HAL-9000: 1998 – 2017. RIP.

As you saw on my last post, our original family website server died. It served us well for many years, stretching back to just before Joyce and I were married. This was the system I started my own business on, and launched another business, before joining my current laboratory.

HAL-9000 Case
Remember CompUSA?

Hal then was repurposed as the kids’ original computer (with a new power supply and motherboard), and lived again for several years until the kids outgrew the platform. He was again repurposed, dumping windows for FreeBSD to run the website (and other functions) you are reading now.

Dead motherboard and power supply.
It’s dead, Jim.

Tests on the system showed both the motherboard and power supply had gone bad. I don’t know which one went first, and took the other with it, but all the memory, drives, fans, and USB interfaces could be salvaged. The new server is coming along well, hope to get it done and on-line soon.

Back Online…

Well, that was a bit of a scare. We’re currently running on a backup server, after the kids old ‘HAL-9000‘ we had been running on failed. So of course, the backup server overheated and went down yesterday afternoon. Just got it restored earlier this evening, and got the database and directory structure backed up to my desktop system.

Time to build a new server…

Are You Serious, Spammer? (Part III)

Found this gem in our comments from the main family webpage:

Did you know that if you stare at the sun for 15 minutes a day, that you won’t need to eat food anymore? You will literally gain superhuman abilities and feel like an enlightened person. Obviously you would need to stare at the sun during the early morning or late evening when the sun is at it’s lowest brightness. But NASA did a study and proved that people who engage in this sun-staring practice achieve a state of high spiritual and mental enlightenment. Full information here (link removed).

Not sure if they were looking for someone that gullible, or just trying to get clicks by posting outrageous nonsense. Either way, no links from us, bunko.

Well, That’s Interesting…

Over the past few weeks, our webcam has been rebooting at various odd times. I’ve checked it for loose power plugs, but it otherwise seemed fine. Then last Monday, someone tried to post the webcam’s administrator account name and password on our main page. They didn’t leave their name, but IP address goes back to an ISP in Tennessee, most likely somewhere around Kingsport. It seems that I’ve violated my own security rules, in that I left the default accounts on the webcam server. In particular I had left the account with administrator privileges named as ‘admin’. Thank you, ‘Anonymous’, for pointing this out to me.

Interestingly, site logs show visitors from the Russian Federation about the same time ‘Anonymous’ tried to post, along with the (routine) Sogou web spider from China and several odd URL scans from Google. Interesting.

Are You Serious, Spammer? (Part II)

While reviewing messages caught in the SpamTrap at work, this gem from a SEO operation in China fell out. Along with the rest of the message insisting we give them our credit card number so everyone could find our website, they provided the warning:

“If you fail to complete your domain name registration (for our) search engine optimization service by the expiration date, may result in the cancellation of this search engine optimization domain name notification proposal notice. ”

Doug and Dinsdale Piranha could not be reached for comment.

Are You Serious, Spammer?

Found the following e-mail message in my in-box earlier today. Found it somewhat of a surprise as the filters typically catch such messages. Also found it a surprise as the wording was clearly not from someone at PayPal, or at least, PayPal here in the US. I thought the spammers were suppose to be getting more sophisticated.

From: Customer service
To: j**@**********.com
Subject:We’ve limit your paypal access
Date: 26 Oct 2015 16:47:17 +0700 (10/26/15 05:47:17)
Dear Customer ID : 290512775
We check account activity in the PayPal system regularly. Time checking account, we find that the activity you are breaking some agreement you have with us. Therefore, we have limited your account and can no longer offer service to you. You can still log in to view transaction history, but you can not send or receive payment. Please update your information promptly so that you can continue to enjoy sorry for any inconvenience caused by our security measurements
Case Number: PP-004-389-679-249
To remove this limitation, please login to your PayPal account
Log In Here
After we receive and review your identity information, we’ll email you regarding the status of your PayPal account.
Thank you for your understanding and cooperation.
Sincerely,
PayPal

Mail headers show it as coming from a teleco in Jakarta, Indonesia, and then bounced through a throw-away domain. (I’ve changed e-mail address and link for this post.)
Sorry, spammer. We find that the activity you are breaking some credibility with us.

