• Abusive IP ranges blacklist


    Make sure this makes sense for you but I've started to block a lot of commercial Cloud services and easily accessible providers as they are a very high source of abusive traffic. The cost savings for a lot of organizations are huge, as you now have less bandwidth usage and less resource usage from garbage/bot/malicious traffic. This mainly works for when you can be reasonably sure that your audience has no business visiting your service(s) from freely accessible commercial IP ........
  • Apache Error Won't start SSL Cert Issue Solution Unable to configure verify locations for client authentication SSL Library Error: 151441510 error:0906D066:PEM routines:PEM_read_bio:bad end line SSL Library Error: 185090057 error:0B084009:x509 certif


    [Wed Nov 01 18:47:08 2023] [error] Unable to configure verify locations for client authentication [Wed Nov 01 18:47:08 2023] [error] SSL Library Error: 151441510 error:0906D066:PEM routines:PEM_read_bio:bad end line [Wed Nov 01 18:47:08 2023] [error] SSL Library Error: 185090057 error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib It actually gives us a good clue that at last one component of our cert is invalid/improperl........
  • 2024 Buyer's Guide: How to Choose and Buy the Best VPS/VDS for Your Needs - Tips and Strategies


    In today’s digital landscape, finding a reliable and secure Virtual Private Server (VPS) or Virtual Dedicated Server (VDS) goes beyond just comparing specs and prices. With increasing concerns over data privacy, security breaches, and government surveillance, the wisdom of choosing your VPS/VDS provider based on juri........
  • apache2 httpd apache server will not start [pid 22449:tid 139972160445760] AH00052: child pid 23248 exit signal Aborted (6) solution Mint Debian Ubuntu Redhat


    If you get this error, it is often because you have configured Apache with modules that weren't actually installed. Eg. you try to load the PHPmodule but didn't actually install the apache2 php module, so the server can't start. In general, this error can often be caused by issues with problematic modules and/or Apache being configured for modules that have not actually be installed (eg. libapache2-mod-php) is missing. The above results in this less than obv........
  • Loaded: masked (Reason: Unit hostapd.service is masked.) Solution in Linux Debian Mint Ubuntu


    If you are getting this error from systemctl "Loaded: masked (Reason: Unit hostapd.service is masked.)" we need to unmask the service. Solution systemctl unmask hostapd Removed /etc/systemd/system/hostapd.service. It's fixed root@routerOS:/var/log# systemctl start hostapd root@routerOS:/var/log# systemctl status hostapd ● hostapd.service - Access point and authentication server for Wi-Fi and Ethern........
  • ssh Too many authentication failures not prompting for password


    If you get this error when trying to SSHto a device or machine and you never even got a password prompt: Too many authentication failures This means that either the remote side is configured for key auth only, OR your client side may be attempting to auth using mulitple keys, and that exceeds the amount of attempted authorizations on the remote ssh server. If the issue is trying to auth too many times which ssh defaults to sending the keys to, you ca........
  • How To Create OpenVPN Server for Secure Remote Corporate Access in Linux Debian/Mint/Ubuntu with client public key authentication


    Why choose OpenVPN instead of a firewall appliance? OpenVPN can be a reliable and easy replacement for traditional hardware or just be an additional tool that your company uses so that the firewall can focus on its job rather than acting as a VPNappliance at the same time. When comparing OpenVPN with traditional firewal........
  • ssh-keygen id_rsa private key howto remove the passphrase so no password is required and no encryption is used


    The key is that you need to know the passphrase to do it, if you don't know the password for the key then you can't remove the key since it cannot be decrypted. ssh-keygen is the easiest method and openssl can be used to manually remove the key and output it to a new file, which you can then copy back over top of the encrypted file. After that your public key authentication will work without any password prompt because it is no longer encrypted. Make sure you understand........
  • Ansible Tutorial - Playbook How To Install From Scratch and Deploy LAMP + Wordpress on Remote Server


