Geert's Place

A short slideshow with photos of my latest trip to Scotland. Places visited: Isle of Skye, Fort William, Glencoe, Loch Lomond, Falkirk and Edinburgh.

Gear used: Canon EOS 60D, EF 70-200mm f/2.8L IS II USM, EF 50mm f/1.8 STM and EF 16-35mm f/4L IS USM.
Post-production in Lightroom Classic CC.

I went on a trip to the USA with my friend and ex-colleague Stefanie. We visited New York, Boston, Scranton, Washington and Philadelphia. 🇺🇸

Technical gear : Canon 60D, Canon EF 50mm f/1.8, Canon EFS 18-200mm f/3.5-5.6, iPhone 6S.
Post-editing in Adobe Lightroom 5 and iMovie.

PS: You can watch it fullscreen 😏

So I went to Budapest as well this summer. Great city, impressive architecture, good food, friendly people.
I’ve been visiting the famous Parliament building, a couple of thermal baths, the citadel (heavy climbing involved), a covered market and plenty of other great things. Have a look at the pictures – I hope you like them!

Technical gear : Canon 60D, Canon EF 50mm f/1.8, Canon EFS 18-200mm f/3.5-5.6, iPhone 6S.
Post-editing in Adobe Lightroom 5.

Apparently Youtube is getting more and more anal, and it has blocked my latest holiday pictures slideshow in some countries. Which is probably related to the used music tracks. Which is pretty lame of course, because all of these tracks can be heard on Youtube anyway. So far the Youtube rant.

This year’s summer trip was to Greece. I’ve been visiting Athens, Preveza, Parga, Igoumenitsa, and Ermones and Kerkyra on the island of Corfu.
The images speak for themselves 🙂

Technical gear : Canon 60D, Canon EF 50mm f/1.8, Canon EFS 18-200mm f/3.5-5.6, iPhone 6S.
Post-editing in Adobe Lightroom 5.

This year’s trip to Croatia also led me and my best friend thru Germany, Austria, Slovenia, Montenegro and Bosnia & Herzigovina. Visited places included Maribor, Zadar, Dubrovnik, Mostar, Kotor, Split and Passau.. Enjoy the slideshow ! 🙂

[yt video=”uVHz7H9qhAM” width=”480″ /]

In a previous post, I mentioned an enormous load on my Apache web server. So now I found the source and cause of this very annoying happening. It was actually a not-so-subtle mix of DDoS attacks, mixed with an arsenal of fake Google bots. In the logs (typically /var/log/httpd/access_log) this would look like this :

94.23.6.88 – – [15/Jan/2015:16:35:40 +0100] “POST /wp-login.php HTTP/1.1” 403 214 “-” “Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)”
209.20.80.243 – – [15/Jan/2015:16:36:26 +0100] “POST /wp-login.php HTTP/1.1” 403 214 “-” “Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)”
199.59.56.6 – – [15/Jan/2015:16:36:43 +0100] “POST /wp-login.php HTTP/1.1” 403 214 “-” “Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)”
195.154.75.101 – – [15/Jan/2015:16:36:49 +0100] “POST /wp-login.php HTTP/1.1” 403 214 “-” “Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)”

Now, they may LOOK like Google bots (which are normally quite harmless), but taking a closer look at this .. Why would they use so many different IP addresses/networks ..? And why would they be trying to log in on my blog? 🙂
When I look up those IP addresses, the hostnames are : ns204288.ovh.net, mail.jenruno.com, synconlinemedia.com and 195-154-75-101.rev.poneytelecom.eu …

They look a lot more like hacked machines, if you ask me. The Google bot IP range is actually known: it’s 66.249.*

So, there are a few ways on how to tackle these fakers. First of all there is a nice plugin for WordPress, called Wordfence. This adds some security but you basically need to know what you’re doing. A second way would be to block the IP’s on firewall level .. But that turns into a nightmare/fulltime job quite fast.
The most effective way to block them, and still allow the REAL Google bots to carry on, is by simply routing the fakers to an error page, which is a default Apache error page. It decreases the load on the web server dramatically.

