Guess it's time to give back to the community....a few years ago, I wrote a custom script to continually tail out lines at a time from/var/log/auth.log and null route the bad ip's....to date, I have 4316 ip's null routed. I have the following script running as a background job initiated from/etc/rc.local hope this is helpful to people.
----begin---- #!/bin/bash # script to sense bad ssh or ftp login tries from the same ip address while [ 1 ]; do # block known linux service user accounts ssh attempts previous=0; i=0; for badip in `awk '/sshd/ &&/Failed password for/'/var/log/auth.log | egrep -i "root|bin|daemon|adm|lp|sync|shutdown|halt|mail|news|uucp|operator|games|rpm|vcsa|rpc|xfs|apache|rpcuser|sshd|ftp|kamphor|named|messagebus|haldaemon|ntp|openvpn|x11|polkituser|avahi|avahi-autoipd|htdig|pulse" | awk '{print $11}'| tail -100 | sort | uniq`; do if ! `grep -q $badip/etc/hosts.deny`; then echo "ALL: $badip" >>/etc/hosts.deny; echo "route add -host $badip gw 127.0.0.1" >>/etc/routeblock.sh route add -host $badip gw 127.0.0.1; fi done
# null route any attempt at non-existant users for ssh attempts previous=0; i=0; for badip in `awk '/sshd/ &&/invalid user/ {print $13}'/var/log/auth.log | tail -100 | sort | uniq`; do if ! `grep -q $badip/etc/hosts.deny`; then echo "ALL: $badip" >>/etc/hosts.deny; echo "route add -host $badip gw 127.0.0.1" >>/etc/routeblock.sh route add -host $badip gw 127.0.0.1; fi done # scan for behavior - probe ssh then try password previous=0; i=0; # first loop- check for ssh probe for badip in `awk '/sshd/ &&/not receive identification string/ {print $12}'/var/log/auth.log | tail -2`; do if [ $previous == $badip ]; then i=`expr $i + 1`; # echo "in spoofed checker $badip $i" else i=0; fi #echo "these are the bad ip addresses: $badip $previous $i"; previous=$badip; done # end first for loop #start second loop - check for failed logins for badip2 in `grep $badip/var/log/auth.log | awk '/sshd/ &&/Failed/ {print $11}' | tail -2`; do if [ $previous == $badip2 ]; then i=`expr $i + 1`; # echo "in spoofed checker $badip2 $i" else i=0; fi if [ $i -ge 3 ]; then
I nearly lost my whole filesystem. It's a good thing I had a backup core system on reiserfs to boot from and run fsck.
from what I understand, it's a problem with the ext4 journaling system and metadata.
this link has info on the journal problem...which may have already been patched in the current kernels.
http://lwn.net/Articles/284037/
wiki page for ext4 - bottom has a fix for the problem:
http://wiki.archlinux.org/index.php/Ext4
essentially, mounting and ext4 filesystem with option "data=ordered" helped my system out. since I have enabled this mount option, my filesystem is now stable even after hard reboots or power failures.
Hope this helps out people as it did me!
-Kamphor
This actually happened to me like 2 years ago. First time was a letter in the mail from Comcast stating that I should check my [wireless] network security, if I use wireless, and enable WEP/WPA so that other people cannot leech off my broadband connection. The second time, they put my cable modem on "abusive mode" which gave it an internal ip address for the comcast network. I think at this point, I was only able to go to the main comcast web page. I had to call them up and release the restriction, but they told me that if I exceed the aggregate bandwidth transfer cap/limit/number, then I would have to find another isp.
Now, Comcast offers tiered service: standard 4/384, 6/384, and 8/768. I would assume that purchasing the higher tiers would in essence increase the aggregate transfer limit cap by that fraction. There was a massive download I wanted totaling 80gig by itself, and before I downloaded it, purchased the highest tier. The 3rd tier is essentially double that of the standard service, so if 90gigs a month was the magic number, then my new cap should be 180gigs a month. Ever since then, I haven't had a problem with my transfers (knock on wood!).
not quite the largest plasma screen....
on
CES 2004 Coverage
·
· Score: 5, Informative
"This 76in plasma screen is the largest in the world." - from TrustedReview's website
here's a link from dell's website selling an NEC 84inch plasma monitor!
forgot to vent one other thing. Comcast sent notices/advertised the upgrade in network speeds. before the upgrade, my max was close to 200kbytes/s down and 15kbytes/s up. The upgrade basically doubled the bandwidth to 380kbytes/s down and 30kbytes/s up.
My major complaint concerns this upgrade! If you double the bandwidth, shouldn't you also double the cap?!?!? I think the whole bandwidth limitation thing sucks big time!
