Cracker Hunting

Posted on 2016-02-12 by M. Eric Carr

I recently got a notice that the traffic on this site had reached 80% of the budgeted transfer for the month. This is not necessarily bad news — occasionally someone posts a link to Reddit and traffic spikes for a while. However, the stats page looked completely normal. HMM.

Fortunately, Apache (the webserver program) keeps a log of all accesses to the website. Looking through the file, it seems that several rather asocial individuals in Romania, China, and other places had picked up the “hobby” of running scripts to attack websites, in hopes of using them to send out spam. People Are No Damn Good, as my grandmother often points out.

Apache’s log files, however, are pretty big. The current access.log file is some 180MB. Clearly the solution here is to fight scripting with scripting.

Here are some of the relevant tools:

cat: short for “catalog.” This simply types out a file, either to the display (the default) or to another program. Cat will be used here to simply print out the whole access.log file.

grep: Grep finds lines of a file containing something. In this case, we’re interested in anyone accessing a file called xmlrpc.php. Grep will take the input from cat, and pass on only the lines containing this string.

cut: I learned about this one today. Cut can select out a particular section of lines, based on character count. While the later Awk step (see below) probably makes this unnecessary, I used Cut to select just characters 1-15 of each line of text. This stripped version is then passed along to…

sort: Does what it says. It takes in a text file and sorts it into alphanumeric order. This prepares the file to be processed by…

uniq: This takes in a sorted file and removes all duplicate lines. From here, the (greatly shortened) file is then passed to:

awk: Awk is a general-purpose string processor, with lots of features. I don’t yet know a lot about it, but I’m using it here to retain only the characters before the first whitespace — and then add a scripting command around that.

So, using all of the above in order, I came up with the one-liner:

cat access.log | grep xmlrpc.php | cut -c1-15 | sort | uniq -u | awk ‘{print ” sudo /sbin/iptables -A INPUT -s “$1” -j DROP “}’ > loserfile

This command prints out the webserver access log, finds any instances of attackers attempting to access xmlrpc.php, locates their IP addresses from the relevant line, and creates a command to instruct the firewall to ignore all traffic from those IPs. Once “loserfile” is set executable and then run, the new rules go into place.

As the graph below shows, the tactic seems to have worked.
Hasta la vista, fetchers.

The attack seems to have started about eight hours ago. Once the new rules were in place, it abruptly stopped.

Hour-by-hour chart of inbound and outbound traffic

Posted in Digital Citizenship, Internet, Networking, System Administration, Tools, Troubleshooting | Leave a comment

Remembering Challenger

Posted on 2016-01-28 by M. Eric Carr

January 28, 1986 was not a good day for engineering.

Thirty years ago today, NASA management let politics and administrative expediency take priority over engineering and safety. Seven astronauts — seven of literally the best and brightest among us — lost their lives because of a hasty decision to go ahead with the launch despite the protests of engineers that the weather was too cold for the o-rings in the solid rocket boosters.

The astronauts were not our only loss, that day. We lost an extremely expensive orbiter, too — but perhaps an equally large tragedy was the extent to which the Challenger disaster set back humanity’s exploration of space. Because of a rushed management decision, the Space Shuttle program — and piloted spaceflight in general — suffered a delay of perhaps a decade. Many dreams, and many STS flights, were cancelled or greatly delayed.

What’s done is done — but the best way to honor the memory of the Challenger Seven is for us to learn from the management mistake that doomed them. Yes, NASA fixed the SRB design and used improved o-rings, but that’s not the real point.

The important lesson is that we must never let wishful thinking and politics override solid safety engineering practices. We’re competent enough with physics to know the risks in many situations, if we’re only patient enough to do the calculations — and accept the logical conclusions, even if they’re not the ones we want to hear.

“For a successful technology, reality must take precedence over public relations — for Nature cannot be fooled.”

–Richard Feynman

 

Posted in Current Events, Design, Science | Leave a comment

Electronics Intuition, or The Giggle Test

Posted on 2016-01-26 by M. Eric Carr

Mathematical analysis is one of the most useful tools in electronics. With the right formulas, you can figure out what value capacitors and inductors to use to make a resonant circuit operate at a particular frequency, or what resistors to use to make a voltage divider to drive a comparator.

Along with working the equations, though, it’s important to have a good intuitive sense of what is going on in a circuit. Just like you shouldn’t trust your calculator if it gives you an answer of 21 if you ask it for the product of 17 and 38, you should have a reasonable idea of what each of the parts of a circuit are supposed to be doing, when you’re analyzing it.

For example, if your calculations indicate that you’re getting 100 amps out of a signal generator, something has gone wrong. That kind of current would melt the coax cable — let alone the sensitive components inside a precision signal generator. Likewise, if the calculated output voltage of a simple voltage divider circuit is higher than its input, something has gone wrong somewhere. Resistors can’t generate increases in voltage.

Similarly, some ideas just aren’t feasible. Over-unity (“free energy”) devices are the most egregious example — but often, devices like energy harvesters which look more or less plausible haven’t been properly quantified, in terms of energy out vs. energy in. Just because something can generate high voltage, for example, doesn’t mean there’s a lot of energy there. Quantify, in SI units, the inputs and outputs — and then measure them.

My favorite term for this way of thinking is “The Giggle Test.” If an engineering idea is so implausible that you have to suppress a giggle (or fail to suppress one), something’s wrong — and probably wrong by at least an order of magnitude. When you see something that doesn’t make sense, there’s a reason. Take the time to look at the quantities from a larger perspective, and ask yourself if they make sense. It can be a real time-saver.

Posted in Electronics, Fundamentals, Troubleshooting | Leave a comment

Just the Thing

Posted on 2015-12-17 by M. Eric Carr

If Necessity is the mother of Invention, Laziness is its father. Lowering the barriers to innovation certainly helps encourage the development of new solutions.

One technological feat that has been getting increasingly easier to do with embedded devices is send and receive data over the Internet. The recent development of the ultra-low-cost ESP8266 WiFi module has spurred a lot of interest in getting smaller devices connected to the ‘Net. The “Internet of Things” is essentially the idea that even small, single-purpose devices might be more useful when connected to the Internet.

Unfortunately, the original ESP8266 boards weren’t the friendliest things to prototype with. Their awkward two-row connector is mechanically stronger than an inline solution — but the geometry of most breadboards means that DIL parts with less than 300mil separation can’t be easily breadboarded. Plus, the ESP8266 uses an inexpensive but obscure Cadence Tensilica processor — not supported by most enthusiasts’ toolchains. Sure would be nice if someone were to bake an ESP8266 into an Arduino and write the libraries.

Seems like SparkFun had the same idea. Their “ESP8266 Thing” is essentially a high-powered Arduino-compatible CPU attached to a ESP8266 module. With the libraries and examples provided, it’s reasonably easy to get up and running with a webserver.

The SparkFun ESP8266 Thing Dev Board

After setting up the Thing (Note: you need to short GPIO0 to ground in order to get it to program), I modified a temperature and humidity webserver from Adafruit to create a webserver that could turn on an LED when the /on page was read, and turn it off when the /off page was read. It’s straightforward enough to modify this to, for example, control A/C outlets.

Here’s the sketch.

$16 to connect a gadget to the ‘Net, almost effortlessly. I love living in the future.

Posted in Arduino, Design, Digital, Electronics, Internet, Networking, Reviews | Leave a comment