Posted on

07-May-2017

Maintenance report
There isn’t much to mention on maintenance.

PMAS statistics for April
Total messages    :   2796 = 100.0 o/o
DNS Blacklisted   :      0 =    .0 o/o (Files:  0)
Relay attempts    :    209 =   7.4 o/o (Files: 30)
Accepted by PMAS  :   2587 =  92.5 o/o (Files: 30)
  Handled by explicit rule
         Rejected :   1793 =  69.3 o/o (processed),  64.1 o/o (all)
         Accepted :    164 =   6.3 o/o (processed),   5.8 o/o (all)
  Handled by content
        Discarded :    339 =  13.1 o/o (processed),  12.1 o/o (all)
     Quarantained :    274 =  10.5 o/o (processed),   9.7 o/o (all)
        Delivered :     17 =    .6 o/o (processed),    .6 o/o (all)

The number of relay attempts is not that high: the most (100) have been on April 26th, the rest (just a few days) were far less.

New router
I purchased the follow-up mof my Vigor 2920 router: a 2925Vac one. It has bot 2.4 Ghz and 5 GHz wireless, and supports 8.11ac protocol for LAN traffic. I could prepare it yesterday evening using the 2920 as a example (I could have restored the backup of that one) and installed it this evening. Apart from one thing I forgot: specifying which phone is what number, and setting up opened ports – I set them up but probably forgot to save the configuration – changing wnet without a hitch (Of course I had to apply these changes….) and the result in access, especially Wireless, is eminent. And I run the speed test: Up- and download went up to about 85 MB/s – matching the current speed of 100Mb/sec: This router’s firewall has a throughput of 200Mb/s, 4 times the bandwidth of the 2920….

Next month, my Internet speed will increase to 160 Mb/s (with no extra cost) and this router is fit for that (I got the announcement AFTER I received the router 🙂 ) so I’m ready 🙂

PHP 5.4 retest ahead
I planned a test of PHP 5.4 (dnd MariaDB 5.5) tomorrow evening, hopefully I don’t run into problems now, since I changed the system parameters. I may also need to reboot the server to include latest changes, based on AutoGen reporting.
So far the results of the performance look nice. Memory usage goes up to 75%, as before, bot slowly, and sometimes it seems to be eset. Something to investigate.

New version of WASD (and alamode)
New version of the webserver has been downloaded, and the accompanying monitor program. To be installed tomorrow (as well)

Posted on

05-May-2015

Maintenance
Nothing weird – of course.
But since the Vigor router has been replaced by the ‘official’ router supplied by my ISP, it may cause extra spam and extra ‘bad traffic’. So extra attention to be paid to all logfiles.
PMAS statistics for April
Total messages    :   2311 = 100.0 o/o
DNS Blacklisted   :      0 =    .0 o/o (Files:  0)
Relay attempts    :   1540 =  66.6 o/o (Files: 30)
Accepted by PMAS  :    771 =  33.3 o/o (Files: 30)
  Handled by explicit rule
         Rejected :    190 =  24.6 o/o (processed),   8.2 o/o (all)
         Accepted :    211 =  27.3 o/o (processed),   9.1 o/o (all)
  Handled by content
        Discarded :    128 =  16.6 o/o (processed),   5.5 o/o (all)
     Quarantained :    206 =  26.7 o/o (processed),   8.9 o/o (all)
        Delivered :     36 =   4.6 o/o (processed),   1.5 o/o (all)
Not bad indeed – except for the number of relay attempts; and these come from a (Chinese) site that I locked out for accessing the network. There were just a few others’, but the rest was of one user, most from domain sina.com but from different addresses, on one day from 163.com”. The next lines show the first and last of that day – and the number of entries from this user:
13-APR-2015 12:07:58.91|R|122.13.2.195|losw@grootersnet.nl|xiaonanzi11162@sina.com|550 5.7.1 Relaying not allowed: xiaonanzi11162@s♦
...
13-APR-2015 12:52:20.59|R|122.13.2.195|cgruh@grootersnet.nl|xiaonanzi11162@sina.com|550 5.7.1 Relaying not allowed: xiaonanzi11162@♦
205

19-APR-2015 16:27:30.33|R|58.251.146.197|xwu@grootersnet.nl|xiaonanzi11162@163.com|550 5.7.1 Relaying not allowed: xiaonanzi11162@1♦
...
19-APR-2015 16:49:39.85|R|58.251.146.197|mrva@grootersnet.nl|xiaonanzi11162@163.com|550 5.7.1 Relaying not allowed: xiaonanzi11162@♦
216

