James Batchelor – Page 8 – Useful I.T. & VoIP Ramblings

Faith Restored In ISPs

Recently I had an attack on this website, as I run a WordPress site this is not an isolated incident. However, in this instance it was a rather aggressive attack compared to the bandwidth I have available. The attacker in this case was saturating my connection with POST commands to wp-login.php as apposed to the usual attacker who send requests every few seconds, in an attempt I presume to not be noticed.

Knowing that this was a sustained attack I first turned to enabling Windows authentication to wp-login.php, this made things worse as the data sent from a HTTP 401 error to this page used more data than WordPress denying access.

A 401 error transfers more data than a 200 error.

Failing this, I blocked the IP address from IIS so it will return a 403 error, this brought the data sent back down to normal but still the attack continued.

As a last resort, I performed a lookup on the attacking IP via the WHOIS database, and discovered the attacking computer was on a hosted server in Malaysia:

% [whois.apnic.net]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

% Information related to '183.81.162.0 - 183.81.162.255'

inetnum:        183.81.162.0 - 183.81.162.255
netname:        IPSERVERONE-MY
descr:          IPSERVERONE - Co-location - AIMS Data Center
country:        MY
address:        L7-13, Level 7, Brem Mall,
address:        Jalan Kepong, 52000,
address:        Kuala Lumpur
e-mail:         abuse@ipserverone.com
abuse-mailbox:  abuse@ipserverone.com
phone:          +60-3-625-95-625
fax-no:         +60-3-625-95-629
e-mail:         ipnoc@ipserverone.com

% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (WHOIS4)

The website dawhois.com was the first best match and reveled that the hosting service for this site was ipserverone.com, and in desperation to solve this I contacted the abuse email listed above.

I have often contact ISPs in this method when receiving an attack, but none have come to fruition, not even a response, this time I got an answer:

Hi James,

We are sorry to hear that, could you please verify now, is still got attack to your site?

Checking that the attack is still going on, I replied that is is still happening:

Hi James,

Seems that I’ve disabled an access few sites that contain suspicious codes.

Is the issue persist?

Checking again, it stopped! Guessing from the fact that the attack continued after changing responses from my server to 401 and 403, it was a bot running, but many thanks to Mohd and the people at ipserverone for stopping this attack and giving me back my bandwidth!

Why To Check Your Log Files

Since I run this blog from from my home web server, I have quick access to the web logs to see how my site is doing, I check this on an infrequent basis but always revisit them to see who/what is looking at my site.

My normal routine is to simply look at the log folder to see the file size of the daily logs, I’m used to seeing spikes in my traffic, caused by bots trying to guess my WordPress admin password, however on 20th December the file size was abnormally high, a look at the log shows a barrage of requests for only one image file:

Many IPs with different meta data all wanting the same file.

A look at the referring page in the logs pointed to a forum for people looking for freebies, and a popular forum at that! A forum user trying to get their point across about what Sky Router they had Google searched it, found my image and linked it on the forum post.

I didn’t necessarily have a problem with this, since it was a “not for profit” point, but my beef was that the user decided to link the raw 4320 x 2880 image taken off my bridge camera, weighing in at 4.87MB!

On the forum a few grumbles over the image started to appear, all about it causing long page load times, No shit! At my current upload speed it takes 76 seconds to download, couple that with around 5 requests per min it would take much longer.

Lessons Learned:

Watch your logs for spikes, content used on more popular websites.
Be aware that when you upload an image to WordPress, it keeps the original size for the expanded view.
Make sure ALL the content you host on your home server is tailored for the bandwidth, as you never know what may be used!

FOOTNOTE:

The forum post that my image was linked to was about an offer to get a free Sky Wireless Booster. So I thought I may as well:

RDP on iPad

I originally purchased my iPad so I could peruse the net from the comfort of my sofa, and so far I’m impressed with what I can actually achieve on it. The limitations if iOS and the form factor over my trusty laptop are there, but I’m trying to blur the differences.

Apart from the almost impossible-to-use spreadsheets, I kept referring to the laptop when I needed to Remote Desktop into my server. Luckily there is an iOS solution for this in the guise of the Desktop RDP app.

