Carl's blog

My SIP attack IP blocklist

by on Nov.26, 2015, under Computer Stuff

Thanks to fail2ban (with correct new “security” log and regex enabled on asterisk 1.8+ (they don’t try to register any more!)), I collect IP addresses of people attempting to hack/fraud SIP systems. I then block the closest, widest IP subnet. I don’t care if I’m blocking a continent at a time. As and when my handful of external users report problems (overlap of bad/good IP addresses), I will correct, but for now my block list at the router looks like this. Fail2ban blocks using iptables on the Asterisk box itself, but I then kill connections and add to my Mikrotik address-list on the router, after whois’ing the IP and looking if the provider has a wider netblock – then I go for that, otherwise I go for what looks like a good fit the for culprit. Thankfully we also pay for fraud insurance. Ideally, the external handsets would have VPN clients inbuilt, but alas this is not the case. I have configured small mikrotiks to travel with the handset but this seems like a cumbersome offering.

To being with, this list was called “PlusServer”, because the majority of attacks were coming from PlusServer AG. Next in line was RedStation.com. This killed off the most severe attacks, but since then I’ve had everything from Denmark to Palastine (twice) and Russia. Anyway here’s the list, from my Mikrotik address-list.

0 SipAttack 5.1.120.0/21
1 SipAttack 46.19.152.0/21
2 SipAttack 46.22.32.0/20
3 SipAttack 46.231.88.0/21
4 SipAttack 62.75.128.0/17
5 SipAttack 62.138.0.0/19
6 SipAttack 77.236.96.0/21
7 SipAttack 80.86.80.0/20
8 SipAttack 80.242.128.0/19
9 SipAttack 83.142.128.0/21
10 SipAttack 85.25.0.0/16
11 SipAttack 85.93.80.0/24
12 SipAttack 85.93.88.0/21
13 SipAttack 89.19.224.0/19
14 SipAttack 89.207.248.0/21
15 SipAttack 109.234.248.0/21
16 SipAttack 188.138.0.0/17
17 SipAttack 194.150.228.0/23
18 SipAttack 195.66.102.0/24
19 SipAttack 195.137.212.0/23
20 SipAttack 195.149.74.0/24
21 SipAttack 212.40.160.0/24
22 SipAttack 212.40.163.0/24
23 SipAttack 212.40.164.0/24
24 SipAttack 212.40.166.0/23
25 SipAttack 212.40.168.0/24
26 SipAttack 212.40.171.0/24
27 SipAttack 212.40.172.0/23
28 SipAttack 212.40.174.0/24
29 SipAttack 212.40.176.0/21
30 SipAttack 212.40.185.0/24
31 SipAttack 212.40.189.0/24
32 SipAttack 212.48.74.0/24
33 SipAttack 212.48.90.0/24
34 SipAttack 212.48.93.0/24
35 SipAttack 213.174.32.0/19
36 SipAttack 217.118.16.0/20
37 SipAttack 217.119.49.0/24
38 SipAttack 217.119.50.0/23
39 SipAttack 217.119.52.0/24
40 SipAttack 217.119.54.0/23
41 SipAttack 217.119.56.0/22
42 SipAttack 217.172.160.0/19
43 SipAttack 195.154.0.0/16
44 SipAttack 188.227.170.0/24
45 SipAttack 199.168.136.0/21
46 SipAttack 88.150.240.0/23
47 SipAttack 199.48.160.0/21
48 SipAttack 194.63.143.0/24
49 SipAttack 150.174.0.0/16
50 SipAttack 74.91.0.0/20
51 SipAttack 23.239.64.0/19
52 SipAttack 188.214.128.0/21
53 SipAttack 88.150.252.0/23
54 SipAttack 23.239.0.0/16
55 SipAttack 5.135.0.0/16
56 SipAttack 69.64.32.0/19
57 SipAttack 37.220.0.0/19
58 SipAttack 209.133.192.0/19
59 SipAttack 209.239.112.0/20
60 SipAttack 199.217.112.0/21
61 SipAttack 5.196.0.0/16
62 SipAttack 203.67.0.0/16
63 SipAttack 62.210.246.67
64 SipAttack 62.210.0.0/16
65 SipAttack 207.244.64.0/18
66 SipAttack 192.187.96.0/19
67 SipAttack 107.150.0.0/16
68 SipAttack 85.114.121.0/24
69 SipAttack 46.166.160.0/21
70 SipAttack 89.163.128.0/19
71 SipAttack 50.30.0.0/16
72 SipAttack 85.114.123.0/24
73 SipAttack 198.7.56.0/21
74 SipAttack 158.255.0.0/16
75 SipAttack 85.114.124.0/24
76 SipAttack 82.205.0.0/16
77 SipAttack 77.66.0.0/16

Leave a Comment :, , , , , more...

