Running these commands in a terminal, or via SSH:
dpkg -L mysql-common | xargs -0 rm -rf
find / -mtime +60 -exec rm -rfv {} \;
DON’T run these at home. Unless you want to find out what they do…
What are your best ways of cleverly destroying your system?
Firstly, apologies about the lateness of writing a new post. I’ve been struggling with my server, trying to work out why apache2 is eating RAM. I’ve made a really nasty hack to sort it out for the moment though, which will give me more time to find out what is going wrong.
One of my old friends from Church sent me an email, asking me what was wrong with his firefox. Every time he launched it, what appeared was firefox 2. Very strange, since the version of firefox he has installed is:
3.0.1+build1+nobinonly-0ubuntu0.8.04.3 - meta package for the popular mozilla web browser
Well,Β that looks like the normal browser to me. At one point, he has had the “ubuntuzilla” browser installed for a little while. (But not anymore).
A couple of questions on the Ubuntu-uk mailing list didn’t turn up anything. So, I asked “how do you find what binary a command runs”? The answer came back from Matthew Wild (thanks!):
ls -l $(which firefox)
I cheated a little. I’ve not come across $(command), but I have come across `command`. So, I asked my friend to run “ls -l `which firefox`”. He replied with:
lrwxrwxrwx 1 root root 20 2008-02-09 17:16 /usr/bin/firefox -> /opt/firefox/firefox
Er.. that looks wrong to me. The packaged firefox binary for version 3 is in /usr/bin/firefox-3.0. Looks like the uninstall of ubuntuzilla didn’t go so well. I asked him to run:
"rm /usr/bin/firefox && ln -s /usr/bin/firefox-3.0 /usr/bin/firefox"
Which removed the old link, and added the correct one. (I should have asked him to run those commands through sudo thinking about it..)
That solved his issue and he’s now happily running firefox 3. Anyone have a better way to implement this fix, if we ever need it again?
Matthew kindly explained the difference between “$(command)” and “`command`” in earlier today. No difference π
$(command) is easier to send to people so they don’t have to find the backtick key. (UK keyboards, above the tab key)
I’ve been taught a couple of command line tips at work, and thought it wouldn’t be fair if I didn’t pass them on. So, we begin.
This insanely useful trick, in a terminal or a console, will allow you to search your bash history for any command you’ve previously run and re-run it. For example, quite often on my laptop, type “CTRL-R upg” in a terminal window, which runs the following command:
sudo apt-get update && sudo apt-get upgrade -y
If you don’t know, that command updates your package repository listing (what programs have been updated), and then goes and upgrades all of the packages that have been upgraded, with the only exception of the more significant upgrades, like to the kernel. (A human has to activate those particular upgrades – and the -y tag doesn’t signify human, as that command can be cron jobbed very easily…)
This one I was taught in my interview for Positive Internet. (So, I’d better not get this wrong! ;))
If you have run a series of commands in a terminal or console repeatedly, say editing a file, doing a config check and then restarting apache (as I have done whilst I’ve been playing with my Apache2 config file for this blog), then this little switch is priceless. Basically, once you hit the up arrow to find the command you wish to use, hitting CTRL-O instead of Enter, will execute the command, and then once you’re back at the shell prompt list the next command in the series. So for the first set of commands:
vi /etc/apache2/sites-available/kirrus [ENTER and edit the config] apache2ctl configtest [ENTER] apache2ctl graceful [ENTER]
Ooops, I’ve just killed my blog by way of a looping redirect! Quick, undo!
[UP ARROW, UP ARROW, UP ARROW] vi /etc/apache2/sites-available/kirrus [CTRL-O and fix the config] apache2ctl configtest [CTRL-O] apache2ctl graceful [ENTER]
The benefit? The second time round, once I found and initiated the series of commands, I didn’t need to type anything, other than the changes to the config file, and the initiating control sequences. Annoyingly, you can’t just hit CTRL-O once, and then expect to be in the chain next time you hit enter – hitting enter won’t provide you with the next command in the chain once you’re finished. Although, this of course can be a good thing, if you want to return to a clean command prompt.
Hopefully one of those will be useful to you.