Yeah...I got one of those letters and ingnored it. I usually run a crap load of bittorrents. So I'm pretty sure that's the cause ^_^; After I got the letter, I toned down my bt usage...but started it back up again. The next thing that happened was they set my cable modem on "Abusive mode". During the inital setup/connection phase, the dhcp server will issue you an internal ip address instead of a public address. They didn't even send a letter or call me. They waited for me to call and stated that my service was on suspension because of excessive bandwidth usage.
I am now looking for another alternative to comcrap service. I'm getting tired of connection drops which I've noticed happens a lot in bad weather for some reason (they had to splice a new line cable line to the neighborhood box because it was damaged underground).
What really gets me is the at the bottom of the letter. They letter informs you that there is a business class version of cable internet. I called up that division of sales and they refused to help me because of the letter I got...said "We [business class service] can't help you because you're generating too much traffic." and suggested a t line. No way I'm spending 500bucks a month for a t line.
They're just in it to get the money. IMO, it think it's completely insane to offer business class service which **still** rides on the same physical medium connected to the neighborhood! This is why I'm shopping around for new service.
right now I'm off suspension, but they said if it happens a 3rd time, I'm terminated. hopefully I can find a better isp before that happens!
I've been reading a lot of messages here and see CGI instead of CG. I can understand how people can get confuse...because "the web" has been pervasive in our every day life.
However, am I right in trying to clarify to people that CG is Computer Graphics and not CGI???
That still doesn't count out hard drive failure. I know that hard disk technology has gotten pretty good and mean time between failure is increasing as the years progress. I still wouldn't bet my money on backing up to hard disks. Hard disks will still fail, and *then*...exactly how are you supposed to recover that data. Tape backups seem to be the best way to approach this issue.
They are pretty much durable. You can drop a data tape 3-4 feet from the ground and not worry since there are no disk platters or heads. It's just magnetic media. And if the drive fails, you can just buy a new drive compatible with your media and recover. I bet you can't do that with out great effort on hard disks (ie: obtaining exactly the same hard disk you had and doing a transplant; either controller or platters?).
I personally back up to dvdr's though. My main computer is just used to grab bit torrents or compress video which I burn to dvdr's anyway. I do maintain a ghosted compressed image of my computer but only the bare essentials. I can always reinstall whatever application I need later. Also, the only other media I use is cdrw's...just to backup saves of games that I play ^_^;
Slashdot Mirror
Guess it's time to give back to the community....a few years ago, I wrote a custom script to continually tail out lines at a time from /var/log/auth.log and null route the bad ip's....to date, I have 4316 ip's null routed. I have the following script running as a background job initiated from /etc/rc.local hope this is helpful to people.
/Failed password for /' /var/log/auth.log | egrep -i "root|bin|daemon|adm|lp|sync|shutdown|halt|mail|news|uucp|operator|games|rpm|vcsa|rpc|xfs|apache|rpcuser|sshd|ftp|kamphor|named|messagebus|haldaemon|ntp|openvpn|x11|polkituser|avahi|avahi-autoipd|htdig|pulse" | awk '{print $11}'| tail -100 | sort | uniq`; /etc/hosts.deny`; then /etc/hosts.deny; /etc/routeblock.sh
/invalid user/ {print $13}' /var/log/auth.log | tail -100 | sort | uniq`; /etc/hosts.deny`; then /etc/hosts.deny; /etc/routeblock.sh /not receive identification string/ {print $12}' /var/log/auth.log | tail -2`; /var/log/auth.log | awk '/sshd/ && /Failed/ {print $11}' | tail -2`;
----begin----
#!/bin/bash
# script to sense bad ssh or ftp login tries from the same ip address
while [ 1 ];
do
# block known linux service user accounts ssh attempts
previous=0;
i=0;
for badip in `awk '/sshd/ &&
do
if ! `grep -q $badip
echo "ALL: $badip" >>
echo "route add -host $badip gw 127.0.0.1" >>
route add -host $badip gw 127.0.0.1;
fi
done
# null route any attempt at non-existant users for ssh attempts
previous=0;
i=0;
for badip in `awk '/sshd/ &&
do
if ! `grep -q $badip
echo "ALL: $badip" >>
echo "route add -host $badip gw 127.0.0.1" >>
route add -host $badip gw 127.0.0.1;
fi
done
# scan for behavior - probe ssh then try password
previous=0;
i=0;
# first loop- check for ssh probe
for badip in `awk '/sshd/ &&
do
if [ $previous == $badip ]; then
i=`expr $i + 1`;
# echo "in spoofed checker $badip $i"
else
i=0;
fi
#echo "these are the bad ip addresses: $badip $previous $i";
previous=$badip;
done
# end first for loop
#start second loop - check for failed logins
for badip2 in `grep $badip
do
if [ $previous == $badip2 ]; then
i=`expr $i + 1`;
# echo "in spoofed checker $badip2 $i"
else
i=0;
fi
if [ $i -ge 3 ]; then
