MoonPoint Support Logo

 


Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
October
Sun Mon Tue Wed Thu Fri Sat
         
26 27 28 29 30
31            
2021
Months
OctNov Dec


Sun, Oct 24, 2021 12:58 pm

Counting SSH break-in attempts by country

Yesterday, I installed Fail2Ban on a CentOS 7 server after noticing SSH break-in attempts by password guessing. Today, I checked the fail2ban log to see how many IP addresses were banned and whether after being banned for an hour there were any subsequent password guessing attempts from the same IP address. I saw that 40 IP addresses had been banned since I installed Fail2Ban last night and that some of those addresses had been banned multiple times. You can count the number of times an IP address has been banned by using the awk command awk '($(NF-1) = /Ban/){print $NF}' /var/log/fail2ban.log | sort | uniq -c | sort -n. You can pipe the output of that command to the wc command wc -l to count the total number of lines which tells you the number of IP addresses that have been banned as explained at Fail2ban logging.

[root@moonpoint ~]# awk '($(NF-1) = /Ban/){print $NF}' /var/log/fail2ban.log | s
ort | uniq -c | sort -n
      1 103.50.219.194
      1 104.200.134.181
      1 104.244.77.37
      1 107.189.14.174
      1 107.189.14.230
      1 107.189.14.41
      1 107.189.1.96
      1 107.189.31.223
      1 107.189.8.233
      1 183.157.169.70
      1 183.195.121.197
      1 205.185.123.33
      1 205.185.124.131
      1 209.141.42.29
      1 221.131.165.50
      1 221.131.165.56
      1 221.181.185.151
      1 221.181.185.198
      1 222.186.30.112
      1 222.187.254.41
      1 64.225.49.153
      1 71.9.165.219
      2 104.244.76.64
      2 107.189.12.163
      2 209.141.36.75
      2 209.141.40.64
      2 221.131.165.65
      2 222.186.30.76
      2 222.187.232.39
      3 107.189.13.104
      3 45.61.184.115
      3 70.62.137.84
      4 187.149.76.88
      4 189.85.145.113
      4 205.185.122.239
      4 209.141.57.74
      4 210.73.207.44
      4 222.186.42.137
      5 209.141.34.165
      5 89.211.207.62
[root@moonpoint ~]# awk '($(NF-1) = /Ban/){print $NF}' /var/log/fail2ban.log | sort | uniq -c | sort -n | wc -l
40
[root@moonpoint ~]#

[More Info]

[/security/attacks] permanent link

Sat, Oct 23, 2021 7:36 pm

Break-in attempts via SSH from 221.131.165.50

While checking on a problem on a test CentOS Linux system today, I issued the command journalctl -xe from the root account to get more details on the problem. Among the results displayed was an indication of attempts to break into the system by guesses for the password of the root account on the system.

