Beta testers needed!

Hi I’m very proud to announce that my application (which I still haven’t found a name for!) is ready for beta release. It’s a very light command line app that uses log data for security hardening, so if you use Ubuntu, debian or linux (and or nginx or apache2) and are comfortable with the command line then please do get in touch. At this stage it’s a fairly simple app and in effect a security tool for those of us who can not afford thousands of dollars towards their own IDS.

This application will probably be most useful for smb running their own sites (small aws installs for example) for people who want extra security, and to stop a lot of the “noise” that hits the average web server.
If you want more information, have a look at the intro vid I made that is put up on youtube..
All I ask is that you supply the version of ubuntu / linux that you’re using and that after looking at the app take the time to fill in a short survey.

Look forward to hearing from you
Regards Steve Abrahall
PS if your interested email me at

steveabrahall AT gmail DOT comm

To find out what version of the os your using
lsb_release -a

Tech note for certbot!

Did some testing this morning on the new certs and realised that things were not working in firefox and at one point I think I saw an erro in chrome!
Problem was fire fox needed both www and non www versions of the site name. Re issuing the cert sorted this in no time!

This is how the process worked out…!

sudo certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter 'c' to cancel): www.gingercatsoftware.com gingercatsoftware.com


Long pass phrases!

Yarn bike

Don’t use a pass word! Use a pass phrase . Twelve or more letters, the odd number and lower and upper case letters, make it something you can remember but long and easy for you to remember is the most important thing.

For example I like dogs, bentley cars and pingpong I might write a sticky note that says
*_*
Fave animal
Fave car
Fave sport

and the pass phrase might look like

Dog*_*bentley*_*pingpong

This is a good pass phrase
But think of it like this

To quote From the TheGreatContini who posts on stackoverflow.
While discusing “How long to brute force 16 character secret key

There are 62 possibilities for each character, and 16 characters. This translates to 62^16 (47672401706823533450263330816) trials worse case, or half of that on average. If the attacker can do a billion trials per second, that means 47672401706823533450 seconds, which is about 1511681941489 years. I think that’s pretty good protection. You could even chop off a few characters and still feel pretty safe.

Probably best not to put your exact pass phrase in this (just in case some one nasty sniffs if across the net work or the interweb) but have a play with this site it’s fun and gets the point home.

The other thing is don’t use the same pass phrase for all accounts!
What you might say do I have to remember lots of pass phrases? Well the next thing to do is start using the keychain, but I’ll talk more about this in another exciting episode!

Have fun and be safe on the interwebs

Why it’s important to monitor logs

A while back I wrote sshfail. It’s a script to look at attempts on the ssh protocol on servers. You can find it up on git hub if your interested and want to install in your self. https://github.com/nevetsanderson/sshfail .

The interesting thing is that even if you use a non standard port to run ssh on (which is what this data relates to) it’s only a matter of time before modern hackers or bots or some Bs8dutard’s find that information and it gets propergated. Have a look at this raw data.

DateAttemptsips
1/3/20202828
1/4/2020239129
1/5/2020204125
1/6/2020337106
1/7/2020322167
1/8/2020386142
1/9/2020452195
1/10/2020273169
1/11/20205873197
1/12/20204346116
1/13/20208892191
1/14/20206192128
1/15/202000

As you can see things got ugly after about 11 days… from 28 to 5873 attempts on the server per day and within 2 weeks. Also worth considering is how did things go from weeks of no one being able to detect this, to 28 ip address suddenly finding my machine on the same day and then it increasing to 195 (Jan 3-9). I’d love to know what’s going on in the background. How is information is being propergated?

So as you can also observe on the 15 th, I changed the port and things have been have quiet since then but the issue is… If I hadn’t been observant and actually looked at the numbers then I’d be giving the bad guys a chance at reeking havok…

Stay safe out there people, and actually look at your log data!