23-APR-2015 00:42:01.74|R|114.112.190.22|test@82.161.236.244|mtyndallo@yahoo.com.tw|550 5.7.1 Relaying not allowed: mtyndallo@yahoo♦
23-APR-2015 15:15:52.57|R|91.236.75.224|smtp2001soho@yahoo.com|rk85r@freemailhost.ru|550 5.7.1 Relaying not allowed: rk85r@freemail♦
23-APR-2015 22:34:53.54|R|157.255.16.36|wadfil@grootersnet.nl|xiaonanzi11162@sina.com|550 5.7.1 Relaying not allowed: xiaonanzi1116♦
...
23-APR-2015 23:58:35.65|R|157.255.16.36|wacehl@grootersnet.nl|xiaonanzi11162@sina.com|550 5.7.1 Relaying not allowed: xiaonanzi1116♦
806

24-APR-2015 00:04:02.21|R|157.255.16.36|ior@grootersnet.nl|xiaonanzi11162@sina.com|550 5.7.1 Relaying not allowed: xiaonanzi11162@s♦
...
24-APR-2015 00:36:58.43|R|157.255.16.36|twycf@grootersnet.nl|xiaonanzi11162@sina.com|550 5.7.1 Relaying not allowed: xiaonanzi11162♦
271

13-APR-2015 and 14-APR-2015 are adjacent|, so the session started 13-Apr-2015 just after 22:34 and continued to 00:36 the next day. Over a 1000 attempts that failed…
DNS trouble?
There was another thing that was different with the router: From the start, I had port 53 opened – I cannot recall why – and I never had any problem, accept that occasionally. the DNS server, or the resolver, tries to send out a 20-byte UDP-package to some other system. This is blocked by the router as a [teardrop] DDos attempt so it won’t get out.
After the router had been installed for a day or so, this started again and more often than before. Now I got a message from my ISP that something was wrong: It could cause my DNS server to act like an open DNS server that could get involved in an DDOS attack.
This is weird. Since my DNS server will only handle internal addresses, and the resolver doesn’t get onto the Internet, instead requests the router to handle the request – and that will forward the request to the DNS servers of my ISP – as is setup in the handshake between the access points.
Apparently, my DNS server could receive requests from anywhere and loop back. So now port 53 has been closed – and from that moment on, I don’t get these messages any more. I’ll scrutinize the logs for some time, and add all requestors on the blacklist.
PHP and WP update
WAY overdue, I know. but updating this version won’t work. probably. So I’ll take another approach: Start a new blog, with the latest software versions of PHP and WP, probably database as well (MariaDB, a branch from MySQL that seems to be more stable and more reliable). If possible, this content will be imported directly, or I will have to do some work to get it into the new database. Well, if the structures are compatible, I may use the current database as well…

Posted on

30-Apr-2015

Vigor Router restored
The broken Vigor router was sent to the supplier for investigation and repair. They updated the firmware but were unable to reproduce the problems. Nevertheless they decided to replace the hardware (though no longer available officially, they seem to have a number left on stock), as a precaution. Tonight, I restored the configuration and re-installed the router: a matter of a few minutes.
The connection to the LAN is now 1Gb – as it should have been before, where I found it was limited to 10Mb; clear sign something was wrong…. Secondly, it looks as if IPv6 is now properly configured as well: Set to PPP…

Posted on

10-Apr-2015

More router issues
Yesterday I switched routers: removed the Vigor, to be sent back to the supplier, and reinstalled the Fritzbox router of the ISP. However, intenet connection kept failing. Any access over wifi failed: though devices could connect to the router, an IP address was never supplied. That means the server could not reach the devices.
Today I found out the reason: the cable is broken, hopefully it is just a bad connector, because changing the cable is impossible.
There is another cable from the router to the network, that connects my TV to the swtich for that signal. For the time being I will use this link to connect the LAN to the router. It is not a big deal to miss TV on top, and replacing the faulty connection is simple, after which I will use it to reconnect my TV

Posted on

05-Apr-2015

Router re-installation
A few days ago, all of s sudden, I could no longer access any of the sites from wherever I tried. SSH access failed as well, but I still could access the router; but PINGing the server from there went just right. No idea what had gone wrong.
Today I found out that it looked as if access from other sites was no problem at all, bouth router log and web-access log showed incoming traffic, but way less than normal.
To solve the problem start at the front side: so check the router. But as it turned out, I didn’t have any backup of the configuration available – though I did make them; They couldn’t be found. The only solution therefor was to make screenshots of the configuration screens, reboot to factory settings and re-install it to what was set before. It did take some time because, of course, I did forget a screen or two, but within an hour, I had it all working again – basically.
The only issue left was logging; there is still output missing, somehow. However, this has been solved as well.
So I made a backup of the current setting – just in case.
Next thing – that I left for now, because of the sheer amount of work – is redefining the objects to block. That will be done from now on.