Shurn the Awesomer
My first DOS attack

My first DOS attack

Written on Mon, 17 July 2017

I got DOS attacked. Why? I'm just a little unknown website. Took me a long while to figure out that I was attacked, partly because I don't expect my tiny little website would get DOS. Or maybe someone is doing a Penetration Test by trying all sorts of tricks rapidly. Tough luck bro!

So for the past 24 hours, I noticed that my tiny little unknown blog just got DOS attack by a somewhat single IP address. And this attacker was attacking direct to my server instead of going through cloudflare. That got me thinking.

If the attacker knows my server's IP address, they could access it directly instead of going through cloudflare, which is capable of mitigating attacks like these. Why not I block all direct access accept through CloudFlare only? Thankfully, it is possible. I just set the firewall on Amazon to the list of IP address from CloudFlare and I got no more downtimes.

Well, my uptime 99.xx% instead of the previous 100%. Oh well, I guess this is the price to pay for a big learning lesson. Honestly, a small price to pay. It's my own website anyway.

Arc Touch Bluetooth Mouse not working after Creators Update?

Arc Touch Bluetooth Mouse not working after Creators Update?

Written on Tue, 4 April 2017

Being an insider, I got the creators update sooner than I hope it to come. Not a bad thing actually. Due to this insider update, I am able to encounter a problem and share with you how to fix it.

So I use an Arc Touch Bluetooth mouse. When the update came, I didn't expect my mouse to stop working. So all of a sudden, it failed and I tried so hard to figure out where went wrong. I thought it might be my bluetooth driver went busted or something. But turned out that after a reinstall, my mouse still ain't working. Strange thing is that my mouse is still connected to my computer via bluetooth. I reboot countless times over, reconnected countless times over, searched around forums, still could not get any answers. I was almost at the brink of reformating my computer just so I can get my favourite mouse to work.

Bingo, I got it to work. So here's how you get it to work after you install Creators Update.

  1. Go to Windows store and search for Arc Touch Bluetooth Mouse.
  2. Install the app.
  3. Launch the app.
  4. Configure your preferred settings or choose default settings.
  5. Close the app.
  6. Reboot computer if it's still not working.

You might need to get another working USB mouse while you fix this issue.

Ransomware: Pay up or Die!

Ransomware: Pay up or Die!

Written on Sat, 25 March 2017

It's 5pm on the clock. Finally, you can knock off from your work and get home for a nice dinner prepared by your wife. Gladly, you hopped on your car and drive out of the parking lot.

As you approach the highway, it just struck you that everybody else is getting home too. Thankfully, the traffic is still flowing very smoothly. You drive steadily at 70 Kilometres per hour on the highway.

All of a sudden, your car accelerates to 90 Km/h on its own. You stepped on your brakes but it didn't respond as you had expected it to. You hear the sound of the locks on your door. Your state of confusion is only mixed with your state of panick as you are forced to navigate through the traffic.

Are you held hostage by your car? Did all the warnings of ransomware finally coming to pass? Your infotainment screen couldn't be more wrong: Pay $5 000 to regain control of car; Increase speed to 100Km/h in 4 minutes 36 seconds!

You want to blame yourself for not heeding those warnings, but there is no time for that now. Your life is on the line!

What is ransomware?



Merriam-webster defines ransom as:

a consideration paid or demanded for the release of somone or something from captivity

Ransomware is a type of malware that holds a victim's files, computer system or mobile device ransom, restricting access until a ransom is paid. In most likely cases, things that you hold value.

The biggest myth: I have nothing valuable


Seriously, you have not thought this through. Would you protest if you bought a computer for $1 000 only to be told that you can only use it if you paid $100 to me? Your physical machine has value on its own. I'm quite sure you will use your computer to quite a good extent if your computer cost more than $1 000.

If getting ransomware while you're driving is not enough to get your attention, you're hopeless. As our society gets increasingly connected and us relying more on technology, we best do everything it takes to

Another myth: I have firewall, anti-virus, King Leonidas, and whole of spartan army


There used to be a saying, China built the Great Wall to prevent invaders from entering. So how did its enemies invade China? By walking through the front gate.

Don't expect to rely on all the security measures in place to stop a hacker from planting ransomeware in your organisation. All it takes is a misinformed user in your organisation to accidentally allow a hacker into your network.

Yet Another myth: It's only limited to computers


Oh so you think you can just shut down the computer and never use it again? Seriously, you need to think about your life being in the line.

How about this, you are driving along the road. And suddenly, your brakes stop working, your hear the door locking, and the car just accelerates beyond your comfortable speed. Your in-entertainment screen prompts this: Pay $5 000 to regain control of your car. What are you going to do?