# journalctl -xe
Oct 23 16:20:23 moonpoint systemd[1]: Unit mariadb.service entered failed state.
Oct 23 16:20:23 moonpoint systemd[1]: mariadb.service failed.
Oct 23 16:20:23 moonpoint polkitd[1684]: Unregistered Authentication Agent for u
Oct 23 16:21:35 moonpoint sshd[4558]: pam_unix(sshd:auth): authentication failur
Oct 23 16:21:35 moonpoint sshd[4558]: pam_succeed_if(sshd:auth): requirement "ui
Oct 23 16:21:37 moonpoint sshd[4558]: Failed password for root from 221.131.165.
Oct 23 16:21:38 moonpoint sshd[4558]: pam_succeed_if(sshd:auth): requirement "ui
Oct 23 16:21:40 moonpoint sshd[4558]: Failed password for root from 221.131.165.
Oct 23 16:21:40 moonpoint sshd[4558]: pam_succeed_if(sshd:auth): requirement "ui
Oct 23 16:21:42 moonpoint sshd[4558]: Failed password for root from 221.131.165.
Oct 23 16:21:42 moonpoint sshd[4558]: Received disconnect from 221.131.165.50 po
Oct 23 16:21:42 moonpoint sshd[4558]: Disconnected from 221.131.165.50 port 4518
Oct 23 16:21:42 moonpoint sshd[4558]: PAM 2 more authentication failures; lognam
Oct 23 16:21:55 moonpoint sshd[4561]: pam_unix(sshd:auth): authentication failur
Oct 23 16:21:55 moonpoint sshd[4561]: pam_succeed_if(sshd:auth): requirement "ui
Oct 23 16:21:57 moonpoint sshd[4561]: Failed password for root from 221.131.165.
Oct 23 16:21:57 moonpoint sshd[4561]: pam_succeed_if(sshd:auth): requirement "ui
Oct 23 16:21:59 moonpoint sshd[4561]: Failed password for root from 221.131.165.
Oct 23 16:21:59 moonpoint sshd[4561]: pam_succeed_if(sshd:auth): requirement "ui
Oct 23 16:22:01 moonpoint sshd[4561]: Failed password for root from 221.131.165.
Oct 23 16:22:02 moonpoint sshd[4561]: Received disconnect from 221.131.165.50 po
Oct 23 16:22:02 moonpoint sshd[4561]: Disconnected from 221.131.165.50 port 4175
Oct 23 16:22:02 moonpoint sshd[4561]: PAM 2 more authentication failures; lognam
[root@moonpoint ~]#

When I checked the number of password guesses the attacker had tried by searching for the IP address in /var/log/secure, I found 183 attempts to log in.

[root@moonpoint ~]# grep "221.131.165.50" /var/log/secure | grep -c "Failed password"
183
[root@moonpoint ~]#

When I checked the location for the IP address 221.131.165.50 with the geoiplookup program, a program that is provided by the GeoIP package, I found the address allocated to an entity in China:

[root@moonpoint ~]# geoiplookup 221.131.165.50
GeoIP Country Edition: CN, China
[root@moonpoint ~]#

A check of the IP address on DShield at showed that IP address has been associated with many attempts at unauthorized access to systems by password guessing - see SSH Source Summary. The DShield IP Info: 221.131.165.50 report for the system currently lists 82,133 reports with 283 targets with activity first reported on 2021-09-26.

When I ran the journalctl command again later, I saw evidence of attempts from other IP addresses to gain unauthorized access to the system via SSH, so I installed fail2ban to automatically block IP addresses when a specific number of failed SSH login attempts have been detected from IP addresses.

Related

  1. Blocking SSH break-in attempts with fail2ban
    Date: October 23, 2021
  2. Finding which package provided a file on a CentOS Linux system
    Date: October 23, 2021
  3. Fail2ban Logging
    Date: April 9, 2016

[/security/attacks] permanent link

Thu, May 06, 2021 10:59 pm

Importing Firefox Bookmarks and Saved Passwords into Microsoft Edge

If you wish to import bookmarks and/or saved passwords from the Firefox web browser into the Microsoft Edge browser, you can take the following steps:
  1. Click the star with the 3 horizontal lines on it at the top, right corner of the Edge browser window which is used to access your favorite websites.
  2. Click the ellipsis, i.e., the "...", at the top, right corner of the browser window and select Import Favorites.
  3. Change "import from" to "Mozilla Firefox" and then click on Import after deselecting other options, if there are some things like saved passwords that you don't want to import. If you want to import all of the items selected by default, just click on Import.
  4. When you see "All done," you can click on the Done button and you can then close the tab (Ctrl-W is one way to close it).

To view the imported bookmarks, click on the star with 3 lines on it to access the Edge favorites, which are akin to the Firefox bookmarks. You will see "Other favorites" listed under Favorites; you can click on the arrowhead to the left of "Other favorites" to see your imported bookmarks.

