Blog - Everything within Reason

tagged

Splunk,

blacklisting,

sshd in

Friday

Sep172010

Comment Spammers Do Research

Friday, September 17, 2010 at 18:10

Lately, the comment spam rose exponentially. The is done by automated scripts, usually from compromised PC around the world. This way the original spammer will remain anonymous.

The last couple of days I noticed weird search queries (Google search referrers) in my logging;

Looks like someone (probably in the Hong Kong area) is searching the Internet for specific blogs (I guess SquareSpace blogs looking at the query) that contain certain words / fiels, indicating that commenting is allowed. These keywords match 100% with the field / words in and around the blog comment area. Shortly after these searches, the comment spam came pouring in.

At the moment, the only remedy against these spam comments is to screen every newly submitted comment by an editor, since the automated spam detection on the Squarespace platform is basically worthless. Too bad, since they rock at everything else.

Willem |

tagged

spam in

Website

Thursday

Aug122010

Microsoft Cryptographic Store and Passwords

Thursday, August 12, 2010 at 18:30

We've been experimenting with with the use of user certificates for VPN access to the lab. Issuing, and using them isn't the problem. The problem is that there's no way of enforcing a password on the use of the private key. You can use private key protection on the certificate template, but that still doesn't enforce a password requirement. The user still has the option to choosing for the notification instead of a password.

Certificate Template - Request Handling OptionsThere's an option to enforce a password, but that's system wide for the Microsoft Cryptographic Service Provider, and we don't want to enforce passwords for ALL certificates. We just want to enforce passwords for this specific template.

Willem |

tagged

CSP,

certificates in

Microsoft,

Security

Thursday

Jul222010

OS X Kerberos / Open Directory Logging

Thursday, July 22, 2010 at 15:20

Ever since I switched to OS X server at home I use Splunk> to see what's happening 'underneath the hood'. This revealed that there's a lot (really a whole lot) of Kerberos logging going on. Each and every day I get thousands of log entries regarding krb5kdc which results in over 1 million log entries only for krb5kdc in little over a week.

These syslog messages only contain the following 'text';

krb5kdc[16179](debug): routing msg not interesting
krb5kdc[16179](info): got routing msg type 5(RTM_LOSING) v5
krb5kdc[16179](info): routing socket readable

Looks like that the debugging level is set to debug (why??). And why can't we change it? Others seem to have this problem as well.

Looks like that the following command seems to work:

sudo defaults write /Library/Preferences/DirectoryService/DirectoryServiceDebug "Debug Logging Priority Level" FALSE

After entering that 1 line I haven't seen any new logentries in the kdc logs. More info on that command can be found @ Apple.

Nevermind......

Willem |

1 Comment |

tagged

krb5kdc,

logging in

Operating Systems

Monday

Jul122010

Slow Open Directory on OS X Server

Monday, July 12, 2010 at 21:02

Ever since I've been playing with my Mac mini with OS X server 10.6.4 I have had on-and-off problems in the authentication/Open Directory area.

Some accounts authenticate really quick, while others take minutes to authenticate.
Accessing the Open Directory through the Workgroup Manager is as slow as a slow boat to China. Changing users (just by selecting them) takes another boat along the Pacific.

So it was time to start digging into the phenomenon called 'Open Directory'.

The manual from Apple isn't much help in troubleshooting a slow Open Directory, so it was time to search the interwebs and start experimenting. If it didn't work, I can always reinstall the entire server from scratch.

Willem |

7 Comments |

1 Reference |

tagged

Open Directory,

slow,

troubleshooting in

Tips'n Tricks

Monday

Jul122010

The Problems with Apple OS X (10.6.4) Server

Monday, July 12, 2010 at 12:44

Updated on Monday, July 12, 2010 at 21:48 by Willem

It has finally been done. I've switched off the old Windows 2003 server at home and officially replaced it with an Apple Mac mini server. For now... And with 'for now' I really mean for now. It turns out that Apple OS X Server doesn't resemble its client counterpart at all. Where the client is stable and intuitive, the server edition lacks both.

I'll try to explain why I think there's lots of room for improvement. Mainly stuff I ran into while configuring the server/services.
Since the Windows fulfilled several functions, I needed these functions to be available on the OS X server as well. These were;

Networking services like DNS and DHCP
Webserver
Mailserver
MySQL Database
SSH Server
File sharing on the internal network
Public Key Infrastructure for issuing certificates
Download station

Evaluating these functions, one would think that this shouldn't be a problem. Well it actually is.... At least some of those features.

Willem | Comments Off |

tagged

OS X,

PKI,

xCA in

Thursday

Jul012010

My iPhone 3GS and iOS 4

Thursday, July 1, 2010 at 23:24

Apple released the latest Operating System/software/firmware for the iPhone. This new OS (iOS) adds several new features and lots of enhancements (which I wont be going into).

I upgraded my iPhone earlier this week. No problems with that. The only real hick-up I ran into was the Voicemail number. The phone had forgotten the Voicemail, MMS and Tethering settings, so I needed to add it again. Even tethering was still available on the SIM-lock free iPhone with the KPN carrier.

There's one thing that's not 'Apple' about this update. With the regular Apple operating systems there's always the experience that an upgrade to a new release (10.4 -> 10.5 -> 10.6) leaves you with a faster/snappier OS. Even if the hardware is relatively old. Don't know how they do it, but it's something that Microsoft hasn't accomplished yet since MS-DOS 3.

Anyway, the OS upgrade on the iPhone is completely different. The device is less snappy. It looks like the device goes into some sort of suspended animation and when you need to use it it takes a couple of milliseconds (it's not much, but it's noticeable) for the phone to react. After a couple of seconds it seems to be gone.

For me, the new/improved features are more important than the snappy-ness of the device, so I'll stick to the new iOS for the moment.

Willem |

tagged

iOS in

Personal,

Review,

iPhone

Wednesday

Jun022010

SquareSpace Traffic Statistics

Wednesday, June 2, 2010 at 9:20

First; I would recommend SquareSpace [2] to anyone who wants to run a website with lots of features and easy as 1-2-3. It's extremely easy to use, and no HTML knowledge is required to start modifying the layout etc. (it helps if you do though).

With the website comes a management center (Dashboard) where you can view traffic/visitor statistics (among a dozen of other things regarding the website). Every now and then, I see the traffic increase.

Green = Visiting IP's / Grey = Pageviews

Initially I thought;

Damn, they started the DDoS again....

After that;

They Slashdotted me (one can always hope)

Willem |

tagged

Google Analytics,

Squarespace,

crawlers,

robots,

spam,

statistics in

Website

Wednesday

May122010

The 'Legalized Meaning of Words' According to Wordpress.com

Wednesday, May 12, 2010 at 8:31

Updated on Wednesday, May 26, 2010 at 19:23 by Willem

I got an e-mail from an 'old' friend Hunter (probably not his real name) today. He helped me out regarding the exposure of online scammers last year. He (and his 'team') offered to continue my work in regards to exposing online retailers that 'forgot' to send the goods, after you payed..... I couldn't go on with this (important) work for several reasons. Reasons I won't go into at this time.
Anyway, he moved the available content to the public (and free) Wordpress platform and continued what I had left behind.

Willem |

tagged

Scams,

ToS,

dreamhost,

fail,

fraud in