I had the free version on my iPhone, but due to the small screen being productive was impossibly tedious, and so was left on my phone for server emergencies.

The iPad version however, is a lot more feasible, setting it to connect to my Win 2003 server with a screen resolution of 1024×768 means that the desktop can be controlled with all the desktop in view.

The paid version of Desktop RDP includes the full keyboard, and the ability to drag and right click, something of a necessity for windows, but the more clever users the get along in the free versions without these “perks”, although I wonder if it is not worth the £3.99 for these.

Looking for apps that allow you do what on a PC would be easy is a perilous journey, and in the case if trying to find a suitable office app, an expensive one. But I am glad, if not relieved that this purchase turned our to be a good one.

If I’m out on the wilderness armed only with an iPad and need the features of a PC, I can now just RDP into my server to get the best of both worlds, a lot better than lugging around my desktop replacement notebook.

New iPad!

Hello,

It has been a while since my last post on this blog, I have a few hints and tips to put on here but my obsession with perfection and formatting get in the way of posts making it here.

However I have just taken receipt of the new iPad … 4 …. Retina … I don’t know what it is officially classed as. But I soon discovered the WordPress app for iPad, that is compatible with blogs hosted on own servers. 20130425-173231

Hopefully more posts will be on the way!

Until then, here is a quick snap to test it’s photo ability.

Why I hate the cloud!

Call me cynical, but I’ve always hated “the cloud”, maybe it was due to my love of personal servers that a person (me) would have complete control over. Or maybe that it was the fact that you have to essentially hand over all your data, user base, posts, comments etcetera over to a third party company that unless you comb through the terms and conditions, can do what they like with it.

My first venture into this came about before it was even called “the cloud”, I was setting up a guestbook system to work on my otherwise static only website, this meant signing up to one of those “guestbook websites” such as Html Gear, which later became part of Lycos. In those days of 2001+ my biggest bugbear was the adverts that always accompanied a free guestbook setup.

Even though the static web pages I created with links to guestbook sites have long past, I have enjoyed reminiscing the past posts on the guestbook of my creations, made possible only by looking through the backups of old websites and extracting the obscure URL from the HTML.

Alas, on my recent nostalgic trip of past websites I was met by this handy message:

Thanks I thought, my piece of data that I thought would carry me till my twilight years has been suddenly ripped from my heart. A bit dramatic, but that’s what I thought.

Travelling back to early 2001, I simply didn’t have the resource to host a guestbook locally, whether it be with hosted solutions that did not allow dynamic code (remember Geocities), or my own first home server that did not have the power to process code without time-outs.

Since then I quickly learnt to try my best at hosting forums (the then next step after guestbooks) locally on my own server, free to dispose of the data as I wish. In the years that follow I realise it may be a pain to find/write the code to display the data as it was, but I will always have that data close to me, free to read the raw database and exercise my nostalgia.

Furthermore, this event takes me back to when me and my peers used a service called MSN Groups, those of you that remember the acronym MSN assume that it is now doomed. It is, with all of our social commentary and all photos since deleted “cos it’s on MSN so we don’t need to keep our own local copy”.

Be warned, the cloud may be a quick, cheap and easy alternative to learning things properly, but rest assured the data you create WILL NOT be around forever, or even long enough for you to get bored of it.

If you run a website where you are dealing with data, guestbook, forums etc. Get your own server! Or least a service that allows you to pull all the data to a local copy.

Major Internet Outage

Last week my websites suffered their first major outage since I got my new server in April 2011. Luckily it wasn’t the server itself, but twas the internet connection that let me down.

I took delivery of a Netgear FVS318N router to replace a basic hub, installed it and did a bit of cable management which involved unplugging my Sagem F@st 2504 that I use as a modem.

However upon powering up the Sagem after tidying cables, it has no life, apart from this strange arrangement of light on the front:

I called Sky (my ISP) support who happily informed me that there is a common issue with the power supply to the Sagem router that caused them to fail. Wanting to get back on the net immediately and conversation about a replacement power supply giving vague delivery lead times, I opted to purchase the new Sky branded router (dubbed the Sky Hub):

The outage lasted 5 days as I waited for delivery of the new modem. An annoyance of this is that I had a spare, working ADSL modem but this could not be used as Sky does not give out the credentials to log on to their network, instead choosing to pre-load them on the modem before shipping.

