Categories
Admin Web Site Technologies

A day in the life of an IT Specialist

Intro
I’m not saying every day is like this, and I’m compressing several days into one narrative, but you’ll quickly get the idea and see the difficulties we face. As I like to joke this is why we make the medium bucks.

The single remaining guy responsible for the in-house application environment has finally convinced the powers that be to upgrade IBM WebSphere from a five-year-old version to version 8.5. We traditionally use a web server front-end which I have traditionally supported. So I get tapped to figure out what to do for new web servers.

I get three enormous zip files from him and nothing else.

I happen upon a documentation file containing a link to an IBM web site and not much else. I go there. The installation mentions using IBM Installation Manager. Never heard of it. I ask the guy for that.

Get it and unpack. Try to find documentation on how to install the Installation Manager and none seems to exist. Isn’t that ironic?

I wing it and try to run a file with the promising name of install:

$ sudo ./install

 sudo ./install
00:02.01 ERROR [main] org.eclipse.equinox.log.internal.ExtendedLogReaderServiceFactory safeLogged
  Application error
  org.eclipse.swt.SWTError: No more handles [gtk_init_check() failed]
  org.eclipse.swt.SWTError: No more handles [gtk_init_check() failed]
    at org.eclipse.swt.SWT.error(SWT.java:4387)
    at org.eclipse.swt.widgets.Display.createDisplay(Display.java:913)
    at org.eclipse.swt.widgets.Display.create(Display.java:899)
    at org.eclipse.swt.graphics.Device.<init>(Device.java:156)
    ...
Install:
An error has occurred. See the log file
/tmp/IBMinstall/configuration/1420812667336.log.

The logfile referred to contains this “helpful” information:

!SESSION 2015-01-09 09:11:05.439 -----------------------------------------------
eclipse.buildId=unknown
java.version=1.6.0_24
java.vendor=Sun Microsystems Inc.
BootLoader constants: OS=solaris, ARCH=sparc, WS=gtk, NL=en
Framework arguments:  -toolId install -accessRights admin input @osgi.install.area/install.xml
Command-line arguments:  -os solaris -ws gtk -arch sparc -toolId install -accessRights admin input @osgi.install.area/insta
ll.xml
 
!ENTRY org.eclipse.osgi 4 0 2015-01-09 09:11:12.346
!MESSAGE Application error
!STACK 1
org.eclipse.swt.SWTError: No more handles [gtk_init_check() failed]
        at org.eclipse.swt.SWT.error(SWT.java:4387)
        at org.eclipse.swt.widgets.Display.createDisplay(Display.java:913)
        at org.eclipse.swt.widgets.Display.create(Display.java:899)
        at org.eclipse.swt.graphics.Device.<init>(Device.java:156)
        at org.eclipse.swt.widgets.Display.<init>(Display.java:497)
        at org.eclipse.swt.widgets.Display.<init>(Display.java:488)
        at org.eclipse.ui.internal.Workbench.createDisplay(Workbench.java:669)
        at org.eclipse.ui.PlatformUI.createDisplay(PlatformUI.java:161)
        at com.ibm.cic.agent.internal.ui.AgentUIApplication.initDisplay(AgentUIApplication.java:140)
        at com.ibm.cic.agent.internal.ui.AgentUIApplication.launch(AgentUIApplication.java:162)
        at com.ibm.cic.agent.internal.ui.AgentUIApplication.start(AgentUIApplication.java:64)
        at org.eclipse.equinox.internal.app.EclipseAppHandle.run(EclipseAppHandle.java:196)
        at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.runApplication(EclipseAppLauncher.java:110)
        at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.start(EclipseAppLauncher.java:79)
        at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:353)
        at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:180)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.eclipse.equinox.launcher.Main.invokeFramework(Main.java:629)
        at org.eclipse.equinox.launcher.Main.basicRun(Main.java:584)
        at org.eclipse.equinox.launcher.Main.run(Main.java:1438)
        at org.eclipse.equinox.launcher.Main.main(Main.java:1414)

The references to Display hint that my display is goofed up. Which it is. I have no X display.

