Month: April 2013

Categories
DNS Scams

What if someone approaches you offering a domain?

Intro
As a domain owner you will sooner or later get an unsolicited email like the following one I received March 28th:

Hello,
 
We are promoting the sale of the domain name johnstechtalk.com that is being returned back to the open market very soon.
You own a very similar domain and we wanted to give you a first chance to secure johnstechtalk.com. If this offer is of any 
interest to you, the link below will lead you to our website where you can leave an early offer:
 
http://baselane.net/acquire/c00bsn1ub/J8jIGPiguH
 
Alternatively you can simply reply to this e-mail with your offer and we will manually process your order.
 
Here are a few quick notes about the offer:
-You are leaving an offer for full ownership and control over the domain. 
-You do not have to use our hosting or any other service, you are bidding only for the domain.
-This is a single transaction, no hidden surprises. 
-We will not give away your personal information to anybody.
-You will not need a new website or hosting you can easily redirect your existing website to point to this one.
-Our technical team stands at your disposal for any transfer/redirect issue you may have.
 
Thank you for considering our domain name service!
Please feel free to call us any time we would be really happy to hear from you!
 
Kind regards,
Domain Team

The thing is, this is not complete spam. After all, it is kind of interesting to pick up a shorter domain.

But is this a legitimate business proposition? What can we do to check it? Read on…

The details
The first reaction is “forget it.” Then you think about it and think, hmm, it might be nice to have that domain, too. It’s shorter than my current one and yet very similar, thus potentially enhancing my “brand.”

To check it out without tipping your hat use Whois. I use Network Solutions Whois.

Doesn’t the offer above make it sound like they have control over the domain and are offering you a piece of it? Quite often that’s not at all the case. For them to control the domain to the point where they are selling it would require an upfront investment. So instead what they do in many cases I have encountered is to try to prey on your ignorance.

When I received their offer the Whois lookup showed the domain to be in status

RedemptionPeriod

Form what I have read the redemption period should last 75 days. Its a time when the original owner can reclaim the domain without any penalties. No one else can register it.

If they actually owned the domain and were trying to auction it off, it would have had the standard Lock Status of

clientTransferProhibited

or

clientDeleteProhibited

Furthermore, domains being auctioned usually have special nameservers like these:

Nameservers:
  ns2.sedoparking.com
  ns1.sedoparking.com

Sedo is a legitimate auction site for domains.

johnstechtalk.com, having entered the redemption period, will become up for grabs unless the owner reclaims it.

If I had expressed interest in it I’m sure they would have obtained it, just like I could for myself, at the end of the redemption period and then sold it to me at a highly inflated price.

Not wanting to encourage such unsavory behaviour I made no reply to the offer and checked the status almost every day.

New status – it’s looking good
Last week sometime it entered a new status:

pendingDelete

I think this status persists for three days or so (I forget). Then, when that period is over it shows up as available. I bought it using my GoDaddy account for $9.99 last night – actually $11.00 because there’s an ICANN fee of $0.18 and I rounded up for charity.

And this is not the only domain I have bought this way. I bought vmanswer.com because I was annoyed by the number of unsolicited offers to “buy” it! That purpose was achieved…

But I am watching another domain that was offered to me and really did go to the auction house Sedo, where it is currently sitting (which means no one else is all that interested). I am curious to see what happens when it expires later this year.

Save the labor
How could I have avoided the trouble of those daily whois lookups? Well, on my Linux server there is the ever-handy whois, as in

$ whois johnstechtalk.com

But sometimes it gives fairly complete information and for other domains not so much. It depends on the registrar. For GoDaddy domains you get next to no information:

[Querying whois.verisign-grs.com]
[Redirected to whois.godaddy.com]
[Querying whois.godaddy.com]
[whois.godaddy.com]

I suspect it is a measure GoDaddy takes to avoid programmatic use of WhoIs. Because if it answered with complete information it would be easy for a modest scripter like me to write a program that runs all kinds of queries, which of course would mostly be used by the scammers I suppose. In particular since I wasn’t seeing the domain Lock Status from command-line whois I didn’t bother to write an program to automate my daily query. Otherwise I probably would have.

What about cybersquatters?
In the case mentioned above there is no trademark at stake. Often there is. what should you do if you receive an offer to sell you a domain name which is based on one of your own trademarks? I get lots of those as well. My approach is, of course, to not be extorted. So at first I was ignoring such solicitations. If I want to really go after the domain, I will sic my legal team on them and invoke UDRP (ICANN’s Uniform Domain Dispute Resolution Policy). UDRP comes down heavily in favor of the trademark holder.

