This was a draft post from over a year ago that I forgot about.
I include it now because it has some merit and I found the attack to be very interesting.
-------------------------------------------------------------------------------------------------------------
Something, somewhere went wrong with the machine that hosts justvisiting.org.
It wasn't so much the hardware, but the operating system that began to have problems.
The issue:
Running out of memory and then locking up.
This machine had been running smoothly for years and then started to have a few hiccups and fits.
I'm sure the machine was not compromised by a break-in, but nevertheless it was failing and falling over and not responding to console logins, or responding at all. I finally rolled up my sleeves and replaced it with a newer and more robust machine. Which, IMO, wasn't really needed, but I did want to get justvisiting back online as soon as possible. The Linux OS is installed and it is sitting and waiting for operator input to get the final bits adjusted. Then I'll be able to finally get it back online at its designated IP address.
SSH attacks:
First off, the ssh attacks are still pretty much the same as they have always been. Every day this machine was bombarded with SSH attacks, mostly from host machines in China. I can tell you that reverse name resolution and a simple traceroute shows exactly where these machines are located. It's not that hard to determine and I don't think the perpetrators were much concerned about hiding their real IP addresses. I could be wrong, but think not. Why China wants into my machine so bad, I could not tell you. But if I had to guess, I would say that it is the Chinese Cyber Army that comes knocking. A new to me attack scheme has caused some concern. That concern is that after an IP address was permanently banned after so many SSH login attempts, another attack would occur almost immediately, from another "machine" from the same subnet.
It goes like this (using 1.2.3.x subnet addressing):
- SSH login attack from 1.2.3.1
- IP address is banned after x amount of login attempts
- Then another SSH login attempt from 1.2.3.2, same subnet address, with the next IP address attempting a login
- IP address is banned after x amount of login attempts
- Then another SSH login attempt from 1.2.3.3 with the next IP address attempting a login.
- Then from 1.2.3.4, 1.2.3.5, 1.2.3.6, 1.2.3.7.
And so on. . .
Needless to say, this is a problem. Not only to me and my machine, but to everyone who hangs servers out there on the Internet.
How does an entire, or close to an entire subnet of IP addresses attempt to login to an SSH account with cascading IP addesses from the same subnet? It's probably not that difficult to script, provided you own the IP block you are attacking from. I'm investigating, but in the meantime your guess is as good as mine.
To be continued. . .
Friday, April 7, 2017
Linux LAMP and WordPress Debug notes
Created by: Robert Cazares
Date: April 7th, 2017
Mostly for my own reference, put here in the cloud.
If you find the references useful, awesome.
~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-
create text file: touch filename.txt
cat > filename.txt
edit text file: nano filename.txt
vi/vim filename.txt
gedit filename.txt
Text editors to investigate -
Lime may be dead. I dunno. TBD
I would consider using this on one of my LAMP servers.
It looks pretty.
https://github.com/limetext/lime
~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-
How to Solve WordPress Could Not Create Directory
/08 Useful Tips /How to Solve WordPress Could Not Create Directory
November 13, 2014
http://wpnow.io/how-to-solve-wordpress-could-not-create-directory/
I was having a "Installation failed: Could not create directory" problem for a long time.
Now that I've had some time to investigate and drill down into what the problem was, I have found a solution.
Applying "Web Server Ownership" and "Directory Permissions" as listed below worked for me. Quick and simple.
I used these chown and chmod commands to fix most all issues regarding installing "Themes" and "plugins":
1. Web Server Ownership
The first level is actually to make sure that your web server has ownership over the directories:
chown -R www-data:www-data your-wordpress-directory
2. Directory Permissions
The second level is also required – you must make sure that the directory permissions are properly set:
sudo find /var/www/wordpress/ -type d -exec chmod 755 {} \;
sudo find /var/www/wordpress/ -type f -exec chmod 644 {} \;
~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-
The following are other sites I found to be useful and great for learning how to apply security to Wordpress -
...............................................................
