Blocking web access by country code via htaccess

Some Ukraine and Russian folks don’t know how to behave so I decided to block the whole country. Also they’re not target audience for the targeted web.

# .htaccess

<IfModule mod_geoip.c>
GeoIPEnable On
SetEnvIf GEOIP_COUNTRY_CODE UA blk
SetEnvIf GEOIP_COUNTRY_CODE RU blk
Deny from env=blk
</IfModule>

They were causing 509 Bandwidth Limit Exceeded on some client webs with Joomla :/

Advertisements

Passwordless ssh not working

I was getting the following with ssh -v user@remote_host

debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/mike/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug1: Next authentication method: password

The solution idea came from http://askubuntu.com/a/90465/168459 to fix .ssh dir permissions and .ssh/authorized_keys

Later during investigation after login with password and debug turned on SSH complained with:

debug1: Remote: Ignored authorized keys: bad ownership or modes for file /home/REMOTE_HOST_USER/.ssh/authorized_keys

Facebook and Chrome connections revealed via Little Snitch

I decided to make a video showing how many connections are made after starting Chrome

And connecting to Facebook

When I opened Facebook in Firefox it made a connection to http://cx.atdmt.com which after visiting shows 1x1px GIF image. Wikipedia info about Atdmt https://en.wikipedia.org/wiki/Atdmt contains the following: “ATDMT is a tracking cookie served by Facebook subsidiary Atlas Solutions and used as a third party cookie by several websites.”
Opening FB in Chrome made connection to http://pixel.quantserve.com which after visiting informs that it is “Quantcast Measurement Service”, they provide also a table of most visited sites at https://ak.quantcast.com/top-sites. Quantcast on wikipedia https://en.wikipedia.org/wiki/Quantcast

Be aware of the watchers 😉

Vulnerabilities to consider while coding

I just found these following pages which describe SQL Injection and Cross Site Request Forgery (CSRF) vulnerabilities and how to prevent them in WordPress’s PHP code.

http://ottopress.com/2014/better-know-a-vulnerability-cross-site-request-forgery-csrf/

http://ottopress.com/2013/better-know-a-vulnerability-sql-injection/