Carl's blog

My SIP attack IP blocklist

by on Nov.26, 2015, under Computer Stuff

Thanks to fail2ban (with correct new “security” log and regex enabled on asterisk 1.8+ (they don’t try to register any more!)), I collect IP addresses of people attempting to hack/fraud SIP systems. I then block the closest, widest IP subnet. I don’t care if I’m blocking a continent at a time. As and when my handful of external users report problems (overlap of bad/good IP addresses), I will correct, but for now my block list at the router looks like this. Fail2ban blocks using iptables on the Asterisk box itself, but I then kill connections and add to my Mikrotik address-list on the router, after whois’ing the IP and looking if the provider has a wider netblock – then I go for that, otherwise I go for what looks like a good fit the for culprit. Thankfully we also pay for fraud insurance. Ideally, the external handsets would have VPN clients inbuilt, but alas this is not the case. I have configured small mikrotiks to travel with the handset but this seems like a cumbersome offering.

To being with, this list was called “PlusServer”, because the majority of attacks were coming from PlusServer AG. Next in line was This killed off the most severe attacks, but since then I’ve had everything from Denmark to Palastine (twice) and Russia. Anyway here’s the list, from my Mikrotik address-list.

0 SipAttack
1 SipAttack
2 SipAttack
3 SipAttack
4 SipAttack
5 SipAttack
6 SipAttack
7 SipAttack
8 SipAttack
9 SipAttack
10 SipAttack
11 SipAttack
12 SipAttack
13 SipAttack
14 SipAttack
15 SipAttack
16 SipAttack
17 SipAttack
18 SipAttack
19 SipAttack
20 SipAttack
21 SipAttack
22 SipAttack
23 SipAttack
24 SipAttack
25 SipAttack
26 SipAttack
27 SipAttack
28 SipAttack
29 SipAttack
30 SipAttack
31 SipAttack
32 SipAttack
33 SipAttack
34 SipAttack
35 SipAttack
36 SipAttack
37 SipAttack
38 SipAttack
39 SipAttack
40 SipAttack
41 SipAttack
42 SipAttack
43 SipAttack
44 SipAttack
45 SipAttack
46 SipAttack
47 SipAttack
48 SipAttack
49 SipAttack
50 SipAttack
51 SipAttack
52 SipAttack
53 SipAttack
54 SipAttack
55 SipAttack
56 SipAttack
57 SipAttack
58 SipAttack
59 SipAttack
60 SipAttack
61 SipAttack
62 SipAttack
63 SipAttack
64 SipAttack
65 SipAttack
66 SipAttack
67 SipAttack
68 SipAttack
69 SipAttack
70 SipAttack
71 SipAttack
72 SipAttack
73 SipAttack
74 SipAttack
75 SipAttack
76 SipAttack
77 SipAttack

Leave a Comment :, , , , , more...

Remove windows 10 appx packages, but retain store

by on Oct.26, 2015, under Computer Stuff

$Packages = “Microsoft.SkypeApp_3.2.1.0_x86__kzf8qxf38zg5c” , `
“Microsoft.People_1.10241.0.0_x64__8wekyb3d8bbwe” , `
“Microsoft.BingFinance_4.4.200.0_x86__8wekyb3d8bbwe” , `
“Microsoft.WindowsCalculator_10.1507.15010.0_x64__8wekyb3d8bbwe” , `
“Microsoft.BingNews_4.4.200.0_x86__8wekyb3d8bbwe” , `
“Microsoft.BingSports_4.4.200.0_x86__8wekyb3d8bbwe” , `
“Microsoft.Getstarted_2.2.7.0_x64__8wekyb3d8bbwe” , `
“Microsoft.WindowsMaps_4.1506.50715.0_x64__8wekyb3d8bbwe” , `
“Microsoft.BingWeather_4.4.200.0_x86__8wekyb3d8bbwe” , `
“Microsoft.WindowsSoundRecorder_10.1507.7010.0_x64__8wekyb3d8bbwe” , `
“Microsoft.WindowsAlarms_10.1507.17010.0_x64__8wekyb3d8bbwe” , `
“Microsoft.XboxApp_7.7.29027.0_x64__8wekyb3d8bbwe” , `
“Microsoft.Windows.Photos_15.803.16240.0_x64__8wekyb3d8bbwe” , `
“Microsoft.ZuneVideo_3.6.12101.0_x64__8wekyb3d8bbwe” , `
“Microsoft.ZuneMusic_3.6.12101.0_x64__8wekyb3d8bbwe” , `
“Microsoft.MicrosoftSolitaireCollection_3.3.8040.0_x64__8wekyb3d8bbwe” , `
“Microsoft.WindowsCamera_5.42.3008.0_x64__8wekyb3d8bbwe” , `
“Microsoft.MicrosoftOfficeHub_17.6106.23501.0_x64__8wekyb3d8bbwe” , `
“Microsoft.windowscommunicationsapps_17.6106.42001.0_x64__8wekyb3d8bbwe” , `

