Disable Virtualmin Two-factor Authentication

Virtualmin is constantly being developed and gaining ever useful features, and for a while now has featured two-factor authentication which is great, although what happens if you get locked out of your system? As long as you have SSH or console access then you can follow the steps below to easily get back in.

Disabling two-factor authentication for a single user

  • Get root SSH or console access
  • Edit the file /etc/webmin/miniserv.users, comment out the current line for the user then create a fresh copy above it
  • Remove any mention of “totp” and the long string of characters near the end and save, for example your file should now look like the following:
...
root:x::::::::0:0:::
#root:x::::::::0:0:totp:ZZZZZZZZZZZZZZZZ:
...
  • Restart Webmin and log back in normally

Disabling two-factor authentication entirely

  • Get root SSH or console access
  • Edit the file /etc/webmin/miniserv.conf and find the line “twofactor_provider=totp” and replace with “twofactor_provider=” and save
  • Edit the /etc/webmin/miniserv.users as mentioned above
  • Restart Webmin and log back in normally

Notes

  • I’ve had success with this on Webmin 1.760 running on CentOS 7.0

How to List the Contents of a Web Directory

Any good web host will secure the contents of website directories which don’t have an index page by not allowing the  files or folders to be listed, instead you’ll get a 403 error page saying access is forbidden. Whilst this is good in practice, sometimes you might actually need to list the contents – and its simple to enable on an Apache web server – add one line to your .htaccess file and you’re done!

How it’s done

Options +Indexes

Notes

  • If you have access you can edit your web server configuration and make it global

Add a NAS drive to your Livedrive account for free

I used to be a customer of popular cloud backup service Livedrive. The upload and download speeds were nothing to shout about and one annoyance was having to pay extra to add a NAS drive to your account, but there is a workaround!

How so?

All you need to do is add a symbolic link to your NAS drive from your computer. Think of a symbolic link as a fancy shortcut, the only difference being it masks the destination instead of taking you straight there – you’ll see what I mean when you read on.

Imagine you have a Windows computer with your NAS drive with the root of the drive already mapped to Z:, you have a folder on your NAS called MyFiles and would be able to browse to Z:\MyFiles to see whatever is stored there. Next imagine we have a folder called C:\Backup which is already uploading to your Livedrive account, using  the following command we will make C:\Backup\MyFiles lead to your NAS and in turn be included with your Livedrive backup.

mklink /d "C:\Backup\MyFiles" "Z:\MyFiles"

For me, this worked absolutely fine and I had a couple of TB uploaded without ever being caught out. I’ve since jumped ship to Amazon Drive, whilst it is more expensive per year I’ve got it running from multiple computers and the upload and download speed always tops out my connection, so I can’t complain!

Notes

  • Use the above guide at your own risk – I won’t be held liable if anything happens to your Livedrive account, files or anything else because of this!
  • This doesn’t work with Dropbox or Google Drive  – sorry
  • You only need to run the command once, after that the link will be remembered
  • To remove the link just delete it as you would any other  file or folder

Unstick a LinkStation Disk Backup

Imagine this… you have two decent network attach storage boxes which regularly backup one to the other using a built in Disk Backup tool –  Brilliant huh, sounds almost like a nerdy dream! Now imagine part way through a backup you get a power cut or you just trip over the power cable ripping the plug out the wall… not to worry, things will pick up where they left off… unless those decent boxes are Buffalo LinkStations!

I first discovered this flaw a few weeks back when one of my nightly backups seemed to be taking longer than usual. I gave the box about a day or so to try and fix itself but it still kept saying that the disk backup was in progress and in the admin interface and I was unable to cancel or remove the backup, so it was pretty much stuck as you can see below:

stuck-backup

I headed to the official Buffalo support website which seemed to have a fix for this common problem – See for yourself below:

buffalo-stuck-disk-backup
Okay so you have to restore the box to factory defaults… no thanks! I can only assume that because the HS-DHGL is one of their older discontinued products they just can’t be bothered to make a firmware update as it’s not worth their time or effort, but the other option is to use SSH to edit a file which will force the backup to complete.

Getting Unstuck

The following guide will assume you have already enabled SSH and are logged in ready to go, if you haven’t yet enabled SSH see this post here.

