Miguel A Vallejo

Increase In Brute Force Attacks on American Networks By Chinese Networks on 4th of July.

I started to track my security logs a lot more since I began to notice the amount of alerts I was getting via email on holidays. There is definitely a connection, American networks are under attack during American holidays specifically from 00:00 to 14:00, this time the attacks weren’t just coming from Chinese networks but Mexico & France.

Here is a list of the latest culprits…

inetnum: 61.174.51.192 – 61.174.51.255
netname: HANGZHOU-SRT-TECHNOLOGY-CO-LTD
country: CN
descr: HANGZHOU SRT TECHNOLOGY CO., LTD

inetnum: 115.239.248.0 – 115.239.248.255
netname: MOVEINTERNET-NETWORK
country: CN
descr: MoveInternet Network Technology Co.,Ltd.
descr:
admin-c: CJ1872-AP
tech-c: CS64-AP
mnt-irt: IRT-CHINANET-ZJ

inetnum: 183.0.0.0 – 183.63.255.255
netname: CHINANET-GD
descr: CHINANET Guangdong province network
descr: Data Communication Division
descr: China Telecom
country: CN
admin-c: IC83-AP
tech-c: IC83-AP

inetnum: 111.72.0.0 – 111.79.255.255
netname: CHINANET-JX
descr: CHINANET JIANGXI PROVINCE NETWORK
descr: China Telecom
descr: No.31,jingrong street
descr: Beijing 100032
country: CN

inetnum: 117.21.0.0 – 117.21.255.255
netname: CHINANET-JX
descr: CHINANET Jiangxi province network
descr: China Telecom
descr: No.31,jingrong street
descr: Beijing 100032
country: CN

inetnum: 202.109.128.0 – 202.109.191.255
netname: CHINANET-JX
descr: CHINANET Jiangxi province network
descr: Data Communication Division
descr: China Telecom
country: CN

inetnum: 89.248.162.128 – 89.248.162.255
netname: NL-ECATEL
descr: AS29073, Ecatel LTD
country: NL

inetnum: 212.83.128.0 – 212.83.153.255
netname: FRWOL
descr: Tiscali France
country: FR

NetRange: 168.243.0.0 – 168.243.255.255
CIDR: 168.243.0.0/16
OriginAS:
NetName: LACNIC-ERX-168-243-0-0
NetHandle: NET-168-243-0-0-1

Its probably nothing to worry about…

It’s Official, China Is Undeniably Attacking US Networks 400% Increase In Network Attacks Over Holiday Weekends.

Ok so I am not here to point fingers because both governments pretty much do the same thing duh… I will also add that Chinese attacks on US networks have increased in the past few months since the conflicts in Ukraine. Over this memorial weekend I have been monitoring many server nodes across different data centers and have definitely had in increase in brute force and scan attacks.

Today I have noticed a 400% increase in additional log records related to these attacks. Coincidence I think not, how else do you explain an increase in attacks a day before a major US holiday? Chinese PLA will obviously deny anything but if you analyze the data it definitely looks like a coordinated attack on US networks .Chinese Intelligence Assumes that no IT personal will be working over the weekend so they amp their attacks. Let let me say something to Chinese Intel… YES WE WORK ON HOLIDAYS TOO!… lol

P.S. I have logs to prove that too… xD

Here is a list of their most popular attack networks…

inetnum: 61.174.51.192 – 61.174.51.255
netname: HANGZHOU-SRT-TECHNOLOGY-CO-LTD
country: CN
————————————————————————–
inetnum: 42.62.0.0 – 42.62.127.255
netname: Forest-Eternal
descr: Forest Eternal Communication Tech. co.ltd
descr: Rm.902,North Real Estate Building, Build. No.3,
descr: #81Yuan,Haidian District,Beijing
country: CN

————————————————————————–

inetnum: 116.8.0.0 – 116.11.255.255
netname: CHINANET-GX
descr: CHINANET Guangxi province network
descr: Data Communication Division
descr: China Telecom
country: CN

————————————————————————–

inetnum: 61.191.0.0 – 61.191.255.255
netname: CHINANET-AH
descr: CHINANET Anhui province network
descr: China Telecom
descr: A12,Xin-Jie-Kou-Wai Street
descr: Beijing 100088
country: CN

————————————————————————–

inetnum: 117.79.80.0 – 117.79.95.255
netname: SANXIN
descr: Beijing Sanxin Shidai Co.Ltd
descr: 1513 Xinjishu building Beijing link west road
descr: Haidian District, Beijing, PRC
country: CN

Adding “client denied by server configuration” Filter To Fail2Ban: Ubuntu 12.04 LTS

Ok so here is another useful filter for fail2ban. Once this plugin is installed it will prevent malicious visitors from trying to brute-force folder and file discovery. After 5 attempts to visit a non existing file/folder the visitor is banned…

like always… BASH IN! :D

sudo bash

First Lets create a new entry in our jail.local file…

vim /etc/fail2ban/jail.local

copy the following text after the last apache entry…

[apache-clientd]
enabled = true
port = http,https
filter = apache-client-denied
logpath = /var/log/apache*/*error.log
maxretry = 5

