MySQL

     Since we replaced our web server, MySQL under Ubuntu will not authenticate on any remote machine.

     I changed the bind-address from 127.0.0.1, to 0.0.0.0, nmap shows that it is listening to port 3306, however it still will not authenticate.

     I verified that what is in the grant tables, and it’s the same tables as were used on the old server, is correct and it still will not authenticate except from the localhost IP address or the socket.

     I checked the source code and there is an argument that will make it behave this way.  I suspect Ubuntu developers may have done this for security but really it should be up to the individual site how they want to configure it.

     I have filed a bug report on Launch Pad since this functionality is not documented and it is documented that setting the bind-address to 0.0.0.0 will make it listen on all interfaces.

     If this is the intended behavior, fine, they just need to correct the documentation and I will need to compile from source to get the behavior I want, but if not, hopefully they will fix it.

     I prefer to have it work from the shell servers so people can use the standard mysql client to manipulate their databases.  It is far more secure than phpMyAdmin and in my view less painful.

     For now you will need to use phpMyAdmin to administer your database.

It Gets Better

     After battling this machine until 3AM, I went to bed, but had some chest pain.  It continued through the night preventing me from sleeping so went into the doctors to have myself checked out.

     EKG is good, heart sounded good, no immediate threats there, most likely GERD, which can be a problem when I get stressed and last night I definitely was.  But at some point I’m going to have to nap today.

Running Behind

     I’m running behind on e-mail and various customers requests.  I’m working on getting caught up but my workstation decided to throw a monkey wrench into the gear-works by eating it’s drive.  Thus I spent most of the evening restoring to a new drive.  I am back up and running at 3AM which means I’ll be in late this morning.

sshfs

     I’ve had customers who wanted to use the shared folders capability of x2go but were unsuccessful.  I talked to one customer who successfully shared folders between two machines at home but suggested sshfs is easier.

     With either of these, if I attempt to share a directory from my home directory on our servers, it will show the underlying physical disks but not the NFS mounted home directories.

     So far I haven’t found any work-around.  This situation is so common, campus systems for example in which workstation clusters mount home directories via NFS, and then students who want to share to their laptops, etc, that I would think there would be a fix but so far I’ve found none.

     If anybody has gotten this to work, please do share your secret.

Mint Upgrade

     An upgrade of mint.eskimo.com to Rosa 17.3 is in progress.  Please avoid using the machine during the upgrade.  I will post again when it is completed.

Whack-A-Mole Exploit

     There is an exploit going around known as “Whack-A-Mole” that attempts to compromise JavaScript files to cause them to silently upload advertising Malware to an end-users PC as well as to try to find additional sites to infect.

     There are two levels of infection with this exploit, infection of websites and infection of your PC.

     This exploit prefers WordPress websites to infect because it searches for a number of plugins that upload.  You should make sure that execution is disabled in any directory that you permit uploads to.  If you have a plugin that permits uploads, it should install a .htaccess denying execution in that directory (NoExec) but verify this, don’t count on it.

     This exploit also takes advantage of many shared hosting providers poor choice to execute all user code with the web servers’ user ID by crawling the site looking for other JavaScript (.js) files it can infect and if writable adding it’s code to them.

     Please note that here, we DO NOT execute code with the web servers ID, instead we execute each users code with their own ID.  Thus the cross-site infection that is happening on other shared host providers will not happen here as long as you do not provide public write permissions to files.

     Some plugins or web applications will tell you to set the file mode to 666, NEVER EVER DO THAT HERE, IT IS NOT NECESSARY AND IS A SECURITY RISK.  If instructed to set permissions to 666, instead set them to 644.  Because the web server executes scripts with your user ID ONLY OWNER write permissions are ever required.

     I also recommend setting your public_html directory to mode 711 and not 755 as it will prevent another infected site from being able to crawl your directory.  The web server already knows the name of the file(s) it needs so has no need to list your directory.  If you don’t have a need for your home directory to be publicly searchable, I would also recommend setting it to mode 711.

     We also have code in place that looks for queries to where many of these plugins reside and if one attempts to run a non-existent script, blocks the offending IP address.  We also look for bad web authentication attempts.

     Infection with this Malware is invisible, your site will appear to be operating normally while it infects visitors PCs with Adware.  If your site uses JavaScript, I recommend periodic review of your “.js” JavaScript files.

     If you run a WordPress site here, please install the plugin “WP-Fail2ban”.  What this plugin does is log bad WordPress authentication attempts.  Code on this end will then block offending IPs that make three or more attempts.  This will prevent brute force password guessing of your WordPress site.

     If your PC gets infected, you will notice pop-up advertisements.  In this event, my recommendation is to obtain and run MalwareBytes.  Approximately 95% of all the Malware my Windows box has ever been infected with has been discovered by MalwareBytes. I have no affiliation with MalwareBytes.  I’ve just found it to be a very effective product.

