Once I noticed the spread of the virus/exploit on the network with Ubiquiti devices. Exploit using a vulnerability in older versions of firmware copied itself to other devices and from them attacked the following.
Continue reading “Removing exploits from Ubiquiti devices”Author Archives: Vyacheslav
UBNT with firmware 6.0 stop working
I once treated Ubiquiti Networks airMAX® M Series devices with firmware 5+ from the exploit and updated the firmware to the latest, at that time it was the version of XM 6.0 and XW 6.0.
See my article – Removing exploits from Ubiquiti devices
In the 6.0 firmware, the vulnerability was removed through which the exploit was accessed, but there were other bugs.
Literally a couple of weeks later I noticed that there are no connected stations on some bridges in the Access Point (AP) mode, power was lost from the station, the station was booted and connected to the AP, but the AP did not show the connected stations and the traffic did not pass, it’s just and there is a bug.
Solve the problem by restarting the AP, in the future, if the power supply was lost again on the station or it was reboot, there was a high probability of a repetition of this problem.
Fortunately, this problem was later eliminated in new firmware, I did not exactly look at which version, but on devices with firmware 6.1+ it was no longer observed.
Foscam FI9821W V2.1 Firmware Upgrade
I updated the firmware on several Foscam FI9821W V2.1 cameras on which there was such firmware version:
System Firmware Version: 1.5.2.11
Application Firmware Version: 2.21.1.127
Plug-In Version: 3.0.0.2
The camera receives an IP address via DHCP both via cable and Wi-Fi, so you can find out its IP in the router menu or on the same network as the camera by running the IP Camera Search Tool utility:
https://files.ixnfo.com/Soft/Network/Foscam/03_IP_Camera_Search_Tool.zip
The standard login admin without a password, the first time you connect it, you must change it and specify a new password.
Before the process of firmware download the archive with the firmware from here:
https://files.ixnfo.com/Firmware/Foscam/FI9821W_V2.1.zip
You can also see if there are newer firmware versions on the official site:
https://www.foscam.com/downloads/firmware_details.html?id=91
And so, open the web-interface of the camera by typing its IP-address in the browser.
Let’s see the firmware version on the first tab “Status“.
Next, open “System” – “System Upgrade“, click “Browse“, select the firmware file and click “System Upgrade” to start the upgrade process.
If the firmware in the camera is very old, as in my case, then it is necessary to update first the intermediate firmware (it is also in the archive in the directory “Older firmware V2.x.2.18” link above), and it is updated by two files, first Step1, later Step2.
Then you can sew the newest when I sewed it was FosIPC_B_app_ver2.x.2.23.
That’s all, after the camera firmware settings are not reset, I updated the firmware remotely.
Watch my video:
Installing Docker CE on Ubuntu
Docker CE – a software platform for deploying applications, packaging applications into a container, adding libraries and all the necessary dependencies to run the application, which allows you to quickly launch the code in almost any environment. There is a free version of Docker Community Edition (CE) and Enterprise Edition (EE).
Continue reading “Installing Docker CE on Ubuntu”Configuring Fail2Ban for Asterisk
On the test I will use Asterisk 13.1.0 and Fail2Ban 0.9.3-1 installed in Ubuntu Server 16.04.1 LTS.
Install Fail2Ban as I wrote in this article – Installing and Configuring Fail2ban
Open the configuration file Asterisk responsible for logging events in /var/log/asterisk/messages:
sudo nano /etc/asterisk/logger.conf
Add security to messages:
messages => notice,warning,error,security
Restart the asterisk logging system:
sudo asterisk -rvv logger reload quit
Add the Asterisk configuration file to the directory with the Fail2Ban configuration, thus activating the monitoring of its logs:
sudo nano /etc/fail2ban/jail.d/asterisk.conf
where 86400 in seconds = 24 hours, that is, the attacker will be blocked for a day.
[asterisk] enabled = true bantime = 86400
Or, change the file /etc/fail2ban/jail.conf where [asterisk-tcp] and [asterisk-udp] are false to true.
Restart fail2ban for the new configuration file to load:
sudo fail2ban-client reload
Let’s check the work:
sudo fail2ban-client status asterisk
Done, now Fail2Ban will block IP addresses from which the passwords to Asterisk accounts are not correctly entered.
Installing and Configuring Fail2ban
In this article, I will provide an example of how to install and configure Fail2ban.
Continue reading “Installing and Configuring Fail2ban”Configuring Fail2Ban for ProFTPd
Suppose Fail2Ban is already installed, if not, then see my article – Installing and Configuring Fail2ban.
In Fail2Ban by default, there are already filters for ProFTPd and it knows that the log file is located at /var/log/proftpd/proftpd.log, so it’s enough to create the file:
sudo nano /etc/fail2ban/jail.d/proftpd.local
And enter the data below, thereby activating the check of the log file /var/log/proftpd/proftpd.log:
[proftpd] enabled = true bantime = 86400
Restart Fail2Ban to apply the changes:
sudo service fail2ban restart
You can check the status:
sudo fail2ban-client status proftpd
Windows Server 2008 R2 Backup and Restore
For example, I will make a backup copy of Windows Server 2008 R2 and describe the process by items:
1) Open the “Server Manager”.
2) Select “Features” – “Add Features”, check “Windows Server Backup” and “Command-line Tools”, click the “Install” button and wait for the installation to complete.
3) Open the “Start” menu and select “Windows Server Backup”.
For the test, I clicked “Backup Once”, in the window that appears, I select the “Custom” configuration type and ticked the C drive and all the oslat except for the other local disks if they are (for example, drive D) in the next window, you can select the storage type where the backup a copy, for example “Local disks” and specify drive D, or “Remote shared folder” and specify the path, I was just running Samba on one of the Linux servers, so I connected the network folder and chose this option.
See also my article – Installing and Configuring Samba on Linux
After the process is complete, the folder “WindowsImageBackup” with a backup will appear on the disk or network share.
To restore the system from this backup, you can similarly click the “Start” – “Windows Server Backup” menu and select this backup, or if the server does not start, then start the Windows startup disk, select “System Restore” and specify this backup.
Solution WARNING: The “syslog” option is deprecated
I noticed once a warning in the /var/log/samba/log. file:
[2018/04/13 20:51:05.280655, 1] ../lib/param/loadparm.c:1629(lpcfg_do_global_parameter) WARNING: The "syslog" option is deprecated
As reported, the “syslog” option is obsolete, and to prevent the warning from appearing, it must be removed from the configuration.
I opened the configuration file in a text editor:
sudo nano /etc/samba/smb.conf
Found this option:
syslog = 0
And commented on it:
#syslog = 0
After the changes you need to restart samba, you can do this:
sudo service samba restart sudo restart smbd sudo restart nmbd
After that, the warning no longer appeared.
BIOS update on Asus Prime B250 Plus
On the test, I will update the BIOS on the motherboard Asus Prime B250 Plus and describe the process by points.
Continue reading “BIOS update on Asus Prime B250 Plus”