Category: Software

Spammers Lack Quality Control

Warning SignThis morning, I was going through emails, and looked at my spam folder and found something that made me laugh. I have been studying up on some development classes online and integer & string values came to mind.

This is what happens when a developer makes a mistake in their spamming scripts and does not have any quality control. I bolded the amount below for emphasis.

Note this e-mail is been directed to you because during our investigations, your email address was found in one of the scam Artists file and computer hard disk in our custody. In reference to this regards, you will be compensated with the sum of US$17, .500,000.00 (Seventeen Million five Hundred Thousand Dollars). Meanwhile, the Africa Union has requested for evidence to prove you are a victim of West Africa scam. In plight to this regards the USIS have appointed a United State base Attorney (Barrister Allen Adams) here in the State to advocate on your behalf and provide the requested evidence to process the payment approval for your fund to be release to you.

IMPORTANT NOTICE: The only fee you’re to pay to the Attorney is the processing fee $350 for procurment of legal evidence to prove to the West Africa Union that you are a victim of scam. Also kindly request him to direct you on how to submit the processing fee $350

It appears to me that for the amount of $350, I stand the chance of getting back $17.50. This does not appear to be much of bargain. Where you place a period matters.

Filed under: Software

Let’s Encrypt and VirtualMin

Let's Encrypt IconSecurity is now a central concern for technical people and I would argue for most consumers. It is now typical for criminals to target banks, hospitals, and other critical institutions. Privacy is also an issue that is central to a free and progressive society. One solution that gets thrown out is SSL encryption for websites and how we all now need to secure our sites with an SSL certificate. Due to the market though, SSL certificates are one of those things that companies have a hard time making money off of. Most people do not buy SSL certificates, so you wind up with a market that sells bare bones SSL certificates that range around $25 and extended validation certificates for large ecommerce websites that cost thousands of dollars. This is where Let’s Encrypt changes things. Their certificates are free and are recognized by the web browser as a valid secure certificate. This makes SSL encryption a zero cost option for millions of individual webmasters who run websites like WebKeyDesign. There is one other difference with Let’s Encrypt certificates: they are limited to 3 month intervals instead of yearly intervals. However what makes Let’s Encrypt more appealing to webmasters is that the software makes renewals automatic and there is now software integration with cPanel and Virtualmin control panels.

My personal project is a virtual machine that I keep for journal purposes. It allows me the ability to write some thoughts and archive information for later viewing. The virtual machine runs CentOS 7 Linux and can be controlled using Virtualmin. The SSL certificate that was originally setup was self-signed and so I would have to manually add the certificate to iOS, MacOS, and make exceptions in browsers in order to use the website.

I followed TechJourney’s excellent guide: How to Use Let’s Encrypt SSL Certificate Automatically in Virtualmin & Webmin. There were a couple of issues I found out along the way.

Webmin Configuration

The tutorial did not specify the path to the client command. For CentOS, I found this to be:

/root/letsencrypt/letsencrypt-auto

Webmin Let's Encrypt command configuration

Let’s Encrypt SSL for Webmin Login

A secondary problem that I ran into had to do with the separate subdomains. The Apache webserver will respond on your typical www.mydomain.net and mydomain.net, however the Webmin control panel is accessible by another prefix to mydomain.net. Under Virtualmin – Server Configuration – Manage SSL Certificate, the default will be Domains associated with this server. This setting will only pull in the domains that Apache is setup for. If you want to use the Let’s Encrypt SSL Certificate for other subdomains, you have to select Domain names listed here and manually type all your subdomains. You can then under the Current Certificate tab use the Copy to options and use the same certificate for Webmin, Usermin, etc.

Virtualmin Let's Encrypt Manage

If you went ahead and hit the Request Certificate button and then try to add domains, the process will error out. There is no way to reset the certificates from the Virtualmin interface. To resolve the problem, use secure shell and remove the letsencryt directory.

rm -rf /etc/letsencrypt

This allowed me to use the Request Certificate option again and have all my subdomains added to the certificate.

Filed under: Apache, Linux, Software, Webmastering

Fix SARG Reports in pfsense

torchSARG Reports are a good compliment to Squid Proxy and since there is a package that is available for installation in pfsense, it makes good sense to setup SARG Reports. The downsides to SARG Reports is that the reports do take up space and over time this can be significant. This posting is about a problem I encountered on pfsense 2.1 and the latest SARG package.

For some unknown reason the reports stopped generating. Upon checking my System Log this is the issue I found:

php: /pkg_edit.php: The command 'export LC_ALL=C && /usr/pbi/sarg-amd64/bin/sarg -d `date +%d/%m/%Y`-`date +%d/%m/%Y`' returned exit code '1', 
the output was 'SARG: Cannot get the modification time of input log file /var/log/squid/access.log (No such file or directory). Processing it anyway SARG: File not found: /var/log/squid/access.log'

I am using the 64-bit version of pfsense, so hence the sarg-amd64. If you are using 32-bit, it will state instead sarg-i386.

The solution is to edit the sarg.conf file that is located in one of these locations, depending on your pfsense build:

/usr/pbi/sarg-amd64/etc/sarg/sarg.conf
/usr/pbi/sarg-i386/etc/sarg/sarg.conf

You will need to verify that the access_log line is correct:

#access_log /usr/local/squid/var/logs/access.log

In my case, removing the # sign and specifying the correct path to my Squid access.log corrected the problem.

If you have issues with SARG Reports, it is best to do the following:

  1. Under the Status Menu – click SARG Reports.
  2. On the General tab click Save
  3. Next click on the Users tab and click Save
  4. Click Schedule and create your schedule or if you have one already open it up and click Save.
  5. You can go back to the Schedule and Force Update to see if SARG Reports are working now.

I also schedule SARG Reports in Cron to run at 11:50pm every night instead of midnight.

50  23  */1  *  *
Filed under: Linux, Networking, Software