Find Out Who Registered A Domain Name

The Internet is an amazing place where we can expand our knowledge – or – just look pictures of animals with funny captions, but have you ever wondered to yourself who owns that domain, who took the time to build that amazing website, see if a business is legit or maybe you just want to learn a new nerdy skill?

A domain name can be registered by anyone so long as its available and not registered to anyone else, and can be bought at anytime through hundreds, thousands or maybe millions of companies known as domain registrars. The job of a domain registrar is to take money and convert it into domain registrations as they are essentially the middle men between the domain registries (the top dogs of the domain world, the owners of the bit after the dot) and ourselves.

When a domain is registered, regardless of the registrar used, contact details will always need to be provided. These details form what’s known as the legal registrant and can be either a company or an individual who will legally own the name for however long it has been registered for.

That’s great but what next? Well here comes the juicy bit! All that information is kept in a global database known as the WHOIS database (pronounced “who is”) which is free to browse and will give an insight into any domain registration.

Querying WHOIS

The following guide will show you step by step how to query the WHOIS database for free with no special software required. To keep things simple I will be using a website that I created which has a built in WHOIS tool.

  • First things first we need to head to the WHOIS tool, click onto the following link or type it into your address bar directly: http://www.nerdtools.co.uk/whois/
  • Once the website loads you’ll see a box where it asks you to enter a domain name, enter the domain which you would like to query and press Enter or the “Let’s do this! >” button
    whois-query-1
  • After a few seconds you’ll be redirected to a new page that shows the domain details in a similar format to one shown below:
    whois-query-2
  • As  you can see from the screenshot above a lot of information is returned, so much that it doesn’t all fit on screen without scrolling but once you read through you will easily see who owns the domain, when it was registered, when it expires and other useful information

Notes

  • In the example above you can see no “Registrant’s address” is returned, this is because its a .UK domain and Nominet (the registry behind all .UK domains) allow the address to be hidden for any non-trading individuals, but with domains such as .COM, .NET, .ORG the information will always be available
  • Depending on the domain name things may look a little different to the one in the example
  • Any changes to a domains details can take up to 24 hours to show so things may not always be accurate
  • There are strict terms that need to be followed when it comes to using the information returned from a lookup and these can be found usually be found at the bottom – It’s not shown in the screenshot as it was so big, to see them click here and scroll down
  • Sometimes registrars offer a privacy package that will hide the registrants contact information and replace it with the registrars instead, if you see a domain like this that’s trading as a business stay well away as it could be up to no good!

pfSense on SonicWALL SRA 4200

By now if you haven’t already guessed, I like to tinker! Couple that with the fact I have a few saved sellers on eBay that keep me surround with EoL hardware and it quickly becomes a dangerous situation for my wallet.

My latest find is a pair of SonicWALL SRA 4200’s, my ultimate goal is to get pfSense installed and revive these beasts. As it stands the units both work as “Secure Remote Access” servers, they don’t include any licenses for the included OS, so are kinda useless, but normally they’d be dedicated VPN servers for massive companies with millions of employees that need to connect in and from remote locations.

I’ve only been playing with them for a couple of hours so far but I’ve managed to get pfSense installed. There are two issues at the moment which I’ve yet to resolve:

  1. There’s a driver issue with the network cards, so the setup wizard can’t detect any NIC’s and can’t continue
  2. By default it wants to boot off the internal CF card, so I have to manually keep changing it to boot of my USB flash drive – If you remove the CF card completely the unit doesn’t even attempt to boot, it beeps twice then powers off so there’s some sort of security mechanism in place

So how did I get this far?

Well it was fun! I started by trying to get console output to my ancient Dell laptop (which has an ACTUAL serial port,  woah!).

I bought a run of the mill RJ45 to DB9 cable but that didn’t work, so I had to get my soldering iron out and knock something up – See original diagram here or pictures below:

As you can see from above, whilst I did get output it was AFTER P.O.S.T. so in other words, it was output from the SonicWALL operating system and of no use to me.

Next I went to extremes and tried changing on the AMIBIOS chip for a spare I had floating around from the WatchGuards, not a lot happened so it was back to square one.

