Tralfaz

Blog

  • Fun and games – Cloudflare and SSH

    Fun and games – Cloudflare and SSH

    As I mentioned in a recent post, one of my sites, a WordPress site to help a friend sell their house, got hammered with xml-rpc requests. It didn’t get hacked, but it did bring apache to a painful halt, and filled the memory.

    To prevent that, I setup Cloudflare in front of it, to act as a CDN and a way to prevent it from being attacked. Thus, in the future, I should be able to regain control without too much pain and suffering.

    However, I discovered one minor issue. Since I pretty much use ssh to login to the droplet almost daily, I quickly discovered that just didn’t work.

    At first, I was scratching my head, thinking that I messed something up majorly. Then I recalled that I had switched to Cloudflare for my DNS and CDN, and it clicked. Alas, how they work is they hide your IP address, and then use the magic of their service to serve up your cracking good jams.

    Unfortunately, the ssh request gets routed to the wrong ip address, and naturally, no response.

    Not being able to ssh into my server is a really bad thing. But how to work around it?

    First I tried to set a local hosts file to override the DNS, but that didn’t work. Bummer.

    Second, I can ssh if I use the dotted quad IP address. It works, but, I am too old to remember that many dotted quads.

    Third, and the one that I am using is to create a cname that points a prefix to the original address (in this case, I am using ssh so ssh.tralfaz.org will point to the TLD, and then I turn off the cloudflare redirect. Not optimal, but it works. It does leave me somewhat vulnerable, but alas, not many attack vectors happen to the subdomains.

  • A fun afternoon (attacked website)

    Thursday, December 15 was a day like any other until the afternoon. Then I got the notice from the Jetpack plugin for one of my WordPress sites that it was down, and couldn’t be reached.

    This happens occasionally, so I wasn’t too upset. Pointing my browser to the site Home2Baja gave a Database connection error. Simple enough to fix.

    So I fired up PuTTY, and logged in. I attempted to restart MySQL, the first line of fixing the issue. Weirdly, it restarted, then stopped automatically again.

    What f*ckery is this?

    So I restart the droplet (this is hosted on the incredibly awesome service Digital Ocean) and after a minute try to browse to the site again. Same issue.

    Grrrrr.

    So I once again fire up PuTTY, and log in. Now all sorts of bat-shittery is happening. I am getting BASH errors, not enough memory to fork. I can’t even log in, so I go to the Droplet service on DO, and log into the console.

    … and the screen fills with Apache error codes.

    A little Google-fu, and it appears that the site is getting hammered with XML-RPC requests, causing Apache to use all the memory, and essentially shutting down the droplet.

    The problem was that I could power it off, and on, but before I could SSH in, the site was jacked with the cascade of XML-RPC requests.

    Finally, I got in, and was able to apply a fix (also, documented well on the Digital Ocean support knowledge base), and got it back under control.

    Now, I have Cloudflare running interference, so that in the future if/when I get hammered like this again, I can block it without being locked out of my own VPS.

    A fun afternoon.

    (Background: The “Home2Baja site is a website I created for a friend who is selling his home in San Felipe, B.C. We use Google Adwords to drive traffic to it, and it gets 30 – 50 hits a day. Clearly someone pointed their attack vector at it, and it was getting 4,000 xml-rpc queries a second. No wonder why my measly 1gb droplet was getting inundated. Yes, there is a firewall, a fairly restrictive firewall, but these queries come via HTTP, or port 80.)

  • Russian Intervention in the 2016 US election

    Russian Intervention in the 2016 US election

    Yep, the Russians interfered with the election. Of course, the US has done this for over a century, so we shouldn’t be upset. Unlike many opinions flying around about how much outrage that the Russians (and Vladimir Putin) have interfered in the 2016 US presidential election, by hacking both the DNC and RNC servers and email. Of course they only released the goods on the Democrats, thereby putting a finger on the scale for the victor, Donald Trump.

    However, this outrage is a bit mislaid. Of course, a little googling will identify a long history of the US interfering in the affairs of other countries. From interventions to protect the US Fruit Company in Honduras in 1903, to the overthrow and coup d’état that installed the Shah of Iran in 1953, to repeated and long term intervention in Nicaragua, there is plenty of instances of the US government and CIA having their hand in the cookie jar. (more…)

  • Customer Success – Key Role

    Customer Success – Key Role

    The role of Customer Success Manager is a key part of the digital transformation of business, driving both ARR and Lifetime Customer Value up Digital Transformation, it’s all the rage, and doing a simple Google search yields a plethora of hits, from training to consultants, to the big market research companies, all weighing in. This wave of disruption continues to grow, and brings with it myriad opportunities to completely change the business.

    In a nutshell, in the late ‘oughts, with the introduction of the Apple iPhone, the convergence of ubiquitous network connectivity, and the rise of the “cloud,” the stage was set for yet another transformation of business. Suddenly, the paradigm of where you work, and what tasks you perform were being disrupted. From the simple: an app on your smartphone to approve purchase requisitions, to the complex: integration of the CRM, the Marketing systems, and the ERP system to provide deep insight into the function and flow of business, and much more were realized every day. (more…)

  • The Death of the (insert name here) Party

    The Death of the (insert name here) Party

    In the run up to the 2016 Presidential election, I heard pundit after pundit, and commenter after commenter bleating about how Trump’s candidacy was going to be the end of the Republican party. The fact that they nominated (with a full throated roar) such a terrible candidate, a narcissistic, racial pandering, xenophobic, serial sexual harassing, and in general boorish candidate, surely, this would destroy the Republican party.