ForEach ($package in $Packages)
remove-AppxProvisionedPackage -online -packagename $package
remove-AppxPackage -package $package

Leave a Comment more...

owncloud restrict download of entire root as zip

by on Aug.13, 2015, under Computer Stuff

in /var/www/owncloud/lib/private/files.php

In this case, the workspace/store is called Savills. We also want to cover when the other download button is chosen from the root itself (


Look for the code starting with “try”, and modify like below. Dirty but does the job for now.

try {
if ($name ===’’) {
header(“HTTP/1.0 403 Forbidden”);
die(“Please choose a smaller selection to download. Use your back button to return.”);
if (($name ===’’) && (count($files) == “1”)) {
header(“HTTP/1.0 403 Forbidden”);
die(“Tried to download whole of root, as Not allowed.”);

Leave a Comment more...

“Add to Internet Explorer” IE11 search provider button not working on Windows 8.1

by on May.08, 2015, under Computer Stuff

Can’t add Google, that’s bad. Can’t get rid of Bing, this is awful.

Remove update KB3038314, restart and try again.

Or download this .reg file to import directly into the registry:

Leave a Comment more...

SIP password security

by on Mar.01, 2015, under Computer Stuff

An excellent article on SIP password security:

Leave a Comment more...

Office 365 updates for Outlook 2007 & Outlook 2010

by on Oct.22, 2014, under Computer Stuff

Leave a Comment :, , , , , more...

Apple Mail (Mavericks) autocomplete / previous recipients will not remove

by on Jun.08, 2014, under Computer Stuff

This is actually down to Exchange’s Suggested Contacts, I think.


If you open up Contacts, choose the Exchange account, you can search and remove the offending contact there. the actual list of “Suggested Contacts” appeared empty to me, but searching overall did return the contact in question, and removing it has finally removed it from the autocomplete list in Apple Mail.

Comments Off on Apple Mail (Mavericks) autocomplete / previous recipients will not remove more...

Sage ACT! Connect stops syncing to local ACT! Pro 2012

by on Apr.01, 2014, under Computer Stuff

The mobile device syncs to the ACT! Connect Portal, but entries from ACT! Pro 2012 do not make it into the portal, and nothing from the portal makes it into ACT!.

It seemed to stop working around about the time of switchover to British Summer Time (clocks moved forward 1 hr in the UK).

To remedy (after much messing about!), I first stopped the ACT Connect service (from right-click of the sync app in system tray), and then exited the sync/connect app from the same right click menu, and  went into c:\documents and settings\all users \application data\act\mobility, and moved all the files there into a directory called old (basically I deleted them, but backed up just in case).

Upon restarting the ACT! Connect program, a new sync began, and everything has made it into the portal. We’re about to test portal -> program sync, but I’m sure it’ll be OK.

On Vista/7/8, the directory would probably be C:\ProgramData\Act\mobility – basically it’s the “All Users” profile appdata.

I should add that I did a “recover” from the sync applications right-click menu first. This clears out everything in the portal. It might not have been necessary, or maybe you’ll get duplicate data if you don’t do it?

Comments Off on Sage ACT! Connect stops syncing to local ACT! Pro 2012 : more...

GPT to MBR conversion without losing data (UEFI / Legacy BIOS switch)

by on Jan.14, 2014, under Computer Stuff

Changed ESXi virtual machine from UEFI to BIOS mode, so that bios440.rom trick can be used for SLIC.