  • First of all we need to locate the backup configuration file and this depends on the job number specified on the admin interface, in my case it was number 1 so we need to type in the following command to open the file in a text editor:
    • "vi /etc/melco/backup1"
  • You will now see the configuration file open, hit I (for indigo) on your keyboard to allow inserting of new text and change the line status=running to status=done
  • Hit the Escape key and then type :wq to save your changes and quit
  • Head back to the admin interface to the Disk Backup section and you’ll now see the backup showing as complete as seen below:
    job-complete
  • That’s it – The backup is unstuck, and we haven’t had to restore anything to factory defaults!

Notes

  • This has been tried and tested on the following models/firmware: HS-DHGL/v2.1
  • Finally, if you could let me know if you encounter any problems or can confirm if this works for other models I’d be grateful

Webmin 1.610 on CentOS 5.8 (x86)

The following commands can be used to install Webmin 1.610 on CentOS 5.8. Make sure you’re logged in as root and then follow the steps below.

Select a temporary directory to save the download to. We will only use the downloaded file once so it’s pointless keeping it.. free up space and put it in /tmp!

cd /tmp

Begin the download of Webmin using wget:

wget http://prdownloads.sourceforge.net/webadmin/webmin-1.610-1.noarch.rpm

Install Webmin by unpacking the archive:

rpm -Uvh webmin-1.610-1.noarch.rpm

Done! You can now login to your fresh installation of Webmin by heading to http://hostname-or-ipaddress:10000 using the root username and password.

Notes

  • If you don’t have a server to try this on I’d recommend DigitalOcean hands down – virtual servers start from $5 a month

WordPress & Spam: Key’s Solution

Recently I began to see an increase in malicious login attempts to my servers from bots (ie. automated attempts to login via FTP, POP/IMAP, SSH and so on) which gave me an idea for a new side-project on NerdTools known as the Bad Bots Intrusion & Spam Detection database.

After a few hours of developing a database was generating before my eyes of all the bad bots and their failed attempts, which then got me thinking, aside from using the database with a firewall can this be intergrated with WordPress to stop spam before its even posted?

A few more hours developing and I have now created two plugins which are listed in the WordPress extension directory. One is called NerdTools Bad Bots Spam Reporter which cleverly and annonymously reports the IP address of an author whenever a comment is classed as spam, and the other is called NerdTools Bad Bots Spam Defender which again annonymously screens every authors IP address against the database and if a match is found it won’t allow the comment to be saved.

Going a little deeper into the reporting plugin; when a comment is classed as spam the authors IP address is reported to the database but it won’t be entered straight away, our system will wait and see if any patterns form, if so it will then be entered and further comments will not be allowed.

It may seem madness having two seperate plugins to work as one but I didn’t want to force people into reporting comments if they don’t want to and vice versa with the defending plugin.

In terms of infrastructure the database is hosted on a high performance SSD server which has memcache enabled. Future plans include clustered servers for even greater performance.

Not bad for a few hours work!

 

 

 

 

Review of Oak Tree Dental Practice in Stourbridge

I became a patient at Oak Tree Dental Practice after my current dental practice at the time was going through some major changes and didn’t seem to be offering a good enough service. As part of a management change I was given a checkup and told I would need 6 fillings (3 existing and 3 new that needed redoing) but I couldn’t get an appointment for months, meanwhile I was still paying a monthly Denplan fee and worrying that I would eventually have no teeth and no one seemed to be taking it seriously.

I took the plunge and went to see Mr Jonathan Edward Swinscoe for a “free” checkup. I ended up paying £35 for the apparently free checkup, but he comforted me and said he could get all the fillings done in one go. I transferred my Denplan contract to him which cost £15 and the plan was to wait until the next month when the transfer was complete so the work would be done at no extra cost.

The time came for my appointment and I have to be honest I was dreading it. I had a while to think back about what Jonathan said and it just felt too good to be true, but it was too late to back out now. It didn’t help that the receptionists were too busy gosipping and dancing away to the radio, they seemed frustrated that the whole waiting room wasn’t joining in with them.

