apocalypticfail.com

Overview

It came to my attention recently that a mailserver I manage for a client was having an unusually high number of login attempts. Since the server runs Kerio Connect rather than exim or sendmail, I normally deal with these manually using a for loop and apf. I did, at one point, take notes with the intention of working this into bfd, however the project never came to fruition.

Today is the day I finally put the work into incorporating this into bfd

Details

This was a fairly straightforward process, adapting one of the existing rules files to work with Kerio. Kerio stores it’s ‘failed login‘ information in

/opt/kerio/mailserver/store/logs/warning.log

Generally you will see either:

User user@domain.com doesn't exist. Attempt from IP address 1.2.3.4

or

Invalid password for user user@domain.com. Attempt from IP address 1.2.3.4

Code

The regex for detecting these patterns was simple and is quite effective. Simply place the following code in /usr/local/bfd/rules/kerio_connect or capture using wget

wget -O /usr/local/bfd/rules/kerio_connect http://scripts.apocalypticfail.com/bfd.kerio_connect

# failed logins from a single address before ban
# uncomment to override conf.bfd trig value
TRIG="20"
 
# file must exist for rule to be active
REQ="/opt/kerio/mailserver/store/logs/warning.log"
 
if [ -f "$REQ" ]; then
 LP="/opt/kerio/mailserver/store/logs/warning.log"
 TLOG_TF="kerio_connect"
 
 ## kerio failed passwords and users that do not exist
 ARG_VAL=`$TLOG_PATH $LP $TLOG_TF | grep "Attempt from IP" | sed -n 's/.*[Uu]ser\ \([^\ ]*\)\ .*Attempt\ from\ IP\ address\ \(.*\)/\2:\1/p'`
fi

Testing

If you wish to test this out, you can use the following loops. Make certain that you will still have access to the server once the machine you are testing from is locked out. For my own testing, I simply tested from another server – leaving my workstation with access.

Testing failed password attempts, use the following code. Be sure to replace ‘user’ with a username that exists for the kerio_username post variable and your hostname in place of webmail.domain.com:

for i in $(seq 1 100); do echo "Attempt $i"; wget -O - -q --post-data 'kerio_username=user&kerio_password=anything' https://webmail.domain.com/webmail/dologin.php > /dev/null ;done

Testing invalid user attempts, use the following code – again replacing webmail.domain.com with your hostname:

for i in $(seq 1 100); do echo "Attempt $i"; wget -O - -q --post-data 'kerio_username=anybody&kerio_password=anything' https://webmail.domain.com/webmail/dologin.php > /dev/null ;done

Overview

I read an interesting review today on the software HandBrake. I had not heard of this package before but had recently been researching similar items.

Personally, I always used k9copy to make copies of DVDs and to rip to local video files for use on my devices. However, recently I was asked for advice on a Windows solution. It seems that HandBrake fits that bill as it is cross-platform between Mac, Windows and Linux. Of course it states quite specifically that it does not help to crack copyrights. In my experience, k9copy does this almost without error 99% of the time.

So why would I, a Linux user, use HandBrake rather than k9copy? Quite simply, I am not a video guru and, while I normally like having many options, sometimes it is frustrating to have to tweak and retweak and re-rip to solve resolution and smoothness issues. HandBrake seems to have a fine assortment of presets (various qualities for various devices) and also offers a live preview function.

So I decided to give the installation a whirl. The site offers a download for Ubuntu, however this is for Karmic. I have not yet switched most of my computers to Karmic (that is a whole article unto itself). Grabbing the source I proceeded to hack away at it and did finally manage to get the installation completed and running.

Installation

First let’s install the required packages. This took a bit of trial and error to figure out completely, but here is is:

sudo apt-get install build-essential autoconf libtool zlib1g-dev \
libbz2-dev intltool libglib2.0-dev libdbus-glib-1-dev libgtk2.0-dev \
libhal-dev libhal-storage-dev libwebkit-dev libnotify-dev \
libgstreamer0.10-dev libgstreamer-plugins-base0.10-dev yasm

Now to get the tar ball, untar, configure and install:

wget http://dl.dropbox.com/u/56460/Handbrake/HandBrake-0.9.4.tar.bz2
tar -jxvf HandBrake-0.9.4.tar.bz2
cd HandBrake-0.9.4
./configure
make
sudo make install

Looking at that now, it seems much easier. Figuring out all the dependencies took some time.

Now to run the application simply run the command:

ghb

Or the command line client:

HandBrakeCLI

Having no idea where to begin.  Thoughts have been laboriously spinning yarns of possibilities.  The original idea behind this was so much more than I feel it will be now.  Conceptually it was to be a forum of fail, for your amusement.  Let’s face it, as sad as it is, some fail can be humorous.

At this time, in this society, surely there is no lack of fail.

All that aside, this was going to be my own software, designed from the ground up, to be clean and effiecient.  A mostly flat-file system.  Free time has fallen away so I thought I would try something premade just to see.  Who knows what strange directions this may take.