Instructions copied from

The actual GPT to MBR conversion

Through the Rod Smith’s guidance and a few dirty tricks, I was successfully able to convert my GPT partition – without data loss or deleting any partitions – and then boot Windows 7 in legacy/MBR mode. In order to do this you’ll need your Windows installation media at hand as well as a copy of the Fedora 16 Live media. If you don’t have a copy of Fedora 16 Live handy, you can download the Live media ISO (64-bit) from a local mirror here

 Keep in mind that at this point I only had 3 partitions and a bunch of unpartitioned space on the disk, so conversion was a rather straightforward process (all GPT partitions mapped directly to primary partitions). Although it is theoretically possible to convert GPT partitions with >4 partitions by defining which ones are to be logical partitions after conversion, I have not tested this.
  1. Boot your Fedora 16 Live media and wait for your session to start. If you’re having troubles booting, press Tab at the boot loader screen and try booting with the nomodeset parameter added.
  2. Depending on your graphics card, you’ll either be presented with the new Gnome 3 Shell or with the traditional interface. Start a terminal session by putting your mouse in the top right corner of the screen and typing “terminal” in the search (Gnome Shell) or by selecting Applications > System Tools > Terminal (traditional interface)
  3. Install gdisk:
    su -
    yum -y install gdisk

    This may take a few moments.

  4. Make a backup of your current GPT scheme:
    gdisk -b sda-preconvert.gpt /dev/sda
  5. Now we will attempt to convert your GPT disk layout to MS-DOS/MBR. Start gdisk:
    gdisk /dev/sda

    You should be prompted with:

    Command (? for help):
  6. Press r to start recovery/transformation.
  7. Press g to convert GPT to MBR.
  8. Press p to preview the converted MBR partition table.
  9. Make any modification necessary to the partition layout. See Rod Smith’s Converting to or from GPT
    External Links icon

    page for more details on this.

  10. When you’re happy with the MS-DOS/MBR layout, press w to write changes to the disk.
  11. Shutdown Fedora 16 and boot from the Windows 7 installation media
  12. Enter your language & keyboard layout and then select the option to repair your computer in the bottom left corner.
  13. From the available options, select Startup Repair. Windows will ask for a reboot.
  14. Follow the previous three steps again to boot the Windows 7 installation and run startup repair
  15. Once again, boot the Windows 7 installation media but this time opt to open a command prompt instead of choosing startup repair. Type:
    bootrec /scanos
    bootrec /rebuildbcd
    bootrec /fixmbr
    bootrec /fixboot
  16. Close the command prompt and run Startup Repair one last time.

That’s it! You should now have a bootable installation of Windows 7 on a MBR partition layout.

Comments Off on GPT to MBR conversion without losing data (UEFI / Legacy BIOS switch) more...

Windows 8: Newly installed (and working) printer missing from Devices and Printers, despite reboots.

by on Dec.26, 2013, under Computer Stuff

Not only do newly installed printers usually take an age to appear in Devices & Printers on Windows 8, but they sometimes do not show up at all.
You can print from your applications, and the queue shows up under Print Queues in Device Manager, but no amount of restarting the print spooler, or hitting F5 within Devices & Printers, will help the new printer to show up where it should.

All that is needed is a reboot of the computer – however, Windows 8’s Hybrid boot feature, which results in rapid startups and reboots, is actually a hibernate as far as kernel and device drivers are concerned, and so a restart or shutdown in the normal sense does not fix the problem.

In order to perform an actual reboot of the operating system, go to an administrative command prompt (ctrl+shift while clicking on command prompt) (save your work first please!) and type “shutdown /r /t /0” followed by enter.

If you’re as lucky as I was, your new printer will finally show up in Devices and Printers when the operating system restarts.

Thanks for this annoying problem Microsoft!

I would hope that you’d be able to hold down shift, or alt, or something, while choosing Restart or Shutdown from settings on the charms bar to initiate a traditional shutdown or reboot, but I haven’t heard anything to suggest that this is possible.

I did a little more Googling, and somebody said that if you choose Restart from the Win-X menu (hold Windows/flag key that’s in-between ctrl and alt, then tap X while holding that key), then a full restart is actually performed. I haven’t tried this myself though.

1 Comment more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!


A few highly recommended websites...