Blocking web access by country code via htaccess

Some Ukraine and Russian folks don’t know how to behave so I decided to block the whole country. Also they’re not target audience for the targeted web.

# .htaccess

<IfModule mod_geoip.c>
GeoIPEnable On
Deny from env=blk

They were causing 509 Bandwidth Limit Exceeded on some client webs with Joomla :/


Passwordless ssh not working

I was getting the following with ssh -v user@remote_host

debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/mike/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug1: Next authentication method: password

The solution idea came from to fix .ssh dir permissions and .ssh/authorized_keys

Later during investigation after login with password and debug turned on SSH complained with:

debug1: Remote: Ignored authorized keys: bad ownership or modes for file /home/REMOTE_HOST_USER/.ssh/authorized_keys

Facebook and Chrome connections revealed via Little Snitch

I decided to make a video showing how many connections are made after starting Chrome

And connecting to Facebook

When I opened Facebook in Firefox it made a connection to which after visiting shows 1x1px GIF image. Wikipedia info about Atdmt contains the following: “ATDMT is a tracking cookie served by Facebook subsidiary Atlas Solutions and used as a third party cookie by several websites.”
Opening FB in Chrome made connection to which after visiting informs that it is “Quantcast Measurement Service”, they provide also a table of most visited sites at Quantcast on wikipedia

Be aware of the watchers 😉

Vulnerabilities to consider while coding

I just found these following pages which describe SQL Injection and Cross Site Request Forgery (CSRF) vulnerabilities and how to prevent them in WordPress’s PHP code.