What does ransomware do?


They prevent you from using your computer or enterprise network normally by asking you to do something before you can use it again.

Typically, ransomware:

  • prevents you from accessing Windows.
  • encrypts files so you can't use them.
  • Stop certain apps from running, like your web browser.


What it holds ransom may not be something that is in your computer. In my example of the car ransom, your life is being held as hostage.

Even if you pay the ransom or doing what the ransomware tells you to do, there is no guarantee that it will give access to your computer or file again. Reinfection is also a real possibility, called milking the victim.

How does ransomware gain access?


Many ransomware gain access through misinformed users. There could be websites that disguise themselves as some form of authority, such as legal personnel or professional personnel, to gain users trust to download and run certain programmes on the targeted machine.

Other entries include downloading files from suspicious websites claim to give users certain benefits like free movies, musics, and softwares. Running these infected files will give hackers the backdoor access it needs.

How do I prevent ransomware?


Backup your data, maybe even OS


I am a big advocate of data backup, ever since I have lost so much data in the past.

One of my most popular tool for data backup is Clonezilla. It does hard disk clone. This is a particularly good remedy when the ransomware locks up your entire computer. You start off with cloning a clean slate of your computer, free from any infection. Then periodically, do up more clones. The downside of this method is that each clone usually takes up huge amount of space. But the upside is that, you can store these clones offline, only to dust it off when you need the data again. Offline storage is a very effective method to prevent hackers from deleting backup copies of your data.

The other alternative is to use duplicati for data backups. My most favourite feature is its strong encryption, using AES-256. When encryption, I could store the data in the cloud, such as OneDrive. The footprint of these backups are low, with incremental backup, compression, and deduplication. The easiest part of making this work, is the scheduler. I set the backups once, and forget it.

Keep your antivirus updated


First, if you don't have an antivirus running on your computer, shame on you! Windows 10 comes by default with Windows Defender. If you deliberately turn it off, face palm right now!

Windows Defender is a very decent piece of antivirus. I'm not here to argue what's the best antivirus. I'm here to tell you to at least get protected. The best thing about Windows Defender is that it comes default on Windows 10, and it's free. You have no excuse.

Now, of course, that is not enough. Make sure you keep it updated with the latest virus signatures.

If you're managing an enterprise system, you best get yourself a hardware firewall on your network. You can built your own firewall with Untangle or PFSense. It comes with open source antivirus, clamwin.

Keep everything else on the computer updated

  • Keep your Windows 10 updated
  • Keep your Ubuntu updated
  • Keep your Centos updated
  • Keep Microsoft Office suite updated
  • Keep Libreoffice update
  • Keep Chrome updated
  • Keep Firefox updated


Do I need to say more?

Get educated


Seriously, your users need to know that if the screen prompts them to download something because somebody says you need to download it, doesn't mean they should. Don't download anything from anywhere that is not trusted.

What should I do if I'm infected with ransomware?


That's a tough question. If your life is on the line, I guess you are out of options but to pay the ransom fee.

These hackers make a living out of getting paid from these ransoms. By paying these ransoms, you are effectively funding their operations for more ransoms. It goes without saying that we should not be paying, but it may not be the best course of action. When you are dealing with patient's data in a hospital, it could be a matter of life and death.

All these makes prevention all the more important. The more valuable the subject is, the more measure you should have in place to prevent it.

If you are infected by Crilock family of ransomware, there is a lot of hope. FireEye and Fox-IT tool can help you recover your encrypted files.

I have backups, what should I do?


If you have done your backups accordingly and have enough measure to protect the backup, you have a safeguard. The very first thing you should do is the prevent the infection from spreading. Followed by getting rid of possible entries of re-infection, so that when your restoration effort don't get wasted, or worst, backups get ransomed too.

The 4 levels of IT Architecture

The 4 levels of IT Architecture

Written on Thu, 9 March 2017

20 years ago, developing web applications was just a simple straight forward thing. Today, developing web applications is a multi-disciplinary work. I’m going to break down the levels of work while keeping things as simplified as possible.

Think of a web application as a building with 4 levels:

Each level rest on the level before it. You can’t have level 2 without level 1, level 3 without level 2, and level 4 without level 3. The same reasoning that you can’t build a building without the storey before it.

In the simplest of web applications, you can build all 4 levels into a single project. The most complex applications can even have multiple projects in each level.

Level 1: Matrix



The central node to everything else. The brains of everything. The business logic. The data storage platform.