So I have to export the DISPLAY to another utility server where I can run vncserver.

Oops. That server was rebooted and so there is no vncserver currently running. I launch that:

$ vncserver :2

Now I can connect to it from my desktop using the VNC client, fire up an xterm and allow others to export their displays to it:

$ xhost +

Now I go back to Solaris and set my DISPLAY environment variable:

$ export DISPLAY=vncserver_name:2

And re-install. This time it comes up. The screen dialogs are very sluggish but very simple. I get it going just before 9:30 AM. The status bar creeps over to the right veerrrry slowly. at 10 AM it is finally done – for a package of size 297 MB! But I can do other work in the meantime. Hey, they can’t do backups any longer on a firewalled subnet. may be a problem with resolving the backup server’s name in this domain. Can I look into it? Yes, the domain name is missing when I query the authoritative nameservers. The guy next to me, I happen to know, is the administrator of this special domain. I ask him to look into it.

Meanwhile I unzip disk 1 of the WAS 8.5 download and hunt for the documentation. I find it in readme_plugins/en/readme_en.html. It doesn’t have much, just a few links to IBM web sites. After a few wrong leads I decide there is no direct link. I want to install the plugin file. So I have to interact with the online documentation a bit to get what I want. The documentation is thorough to the point of being bloated and effectively masks whatever it is you actually need out of it. I think I am getting close now after about 15 clicks and skimming loads of crap. The bread crumb trail looks like this so far:

WebSphere Application Server Network Deployment 8.5.5
Network Deployment (Distributed Operating Systmes), Version 8.5
Setting up intermediary services (who knew?)
Implementing a web server plugin
Installing and configuring web server plugins
Installing and uninstalling the Web Server Plug-ins on distributed operating systems

I’m still not sure I’ve struck meat yet. I just feel I am getting close now! No, actually there is another level:

Installing the Web Server plugins using the GUI

From this document, which actually contains some useful information, I get the imp[ression that I may need a repository set up, whatever that is.

I find and launch the IBM Installation Manager regardless to see what it does. I found its path as /opt/IBM/InstallationManager/eclipse/IBMIM. Click on the Install option and sure enough it complains I have no repository setup. It offers a link to do that.

After some futzing it seems to lead me to click on a repository config file in /opt/IBM/InstallationManager/eclipse/repository.config. But that may be a fools errand because when I re-launch it says the repository is not connected. Huh?

So then I try to specify a URL as repository, but to connect that I need an IBM username/password which i don’t have. I ask my colleague for one.

Meanwhile I re-examine the unzipped 1 of 3 zip file for WAS 8.5 and I see a repsitory.config file there! So after some fumbling with the slow and awkward Installation Manager GUI I manage to indicate that as my repository config file and delete the original one I had configured. This looks promising. Now I see an option to select IBM WebServer plugins. Looking good.

Interruption. You know that SHA2 certificate you got last year? We don’t think it’s really gong to work and can you get an SHA1 one instead? I am doubtful at this late stage but I promise to ask my contacts and fire off some emails.

The installation needs disk2 so I have unzip that one; then disk3. Now I’m out of space and move things around before unzipping that one. I am soon able to hit the Install button and seven minutes later the 389 MB package is installed.

I see it hasn’t asked me which web server I use and where it is and all that. So clearly I need some more steps. Rummaging around I come across /opt/IBM/WebSphere8.5/Plugins/bin/ConfigureApachePlugin.sh, which sounds pretty promising.

I run that and see there are a bunch of switches I have to provide values for. No problem. I get those and it runs. I examine what it has done to my config file and it looks partially promising and partially puzzling. It relies on an environment variable which I don’t think it has defined.

