Are You Serious, Spammer? (Part III)

Found this gem in our comments from the main family webpage:

Did you know that if you stare at the sun for 15 minutes a day, that you won’t need to eat food anymore? You will literally gain superhuman abilities and feel like an enlightened person. Obviously you would need to stare at the sun during the early morning or late evening when the sun is at it’s lowest brightness. But NASA did a study and proved that people who engage in this sun-staring practice achieve a state of high spiritual and mental enlightenment. Full information here (link removed).

Not sure if they were looking for someone that gullible, or just trying to get clicks by posting outrageous nonsense. Either way, no links from us, bunko.

Well, That’s Interesting…

Over the past few weeks, our webcam has been rebooting at various odd times. I’ve checked it for loose power plugs, but it otherwise seemed fine. Then last Monday, someone tried to post the webcam’s administrator account name and password on our main page. They didn’t leave their name, but IP address goes back to an ISP in Tennessee, most likely somewhere around Kingsport. It seems that I’ve violated my own security rules, in that I left the default accounts on the webcam server. In particular I had left the account with administrator privileges named as ‘admin’. Thank you, ‘Anonymous’, for pointing this out to me.

Interestingly, site logs show visitors from the Russian Federation about the same time ‘Anonymous’ tried to post, along with the (routine) Sogou web spider from China and several odd URL scans from Google. Interesting.

Are You Serious, Spammer? (Part II)

While reviewing messages caught in the SpamTrap at work, this gem from a SEO operation in China fell out. Along with the rest of the message insisting we give them our credit card number so everyone could find our website, they provided the warning:

“If you fail to complete your domain name registration (for our) search engine optimization service by the expiration date, may result in the cancellation of this search engine optimization domain name notification proposal notice. ”

Doug and Dinsdale Piranha could not be reached for comment.

Are You Serious, Spammer?

Found the following e-mail message in my in-box earlier today. Found it somewhat of a surprise as the filters typically catch such messages. Also found it a surprise as the wording was clearly not from someone at PayPal, or at least, PayPal here in the US. I thought the spammers were suppose to be getting more sophisticated.

From: Customer service
To: j**@**********.com
Subject:We’ve limit your paypal access
Date: 26 Oct 2015 16:47:17 +0700 (10/26/15 05:47:17)
Dear Customer ID : 290512775
We check account activity in the PayPal system regularly. Time checking account, we find that the activity you are breaking some agreement you have with us. Therefore, we have limited your account and can no longer offer service to you. You can still log in to view transaction history, but you can not send or receive payment. Please update your information promptly so that you can continue to enjoy sorry for any inconvenience caused by our security measurements
Case Number: PP-004-389-679-249
To remove this limitation, please login to your PayPal account
Log In Here
After we receive and review your identity information, we’ll email you regarding the status of your PayPal account.
Thank you for your understanding and cooperation.
Sincerely,
PayPal

Mail headers show it as coming from a teleco in Jakarta, Indonesia, and then bounced through a throw-away domain. (I’ve changed e-mail address and link for this post.)
Sorry, spammer. We find that the activity you are breaking some credibility with us.

Gnome 3

Since stripping out all of the Gnome desktop environment last October (see Upgrades and Downgrades), the Gnome project released Gnome 3. Reports on the FreeBSD website said Gnome 2 had too many problems, which were scheduled to be corrected in Gnome 3.  So I finally took a deep breath, and installed Gnome 3 and the Xwindows support environment. So far, most of the Gnome 3 desktop environment is working fairly well.

Gnome-3 1

The desktop looks like a typical desktop environment, with movable, resizable windows for individual tasks, looking like what Georgie calls ‘…a real computer, instead of the text only black screen.’ Applications are started through one of several interfaces, I’ve configured this installation with the equivalent of the ‘start’ button at the upper left.

Gnome-3 2

Alternately, the ‘desktop’ can be partially collapsed, showing the equivalent of the ‘favorite’ applications on the left bar, and a column showing the multiple desktops available on the right. One extra desktop gets added every time an application is started on a previously blank desktop.

