BlueOnyx 5106R – Unresponsive Login Manager

BlueOnyx uses the PAM ABL module to mitigate brute force attacks. Though it’s not a good idea to rely solely on this module to protect your services, it’s definitely better than nothing. However, for some reason the database storing the failed hosts and users tends to corrupt easily on BlueOnyx systems. If you experience that you can’t access the “Login Manager” or the “Failed Logins” section from the GUI due to timeouts, then the aforementioned corruption is a likely cause. Another sign of corruption would be the inability to purge the list of failed logins. If this is the case, then PAM ABL might not be functioning at all.

To address this issue you may simply delete the blacklist databases by issuing the following commands.

rm /var/lib/abl/hosts.db
rm /var/lib/abl/users.db
# Restart cced
/etc/init.d/cced.init restart

Deleting the databases is harmless as they are recreated automatically.

Where does WordPress spam come from?

After using Akismet for a few years to battle spam, it seemed to me that the spammers were slowly gaining the upper hand. Spam was starting to leak through the cracks and I was looking for an alternate approach to the problem.

Akismet – It does a good job of killing of spam. I’m not too sure of the claimed accuracy rate though.

After analyzing how bots (automated comment spammers) were parsing my content I ended up with a solution that didn’t affect legitimate visitors but was still able to discard comments from bots on the fly. Four months later and I’ve seen no spam whatsoever. For my own amusement I decided to log the IP of every spammer until I reached a 100 000 spam posts. The idea behind this was to get an adequate number to run some statistics against.

So without further ado, I give you my spammer toplist broken down by IP’s and blocks.

Top 10 spammers by IP

Spam post count IP /32 Country
1757 China
711 China
687 China
593 Russian Federation
527 China
466 China
439 Russian Federation
430 China
422 China

Top 10 spammers by IP /24

Spam post count IP /24 Country
2430 China
2194 China
2173 Ukraine
2111 China
2080 China
1785 China
1757 China
1741 China
1736 China
1650 China

Top 10 spammers by IP /16

Spam post count IP /16 Country
15006 China
11653 China
9115 China
8501 China
4315 China
3926 China
3634 China
3381 China
3161 China
3133 China

Top 5 spammers by IP /8

Spam post count IP /8 Country
19328 -
14807 -
12758 -
11724 -
9142 -

It would seem that comment spam unfortunately is mostly “Made in China”. At least now I understand why 8% of my total bandwidth consumption originates from China.

I’ve attached the log containing the 100k-of-spam if anybody’s interested.

Address blocks are fetched from NirSoft.

How to install Dig on a Windows 8.1 64-bit system

This installation procedure will extract only  relevant libraries and executables from the BIND 9 package, and not install a full-blown DNS server. The installation method is also applicable on Windows 7 64-bit systems.

Head over to and download the BIND 9.10.0-P2 package. Select the 64-bit version and leave the 32-bit package as a last resort. The 64-bit version is dependent on the Microsoft Visual C++ Redistributable package, which you can download and install from

Why is it preferable to go with the 64-bit version of BIND 9 on a Windows 64-bit system, when 32-bit applications work just fine? Since dig is a command line tool there are a few things to take into account. On a Windows 64-bit system, the command line interpreter (cmd.exe) will be running in 64-bit mode. That means it will look for executables under %SystemRoot%\System32\.
The System32 folder, despite its name is designed for 64-bit executables on Windows 64-bit systems.
/**Note: On Windows 32-bit systems, the %SystemRoot%\System32\ folder is indeed for 32-bit executables.*/

Windows Command-line interpreter
The command prompt with its 64 and 32-bit executables.

The correct folder for 32-bit executables on Windows 64-bit systems is %SystemRoot%\SysWOW64\, again ignore the clever naming scheme as WOW64 stands for “Windows (32-bit) on Windows 64-bit”. Anyhow, if you opted to install the 32-bit version of BIND 9 and thus extracted the executables and libraries to %SystemRoot%\SysWOW64, you’ll need to run the 32-bit version of cmd.exe by issuing the command:


The next step is assuming that the package of choice was the 64-bit version of BIND 9, and that the Microsoft Visual C++ Redistributable is already installed. If not, then make adjustments accordingly. Open the file and extract the following files to %SystemRoot%\System32\
/**Note: Moving files into the System32 folder requires administrative privileges (run as administrator).*/


Finally, fire up the command prompt and check if the installation was successful by doing a DNS query:

Dig on Windows 8.1 64-bit
Dig on Windows 8.1 64-bit