    As tempting as it was (being a fairly liberal, mostly Democrat voting person) to back in the impending demise, and hapless wandering in the dark of the Republicans, daring to hope that even gaining the 20 or so seats in the house for a complete Democrat rout, I had to step back. (more…)

  • How Gullible are the Progressives

    How Gullible are the Progressives

    With all the recent focus on “fake” news and how much reinforcement happens in the echo chamber on Facebook, with the heavy bias for the conservative point of view, one would think that the progressives would be a bit more cautious, but alas, that appears to not be the case.

    The past few days, my Facebook timeline has been loaded with bogus stories about how two computer scientists claim that the results in Wisconsin, Michigan (which hasn’t certified yet) and Pennsylvania look anomalous, and that we should inundate the US DoJ to initiate a review, with a phone number. (more…)

  • A first brush with Time Machine

    A first brush with Time Machine

    As a long time Apple user, (one could say fanatic) I have just used TimeMachine as a set-it-and-forget-it technology. Buy a big external disk, plug it in, and point TimeMachine at it, and let it do its magic.

    Once, I had deleted a file, and I recovered it, pretty painlessly, but apart from that one incident, it has been in the background.

    Until recently.

    New iMac for Barbara

    (more…)

  • Upgrade Shenanigans – 16.04 LTS

    Upgrade Shenanigans – 16.04 LTS

    For a few months, every time I log into my droplets I get a banner advising me to upgrade to the new ubuntu 16.04LTS. I had hesitated as I worried that there would be repercussions.

    My first attempt, on a very simple droplet with an nginx webserver with a simple Ghost blog installed. It was a flipping disaster. nodes.js failed, the install broke the nginx, and after 4 hours of messing with it, I punted and restored the snapshot I took.

    Before the second attempt, I created a new droplet and built a fresh Ghost instantiation, and installed it from scratch. This time, I learned the proper install and setup. How to configure nginx properly, how to setup and install the Ghost package, and the big change in linux, the systemd.  (more…)

  • Book review: All the Birds in the Sky

    In the aftermath of the 2016 elections, the lead up to November 8th, I had been reading a lot of political history of the latter half of the 20th century. After The Donald won, I needed a change.

    While I have often found modern SciFi a bit hard to get into, I steeled myself and asked a High School friend, Chuck Serface for a couple of recommendations. First up was “All the Birds in the Sky” by Charlie Jane Anders,  which appeared on my Kindle as if by magic.

    That night, when I picked up my Kindle at bedtime, I fell into a trance, reading the entirety of the first “Book” (the novel is broken into 4 “Books” in a fairly natural divisions). I usually nod off after 15 minutes or so, strong praise indeed.

    (more…)

  • Good things are coming my way!

    Well, I have something VERY Important to say. Apparently, I have some money coming my way, as I have recently received an urgent communiqué from none other than the FED chairwoman, Janet Yellen, herself.

    Yessir, the good times are soon to be here in Casa Geoff. As you can see, from the email I have quoted below that it is a Major Award.

    From Mrs. Janet L Yellen

    Federal Reserve Bank New York.

    33 Liberty Street New

    York , NY 10045-0001.

    United States.

    Attention Geoff Anderson,

    The bank have re-opened your fund payment file/records again due to the high importance the authority and United States placed on the project that has lingered for too long, your inability to see the efforts and results been posted now and what is obtainable now and before has placed the fund under a serious threat of confiscation by the board. This very amount of $1.6 Million usd is very much available for assessment with the Federal Reserve Bank of America New York City .We want to bring smiles to all over due payments of American and other G7 Community citizens at this financial demanding season of financial year 2016 ending.

    We have taken steps been enforced by security investigative agents by inviting you to come down to the bank here in NEW York City USA to iron out security papers issue that will pave way for the deposition or delivery of the fund to you. But all our effort proved abortive due to your past ugly experience but the authority hereby plead for a re-think so that we can cooperate with the bank and have the fund transferred to you.

    This payment re-visitation comes up every last financial year. The management will after this very one stop further consultation to you if you fail to clear this fund from our custody and move to take over the financial allocation in order to meet the yearly financial obligation that is highly challenging.

    You are hereby advise to give this matter your adequate attention, you will be convinced with the due processing going on and removal of protocols and bureaucracy, this cash flow into your bank account/delivery if you can cooperate with the bank on due processing, it will aide you to revive your financial statue that has been under a serious threat at this festive time ahead. Give us a listening ear and have your fund just like others cleared from our custody.

    Waiting for your urgent reply!

    Regards,

    Mrs. Janet L Yellen

    Federal Reserve Bank New York

    I bet you are totally jealous.

    (Yes, this was submitted in a form on one of my websites. I guess the scammers are becoming ever cleverer)