Pricing Table Particle

Quickly drive clicks-and-mortar catalysts for change
  • Basic
  • Standard Compliant Channels
  • $50
  • Completely synergize resource taxing relationships via premier market
  • 1 GB of space
  • Support at $25/hour
  • Sign Up
  • Premium
  • Standard Compliant Channels
  • $100
  • Completely synergize resource taxing relationships via premier market
  • 10 GB of space
  • Support at $15/hour
  • Sign Up
  • Platinum
  • Standard Compliant Channels
  • $250
  • Completely synergize resource taxing relationships via premier market
  • 30 GB of space
  • Support at $5/hour
  • Sign Up

Hardening The Joomla Backend

If like me, you manage one or more Joomla websites, you will no doubt be aware of the sorry lack of user friendly documentation and the appalling lack of a powerful native log facility. This seems to me to be an enormous oversight on the part of the developers however it is possible with a little jiggery pokery to get the information you need. 

I noticed recently that there were enormous amounts (1500 per day) of failed login attempts at the default backend URL (site.com/administrator/). This is to be expected of any installation like this however one cannot help but feel uneasy at the incessant minute by minute brute force dictionary attacks rolling by in the log. If your passwords are secure then you'll almost certainly be fine. If your administrator username is anything but admin, you'll be even better. Still I wasn't satisfied and I decided to call in the big guns.

When it comes to defence against brute force attacks, few tools are better than Fail2ban. In the words of Wikipedia:

"Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks. Written in the Python programming language, it is able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally, for example, iptables or TCP Wrapper."

It really is a great tool for defending against the legions of casual script kiddies. 

So, to work. I needed to configure F2B to ban anybody (any address) which appeared regularly in the log as having failed authentication. First I needed to find the logs.

It turns out that the logs are to be found at System > Global Configuration > System > Path to Log Folder. On my system this was in ~mysite/administrator/logs. Who knew! 

Armed with this information it was time to set up F2B. 

I already had F2B set up covering such things as sendmail and sshd so it was just a matter of adding support for a new service. I won't go into detail about setting up F2B from scratch as there are plenty of good guides out there covering that. 

It was the paucity of guides covering the addition of a service to F2B however which prompted me to write this post. There just doesn't seem to be one which is set out properly and logically so Ill do my best to cover it here.

First, it is necessary to navigate to /etc/fail2ban/filter.d/ and create a new filter file to protect Joomla. I called mine joomla-login.conf and its contents are shown below.

 

# Fail2Ban configuration file

#

# Author: Paula Livingstone

# Rule by : Paula Livingstone

[Definition]

# pattern(s):

#2018-10-12T09:23:16+00:00 INFO 185.206.225.144 joomlafailure Username and password do not match or you do not have an account yet. ("admin") 

# Option:  failregex

# Notes.:  regex to match the password failure messages in the logfile. The

#          host must be matched by a group named "host". The tag "<HOST>" can

#          be used for standard IP/hostname matching and is only an alias for

#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)

# OPTMISED REGEX (good for J1.5 - J2.5 - J3.xx)

failregex = ^\tINFO\ <HOST>\tjoomlafailure\tUsername and password do not match or you do not have an account yet.*$

 

This file tells F2B the make up of the lines in the log and, by using Regex, enables it to parse the necessary information from the lines within the log. 

Having completed this, we now need to add an entry to our jail.local file which can be found at /etc/fail2ban/jail.local. Within this file we add the following:

 

[joomla-login]

# Joomla BruteForce/DDOS

enabled  = true

port     = http,https

filter   = joomla-login

logpath  = {insert your absolute path here}/administrator/logs/error.php

# logpath has to point to your log file(s)

# logpath  = any absolute path to error.php (or any other) log file(s)

 

maxretry = 3

 

So, all that remained was to restart the F2B service and watch the attackers get banned. F2B has the facility to send an email each time it carries out a given action so this is no great shakes to set up and watch the fireworks. 

Comment below if you feel the need. Happy hunting...