The time came where Jonathan called me in, he sat me down on a damp dentist chair that had just been cleaned and then injected, no questions about what medication I was on, no explanation of what is going to happen or anything like that, literally pain killer was injected and I was sent back out to the waiting room. He didn’t seem in a talkative mood thinking back now.

After he saw another client I was taken back into the room to the yet again damp dentist chair. The nurse was out of the room but Jonathan started drilling out my teeth by himself. He had the drill in one hand and suction tube in the other and choked me several times as he wasn’t removing the water quick enough but luckily the nurse came back and took over.

It is worth mentioning at this point that he didn’t have any gloves on and he didn’t give me any protective eyeware meaning my £200 glasses were almost destroyed.

I thought things couldn’t get any worse but at this point but then he started being incredably rough, to the point where I had to keep stopping him because of the pain and was physically shaking. Each time he stopped he would start again straight away and it soon became obvious that he was rushing drilling out the teeth out to get them all done in time, I was really worried that he would drill to far and hit a nerve but luckily that didn’t happen!

After the drilling had finished he stopped and made a sexist comment infront of his female nurse and myself, he said “Not only women have bad days you know!” so now it felt like he was having a bad day and taking it out on me? Great!

He then started putting the fillings in place, again he was rough, applying a fair amount of pressure jolting my neck around for each filling. He put his palm flat on my head which wasn’t very comfortable but at this point I just wanted to get out of there. He just didn’t seem to care, but then again he was having a bad day, so that’s okay then?

After all the fillings were done he literally scooted off to his computer and ignored me, he didn’t explain any care instructions, what had been done or anything, I literally got blanked which was rude. The nurse then asked me to move off the chair so she could wipe it down and then whisked me (still shaking) to a small table in the corridor and offered to sign me up for Denplan. I explained with a numb mouth that I had already transferred to him and then went out the reception where I was told I would need to pay and again had to explain.

I finally got to the safety of my car still shaking and it is safe to say I will never ever be setting foot back in that practice ever again and I will never ever recommend it to anyone.

To add insult to injury I have been left with really sensitive teeth and can no longer drink really hot or really cold drinks. I have also had to have the fillings adjusted by another dentist as they were poorly fitted causing “the battery effect”.

To be clear, this review is about Review of Oak Tree Dental Practice 78 Bridgnorth Road, Wollaston , Stourbridge, DY8 3PA and is not to be confused with practices of a similar name.

My experience with KGUARD and the Mars Home NVR Combo Kit

I’ve had a KGUARD Mars Home NVR Kit installed at my house for just over a year now, I bought it from eBuyer and paid a little more than I should have thinking it was a great investment and should last a good few year… it has been okay but unfortunatley the NVR side of it recently gave up the ghost.

The NVR initially started complaining about hard disk errors, randomly rebooted and is now just stuck on the boot up screen. Being familiar with embedded devices it ended up looking pretty bricked but unfortunatley there’s no obvious way to reflash the firmware. After a long email conversation with Danny Wu at KGUARD support, he wished me good luck at trying to reflash the firmware and has ignored me ever since, it would be okay but never actually told me how to get the box into recovery mode despite asking a fair few times… I’ll try fix the NVR at some point and if I have any joy I’ll write another post.

It’s not so bad right, you can still use the cameras?

In the meantime I installed iSpy connect – recommended by my friend Chris at work – on my home computer and thought that if I nipped out to Maplins and bought a slightly over priced TP Link PoE switch I could simply swap cables over and have some sort of CCTV system working in no time… was I wrong! Turns out the cameras aren’t 802.3af compliant so it won’t work without a little adjustment.

I didn’t want to go buy more kit without knowing the cameras would actually work, so I got an extension lead and a 12v 2A adapter trailing out the window at 2am, after a bit of tinkering I managed to get a stream from one of the cameras – annoyingly the cameras have their own static IP addresses which are own a different subnet to my home network and on reboot the settings revert back to default… adding a second IP to my network card sorted that.

The next day I nipped back to Maplins and got some PoE splitters, I popped into B&Q as well and got some IP rated junction boxes to cram everything into. After a bit of creativity the end result is that I can now use the KGUARD cameras but I have to have a slightly ugly looking box alongside them to shelter the PoE splitter, its not too bad but I’ve taken the opportunity to upgrade to some Trendnet TV-IP310PI’s and you can really tell the difference.

