I was looking for a virtual router for VMware ESXi for my home lab and I came across FREESCO – a nice lightweight very simple to use linux router on a floppy disk.  No worries for all you command-line-ophobes, it is managed via a web GUI.

 

Download: http://www.screencast.com/users/esloof/folders/FREESCO/

Instructions 1

Instructions 2

 

Update – this looked so promising but I received errors on booting and never got it working at all.  I tried the latest floppy image from sourceforge, but the same – no joy, so I looked for an alternative: m0n0wall

So.. I have had a Raspberry Pi for a little while – I tried OpenElec and Raspbmc and they were OK but didn’t blow me away enough to warrant replacing my PC running XBMC.  So I decided to use the Pi as a backup to my SheevaPlug home server running Debian and doing the simple task of email (Postfix, ASSP, Courier), web (Apache and MySQL), file serving (Samba), Zabbix (simple monitoring of remote VPS), Bind as its main functions.  The SheevaPlug has performed flawlessly in this regard for a good few years and hasn’t given any sign of failing, but I thought I would set up a Pi which could sync everything over on a regular basis, so I started to investigate how they compare performance wise.  Here is the low down of the SheevaPlug vs Raspberry Pi:

One thing to bear in mind for this comparison – the Raspberry Pi has nothing but plain Debian loaded, where as the SheevaPlug is running the services mentioned above, so although I stopped samba, I left Apache/MySQL etc still running, so this is by no means a fair or accurate test.

 

Disk Access More »

Following my latest indulgence to online/offsite backups (Amazon S3 and s3sync) I thought I should update the situation.  It is painfully slow when running a backup.  It should be just uploading changed files, but I guess crawling many files (~30,000) over numerous directories and doing the comparison with Amazon just doesn’t work nicely.  It would be fine for smaller numbers of files, but unfortunately not for my case.

I then tried s3cmd (Python based) with the sync option – quicker, but not great – it could still take 4-6 hours to do the entire backup run, even if only a handful of files have been changed.

I needed to think about if I was doing it the right way – backing up files natively.  I then came across tarsnap which uses S3 for storage – whilst I like the principle, the added costs work out nearly 3 times the cost of Amazon, as backups proxy through their servers to maintain the tars.  Nice idea, but too costly for me.

I then found duplicity whilst still beta it looks promising.  I am trialling it with a small data set for the moment, but initial impressions are good – it holds files in an index which is uploaded as a separate file, and handles incremental very well.  I have encrpyted using GPG, so there is some compression happening here as well.  I will update when I have run it for a month..

I thought I’d finally give this a go to complement my USB HDD backup strategy (ok at least one of them is kept off site, but it isn’t updated on a regular schedule).

It was dead easy to set up an S3 account via the AWS (Amazon Web Services) console.  I tried DragonDisk on Windows, and whilst it was OK for small file volumes, it lacked speed when synchronising larger (40GB, ~30,000 files).  It is still a useful tool for small file volumes, and provides a decent GUI.  I hadn’t even started on my email backups yet and it immediately struck me this wasn’t going to be viable, but seeing as everything is stored on my Sheevaplug, it made more sense to backup directly from this to Amazon’s S3.

I found s3sync which runs on Ruby – this was very easy to configure using this guide.  If I turn off the MD5 checking (it works on last modified date/time instead), then syncing is much much faster – more akin to the traditional rsync procedure.

I just came across this nifty little ARM GNU/Linux device aiming to sell with a target price of $25 – the Raspberry Pi.

It boasts some pretty powerful specs : USB2.0, HMDI out, RJ45 Ethernet on board, SD MMC and most interestingly the ability to play HD video.  This could make a feasible XBMC replacement for my ageing desktop multimedia PC, streaming video and audio to the TV.