 

Continue reading
122 Hits
0 Comments

Elegy Written in a Country Churchyard by Thomas Gray

The curfew tolls the knell of parting day, 

         The lowing herd wind slowly o'er the lea, 

The plowman homeward plods his weary way, 

         And leaves the world to darkness and to me. 

 

Now fades the glimm'ring landscape on the sight, 

         And all the air a solemn stillness holds, 

Save where the beetle wheels his droning flight, 

         And drowsy tinklings lull the distant folds; 

 

Save that from yonder ivy-mantled tow'r 

         The moping owl does to the moon complain 

Of such, as wand'ring near her secret bow'r, 

         Molest her ancient solitary reign. 

 

Beneath those rugged elms, that yew-tree's shade, 

         Where heaves the turf in many a mould'ring heap, 

Each in his narrow cell for ever laid, 

         The rude forefathers of the hamlet sleep. 

 

The breezy call of incense-breathing Morn, 

         The swallow twitt'ring from the straw-built shed, 

The cock's shrill clarion, or the echoing horn, 

         No more shall rouse them from their lowly bed. 

 

For them no more the blazing hearth shall burn, 

         Or busy housewife ply her evening care: 

No children run to lisp their sire's return, 

         Or climb his knees the envied kiss to share. 

 

Oft did the harvest to their sickle yield, 

         Their furrow oft the stubborn glebe has broke; 

How jocund did they drive their team afield! 

         How bow'd the woods beneath their sturdy stroke! 

 

Let not Ambition mock their useful toil, 

         Their homely joys, and destiny obscure; 

Nor Grandeur hear with a disdainful smile 

         The short and simple annals of the poor. 

 

The boast of heraldry, the pomp of pow'r, 

         And all that beauty, all that wealth e'er gave, 

Awaits alike th' inevitable hour. 

         The paths of glory lead but to the grave. 

 

Nor you, ye proud, impute to these the fault, 

         If Mem'ry o'er their tomb no trophies raise, 

Where thro' the long-drawn aisle and fretted vault 

         The pealing anthem swells the note of praise. 

 

Can storied urn or animated bust 

         Back to its mansion call the fleeting breath? 

Can Honour's voice provoke the silent dust, 

         Or Flatt'ry soothe the dull cold ear of Death? 

 

Perhaps in this neglected spot is laid 

         Some heart once pregnant with celestial fire; 

Hands, that the rod of empire might have sway'd, 

         Or wak'd to ecstasy the living lyre. 

 

But Knowledge to their eyes her ample page 

         Rich with the spoils of time did ne'er unroll; 

Chill Penury repress'd their noble rage, 

         And froze the genial current of the soul. 

 

Full many a gem of purest ray serene, 

         The dark unfathom'd caves of ocean bear: 

Full many a flow'r is born to blush unseen, 

         And waste its sweetness on the desert air. 

 

Some village-Hampden, that with dauntless breast 

         The little tyrant of his fields withstood; 

Some mute inglorious Milton here may rest, 

         Some Cromwell guiltless of his country's blood. 

 

Th' applause of list'ning senates to command, 

         The threats of pain and ruin to despise, 

To scatter plenty o'er a smiling land, 

         And read their hist'ry in a nation's eyes, 

 

Their lot forbade: nor circumscrib'd alone 

         Their growing virtues, but their crimes confin'd; 

Forbade to wade through slaughter to a throne, 

         And shut the gates of mercy on mankind, 

 

The struggling pangs of conscious truth to hide, 

         To quench the blushes of ingenuous shame, 

Or heap the shrine of Luxury and Pride 

         With incense kindled at the Muse's flame. 

 

Far from the madding crowd's ignoble strife, 

         Their sober wishes never learn'd to stray; 

Along the cool sequester'd vale of life 

         They kept the noiseless tenor of their way. 

 

Yet ev'n these bones from insult to protect, 

         Some frail memorial still erected nigh, 

With uncouth rhymes and shapeless sculpture deck'd, 

         Implores the passing tribute of a sigh. 

 

Their name, their years, spelt by th' unletter'd muse, 

         The place of fame and elegy supply: 

And many a holy text around she strews, 

         That teach the rustic moralist to die. 