    1. Let's work from an environment where we can install Ansible on. If you are using an older version of Linux based on Mint 18 or Ubuntu 16, you may want to get the PPA and get the latest version of Ansible that way: sudo apt install gpg sudo add-apt-repository ppa:ansible/ansible sudo apt update........
  • Cisco Router Password Reset Howto Guide Solution Cannot Login /Unknown Enable Password 2600, 2800, 2900, 3900


    It is common that you may get access to undocumented equipment and need to reset the password. This applies to many Cisco routers whether 2600, 2900, 3900 etc... Cisco's Guide says to hit Ctrl +Pause/Break but if it doesn't work on some devices causing people to say "cisco password reset pause break does not work", you can see Cisco's alternative key combinations here:........
  • Juniper JunOS Command Overview and Howtos Switch, Router, Firewall Tutorial Guide


    Enable "cli" mode equivalent in JunOS cli Configure Mode configure So rather than going to the console on a Cisco switch and typing "enable" and then "conf t", the equivalent in JunOS is "cli" and "configure". How Do You Apply Changes You've Made? You can make all kinds of changes to the switch, but remember they are not........
  • Asterisk Does Not Retry When Authentication Fails


    When authentication times out that is one thing, but when it just fails like below Asterisk by default will not re-register until you the admin reload the sip or asterisk server: voipserver*CLI> sip show registry Host dnsmgr Username Refresh State&........
  • ssh Received disconnect from port 22:2: Too many authentication failures


    If you are getting this error it is usually caused by having more than 5 keys in your ".ssh" directory. It is a bit of a bug and this is how it manifests itself. You will find at this point that you are not given any chance to enter a password, or if you are using key based auth that the same thing happens. You'll also find that this is happening with ALLservers you try connecting to. The solution is to move away key pairs from .ssh so that there ar........
  • MySQL 5.7 on Debian and Ubuntu - How To Reset Root Password


    MySQL on Debian versions is configured differently than the native local MySQL plugin so you will be disappointed when your password on the mysql client fails by default. Here is how you reset the MySQL root password the proper and "working way" #first we gracefully stop mysql sudo systemctl stop mysql; #then we forcefully kill any mysqld process just in case sudo killall -9 mysqld mysqld_safe;........
  • MariaDB / MySQL Reset Root Forgotten Password on Centos 7


    mysql reset root password. Oops I can't remember my MySQL root password! [root@centos7test etc]# mysql -u root -p Enter password: ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) First we need to stop mariadb: systemctl stop mariadb Now we need to restart it with skip-grant-tables whic........
  • Cisco Unified Communications Manager 12 Install Errors on Proxmox/KVM


    The strange thing is that usually the first install or two will work on any new machine but then it suddenly won't. I had this experience on QEMU 2.13 on a different machine. There is something finicky or buggy about the CUCM installer even when choosing the same virtual hardware specs. qemu-kvm command: /usr/libexec/qemu-kvm -version QEMU PC emulator version 0.12.1 (qemu-kvm-0.12.1.2-2.506.el6_10.1), Copyright (c) 2003-2008 Fabrice Bellard ........
  • Debian 9 SSH root password authentication failure password not working problem / solution


    In Debian a lot of times SSH disables the root user to login by password by default. This means you will get an authentication failure as if you typed in the wrong password. The logs also indicate the password is wrong but what is often the case is in the config file Check /etc/ssh/sshd_config cat /etc/ssh/sshd_config|grep -i permitrootlogin Make sure it says: PermitRootLogin yes If not change it and restart SSH........
  • How Does Cisco CUCM (Cisco Unified Communication Manager) Work?