I stop the server and it already complains about that very thing:

httpd: Syntax error on line 344 of /usr/local/apache203/conf/httpd.conf: Syntax error on line 183 of /usr/local/apache203/conf/vhosts/secure-siteinfo.conf: Cannot load /usr/local/apache203/${WAS_PLUGIN_DRIVER} into server: ld.so.1: httpd: fatal: /usr/local/apache203/${WAS_PLUGIN_DRIVER}: open failed: No such file or directory

I define that variable. And try to stop it again. The next error kind of scares me:

httpd: Syntax error on line 344 of /usr/local/apache203/conf/httpd.conf: Syntax error on line 183 of /usr/local/apache203/conf/vhosts/secure-siteinfo.conf: Cannot load /opt/IBM/WebSphere8.5/Plugins/bin/64bits/mod_was_ap22_http.so into server: ld.so.1: httpd: fatal: /opt/IBM/WebSphere8.5/Plugins/bin/64bits/mod_was_ap22_http.so: wrong ELF class: ELFCLASS64

To me that hints I may have the wrong architecture installed. I run some control tests:

$ file /opt/IBM/WebSphere8.5/Plugins/bin/64bits/mod_was_ap22_http.so

/opt/IBM/WebSphere8.5/Plugins/bin/64bits/mod_was_ap22_http.so:  ELF 64-bit MSB dynamic lib SPARCV9 Version 1, dynamically linked, not stripped

and now compared to my apache binary:

$ file /usr/local/apache2/bin/httpd

/usr/local/apache2/bin/httpd:   ELF 32-bit MSB executable SPARC Version 1, dynamically linked, not stripped

I check with the system administrator if he had ever provided me a 64-bit apahce package for Solaris. After some checking we realize that Solaris 10 does provide an apache package but it is 32-bit.

I have an idea. I can simply change the path to the shared object file in my environment definition:

export WAS_PLUGIN_DRIVER=/opt/IBM/WebSphere8.5/Plugins/bin/32bits/mod_was_ap22_http.so

I had originally specified 64bits. Maybe this will be compatible. My first thought is that I installed the wrong package and would have to ask for a different download.

Yess! It now stops. And it starts. And I can access its homepage.

Now go into its config and change its home page to the same as used by the Sun Java System web server.

Find a page that actually calls out to WebSphere by examining the log files and grepping for js (just a hunch). I find something. Try to reproduce it with curl on the real web server and I get a not found. Hmm. Work harder to match up the host header to the vhosts mentioned in the plugin config file. Specifying the right host it gives me a redirect and sets some cookies. I know the web server isn’t programmed to do that so I must have reached the back-end WebSphere app server and now I have something to test with. Test against the port running apache with this WAS config file and it produces the same result! A redirect and some cookies. Great. The hardest part is over. Now a control. We’ll remove the plugin config line in the apache config and re-try it. Yup. 404 not found. We really are communicating to the app server.

No way I am going to go through that pain for each and every server where this is needed. I’ll just tar up the needed files and untar them on any server where this is needed.

But I wonder if I should use the provided apache instead.

Interruption. We’ve received a corrupt pdf file in email two months ago. The vendor is mad at us because we are the only ones with this problem. Could our systems have corrupted an attachment? This is kind of an interesting question and deserves some rumination. The quick reaction is no we don’t do that. But years of experience tell me that exceptions abound. I open the attachment. Yup, corrupted. I save the file in an effort to examine the bytes. Then I see it has 0 length, That’s peculiar. I’ve never seen that around here. Then I think to check our mail server log files two months back for their record. I quickly find it and see that its size was reported as 34000 bytes. That strikes me as kind of large for a message with no attachment, but kind of small for a pdf attachment. I share my results with the requester.

Answer: they can still issue an SHA1 CERT. But probably only one which has a year’s duration. I tell the customer for this certificate that all is not rosy as they will probably use an obscure CA which is not accepted by all his customers, so there is no way out without experiencing some pain here.

Unix admin tells me they’re now getting alerts about running out of disk space on the filesystem and system where I put my WebSphere installation downloads. I move another one of those puppies (1 GB in size) to /tmp.

Categories
Admin Network Technologies

Fixing a hanging JunOS Pulse VPN client login

Intro
I often have trouble getting a clean disconnect when shutting down my JunOS Pulse client. As often as not it hangs while displaying Disconnecting… A reboot seemed a little drastic to me so I found a kinder, gentler way to reset things. Read the details if this applies…

The details
When it’s hanging you will have an additional adapter not normally present called JunOS virtual adapter or something like that. To get to this adapter in Windows 7 type network in the Run text box. Click on Network and Sharing Center; then Change adapter settings.

