SSH bruteforce; change in direction?

One thing that I like to do is read. Stephen King, probably makes up for the majority of fiction I’ve read. Closely followed by Andy McNab, Stieg Larsson and Dan Brown (in no particular order). I like non-fiction too but mainly in the sciences; our treasured Prof. Stephen Hawking (should be knighted), the great Carl Sagan and the inspirational Prof. Brian Cox. I’m sure there’s more unbeknownst yet to make it to my shelf.

However, there’s only really one 100% reliable news page that I have the occasional binge on. Found in  /var/auth.log, this page has it all. Drama, frustration, desperation, success, comedy. Strangely enough, I can genuinely associate these human emotions to this silly little file. Today I will talk about both comedy and perhaps some terror too.

I like to filter the news for most of the comedy.

sudo grep "Invalid user" /var/log/auth.log

Ethen, ftp, 1111, recruit, allison, xbian, uwot, support, hadoop, test, guest, admin, jonah (my fave) … the list literally goes on. Incredible to think that these bots or people have probably cracked open a server using those names before and have been successful? Maybe. Or maybe they are trying to think outside the box. I can literally spend a day trying to understand the reason behind those user names and still be clueless. Hilarious! Jonah.

But it’s the most obvious of them all that worries me. Admin, root, and pi. The latter being the most obtainable. Pi. The default username for a main linux flavour. And maye more.

It’s scary to think that easy to follow guides for home VPN’s, plex, cloud software, ftp, webserver (the list goes on..), may not always be security conscious and may not always instruct the user to change default username, let alone the password or enabling firewall. Lets hope, for their sake, time is spent to secure a home internet facing host and does not help to breach their home networks. Sobering.

Internal Storage – A Ponder At Prices

Anyone in the market for a harddrive at the moment may be having a hard time. It’s not as simple as it once was; you’ll be looking at many different factors.

Speed, reliability, capacity, bus interface, and more importantly price.

You’ll have an even harder time if you already have an SSD and a traditional harddrive. If the SSD fails, it’s a no brainer. But how about if your HDD is on the way out? What do you replace it with? This question is what I’m asking.

For the time being, I’m negating alot of the variables that’s been mentioned and just focusing on price. I’ve trawled through almost all the harddrives on one particular UK computer retailer and started to play around with the numbers. I’ve concentrated again on only SATA devices as they are my most likely replacement.

On average, they all look to be on a linear price point when it comes to GB per £; except those of smaller capacity. At this level, I am talking about the jump in price of HDD 0.5 – 1tb and in SSD, 60-120 GB. in both cases, the “sweetspot” is the latter with a small jump in price for double the capacity. It’s both weird and confusing to think there is a genuine demand for a lesser product. It’s not so obvious in the following graph as this is a combined average of many products in the same category.

Comparison of SATA drive prices – December 2016

Again, there are 2 more interesting points with this graph. The jump in price for SSD products around the 1TB capacity and the striking difference between capacity of the top end scales of both SSD and HDD. SSD has yet, a long way to go.

Now lastly, I have picked desktop grade components for these results with a mixture of both top and bottom end products. Some lines of drive had really poor reveiws and others, really good. They were all sourced from the same site and in my veiw gives use an accurate comparison of prices in the UK.

This may well be day and night for some, but it will be interesting to do another comparison in a year to see how far things have moved forwards. If someone were to tell me we’re at a data crossroads, I couldn’t deny that.

do-release-upgrade killed my server!

It has been only within the last couple of days the website has been back online. For better or for worse, in October I decided to do a backup and hit the do-release-upgrade button on the box. It didn’t go well.

Nowadays with security holes being flagged left right and centre, being a great advocate of keeping the software updated, I took a stab. Funnily enough, the system decided to use ‘slight of hand’, turned my arm and drove the knife back into me. 100% damage. 1 hit. Didn’t really see that coming.

More annoyingly, my resurrect potion had no affect because the backup was totally rubbish. (I really must play about with backups more…).

Anyway after a nice system admin reset my box, the painstaking task of preparing, installing and configuring started again. But this time, with some interesting revelations! I decided to ditch loads of software thus making this new build a bit more economic.

Lets see, a massive ditch of vsftpd! This has always been a pain in the arse to configure and setup correctly, especially when it comes to permissions. I now use SFTP which is not only a bit less fiddly, but it also allows me to close about 25 ports and relieves F2B on having to monitor the auth logs. Sorted!

I have also come to the conclusion that I may have to understand openvpn a bit more; I decided to ditch openvpn-as because of a few reasons. Mainly because of the juggling needed to effectively secure the web admin interface. It wasn’t worth broadcasting on the internet for just an initial connection setup of 2 devices.
I tried having the pages on a different port which I would manually open/close when needed, also tried .passwd in .htaccess but that could be circumnavigated.

Lastly I decided to remove the training wheels, that is, phpmyadmin. Just like the openvpn-as UI issue, this is the same difference. I really do love phpmyadmin to bits but unless your hosting sites for friends / family etc, it’s not worth having such a security risk left public.

Lastly, WordPress. I decided that for compatibility, Google ReCaptcha must go. However, I have replaced with askimet and fail2ban plugin to hopefully cover my ass. I will be looking at this more closely.

So all in all, It wasn’t such a bad ordeal in the end but it has taken me some time to rethink the situation. I have a few things to check off my list before I can happily say that recovery time is at a low, but atleast for now this build is running really well!

F5 = Reload

Something that doesn’t physically exist is easily misplaced or lost. It’s a bit more unsettling when you tie many hours to misplaced data, entrusted in someones hands.

“If you want something done right, do it yourself”

Charles-Guillaume Étienne. (as translated)

The hosting company, 123-REG had made this very error, as described on an independent.co.uk news article. (also documented on many other news sites) It was unfortunate, but even more so for those who lost their data. Web-based businesses (and their clients) drowned in complete internet darkness as the servers updated their drives to “forget” the data stored on them. I suppose I was lucky that when my server vanished, my livelihood didn’t go with it. Sure, it was a lot of time spent over the years; not only writing articles (that not many people at all have read), but the initial setup and configuration also took many long nights and head bashing, especially to an unexperienced “hobbyist”.

Like others I too kept backups outside of the company’s’ server infrastructure, but they are not directly or easily transferable to a new infrastructure altogether. I am in the process of rebuilding the VPS and selecting some old blog posts to carry over into the new world.

The new rhetoric for my corner of the internet have been changed; mainly about my technology experiences and the occasional post about myself.