But lately I wanted to do something more. Since this is illicit activity at the end of the day, I look at where the email comes from. Often a Gmail account is used. I gather the headers of the message and file a formal complaint with Google’s Gmail abuse form, which I hope leads to their account being shut down. I want to at least inconvenience them without wasting too much of my own resources. Well, I don’t actually know that it works, but it makes me feel better in any case 🙂 .

This is the Gmail abuse page. Yahoo and MSN also have similar forms.

Conclusion
Unsolicited, sound-similar domains is one of the many scams rampant on the Internet. But with the background I’ve provided hopefully you’ll be better at separating the scams from the genuine domain owners seeking to do business through auctions or private sales.

Interested in reading about other scams? Try Spam and Scams – What to Expect When You Start a Blog

Categories
Linux

Is Mining Bitcoins on the Amazon Cloud the Road to Riches?

Intro
Answer: Not as far as I can tell. Of course it’s irresistible for us technical folks to try. Here are my back-of-the-envelope calculations for my trial.

The details
A currency that’s not linked to any one government’s policies has a lot of attraction. Bitcoin is that currency, and it seems to be catching on. I knew people last year who were “mining” Bitcoins. I had no idea what they were talking about, but I could tell from what they were saying that they were trying to create more currency units. How strange and wonderful, a currency that gets minted by potentially anyone.

I learn mostly by doing, so I decided to download one of those mining programs and see what this was all about.

Well, I still haven’t learned what it’s all about because it’s more complicated than I thought, but I learned what approach not to take. And that’s what I’m sharing here.

I downloaded bfgminer for my CentOS Amazon EC2 server. That in itself was a good exercise as it needed a whole ecosystem of other packages to be installed first. On my system I found I needed ncurses-devel and libcurl-devel, which brought in other packages so that by the time they were installed I had installed all these packages:

libcurl-devel-7.19.7-35.el6
curl-7.19.7-35.el6
libidn-devel-1.18-2.el6
libcurl-7.19.7-35.el6
libssh2-1.4.2-1.el6
ncurses-static-5.7-3.20090208.el6
ncurses-devel-5.7-3.20090208.el6

It’s also designed more for a different type of computing environment. Getting it to compile was one thing, but getting it to actually run is another.

At first it found nothing to run on. So I had to recompile, this time specifying:

$ ./configure –enable-cpumining

to enable use of my virtual CPU.

It wanted a pool and URL and other things I don’t have when it starts up. I finally found a way to run it in test mode.

The results
My setup at Amazon could calculate 0.4 mega hashes per second. Doesn’t sound too bad, right? Wrong. Looking at some of the relevant numbers and doing a back-of-the-envelope calculation we have:

– total world computing power dedicated to this effort: 60,000 Giga hashes per second
– rate of blocks being written: six per hour
– number of bitcoins in a block: 25
– value of a bitcoin: $78

From this we have:
Minimum computation required for a DIY effort to produce one block:

Effort = 10 minutes * 60 s/min * 60×10^12 hashes/s = 3.6×10^16 hashes =~ 4×10^16 hashes

So with my resources one my small instance this will take me:

time to make a block = 4×10^16 hashes/block / 0.4×10^6 hashes/s = 10^11 s
= 10^11 s * year/(π•10^7 s) =~ 3×10^3 years

Why my fixation on a block as the minimum unit of bitcoins? Because in my five minutes of reading that seems to be the minimum acceptable unit to be able to mint more bitcoins.

By the way, every physicist knows that a year has π•10^7 seconds! That’s one of those useful numbers we carry around in our heads.

For the scientific-notation challenged, I’m saying that it will take me 3,000 years to create a block of bitcoins by myself!

Now let’s have some fun with this. Of course Amazon being the premier cloud hosting company that it is, you can rent (I have heard of this actually being done) 30,000 servers at once.

