protect against wordpress xmlrpc.php exploit

goaccess has already paid off for me.  I have been checking it daily since I installed it and noticed that my most requested page was xmlrpc.php.  Tons of data was being POSTed to it.  After a quick search, I came across a tutorial for a brute-force attack to login to a wordpress site.

wordpress xmlrpc.php attack detection with goaccess
wordpress xmlrpc.php attack detection with goaccess

I immediately logged into my VPS and renamed my xmlrpc.php file, and the attacks stopped.  Thanks, goaccess.

goaccess web access log analyzer

Back when I was a freelance web designer,  I hosted most of my sites via a reseller account I had with Hostgator.  I was really pleased with the service.  They used cPanel, which in my opinion is very feature rich and easy to use.  It is the next best thing to a VPS.  Hostgator also provided the all-important awstats traffic analyzer.  I still think awstats is an extremely good access log analyzer,  parsing the log in every conceivable way and producing easy to understand graphs.

example of awstats
example of awstats

Setting up awstats on a server can be a pain, especially if you have several virtual hosts.  I just wanted something simple to check the traffic for this blog.  After contemplating writing my own analyzer, I decided to go with goaccess.  I followed this tutorial on digitalocean, and I am very pleased so far.

goaccess web access log analyzer
goaccess web access log analyzer

I manually went through parts of the access log, and obviously I have some bots from an ip address in hong kong trying to post bogus data to scripts that dont exist.  They didn’t get anything.

ip in hong kong POSTing bogus data to my webserver
ip in hong kong POSTing bogus data to my webserver

goaccess does just about everything I am interested in:  top pages, bandwidth, OS, browser, and referrers.  I highly recommend it.

DIY Home security with Raspberry pi zero w + Perl

I got a ring doorbell for Christmas.  It was a very thoughtful gift and I gotta admit it is very slick.  However, for some time, I have been using a home made security system based on the raspberry pi zero w and perl.

home made home security node based on pi zero w
home made home security node based on pi zero w

I designed it so that each node sends udp messages to a udp + LAMP server. I can view all the events on the server’s web interface.

UDP server receiving message from a node
UDP server receiving message from a node

The front-door node also has a TMP36 temperature sensor read by an MCP3008 adc, and a raspberry pi camera.  When the door is opened, it takes a picture two seconds later, and uploads it to the LAMP server.

diy home security web interface
diy home security web interface

I set up port forwarding on my ISP router so I can view my LAMP server from anywhere.

The udp client and server scripts are incredibly simple.

perl udp client script
perl udp client script
perl udp server script
perl udp server script
tmp36 + MCP3008 schematic
tmp36 + MCP3008 schematic
entry contact and LCD schematic
entry contact and LCD schematic

I go into somewhat more detail on my hackster account.  Off-the-shelf home security and automation products are fairly inexpensive and easy to set up nowadays, but for me, it’s just so much fun to build my own from scratch.

pine64 as a terminal server via UART

Still working on the maker space and expanding my networking lab.  I added a cisco 1721 router with a 10-base T wan interface card and a serial 1T WIC in addition to the built-in fast ethernet interface.  I also added an old cisco 2514 with two built-in AUI (ethernet) interfaces and two serial interfaces.

Cisco 1721 and 2514 routers
Cisco 1721 and 2514 routers

The computer at my work bench doesn’t have a serial interface that I can connect to the routers’ console interfaces, and I was too lazy to go get my usb to serial converter out of my van; especially when I had my pine64 nearby with an rs-232 to TTL converter.  I fired up my pine64 and connected the rs-232 to TTL converter to the UART pins on the pi-2-bus.  The converter and the console port of the routers are both DTE devices, so a null-modem (serial crossover) cable / adapter are necessary.  I hooked it all up like so:

Pine64 as a simple terminal server
Pine64 as a simple terminal server

Here you can see I have my pine64 connected to a cisco console cable via a null modem adapter and a gender changer.  First I had to ssh into the pine.   Now to install screen on my pine64.


sudo apt-get install screen
sudo screen /dev/ttyS2 9600

The second command tells screen to use ttyS2, which is the serial interface that is on the pi-2 bus and use 8-N-1 and 9600 baud. Now I’m in.

cisco router IOS command line interface
cisco router IOS command line interface

multipurpose J-K flip-flop circuit using an SN74LS109AJ

Since the new year, I have been working on setting up a maker space in my garage.  It’s coming along pretty good.  I set up some lights and receptacles on my existing utility counter top, and extended my wired network to a wall-mounted rack where I have some of my networking lab already installed.

home maker space
My home maker space

While organizing my tools and components, I came across a bunch of different IC’s that I didn’t know I had like the 74LS109AJ dual J-K-not flip-flop.

SN74LS109AF dual JK filp-flop
SN74LS109AF dual JK filp-flop

These can be very useful for a number of applications.  Back in school,  I used several of these in tandem to increment memory addresses in EEPROM’s.  Here is a small example of such a circuit using the 555 timer circuit I recently built.

JK flip flop truth table
JK flip flop truth table

Basically, I wired up the IC to toggle.  I used the output of the 555 astable multivibrator circuit as clk input to filp-flop one, and then had Q1 as input to flip-flop two.  It basically divides the frequency of the 555 twice.

555 timer and JK flip-flop breadboard
555 timer and JK flip-flop breadboard
binary counter with 555 and JK flip-flop
frequency divider with 555 and JK flip-flop