28 Apr 2018

Fixed the action for my comments form. It was still posting to small.perl-user.com which I removed. Oops. All better now. cf: comments


26 Apr 2018

So, I got tired of clearing out IP's, once a week, that my watcher.pl script banned for unauthorized access to my ssh port. Changing the SSH port number has helped. No new banned users. I unbanned all the old ones. It's not like any of them were ever gonna crack my RSA key. No password logins. No root logins. No authorized_keys on any known unix accounts. It is nice, though, to not see emails for the 30-75 new ip's that were banned since yesterday. Not one.

I use Fedora27 on my Nanode, so there were several things to change to get sshd working on a new port.

On Fedora, /etc/ssh/sshd_config includes a note about using semanage to get SELinux to allow connections on the new port. Change the port number from 22 but don't restart sshd yet.

# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
Port 22

Install the package that includes semanage, a python tool to access libsemanage, which isn't installed by default.

dnf install policycoreutils-python-utils

Next steps, allow the new port through the firewall and restart sshd. Replace XXXX with the new portnumber and replace FedoraServer if you're using a different zone name than the default. Fedora27 came with firewall-cmd by default, so I learned to use that.

firewall-cmd --zone=FedoraServer --add-port=XXXX/tcp
firewall-cmd --zone=FedoraServer --permanent --add-port=XXXX/tcp

You can use firewall-cmd to view the active zone (FedoraServer shows at the top as Active for me) to verify the new ports are active.

firewall-cmd --list-all-zones|more

Then, restart sshd

service sshd restart

At this point, I had not been disconnected and sshd was running on the new port. Tested it with my ssh-client (Bitvise) and verified the new port worked. After that, I removed the old port.

firewall-cmd --zone=FedoraServer --remove-port=22/tcp
firewall-cmd --zone=FedoraServer --permanent --remove-port=22/tcp

23 Apr 2018

On Sundays, my /var/log/secure rotates and it's time to unban the hundreds of miscreants who tried to access ssh on my Nanode during the week. This is the short snippet I use to unban with firewall-cmd:

for i in `firewall-cmd --list-rich-rules |sed "sx\"x xg"|awk '{print$6}'|sort`;
  do unban $i; 
  done
This is my unban script, the opposite of my ban script, it just calls the appropriate firewall-cmd to drop the rich rule.
#!/usr/bin/bash

echo "Unbanning $1"
firewall-cmd --permanent --remove-rich-rule="rule family='ipv4' source address=$1 reject"
firewall-cmd --remove-rich-rule="rule family='ipv4' source address=$1 reject"

Looking thru my httpd access log, I noticed a lot of POST's to the IP of my Nanode. I tidied up the code in Lynk2.pm to just throw a 404 error for access to the IP or any domain that isn't mine. No sense reading the data that the hacker bots trying to exploit bugs in old versions of WebLogic or Drupal (if you run Drupal, really REALLY patch that) are throwing at my web port.

I also wrote a short snippet for the edit links in my menu bar. Now, unless the remote IP matches the creator of the page stored in the database, that edit link won't even show up.


15 Apr 2018

This is handy: Responsive Design Checker


8 Apr 2018

I've been thinking about what my site lacks. One thing is an easy way to start a new blank page rather than copy/paste from another pages ?edit link (which is pretty dang easy but hey, i'm a programmer, i always want easier easier easier!!)

I'm also looking at adding an in page update-like function to add these sections (blue blocks) automatically. It'll get the date right whereas i sometimes don't 😀

With all the regular html pages on this site living in PostgreSQL rather than being files on disk, these sites of mine are rather different compared to most Apache served sites. I like how much faster it is and how much easier it is to just edit a page in the browser and avoid the whole download file, edit, upload file, check for errors. Now I get to my errors much faster 😀


4 Apr 2018

Did a lot of searching for genealogical data but very little page creation or coding.

Found my Scottish ancestor named Duncan from the Isle of Jura, a 7th Great Grandfather on the Mccolski (McCoulskey) branch of the Oglesbee line.


2 Apr 2018

This is a link to the SpaceX launch video by Cnbc on Periscope: Launch


1 Apr 2018

Fixed the redirect for /favicon.ico for all domains by hard coding it to /images/favicon.ico

Happy Easter! - phil

Useful command I had to use to fix a missing map file:

chcon -t httpd_sys_content_t file-name

Installed CGI module, mainly to get CGI::Cookie which is handy for setting/reading cookies in mod_perl =) It comes with a ton of pre-requisites to install, about half manually, some of those with their own pre-requisites.



19 Apr 2018

Heh, fixed date on previous post. Keep copy/pasting and messing em up.
Need to reorg how i do pages/updates/comments

Updates could be like this section using a snippet to display in various orders and another to add new ones if logged in. If logged in, it will just display a user's updates and maybe friend's updates (when I add a snippet to friend someone... Hmm, should a user who never logs in but always comes from the same IP be friendable?