[ More Info ]

[/network/web/browser/edge] permanent link

Sun, Apr 18, 2021 5:13 pm

DB Browser for SQLite for Microsoft Windows systems

DB Browser for SQLite provides a data base management system (DBMS) for SQLite databases on a variety of operating systems. It is available for Microsoft Windows operating systems—there is even a portable application version that does not have to be installed, but instead can be run from a USB flash drive. The software is also available for macOS—see DB Browser for SQLite on OS X— and Linux systems. SQLIte itself is a relational database management system (RDBMS) available for a variety of operating systems. SQLite is freely available under a public domain license and DB Browser for SQLite is also freely available under a GNU General Public License (GPL). DB Browser for SQLite provides the underlying SQLite software, so you don't need to install SQLite on a system prior to installng DB Browser for SQLite.

[More Info]

[/software/database/sqlite/db_browser] permanent link

Sat, Apr 10, 2021 5:26 pm

Creating a list that is expandable and collapsible in HTML5

If you wish to make a list that can be collapsed and expanded on a webpage or a section on the page that can be expanded to reveal more details, you can use the details and summary tags with version 5 of HTML. E.g., the following code allows information to be displayed or hidden by clicking on an arrowhead that will appear to the left of whatever appears within the summary tags. The information within the details tag will be hidden or displayed by clicking on the arrowhead to toggle between the two options.
<details>
<summary>Overview</summary>
The American Civil War began on April 12, 1865 when South Carolina
militia forces attacked Fort Sumter at Charleston, South Carolina. 
The war effectively ended on April 9, 1865 with the surrender by
Confederate General Robert E. Lee to Union General Ulysses S. Grant, but
the president of the Confederacy, Jefferson Davis, did not declare an
end to the insurrection until May 9, 1865. Each side in the
conflict suffered over 800,000 casualties. The principal cause of the
conflict was the issue of slavery within the United States with abolitionists
in the North viewing the practice as a crime against humanity while Southern
slave owners viewed it as a necessary evil or, for some defenders of slavery,
even as a positive good, which they feared would be eliminated under the
recently elected President Abraham Lincoln.
</details>

[More Info]

[/network/web/html] permanent link

Wed, Apr 07, 2021 9:34 pm

Iterating over a PHP associative array by key

The PHP scripting language provides associative arrays that allow one to associate a key in the array to a value; each key in the array must be unique. E.g., I can create an array of United States presidents that uses the presidents' names as the keys and their political party affiliation as the value for each key. I could then iterate through the array by key and show the corresponding value for each key as in the example PHP code.

[/languages/php] permanent link

Wed, Mar 24, 2021 10:02 pm

Changing the default value for "Read It" in Book Collector

After I updated Book Collector, the book management database from Collectorz.com that I use to track my book collection, from 21.0 build 3 to 21.1 build 1 today, I noticed that books I entered afterwards were being assigned a value of "Yes" for "Read It" by default—that value appears under the "Personal" fields for a book entry. I was able to change the default value to "No" by clicking on Tools on the main menu, selecting "Field Defaults" and changing the "Times Read" value from "1" to "0"; after I made that change new books I entered were given a "Read It" value of "No" by default.

Book Collector Field Defaults

[/software/database/collectorz] permanent link

Mon, Mar 15, 2021 2:30 pm

Deleting entries from Book Collector CLZ Cloud account

The March 4, 2021 version of Book Collector, version 21.0.3, allows you to remove all entries from the CLZ Cloud account from within the program. I needed to do that because the cloud account contained entries from my wife's book database that would be added to my database if I synched the accounts—I wanted to keep the two book lists separate. The steps for wiping the copy of the database stored in the CLZ cloud from the Windows version of the program are listed below:
  1. Within the Book Collector program, click on Clz Cloud on the menu bar at the top of the program window.
  2. Select Synchronize.
  3. Click on View my collection in CLZ Cloud if you wish to view the books stored in the copy of the database in the CLZ Cloud in a webpage in your default browser before deleting everything in that version, then click on the Clear CLZ Cloud button at the bottom of the program window to remove all book entries from the version of the database stored in the cloud.
  4. You should then see zero cloud changes to be downloaded.