To be continued…

Appendix
How I measure my has rate
I ran

$ bfgminer –benchmark

Then I did a and got these results:

 [2013-04-16 08:25:39]
Summary of runtime statistics:
 
 [2013-04-16 08:25:39] Started at [2013-04-15 12:55:43]
 [2013-04-16 08:25:39] Pool: Benchmark
 [2013-04-16 08:25:39] CPU hasher algorithm used: c
 [2013-04-16 08:25:39] Runtime: 19 hrs : 29 mins : 56 secs
 [2013-04-16 08:25:39] Average hashrate: 0.4 Megahash/s
 [2013-04-16 08:25:39] Solved blocks: 0
 [2013-04-16 08:25:39] Best share difficulty: 0
 [2013-04-16 08:25:39] Queued work requests: 0
 [2013-04-16 08:25:39] Share submissions: 0
 [2013-04-16 08:25:39] Accepted shares: 0
 [2013-04-16 08:25:39] Rejected shares: 0
 [2013-04-16 08:25:39] Accepted difficulty shares: 0
 [2013-04-16 08:25:39] Rejected difficulty shares: 0
 [2013-04-16 08:25:39] Hardware errors: 0
 [2013-04-16 08:25:39] Efficiency (accepted / queued): 0%
 [2013-04-16 08:25:39] Utility (accepted shares / min): 0.00/min
 
 [2013-04-16 08:25:39] Discarded work due to new blocks: 46376
 [2013-04-16 08:25:39] Stale submissions discarded due to new blocks: 0
 [2013-04-16 08:25:39] Unable to get work from server occasions: 0
 [2013-04-16 08:25:39] Work items generated locally: 0
 [2013-04-16 08:25:39] Submitting work remotely delay occasions: 0
 [2013-04-16 08:25:39] New blocks detected on network: 0
 
 [2013-04-16 08:25:39] Summary of per device statistics:
 
 [2013-04-16 08:25:39] CPU0                | 5s:  0.0 avg:377.4 u:  0.0 kh/s | A:0 R:0 HW:0 U:0.0/m

The about fourth line from the top shows the average has rate of 0.4 Megahashes/second.

Other resources
Bitcoin exchange value really fluctuates a lot compared to conventional government-sponsored currencies! Go here for the current value.

A timely and informative intro to Bitcoin is available here.

Categories
Admin CentOS Security

Example using iptables, the CentOS firewall

Intro
This document is mostly for my own purposes. I don’t even think this is the best way to run the firewall, it’s just the way I happened to adapt.

Background
My friends tell me ipchains was good software. Unfortunately the guy who wrote iptables, which emulates the features of ipchains, wasn’t at that same skill level, and the implementation shows it. I know I struggled with it a bit.

Motivation
I decided to run a local firewall on my HP SiteScope server because a serious security issue was found with our version’s HTTP server such that it was advisable to lock it down to only those administrators who need access to the GUI.

The details
This was actually implemented on Redhat v 5.6, though I don’t suppose it would be much different on CentOS.

December 2013 update
I also tried this same script provided below on a Redhat 6.4 OS – it worked the exact same way without modification.

The main thing is that I maintain a file with the “firewall rules.” I call it iptables. So I need to remember from invocation to invocation where I store this master file. Here are the contents:

#!/bin/sh
# DrJ, 9/2012
# inspired by http://wiki.centos.org/HowTos/Network/IPTables
# flush all previous rules
export PATH=$PATH:/sbin
iptables -F
#
# our main rules here:
#
# Accept tcp packets on destination port 8080 (HP SiteScope) from select individuals
# DrJ: office, home, vpn
iptables -A INPUT -p tcp -s 192.168.76.56 --dport 8080 -j ACCEPT
iptables -A INPUT -p tcp -s 10.2.6.107 --dport 8080 -j ACCEPT
iptables -A INPUT -p tcp -s 10.3.13.138 --dport 8080 -j ACCEPT
#
# the server itself
iptables -A INPUT -p tcp -s 127.0.0.1 --dport 8080 -j ACCEPT
#
# set dflt policies
# for logging see http://gr8idea.info/os/tutorials/security/iptables5.html
#iptables -A INPUT -j LOG --log-level 4 --log-prefix 'InDrop '
# this is a killer!
#iptables -P INPUT DROP
# just drop what is really the problem...
iptables -A INPUT -p tcp --dport 8080 -j DROP
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
#
# access for loopback
iptables -A INPUT -i lo -j ACCEPT
#
# Accept packets belonging to established and related connections
#
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#
# Save settings
#
/sbin/service iptables save
#
# List rules
#
iptables -L -v

Of course you have to have iptables running. I do a

$ sudo service iptables status

to verify that. If its status is “not running,” start it up.

As mentioned in the comments I tried to be more strict with the rules since I’m used to running firewalls with a DENY All rule, but it just didn’t work out well for me. I lost patience and gave up on that and settled for dropping all traffic to TCP port 8080 except the explicitly permitted hosts, which is good enough for our immediate needs.

Conclusion
This is a simple example of a way to use iptables. It’s probably not the best example, but it’s what I used so it’s better than nothing.