Overall its an example of the unexpected issues that can arise when running a home server on a budget.

BOOTNOTE:

It has been mentioned in many Sky internet forums that using an unapproved Sky router, i.e. one not supplied by Sky, will be in breach of the Terms & Conditions. However whilst on the phone to Sky broadband technical support the representative told me that it was acceptable to use a 3rd party router if the user was confident and acknowledged that no support would be given unless a Sky provided router was used.

The case may be that you still need to hand over the cash to Sky for one of their routers and keep it to hand, but after that the choice is yours!

Installing HP Printer on Windows Server 2003

Connecting a printer to a server compared to a desktop system is not as straight forward as it may be perceived. Whether the manufacturers software simply refuses to install on Windows 2003 or insists on adding a load of bloatware on your system, here is how to get around it:

Step 1: Start by downloading the basic version of the drivers from the HP website, choose Windows XP drivers if there are none for Windows 2003

Step 2: Open the executable file, allow it to extract and display the first setup screen. Here, depending on the printer chosen it may let you continue with the setup, or stop the installation there telling you the operating system is not supported.

Whatever the installation screen displays, DO NOT CLOSE THE WINDOW, while its open all the files you need are made available. Next navigate to your temp folder. TIP: Go to Start Menu à Run, and type %temp%. This will bring up your temp files.

In the temp folder, look for a folder containing the setup files that were extracted as part of the installation, it will usually have .inf files that contain the printer model as part of the filename, below is an example of the drivers to install a HP C4700:

Photosmart-3 — Look for references in the file names that match your printer’s

Step 3: At this point its best to copy (not move) the contents of the folder to a more convenient location. When a copy is made, you can close the installation utility as you have all the files in a new location.

Now navigate to Start > Settings > Printers and Faxes, and then start the Add new printer wizard.

After the intro splash, choose “Local printer attached to this computer” and un-check the box for “Automatically detect and install my Plug and Play printer”

Note: Step 4 is for installing a printer over a network, if you are connecting via USB, skip to step 5.

Step 4: Click next, on the next screen you will want to select “Create a new port” and choose “Standard TCP/IP port” from the drop-down menu, as below:

This brings up a new wizard, after the intro splash onto the add port screen, type the IP address of the printer:

NOTE: To save reconfiguration in the future, remember to set the printer to have a static IP address as you are not installing the program that find the printer on a dynamic IP address.

The next screen, leave the settings as a “Standard device type” and “Generic network card”. Clicking next brings you to printer software screen.

Step 5: Click the “Have Disk” button and navigate to the copy of the installation files.

Photosmart-6 — Choose the most generic file name.

Only .inf files show, and you want to choose the most generic file name that is similar to your device, in this case above hpC4700.inf seems the most obvious.

If the right file has been chosen, you see your printer display as below.

If you get a warning message about a digital signature, choose “Continue Anyways”, but make sure you downloaded the drivers from a reputable site, such as the official HP website.

The installation wizards copies the files, then choose to print a test page to make sure all is well, and your HP printer appears in your printers folder.

Net Killing RPi – SOLVED!!

With my troubleshooting exhausted, I turned to the Raspberry Pi forums in hope of some new ideas on how to fix it.

I was not disappointed. I quickly got answers pointing towards RF issues around the HDMI cable or grounding of the Pi/TV.

Ferrite clips along the HDMI and power cables failed, and initially grounding failed due to the fact I was using the whole 10 metres of cable I purchased to ground the Pi. Thinking this may be causing a lot of resistance for the low current used, I shortened it to around 50cm and…

Hooorah!

The Raspberry Pi and my internet working in close proximity and perfect harmony. The solution is to attach one end of a short wire to the HDMI port of the Pi, and the other end is attached to the ground pin of a standard socket plug.