Gnome3 3

So far, Gnome 3 is working relatively well, although running the GUI does drag down the system overall. Still, giving that we’re running a web server, a mail server, a Minecraft server, and the Gnome 3 environment on a 15 year old computer, I’m relatively happy with the performance.

I hear you knocking but you can’t come in…

Dad?

Yes, George, what is it?

I want to run a Minecraft server on my PC for my friends to log on and play Minecraft with me.

George, do you understand that doing that would require opening up access to your computer from the outside world?

Nobody’s going to notice our system unless we tell them.

Do you really think so?  How long do you think it will take before someone other than your friends notice the computer is available from the outside and start trying to break in to your PC server?

DAAAAAD! Nobody is ever going to notice!


Mar 29 00:08:59 UnixBSD sshd[58823]: input_userauth_request: invalid user shoutcast
Mar 29 00:09:00 UnixBSD sshd[58825]: input_userauth_request: invalid user svn
Mar 29 00:09:02 UnixBSD sshd[58827]: input_userauth_request: invalid user zabbix
Mar 29 00:09:03 UnixBSD sshd[58829]: input_userauth_request: invalid user oracle
Mar 29 00:09:04 UnixBSD sshd[58831]: input_userauth_request: invalid user nagios


Actually, it took about 15 minutes. Since opening up the login port to the outside world on the FreeBSD box at the end of March, we have recorded 76,168 separate (failed) login attempts onto our server. This does not include the nearly 40,000 separate (failed) login attempts onto the WordPress platform also running on this platform.

So who’s so interested in getting onto our system?  Although they don’t use their real name, here are the most popular names, in order of #2 through #24:

Name Attempts Name Attempts
admin 1,336 test 1,256
oracle 801 guest 661
nagios 608 postgres 426
ftpuser 356 zabbix 303
user 285 support 234
web 197 apache 195
ftp 180 git 173
ubnt 160 www-data 152
info 137 PlcmSpIp 136
ubuntu 131 a 130
jboss 128 tomcat 121
webmaster 117 student 116

And what is the most popular name to try to log in as? The big winner is “root”, with 44,428 attempts between March 29th and November 20th.

Since opening up this box to the outside world, I’ve been quite happy with the security it has shown, given a ‘little’ care in setting everything up. I actually look forward to seeing what entertaining names people try to use in logging in. I’ve also learned that if you’re going to allow access from the outside world, there are certain names which you should not use, such as ‘root’ for your system administrator or ‘superuser’ account.  So far, I’ve gathered 6,758 different names people (or more likely, automated programs) have used to try to gain access to our system.

And, yes, George did get his Minecraft server installed and made available to his friends, even though the name ‘minecraft’ was tried as a login name 62 times since last spring.

Upgrades and Downgrades

Gave up on upgrading the Gnome desktop environment, after it appeared to have broke the apache web server and associated components of WordPress. Had to strip out all of Gnome and all the components that appeared to be associated, and then rebuilt the server platform. After a few last glitches, it appears that all is running again. I will have to think about reinstalling any desktop environment.

Many thanks to ‘iceflatline’ (http://www.iceflatline.com/2011/11/how-to-install-apache-mysql-php-and-phpmyadmin-on-freebsd/) for his write-up on putting this all together.

Norton Stinks

I would use a much stronger word for this, but this is suppose to be a family blog.

We use Norton Antivirus at work. I’ve come to believe that Norton Antivirus uses us. For some reason, Norton will some days decide that it’s going to suck up 100% of the computer for it’s own use.

Screen capture of Windows task manager, showing Norton running ~53,000 page faults / second.
(click to enlarge)

Our computers will nearly grind to a halt, as Norton throws nearly 53,000 page faults a second. It doesn’t make any difference what you are doing, doing it 53,000 times a second doesn’t leave much time for doing anything else.

We’ve been to the Symantec support site, where the Norton people deny that there any problem. Their postings state that page faults aren’t a problem, page faults are perfectly normal, and besides, other programs generate more.  Also, you should buy more memory, no matter how much you already have. Translation: we know, we don’t care, and we’re not going to do anything about it.