Here are the things you need to consider in this level, but not limited to:

  • OS: Linux, Windows, Unix, etc?
  • Single server or clustered environment?
  • RDBS: MySQL, Oracle, etc?
  • NoSQL or not?
  • Assets: Filesystem, NAS, S3, etc?
  • Backups?
  • Data Cache: Memcache, file cache, etc?
  • All the required business logic, such as authentication, access control list, machine learning, etc
  • Obviously, programming language: PHP, Java, .NET, etc?

Level 2: Connector



A connector is a bridge between the Matrix and the interface. In the simplest of web application, sometimes, this is non-existent. You will only need a connector if your application has a distinct seperation between the Matrix and the interface.

A mail server is an example of a connector. When you develop a web application, you are certainly not going to build your own mail server along with it. You will likely use an external provider, such as Gmail, Hotmail, Yahoo, etc… Your connector will send out emails on behalf of your application.

A connector can also be an API from which other applications to interact with. For example, Facebook API is a connector to Facebook itself. The API allows you to interact with Facebook. So if you are building your own API, you are allowing other applications to interact with your own web application. You will most likely need this if you are building a mobile application.

Here are the things you need to consider in this level, but not limited to:

  • What protocol should I use for API, JSON, XML, or binary, for other applications to interact with my application?
  • Are there external services that I require to connect with? Such as mail server, Facebook API, etc…
  • Do I need authentication to connect to other services? Do I need other applications to authenticate with my application before interacting with it?
  • How long will DNS propagation take?

Level 3: Interface



The interface which a user will use to interact with the Matrix through the connecter, such as the web browser, the phone, the tablet, the Xbox, Outlook, Hololens, Oculus, etc…

In your context, I know you explicitly mention about web applications. But web applications can be consumed on mobile phones as well. I also presume that your application has a chance to go beyond a website.

Here are the things you need to consider in this level, but not limited to:

  • Web Programming language: Do I use server side scripting language such as PHP, Java? Or do I use client side scripting language, such as Javascript, AngularJS, ReactJS, etc…?
  • Device Programming language: If I’m building a mobile application, should I use Java, C#, etc..?
  • Mail Client: Text, HTML, or both?
  • Background services: Push Notifications for Mobile application? Polling services for updates?
  • Device functions: Location Detection? Accelerometer? Camera?

Level 4: Reality



The presentation and the delivery of content, inclusive of text, images, videos, live broadcast, etc…

Here is where the users actually see, touch, and feel your application. It is not restricted to a human user. A robot, such as googlebot, can also be viewing your website on this level. So other than making sure that your website is readable to a human, you would also consider Search Engine Optimisation (SEO).

Here are the things you need to consider in this level, but not limited to:

  • Presentation Language: HTML, CSS, Javascript, Flash, etc…
  • External loaded files: Javascript libraries, images, videos, documents, etc…
  • Sementic Language for robots, such as GoogleBot, OpenGraph crawler, etc…
  • Input source: Mouse? Touch Screen? Joystick? Keyboard? Kinect?
  • Output Device: Monitor screen? Mega Stadium Multimedia systems? 5.1 Surround sound? Headphones? Augmented reality through Hololens? Mobile screens?
  • Web Browser: To which version of browser do I support till for IE, Edge, chrome, FireFox, Safari, and Opera?
  • Resolution: Tiny mobile screens to mega displays in concerts?

Typical Simple Use Case

In a typical use case, someone such as yourself, will probably rent a web host from GoDaddy(Maybe). And then from its cPanel, you will instruct it to install wordpress. And that’s it for Level 1.

Now you need to send out emails to your subscribers, so you also get a mail server from GoDaddy(Maybe) and you configure your wordpress to send out emails through GoDaddy SMTP. And that’s it for Level 2.

Now you want to have a nice looking website that can be viewed nicely on mobile phone browsers too. So you look around the internet and downloaded a nice looking template for wordpress. And that’s it for Level 3 and 4.

A (somewhat) Complex Use Case

Level 1
You decided to rent servers from AWS. In Level 1, you decided that the Matrix is going to be in a clustered environment. So you must store Relational Data in a RDS. Your assets must also be stored in S3. You have configure VPN site-to-site configuration, so all data backups go to your office servers. You use Java to build the matrix, but you also use machine learning in your application, which is built on python. As machine learning is computationally intensive, you built a seperate clustered GPU system for your ML needs.

Level 2
Not just a website, you also intend to have mobile applications, PlayStation, Xbox, Hololens. Your web application will have a built in connector to do HTTP calls to the matrix in JSON. You will need to build a seperate connector for your mobile applications, Playstation, Xbox, Hololens. You anticipate that you have high traffic volume, so you add a load balancer to your connectors. Your mail server is Zimbra, which you are hosting on AWS. So you ensure that emails are sent out properly. You also have SMS notifications, so you subscribe to a SMS gateway.

