Quote of the Day – Barack Obama (4/17/2013)

The gun lobby and its allies willfully lied about the bill.

Barack Obama – In Response to the Gun Control Vote

April 17th, 2013


[Said like a true politician.

No Mr. Obama, we just don’t take kindly to being lied to, abused, mistreated, and being held responsible for the actions of others.  You and your cohorts tried to pass a bill and we merely read it and told everyone one’s in it.  You can go read in the bill yourself about every statement I’ve made regarding the bill.

You’re upset because you couldn’t pull the wool over our eyes and we fought back.

Lastly Mr. President, what part of “Shall Not Be Infringed” is so hard and difficult for you to understand?-B]

Ear Worm Wednesday – 4/17/2013

Only fitting given the following best described in Meme form:

547634_358146024286310_1390617858_n

They may not realize it but they awoke a beast and many of us are answering the call of the warrior.

Volbeat – A Warrior’s Call

0 to Attacked in No Time Flat

So as I’ve mentioned previously I’ve moved to the world of a VPS which for all intents in purposes is much like being self-hosted.  I used to do this stuff a long time ago, I still do it but not nearly as intensively and for the most part my shell-fu has gotten rusty.

I spent the first part of Saturday getting the server setup and figuring out WHM and cPanel, both unbelievably easy.  The biggest issue was making sure I had things locked down.  I just set up this server though, who could possibly be attacking it?

A6WLUZ bandwidth (full)

Bandwidth usage since I turned on the server.

You can see where I turned the server on on the 13th.  Notice that big spike shortly there after, yeah that was a huge influx of traffic.  It caused the server to grind to a halt.  At the time I thought it was related to me bringing up my site since it locked up within minutes and I had tweaked some server settings an thought that caused the instability.

Come Monday morning I have an email from A Girl that she cannot get in and 2 from the data-center that they rebooted the server after it ran out of memory and locked up.

A6WLUZ_load_full

System loading and availability since being turned on.

You cant see it as well except for the latest incident in those images but there is a serious proc-load spike when those bandwidth spikes occur.  I promptly switched from APF to CSF for my firewall so I could gain use of the LFD.  I spent my time installing and configuring it last night.

A6WLUZ Detail

The Proc Spike I had overnight.

 

A6WLUZ

A more detailed image of the bandwidth spikes.

There you can see the proc spike from an an incident last night.  I did a few more tweaks to the CSF and you can see things were better when they tried again about an hour later.  In the middle of all of this I also discover that there is a way to have Apache watch all the wp-login pages for failed logins.  When they happen, block and ban the IP after numerous failed attempts.  This is why I called myHosting lazy and was so pissed about their approach in handling the problem.

If you are a server administrator and want to protect against the WordPress brute force attack it is quite simple, doubly so if you have WHM.

Login to WHM, goto Software-EasyApache.  Follow the onscreen instructions and rebuild Apache but make sure the modsec2 module is selected.  Build Apache.

Once built, log in to your shell and edit /usr/local/apache/conf/modsec2.user.conf and add the following.

#Block WP logins with no referring URL
SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},id:5000210
<Locationmatch “/wp-login.php”>
SecRule REQUEST_METHOD “POST” “deny,status:401,id:5000211,chain,msg:’wp-login request blocked, no referer'”
SecRule &HTTP_REFERER “@eq 0”

#Wordpress Brute Force detection
SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},id:5000212
<Locationmatch “/wp-login.php”>
# Setup brute force detection.
# React if block flag has been set.
SecRule ip:bf_block “@gt 0” “deny,status:401,log,id:5000213,msg:’ip address blocked for 5 minutes, more than 10 login attempts in 3 minutes.'”
# Setup Tracking. On a successful login, a 302 redirect is performed, a 200 indicates login failed.
SecRule RESPONSE_STATUS “^302” “phase:5,t:none,nolog,pass,setvar:ip.bf_counter=0,id:5000214”
SecRule RESPONSE_STATUS “^200” “phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/180,id:5000215”
SecRule ip:bf_counter “@gt 10” “t:none,setvar:ip.bf_block=1,expirevar:ip.bf_block=300,setvar:ip.bf_counter=0”

Save the file and restart Apache.  This will help stop the brute force attacks.  If it wasn’t for the off chance of false positives, I’d be good with a perma-ban and dropping that axe like a rock….

Funny story, I dropped that [email protected]#$ing ax on myself tonight.  Most of the other services are watched by LFD and when you get multiple login failures, it drops the ax and hard.  I screwed up logging in and paid the price.  I was just going along minding my own business and tried to login a couple times with the wrong password and bam there I am behind a curtain with some asshole molesting my balls.  Man, when I describe it like that it sounds like my intrusion detection system works for the TSA.

