One thing that kept me ridiculously busy this past year was my server. I had decided that a Linux box at home wasn't sufficient a couple years ago and purchased a hosted server for way too much money each month. In the end the maintenence and upkeep were draining me and I finally decided to abandon it. Primarily because I grew lax on maintaining it and it was hacked. I decided it just wasn't something I needed to have any more and that there were better ways to accomplish my goals. So now I'm in the middle of transition as I restore back-ups I'd pulled off the server and get myself up and running with various new services.

One way that I'm handling my lack of access to that shell is by increasing my usage of SDF. I've been an ARPA member of SDF since 2003, but I decided to upgrade to MetaARPA membership and take advantage of some of the additional services (more on this in the future). On top of this, I signed up for Amazon Web Services. I created myself a Micro-Linux instance that falls within the free tier for now, but I plan on playing with AWS and exploring some of the possibilities with it in the future.

I seem to have most things back up and running that I had previously, however one missing piece is that SSLFail.com is still not back up. I am hoping to get that blog back up and running and open it up to be more user contributable...I'm just not sure how to do that yet. If you have any opinions, please let me know.

I just wanted to let everyone know that I've reached my goal to cover my bandwidth costs. I want to thank the individuals who donated, it was definitely appreciated. I also want to thank SecurityCompass for making a donation. Additionally, I need to extend a big thank you to my employer. This is my personal blog and when I started with nCircle I pointed out that I blogged here and wouldn't stop. Even though we have our corporate blog, they were happy to allow me to bounce back and forth between the two rather than push me to blog only on blog.nCircle.com. So even though this blog is all mine, nCircle stepped up and offered me an advertising contract, featuring their logo and link on my website and in exchange they offered up cash to cover the remainder (total less donations) of my hosting fees, and in the end I believe I'm coming out slightly ahead, so I'm hoping to pass some money towards HFC (more on that once my 1and1 bill is actually paid). So once again thank you to everyone. You'll now see nCircle's logo on the page, and in the near future (once my transfer volume is straightened out) DVL will return with a nCircle sponsored download page.

Every now and then I encounter websites that have donate buttons, especially if they provide a service. I've always wondered about this but figured "Hey, if people want to give money why not". I've decided today to become one of these "Cyber Pan Handlers"

For quite a while I've been hosting DamnVulnerableLinux without any problems. About 6 months ago, my transfer limit was exceeded due to DVL and I had to pay a bit extra. I decided that I would stop hosting DVL and it went to being only available via torrent. A couple of months later my hosting provider, 1and1, sent out an email stating that all hosting accounts had been upgraded to unlimited transfer, so I re-enabled my hosting of DVL. This month DVL appeared on Slashdot and what followed was a bill for a couple of thousand dollars. 1and1 is claiming that my account is a grandfathered account that no longer exists, and is therefore not eligible for the unlimited transfer. Yet they had still sent me the email and when I had checked at that time my account stated unlimited. I'm guessing that they made a mistake in their system when they initially implemented it and then silently fixed it. Either way, they are unwilling to honor the email they sent me and the DVL direct download has been removed. Should I come out of this, I will upgrade my account (which will increase my current monthly costs) and resume hosting DVL for download.

In the mean time, I'm going to ask for donations to help cover this large bill. During this push, there were over 30K downloads of DVL. I'm hoping that some of those downloaders (or anyone else) will realize the value they gained from the direct download and donate a few bucks to help cover costs. I just don't have the cash to cover it right now, and not only will the DVL direct download go away, a number of other things will as well:

• ComputerDefense.org blog, hosted web pages, mailing lists, and email addresses
• SSLFail.com blog, hosted web pages and email addresses
• Hosted DNS
• Shell Accounts
• SecurityBloggers.net domain name and associated email forwards / url redirects
• Hosted Domains

If you are someone affected by any of these services, maybe you want to donate too

As I said, once I manage to get this worked out, the DVL direct download will resume. Those who donate, I'm also willing to consider any requests you have for a shell account, dns hosting, email or whatever else. If any companies want to donate... Well, I'll add a banner with your logo to the top of CDO.org and SSLFail.com. Let's say for companies, every $20 buys you a month of banner

Anyways... that's it... figured I'd give this a try.... now for the lovely download button.

Thanks For Reading!
Tyler.

