Monday, September 9, 2013

RIP: iPhone 4S

It's been exactly 3 weeks now since my iPhone 4S over-heated - it became unbearably hot that I couldn't even hold it in my hand. It has not shown any signs of life ever since.

Even the 2 different technicians that have taken a look have not been able to pin-point what the cause is ...

You will be sorely missed, iPhone :(.
Posted by Said at 5:19:00 PM
0 comments

Wednesday, May 22, 2013

SSH Brute Force Attempts

I found an interesting entry in the output of the netstat utility while trying to see the actively running services on an Amazon VM running CentOS.

netstat -pant
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name  
tcp        0      0 0.0.0.0:27017               0.0.0.0:*                   LISTEN      996/mongod         
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      1017/nginx         
tcp        0      0 0.0.0.0:28017               0.0.0.0:*                   LISTEN      996/mongod         
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      858/sshd           
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN      803/cupsd          
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      952/master         
tcp        0     48 10.204.214.243:22           173.203.XXX.XXX:43344        ESTABLISHED 21748/sshd         
tcp        0    784 10.204.214.243:22           218.109.6.241:56570         ESTABLISHED 25742/sshd     

The IP in the last line clearly isn't one I own. I did a quick IP2Location lookup and it is a Chinese IP address.
I did a Google search to learn more about what this IP is up to from the system logs and came across the 3 commands below.

grep -ir ssh /var/log/*
grep -ir breakin /var/log/*
grep -ir security /var/log/*
 
Running the first command on 2 different servers (CentOS and Ubuntu respectively) revealed loads of automated attempts at breaking into the servers I tried the command on.
/var/log/secure:May 22 08:05:00 ip-10-204-214-243 sshd[23741]: Invalid user server from 218.109.6.241
/var/log/secure:May 22 08:05:00 ip-10-204-214-243 sshd[23745]: input_userauth_request: invalid user server
/var/log/secure:May 22 08:05:00 ip-10-204-214-243 sshd[23745]: Received disconnect from 218.109.6.241: 11: Bye Bye
/var/log/secure:May 22 08:05:02 ip-10-204-214-243 sshd[23747]: Invalid user share from 218.109.6.241
/var/log/secure:May 22 08:05:02 ip-10-204-214-243 sshd[23751]: input_userauth_request: invalid user share
/var/log/secure:May 22 08:05:02 ip-10-204-214-243 sshd[23751]: Received disconnect from 218.109.6.241: 11: Bye Bye

/var/log/auth.log:May 22 04:43:08 ejeboo sshd[18376]: Failed password for invalid user test1 from 198.23.229.207 port 44166 ssh2
/var/log/auth.log:May 22 04:43:08 ejeboo sshd[18378]: Address 198.23.229.207 maps to host.colocrossing.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
/var/log/auth.log:May 22 04:43:08 ejeboo sshd[18378]: Invalid user test1 from 198.23.229.207
/var/log/auth.log:May 22 04:43:08 ejeboo sshd[18378]: pam_unix(sshd:auth): check pass; user unknown
/var/log/auth.log:May 22 04:43:08 ejeboo sshd[18378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.23.229.207
/var/log/auth.log:May 22 04:43:11 ejeboo sshd[18378]: Failed password for invalid user test1 from 198.23.229.207 port 44599 ssh2
/var/log/auth.log:May 22 04:43:11 ejeboo sshd[18380]: Address 198.23.229.207 maps to host.colocrossing.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!


It's a sad world out there :(
 


Posted by Said at 1:37:00 PM
0 comments

Wednesday, March 13, 2013

Disable The Lock Screen in Windows 8

In case you ended up with a new PC running Windows 8 and need to disable the hugely annoying lock screen (might be good for tablets but mostly certainly lame on PCs) when all you want to see is the login prompt then you are in luck.

If you are running Windows 8 Pro edition then you can follow the instructions here: http://blog.laptopmag.com/how-to-eliminate-the-win8-lock-screen

If you are running Windows 8 (aka Core) edition then the instructions linked to above won't work for you since you'll likely not have gpedit.msc in your copy of the OS. Instead you'll need to tinker with the registry using the steps that follow.


1. Start the run dialog by pressing WINKEY + R, then type “regedit” and hit ENTER
2. It is strongly recommended that you backup your registry by using the "File" -> "Export" menu.
3. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization
4. You may have to create the final “Personalization” key. Just right click on “Windows” and select “New” and “Key”
5. Create a new DWORD (32-bit) with the name NoLockScreen and set the value to 1.













6. Once your changes appear like in the screen shot above, close the registry editor.
7. Confirm that the lock screen is disabled like in the screen shot below. You can do this using the Windows Charms menu (WINKEY + C) , click "Settings", then "Change PC Settings" at the lower right hand corner of the pane.












Credit goes to "Mike" in the comments on the original article.
Posted by Said at 11:44:00 AM
0 comments
Subscribe to: Posts (Atom)