Syncrify is an online backup software in 2 parts: server and client software.  It is multiplatform, incredibly easy to use and set up, and very reliable.  Installing on the Sheevaplug took a few extra steps than the documentation details, so hopefully this is useful for someone:

Notes: Installed to /opt/Syncrify

Startup script: /etc/init.d/syncrify

Pre Reqs: Java Run-Time.  This is tricky on the Sheevaplug/other Arm CPUs

 

Instructions

Install Java Run Time:

apt-get install default-jre

Download Syncrify, choosing the the other OS version, unpack:

wget http://synametrics.com/files/Syncrify/SyncrifyOther.tar.gz
tar –zxvf SyncrifyOther.tar.gz
chmod +x run.sh
Move to a suitable location.  I stuck with the default option for syncrify:
mkdir /opt/Syncrify
mv . /opt/Syncrify

Add the following to a new script in /etc/init.d/syncrify:


#! /bin/sh
### BEGIN INIT INFO
# Provides: syncrify
# Required-Start:
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# X-Interactive: true
# Short-Description: Start/stop syncrify backup service
### END INIT INFO

# Some things that run always
#touch /var/lock/syncrify

# Carry out specific functions when asked to by the system
case “$1” in
start)
echo “Starting script syncrify”
cd /opt/Syncrify
CP=
for i in `ls lib/*.jar`
do
CP=$CP:$i
done
echo $CP
java -server -Xmx512m -cp $CP -DLoggingConfigFile=logconfig.xml com.synametrics.sradef.BootLoader &

;;
stop)
echo “Stopping script syncrify”
ps aux | grep java | awk ‘{print $2}’ | awk ‘{print “kill -9 ” $1}’ | sh -v

;;
*)
echo “Usage: /etc/init.d/Syncrify {start|stop}”
exit 1
;;
esac

exit 0

 

Make the script executable:

chmod +x /etc/init.d/syncrify

Add to default startup:
update-rc.d syncrify defaults

The script will now be configured to start automatically.

run manually, but not required, unless for testing:

/opt/Syncrify/run.sh

To remove startup :

update-rc.d -f syncrify remove

Now point your browser at http://localhost:5800 (or your relevant IP/hostname) and start with the configuration of Syncrify.

 

install: apt-get install screen

type screen to get started

You are now in a shell inside the terminal

Ctrl-A – sends keys to the terminal

Ctrl-A then ? – shows help

Ctrl-A K or “exit” – Close screen session (kills windows)

Ctrl-A D – detaches from screen (leaves processes running)

screen -ls  – shows available screens

screen -r xxxx – xxxxx = session from screen -ls command  – reattaches to screen

 

To attach to a disconnected screen:

 

I am an admin for an Invision IPB.x v2 BB and over the last few days we have been hammered by spammers creating new accounts and posting new topics or replying to existing topics with various posts containing various links.  Most IPs seem to originate from Russia/China/Far East with a few from Europe and USA.  We already have a nifty mod written by another administrator which runs every 15 minutes and checks the result to a question asked at registration with a drop down answer.  The result of this question is stored against the user, and the 15 minute job checks for users with the wrong answer – if found it deletes the user and all posts associated with it.

Unfortunately some users still report the spam posts to an admin/mod and it has got quite tiresome, so I investigated further into fail2ban.  I already use it to check the SSH logs for invalid attempts, so I thought I would expand it to monitor Apache logs.

I retrieved the logs from a spammer at registration and compared them to a legitimate registration and found a few differences:

Legitimate registration:

x.x.x.x – – [05/Jan/2011:11:50:42 +0000] “GET /index.php?act=Reg&CODE=00 HTTP/1.1” 200 11197 “http://forum.alfa145.com/” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2)”
x.x.x.x – – [05/Jan/2011:11:50:42 +0000] “GET /index.php?act=task HTTP/1.1” 200 43 “http://forum.alfa145.com/index.php?act=Reg&CODE=00” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2)”
x.x.x.x – – [05/Jan/2011:11:50:43 +0000] “GET /style_images/jam/css_pp_header.gif HTTP/1.1” 200 763 “http://forum.alfa145.com/index.php?act=Reg&CODE=00” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2)”
x.x.x.x – – [05/Jan/2011:11:50:45 +0000] “POST /index.php?act=Reg&coppa_user=0&termsread=1&coppa_pass=1 HTTP/1.1” 200 13647 “http://forum.alfa145.com/index.php?act=Reg&CODE=00” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2)”
x.x.x.x – – [05/Jan/2011:11:50:45 +0000] “GET /jscripts/ipb_register.js HTTP/1.1” 200 11959 “http://forum.alfa145.com/index.php?act=Reg&coppa_user=0&termsread=1&coppa_pass=1” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2)”
x.x.x.x – – [05/Jan/2011:11:50:45 +0000] “GET /style_images/jam/spacer.gif HTTP/1.1” 200 43 “http://forum.alfa145.com/index.php?act=Reg&coppa_user=0&termsread=1&coppa_pass=1” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2)”
x.x.x.x – – [05/Jan/2011:11:50:46 +0000] “GET /index.php?act=task HTTP/1.1” 200 43 “http://forum.alfa145.com/index.php?act=Reg&coppa_user=0&termsread=1&coppa_pass=1” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2)”
x.x.x.x – – [05/Jan/2011:11:50:50 +0000] “GET /index.php?s=&act=xmlout&do=check-user-name&name=aj_test&__=1294228302933 HTTP/1.1” 200 8 “http://forum.alfa145.com/index.php?act=Reg&coppa_user=0&termsread=1&coppa_pass=1” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2)”
x.x.x.x – – [05/Jan/2011:11:50:50 +0000] “GET /style_images/jam/aff_tick.gif HTTP/1.1” 200 904 “http://forum.alfa145.com/index.php?act=Reg&coppa_user=0&termsread=1&coppa_pass=1” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2)”
x.x.x.x – – [05/Jan/2011:11:50:53 +0000] “GET /index.php?s=&act=xmlout&do=check-display-name&name=aj_test&__=1294228305808 HTTP/1.1” 200 8 “http://forum.alfa145.com/index.php?act=Reg&coppa_user=0&termsread=1&coppa_pass=1” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2)”
x.x.x.x – – [05/Jan/2011:11:51:04 +0000] “GET /index.php?s=&act=xmlout&do=check-email-address&email=adamcarter81@gmail.com&__=1294228316725 HTTP/1.1” 200 0 “http://forum.alfa145.com/index.php?act=Reg&coppa_user=0&termsread=1&coppa_pass=1” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2)”
x.x.x.x – – [05/Jan/2011:11:51:08 +0000] “GET /index.php?s=&act=xmlout&do=check-email-address&email=adamcarter81@gmail.com&__=1294228321304 HTTP/1.1” 200 0 “http://forum.alfa145.com/index.php?act=Reg&coppa_user=0&termsread=1&coppa_pass=1” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2)”
x.x.x.x – – [05/Jan/2011:11:51:34 +0000] “GET /index.php?s=&act=xmlout&do=check-email-address&email=adamcarter81@gmail.com&__=1294228346849 HTTP/1.1” 200 0 “http://forum.alfa145.com/index.php?act=Reg&coppa_user=0&termsread=1&coppa_pass=1” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2)”
x.x.x.x – – [05/Jan/2011:11:51:34 +0000] “GET /index.php?s=&act=xmlout&do=check-user-name&name=aj_test&__=1294228346851 HTTP/1.1” 200 8 “http://forum.alfa145.com/index.php?act=Reg&coppa_user=0&termsread=1&coppa_pass=1” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2)”
x.x.x.x – – [05/Jan/2011:11:51:34 +0000] “POST /index.php HTTP/1.1” 200 10566 “http://forum.alfa145.com/index.php?act=Reg&coppa_user=0&termsread=1&coppa_pass=1” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2)”
x.x.x.x – – [05/Jan/2011:11:51:34 +0000] “GET /index.php?s=&act=xmlout&do=check-display-name&name=aj_test&__=1294228346852 HTTP/1.1” 200 5 “http://forum.alfa145.com/index.php?act=Reg&coppa_user=0&termsread=1&coppa_pass=1” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2)”
x.x.x.x – – [05/Jan/2011:11:51:36 +0000] “GET /style_images/jam/aff_cross.gif HTTP/1.1” 200 331 “http://forum.alfa145.com/index.php?act=Reg&coppa_user=0&termsread=1&coppa_pass=1” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2)”
x.x.x.x – – [05/Jan/2011:11:51:36 +0000] “GET /index.php?act=task HTTP/1.1” 200 43 “http://forum.alfa145.com/index.php” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2)”