Level 3
As you are building for web browsers, mobiles, PlayStation, Xbox, and Hololens, you build all of these applications in their respective programming language.As you are also using Facebook Login, Google+ Login, and Paypal Login, you have to build these services into every application. You also ensure your emails do not fall into spam folder when it is delivered. On mobile devices, you are accessing camera and location functions. All of these external devices are communicating with Level 2 in either Binary or JSON.

Level 4
You have to take into account of the various mode of input and output, ensuring the best user experience in every device. Due to high volume traffic, you decide to have a Content Distribution Network to lower latency. Robots are also reading your contents, so SEO must be properly done.

Swap Partition on EC2 Ubuntu

Swap Partition on EC2 Ubuntu

Written on Wed, 15 February 2017

If you have a case of having file system as btrfs, you will know that you can't have swap files on such systems. In such case, you probably need a partition. If you're running your server on AWS EC2, then you can even opt for having SSD as your swap partition, especially if your other EBS if on HDD.

Step 1: Create your EBS and attach it to your EC2 instance


You will have to create a new volume in your AWS console or via AWS API.

  • Volume Type: GP2 or IO1
    • You can usually settle for GP2, but if you need the extra performance boost, you can go IO1. If you still need better performance, you should just launch an EC2 instance that has more RAM. If you don't mind a performance hit, you can go for st1 or sc1.
  • Size: 8GB
    • More capacity if you find yourself needing more. Although keep in mind that if you need more than 2 times the size of your RAM, you might want to consider a better EC2 instance with more RAM instead. I'm going to assume in this tutorial that you are using 8GB RAM.
  • Availability Zone: The one which your instance resides in

Once you have created your volume, you must attach it to your instance.

Step 2: Find your newly attached volume


You can find your newly attached volume with:

sudo lsblk


You should see a disk called xvdf, or another letter, that has 8G of space. In this tutorial, I'm assuming your disk is xvdf.

Step 3: Check for existing swap


In this tutorial, I'm assuming you have no swap.

You can check for existing swap with:

sudo swapon --show


If there is no output, that means you have no swap space currently.

You can verify no existing swap with:

free -h


If you see that swap has 0B, that means there is no active swap present in system.

Step 4: Making swap


Format your partition with:

sudo mkswap /dev/xvdf


You should see something like:

Setting up swapspace version 1, size = 8 GiB (8589930496 bytes)
no label, UUID=d3a23c79-5144-47fa-b422-885ebf63e2fc


Take note of your UUID. You will need it.

Step 5: Enabling swap on boot


You need to configure your fstab with the new swap partition.

echo 'UUID=d3a23c79-5144-47fa-b422-885ebf63e2fc none swap sw 0 0' | sudo tee -a /etc/fstab


Be sure to replace your UUID in this command.

Reboot your computer for swap to take effect.

reboot

Step 6: Check your new swap space


Run these commands to see that you have 8G for swap space.

sudo swapon --show
free -h


If you don't see your new swap space, something has gone wrong somewhere as you were following this tutorial.

Step 7: Configuring swappiness (Optional)


Swappiness is a parameter for the system to determine how often your system swaps data out of RAM to swap space. The values are represented from 0 to 100, in percentages. By default, the value is 60.

You must remember that a swap on HDD is time costly, while a swap in SSD is lifespan costly. Since I'm running a server, I would prefer a value closer to 0, only to use RAM when absolutely neccessary. In some use cases, using swap actually increases performance.

Choose your ideal percentage, then run the following:

sudo sysctl vm.swappiness=10


I chose 10 so that it will use swap sparingly.

To make this value permanent during reboots, open /etc/sysctl.conf:

sudo nano /etc/sysctl.conf


Then add the following at the bottom:

vm.swappiness=10

Conclusion


Having swap has many advantages. In some cases, it will safe a technician from certain doom due to application crashes.

For me, I managed to lower my operating cost of running instances in AWS. After all, if I don't mind a bit of performace hit from running swap in SSD. In return, I get to half the cost of the instance running cost.

If you're looking to have a swap file instead of a swap partition, check out my other tutorial.

About Me

Greetings Earthlings , Shurn the Awesomer is here to give you an awesome time.

This little site is a record of my life, opinions, and views. I'm mainly writing about Technology & Gadgets, Busting Creationist Myths, and other philosophical stuff.

This site is done using CakePHP.

Uptime

With this uptime, how much more can I be proud of to showcase to the world? This uptime monitoring is brought to you by StatusCake since 13th May 2017.

Copyright

I will always check for copyright usage before using any materials on my site. Whenever due, credit shall be given.

However, if you notice that I may have infringed on any copyright material. Please do not hesitate to contact me. All works of every artist deserves to be honoured and respected.