Find the JunOS virtual adapter.

Right-click and disable it.

That’s it!

Your disconnect should then complete and the virtual adapter will eventually disappear on its own. I imagine you would need administrator access to your PC in order to be able to do this.


The catch
And this is a very big catch. This did save me a reboot as promised. But it has a huge drawback. The next time you try to use the JunOS Pulse client it will never finish connecting! So while it is trying to connect you have to repeat the steps above but this time enable the adapter!

I was really stumped when I first encountered this problem and couldn’t connect.

Why does this work?
Well, the symptoms I was experiencing during hanging is that the virtual adapter JunOS creates is present and keeps its IP address, as you can see form an output of ipconfig /all. So I thought there should be a way to remove the adapter with a command-line command. But when I clicked on the adapter I reasoned that if I could simply remove the IP address then I would achieve what I needed and restore my regular connectivity. Disabling it did that and it worked!

How do I get myself in this situation?
I use VPN. Then I leave my laptop for a length of time. Eventually the laptop hibernates, keeping its memory of running JunOS Pulse. Next I bring it to an office with a physical LAN port and that JunOS virtual adapter is still hanging around upon wake-up and the Pulse client is stuck disconnecting.

Conclusion
I have shown a method of saving yourself a reboot if your JunOS Pulse client is hanging upon disconnecting. However I have given you enough rope to hang yourself. You will never connect again unless you undo those very same steps the next time you try to connect!

The JunOS Pulse client is provided by Juniper Networks.

References
I explain how to work on a Juniper SA appliance in this post.

Categories
Admin

Getting beyond WordPress’ 2 MB limit

Intro
It’s a simple but frustrating thing, right, this hard, antediluvial 2 MB limit that WordPress imposes on media files?

My setup
If you read any of my other posts you will see I am master and commander of my own server and WordPress hosting. So I have control over all things. And yet when I wanted to upload a media file in WordPress whose size was greater than 2 MB I could not. I got this message:

2MBWPLimit

In which century did someone come up with that limit?!

So like everyone before me I dutifully read a bunch of posts and tried a few things, none of which worked.

What got me closer to the answer was the people who suggested the underlying problem is actually with PHP and to look at the output of phpinfo (from a simple test file I created with the contents <?php phpinfo() ?>):

...
upload_max_filesize	2M	2M
...

The hint to getting around this was also in the output of phpinfo from its early-on output:

Scan this dir for additional .ini files 	/etc/php.d
Additional .ini files parsed 	/etc/php.d/curl.ini, /etc/php.d/dom.ini, /etc/php.d/fileinfo.ini, /etc/php.d/gd.ini, /etc/php.d/json.ini, /etc/php.d/mbstring.ini, /etc/php.d/mysql.ini, /etc/php.d/mysqli.ini, /etc/php.d/pdo.ini, /etc/php.d/pdo_mysql.ini, /etc/php.d/pdo_sqlite.ini, /etc/php.d/phar.ini, /etc/php.d/sqlite3.ini, /etc/php.d/wddx.ini, /etc/php.d/xmlreader.ini, /etc/php.d/xmlwriter.ini, /etc/php.d/xsl.ini, /etc/php.d/zip.ini

So I realized that I need to add my php.ini file in either the /etc dircetory or in /etc/php.d. I chose the latter and created a php.ini file with these contents:

; DrJ, inspired by http://stackoverflow.com/questions/2184513/php-change-the-maximum-upload-file-size - 12/31/14
; Maximum allowed size for uploaded files.
upload_max_filesize = 10M
 
; Must be greater than or equal to upload_max_filesize
post_max_size = 10M

Re-starting my httpd daemon and re-running phpinfo I got the desired results

...
Additional .ini files parsed ... /etc/php.d/phar.ini, /etc/php.d/php.ini, /etc/php.d/sqlite3.ini, 
...
upload_max_filesize	10M	10M
...

and uploads greater than 2 MB began to work!