How to Fix Folder and File Permissions in WordPress
Written by Nick Savov on March 08, 2016 | WordPress
https://www.ostraining.com/blog/wordpress/file-permissions/
---------------------------------------------------------------
Group / Owner And Updating Wordpress Plugins
December 6, 2014
https://www.digitalocean.com/community/questions/group-owner-and-updating-wordpress-plugins
---------------------------------------------------------------
Changing File Permissions
https://codex.wordpress.org/Changing_File_Permissions
---------------------------------------------------------------
How to Fix File and Folder Permissions Error in WordPress
Last updated on March 2nd, 2017 by Editorial Staff
http://www.wpbeginner.com/beginners-guide/how-to-fix-file-and-folder-permissions-error-in-wordpress/
---------------------------------------------------------------
How To Use chmod and chown Command
by Vivek Gite on October 11, 2006 last updated August 31, 2012
in Linux, UNIX
https://www.cyberciti.biz/faq/how-to-use-chmod-and-chown-command/
---------------------------------------------------------------
15 Practical Examples of “dpkg commands” for Debian Based Distros
http://www.tecmint.com/dpkg-command-examples/
2. List all the installed Packages
[root@tecmint~]# dpkg -l
4. View the Content of a Package
[root@tecmint~]# dpkg -c flashplugin-nonfree_3.2_i386.deb
5. Check a Package is installed or not
[root@tecmint~]# dpkg -s flashplugin-nonfree
6. Check the location of Packages installed
[root@tecmint~]# dpkg -L flashplugin-nonfree
---------------------------------------------------------------
Understanding the WordPress File and Directory Structure
Posted on May 21, 2016 by Tom Ewer in Tips & Tricks | 26 comments
https://www.elegantthemes.com/blog/tips-tricks/understanding-the-wordpress-file-and-directory-structure
---------------------------------------------------------------
Permissions
http://linuxcommand.org/lts0070.php
http://linuxcommand.org/lc3_lts0090.php
---------------------------------------------------------------
Correct file permissions for WordPress
http://stackoverflow.com/questions/18352682/correct-file-permissions-for-wordpress
---------------------------------------------------------------
Installation failed: Could not create directory.
https://wordpress.org/support/topic/installation-failed-could-not-create-directory/
---------------------------------------------------------------
WP Product Review
https://demo.themeisle.com/parallax-one/wp-product-review/
---------------------------------------------------------------
Date: April 7th, 2017
Mostly for my own reference, put here in the cloud.
If you find the references useful, awesome.
~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-
create text file: touch filename.txt
cat > filename.txt
edit text file: nano filename.txt
vi/vim filename.txt
gedit filename.txt
Text editors to investigate -
Lime may be dead. I dunno. TBD
I would consider using this on one of my LAMP servers.
It looks pretty.
https://github.com/limetext/lime
~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-
How to Solve WordPress Could Not Create Directory
/08 Useful Tips /How to Solve WordPress Could Not Create Directory
November 13, 2014
http://wpnow.io/how-to-solve-wordpress-could-not-create-directory/
I was having a "Installation failed: Could not create directory" problem for a long time.
Now that I've had some time to investigate and drill down into what the problem was, I have found a solution.
Applying "Web Server Ownership" and "Directory Permissions" as listed below worked for me. Quick and simple.
I used these chown and chmod commands to fix most all issues regarding installing "Themes" and "plugins":
1. Web Server Ownership
The first level is actually to make sure that your web server has ownership over the directories:
chown -R www-data:www-data your-wordpress-directory
2. Directory Permissions
The second level is also required – you must make sure that the directory permissions are properly set:
sudo find /var/www/wordpress/ -type d -exec chmod 755 {} \;
sudo find /var/www/wordpress/ -type f -exec chmod 644 {} \;
~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-
The following are other sites I found to be useful and great for learning how to apply security to Wordpress -
...............................................................
How to Fix Folder and File Permissions in WordPress
Written by Nick Savov on March 08, 2016 | WordPress
https://www.ostraining.com/blog/wordpress/file-permissions/
---------------------------------------------------------------
Group / Owner And Updating Wordpress Plugins
December 6, 2014
https://www.digitalocean.com/community/questions/group-owner-and-updating-wordpress-plugins
---------------------------------------------------------------
Changing File Permissions
https://codex.wordpress.org/Changing_File_Permissions
---------------------------------------------------------------
How to Fix File and Folder Permissions Error in WordPress
Last updated on March 2nd, 2017 by Editorial Staff
http://www.wpbeginner.com/beginners-guide/how-to-fix-file-and-folder-permissions-error-in-wordpress/
---------------------------------------------------------------
How To Use chmod and chown Command
by Vivek Gite on October 11, 2006 last updated August 31, 2012
in Linux, UNIX
https://www.cyberciti.biz/faq/how-to-use-chmod-and-chown-command/
---------------------------------------------------------------
15 Practical Examples of “dpkg commands” for Debian Based Distros
http://www.tecmint.com/dpkg-command-examples/
2. List all the installed Packages
[root@tecmint~]# dpkg -l
4. View the Content of a Package
[root@tecmint~]# dpkg -c flashplugin-nonfree_3.2_i386.deb
5. Check a Package is installed or not
[root@tecmint~]# dpkg -s flashplugin-nonfree
6. Check the location of Packages installed
[root@tecmint~]# dpkg -L flashplugin-nonfree
---------------------------------------------------------------
Understanding the WordPress File and Directory Structure
Posted on May 21, 2016 by Tom Ewer in Tips & Tricks | 26 comments
https://www.elegantthemes.com/blog/tips-tricks/understanding-the-wordpress-file-and-directory-structure
---------------------------------------------------------------
Permissions
http://linuxcommand.org/lts0070.php
http://linuxcommand.org/lc3_lts0090.php
---------------------------------------------------------------
Correct file permissions for WordPress
http://stackoverflow.com/questions/18352682/correct-file-permissions-for-wordpress
---------------------------------------------------------------
Installation failed: Could not create directory.
