Wanna Cry?

Last weekend was definitely not a normal weekend. The flare out of the computer worm virus WannyCry[1] screwed lot of people’s weekend. It’s been quite long since last mass computer virus outbreak which I can remember was the Blast worm virus[2] back in 2003.

The virus takes advantage of the exploit MS17-010[3] in Windows’ SMB server, it use port 445 to get control of an unpatched computer, and then use this computer to infect more computers on the network. This time, the exploit affects almost every PC running Windows.

Especially for the PC still running outdated version like Windows XP which is widely used in my local banks, companies, stores, gov departments …, etc. Microsoft released a patch[4] for these end-of-life OSes on May 12th, which is very unusual. Continue reading Wanna Cry?

中国电信宽带下载被劫持至缓存服务器

好久没po文(对,就是懒),这回又被中国电信炸出来了……

长话短说,前面在 www.rarlab.com 官网下载新版 WinRAR,结果duang——Firefox冒出来个警告(图1)。

20161119-ctc-1(图1)

肿么了?是川普大大拿俄国企业开刀了?(划掉)

Continue reading 中国电信宽带下载被劫持至缓存服务器

metanet买了个域名

“赵钱孙”因为洒家的姓氏拼音是Li正好和列支顿士敦的国家域名一样,于是之前就有考虑去弄个姓名全拼域名。然而 .li 域名奇货可居,有出售这个域名的代理商本来就不多,而且价格往往不便宜(和 .com 相比的话贵了不少)。比如name.com上,.li域名要价$15.99USD,而便宜又大碗的namesilo上又没有.li卖。

好吧,要找东西当然就要放狗,搜了半天,找到metanet.ch这家瑞士网站有注册.li域名,10.75CHF一年(其实最后发现这个是含税价格,扣去税款后为9.95CHF),比Name.com便宜不少。因为.ch/.li这两个ccTLD本来就是瑞士注册局SWITCH管的,所以瑞士的公司应该也是近水楼台。 Continue reading metanet买了个域名

刚才HE IPv6 Tunnelbroker的LAX服务器貌似又抽风了

20160428 1950 GMT+8 连接不能

出问题的是 66.220.18.42 这个Tunnelbroker的IPv4 Endpoint server,位于LAX。
之前几周有过间歇性故障,当时以为是路由器设置问题——因为故障短暂,通常重启路由器后就恢复了。今天下午出现过间歇性中断问题。前面晚上大概从19点50分开始就ping不通了。

66.220.18.42

以为是伟大的长城终于对HE出手了,不过试了下ping.chinaz.com上的海外节点ping这个服务器,大部分都超时(下图点击可放大)。

ping.chinaz.com.66.220.18.42

在自己的VPS上测试了下也超时。

$ ping 66.220.18.42
PING 66.220.18.42 (66.220.18.42) 56(84) bytes of data.
^C
--- 66.220.18.42 ping statistics ---
85 packets transmitted, 0 received, 100% packet loss, time 83999ms

暂时切换到了FMT服务器(72.52.104.74),目前一切正常。

72.52.104.74


20160428 2005 GMT+8 恢复

文章还没写完,试了一下,已经恢复了。

66.220.18.42_OK

来得快去得也快。不过这几天暂时还是先用FMT服务器。
其实本来首选LAX服务器的原因是比FMT的Ping稍微低一些,而且hop数少。(大约今年早些时候我的ISP有所调整,现在2个机房从我这里Trace过去就差一个hop,以前要差3个hop。Ping值一般FMT比LAX多10-30ms,不过非高峰时段2个机房的Ping可以十分接近,甚至有时候倒过来——大概LAX国内用的人比较多?)
但是间歇性抽受不了啊,暂时先换回FMT的服务器了。

孜孜不倦的黑客 / Tireless Attacker

doge scream 日了个特大号的狗了! Holy super-sized shit! 刚才查看 fail2ban 日志的时候,被满满300多行日志吓尿 book。基本上从昨天中午开始就有个来自俄罗斯的 IP 一直在孜孜不倦地尝试进行 SSH 登录。通常被 ban 过几次之后攻击者就放弃了,哪会像这个家伙一样死心眼。而且我用的是非默认端口,这货应该是先扫描了端口boom。 I was scared by fail2ban log of my server — more than 300 lines of log showing a same Russia IP address trying to SSH into my server since yesterday noon. Usually attacker will give up after got banned by fail2ban several times, but this guy is tireless. And the port I’m using is not the default SSH port, clearly this piece of shit did a port scan before attack. Continue reading 孜孜不倦的黑客 / Tireless Attacker