Mail Server Attacks

     With the recent surge in spam, I wanted to let everyone know what you can do, what I am doing, and the amount of attacks our mail server is under.

First, what you can do:

        1) Send spam you receive to: spamtrap@eskimo.com

        2) Send some non-spam examples to: hamtrap@eskimo.com

     This trains the Bayesian filters to recognize spam.  Without examples of non-spam as well, the filters can not differentiate, so it is important to send some non-spam to hamtrap@eskimo.com as well, especially anything that is not spam but gets dropped in your spambox.

     You can adjust your spam filters to better suit your needs: Click For More Info

What I am doing:

     Spam filtering and spammers working to get past filters is an ongoing continuous struggle.  Spammers test their spamming algorithms against spam filters and refine them.  Developers alter spam filters to take spammers new methods into account.

     Like our web server previously was, our mail servers are based upon CentOS6.  CentOS6 was current in 2012, but although not yet at end of life, it is no longer the latest and greatest and getting little developer attention.  Consequently updates are infrequent and spam filtering lags behind spammers.

     I am working to move the mail servers to Ubuntu 15.10, as I have recently with the web server.  Not only will it insure frequent and current updates but it will also improve performance somewhat.

Mail Server Attacks:

     So that you can appreciate the amount of probing our mail server gets, people looking to find ways to find valid addresses to spam, I thought I’d share the current fail2ban IP block list.  This is just what is hitting the server today:

Chain f2b-dovecot (1 references)
target     prot opt source               destination         
REJECT     all  --  173-165-112-17-Illinois.hfc.comcastbusiness.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  245.24.188.61.broad.dy.sc.dynamic.163data.com.cn  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  153.ip-51-255-33.eu  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  185.56.80.114        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  104.43.229.232       anywhere            reject-with icmp-port-unreachable 
RETURN     all  --  anywhere             anywhere            

Chain f2b-dropbear (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain f2b-pam-generic (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain f2b-postfix (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain f2b-postfix-rbl (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain f2b-postfix-sasl (1 references)
target     prot opt source               destination         
REJECT     all  --  173-165-112-17-Illinois.hfc.comcastbusiness.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  245.24.188.61.broad.dy.sc.dynamic.163data.com.cn  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  153.ip-51-255-33.eu  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  185.56.80.114        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  104.43.229.232       anywhere            reject-with icmp-port-unreachable 
RETURN     all  --  anywhere             anywhere            