Conclusion
A native install of php has a default upload limit of 2 MB limit that probably dates from eons ago and no one has had the sense to raise it. So I’ve shown a way that was foreseen to override this setting – assuming you have sufficient access or influence over PHP’s configuration area. For me when I tried other approaches they did not work. The PHP limit in turn restricted WordPress media uploads, so fixing the one fixed the other.
To be continued…

Categories
Admin Linux Security

Citrix problems with SHA2 certificates SSL error 61

Intro
Basically all certificates issued these days use the SHA2 signing algorithm whereas a year ago or for some CAs just a few months ago this was not the case and the SHA1 signing algorithm was being used. This change causes some compatibility problems.

The details
It can be a little hard to test a new certificate with Citrix Secure Gateway. If you try it and pray, you may well find that a majority of Citrix clients can connect your Secure Gateway but some cannot. They may even see SSL error 61.

So if you dutifully go to this Citrix support page, TID 101990, you read a very convincing description of the problem and why it happens. The only thing is, it is probably totally wrong for your case! Because in it they argue that your certificate is faulty and go back to your CA and get a good one! Ridiculous! I’ve dealt with lots of CAs and gotten lots of certificates. Never had a faulty one like that.

So what’s the real explanation? I think it is that their own Citrix client is out-of-date on the PC where it isn’t working and doesn’t support SHA2! This is still an unfolding story so that involves a little speculation. Upgrade the Citrix Receiver client and try again.

But of course you need to do your basic homework and make sure the basic stuff is in order. Use openssl to fetch your certificate and certificate chain and have a look at them to make sure you’ve really set it up right. A beginner’s mistake is to forget to include the intermediate CERT. Perhaps that could cause the SSL error 61 as well. And of course you need a certificate issued by a legitimate CA. A self-signed certificate will probably definitely give you an SSL error 61.

Given time I’ll show how to check if your certificate – or any other reference certificate you want to compare it to- uses SHA1 or SHA2.

To be updated if I get more conclusive information…

Conclusion
Citrix is giving out misleading or wrong advice about SSL error 61.

References and related articles
This site seems to confirm the widespread problem with many Citrix clients and SHA2 certificates.
http://www.p2vme.com/2014/02/sha2-certificates-and-citrix-receiver.html
This site talks about the dangers of SHA1 certificates and what Microsoft is doing about it.

Categories
Admin

Cancelling those stuck print jobs in Windows 7

Intro
This is information I assembled from a couple different sources. Sometimes you view your print queue, a job’s not printing for whatever reason, you delete it, it shows cancelled, but won’t go away. Am I right? Here’s what you can do short of rebooting (which I object to as the cure for everything on philosophical grounds).

The rough outline
You’re gonna have to stop the spooler, delete the spooled files and re-start the spooler.

The details
– Launch a CMD window by typing CMD in the run menu.
– right-click on the cmd icon that pops up, choose the option run as administrator
– in that window type:

net stop spooler

You should see this output:

The Print Spooler service is stopping.
The Print Spooler service was stopped successfully.

– In Windows Explorer navigate to the folder

c:\windows\system32\spool\PRINTERS

– delete all the files you find there – those are your stuck print jobs
– back in your CMD window type:

net start spooler

You should see:

The Print Spooler service is starting.
The Print Spooler service was started successfully.

That’s it! If you re-launch your print queue view you should no longer see your stuck print jobs.

Conclusion
Annoyed by my own inability to delete print jobs I researched a time-saving way to do it without a dreaded reboot. Here I share what I’ve learned.

Categories
Admin Apache Hosting Service

running a second, third, …, instance of WordPress on your server

Intro
Since I can host drjohnstechtalk.com myself on my AWS server, why not a second blog, totally unrelated, for a friend? This has not been documented as well as I would have liked though it is very straightforward. So I’ll mention a few things here.