    CLZ Cloud after clearing cloud

    If you wish to then synchronize your local copy of the database to a copy stored in the cloud, you can click on Sync Changes. When you do so you should see "sending items to cloud." Be prepared to wait a few minutes for the synchronization operation to complete if you have a large number of books in your Book Collector database. You will see the number of "Adds/Edits" decrease to zero as books are uploaded. When the process is complete you will see the message "Finished syncing changes. Would you like to view your collection in CLZ Cloud?"

[/software/database/collectorz] permanent link

Fri, Mar 05, 2021 1:38 pm

Obtain Monitor Manufacturer Information Using PowerShell

I wanted to be able to obtain information on a monitor attached to a Windows 10 desktop system, including the manufacturer, model number, serial number, and date of manufacture, from a command-line interface (CLI). One way to do that is by using PowerShell, which Microsoft provides as part of its Windows operating system. You can open a PowerShell window on a Microsoft Windows 10 system by typing PowerShell in the "Type here to search" field at the bottom of the Windows display. You should see the Windows PowerShell app listed as an option you can click on to open a PowerShell window. If you type gwmi WmiMonitorID -Namespace root\wmi at the prompt and hit enter, you will see information similar to the following output displayed.

PS C:\> gwmi WmiMonitorID -Namespace root\wmi


__GENUS                : 2
__CLASS                : WmiMonitorID
__SUPERCLASS           : MSMonitorClass
__DYNASTY              : MSMonitorClass
__RELPATH              : WmiMonitorID.InstanceName="DISPLAY\\HPN360C\\5&2c03a83e&0&UID262_0"
__PROPERTY_COUNT       : 9
__DERIVATION           : {MSMonitorClass}
__SERVER               : YTTERBIUM
__NAMESPACE            : root\wmi
__PATH                 : \\YTTERBIUM\root\wmi:WmiMonitorID.InstanceName="DISPLAY\\HPN360C\\5&2c03a83e&0&UID262_0"
Active                 : True
InstanceName           : DISPLAY\HPN360C\5&2c03a83e&0&UID262_0
ManufacturerName       : {72, 80, 78, 0...}
ProductCodeID          : {51, 54, 48, 67...}
SerialNumberID         : {67, 78, 75, 48...}
UserFriendlyName       : {72, 80, 32, 51...}
UserFriendlyNameLength : 13
WeekOfManufacture      : 12
YearOfManufacture      : 2020
PSComputerName         : YTTERBIUM



PS C:\>

[More Info ]

[/os/windows/PowerShell] permanent link

Mon, Mar 01, 2021 9:44 pm

Changing the AutoRecover frequency for Microsoft Excel 2007

Microsoft Excel 2007 crashed on a laptop running Windows 10 that I was using. When I restarted Excel, I found that, unfortunately, I had lost all of the recent changes I had made to a spreadsheet, even though Excel put "(version 1).xlsb [Autosaved]" in the title of the spreadsheet I had been working on when I restarted Excel—-it crashed when I attempted to paste a webpage URL into a Hyperlink field. The crash and loss of my recent work was aggravating, so I decided to change the frequency with which Excel auomatically saves a file in an AutoRecover version that will allow you to automatically recover a document if if the program hangs or crashes. To change that setting for Excel 2007 on a Windows system, you can click on the Office Button at the top, left-hand corner of the Excel window (it is to the left of the "Home" tab as shown below).

Excel - Office Button

Then click on the Excel Options button and select the Save option. The checkbox for "Save AutoRecover information every" should be checked. You can then change the frequency from 10 minutes to a more frequent number; I chose to have Excel automatically save a document every 5 minutes.

Excel 2007 AutoRecover Frequency

[/software/office/excel] permanent link

Once You Know, You Newegg AliExpress by Alibaba.com

Shop Amazon Local - Subscribe to Deals in Your Neighborhood

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo