Blocking Annoyance Sites Like Stretchoid

Uncategorized
These guys claim to be researchers.  They are researchers with over 24,000 IPv4 addresses?  Something's fishy here. On most systems you have a firewall.  You have a firewall at your router and you have a firewall at your workstation. In Linux you may use iptables and/or UFW.  The goal of these is to block IP addresses of users that you believe are nefarious or have no reasonable need to even be looking at your computer. For instance, someone sending you email is a reasonable use.  Someone visiting your website is reasonable use.  Someone testing the ports on your email or web server is not reasonable.  In the strictest word those should be banned at the very first attempt to scan or break in. In Linux you have UFW that can…
Read More

Apache Redirects

Uncategorized
You would not believe the clusterfuck this is.  Apache is so worried about backwards compatibility that just blowing away what others have done to jury rig their systems to make them work properly is thought as something that would be a nightmare. Yes, a nightmare it would be, but at some point it has to be done.  The problem is that the context of the settings, directives, mods, proxy, etc are so ill documented and are so poorly implemented and there are so many know nothing Joe experts out there that getting a solid understanding of what is actually happening to make this all work just isn't possible.  Not for mortal man that is. Yeah, many will claim they aren't mere mortals (the supposed experts) and that you should go…
Read More

Rsyslog and fail2ban — reload fail2ban if you add new remote logging

Uncategorized
If the purpose of implementing rsyslog is to store logs that's good.  If you get all the logs in one place and you don't use those to implement security with fail2ban well we have to question your sanity.  Not really, but it would be a good idea to consider that.  This post is about one thing I noted when setting this up. I'd initially set up rsyslog on my containers and then thought about setting it up on all containers/computers that had exposed ports to the internet for any service.  That brought to mind my SSH jump server. My opinion of security is pretty strict.  If you try to get in and you aren't supposed to for any reason you are banned for life, period.  I won't debate it.  My…
Read More

Security: Apache Reverse Proxy, fail2ban, rsyslog, forwarding public IP

Uncategorized
What do all these have in common?  SECURITY! When you run multiple websites and you want to split those off to different computers or containers for the purpose of security or load balancing you need to run a reverse proxy.  Apache has a mod for that.  The problem is that this mod does not forward the actual IP of the computer visiting the site, instead it sends to the container/computer (let's call them "containers" from this point forward) the IP of the reverse proxy.  This means you can't use fail2ban to scan the logs to block bad actors.  BIG SECURITY ISSUE HERE. In order to scan for bad actors you use fail2ban.  It has jails that look for specific types of activity such as failed login attempts.  If it finds…
Read More