WordPress prep activities
You follow the WordPress regular installation instructions: http://codex.wordpress.org/Installing_WordPress. But I’ll repeat the important steps for the DIY admin with their own server like me:

$ cd /tmp; wget ‐‐no‐check‐certificate https://wordpress.org/latest.tar.gz
$ tar ‐xzvf latest.tar.gz
$ sudo cp ‐r wordpress <YOUR_HTDOC_ROOT>/blog

Set up a dedicated virtual server (apache virtual server) to handle this additional domain (that’s a whole post to explain).

The main thing is to realize you can set up a separate database in your single mysql instance for your second blog:

$ mysql -u adminusername -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 5340 to server version: 3.23.54
 
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
 
mysql&gt; CREATE DATABASE 2nddatabasename;
Query OK, 1 row affected (0.00 sec)
 
mysql&gt; GRANT ALL PRIVILEGES ON 2nddatabasename.* TO "2ndwordpressusername"@"localhost"
    -&gt; IDENTIFIED BY "passwordfor2nddatabase";
Query OK, 0 rows affected (0.00 sec)
 
mysql&gt; FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.01 sec)
 
mysql&gt; EXIT
Bye
$

Then access this web site’s WordPress setup page from a browser:

URL: http://example.com/blog/wp-admin/install.php

WP-Setup-capture

Error connecting to the database?

I usually goof up something or other. I have even literally created a username that was ‘username’@’hostname’ because I read that off my example before I corrected it. I needed to specify localhost instead of hostname. But anyway, I didn’t panic. I tried to connect to the MySQL DB with the user I thought I had just created (and it didn’t work), i.e., mysql -u newuser -p – would not accept the password I knew I had just created.

I even had problems droppnig that user, again, because unless I specified the user as ‘username’@’hostname’ it could not find the user!

In the days of MariaDB these types of DB commands still work the same way, for the record.

Categories
Security

Encrypting the cloud from your desktop

Background
More and more private users are storing their digital goods in the cloud. You can’t beat the convenience. But prying eyes, intelligence agencies or what-not may be a concern.

Solution
I just learned about a product from a German company called Boxcryptor. It is compatible with Google Drive, Dropbox, etc. It runs on your desktop, or ipad, Android phone, Macbook, etc. So it may be an appropriate choice. I believe you can even be selective about which directories to encrypt. So maybe put your photos in one folder, leave them be, and your financial spreadsheets in another and just encrypt that.

There is a modest annual fee.

I haven’t _personally_ tried it. It was recommended and demonstrated to me by someone who uses it. I will check it out if I can find the time.

To be continued…

References

Categories
Admin Exchange Online Internet Mail

PowerShell and Proxy server

Intro
I’ve used Windows PowerShell for all of a few hours so far. But, still, I think I have something to contribute to the community. The documentation on how to send commands through a standard http proxy is pretty miserable so I’d like to make that more clear. I plan to use PowerShell to administer Exchange online.

The details
Microsoft has some pretty good documentation on PowerShell in general. in particular for my desire to connect to Exchange Online I found this very helpful article. But that article says not a whit about sending your connection through an explicit proxy, which I found bewildering.

But I found some key documentation pages on a few related commands (TBD) which I eventually realized could be chained together to achieve what I wanted.

First I set up a credentials object:

$credential = Get-Credential

This pops up an authentication window so be prepared with your Microsoft administrator credentials.

cap-Get-Cred-popup

Next I make sure Internet Explorer has the correct proxy settings. Then I inherit them from IE like this:

$drj = New-PSSessionOption -ProxyAccessType IEConfig

I refer to this options object in the next command:

$exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -Credential $credential -Authentication "Basic" -AllowRedirection -SessionOption $drj

One more command to get things going:

Import-PSSession $exchangeSession

and I’m ready to issue real get/set commands!

Conclusion
Hopefully this posting helps to clear up what to do to make certain commands in PowerShell work through a standard http proxy. PowerShell, for a guy who’s only done BASH scripts, is actually pretty cool.

References
The basic idea of connecting to Exchange Online is contained here in this helpful Microsoft article, but you will find no mention of proxy whatsoever on that page. That part I figured out.

