Every website as long as becoming popular needs a proper DoS or DDoS protection. There is a plenty of solutions out there but mod_evasive offers something that others don’t – ability to manage upstream firewalls and block traffic directly there as well as serving a Forbidden page.
The CentOS Project finally announced version 7 of their RHEL derivative. I gave it a try on a VirtualBox VM and I must admit the changes are significant.
According to the official release notes CentOS 7 comes packed with the following major changes:
- Kernel updated to 3.10.0
- Support for Linux Containers
- Open VMware Tools and 3D graphics drivers out of the box
- OpenJDK-7 as default JDK
- In Place Upgrade from 6.5 to 7.0 (as already mentioned)
- LVM-snapshots with ext4 and XFS
- Switch to systemd, firewalld and GRUB2
- XFS as default file system
- iSCSI and FCoE in kernel space
- Support for PTPv2
- Support for 40G Ethernet Cards
- Supports installations in UEFI Secure Boot mode on compatible hardware
Extensive list of changes can be found here
A while back I stumbled upon a very untidy way of managing keys with Hiera and Puppet.
1 2 3 4
The only possible option it accepts is the key. No type, no additional info, nothing at all besides the key. What this meant to me: obviously here the idea is to be as straight-minded as possible limiting the variations of SSH key types to just one hard-coded value. Fine with this concept but how do I find out what type of key I’m allowed to use then? The more I questioned myself the stronger the feeling I need to dive in Puppet for an answer. I won’t ever bother describing you how “well-organized” in Puppet it all was but eventually I was lucky enough to just realize that this type of SSH key management is the perfect example of how NOT to do things.
The solution? A full rewrite from scratch.
In two consecutive jobs I had to look at a way to manage Linux user names and passwords via Puppet. This is one of mostly discussed topics and there are plenty of solutions around. And exactly this fact confused me the most! Which way should I take? Of course my own…
I received recently a notification from Yahoo that customers of the company I work for use our own SMTP servers to “forge” mails that come from their own Yahoo account.
Yahoo Mail recently enabled a DMARC reject policy to protect users from increasing email spam that uses Yahoo users email addresses from other mail servers (you can read about it here).
We are reaching out to you regarding the domain “our domain” because we noticed a number of your customers’ emails are being rejected. This is due to the fact that these emails are from your customers with “@yahoo.com” in their “From” address and are originating from your servers. With our recent policy change, DMARC compliant systems will reject such emails.
To help you assist your customers through this change, we have outlined the remediation in your case. You should follow the applicable recommendations from those we have listed below:
Small Business Owners / ESPs / ISPs / Domain Hosting
1. If you are sending the email on behalf of a business:
a. then the customer is best served if they move to sending email from their own domain; OR
b. Use an address you control, which could be a dedicated address at your site. E.g. If you are “b2b.example” then “From: “Example Sender” <example-sender@b2b,example>”; OR
c. Use a single address for different senders E.g. If you are “b2b.example” then you could do
i. “Reply-to: “Example Sender” <email@example.com>”; AND
ii. “From: “Example Sender” <firstname.lastname@example.org>”
2. If you are an ISP or an email provider and your users want to use Yahoo addresses; then
a. Consider allowing customers to connect directly to Yahoo SMTP servers; OR
b. Contact us at email@example.com to discuss authentication and configuration options.
Websites allowing visitors to share links
If your website provides the ability to share items in email, we recommend that you send these emails from your own domain. You can set a Reply-To: header with their address so that people can reply to the sharer instead of replying to you.
E.g. If you are “sharing.example”
1. Reply to: “Example Sender” <firstname.lastname@example.org>;” AND
2. From: “Example Sender” <email@example.com>
For additional details, please click here.
If you need any clarifications or further information on how to assist your customers, please feel free to reach out to firstname.lastname@example.org
The Yahoo Mail Team
Long story short – our customers use their Yahoo accounts in
From: field when sending mails out from our shop-applications to their customers over our SMTP servers and this makes Yahoo unhappy about it, because they’re the only company allowed to do that from their own SMTP servers. But how did they came to this conclusion and decission to mail us about the problem? One term was unknown to me up to this mail:
For the past 13 years I was gathering experience with various technologies. Over time I made a significant collection of useful scripts, knowledge-bases, tutorials etc. In some cases I had to develop my own solutions from scratch spending sleepless nights. For that reason I was documenting as much as possible. But all these solutions were spread on vast amount of systems so keeping track on them got harder for me. Meanwhile I felt the need to share that knowledge with the open-source community. This blog is my third and hopefully last attempt to do so thanks to OctoPress. Whenever possible I’ll transfer the information from the first two here as-well so don’t be surprised if articles from the past show up.
With the release of XenServer 6.2 automated patch management via XenCenter is not possible any more as long as you don’t have a license. So in order to keep your XenServers up-to-date you need to apply them manually on the CLI.
So you are now trying to boot a VM in XenServer but you are getting the error “VDI is not Available”. This means that VM crashed, Xen Host crashed, or something just bad happen. Either way you need your server back.
Find the UUID of the VDI in question
Note exactly what UUID maps to which drive is on your server. This is going to remove the VDI from the VM so we can reattach it correctly. So drive order does matter, you don’t want to switch an OS VDI with a data VDI.
Open XenCenter and navigate to the SR with your VDI. Hit rescan Now goto your VM with issues and attach the VDI via the storage tab Boot your VM
In case you’re not exactly sure which VDI is the failing one you can always try to start the VM from the CLI first
1 2 3 4 5 6 7 8
There is no sysadmin in the world that didn’t have to deal with dynamic DNS services like UltraDNS in order to automatically fall-back to alternative set of IPs in case of a network outage of the primary ISP line(s). Unlucky such services are not for free so I’ve created a small Bash script in order to achive similar functionality.