Gnome 3

Since stripping out all of the Gnome desktop environment last October (see Upgrades and Downgrades), the Gnome project released Gnome 3. Reports on the FreeBSD website said Gnome 2 had too many problems, which were scheduled to be corrected in Gnome 3.  So I finally took a deep breath, and installed Gnome 3 and the Xwindows support environment. So far, most of the Gnome 3 desktop environment is working fairly well.

Gnome-3 1

The desktop looks like a typical desktop environment, with movable, resizable windows for individual tasks, looking like what Georgie calls ‘…a real computer, instead of the text only black screen.’ Applications are started through one of several interfaces, I’ve configured this installation with the equivalent of the ‘start’ button at the upper left.

Gnome-3 2

Alternately, the ‘desktop’ can be partially collapsed, showing the equivalent of the ‘favorite’ applications on the left bar, and a column showing the multiple desktops available on the right. One extra desktop gets added every time an application is started on a previously blank desktop.

Gnome3 3

So far, Gnome 3 is working relatively well, although running the GUI does drag down the system overall. Still, giving that we’re running a web server, a mail server, a Minecraft server, and the Gnome 3 environment on a 15 year old computer, I’m relatively happy with the performance.

I hear you knocking but you can’t come in…

Dad?

Yes, George, what is it?

I want to run a Minecraft server on my PC for my friends to log on and play Minecraft with me.

George, do you understand that doing that would require opening up access to your computer from the outside world?

Nobody’s going to notice our system unless we tell them.

Do you really think so?  How long do you think it will take before someone other than your friends notice the computer is available from the outside and start trying to break in to your PC server?

DAAAAAD! Nobody is ever going to notice!


Mar 29 00:08:59 UnixBSD sshd[58823]: input_userauth_request: invalid user shoutcast
Mar 29 00:09:00 UnixBSD sshd[58825]: input_userauth_request: invalid user svn
Mar 29 00:09:02 UnixBSD sshd[58827]: input_userauth_request: invalid user zabbix
Mar 29 00:09:03 UnixBSD sshd[58829]: input_userauth_request: invalid user oracle
Mar 29 00:09:04 UnixBSD sshd[58831]: input_userauth_request: invalid user nagios


Actually, it took about 15 minutes. Since opening up the login port to the outside world on the FreeBSD box at the end of March, we have recorded 76,168 separate (failed) login attempts onto our server. This does not include the nearly 40,000 separate (failed) login attempts onto the WordPress platform also running on this platform.

So who’s so interested in getting onto our system?  Although they don’t use their real name, here are the most popular names, in order of #2 through #24:

Name Attempts Name Attempts
admin 1,336 test 1,256
oracle 801 guest 661
nagios 608 postgres 426
ftpuser 356 zabbix 303
user 285 support 234
web 197 apache 195
ftp 180 git 173
ubnt 160 www-data 152
info 137 PlcmSpIp 136
ubuntu 131 a 130
jboss 128 tomcat 121
webmaster 117 student 116

And what is the most popular name to try to log in as? The big winner is “root”, with 44,428 attempts between March 29th and November 20th.

Since opening up this box to the outside world, I’ve been quite happy with the security it has shown, given a ‘little’ care in setting everything up. I actually look forward to seeing what entertaining names people try to use in logging in. I’ve also learned that if you’re going to allow access from the outside world, there are certain names which you should not use, such as ‘root’ for your system administrator or ‘superuser’ account.  So far, I’ve gathered 6,758 different names people (or more likely, automated programs) have used to try to gain access to our system.

And, yes, George did get his Minecraft server installed and made available to his friends, even though the name ‘minecraft’ was tried as a login name 62 times since last spring.

Upgrades and Downgrades

Gave up on upgrading the Gnome desktop environment, after it appeared to have broke the apache web server and associated components of WordPress. Had to strip out all of Gnome and all the components that appeared to be associated, and then rebuilt the server platform. After a few last glitches, it appears that all is running again. I will have to think about reinstalling any desktop environment.

Many thanks to ‘iceflatline’ (http://www.iceflatline.com/2011/11/how-to-install-apache-mysql-php-and-phpmyadmin-on-freebsd/) for his write-up on putting this all together.