Maintenance Saturday August 31st 2013 Midnight-1AM

We will be taking various machines down for imaging and rebooting August 31st just after midnight, that is early Saturday morning.

This is necessary to create images for rapid restoration and to upgrade to a newer Linux kernel.

Downtime for any one machine should not exceed about fifteen minutes, but various servers will be affected when the main NFS server is rebooted, so there will be a time when other machines freeze in addition to their rebooting.

I expect maintenance activities will be concluded by approximately 1AM.

User CGI Scripts / UserDir in virtual domains

A while back someone complained of User DIrectories functioning in their virtual domains.  I recently changed configuration so that they would not function in virtual domains without thinking about the ramifications on CGI scripts which this change broke,

In order to restore functionality to CGI scripts, I backed out this configuration change.

I do not remember who it was that originally wanted them removed, I can remove them from specific domains but it will break the ability to use CGI scripts from that domain (PHP and SSI will still work).

If you want them removed from your domain, with the understanding that CGI scripts will not work, then please send e-mail to support@eskimo.com.

Spam

Yesterday, August 27th, normal spam filters were down.

I had compiled spam assassin’s system-wide rules to speed up processing.  Not all of the rules can be compiled.  An automatic sa-update that updates the rules created a situation where non-compiled rules conflicted with compiled and spamassassin aborted.

I changed the cron job that runs sa-update to re-run sa-compile afterwards if there are any rule changes.  Last night an automatic update changed rules and sa-compile ran automatically and everything worked as intended.

Forum Moderator Volunteers Wanted

I’m looking for volunteers to moderate Eskimo’s Forum.  Actually most posts are unmoderated but there are times when spammers get through and post and I’d like t heir posts to remain for as short of a period as possible.

I’m also interested in any suggestions you may have with respect to how to make the forum more attractive to people so that it actually gets used.

I miss the early days where Eskimites were bouncing ideas off of each other, helping each other figure out how to do new things, etc.

If you are willing to volunteer as a moderator or have a suggestion, please e-mail support@eskimo.com.

Viruses & Malware

One of our customers called today.  Their Windows machine had become infected with a keystroke logger that gave a hacker their bank account information.

We check for viruses in incoming mail, but please be aware that no virus scanner is going to catch everything.  Anytime a virus is released, there is a period of time that elapses before someone who gets infected provides the necessary information to a anti-virus company who then develops a signature that virus checkers use to check for it’s presence.

Also be aware that viruses and other malware, like this keystroke logger, frequently come across the web often bundled with legitimate and sometimes not so legitimate software.

I recently installed something called “Dexpro”, it was a virtual desktop program for Windows.  I have virtual desktops built into Linux and MacOS, and I find them very useful and wanted the same capability for Windows.

Dexpro got good reviews, but when I installed it, without my permission it also installed something called WhiteSmoke Toolbar.  Actually to be more precise, I’m not sure if the website I downloaded from did the installation or it’s installer.  In addition my searches and other things were redirected to the WhiteSmoke website.

I removed the toolbar from the browser and reset my search engine preferences back the way I thought I had them but when I attempted to use add/remove programs to get rid of it from my machine, it aborted the attempt.  I attempted to use several third party application removal programs, they all failed.  Finally, I deleted the files (that I knew about) manually and went in and deleted the registry keys.

I thought I had rid myself of this awful beast but when I attempted to fire up Flyff (a MMORPG video game), an anti-hacker program packaged with Flyff saw that some of the web queries were redirected to another website, so it wouldn’t fire up and I knew I hadn’t yet rid myself of this thing.

A scan with Microsoft Essentials revealed nothing.  A scan with SuperAntiSpyware found three trojans (and about 300 cookies) but Flyff still wouldn’t run complaining of redirects.

I then did a full scan with MalWareBytes, it found another 17 trojans after which everything seemed to be back to normal.  Still I wouldn’t trust this machine for anything sensitive.

For online banking or anything else security sensitive, consider buying a Mac or loading Linux on your PC.  If you have Windows, don’t depend upon Microsoft Essentials.  It is lightweight and good for gaming as it doesn’t interfere with game I/O much but it lets a lot slip through.  If you must use WIndows for sensitive work, I suggest a good virus scanner like Avast or AVG and in addition MalwareBytes and SuperAntiSpyware.

Windows has a lot of services enabled that the typical home user doesn’t need.  The more services running, the more targets malicious software has to abuse.  It is best to turn off everything you don’t need.  There are two places to turn stuff off that you don’t actually use.  In the start menu, bring up Run, and type in services.msc.