In the mean time the folks I got the VPS from (they’ve been fantastic support wise, unlike that previous host) are looking into trying to figure out what’s causing the load spikes.  The bummer is it randomly happens so it’s a paint to catch in the act. The good news is the past couple slams the server has actually survived so it’s almost there.  Security wise it isn’t a concern, it’s just and issue with service.

SSCC Honorable Mention: NYPD

This is a classic case of “only ones”.

An off-duty police officer shot to death her 1-year-old son and her boyfriend, who is believed to be the child’s father, before taking her own life in a Brooklyn home early Monday, authorities said.

The officer’s 19-year-old son managed to escape out a back window and find police; he was not injured.

We’re constantly told how only officers need firearms and that they’re the only ones screened and trained enough to handle them safely.  This is just another example that no matter how hard you try, things can be missed.  The question is, do you live free or as slaves?

State Sponsored Criminal Honorable Mention: Jane Doe

Because only cops should have guns because no one in their ranks ever snaps.

Too Little Too Late…

So I got the following email at 1630 tonight.  I know the ball started at 0800 this morning thanks to twitter.  They may have had that many complaints to work through but here is the email I got.

Dear Barron,

My name is CS Rep and I am writing you from Customer Relation Department. Your case was brought to my attention because you gave us a bad review on Twitter. We are very serious about providing you with an exceptional hosting and customer service experience, we would like to confirm that everything is running as you would like. What would it take for us to became the best hosting provider for you?
Your feedback is crucial for our business to move forward. We are still that strong company with quality and products as we continue to invest more into support and service in terms of training and technology.
Do not hesitate to use my direct line (her number) or 24/7 technical support (their number) or simply reply to this email: [email protected].

Thank you for choosing myhosting.com, I hope we can get your positive tweets shorty.

Sincerely,

CS Rep

My world at work is customer service.  So I am always willing to respond so that if they’re actually willing to improve their service they can.  Here is my response.

Hi Olga,

Let me start off by saying at this point I will be leaving myHosting.  I have invested in outside hosting, at best I will retain my myHosting account for exchange email purposes.  That said as someone who works for a company that strives on customer service I’m going to lay out from beginning to end and my perspective on it.

Last month I had regular service issues despite my use of the CloudFlare CDN. I opened ticket #: FNF-528-19240

After multiple back and forth arguments about whether or not my site was hosted with myHosting finally they just blamed CloudFlare, the problem continued but with less frequency.  I just dealt with it.  For the most part the site would immediately come back on a refresh and none of my customers were noticing an issue or reporting one to me.

Then in the midst of this WordPress attack, I started to have issues a little more frequently. I started to get emails from my Customers and I did what I could on my end to fix the issue.  Then it happened, I and all my customers, 4 total, were locked out of their sites.  We were locked out without any email in my inbox of how to fix the issue.  When the solution did arrive after my promptly emailing support it was a solution that none of my 4 customers could implement, much less be feasible for 2 of them.  Despite my efforts in maintaining a secure WordPress site, including plugins to stop the brute force attacks, my site was rendered unusable not just to me, but my customers.  I actually had to disabled Cloudflare thus increasing my exposure to SPAM and other undesirable traffic.

Just so I am perfectly clear.  The actions of myHosting taken to “secure” the websites for which I am responsible resulted in their inability to function for my customers.  It took me at least 12 hours before I could finally get those sites unlocked for my customers.  During this time my ability to handle issues as well as my general perception to my customers was degraded.  Doubly so since while trying to unlock 2 of the site resulted in 500 internal server errors.  Once that error was corrected, cleanURLs was broken due to other changes to the .htaccess files by myHosting.  Instead of just correcting their errors to the files, they dumped them. This made me look like an idiot again when a customer informed me in the morning he was getting 404 errors.

That night I started the migration to a VPS with another company.  I could not trust that myHosting, even in a VPS, would not mess with my files or otherwise cause me issues and heartache.

I will say the shining spot in this entire mess was it appeared that I dealt with one single support representative.  That is ownership and honestly that is what I like to see.  But here is his last email, Don’t blame him though, he was trying to keep the peace and convey your situation. It is a lesson in needing to be seriously empathetic to customers and the effects of your actions as a provider.

Hello Barron,

Thank you for your patience and we are sorry that you are having an unhappy experience with myhosting.com.

Because 90% of our customers are not using Cloudflare for protection or wordpress plugins to stop unwanted access, we implemented this access restrict.
Because you appear to have a very secure webspace, you would most likely to be safe removing the lines that have been added, but this makes your wordpress website vulnerable to this attack, so please proceed with caution and make sure all wordpress user passwords are complex and secure.

We have disabled the .htaccess files on those two websites and they appear to be loading currently. If you would like, remove all the added code and turn your cloudflare back on.

Please let it be known we are trying to protect our customers the best possible way. Because of the urgency of the matter, this was the quickest solution. We hope this does not ruin your experience with myhosting.com.
http://statusblog.myhosting.com/
http://statusblog.myhosting.com/#oncloud

Regards,

Here’s how I read it:

Your Text.
My Corrections in Phrasing.
My mental commentary while reading.