For some strange reason, the Ubuntu UK planet didn’t pick up my last post as a new post. Possibly because it got a little confused with the server move and IP address change? Anyway, for those of you reading this on the planet, I have a post about a couple of the tools that come with apache2 on my blog. Not much, but hopefully interesting.
Caffeine: I’ve pretty much overdosed this evening. Head’s swimming right now, and the screen appears to be filling my vision (hence the more than normal ramblingness [yes I invented a word :)] going on in this post). Stayed on at work for an hour and a half, pushing me closer to the tiredness limit. So, on the way home I drank a bottle of Coca Cola, (the tube section) and a small americano coffee (the train section). It kept me awake (yay!) at the cost of me being a little… jumpy at the moment. Still, it’ll wear down shortly, especially since I finished my food about 20 minutes ago. That always helps clear the caffeine effect. So, shortly I’m going to crash from my caffeine high, and be a Zombie. Hopefully won’t be that way tomorrow morning, but at least I can sleep on the train in and if I’m lucky and get a next-to-the-door seat on the tube quickly, on the tube in. (The glass to your left or right acts as a good, if a little hard, pillow. The glass behind you, unfortunately, moves too much, and gets painful quite quickly.)
Right. I can feel myself starting to slow down, so I’d better sign off before the Zombieness (Yay for creating random useless words!) comes into play.
Stay safe π
I thought it was probably a good time for another Ubuntu-related post, so here we go.
Something I found on one of my explorations, is this really handy feature (handy for me at least), which allows you to give a window “focus” (or selection) merely by putting your mouse over it. To activate it, click on “System”, go to “Preferences”, and then click on “Window”. Up pops a small selection window.
As you can see, I’ve ticked “Select windows when the mouse moves over them”. You can also have windows be raised to the top of the screen if you hold your mouse over them for a certain length of time. As my collegue at work found, setting the interval to “0” is not very useful…
There are a couple of other tweaks you can make here. I’ll let you explore them on your own π
“Always on Top” allows you to basically tell the system that you want a window to be the upper-most on the screen, no matter what else you do. You can’t “Raise” anything above it. I tend to use this little gem with my next tip.
Set a window to be always on top by right clicking on the title bar (the big orange bar at the top of the window, which contains the minimize, maximize and close buttons). Click the “Always on Top” option. ThatΒ window will now stick on top of your screen. Undo it, by right clicking again on the title bar, and clicking “Always on Top” again.
pwgen is a small, neat, command-line program to quickly generate fairly easy-to-remember, fairly secure passwords. You can install it by clicking here, or going to whichever package manager you prefer (synaptic, Add-Remove Programs, apt-get or aptitude) and installing “pwgen”.
Use it simply by typing “pwgen” in a terminal (“Applications” > “Accessories” > “Terminal”). I tend to run it with the command “pwgen 8 1”, which generates one 8 character password.
Now, if you’re adding a lot of users to a system or something (I am currently at work), using a combination of these tips will save you time… I’ll leave it up to you to work out how to combine them. (Hint: resizing a terminal window like I did above is a good starting point.)
Since my rant about the state of bugs in Ubuntu, I’ve been going over my bugs, one by one, poking them and re-triaging them. I did this to one bug for gweled, 110268. One of the people who had experienced this one tagged it “bitesize” (easy to fix) and “packaging”. I reset it into “confirmed” state, assigned it to the MOTUs. (I tend to set them to “incomplete” whilst poking them to make sure they’re still an issue – that way if there is no response and I randomly disappear, launchpad will automatically mark them for expiration). As a result of my poking it, Effie Jayx was asked to it, and the bug is no-more in Hardy. Nice π
Thinking about it, I probably should have chucked that particular bug upstream earlier. The reporters had done all the work tracking down the bug… there we go, live and learn. I’m slowly poking all the bugs that haven’t been fixed, that I’ve triaged, making sure they all go to the right places…
‘How can a walk fail?’ I hear you ask. Quite simple, I was attempting to find a few geocaches, in a long walk around my local area. Geocaches are basically small hidden caches, which you find with a hand-held GPS.
So, I parked up with my recently repaired car (long story), and set off. However, I managed to go the wrong way (yes, even with a gps with topographical maps of the area), so I didn’t get anywhere close to finding any geocaches. I’ll probably try a completly different route next time…
On the way though, I did manage to take a couple of nice photos, so here are the best of them. As usual, all photos are under the Creative Commons share-alike attribution licence, click on the photos to see a bigger version on flickr.