IMG_20160605_121000
PoE bodge

At least you won’t need to run new network cables?

Pah – Initially I wasn’t going to run new network cables as I thought the existing KGUARD ones would be good enough, unfortuantley not. When I went to put the new cameras waterproof connector in place I discovered that the existing KGUARD network cables only had 6 cores and just felt incredibly cheap, not wanting to take risks and to make things future proof I ended up spending the best part of a day feeding new cables through roof and under floors.

KGUARD network cable
KGUARD network cable

Where’s the happy ending?

It does come eventually, along the way I’ve ate a “cheddar and ham toasty”, got Chris up a ladder, learnt how to run and terminate my own network cables and recycled the KGUARD cameras to cover blind spots that weren’t covered before – those two both with the help of Chris one Saturday – and learnt that ultimatley you are always better building your own system as once you are past the year warranty neither the retailer nor manufacturer could care less!

I was torn between iSpy or BlueIris for software – I ended up going with iSpy which is opensource but should really be classed as freemium. If you want to do anything useful (playback footage, watch remotely or recieve email alerts) you have to upgrade to a premium version which is a monthly cost – not to worry though, I’m currently working on a VB program which will allow both live and pre-recoded playback of files possible and Chris is working on an alternative mobile ap.

I can’t thank KGUARD enough for this valuable learning experience and I would strongly recommend that if you are thinking about getting a KGUARD system then look elsewhere! If I hadn’t have had such good knowledge of network and computing then I’d have ended up with one very expensive set of paper weights.

Setup your own live pet webcam for free using Yawcam

I’ve been experimenting for a while with different ways to stream live to the Internet from webcams, IP cameras and capture cards for the Coop Cam project, here is a basic guide on how to setup a simple live stream using a basic webcam.

What is required?

You will need a couple of things, including:

  • A computer with a webcam
  • An Internet connection with decent upload speed
  • Router access to port forward

Software

To create the stream we will use a free piece of opensource software called Yawcam, you can download it directly from here or learn more about the software here.

Installation is pretty simple, download and launch the installer then follow the on screen instructions.

Configuration

After the installation has finished open your newly installed software, you will see a screen like below:

1

The first thing we need to do is set the stream type, to do this go to Settings > Edit Settings…

2

Under Output select Stream and change the Stream type to MJPEG and hit OK

3

Next we need to select your webcam, head to Settings > Device > Change to and select your webcam from the list

4

Finally, back on the main screen hit enable on the Stream option – we are ready to go!

5

Previewing your stream

Here is the exciting part, previewing your live stream! On the same computer open up your browser and head to http://127.0.0.1:8081/video.mjpg

If everything is configured correctly you should see your webcam displayed live.

Here is my example of Spirit our pet quail:



What next?

The next thing you need to do is configure port forwarding in your router to allow people to connect in and view  your stream. I can’t really go into specific detail as there are many different types of router with different configuration options but basically what you want to do is forward port 8081 to your computer so anyone that connects to your-public-ip:8081/video.mjpg can see your stream.

You will also want to make sure that your computer has a static IP address or DHCP reservation to make sure the local IP address doesn’t change.

If you need help with that part let me know and I’ll give you a hand.

Will my Internet connection be able to cope?

This depends entirely on your upload speed, by default Yawcam only allows 10 concurrent connections.

For added security and to take the strain off your Internet connection I can relay your stream via Coop Cam’s powerful relay servers. They are able to take the single stream from your camera and amplify it allowing hundreds of users to connect at once.

The upside to this is that you will only have one connection being uploaded to the relay server, the server then handles everything else and even hides your public IP address – If you would like to know more please get in touch.

Notes

  • If you want Yawcam to start streaming automatically when you login to your computer then head to Settings > Edit Settings… > Startup and tick Start Stream output
  • You can check that port forwarding has been setup correctly by using the NerdTools Port Scanner, if it isn’t working double check your firewall settings
  • If your Internet connection has a dynamic IP address you’ll want to look into a Dynamic DNS service