their little red wagon. It may not BE Windows, but Linux sure can LOOK like Windows.......... of course, it doesn't have those BSOD and it runs faster, but hey, nothin's perfect. :) :)

Done using Icewm and a theme and a background image. Looks pretty good. I set this up on an underpowered machine that KDE 4.1 was choking down to a crawl... XP barely ran on it, and Vista wouldn't boot I'm sure. Linux with Icewm, is very responsive, and much faster than KDE 4.1 had been. Was a fun 1/2 hour.

Saturday, August 2, 2008

Arch Linux and KDE 4.1





I use KDE for my default WM. Yeah yea yea, I know, it's NOT geeky enough. I like it though, and Arch Linux moved KDE 4.1 from testing and it is now downloaded and installed on all my computers. Alot of cool new stuff in KDE 4.1 I applaud the Arch Linux devs and the KDE team.

If you haven't tried KDE 4.1 yet..... you should. It's pretty cool :)

Wednesday, July 23, 2008

Why you should change your ssh default port.

Thought some of you might find this interesting. No one gets in, but it's funny how just changing the port number on ssh will stop 99.99% of the stupid attacks (some random bot repeatedly attempting to gain access) . Several other things SHOULD be changed in the ssh config file also, not just the port number, but this one provides the most eye opening reasons to be secure.

Installed server on Jul 17th ..... less than 5 days later, well, you get the idea.
wtmp begins Thu Jul 17 21:57:08 2008

[root@VistaCrusher1 ~]# lastb | wc -l
25349


For the less command line oriented peeps, that means I had 25,349 attempts to breach my machine via the ssh login. Bad logins recorded, along with IP's and other cool stuff.
Needless to say, I'll go change that shortly, along with several other security precautions. I just wanted to see how many hits I'd get in 5 days. That, and I wanted to see who came back.

Imagine that.....

[root@VistaCrusher1 ~]# lastb | grep 125.164.202.240
clamav ssh:notty 125.164.202.240 Mon Jul 21 16:40 - 16:40 (00:00)
clamav ssh:notty 125.164.202.240 Mon Jul 21 16:39 - 16:39 (00:00)


Someone is STILL trying.

Here is a list of WHO tried.

[root@VistaCrusher1 ~]# lastb | awk '{print $3}' | sort --unique

121.14.5.209
123.140.215.92
124.42.50.54
125.164.202.240
193.23.52.17
193.33.171.66
208.65.156.53
210.146.9.109
210.176.26.185
210.221.148.223
210.51.171.74
211.160.40.29
211.33.57.138
212.90.168.161
217.199.186.93
218.38.56.181
219.122.33.3
222.195.137.249
52.26.222.203.st
61.114.236.22
74.10.24.182
83.103.170.158
83.168.89.246
89.238.203.66
Sun
c-24-5-182-18.hs
mail.zdr.ru
mail3.gus.net
martinjajcaj.vps
mvx-200-201-183-
n220246012106.ne
security.isd.com
[root@VistaCrusher1 ~]#


As someone mentioned to me on the Archlinux forums, iptables can be used to help prevent this as well.



### START SECURITY RULES ###
# Don't limit SSH from known addreses
# xxx.xxx.xxx.xxx
iptables -A forwarding_wan -p tcp --dport 22 -s xxx.xxx.xxx.xxx -j ACCEPT

# SSH rate limiting from unknown IP addresses
# Allow 2 chances in 10 minutes to connect, reject after that
iptables -A forwarding_wan -p tcp --dport 22 -m state --state NEW -m recent --set
iptables -A forwarding_wan -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 600 --hitcount 3 -j DROP

Thursday, July 17, 2008

Status of LinuxTorrents.org

I have taken the site down completely as the TorrentTrader software that was running the site apparently had some serious flaws. I'm not sure what all this person got into on the server that was hosting LinuxTorrents.org, but it was enough to mess it up badly. I don't think I'm inclined to reload the software, or find new software at this time, I may come up with a different solution instead, or just forward it to LinuxTracker, I haven't decided.

I know WHERE the hack originated, because I KNOW I didn't have clamav on my server.

clamav     pts/1    125.164.202.240    Thu Jul 10    06:46 - 06:58     (00:12)

that was from the output of "last". In the end, I blame myself. I should have installed better software for the torrents. One solution I've debated on, while lowtech, is to just use apache and upload torrents into directories. To this day, it still amazes me that people go out of their way to destroy what someone else creates.