Linux and open source tips, tricks and discussion. Free software, hardware and modern culture. The Binary Times audiocast is created by Mark and Wayne, two chaps who just like using linux and open source software and want to spread the word. Linux is free and open source and it is an excellent choice of operating system for our ever changing times. This audiocast is released fortnightly.
https://www.thebinarytimes.net
The Binary Times - Series 7 Episode 9
Series 7 Episode 9 - In this episode Mark kicks off the show chatting about the recent Ubuntu 20.04 LTS release, we read out the release notes and discuss some of the topics covered, Wayne has been building a KVM host for offloading Win10 and Video rendering tasks to a server, more under the hood tips and another epic Irish saying. Enjoy.
00:25 Wayne welcomes us to Series 7 Episode 9 from a clear skied Bristol, with nice temperatures through the day but getting chilly through the night. Mark gives us his weather report by clicking on his message tray on his new and shiny Ubuntu 20.04 Gnome desktop, which prompts a conversation around Ubuntu's most recent release. Mark recommends Wayne should upgrade to Ubuntu-MATE 20.04 having read its release notes and talks about his growing appreciation of the Gnome desktop. Wayne is slow to upgrade due to the extensive audio modifications he has made to his system. Mark isn't sure about snaps on laptops due to their autorefresh feature and the performance hit that can introduce. Mark tells us he's currently distro-hopping, trying to find the perfect distro for new users, and tells us a bit about Zorin OS. Wayne talks about the price of webcams.
16:39 The guys discuss the recent press release for Ubuntu 20.04 which they find interesting while bringing up many questions.
42:27 Wayne tells us about his follow up on the Russian hack attacks. Thanks to Robert for all his advice. He reads out Robert's email:
"Hello Wayne and Mark,
I'm just getting in touch to say that you got at least one listener. I always enjoy hearing about your trials and tribulations.
Re the school seeing lots of traffic from Russia, I suspect they are simply trying to either compromise the Wordpress install or already have found their way in. I work for a hosting company and I see this stuff a lot.
When a site is under I attack I usually run a few command to figure out what is going on. This will product a sorted count of IP addresses that hit the server in the last few minutes (assuming the current time is 10:30:
# grep "13/Apr/2020:10:2" /path/to/log | awk '{print $1}' | sort | uniq -c | sort -hr
You can then get the top IP address and check what it's doing:
# grep "13/Apr/2020:10:2" /path/to/log | grep 1.2.3.4 | less
It's worth checking if the requests are mainly POST requests. They could simply be hits on wp-login.php or xmlrpc.co.uk:
# grep "13/Apr/2020:10:2" /path/to/log | grep 1.2.3.4 | grep -c POST
# grep "13/Apr/2020:10:2" /path/to/log | grep 1.2.3.4 | grep -c GET
Of course, also look at the resources (URLs) that are requested. It may be that they are creating user accounts or posting comments. Or if you see SQL commands in the resources they will be scanning for SQL vulnerabilities.
Also, investigate the server load. They might be mining crypto currencies (quite popular nowadays).
At work we're using this script quite a bit:
https://gitlab.com/beepmode/blockbot.
It may help find naughty IPs and figure out what they're doing, but blocking IPs unfortunately requires cPanel (or more specifically, CSF). It shouldn't actually be too difficult to use firewalld or iptables instead (the blocking is done on lines 836-845).
As a thought of the day, it might be worth switching the site from AWS to more traditional, managed hosting. I run a few of my own websites on a Digital Ocean VPS, mainly because it's cheap and because none of the sites are very important. For anything critical I would never choose unmanaged hosting. It's just too painful to deal with issues like spikes in traffic from Russian (and China).
Anyway, that's enough from me. Best wishes from a partially cloudy and slightly windy Norwich.
Robert"
Wayne goes on to tell us that he's moved the site to another server, upgraded all the bits and so far things are looking good. He also discusses how the Wordpress site was initially implemented over an existing static site.
Wayne tells us that he's installed Windows 10 in a Virtual Machine and an Ubuntu MATE Virtual Machine on an Ubuntu Server so that his partner can use Windows applications on her laptop. He used the following links to help him achieve this:
https://www.linuxtechi.com/install-configure-kvm-ubuntu-18-04-server/
https://fabianlee.org/2019/04/01/kvm-creating-a-bridged-network-with-netplan-on-ubuntu-bionic/
https://www.server-world.info/en/note?os=Ubuntu_18.04&p=kvm&f=4
https://docs.microsoft.com/en-gb/windows/win32/power/system-power-states?redirectedfrom=MSDN
https://linoxide.com/linux-how-to/xrdp-connect-ubuntu-linux-remote-desktop-via-rdp-from-windows/
https://learnubuntumate.weebly.com/enter-password-to-unlock.html
https://catch22cats.blogspot.com/2018/05/xrdp-creates-strange-directory-called.html
Wayne is still trying to figure out Wake On LAN.
Mark points out the environmental benefits of Wake On LAN, and mentions the momentous events in the last few days, being Earth Day, Ubuntu 20.04 release and the Hubble Telescope launch 30 years ago.
01:00:51 Under the Hood - Mark's under the hood is OMG Ubuntu's 10 things to do after installing Ubuntu (as well as 4 things you shouldn't do). He also mentions Building Ireland, Episode 2 The Transatlantic Telegraph Cable as well worth a watch. It was the inspiration that led to Mark redesigning his workspace! Mark is going to take a picture from the Other Side...
Wayne's under the hood is grep -rnw '/var/www/html/' -e 'upload_max_filesize',
where-r = recursive, -n = line number, -w = match whole word, -e = search pattern
01:05:46 Irish Saying of the show is "Tá gach rud agam", or I have everything! We hope you enjoy the show as much as we did making it.