Unless you’re using your Windows machine as an Internet Gateway (I suggest you don’t do this, go buy a $50 router to perform this function more securely), you should disable Applications Layer Gateway.  Also turn off net.tcp port sharing, again, multiple computers, get a router.

If your machine is not part of a Windows network, Disable Server and Workstation. Also disable Computer Browser, if you’re not on a Windows network there are no other computers to browse.  Turn off distributed link tracking client.  No network, no NTFS files to transfer between computers.  Same for distributed transaction client, no network, no distributed transactions.

If you’re not hot swapping hard drives, turn off logical volume manager.  This service looks for volumes when you plug in a new device.  My advice is to shut it off unless you need it.  If you’ve got thumb drives that you’re swapping in, then you might need it.

If you’re not using volume shadow copy service for backups, disable it.

If you don’t need anything to run automatically at particular times, disable the task scheduler.  As I understand it, this service runs applications with administrative privileges but they can be scheduled without administrative privileges, so it is a potential avenue for privilege escalation.

Remote Access Connection Manager, Remote Helpdesk, these are things someone outside of your machine can use to get in, disable them unless you are actually using them.

The same can be said for the rest of the services.  It is a good idea to Google each one and decide what you need and what you don’t.  It’s also a good idea to create a system restore point before starting so if you mess things up too bad you can get your machine back to where it was.

Turning off unneeded services not only improves security of your Windows machine, it can also significantly improve performance.

I mentioned there were two places, the other is also launched from run, but instead of services.msc put in msconfig.exe.  The msconfig program can also change services but I don’t recommend it, use services.msc for that.  What I do recommend using the msconfig program for is to check the startup section and see if there aren’t unnecessary things being launched there.  For example, Google, Java, and Adobe all have update services, but I’d rather not have them continuously running in the background eating resources and potentially deciding an upgrade is necessary while I’m doing something else, so I disable them all.

Another example is Nero’s inCD which enables you to use a DVD-WR like a big floppy.  However, it interfers with other programs being able to mount CD’s and I rarely (read never) use my dvd-rw for this so I disable it and it’s helper application.

I have an Asus monitor program that reads temperature sensors and such but again I don’t want it running in the background 24×7 so I have it disabled unless I start it manually.

Many gamers play games that require steam, it sucks LOTS of resources just sitting there, so best to shut it off unless you actually want to play a game, then start it manually.  The same goes for Skype.

As with Windows services, turning off applications that aren’t being used saves resources and improves security.

Lastly, in the win.ini and system.ini tabs, if yo don’t have any 16 bit applications left over from the days of 286 processors and Windows 3.11, disable 16-bit support.  If you don’t use Outlook, disable mail support.

Once you do all these things your system will be more secure and faster.  Boot times in particular will be much faster.

 

Mail Slowdown 12/14 11:10-11:30

The severe mail slowdown for those using pop/smtp today between 11:10-11:30 was caused by myself.  I posted to both eskimo-announce and outages-list simultaneously.  Both of those lists contain hundreds of local addresses.  Each address caused a copy of spamassassin to launch for the delivery of that mail address.  This exceeded the memory capacity of the mail server causing it to go into swap and slowdown.

I doubled the amount of memory in the machine and re-tested, after the additional memory, the machine absorbed the list posts without any problem.

Citadel / Tomcat / Guacamole

Citadel hasn’t exactly been a resounding success.  It has not been fully functional owing to conflicts with other things present on the server.

Citadel conflicts with Tomcat preventing Tomcat from becoming operational.  Tomcat provides Java containers or servlets. I am going to remove Citadel for now so that I can get Tomcat working.

Tomcat is required by Guacamole. Guacamole provides a means to access a remote desktop with only an HTML5 and AJAX capable web browser.

This won’t replace NX as NX does many things to compress data and reduce latency and has some capabilities that Guacamole doesn’t have yet.  But it will make remote desktops available to many more devices.

After I get this working, I will setup a new server for Citadel.  Citadel wants access to so many resources that it pretty much conflicts with almost anything else on the same machine.  Much of it’s functionality is unavailable now because the web server, and other services are using ports which Citadel wants to use.

Windows and old Nvidia Video

Anyone who has an old Nvidia card and is using Windows, I highly recommend you download and install the most recent drivers from Nvidia as they provide a non-trivial performance increase in addition to making the control panel work with the old hardware properly.

I want to thank the folks at Nvidia for making the drivers available for old hardware like my ancient GeForce 6200, it’s nice not to have a vendor abandon those of us who can’t afford to always be on the bleeding edge like so many vendors have.