Spammer registration:

[root@server7941 forum.alfa145.com]# cat 20110105-access.log | grep 213.108.2.6
213.108.2.6 – – [05/Jan/2011:09:26:53 +0000] “GET / HTTP/1.0” 200 102979 “http://remroom.ru” “Opera/9.0 (Windows NT 5.1; U; en)”
213.108.2.6 – – [05/Jan/2011:09:26:53 +0000] “GET /index.php?showforum=6 HTTP/1.0” 200 89602 “http://forum.alfa145.com/index.php?showforum=6” “Opera/9.0 (Windows NT 5.1; U; en)”
213.108.2.6 – – [05/Jan/2011:09:26:54 +0000] “GET /index.php?act=post&do=new_post&f=6 HTTP/1.0” 200 50674 “http://forum.alfa145.com/index.php?act=post&do=new_post&f=6” “Opera/9.0 (Windows NT 5.1; U; en)”
213.108.2.6 – – [05/Jan/2011:09:26:55 +0000] “GET /index.php?act=Reg&CODE=00&coppa_pass=1 HTTP/1.0” 200 50934 “http://forum.alfa145.com/index.php?act=Reg&CODE=00&coppa_pass=1” “Opera/9.0 (Windows NT 5.1; U; en)”
213.108.2.6 – – [05/Jan/2011:09:26:55 +0000] “POST /index.php?act=Reg&coppa_user=0&termsread=1&coppa_pass=1 HTTP/1.0” 200 60189 “http://forum.alfa145.com/index.php?act=Reg&CODE=00&coppa_pass=1” “Opera/9.0 (Windows NT 5.1; U; en)”
213.108.2.6 – – [05/Jan/2011:09:26:58 +0000] “POST /index.php HTTP/1.0” 200 49269 “http://forum.alfa145.com/index.php?act=Reg&CODE=00&coppa_pass=1” “Opera/9.0 (Windows NT 5.1; U; en)”
213.108.2.6 – – [05/Jan/2011:09:31:46 +0000] “GET /index.php?act=Reg&CODE=03&uid=5949&aid=bb2b7bf1f1c7e654f005e6921268a32a HTTP/1.0” 200 0 “http://remroom.ru” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:46 +0000] “GET /index.php?&act=login&CODE=autologin&fromreg=1 HTTP/1.0” 200 41758 “http://forum.alfa145.com/index.php?&act=login&CODE=autologin&fromreg=1” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:46 +0000] “GET /index.php?act=login&CODE=00 HTTP/1.0” 200 51314 “http://forum.alfa145.com/index.php?act=login&CODE=00” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:47 +0000] “POST /index.php?act=Login&CODE=01 HTTP/1.0” 200 41342 “http://forum.alfa145.com/index.php?act=login&CODE=00” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:47 +0000] “GET /index.php? HTTP/1.0” 200 106492 “http://forum.alfa145.com/index.php?” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:48 +0000] “GET /index.php?act=UserCP&CODE=00 HTTP/1.0” 200 61359 “http://forum.alfa145.com/index.php?act=UserCP&CODE=00” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:48 +0000] “GET /index.php?act=UserCP&CODE=01 HTTP/1.0” 200 69116 “http://forum.alfa145.com/index.php?act=UserCP&CODE=01” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:49 +0000] “POST /index.php?auth_key=a2abe06ea8aaa81dd26edea5856c91f4 HTTP/1.0” 200 0 “http://forum.alfa145.com/index.php?act=UserCP&CODE=01” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:49 +0000] “GET /index.php?act=usercp&member_id=&CODE=01&___msg=settings_updated&md5check=a2abe06ea8aaa81dd26edea5856c91f4 HTTP/1.0” 200 69398 “http://forum.alfa145.com/index.php?act=usercp&member_id=&CODE=01&___msg=settings_updated&md5check=a2abe06ea8aaa81dd26edea5856c91f4” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:50 +0000] “GET /index.php?act=UserCP&CODE=22 HTTP/1.0” 200 75050 “http://forum.alfa145.com/index.php?act=UserCP&CODE=22” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:50 +0000] “POST /index.php?act=UserCP&CODE=23 HTTP/1.0” 200 0 “http://forum.alfa145.com/index.php?act=UserCP&CODE=22” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:50 +0000] “GET /index.php?act=UserCP&CODE=22 HTTP/1.0” 200 75264 “http://forum.alfa145.com/index.php?act=UserCP&CODE=22” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:51 +0000] “GET /index.php?act=UserCP&CODE=24 HTTP/1.0” 200 62602 “http://forum.alfa145.com/index.php?act=UserCP&CODE=24” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:52 +0000] “POST /index.php?auth_key=a2abe06ea8aaa81dd26edea5856c91f4 HTTP/1.0” 200 41383 “http://forum.alfa145.com/index.php?act=UserCP&CODE=24” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:52 +0000] “GET /index.php?act=UserCP&CODE=24 HTTP/1.0” 200 62714 “http://forum.alfa145.com/index.php?act=UserCP&CODE=24” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:52 +0000] “GET /index.php HTTP/1.0” 200 106492 “http://forum.alfa145.com/index.php” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:53 +0000] “GET /index.php?showforum=6 HTTP/1.0” 200 96591 “http://forum.alfa145.com/index.php?showforum=6” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:54 +0000] “GET /index.php?act=post&do=new_post&f=6 HTTP/1.0” 200 79182 “http://forum.alfa145.com/index.php?act=post&do=new_post&f=6” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:55 +0000] “POST /index.php? HTTP/1.0” 200 0 “http://forum.alfa145.com/index.php?act=post&do=new_post&f=6” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:55 +0000] “GET /index.php?showtopic=18782 HTTP/1.0” 200 81015 “http://forum.alfa145.com/index.php?showtopic=18782” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”