https://wordpress.org/support/topic/installation-failed-could-not-create-directory/
---------------------------------------------------------------
WP Product Review
https://demo.themeisle.com/parallax-one/wp-product-review/
---------------------------------------------------------------
Thursday, February 18, 2016
TypeCatcher - Fonts Fonts and More Fonts
Linux / Ubuntu -
Microsoft Windows
Need or wanting a new font in your system?
Now this is cool.
Go here to learn how to
"Easily Download And Install Google Web Fonts In Ubuntu With TypeCatcher"
Source: http://www.webupd8.org/2013/08/easily-download-and-install-google-web.html
As artists, content developers, and web site builders, we all love fonts.
Well, at least I do and by the look of things lots of other people do too.
I stumbled on this article while installing a couple of new fonts for use in the terminal. So, yeah. I wasn't happy with the choices that were offered. They're not bad, I just wanted something a little different.
Of course, I went out and did a Google search. As it has been said, "One thing leads to another". Which lead me to TypeCatcher.
The main idea here for me is to be able to utilize different fonts on my Linux laptop.
That's all there is to this post.
To reference and to share too.
Till next time.
P.S. I've just started blogging again and am excited about being able to share information and life experiences.
Need or wanting a new font in your system?
Now this is cool.
Go here to learn how to
"Easily Download And Install Google Web Fonts In Ubuntu With TypeCatcher"
Source: http://www.webupd8.org/2013/08/easily-download-and-install-google-web.html
As artists, content developers, and web site builders, we all love fonts.
Well, at least I do and by the look of things lots of other people do too.
I stumbled on this article while installing a couple of new fonts for use in the terminal. So, yeah. I wasn't happy with the choices that were offered. They're not bad, I just wanted something a little different.
Of course, I went out and did a Google search. As it has been said, "One thing leads to another". Which lead me to TypeCatcher.
The main idea here for me is to be able to utilize different fonts on my Linux laptop.
That's all there is to this post.
To reference and to share too.
Till next time.
P.S. I've just started blogging again and am excited about being able to share information and life experiences.
Wednesday, October 1, 2014
justvisiting.org - My personal WordPress Blog
So many platforms, so little time.
JustVisiting.org is not free for me to operate.
It's not a cloud service, I run it here, at home on an old Dell, a very old Dell Dimension L550r.
I beefed up the processor somewhat and max out the RAM.
It runs a particular flavor of Linux and isn't a resource hog.
In fact, it runs quite smoothly.
What I don't know is how it may run under a big user load hitting Apache at the same time.
That's okay.
I am quite certain that a DDos attack would render it "done".
But why DDos this server? No worries.
This platform was never intended to be high-availability. Just a system that allows me to learn the ins and outs of WordPress.
What I DO have problems with are people trying to break into the machine via SSH. They are indeed attacks. And these attacks mostly come from where?
You get three guesses.
~ Argentina? Nope. Although had a few from there.
~ Finland? Nope. Had maybe one from that part of the world.
~ Mayberry, USA? Nope. Is there a real Mayberry here state-side?
Okay, I'll tell you.
- #1 is China. Big surprise huh? Here's what happens. China comes knocking daily. China Tlecom, China this, China that. China China China. I could ban entire network blocks, but that wouldn't result in any metrics at all. No fun there. And it's metrics we want. There's a utility I have installed that will ban users after so many failed SSH attempts. Highly configurable and it works really well. I will eventually pull the ban data and related sources, such as IP address, whois info, date/time and aggregate them into a human readable form. Fun. Huh?
- #2 Is Russia. No surprise there eaither.
- #3 is a roughly a tie between users in Australia, EU countries and countries South of the Border, meaning South of Mexico's Borders.
I'll post my findings, which of course, are always being logged, another day, when I have a spare block of time to extract, collate and correlate. More fun. Huh?
Where it all started -
I started with WordPress version, uuuhm, actually, I do not remember. Maybe v2andChange.
What I do remember is the challenge of updating WP when the updates were ready for installation.
The OS was locked down pretty hard and relaxing a couple of security features got me in the update game.
What I remember -
- Being at version 2.something
- Wanting to upgrade to 3.something else
- Not being able to update, upgrade, whatever it was
- Some hair-pulling
- Some teeth nashing
- Lots of WTF's
-
- Then F I N A L L Y after much poking, prodding, RTMFM's and a few changes applied under the covers, VIOLA. Wait. That's not right. VOILA! Yeah, that's it. So, I got JV up to speed and felt pretty good about being on a current version.