After that I went on a pin hunt and noticed “VGA” markings and then a set of 15 pins, I didn’t expect it to work but I hooked up a monitor and had output!

 

I couldn’t get into a “classic” BIOS screen, although here’s what I found through trial and error:

  • Mashing F5/F8 takes you to slightly different FreeDOS screens
  • Mashing F11 takes you to a familiar looking boot device menu screen

The unit is running Wind River’s VxWorks operating system, which looks pretty cool, although I had never heard of it until now.

I installed pfSense 2.3.5 (x86) by connecting a CD drive to one of the internal SATA headers, connected a 16GB Sandisk Flash Drive to one of the USB ports and then mashed F11 and selected the disk drive.

What followed was the familiar installation screens of pfSense – Notice how the colours keep changing, it was loose cables or artistic flare, I’ll let you decide!

What’s next?

Well, this was just a bit of fun but when I get chance I’ll look at sorting the network card drivers out and see if I can re-purpose the CF card, worst case I’ll move the USB drive inside the chassis and make the CF card the second boot device.

Server Security Tips

Whenever I deploy a new server I always ensure that any flaws which I’ve picked up from my few years of server experience are fixed, leaving the new server as secure as can be and ready for use.

Below are a few tips for keeping your server as secure as can be:

  • Have a secure root password – Use something random and at least 8 characters long
  • Use non-default ports – Change the default port for services commonly targeted by bots or attackers such as SSH
  • Check your logs – Look for authentication failures and put the related IPs in a block or reject rule using iptables
  • Process users – Make sure processes have their own users and aren’t ran as root

More tips will be added once I remember them!

Install EPEL Repository on CentOS 7 (x64)

The simple one line command below will enable the EPEL repository on CentOS 7

rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm

Once ran you will see confirmation that it has been installed successfully, that’s it!

Notes

  • You can find out more about the EPEL repository here
  • If you don’t already have a server, I’d strongly recommend starting with DigitalOcean

Icecast PHP Stats

A recent project of mine called Coop Cam uses several live video streams served by an Icecast server at different mount points which works great, but I found there was no real solution to simply display how many viewers were actually watching the live streams.

I put together a basic PHP code that reads the Icecast XML stats file and retrieves the current overall viewers (or listeners as its officially known) of all available mount points.

Code

// get the stats xml file //
$output = file_get_contents('http://admin:[email protected]:8000/admin/stats');

// explode to make the magic happen //   
$listeners = explode('',$output);
$listeners = explode('',$listeners[1]);

// output to the world //
echo "Currently <b>$listeners[0]</b> people are watching the live stream!";

Once you have amended the admin password, server name and port the code above will then connect to your server and read the /admin/stats XML file. From here it will literally pick out the content shown between the <listeners></listeners> tags and that then becomes the $listeners[0] variable, simply place this wherever you want to display the amount of current viewers.

Notes

  • This code may or may not work depending on if your hosting provider allows the file_get_contents function – In my case I use my own dedicated servers and it works without issue, if you have any problems I’m sure I can sort something for you!
  • You can show the amount of sources, file connections and so on by amending the code to reflect the correct tags – A full list of tags can be seen by visiting the youricecastservername.com:8000/admin/stats page
  • You can find a live working example of this script here or actually see it in place here
  • Finally, you can download the script by clicking here

Disable Virtualmin Two-factor Authentication

Virtualmin is constantly being developed and gaining ever useful features, and for a while now has featured two-factor authentication which is great, although what happens if you get locked out of your system? As long as you have SSH or console access then you can follow the steps below to easily get back in.