So immediately obvious was the referrer field was set to the same as the GET request in the spammer’s registration, so using fail2ban I created a new Jail and used the following regex to monitor Apache’s access log:

failregex = ^<HOST> -.*GET.*coppa_pass.* 200 .*coppa_pass.*$

I set it to ban after 1 match and so far it seems to be working – about 10 IPs get banned an hour and our 15 minute spammer clean up job has reported no user accounts have been deleted since running fail2ban, and new legitimate users have been created since.  Until the next spammer outbreak…

IPB Information on the latest spam outbreak here

[root@server7941 forum.alfa145.com]# cat 20110105-access.log | grep 213.108.2.6
213.108.2.6 – – [05/Jan/2011:09:26:53 +0000] “GET / HTTP/1.0” 200 102979 “http://remroom.ru” “Opera/9.0 (Windows NT 5.1; U; en)”
213.108.2.6 – – [05/Jan/2011:09:26:53 +0000] “GET /index.php?showforum=6 HTTP/1.0” 200 89602 “http://forum.alfa145.com/index.php?showforum=6” “Opera/9.0 (Windows NT 5.1; U; en)”
213.108.2.6 – – [05/Jan/2011:09:26:54 +0000] “GET /index.php?act=post&do=new_post&f=6 HTTP/1.0” 200 50674 “http://forum.alfa145.com/index.php?act=post&do=new_post&f=6” “Opera/9.0 (Windows NT 5.1; U; en)”
213.108.2.6 – – [05/Jan/2011:09:26:55 +0000] “GET /index.php?act=Reg&CODE=00&coppa_pass=1 HTTP/1.0” 200 50934 “http://forum.alfa145.com/index.php?act=Reg&CODE=00&coppa_pass=1” “Opera/9.0 (Windows NT 5.1; U; en)”
213.108.2.6 – – [05/Jan/2011:09:26:55 +0000] “POST /index.php?act=Reg&coppa_user=0&termsread=1&coppa_pass=1 HTTP/1.0” 200 60189 “http://forum.alfa145.com/index.php?act=Reg&CODE=00&coppa_pass=1” “Opera/9.0 (Windows NT 5.1; U; en)”
213.108.2.6 – – [05/Jan/2011:09:26:58 +0000] “POST /index.php HTTP/1.0” 200 49269 “http://forum.alfa145.com/index.php?act=Reg&CODE=00&coppa_pass=1” “Opera/9.0 (Windows NT 5.1; U; en)”
213.108.2.6 – – [05/Jan/2011:09:31:46 +0000] “GET /index.php?act=Reg&CODE=03&uid=5949&aid=bb2b7bf1f1c7e654f005e6921268a32a HTTP/1.0” 200 0 “http://remroom.ru” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:46 +0000] “GET /index.php?&act=login&CODE=autologin&fromreg=1 HTTP/1.0” 200 41758 “http://forum.alfa145.com/index.php?&act=login&CODE=autologin&fromreg=1” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:46 +0000] “GET /index.php?act=login&CODE=00 HTTP/1.0” 200 51314 “http://forum.alfa145.com/index.php?act=login&CODE=00” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:47 +0000] “POST /index.php?act=Login&CODE=01 HTTP/1.0” 200 41342 “http://forum.alfa145.com/index.php?act=login&CODE=00” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:47 +0000] “GET /index.php? HTTP/1.0” 200 106492 “http://forum.alfa145.com/index.php?” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:48 +0000] “GET /index.php?act=UserCP&CODE=00 HTTP/1.0” 200 61359 “http://forum.alfa145.com/index.php?act=UserCP&CODE=00” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:48 +0000] “GET /index.php?act=UserCP&CODE=01 HTTP/1.0” 200 69116 “http://forum.alfa145.com/index.php?act=UserCP&CODE=01” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:49 +0000] “POST /index.php?auth_key=a2abe06ea8aaa81dd26edea5856c91f4 HTTP/1.0” 200 0 “http://forum.alfa145.com/index.php?act=UserCP&CODE=01” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:49 +0000] “GET /index.php?act=usercp&member_id=&CODE=01&___msg=settings_updated&md5check=a2abe06ea8aaa81dd26edea5856c91f4 HTTP/1.0” 200 69398 “http://forum.alfa145.com/index.php?act=usercp&member_id=&CODE=01&___msg=settings_updated&md5check=a2abe06ea8aaa81dd26edea5856c91f4” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:50 +0000] “GET /index.php?act=UserCP&CODE=22 HTTP/1.0” 200 75050 “http://forum.alfa145.com/index.php?act=UserCP&CODE=22” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:50 +0000] “POST /index.php?act=UserCP&CODE=23 HTTP/1.0” 200 0 “http://forum.alfa145.com/index.php?act=UserCP&CODE=22” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:50 +0000] “GET /index.php?act=UserCP&CODE=22 HTTP/1.0” 200 75264 “http://forum.alfa145.com/index.php?act=UserCP&CODE=22” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:51 +0000] “GET /index.php?act=UserCP&CODE=24 HTTP/1.0” 200 62602 “http://forum.alfa145.com/index.php?act=UserCP&CODE=24” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:52 +0000] “POST /index.php?auth_key=a2abe06ea8aaa81dd26edea5856c91f4 HTTP/1.0” 200 41383 “http://forum.alfa145.com/index.php?act=UserCP&CODE=24” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:52 +0000] “GET /index.php?act=UserCP&CODE=24 HTTP/1.0” 200 62714 “http://forum.alfa145.com/index.php?act=UserCP&CODE=24” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:52 +0000] “GET /index.php HTTP/1.0” 200 106492 “http://forum.alfa145.com/index.php” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:53 +0000] “GET /index.php?showforum=6 HTTP/1.0” 200 96591 “http://forum.alfa145.com/index.php?showforum=6” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:54 +0000] “GET /index.php?act=post&do=new_post&f=6 HTTP/1.0” 200 79182 “http://forum.alfa145.com/index.php?act=post&do=new_post&f=6” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:55 +0000] “POST /index.php? HTTP/1.0” 200 0 “http://forum.alfa145.com/index.php?act=post&do=new_post&f=6” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
213.108.2.6 – – [05/Jan/2011:09:31:55 +0000] “GET /index.php?showtopic=18782 HTTP/1.0” 200 81015 “http://forum.alfa145.com/index.php?showtopic=18782” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”