12:57:25.528325 IP 64.233.180.94.53615 > 74.208.78.XXX.53:  5038 A? www.securitybloggers.net. (42)
12:57:25.586218 IP 64.233.180.94.38886 > 74.208.78.XXX.53:  27266 A? www.securitybloggers.net. (42)
12:57:25.606691 IP 64.233.180.94.50898 > 74.208.78.XXX.53:  5454 AAAA? www.securitybloggers.net. (42)
12:57:25.653284 IP 64.233.180.94.32922 > 74.208.78.XXX.53:  16830 A? www.securitybloggers.net. (42)

That IP, for those of you running to look it up, resolves to ni-out-f94.1e100.net. It turns out that 1e100.net is a Google domain. So, if I believe my hosting provider, I was DoSed by Google. I emailed 1and1 to point out that it was a Google domain and simply DNS traffic, and shortly after that my server was back up… at least in theory. In the end I had to reboot my server before it would respond… but at least I got it up at running.

Nothing exciting... just my latest pain.

********

I just got an email from my web host that I now have unlimited traffic, which means no worrying about overages and no worrying about extra fees. As a result... I've re-enabled the DVL mirror, DVL 1.5 is available here

Here's the result... using the iNove theme.

We have the URLs for the new SBN site. You can access the site at http://www.securitybloggersnetwork.com or http://www.securitybloggers.net.  Right now the site is simple, but we will build it up over time.  Check it out and make sure your feed is displaying correctly -- but your blog title should be automatically generated by your RSS.  Also, please do your best to promote the new site and feed, as traffic to it helps us all!

---

I know I've been a little lazy when it comes to posting lately, but I plan on posting more going forward... hopefully anyways.

My server has hit 2.5 days of uptime (I've had it for almost 2 weeks, and that's the most uptime it's had yet). I finally (after fighting with tech support) was able to get them to swap the hardware and I haven't had a segfault yet, even though they still insist it wasn't a hardware problem.

I was rather unimpresed with the quality of support I received (although it may finally be resolved), as I've always had great support from 1and1. This was my first time dealing with 'Dedicated Server' support and I wonder if it's a different group, because it was quite the different experience.

Anyways... not that it's up, I wanted to share something interesting that I'm seeing. I purchased a couple of extra IPs as some of my domains will use SSL and I've set this up using interface aliases on the server.

eth0 is the primary IP, and eth0:0 and eth0:1 are the secondary IPs. Here's where this gets to be interesting. eth0:0 is always used. If I specify an interface... it doesn't really matter because quite often that will be ignored.

Examples:

bind: listen-on was set to eth0, however my AXFR was occuring with eth0:0, I had to specify a transfer-source to solve the problem.

Wolfenstein Enemy Territory: I've specified the listen port as eth0:1, yet the only IP that you can connect to is the one assigned to eth0:0.

irssi: Regardless of the IP I specify with the -n flag, I still end up using eth0:0.

So... has anyone seen this before? I sure haven't and I can't find anything online. I'm wondering if there's a flag/setting somewhere that sets eth0:0 to be the primary interface... but I can't find it.

Sudden, however, I couldn't SSH into it. I checked via console (you also get console access) and found that it was down. I rebooted and all was well. A day later the same thing happened. So now the server has crashed at least once every 24 hours, since I got it. On Friday I'd been going fine for a day and a half or so and suddenly it locked up again. Completely unresponsive. So I sent in a support ticket and received a response with the phone number for their 24 / 7 dedicated server support. I called and after a brief conversation was told that if my server had nothing important, they would have the hardware replaced and the machine reimaged. I'd have to reconfigure it again but that was all, so I said sure. A couple hours later I got an email saying it was ready to go, so I went through and configured it again Saturday morning. Saturday night, it hung yet again, so I decided their may be something wrong with their Debian system and went back to CentOS 5. I configured it (compiling nothing from source, and using only the yum repositories to ensure it wasn't software I installed). Yet this morning the server was down yet again. This time with libc related segfaults on the console during boot.

I called in and was rather unimpressed. I was told that since it wasn't hardware this wasn't the type of issue they deal with. I couldn't believe the response... it's their hardware, their image, their yum repository. I haven't obtained anything that they were not the source of, and they still wouldn't help. At this point, I'm pretty fed up... but at the same time I've received great customer service for so long. It's really disheartening. I recommend 1and1 to everyone I know and now it's blowing up in my face.

I've decided to give the server one more try (this time on Ubuntu -- my favourite Linux distro) and if it still fails then I'm going to walk away and start a letter writing campaign.