Search found 45 matches

by mcg
08 Feb 2010, 16:55
Forum: B2 & B3 Support
Topic: Continuous flashing blue light - help!
Replies: 4
Views: 2494

Re: Continuous flashing blue light - help!

Ouch, that's a bummer. Obviously you want to avoid erasing your data. What I would do is boot up using the USB stick, but with its configuration file edited to run in "rescue" mode. (See the instructions on this.) That way, you can poke around to see what the problem might be.
by mcg
02 Feb 2010, 01:10
Forum: B2 & B3 Support
Topic: Recovering RAID
Replies: 12
Views: 5765

Re: Recovering RAID

Yeah, I just do an periodic rsync from my main system disk to a backup disk.
by mcg
01 Feb 2010, 21:59
Forum: B2 & B3 Feature Requests
Topic: SSH brute force attack prevention
Replies: 22
Views: 14980

Re: SSH brute force attack prevention

Yes, that's a great alternative too. Only downside is that you have to have ready access to a knock client on any machine from which you intend to original an SSH connection. But honestly, I think that in my case, I would. Might have to look into this more.
by mcg
27 Jan 2010, 17:46
Forum: B2 & B3 Support
Topic: error mess?
Replies: 3
Views: 2186

Re: error mess?

Also look here

http://forum.excito.net/viewtopic.php?f=10&t=2086

If you change everything from SSH to FTP suggested there, it should help.
by mcg
27 Jan 2010, 17:39
Forum: B2 & B3 Support
Topic: error mess?
Replies: 3
Views: 2186

Re: error mess?

Yep, someone's doing a brute force attack on your server. Google "iptables brute force attack" for potential solutions. Most of them talk about SSH but they apply to FTP as well. But the easiest solution is not to turn off the FTP server completely or to configure your Bubba not to allow FTP access ...
by mcg
27 Jan 2010, 17:24
Forum: B2 & B3 Feature Requests
Topic: DPAP (iPhoto server) support
Replies: 1
Views: 2233

Re: DPAP (iPhoto server) support

OK, what I'm finding is that libdmapsharing requires libsoup2.4, but Etch only has libsoup2.2. Unfortunately the API changed between versions so there's really no going back without some effort. I wonder if libsoup2.4 can be compiled easily...
by mcg
18 Jan 2010, 21:55
Forum: B2 & B3 Feature Requests
Topic: SSH brute force attack prevention
Replies: 22
Views: 14980

Re: SSH brute force attack prevention

This is what I'm using. Add this to the end of your INPUT rules (in /etc/networking/firewall.conf) -A INPUT -p tcp -m tcp --dport 22 -m recent --set --name SSH #-A INPUT -p tcp -m tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j LOG --log-prefix "SSH Attack: " -A INPU...
by mcg
15 Jan 2010, 16:17
Forum: B2 & B3 Feature Requests
Topic: SSH brute force attack prevention
Replies: 22
Views: 14980

Re: SSH brute force attack prevention

Hadn't seen that before, but its functionality closely resembles that of fail2ban, which is already in the Debian package list. I preferred to stick with a static iptables-based solution for my application, and that has been working well for me so far.
by mcg
07 Jan 2010, 15:15
Forum: B2 & B3 Support
Topic: Disabling horde & kronolith
Replies: 4
Views: 2475

Re: Disabling horde & kronolith

Time for a followup question! It looks like that even if kronolith isn't being used, it is still consuming resources: specifically, mysqld opens all of the files in /var/lib/mysql/{horde,kronolith}, etc. So it's using open file descriptors as well. Yeah, that's maybe harmless, but if I'm not using t...
by mcg
05 Jan 2010, 11:01
Forum: B2 & B3 Feature Requests
Topic: DPAP (iPhoto server) support
Replies: 1
Views: 2233

DPAP (iPhoto server) support

I wouldn't have bothered to ask, because I didn't think such a thing existed... but there is this: http://www.flyn.org/projects/dmapd/index.html This provides both an iTunes server AND an iPhoto server. Now, there are probably good reasons to stick with Firefly, but this could be used to serve the p...
by mcg
05 Jan 2010, 10:48
Forum: B2 & B3 Feature Requests
Topic: Bubba as a time machine
Replies: 6
Views: 6326

Re: Bubba as a time machine

Another way to go about it is to give Time Machine its own partition.
by mcg
24 Dec 2009, 23:57
Forum: B2 & B3 Support
Topic: Mediatomb config.xml unreadable
Replies: 7
Views: 3186

Re: Mediatomb config.xml unreadable

Try this:

chmod a+rx /etc/mediatomb
chmod a+r /etc/mediatomb/config.xml

That's overkill but it probably ought to help. If that doesn't work or you get a "permission denied" here, try doing it as root.
by mcg
24 Dec 2009, 08:13
Forum: B2 & B3 Support
Topic: AFP-support useless for OS X Leopard users?
Replies: 6
Views: 3105

Re: AFP-support useless for OS X Leopard users?

Hmm... I didn't have to do anything special, either to my Mac or to my Bubba, to get my AFP connection working.
by mcg
24 Dec 2009, 08:08
Forum: B2 & B3 Feature Requests
Topic: SSH brute force attack prevention
Replies: 22
Views: 14980

Re: SSH brute force attack prevention

Hmm, what I'm seeing in your logs isn't that bad: one failed attempt every 10-15 minutes or so. I wouldn't worry about that. What I'm trying to prevent is several failed attempts *per second*. That said, a whitelist is certainly doable, as long as the IP addresses you're likely to log in from is fix...
by mcg
23 Dec 2009, 23:10
Forum: B2 & B3 Feature Requests
Topic: SSH brute force attack prevention
Replies: 22
Views: 14980

Re: SSH brute force attack prevention

OK, this is what I've done to get things working. First, I went ahead and added a rule right at the top of my INPUT and FORWARD lists to drop INVALID packets: -A INPUT -m state --state INVALID -j DROP This, combined with the rule that accepts all RELATED and ESTABLISHED packets, means that I can be ...