Disabling two-factor authentication for a single user

  • Get root SSH or console access
  • Edit the file /etc/webmin/miniserv.users, comment out the current line for the user then create a fresh copy above it
  • Remove any mention of “totp” and the long string of characters near the end and save, for example your file should now look like the following:
...
root:x::::::::0:0:::
#root:x::::::::0:0:totp:ZZZZZZZZZZZZZZZZ:
...
  • Restart Webmin and log back in normally

Disabling two-factor authentication entirely

  • Get root SSH or console access
  • Edit the file /etc/webmin/miniserv.conf and find the line “twofactor_provider=totp” and replace with “twofactor_provider=” and save
  • Edit the /etc/webmin/miniserv.users as mentioned above
  • Restart Webmin and log back in normally

Notes

  • I’ve had success with this on Webmin 1.760 running on CentOS 7.0

Encrypted AES VPN tunnel between pfSense 2.3 and Ubiquiti EdgeRouter Lite

I recently retired my Draytek 2830 following a serious security flaw I discovered (that’s another post, stay tuned!) and took the plunge with a rather impressive looking Ubiquiti EdgeRouter Lite.

The other option was a rack mountable TP-Link TL-ER6020 although the maximum NAT throughput was only 180Mbps and it only had 128MB  DDR2 memory and no clear CPU specs, also the web interface looked tired and very restricted. Pound for pound the EdgeRouter was cheaper and has a better spec of anywhere up to and over 600Mbps, 512MB DDR2 memory and Dual‑Core 500 MHz, although it wasn’t rack mountable it was a no brainer with its modern web interface, also did I mention it can process 1 million packets per second?

The EdgeRouter also appeals to my inner nerd  (you can no doubt tell) as you can program it via web interface, command line or console connection and you can remove features you don’t need to boost performance. For example, it may only have 3 gigabit ports, but you can do whatever you like with them! In my case I have it configured as 1 WAN port and the other 2 ports are linked to two seperate LAN’s. I will write a full review when I get chance, but for now just take my word that it is the best router I have ever owned.

Anyway, to business!

Home Network

As before with the Draytek guide my home network is still double NAT’d but there isn’t a speed issue anymore. I do plan to eventually run everything via the EdgeRouter but first I need to install a few additional access points (I’m thinking a couple of airGateway-LR’s hidden in roof spaces will do, powered by PoE obviously!).

In the example below the home network subnet will be 192.168.100.x
and WAN address will be 1.2.3.4

Remote Network

The remote network is the same as before too – a pfSense machine sits at x.1 and deals with traffic to the local network.

In the example below the remote subnet will be 192.168.150.x and WAN address will be 5.6.7.8

Important

  • Each local area network must be on a seperate subnet, otherwise things can quickly get messy and conflict!
  • Make sure you use a secure pre-shared key, anything above 32 characters will do nicely and under no circumstances use the example key!
  • The example details below are fake, replace them with your own details if you want this to work

Configuring pfSense

The guide below lists only the parts you need to change, if the option isn’t listed then leave it as is. Anything to do with double NATing is in red, ignore this if your router is WAN facing.

Fairly straight forward, go to VPN > IPSec > Click Add P1

  • Enter the Remote Gateway as the WAN IP address of the EdgeRouter (or the Superhub in my case) 1.2.3.4
  • Enter a brieft description in the Description box – VPN to pfSense LAN
  • Select Peer identifer as KeyID tag then enter the WAN address of EdgeRouter (192.168.100.1) else leave as Peer IP address
  • Enter your pre-shared key in the Pre-Shared Key box – testing123
  • Set the DH Group to 14
  • Press Save

That’s your Phase 1 entry configured, now for Phase 2:

Go to VPN > IPSec > Click on Show Phase 2 Entries for Home

  • Enter Remote Network as the home network subnet – 192.168.100.0/24
  • Put a brief description in the Description box – Home
  • Set PSF Key Group to 14
  • Press Save and then hit Apply Changes

Finally, we need to create a firewall rule to allow traffic to pass over the VPN:

  • Go to Firewall > Rules > IPSec and click Add
  • Change Protocol to any
  • Enter a brief description in the Description box – Allow VPN Traffic
  • Press Save any hit Apply Changes

Configuring the EdgeRouter

First of all make sure you are running the latest firmware otherwise options may be missing and this may not go smoothly! Currently (March 2017) I’m running EdgeRouter Lite v1.9.1.