Hello Barron,

Thank you for your patience and we are sorry that you are having an unhappy experience with myhosting.com. Because evidently the idea someone would be unhappy about being locked out of their own website surprises us.

Because 90% of our customers are not using Cloudflare for protection or wordpress plugins to stop unwanted access, we implemented this access restrictdecided to treat all our users like idiotic children that know nothing about anything.  Luckily I have experience with being penalized because of the actions of others.

Because you appear to have a very secure webspaceactually know what the fuck you’re doing and have previously educated our support staff, you would most likely to be safe removing the lines that have been added, but this makes your wordpress website vulnerable to this attacka brute force attack where they just randomly try passwords, so please proceed with caution and make sure all wordpress user passwords are complex and secure.  Why in the name of god do you think I use keypass and generate 20 character password strings, just for the ease in memorization?

We have disabled the .htaccess files on those two websites and they appear to be loading currentlybut we broke clean URLs so they’re still not working right, our bad? If you would like, remove all the added code and turn your cloudflare back on.  You mean I can unfuck my websites if I so choose!?  Here I thought you guys were just out to screw me in front of people I support.  And yes I unfucked every one I could as fast as I could, even before I got your permission!

Please let it be known we are trying to protect our customers the best possible way, by nuking the site from orbit by treating our customers like children and blocking their access to their own sites just the same as the attackers. Because of the urgency of the matter, this was the quickest solution, because we were dumb and too lazy to implement deep packet inspection and notice that the brute force attempts always use the same username, admin. We hope this does not ruinare sorry this has completely ruined your experience with myhosting.com.  We didn’t consider the ramifications of how our actions could possible make our customers look in the eyes of their own clients.  We will think about possibly not treating all our customers like children in the future but don’t count on it.
http://statusblog.myhosting.com/
http://statusblog.myhosting.com/#oncloud

Regards,

The same support guy I’ve been dealing with all day. +1 for that.

And yes, this did go up on my blog, this email will be going up as well.  I want you to understand exactly how badly this has cut into me.  I strive myself on customer service and whenever possible I stop what I’m doing to help when there is an issue.  Even when these people do not pay me a dime for my services.  I get an email at 0400 in the morning and if my phone actually wakes me up I will look and go fix the problem.  I take my wife out to dinner and get a text message that the server is down and I spend the rest of dinner cranking away on my phone to fix the problem.  That is customer service, owning the problem and fixing it.  Most definitely you do NOT create problems for the customer and if you do, you fix them 100% and ensure the site is returned to normal.  You do everything you can for that customer to ensure the problem is fixed immediately and any issues created are taken care of or assisted with to the best of your ability.

You must also remember when you do go and do something like that, it has consequences beyond just your visible customer level.  Your customers have customers.  Some have business and those types of actions cost them money and trust.  In this case myHosting caused a question regarding my integrity with my ability to be a provider for website services.  Integrity once lost can never be regained and I find the actions of myHosting down right deplorable given their impact on me, my business, and my customers.

If you have any other questions feel free to ask.

Sincerely,

Barron Barnett

I’m not holding out for another response back, but I figured I’d give them honest feedback. I will say I was kind of happy to get the kick in the ass to go get a VPS.

No BAG Day for Me…

Instead I owed my child molesting financially irresponsible uncle $600.  So no gun for me, doubly so since I have to pay property taxes soon too.

I did however make myself feel a little better during the tail end of doing my taxes:

PayingMyChildMolestingUncle

I wanted to avoid Turbo-Tax but it was the easiest for what all was involved this year.  At least I had a little fun with it.  I gave them a 1 because I actually used them.

SSCC #569: Minneapolis

A Minneapolis police SWAT team leader was convicted Saturday of assaulting a man while off-duty at a bar.

An Anoka County District Court jury decided that Sgt. David Clifford was not acting in self-defense when he punched Brian Vander Lee, 44, on June 16 at Tanners Station in Andover. Jurors found Clifford, 48, guilty of first-, third- and fifth-degree assault.

Hey at least he stood trial.  Though there has been no word about his job status after this incident.  He kept his job after the charges were filed, no word if the conviction changes that status.

State Sponsored Criminal #569: David Clifford

Because when you get drunk in a bar and kick someone’s ass, by all means you should keep your job even though you broke the law in doing so.

via OldNFO

Boom!

So we’re coming up fast on Boomershoot.  I’ve got a pile of stuff I need to do to get ready and time’s moving quick.  In the meantime here’s a pic from last years fireball.

DSC_6822

+1 to Ry for convincing me to get the Adobe Cloud.  Here’s the before and after on that photo.

Before_vs_After_ Ry

Lightroom is fantastic with Raw photos.