Categories
Admin Internet Mail Scams

The latest trend – Google search engine spam

Intro
I’ve been seeing an uptick in brief spams which provide links to a very legitimate site: the Google search engine!

The details
I’ve been getting a lot – several per day – that look like this one:

From: [email protected]
To: [email protected]
Subject: Legal drugs forum
 
Legalize!!! Read about strongest legal drugs in the world, and buy it online: https://www.google.com/url?q=http%3A%2F%2F%77%77%77.le%67a%6C%69z%65r%2EDRJinfo%2F&sa=D&usg=AFQjCNG0coaOvXJMkOn0nEMvP-dl11XKnQ
 
Attention: MDMB(N)-BZ-F is not allowed now!

Here’s another example which appears to be a different spam campaign using the same technique which I received several weeks after initially posting this article:

From: [email protected]
Subject: Turn your bedroom into paradise of satisfaction
 
https://www.google.com/url?q=http%3A%2F%2F%73lip.h%65al%69DRJn%67%73%65%63%75re%65%73hop.%65%75%2F&sa=D&usg=AFQjCNFeP_XevUiXV-m-DtxAJVi3SMRtVQ

I’ve changed the links slightly so no one gets in trouble by actually following it.

The link is changed each time and so is the sender.

How to report this?
I have been reporting these to Google directly on their page to Report malicious software, https://www.google.com/safebrowsing/report_badware/.

I have reported five to then of these and have never received a response from Google. It seems the best we can hope for is that Google engineers are sufficiently annoyed by my reports that they begin to agree hey there’s a problem here and maybe people will think less of us if we continue to do nothing.

Why this is particularly devastating
Because the malware link uses this combination:

– https (which encrypts everything)
– a very legitimate web site, www.google.com
– malware

It is very tricky to defeat. Many URL filters, e.g., those used on explicit proxies, cannot peer into https traffic and so have to make a single judgment for a whole site, even one as complicated as www.google.com. Either it is all good, or it is all bad. Who would have the courage to categorize Google as a source of malware and hence block all users from it?

So these perpetrators have engaged in what amounts to link laundering. Some of the URI is encoded in hex, I suppose to help avoid detection and create many valid patterns that are hard for Google to stamp out.

This started over a month ago and is stronger than ever today, so we know at press time Google, in spite of all its advanced technology, does not have a handle on it.

If you see something similar I suggest to report it directly to Google. They may need a little more motivation than I can single-handedly provide them.

Conclusion
Link laundering is now an avenue to sneak spam through. It uses links that point to the Google search engine itself. It seems to have eluded them or been under their radar in spite of many reports. Let’s hope the bad guys don’t have the upper hand permanently.

Appendix
If you are interested in how the URL looks decoded I figured there would be decoders available on the Internet and indeed there are. For instance at http://meyerweb.com/eric/tools/dencoder/

So the URL mentioned above decodes as (again just slightly obfuscated to not make good people do bad things by mistake:

https://www.google.com/url?q=http://www.legalizerDRJ.info/&sa=D&usg=AFQjCNG0coaOvXJMkOn0nEMvP-dl11XKnQ

References
enom-originated spam is discussed here.

Categories
Admin Apache

How I compile apache2

Intro
This is just for my own documentation.

The details
This worked out on apache v 2.27 where I wanted to have ldap authentication and webDAV support:

$ ./configure –enable-ldap –enable-auth-ldap –with-ldap –enable-headers –enable-rewrite –enable-proxy –enable-auth
nz –enable-auth-basic –enable-authnz-ldap –enable-dav –enable-dav-fs

Note that this is recorded in config.log.

I also compiled this on Solaris 10, where I didn’t need DAV support but needed LDAP. This worked out for me there:

$ ./configure –enable-ldap –enable-auth-ldap –with-ldap –enable-headers –enable-rewrite –enable-proxy –enable-authnz –en
able-auth-basic –enable-authnz-ldap

To prove we got the right version:

$ /usr/local/apache2/bin/httpd -v

and to show all the modules we compiled in:

$ /usr/local/apache2/bin/httpd -l

Conclusion
A reminder on how apache 2.27 was compiled.