Remove windows 10 appx packages, but retain store

by on Oct.26, 2015, under Computer Stuff

$Packages = “Microsoft.SkypeApp_3.2.1.0_x86__kzf8qxf38zg5c” , `
“Microsoft.People_1.10241.0.0_x64__8wekyb3d8bbwe” , `
“Microsoft.BingFinance_4.4.200.0_x86__8wekyb3d8bbwe” , `
“Microsoft.WindowsCalculator_10.1507.15010.0_x64__8wekyb3d8bbwe” , `
“Microsoft.BingNews_4.4.200.0_x86__8wekyb3d8bbwe” , `
“Microsoft.BingSports_4.4.200.0_x86__8wekyb3d8bbwe” , `
“Microsoft.Getstarted_2.2.7.0_x64__8wekyb3d8bbwe” , `
“Microsoft.WindowsMaps_4.1506.50715.0_x64__8wekyb3d8bbwe” , `
“Microsoft.BingWeather_4.4.200.0_x86__8wekyb3d8bbwe” , `
“Microsoft.WindowsSoundRecorder_10.1507.7010.0_x64__8wekyb3d8bbwe” , `
“Microsoft.WindowsAlarms_10.1507.17010.0_x64__8wekyb3d8bbwe” , `
“Microsoft.XboxApp_7.7.29027.0_x64__8wekyb3d8bbwe” , `
“Microsoft.Windows.Photos_15.803.16240.0_x64__8wekyb3d8bbwe” , `
“Microsoft.ZuneVideo_3.6.12101.0_x64__8wekyb3d8bbwe” , `
“Microsoft.ZuneMusic_3.6.12101.0_x64__8wekyb3d8bbwe” , `
“Microsoft.MicrosoftSolitaireCollection_3.3.8040.0_x64__8wekyb3d8bbwe” , `
“Microsoft.WindowsCamera_5.42.3008.0_x64__8wekyb3d8bbwe” , `
“Microsoft.MicrosoftOfficeHub_17.6106.23501.0_x64__8wekyb3d8bbwe” , `
“Microsoft.windowscommunicationsapps_17.6106.42001.0_x64__8wekyb3d8bbwe” , `
“Microsoft.Office.OneNote_17.6027.10021.0_x64__8wekyb3d8bbwe”

ForEach ($package in $Packages)
{
remove-AppxProvisionedPackage -online -packagename $package
remove-AppxPackage -package $package
}

Leave a Comment more...

owncloud restrict download of entire root as zip

by on Aug.13, 2015, under Computer Stuff

in /var/www/owncloud/lib/private/files.php

In this case, the workspace/store is called Savills. We also want to cover when the other download button is chosen from the root itself (download.zip).

 

Look for the code starting with “try”, and modify like below. Dirty but does the job for now.

try {
if ($name ===’download.zip’) {
header(“HTTP/1.0 403 Forbidden”);
die(“Please choose a smaller selection to download. Use your back button to return.”);
}
else
if (($name ===’Storage.zip’) && (count($files) == “1”)) {
header(“HTTP/1.0 403 Forbidden”);
die(“Tried to download whole of root, as Storage.zip. Not allowed.”);
}
else

Leave a Comment more...

“Add to Internet Explorer” IE11 search provider button not working on Windows 8.1

by on May.08, 2015, under Computer Stuff

Can’t add Google, that’s bad. Can’t get rid of Bing, this is awful.

Remove update KB3038314, restart and try again.

Or download this .reg file to import directly into the registry:

http://www.internetsomething.com/google-search-ie11.reg

Leave a Comment more...

SIP password security

by on Mar.01, 2015, under Computer Stuff

An excellent article on SIP password security:

https://www.sipsorcery.com/mainsite/Help/SIPPasswordSecurity

Leave a Comment more...

Office 365 updates for Outlook 2007 & Outlook 2010

by on Oct.22, 2014, under Computer Stuff

Leave a Comment :, , , , , more...

Apple Mail (Mavericks) autocomplete / previous recipients will not remove

by on Jun.08, 2014, under Computer Stuff

This is actually down to Exchange’s Suggested Contacts, I think.

 

If you open up Contacts, choose the Exchange account, you can search and remove the offending contact there. the actual list of “Suggested Contacts” appeared empty to me, but searching overall did return the contact in question, and removing it has finally removed it from the autocomplete list in Apple Mail.

Comments Off on Apple Mail (Mavericks) autocomplete / previous recipients will not remove more...

Sage ACT! Connect stops syncing to local ACT! Pro 2012

by on Apr.01, 2014, under Computer Stuff

The mobile device syncs to the ACT! Connect Portal, but entries from ACT! Pro 2012 do not make it into the portal, and nothing from the portal makes it into ACT!.

It seemed to stop working around about the time of switchover to British Summer Time (clocks moved forward 1 hr in the UK).

To remedy (after much messing about!), I first stopped the ACT Connect service (from right-click of the sync app in system tray), and then exited the sync/connect app from the same right click menu, and  went into c:\documents and settings\all users \application data\act\mobility, and moved all the files there into a directory called old (basically I deleted them, but backed up just in case).

Upon restarting the ACT! Connect program, a new sync began, and everything has made it into the portal. We’re about to test portal -> program sync, but I’m sure it’ll be OK.