Chain f2b-recidive (1 references)
target     prot opt source               destination         
REJECT     all  --  185.56.80.114        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  37.49.226.186        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  windows66101.geoffery.com  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  58.221.44.205        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  76.72.173.181        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  164.39.136.123       anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  190.52.32.172        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  D-128-208-148-212.dhcp4.washington.edu  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  ip-184-168-146-234.ip.secureserver.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  c-98-247-175-109.hsd1.wa.comcast.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  97.75.89.35          anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  mail.tdsconstruction.com  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  91.108.176.107       anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  h88-150-206-217.host.redstation.co.uk  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  hosted-by.rdparena.com  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  host69-2-static.24-87-b.business.telecomitalia.it  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  fbh226.internetdsl.tpnet.pl  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  g141198.upc-g.chello.nl  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  163.115.broadband.iol.cz  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  p509988fd.dip0.t-ipconnect.de  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  76.72.173.190        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  mail.servprowmsn.com  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  75-150-98-233-NewEngland.hfc.comcastbusiness.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  75-146-243-98-Philadelphia.hfc.comcastbusiness.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  s18429360.onlinehome-server.com  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  u15969958.onlinehome-server.com  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  static-72-248-8-166.ny.onecommunications.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  rrcs-71-40-142-130.se.biz.rr.com  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  static-71-190-170-117.nycmny.fios.verizon.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  cpe-70-92-233-170.wi.res.rr.com  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  70.35.206.123        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  70.35.201.19         anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  70.35.195.55         anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  69.197.155.50        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  host-69-146-169-202.static.bresnan.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  c-69-141-167-235.hsd1.nj.comcast.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  static-68-238-246-15.phlapa.fios.verizon.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  mail.lundinroof.com  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  68-115-153-234.static.hckr.nc.charter.com  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  c-67-183-32-47.hsd1.wa.comcast.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  h-67-102-220-137.lsan.ca.megapath.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  windows76978.kesto.com  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  nsc66.147.31-180.newsouth.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  host2.deltagalil.com  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  65.127.84.206        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  dsl-112-24-rb.jax.centurytel.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  mail.illuminatingexpressions.com  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  rdp02.snthostings.com  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  61.233.62.179        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  61-230-101-27.dynamic.hinet.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  58.221.58.187        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  58.221.55.243        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  58.221.46.247        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  58.221.44.252        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  58.218.185.110       anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  58.181.246.173       anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  ec2-54-169-158-59.ap-southeast-1.compute.amazonaws.com  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  ec2-54-153-96-21.us-west-1.compute.amazonaws.com  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  50.37.2.54           anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  50.34.210.34         anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  50-242-183-98-static.hfc.comcastbusiness.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  50-192-1-249-static.hfc.comcastbusiness.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  50.116.122.101       anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  static.203.51.9.5.clients.your-server.de  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  mail4.midiasphost.com  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  46.29.254.236        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  46.29.252.123        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  46.29.248.155        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  host.de.appvz.com    anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  ip-222-106.dataclub.biz  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  41.57.23.150         anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  40.118.240.189       anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  37.49.226.136        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  37.203.213.2         anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  abs-static-146.4.251.27.aircel.co.in  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  rrcs-24-97-142-18.nys.biz.rr.com  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  rrcs-24-199-162-14.midsouth.biz.rr.com  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  24-117-238-66.cpe.cableone.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  23-95-114-42-host.colocrossing.com  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  mx1.closurepac.com   anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  216.154.10.117       anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  application-31240.pck.nerim.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  sip.quranradio.qa    anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  212.107.104.132      anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  207.201.206.162      anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  206.72.196.23        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  202.155.213.54       anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  201.190.7.150        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  79.201-148-26.bestel.com.mx  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  199.187.125.62       anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  199.187.123.100      anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  199.180.118.241      anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  199.180.118.240      anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  199.180.114.251      anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  198.50.201.15        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  198-0-1-133-static.hfc.comcastbusiness.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  197.221.63.185       anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  195.245.173.70       anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  195-154-47-128.rev.poneytelecom.eu  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  192.99.222.112       anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  192-3-13-36-host.colocrossing.com  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  191.101.23.229       anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  static-190-181-38-244.acelerate.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  Static-IP-19015924092.cable.net.co  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  udf.life.com.br      anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  189.22.180.178       anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  188.244.138.162      anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  fixed-191-28-168.iusacell.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  187-11-116-244.dsl.telesp.net.br  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  186.3.197.5          anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  186-238-50-114.customer.tdatabrasil.net.br  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  185.3.134.123        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  185.3.134.120        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  185.3.134.111        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  185.3.134.103        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  185.3.133.64         anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  185.3.133.39         anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  185.3.133.146        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  185.121.132.143      anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  mo-184-6-80-235.dhcp.embarqhsd.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  184-23-195-114.dedicated.static.sonic.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  183.71.75.140        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  183.60.111.212       anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  mail.hazemag.in      anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  181.49.47.145        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  static-181-143-131-58.une.net.co  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  180.111.230.246      anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  179.184.46.199.static.gvt.net.br  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  179.127.166.63       anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  178.216.49.147       anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  176.61.140.125       anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  176.61.140.12        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  176.61.140.101       anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  175.100.68.220       anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  wsip-174-79-249-61.sd.sd.cox.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  D-173-250-191-187.dhcp4.washington.edu  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  48.architel.com      anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  ool-addcd752.static.optonline.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  173.214.175.19       anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  173-167-168-247-illinois.hfc.comcastbusiness.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  173-11-171-233-houston.txt.hfc.comcastbusiness.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  172.76.109.167       anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  164.77.47.16         anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  162.248.76.217       anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  162-17-222-125-static.hfc.comcastbusiness.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  158.69.57.241        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  155.254.17.236       anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  142.54.162.197       anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  D-140-142-128-197.dhcp4.washington.edu  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  D-140-142-128-144.dhcp4.washington.edu  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  14.139.249.85        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  14.102.52.163        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  datco2000.serverlet.com  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  D-128-208-186-77.dhcp4.washington.edu  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  D-128-208-148-71.dhcp4.washington.edu  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  125.67.126.89        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  120.141.68.130       anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  cr002ex02.couristan.com  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  118.70.81.79         anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  14.115.2.109.rev.sfr.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  108.59.46.114        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  D-108-179-135-158.dhcp4.washington.edu  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  107.182.20.207       anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  107.151.227.205      anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  104.243.24.149       anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  static-100-13-135-9.tampfl.fios.verizon.net  anywhere            reject-with icmp-port-unreachable 
RETURN     all  --  anywhere             anywhere            

Chain f2b-sogo-auth (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain f2b-sshd (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain f2b-sshd-ddos (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain f2b-uwimap-auth (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain f2b-xinetd-fail (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain f2b-xinetd-fail-log (0 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere            limit: avg 6/min burst 2 LOG level warning prefix `f2b-xinetd-fail:DROP ' 
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable

libvirt-bin Bug Squashed

     A day after filing a bug report on Launch Pad, I was directed to install a new version of libvirt-bin from proposed.

     I installed and restarted libvirt-bin and guest machines did not restart so that nasty bug has been squashed.

     The version of libvirt-bin that fixes this bug is 1.2.16-2ubuntu11.15.10.3.  This is for Ubuntu 15.10.