This has been an expensive problem for me, 2 HDMI cables, a shielded RJ11 cable for the ADSL connection and a bunch of ferrite clips/rings when all I needed was a £2.39 piece of wire from Maplin. At least one benefit of this expense is the increased broadband speed, provided by the shielded RJ11 cable, taking my connection from 2.5Mbps to 3.2Mbps.

Its all working now, taking its place tucked behind the TV and providing me with a great media player solution, the abilility to control XBMC with my Bravia TV remote is an excellent feature.

My forum thread on the RPi forums can be found here.

Net killing RPi – Getting Somewhere…

In my last post I was a confussled mess, failing to get my head around how a network device (The Raspberry Pi) could cripple an exclusive function of my router.

I decided to troubleshoot the issue further, I set up a basic ping to help me pinpoint when the internet was going down

After performing some basic troubleshooting, it transpired that the fault was happening whenever the HDMI cable was connected to the Pi and my Television (Sony Bravia EX4-32).

Ping results after HDMI cable connected.

Thinking it was a bad HDMI cable, I bought another, but to no avail. My next brainwave was that the Pi was emitting EMI (or RFI) which drove me to buy a 10 metre HDMI cable to get the Pi as far away from my router and other networking equipment, alas this didn’t work either.

Troubleshooting further, it turned out that the HDMI cable didn’t need to be properly connected, mealy touching the Pi on any metallic part will cause the internet to cease.

So in essence I am still no closer to solving my Pi/Internet mystery, if you can help me please comment!

All other HDMI works fine as I am now using the 10m HDMI cable as a screen extender on my laptop.

Bootnote:

In my previous post I signed off by stating that that the Pi and my internet were working in harmony. However it turned out that my modem had dialled back my downstream internet speed to 1.5Mbps instead of the usual 3Mbps, normally a result of the modem trying to obtain a more stable internet connection due to, lets say, interference on the line!

RPi kills my internet

It was all going so well, got my Raspberry Pi and after the initial fiddle with Debian Squeeze I got another SD card and put Raspbmc on it, things were great!

Only niggle in my head was that the card I put Raspbmc on was 8GB, and that bigger card would be put to better use in my camera that was using a 4GB card. I thought it would be no problem to reformat cards and swap them over?

Wrong!

The 8GB in the camera was fine, and I used the Raspbmc installer as before to load it on the new SD card. The trouble was that when first booted up the Pi, it seemed to freeze on the

Sending HTTP request to server

No problem I thought, hop on my laptop and find out if other users experienced the same. But low and behold the internet on my laptop ceased to to work, with strange requests for proxy passwords to sites like Facebook and even the Weather gadget on Win 7!

First thoughts were that I cooked my router, as I been downloading a lot and on a warm day to (yes there was a warm day … I think!). But after it was off for as long as I could stand, powered it back on and normal service was resumed.

After rebooting all network equipment it finally dawned that the internet would go down for everything connected to my network when the Pi was powered up! I had never experienced this before and could not for the life of me fathom it out. I thought that it had a defect in the Pi meant that some sort of power surge was knocking out the system? This was quickly dismissed as local traffic was unaffected, meaning the network hardware was operating normally.

A quick glance at my Sky broadband supplied Sagem F@ST 2504 modem showed the internet connection had failed, with the internet indicator glowing orange with a red pulse every second. Stranger still, upon unplugging the Raspberry Pi, connection to the net restored within seconds!

So how can a network device have the ability to target and destroy an internet connection? Its my understanding that a Pi has no ability to retain settings other than whats stored on a SD card, but this issue continued when using two different memory cards.

Drilling down to an extreme form of troubleshooting, all network devices, including my second switch/access point was disconnected from the Sagem router. leaving just the Pi connected. Then from Midori on Debian Squeeze (remembering that the internal network was unaffected) rebooted the router using the web interface.

Suddenly the Pi could connect, attaching my whole network back together I found that everything was back to normal,

Laptop, Pi, iPhone, everything!

And this is the worst thing, I don’t know what caused this, and what I specifically did in the reboot process that solved it?

So I would love to hear if this has happened to you, and if there was something you can pinpoint as the issue? This one has got me completely stumped!