Now that we have added the entry into our jail.local we proceed, change to the filter.d directory, in this folder you will see lots of other pre-configured filters

cd /etc/fail2ban/filter.d

instead of creating a new filter file simply copy another, this will make the next step easier…

cp /etc/fail2ban/filter.d/apache-auth.conf /etc/fail2ban/filter.d/apache-client-denied.conf

find the line identical to the one below (Line 23)

failregex = ^%(_apache_error_client)s user .* (authentication failure|not found|password mismatch)\s*$

replace it with the following one.

failregex = [[]client <HOST>[]] client denied by server configuration:

At this point your pretty much done, close the file and restart fail2ban

service fail2ban restart

Comment if you have questions, like my post if you find it helpful :)

Adding “File Does Not Exist” Filter To Fail2Ban: Ubuntu 12.04 LTS

Ok so here is a quick post to a common question… adding a filter to fail2ban for bot/scanners searching for files, folders or simply doing recon which can result in exploit discovery, this filter will automatically block a visitor/bot after 4 attempts to scan for a file that does not exist on your domain/server.

like always… BASH IN! (lol…)

sudo bash

First Lets create a new entry in our jail.local file…

vim /etc/fail2ban/jail.local

copy the following text after the last apache entry…

[apache-nofile]
enabled = true
port = http,https
filter = apache-nofile
logpath = /var/log/apache*/*error.log
maxretry = 4

Now that we have added the entry into our jail.local we proceed, change to the filter.d directory, in this folder you will see lots of other pre-configured filters

cd /etc/fail2ban/filter.d

instead of creating a new filter file simply copy another, this will make the next step easier…

cp /etc/fail2ban/filter.d/apache-auth.conf /etc/fail2ban/filter.d/apache-nofile.conf

find the line identical to the one below (Line 23)

failregex = ^%(_apache_error_client)s user .* (authentication failure|not found|password mismatch)\s*$

replace it with the following one.

failregex = [[]client <HOST>[]] File does not exist:

At this point your pretty much done, close the file and restart fail2ban

service fail2ban restart

Comment if you have questions, like my post if you find it helpful :)

The Future Of Decentralized Computing And It’s Impact On Social Justice On The World Wide Web

Get ready people we are living once again in exciting times for the internet, it’s evolving! We are living in times where information can no longer be suppressed which will have a major impact in overall society. People all around the world are becoming involved in the preservation of privacy and social justice. Here are some ideas of how I think decentralized computing will change the world.

1) Open Source Decentralized Political Registry

Everyone who is a political or public official should be registered on this site, their entire public record could be open sourced and controlled by a community, decentralized platform would eliminate illegal confiscation of infrastructure or prevent censorship. rendering covert corruption difficult.

2) Open Source Decentralized Criminal Registry

Every person on this planet would now be able to report any crime about any person including a public official (police, federal, military officer etc…) at any time and keep it in public domain. This would eliminate extortion, threats and possible cover-ups by any person/group or agency in the world. This platform would also be decentralized to eliminate confiscation or hack.

3) Open Source Decentralized News Registry

4) Open Source Decentralized Education Registry

Every Person in the world would now have access to any knowledge without propaganda, lies, manipulation, managed by a global community on a credit system so popular vote always wins.

The overall idea is to create an infrastructure that anyone can post any information without censorship, but the information must remain check able, other “wallets” with “coins” or credits should have the ability to change or revise any post, as the post is modified the amount of credits required to modify the post increases, groups of wallets/users could donate amounts to a pool key to also use their limited credits to help causes they might believe in, this will discourage the act of one person acquiring many credits and overwhelming a specific record or trying to hijack its content, a group of wallets/users would always be able to override a single user modifications.

MySQL Packages Being Held Back, Ubuntu Server 12.04 LTS

Getting the following output after trying to update mysql packages?

The following packages have been kept back:
mysql-client-5.5 mysql-server-5.5 mysql-server-core-5.5
0 upgraded, 0 newly installed, 0 to remove and 3 not upgraded

Fix it using the following command as root:

apt-get dist-upgrade

Let me know if you have any issues…

Cryptocurrency Investors Beware, The Crypto-Bubble Scam Begins

So I’ve been investing and looking into the cryptocurrency market and noticed a few problems and frankly have some concerns.

Technically anyone can make a “digital coin” or your own version of Bitcoin…
Well if you have source code and deploy your own coin, you can easly mine billions of coins before anyone or have a certain advantage.
I am seeing people on ebay buy up any cryptocoin that is 5,000,000+ for 15-20$ at a time, thinking one day its going to be worth $1,000 each…
Obviously selling 5,000,000 of something that really isn’t worth anything or relevant and is not even top 10 crytocurrency is fishy…
You can download a wallet that already looks fishy (lol) that has a worm that steals backups of all your wallets silently.

Here where it gets fishy for me… I can download the source code too, change some images and compile source with customizations that will give me as much “currency” as I need. I can easy make claims on ebay or simular auctions sites that this is the next big cryptocurrency. If I charge people $15-$50 for 5 million and I have 1 Billion then I couldn’t mind selling it either and then disappearing. You download my “custom” wallet that has a worm that steals backups of all your wallets. I run those backups and then funnel all your money back into my accounts.

People should be careful this is a really bad trend with this type of currency, if you decide to buy any make sure its top 10 or dont bother, they most likely wont make it unless they are designed to solve a problem within a niche market like sexcoin.

I am not trying to discourage the use of cryptocurrencies, I am asking that you be cafeful and make smart choices. People now days are ruthless.

Banking 2.0 is Coming, Central Banks Across The World Begin To Scramble, The Threat Of Crypto Currencies Is Real

Weather you like it not crypto-currencies are here to stay, governments continue to play off their numbered days as to in some way discredit the notion or idea of monetary policy outside of their control. The reality is simple banking 2.0/3.0 is coming and the banks know this, they maybe able to kill of the 1st Generation Bitcoin protocol but like any “idea” once its grasped by the public the sky is the limit.

Since the conception and public release of Bitcoin by Satoshi Nakamoto ( probably a fake name to hide the real creators identity, to protect him from banks and any hostile institutions trying to get their hands on “specific” code ) I have seen numerous crypto currencies appear on the market some offering much higher levels of security others portability. Like everything with time it will be perfected and centralized banking will lose all control and governments will have to adapt, imagine that a system that cannot be influenced by greedy self-righteous entitled douchebags.

Any government who decides to adopt/integrate digital currencies early into its economy will flourish, as people learn more about crypto currencies, more will make the jump from fiat to digital. Already countries around the world are looking for alternate commodities to hedge against the collapsing US Dollar. So Why not buy a Bitcoin right? It looks like China, Russia, Germany and many more EU countries are following, they all need to dump their dollars and what better way to do it then investing into the future.

So when you hear government officials come out with their PR stunts to try and discredit Bitcoin, show the TV the middle finger, it’s being a hypocritical lier.

Don’t believe me? Watch the flow of bitcoin around the world in real time.
http://www.fiatleak.com

Installing OwnCloud On Ubuntu Server 12.04 With SSL Support

Tired of paying for dropbox services? Why not use owncloud to setup your own personal and secure dropbox for free :)

Follow the steps below as root:

Bash in to get root access… ( sudo bash ).
Install server dependances ( apt-get install apache2 php5 php5-gd php-xml-parser php5-intl vim-nox ).
Install more server dependances ( apt-get install php5-sqlite php5-mysql php5-pgsql smbclient curl libcurl3 php5-curl ).
Download owncloud source files from http://owncloud.org/sync-clients/#linux
Upload extracted files to your apache root ( default is located at /var/www ), you can install vsftpd server( apt-get install vsftpd )or any other type of ftp server service.
Inside your owncloud root directory create a new folder called “data” ( mkdir data )
For owncloud to configure & work correctly apache needs to be given ownership of certain folders so their is no problem for apache to read and write data inside your website.Run the following commands.
( chown -R www-data:www-data /var/www/apps )
( chown -R www-data:www-data /var/www/config )
( chown -R www-data:www-data /var/www/data )Note: Keep in mind that /var/www is just the default root folder of apache yours might be different, just make sure you make the appropriate changes so they point to your apache/web install.
Your going to want to enable mod_rewrite ( a2enmod rewrite ).
Restart your apache service ( service apache2 restart )
Create a new database in mysql and call it owncloud, create a new user and password with specific access to the owncloud database. These credentials will be used later in the process.

Now lets install our SSL and get it configured correctly:

Enable SSL Module ( a2enmod ssl )
Now your going to want to create a directory to store your SSL certs ( mkdir /etc/apache2/ssl )
now lets generate a general cert with the following command ( openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt )

Note: Your going to be asked a couple of questions after you run this command, answer them as accurate as possible as this will be displayed on your cert when people try to access your site.
Edit default-ssl in sites-available folder in your apache install ( vim /etc/apache2/sites-available/default-ssl ) and comment out lines add the following lines 51 & 52 (use a #).
Then add the following lines right under
(
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
)
Finally run ( a2ensite default-ssl )
Restart your apache service ( service apache2 restart )

At this point your should be able to visit your box’s url ( https://localhost or https://127.0.0.1 or https://www.yourdomain.com ) and finish installing owncloud with the native install wizard.
Once your install is complete you will be able to download ownclouds own filesync client or you can use a WebDAV client to navigate through your files. You can do the same for your mobile device or tablet.

This Blog Is Back Up

So my blog is back up, Had issues with the server hosting it but its now fixed :)