 

For who to dumb Forgetfulness a prey, 

         This pleasing anxious being e'er resign'd, 

Left the warm precincts of the cheerful day, 

         Nor cast one longing, ling'ring look behind? 

 

On some fond breast the parting soul relies, 

         Some pious drops the closing eye requires; 

Ev'n from the tomb the voice of Nature cries, 

         Ev'n in our ashes live their wonted fires. 

 

For thee, who mindful of th' unhonour'd Dead 

         Dost in these lines their artless tale relate; 

If chance, by lonely contemplation led, 

         Some kindred spirit shall inquire thy fate, 

 

Haply some hoary-headed swain may say, 

         "Oft have we seen him at the peep of dawn 

Brushing with hasty steps the dews away 

         To meet the sun upon the upland lawn. 

 

"There at the foot of yonder nodding beech 

         That wreathes its old fantastic roots so high, 

His listless length at noontide would he stretch, 

         And pore upon the brook that babbles by. 

 

"Hard by yon wood, now smiling as in scorn, 

         Mutt'ring his wayward fancies he would rove, 

Now drooping, woeful wan, like one forlorn, 

         Or craz'd with care, or cross'd in hopeless love. 

 

"One morn I miss'd him on the custom'd hill, 

         Along the heath and near his fav'rite tree; 

Another came; nor yet beside the rill, 

         Nor up the lawn, nor at the wood was he; 

 

"The next with dirges due in sad array 

         Slow thro' the church-way path we saw him borne. 

Approach and read (for thou canst read) the lay, 

         Grav'd on the stone beneath yon aged thorn." 

 

Continue reading
499 Hits
0 Comments

Passing Dynamic Arguments to Bash Scripts


It is possible to pass arguments to a bash script when it is called from the command line. This is the technique to use when you need to have your script carry out different actions each time it runs dependent on the input and the context. This is done by passing selected parameters to the file on the command line and these parameters are called arguments.

Lets look at an example, you may have a script called "graph.sh" that performs a particular operation on an RRD file, such as extracting the data. If you want to be able to use that script on many RRD files in many different user directories, it is best to pass the file path as an argument, so that you can use the same script for all the files to be processed.

For instance, if the username to be graphed is "ASmith", you would enter the following command line:

sh graph.sh ASmith

Any arguments passed to the file are accessed internally within the script by using variables $1, $2, etc. This denotes that $1 references the first argument, $2 the second, and so on. Lets illustrate this in an example:

ASmith=$1

rrdgraph $ASmith

in order to ensure readability, assign your variables with descriptive names and then call the graphing utility (rrdgraph) on this variable ($ASmith).

If the number of arguments is likely to change then you can use the "$@" variable, which creates an array of all the input parameters. This technique enables the use of a for-loop to iteratively process each one, as illustrated in the following example:

for $user in "$@"

do

 rrdgraph $user

done

Here is an example of how to call this script with arguments from the command line:

sh graph.sh user1 user2 user3

 

What if your arguments have spaces?

If any of your arguments have spaces, you need to enclose the full argument in single quotes.

For example:

Let say you have a script that pulls information from your database using specific parameters, such as "uname", "todays date", and "description", and then produces a report in an "output format" of the users choice. Now you want to write your script so that you can pass in these parameters when the script is called. It might look like this: 

extractreport -u jsmith -d notebooks -td 10-20-2011 -of pdf

Bash enables this functionality with the "getopts" function. For the above example, you could use getopts as follows:

while getopts u:d:td:of: option

do

 case "${option}"

 in

 u) USER=${OPTARG};;

 d) DATE=${OPTARG};;

 td) PRODUCT=${OPTARG};;

 of) FORMAT=$OPTARG;;

 esac

done

This is a while-loop that uses the "getopts" function and a so-called "optstring", in this case "u:d:p:f:", to iterate through the arguments. The while-loop walks through the optstring, which contains the flags that can be used to pass arguments, and assigns the argument value provided for that flag to the variable "option". The case-statement then assigns the value of the variable "option" to a global variable that can used after all the arguments have been read.