On Vista/7/8, the directory would probably be C:\ProgramData\Act\mobility – basically it’s the “All Users” profile appdata.

I should add that I did a “recover” from the sync applications right-click menu first. This clears out everything in the portal. It might not have been necessary, or maybe you’ll get duplicate data if you don’t do it?

Comments Off on Sage ACT! Connect stops syncing to local ACT! Pro 2012 : more...

GPT to MBR conversion without losing data (UEFI / Legacy BIOS switch)

by on Jan.14, 2014, under Computer Stuff

Changed ESXi virtual machine from UEFI to BIOS mode, so that bios440.rom trick can be used for SLIC.

Instructions copied from http://www.firewing1.com/node/610#gpttombr

The actual GPT to MBR conversion

Through the Rod Smith’s guidance and a few dirty tricks, I was successfully able to convert my GPT partition – without data loss or deleting any partitions – and then boot Windows 7 in legacy/MBR mode. In order to do this you’ll need your Windows installation media at hand as well as a copy of the Fedora 16 Live media. If you don’t have a copy of Fedora 16 Live handy, you can download the Live media ISO (64-bit) from a local mirror here

 Keep in mind that at this point I only had 3 partitions and a bunch of unpartitioned space on the disk, so conversion was a rather straightforward process (all GPT partitions mapped directly to primary partitions). Although it is theoretically possible to convert GPT partitions with >4 partitions by defining which ones are to be logical partitions after conversion, I have not tested this.
  1. Boot your Fedora 16 Live media and wait for your session to start. If you’re having troubles booting, press Tab at the boot loader screen and try booting with the nomodeset parameter added.
  2. Depending on your graphics card, you’ll either be presented with the new Gnome 3 Shell or with the traditional interface. Start a terminal session by putting your mouse in the top right corner of the screen and typing “terminal” in the search (Gnome Shell) or by selecting Applications > System Tools > Terminal (traditional interface)
  3. Install gdisk:
    su -
    yum -y install gdisk

    This may take a few moments.

  4. Make a backup of your current GPT scheme:
    gdisk -b sda-preconvert.gpt /dev/sda
  5. Now we will attempt to convert your GPT disk layout to MS-DOS/MBR. Start gdisk:
    gdisk /dev/sda

    You should be prompted with:

    Command (? for help):
  6. Press r to start recovery/transformation.
  7. Press g to convert GPT to MBR.
  8. Press p to preview the converted MBR partition table.
  9. Make any modification necessary to the partition layout. See Rod Smith’s Converting to or from GPT
    External Links icon

    page for more details on this.

  10. When you’re happy with the MS-DOS/MBR layout, press w to write changes to the disk.
  11. Shutdown Fedora 16 and boot from the Windows 7 installation media
  12. Enter your language & keyboard layout and then select the option to repair your computer in the bottom left corner.
  13. From the available options, select Startup Repair. Windows will ask for a reboot.
  14. Follow the previous three steps again to boot the Windows 7 installation and run startup repair
  15. Once again, boot the Windows 7 installation media but this time opt to open a command prompt instead of choosing startup repair. Type:
    bootrec /scanos
    bootrec /rebuildbcd
    bootrec /fixmbr
    bootrec /fixboot
  16. Close the command prompt and run Startup Repair one last time.

That’s it! You should now have a bootable installation of Windows 7 on a MBR partition layout.

Comments Off on GPT to MBR conversion without losing data (UEFI / Legacy BIOS switch) more...

Windows 8: Newly installed (and working) printer missing from Devices and Printers, despite reboots.

by on Dec.26, 2013, under Computer Stuff

Not only do newly installed printers usually take an age to appear in Devices & Printers on Windows 8, but they sometimes do not show up at all.
You can print from your applications, and the queue shows up under Print Queues in Device Manager, but no amount of restarting the print spooler, or hitting F5 within Devices & Printers, will help the new printer to show up where it should.

All that is needed is a reboot of the computer – however, Windows 8’s Hybrid boot feature, which results in rapid startups and reboots, is actually a hibernate as far as kernel and device drivers are concerned, and so a restart or shutdown in the normal sense does not fix the problem.

In order to perform an actual reboot of the operating system, go to an administrative command prompt (ctrl+shift while clicking on command prompt) (save your work first please!) and type “shutdown /r /t /0” followed by enter.

If you’re as lucky as I was, your new printer will finally show up in Devices and Printers when the operating system restarts.

Thanks for this annoying problem Microsoft!

I would hope that you’d be able to hold down shift, or alt, or something, while choosing Restart or Shutdown from settings on the charms bar to initiate a traditional shutdown or reboot, but I haven’t heard anything to suggest that this is possible.

I did a little more Googling, and somebody said that if you choose Restart from the Win-X menu (hold Windows/flag key that’s in-between ctrl and alt, then tap X while holding that key), then a full restart is actually performed. I haven’t tried this myself though.

1 Comment more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Blogroll

A few highly recommended websites...