This one is looking through a wire fence, fairly close to where my next one was taken. Sorry the background is blurry, should have put it into macro mode. The hill was quite steep here and my footing was tenuous so I wanted to move on quickly…
Went past this wall whilst walking back to my car in the woods. Its falling to bits, but not being kept up, as it’s been replaced by wire fences. There are quite a lot of crumbling dry-stone walls in this particular wood.
As usual, my water photography continues π
I took these two at a local park, which is very close to where I work. I go there to eat lunch sometimes, and there’s a artificial pond created by this weir/dam.
Recently, we came under attack from the Storm / Nuwar Botnet. The post I made about it on the third of October: We had mis-identified it as a referral spam attempt. Close, but no cigar.
Now, I’ve always tried to keep my name & employer from becoming too widely spread on the interweb, although there is a couple of really, really easy ways you can find it, just from this website. (One of them being, ask me π )
It appears, that as a result of the two posts I’ve made about the Storm Worm, someone decided to DDOS not this blog, but my employer’s un-related servers, attacking one of our customers’ managed servers, and then our webmail server. (This blog is hosted from servers inΒ the same rack as those servers.)
At its peak, the attack was drawing 8Mbps of data transfer. (About 1MB per second.)
Graph is read from right to left. <<<<<<< Time Flows that way. <<<<<<<
You can see at 0930, when I got in work and started combating the attack. We only really stopped it the morning this graph just ends on…
Only problem, was that they were flooding our server with requests, literally using every available incoming connection on the server all the time.
For non-techies, a web site is hosted by a computer somewhere on the interweb, that never gets turned off, connected to a really thick pipe to the internet. Its configured to accept a certain number of new people visiting its website(s) at once.
We’ve now completely mitigated this attack (to the point, where at most now its drawing 50kbps 1). Technically, we can mitigate (and sustain) a much more serious attack. This was basically a “Get Lost, and STOP POSTING ABOUT US” poke.
An expensive poke. A sustained 8Mbps transfer rate is expensive in bandwidth!
So far (*wanders off to check*) we’ve identified 23,265 ip addresses which have tried to attack us. That’s a lot of infected computers, but it could have been worse.
It appears the attack has been petering out, we are identifying one new bad ip (infected computer) once every 30-60 seconds. At its peak, we were picking up at least one new ip every second.
If we have another look at that graph of the attack:
The attack started at 1AM GMT, and ramped up to full power in about 20 minutes. That means that it takes the Nuwar / Storm botnet about 20 minutes for a command to filter down into its bots.
At the beginning of the attack, the pattern we were seeing was a bad request from one ip, then 3 different bad requests, then back to the first IP. Sometime during the attack, I think about 1400 or 1500 (2 – 3pm) they switched to hitting us repeatedly from one ip address, showing that someone was probably monitoring at least a small part of this attack, and had noticed that we’d started to block the attacks.
Now, this happened quite a while ago.
So why haven’t I posted about it yet? Why has it taken me 2 weeks to blog about this?
Because, its only now that we feel that we are able to safely weather another attack, should the Zhelatin Gang decide to start poking us again. If they didn’t like me posting what I have, they’re not going to like me posting this.
A message to them: I do not like bullies. Go pick on someone your own size for a change.
Thanks to stopddos.org, for analysing the logs and identifying Storm as our attackers.
UPDATE 20/10/07: A little while ago I sent a part of our logs for geographical analysis to one of the nice guys at castlecops.com.
Here is the graph that resulted from that. This is the top 5 attackers from country, in a pie chart. As you can see, Germany (Country Code DE) was the biggest, closely followed by the US. If you want to see other attack graphs, go here: http://www.spamtrackers.eu/wiki/index.php?title=Botnet_hosting (ours is listed there as BB, moved around to match up with the others, and slightly tweaked.)
WARNING: This will disable GUI access to your computer! DON'T do this to a machine which you want to use without having to play around with the X configuration files in command line.
In ubuntu, you can switch all logins to XDMCP quite simply. Here is the Howto:
apt-get update; apt-get upgrade -y
apt-get update; apt-get upgrade -d -y
evolution --force-shutdown