The colons in the optstring mean that values are required for the corresponding flags. In the above example all flags are followed by a colon: "u:d:p:f:".

sh stats.sh 'songlist 1' 'songlist 2' 'songlist 3'

Frequently a script is written such that the user can pass in arguments in any order using flags. With the flags method, you can also make some of the arguments optional.

This means, all flags need a value. If, for example, the "d" and "f" flags were not expected to have a value, the optstring would be "u:dp:f".

A colon at the beginning of the optstring, for example ":u:d:p:f:", has a completely different meaning. It allows you to handle flags that are not represented in the optstring. In that case the value of the "option" variable is set to "?" and the value of "OPTARG" is set to the unexpected flag. The allows you to display a suitable error message informing the user of the mistake.

Arguments that are not preceded by a flag are ignored by getopts. If flags specified in the optstring are not provided when the script is called, nothing happens, unless you specially handle this case in your code.

Any arguments not handled by getops can still be captured with the regular $1, $2, etc. variables.

Continue reading
887 Hits
0 Comments

Spread Spectrum Modulation Techniques

As an ex military satellite communications engineer I certainly remember working with spread spectrum modulation and also frequency hopping technology in the 1980's. Wireless Local Area Networking technology today exploits a technology which was thitherto mostly hidden inside this shadowy domain of military communications and radar. This technology comprises a collection of ideas which are termed Spread Spectrum Techniques (SST). Spread Spectrum techniques have some powerful properties which make them an excellent candidate for networking applications. To better understand why, we will take a closer look at this fascinating area, and its implications for networking.

Continue reading
1344 Hits
0 Comments

Another Spring Cobbler Climb

It was almost a whim which made us decide to make The Cobbler our first climb of the year. We'd left it late for sure. We're normally out there bashing about the hills throughout the winter but this year was different because of the work we had been doing in the house and my own multiple commitments elsewhere.

I'd spent the previous two weeks feeling pretty poor with a mixture of back pain and virus but the weather gods were smiling today. There was nothing stopping us. Had they not been, weaker motivation may have crumbled but even today with the weakest motivation and the briefest preparation, there was only one outcome.

So off we went. When we arrived we jumped out the car and were so eager to get on with it we even forgot the fruit wed bought specifically for the climb. If you know the path up The Cobbler, you'll know that the first section is a pretty tough, winding slog up through the forests which cover the steep lower slopes of the hill and border Loch Long. It was during this section that I discovered that, despite my porridge breakfast and my sirloin steak/fish finger dinner the night before, I had little to no energy in my body. It was all I could do to place one leg in front of the other for a while but I took frequent rests and somehow managed to slog on. I was gutted. It was a lovely day and Brian (and I) had never seen the view from the top of this mountain without it being obscured by clouds. Today was to be that day, but how. I was exhausted and didn't feel like I had anything in reserve. I promised Id make it to the reservoir by hook or by crook and despite plenty of puffing and wheezing we got there and let the dogs play in the water.

At this point, after a bit of a break, I felt a little better and said I'd like to carry on to the shelter stones and decide there whether or not I could carry on. Once there we made up some energy drink from a sachet and I gulped it down. Again the break made me feel like I could go on just a little bit more so I committed to make it up to the point where the path splits 3 ways to head off for Beinn Narnain, Ben Ime and The Cobbler. As I walked the sugars in my stomach seemed to energise me with every step. I was still hurting but it was becoming less of a problem.

When we got to the 3 way split we stopped again and had a good break. The final and steepest part of the climb loomed above me like a skyscraper but I'd decided if I could make it this far I could make it to the top. After popping 3 dextrose tablets we set off. The final part of the climb is like a long hellish staircase with stones of all sizes making up the crazy paving stairs. It was a tough stretch but, with the help of plenty of breaks and the knowledge we were nearly there, we made it. As you can see from the picture at the top, the views were well worth the slog. Spectacular! 

After a linger at the windy top to take in the majesty, it was time to head back down the path to the delights of the chip shop and the chance to undo some of the healthy goodness we'd subjected ourselves to. Well, life is all about striking a happy balance. What a great day!

 

Continue reading
1312 Hits
0 Comments