Rsync for Windows – what a great tool. CWRSync – The package that is rsync for Windows (bundled with Cygwin, OpenSSH, OpenSSL, Rsync). Pretty easy to install (latest version here).
Can be a PITA to set up correctly. I am trying to rsync from Windows Server 2003 to my Centos VPS via SSH, which after a few hours of head bashing finally works. The command line help could be a little bit more infomative!

There is a batch file template included, and the forums can be found on the download site linked to above, and of course Google. The gist of getting this to work is along the lines of:

SET HOME=%HOMEDRIVE%%HOMEPATH%

(Sets environment variable)

 cd "c:\program files\cwrsync\bin"
 ssh-keygen -t rsa -N ''

(just go with the defaults, or change the file location)

Copy the SSH keys to your server:

C:\Program Files\cwRsync\bin>rsync -avz -e "./ssh -p xxxxx" "./id_rsa.pub" user@hostname.com:.ssh/authorized_keys

xxxxx=port SSH is listening on if changed away from default

Restart SSH on the server and it should pick up the new keys

To then sync stuff, try the following syntax which worked for me:

C:\Program Files\cwRsync\bin>rsync -av --chmod u+rwx -e "./ssh -i id_rsa -p xxxxx" user@hostname.com:/var/www/ "/cygdrive/d/backup/www"

xxxxx=port SSH is listening on if changed away from default

Change the paths as requred and you should be good to go. This works quite nicely, especially when scheduled as a scheduled task.

I got this error when trying to set up software RAID 0 on 2 different SATA drives.  I set the usual boot, swap partitions, created 2 x ext4’s, created the md0 array and then mounted it as /root.  Did the obligatory format and the install started…. but then errored at installing the base system (I forget the percentag with Insert Media 9.10_Karmic_Koala and the options were Media or OK (iirc).  Neither did anything, I couldn’t eject the DVD to ensure it was clean.

So I rebooted, wiped the DVD (it was clean anyway), and retried – same error.

I then rebooted, ran a media check just in case it didn’t burn correctly (it did pass a verify after burning), and the media check passed.  Just for fun I thought I’d try the install again – and it sailed straight through installing base.  Weird.

I was expecting it to be a bug in the installer and to copy the .iso to a USB drive, ctrl-alt-F2 the install and mount the iso as the cdrom just incase it didn’t get on with my drive (an LG something), but didn’t have to.

Bug on 9.04 here, may or may not be related: http://ubuntuforums.org/showthread.php?p=8347533