In your server (or virtual server) root directory – mostly /var/www/html/ – you just have to put an .htaccess file which contains :

RewriteEngine on
RewriteOptions inherit
Options +FollowSymlinks
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} Googlebot
RewriteCond %{REMOTE_ADDR} !^66\.249\.
RewriteRule .* – [F]

For this to work, you need to have the Rewrite Module compiled in your Apache. Just have a look in your config file (/etc/httpd/conf/httpd.conf) and look for a line that reads :
LoadModule rewrite_module modules/mod_rewrite.so

If it’s commented out, simply remove the comment and reload your Apache by running the command “apachectl restart” as the root or apache user.

Have fun killing off fake bots 😉

After Heartbleed, there is another serious bug around which is affecting Mac and linux systems. More specifically : it is a bug present in bash. This bug can be exploited and it can give an attacker the possibility to run arbitrary commands on your system. In other words: this is extremely dangerous. An overview of the attack vectors can be found on this site.

There are 2 tests you can perform yourself, to check whether your system is vulnerable to the 2 attack vectors :
In a terminal window, type the following command, followed by enter

env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”

The result should be :

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’
this is a test

If you get the following output, your system is vulnerable :

vulnerable
this is a test

Also check your system for the second vulnerability :

env X='(){(a)=>\’ bash -c “echo date”; cat echo; rm -f echo

You should see this :

date
cat: echo: No such file or directory

In case you get the following output, your system is again vulnerable to the exploit :

date
[The Current Date and Time]

So what you need to do in case your system returned one or both of the bad outputs

Apple already said they are working on a patch, and that “the vast majority of Apple computers are not vulnerable”. However, I can only highly recommend patching this bug yourself – it doesn’t take long and it’s not complicated.

The only prerequisite is Xcode – Apple’s development platform. You can download it for free from the App Store.

Next, perform the following steps from within a Terminal window :

It will spawn a lot of text while it’s compiling, and it should come up with “BUILD SUCCEEDED” when it’s done.
The second patch will be addressed like so :

Again, you’ll see “BUILD SUCCEEDED“. Now it’s time to make a backup of your old bash. Perform the following commands in a Terminal window :

sudo cp /bin/bash /bin/bash.old
sudo cp /bin/sh /bin/sh.old

Now replace the old bash with the new, compiled version :

sudo cp build/Release/bash /bin
sudo cp build/Release/sh /bin

Run the 2 tests again; the output should be fine now.

My Apache webserver suddenly started to use an insane amount of RAM, freezing the whole box.. There are a couple of things you can tune in order to avoid this from happening.  Obviously, one or more scripts are causing this issue.  You could either go search for them by running the next commands :

ps -eo pmem,pcpu,pid,user,rss,vsize,args | { head -1 ; sort -k 1 -r -n ; } | head -10

This will sort the top 10 processes which eat away all the RAM.  Run the following command to free up memory while you’re troubleshooting :

echo 3 > /proc/sys/vm/drop_caches

Change the next settings in your httpd.conf (typically found in /etc/httpd/conf/) :

<IfModule prefork.c>
StartServers 2
MinSpareServers 2
MaxSpareServers 5
MaxClients 150
MaxRequestsPerChild 500
</IfModule>

LoadModule deflate_module modules/mod_deflate.so
<Location />
AddOutputFilterByType DEFLATE text/html text/plain text/css text/xml application/x-javascript
</Location>

KeepAlive On
KeepAliveTimeout 2
MaxKeepAliveRequests 80

<Directory />
Options FollowSymLinks
</Directory>

<Directory />
AllowOverride None
</Directory>

ExtendedStatus Off

Timeout 45

Also, it might be worth having a look at Easyapache and add mpm-prefork, or else Nginx or Litehttpd..

I’ve been working on a new track since a couple of days – it’s progressing quite well.  Still trying out a few things to get a decent intro and outro done though.  I used the following equipment and plugins for the 2-minute teaser :

* Logic Pro
* Behringer UMX61
* Massive
* FabFilter Pro Q
* FabFilter Pro-C
* ArtsAcoustic Reverb
* LFO Tool
* Spire
* Sylenth1

You can find the preview here.

This video contains pictures of my recent road trip to Slovenia, Croatia and Italy .. My friend and I crossed 10 countries in 13 days : Belgium, Holland, Germany, Austria, Slovenia, Croatia, Italy, Switzerland, France and Luxembourg 🙂

All pictures in the video have been taken with my iPhone 5S – no pictures, except for one, have been edited and/or manipulated… Enjoy !