- Then recently, like last week, version 4 appeared.
- I applied the update (click this here, click that there and viola! No no no.
And VOILA! Here we are. Again. Current and compliant with WordPress version'ing.
And there you have it.
JustVisiting.org is not free for me to operate.
It's not a cloud service, I run it here, at home on an old Dell, a very old Dell Dimension L550r.
I beefed up the processor somewhat and max out the RAM.
It runs a particular flavor of Linux and isn't a resource hog.
In fact, it runs quite smoothly.
What I don't know is how it may run under a big user load hitting Apache at the same time.
That's okay.
I am quite certain that a DDos attack would render it "done".
But why DDos this server? No worries.
This platform was never intended to be high-availability. Just a system that allows me to learn the ins and outs of WordPress.
What I DO have problems with are people trying to break into the machine via SSH. They are indeed attacks. And these attacks mostly come from where?
You get three guesses.
~ Argentina? Nope. Although had a few from there.
~ Finland? Nope. Had maybe one from that part of the world.
~ Mayberry, USA? Nope. Is there a real Mayberry here state-side?
Okay, I'll tell you.
- #1 is China. Big surprise huh? Here's what happens. China comes knocking daily. China Tlecom, China this, China that. China China China. I could ban entire network blocks, but that wouldn't result in any metrics at all. No fun there. And it's metrics we want. There's a utility I have installed that will ban users after so many failed SSH attempts. Highly configurable and it works really well. I will eventually pull the ban data and related sources, such as IP address, whois info, date/time and aggregate them into a human readable form. Fun. Huh?
- #2 Is Russia. No surprise there eaither.
- #3 is a roughly a tie between users in Australia, EU countries and countries South of the Border, meaning South of Mexico's Borders.
I'll post my findings, which of course, are always being logged, another day, when I have a spare block of time to extract, collate and correlate. More fun. Huh?
Where it all started -
I started with WordPress version, uuuhm, actually, I do not remember. Maybe v2andChange.
What I do remember is the challenge of updating WP when the updates were ready for installation.
The OS was locked down pretty hard and relaxing a couple of security features got me in the update game.
What I remember -
- Being at version 2.something
- Wanting to upgrade to 3.something else
- Not being able to update, upgrade, whatever it was
- Some hair-pulling
- Some teeth nashing
- Lots of WTF's
-
- Then F I N A L L Y after much poking, prodding, RTMFM's and a few changes applied under the covers, VIOLA. Wait. That's not right. VOILA! Yeah, that's it. So, I got JV up to speed and felt pretty good about being on a current version.
- Then recently, like last week, version 4 appeared.
- I applied the update (click this here, click that there and viola! No no no.
And VOILA! Here we are. Again. Current and compliant with WordPress version'ing.
And there you have it.
Friday, February 26, 2010
Beyond the hype - Bloom Energy - Fuel Cells
This is a fascinating company that has energy technology which I am following with interest.
-----------------------------------------
60 Minutes - The Bloom box - February 21, 2010
Large corporations have been testing a new device that can generate power on the spot, without being connected to the electric grid. Will we have one in every home someday?
Lesley Stahl reports.
Video
----------------------------
CNBC - Airtime: Tues. Feb. 23 2010 | 10:00 PM ET
Bloom Energy provides about 15 percent of eBay's Silicon Valley campus power needs, saving an estimated $100,000 in energy costs so far. EBay CEO John Donahoe sat down exclusively with Silicon Valley Bureau Chief Jim Goldman ahead of Bloomenergy's big unveiling.
-----------------------------------------
60 Minutes - The Bloom box - February 21, 2010
Large corporations have been testing a new device that can generate power on the spot, without being connected to the electric grid. Will we have one in every home someday?
Lesley Stahl reports.
Video
----------------------------
CNBC - Airtime: Tues. Feb. 23 2010 | 10:00 PM ET
Bloom Energy provides about 15 percent of eBay's Silicon Valley campus power needs, saving an estimated $100,000 in energy costs so far. EBay CEO John Donahoe sat down exclusively with Silicon Valley Bureau Chief Jim Goldman ahead of Bloomenergy's big unveiling.
Thursday, February 18, 2010
Tuesday, October 20, 2009
Michelle Badion's Tango Cabaret - 2007
August 10, 2007
Michelle Badion's Tango Cabaret
Starring Eva Lucero & Patricio Touceda
This event was at the Century Ballroom in Seattle, WA.
A studio promo photo of Eva and Patricio that I shot was used for the Cabaret.
www.centuryballroom.com
www.michellebadion.com
www.robertcazaresphotography.com
© 2009 Robert Cazares - All Rights Reserved
Subscribe to:
Posts (Atom)