Configuring the EdgeRouter is pretty straight forward, you don’t need to do anything via command line or console (unless you really want to, knock yourself out!) – Go to VPN > IPSec Site-to-Site

  • First tick the box Show advanced options to show the encryption options
  • Under Global Options leave Automatically open firewall and exclude from NAT unless you want greater control over who can connect in
  • Under Site-to-site peers enter the Peer as the home WAN address – 5.6.7.8
  • Put a brief description in the Description box – Remote
  • In local IP enter any
  • For Encryption set AES-256
  • In Pre-shared secret enter the key set previously – testing123
  • Enter the Local subnet as 192.168.100.0/24
  • Enter the Remote subnet as 192.168.150.0/24

All being well you should end up with something like below:

Once everything is saved, head over to the pfSense IPSec Status page and hit connect if it hasn’t already established and  there you have it!

At this point you may be asking why did you uncheck the option to Automatically open firewall…, this is because I like to have greater control over what IP addresses are allowed access to my network.

To substitute this option I created a rule in the NAT section translating UDP port 4500 to the routers local IP address (192.168.100.1). In turn I set the Src Address Group of this rule to a list of predefined IP addresses, thus only allowing access to my networks and blocking the rest of the world.

 

 

 

A word of warning about Kimsufi and ESXi

Kimsufi are well known for offering cheap dedicated servers and over the years I’ve had no problems until recently.

I purchased a KS-5 for running VMware ESXi on, it was a fairly good spec Xeon with 16GB of ram and 2TB disk space for about £30 a month plus a one time setup fee. It was quickly provisioned which was great, but after logging into my account I found a problem – There was no obvious place to order additional IPv4 addresses which rendered the server completely useless to me. I was prompted to select an operating system, so I did thinking this would make ordering IP addresses possible, but still nothing.

I contacted support immediately and asked if ordering additional IP addresses was possible, and if not to cancel and refund my account. They responded in a nut shell saying its not possible, and that because I’d installed the VMware template that they provided they wouldn’t refund me which was annoying, they also implied that because the service was so cheap I should be grateful and suggested using their sister brand SoYouStart, amusing.

Luckily I paid with PayPal so I opened a dispute and got my money back. It’s not about the money though, its about Kimsufi not making the facts clear and then fobbing you off. I’d usually recommend them, but not anymore.

I’ve since found a better provider, Online.net offering similar spec servers capable of running ESXi with, wait for it, the option to order additional IP addresses! Amazing.

How to List the Contents of a Web Directory

Any good web host will secure the contents of website directories which don’t have an index page by not allowing the  files or folders to be listed, instead you’ll get a 403 error page saying access is forbidden. Whilst this is good in practice, sometimes you might actually need to list the contents – and its simple to enable on an Apache web server – add one line to your .htaccess file and you’re done!

How it’s done

Options +Indexes

Notes

  • If you have access you can edit your web server configuration and make it global

Add a NAS drive to your Livedrive account for free

I used to be a customer of popular cloud backup service Livedrive. The upload and download speeds were nothing to shout about and one annoyance was having to pay extra to add a NAS drive to your account, but there is a workaround!

How so?

All you need to do is add a symbolic link to your NAS drive from your computer. Think of a symbolic link as a fancy shortcut, the only difference being it masks the destination instead of taking you straight there – you’ll see what I mean when you read on.

Imagine you have a Windows computer with your NAS drive with the root of the drive already mapped to Z:, you have a folder on your NAS called MyFiles and would be able to browse to Z:\MyFiles to see whatever is stored there. Next imagine we have a folder called C:\Backup which is already uploading to your Livedrive account, using  the following command we will make C:\Backup\MyFiles lead to your NAS and in turn be included with your Livedrive backup.

mklink /d "C:\Backup\MyFiles" "Z:\MyFiles"

For me, this worked absolutely fine and I had a couple of TB uploaded without ever being caught out. I’ve since jumped ship to Amazon Drive, whilst it is more expensive per year I’ve got it running from multiple computers and the upload and download speed always tops out my connection, so I can’t complain!

Notes

  • Use the above guide at your own risk – I won’t be held liable if anything happens to your Livedrive account, files or anything else because of this!
  • This doesn’t work with Dropbox or Google Drive  – sorry
  • You only need to run the command once, after that the link will be remembered
  • To remove the link just delete it as you would any other  file or folder