BlueOnyx 5106R – Unresponsive Login Manager

BlueOnyx uses the PAM ABL module to mitigate brute force attacks. Though it’s not a good idea to rely solely on this module to protect your services, it’s definitely better than nothing. However, for some reason the database storing the failed hosts and users tends to corrupt easily on BlueOnyx systems. If you experience that you can’t access the “Login Manager” or the “Failed Logins” section from the GUI due to timeouts, then the aforementioned corruption is a likely cause. Another sign of corruption would be the inability to purge the list of failed logins. If this is the case, then PAM ABL might not be functioning at all.

To address this issue you may simply delete the blacklist databases by issuing the following commands.

rm /var/lib/abl/hosts.db
rm /var/lib/abl/users.db
# Restart cced
/etc/init.d/cced.init restart

Deleting the databases is harmless as they are recreated automatically.


Where does WordPress spam come from?

After using Akismet for a few years to battle spam, it seemed to me that the spammers were slowly gaining the upper hand. Spam was starting to leak through the cracks and I was looking for an alternate approach to the problem.

Akismet
Akismet – It does a good job of killing of spam. I’m not too sure of the claimed accuracy rate though.

After analyzing how bots (automated comment spammers) were parsing my content I ended up with a solution that didn’t affect legitimate visitors but was still able to discard comments from bots on the fly. Four months later and I’ve seen no spam whatsoever. For my own amusement I decided to log the IP of every spammer until I reached a 100 000 spam posts. The idea behind this was to get an adequate number to run some statistics against.

So without further ado, I give you my spammer toplist broken down by IP’s and blocks.

Top 10 spammers by IP

Spam post count IP /32 Country
1757 218.107.1.204 China
711 175.44.8.69 China
687 112.111.185.0 China
593 93.182.36.85 Russian Federation
527 175.44.57.109 China
466 175.42.93.201 China
439 93.182.36.82 Russian Federation
430 36.250.178.131 China
422 36.250.191.105 China

Top 10 spammers by IP /24

Spam post count IP /24 Country
2430 175.44.8.0 China
2194 175.44.9.0 China
2173 91.200.12.0 Ukraine
2111 112.111.189.0 China
2080 175.44.57.0 China
1785 112.111.190.0 China
1757 218.107.1.0 China
1741 112.111.188.0 China
1736 36.250.172.0 China
1650 175.44.55.0 China

Top 10 spammers by IP /16

Spam post count IP /16 Country
15006 175.44.0.0 China
11653 112.111.0.0 China
9115 36.250.0.0 China
8501 27.153.0.0 China
4315 175.42.0.0 China
3926 110.89.0.0 China
3634 36.248.0.0 China
3381 120.37.0.0 China
3161 27.150.0.0 China
3133 27.159.0.0 China

Top 5 spammers by IP /8

Spam post count IP /8 Country
19328 175.0.0.0 -
14807 27.0.0.0 -
12758 36.0.0.0 -
11724 112.0.0.0 -
9142 110.0.0.0 -

It would seem that comment spam unfortunately is mostly “Made in China”. At least now I understand why 8% of my total bandwidth consumption originates from China.

I’ve attached the log containing the 100k-of-spam if anybody’s interested.

Address blocks are fetched from NirSoft.


How to install Dig on a Windows 8.1 64-bit system

This installation procedure will extract only  relevant libraries and executables from the BIND 9 package, and not install a full-blown DNS server. The installation method is also applicable on Windows 7 64-bit systems.

Head over to http://www.isc.org/downloads/ and download the BIND 9.10.0-P2 package. Select the 64-bit version and leave the 32-bit package as a last resort. The 64-bit version is dependent on the Microsoft Visual C++ Redistributable package, which you can download and install from http://www.microsoft.com/en-us/download/details.aspx?id=30679#

Why is it preferable to go with the 64-bit version of BIND 9 on a Windows 64-bit system, when 32-bit applications work just fine? Since dig is a command line tool there are a few things to take into account. On a Windows 64-bit system, the command line interpreter (cmd.exe) will be running in 64-bit mode. That means it will look for executables under %SystemRoot%\System32\.
The System32 folder, despite its name is designed for 64-bit executables on Windows 64-bit systems.
/**Note: On Windows 32-bit systems, the %SystemRoot%\System32\ folder is indeed for 32-bit executables.*/

Windows Command-line interpreter
The command prompt with its 64 and 32-bit executables.

The correct folder for 32-bit executables on Windows 64-bit systems is %SystemRoot%\SysWOW64\, again ignore the clever naming scheme as WOW64 stands for “Windows (32-bit) on Windows 64-bit”. Anyhow, if you opted to install the 32-bit version of BIND 9 and thus extracted the executables and libraries to %SystemRoot%\SysWOW64, you’ll need to run the 32-bit version of cmd.exe by issuing the command:

%SystemRoot%\SYSWOW64\cmd.exe

The next step is assuming that the package of choice was the 64-bit version of BIND 9, and that the Microsoft Visual C++ Redistributable is already installed. If not, then make adjustments accordingly. Open the BIND9.10.0-P2.x64.zip file and extract the following files to %SystemRoot%\System32\
/**Note: Moving files into the System32 folder requires administrative privileges (run as administrator).*/

dig.exe
host.exe
libbind9.dll
libdns.dll
libeay32.dll
libisc.dll
libisccfg.dll
liblwres.dll
libxml2.dll

Finally, fire up the command prompt and check if the installation was successful by doing a DNS query:

dig isc.org
Dig on Windows 8.1 64-bit
Dig on Windows 8.1 64-bit