I nearly lost my whole filesystem. It's a good thing I had a backup core system on reiserfs to boot from and run fsck. from what I understand, it's a problem with the ext4 journaling system and metadata. this link has info on the journal problem...which may have already been patched in the current kernels. http://lwn.net/Articles/284037/ wiki page for ext4 - bottom has a fix for the problem: http://wiki.archlinux.org/index.php/Ext4 essentially, mounting and ext4 filesystem with option "data=ordered" helped my system out. since I have enabled this mount option, my filesystem is now stable even after hard reboots or power failures. Hope this helps out people as it did me! -Kamphor
This actually happened to me like 2 years ago. First time was a letter in the mail from Comcast stating that I should check my [wireless] network security, if I use wireless, and enable WEP/WPA so that other people cannot leech off my broadband connection. The second time, they put my cable modem on "abusive mode" which gave it an internal ip address for the comcast network. I think at this point, I was only able to go to the main comcast web page. I had to call them up and release the restriction, but they told me that if I exceed the aggregate bandwidth transfer cap/limit/number, then I would have to find another isp. Now, Comcast offers tiered service: standard 4/384, 6/384, and 8/768. I would assume that purchasing the higher tiers would in essence increase the aggregate transfer limit cap by that fraction. There was a massive download I wanted totaling 80gig by itself, and before I downloaded it, purchased the highest tier. The 3rd tier is essentially double that of the standard service, so if 90gigs a month was the magic number, then my new cap should be 180gigs a month. Ever since then, I haven't had a problem with my transfers (knock on wood!).
"This 76in plasma screen is the largest in the world." - from TrustedReview's website
here's a link from dell's website selling an NEC 84inch plasma monitor!
http://accessories.us.dell.com/sna/productdetail.
forgot to vent one other thing. Comcast sent notices/advertised the upgrade in network speeds. before the upgrade, my max was close to 200kbytes/s down and 15kbytes/s up. The upgrade basically doubled the bandwidth to 380kbytes/s down and 30kbytes/s up.
My major complaint concerns this upgrade! If you double the bandwidth, shouldn't you also double the cap?!?!? I think the whole bandwidth limitation thing sucks big time!
Yeah...I got one of those letters and ingnored it. I usually run a crap load of bittorrents. So I'm pretty sure that's the cause ^_^; After I got the letter, I toned down my bt usage...but started it back up again. The next thing that happened was they set my cable modem on "Abusive mode". During the inital setup/connection phase, the dhcp server will issue you an internal ip address instead of a public address. They didn't even send a letter or call me. They waited for me to call and stated that my service was on suspension because of excessive bandwidth usage.
I am now looking for another alternative to comcrap service. I'm getting tired of connection drops which I've noticed happens a lot in bad weather for some reason (they had to splice a new line cable line to the neighborhood box because it was damaged underground).
What really gets me is the at the bottom of the letter. They letter informs you that there is a business class version of cable internet. I called up that division of sales and they refused to help me because of the letter I got...said "We [business class service] can't help you because you're generating too much traffic." and suggested a t line. No way I'm spending 500bucks a month for a t line.
They're just in it to get the money. IMO, it think it's completely insane to offer business class service which **still** rides on the same physical medium connected to the neighborhood! This is why I'm shopping around for new service.
right now I'm off suspension, but they said if it happens a 3rd time, I'm terminated. hopefully I can find a better isp before that happens!
I've been reading a lot of messages here and see CGI instead of CG. I can understand how people can get confuse...because "the web" has been pervasive in our every day life.
However, am I right in trying to clarify to people that CG is Computer Graphics and not CGI???
-Kamphor
That still doesn't count out hard drive failure. I know that hard disk technology has gotten pretty good and mean time between failure is increasing as the years progress. I still wouldn't bet my money on backing up to hard disks. Hard disks will still fail, and *then* ...exactly how are you supposed to recover that data. Tape backups seem to be the best way to approach this issue.
They are pretty much durable. You can drop a data tape 3-4 feet from the ground and not worry since there are no disk platters or heads. It's just magnetic media. And if the drive fails, you can just buy a new drive compatible with your media and recover. I bet you can't do that with out great effort on hard disks (ie: obtaining exactly the same hard disk you had and doing a transplant; either controller or platters?).
I personally back up to dvdr's though. My main computer is just used to grab bit torrents or compress video which I burn to dvdr's anyway. I do maintain a ghosted compressed image of my computer but only the bare essentials. I can always reinstall whatever application I need later. Also, the only other media I use is cdrw's...just to backup saves of games that I play ^_^;