    Cisco's CUCM (Cisco Unified Communication Manager) is a system that combines voice, video, data and mobile products into a single unified management suite. At its core, the CUCMis like a "Super PBX" that controls the flow of all communications through an organization even single or multiple site deployments. Cisco's CUCMmakes communication more effective and simple through centralized management and unification of communications resources.........
  • Firefox An error occurred during a connection to some-ip-or-domain. SSL peer reports incorrect Message Authentication Code. Error code: SSL_ERROR_BAD_MAC_ALERT Solution


    An error occurred during a connection to some-ip-or-domain. SSL peer reports incorrect Message Authentication Code. Error code: SSL_ERROR_BAD_MAC_ALERT The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. **Solution** Go to about:config........
  • VMWare 6.7 VCSA VSphere ESXi Management SSO Install Guide on Linux using the CLI


    #mount the VCSA DVD mount /dev/sr0 /mnt/cd #alternatively you could mount the iso directly mount -o loop vcsa.iso /your/mount/path #for this purpose we are using the CLI installer on Linux cd /mnt/cd/vcsa-cli-installer/lin64 #no it's not going to be that easy you can't just run vcsa-deploy like that you need to use a template or configured .json file ./vcsa-deploy Usage: vcsa-deploy [-h] [--version] [--supported-deploymen........
  • postfix errors fatal: no SASL authentication mechanisms /usr/libexec/postfix/smtpd: bad command startup -- throttling solution


    Jul 3 22:12:17mailserver postfix/smtpd[6195]: fatal: no SASL authentication mechanisms Jul 3 22:12:18mailserver postfix/master[4881]: warning: process /usr/libexec/postfix/smtpd pid 6195 exit status 1 Jul 3 22:12:18mailserver postfix/master[4881]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling This only ever happens in my experience when the authentication method is actually Dovecot. Usually the problem........
  • Prevent SSH Bruteforce and Hacks By Disabling Password Authentication


    One simple way to keep your server public but almost impossible to hack via SSHis to disable password authentication over SSH. This means the only way in is via your own private key that only you should have. Edit your /etc/ssh/sshd.conf file Set this option PasswordAuthentication no Restart your SSH server. service sshd restart ........
  • error: Could not locate RPC credentials. No authentication cookie could be found, and no rpcpassword is set in the configuration file Bitcoin Litecoin Error


    error: Could not locate RPC credentials. No authentication cookie could be found, and no rpcpassword is set in the configuration file This is usually because the .cookie file cannot be read by the user you are running Litecoin or Bitcoin client/daemon as. You can adjust the permissions of the file so that the user or group they are apart of has read permissions. ........
  • Authentication refused: bad ownership or modes for directory /home/user SSH Public Key Authentication Failed Solution


    First of all I got this error after accidentally messing up my usergroup by using usermod -G user group When I would login using SSHkeys it would fail: sshd[2020]: Authentication refused: bad ownership or modes for directory /home/one No worries, the fix is simple! chmod g-w /home/use........
  • Disable SSH Password Authentication to Increase Security and Harden SSH Linux Unix Server Ubuntu Mint Centos Debian


    Just a note before you do this you should have a sure, guaranteed way into the system such as local, KVMor preferably publickey making bruteforce SSH absolutely impossible since there is no password to bruteforce and even if someone knew the password they wouldn't be able to login except from the local console (presumably you should make sure no one unauthorized has physical access). 1. Edit /etc/ssh/sshd_config Find the section like this:........
  • sshd[10470]: Authentication refused: bad ownership or modes for directory /root


    This can be a case of bad permissions or modes as the error says. Normally one would assume permissions but often a script may change ownership of /root to something else. This was the case half the time I've encountered this. So in short make sure ownership is correct chown -R root.root /root........
  • heartbeat cross talk


    I do not understand why heartbeat would try to communicate with another system not considered part of the node: heartbeat: [8280]: WARN: string2msg_ll: node [otherbox.com] failed authentication ........
  • Asterisk iptables block bruteforce attacks howto with fail2ban


    yum -y install fail2ban vi /etc/fail2ban/jail.conf [asterisk-tcp] enabled = true filter = asterisk action = iptables-multiport[name=asterisk-tcp, port="5060,5061", protocol=tcp] sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com] logpath = /var/log/asterisk/messages maxret........
  • SSH Can't Login/Hang


    Client Log OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 192.168.1.253 [192.168.1.253] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/identity type -1 debug1: identity file /root/.ssh/id_rsa type 1 debug1: identity file /root/.ssh/id_d........
  • Disable SELinux How To Tutorial Solution


    Here is a quick script that works on most Centos versions to disable the virus/SELinux from blocking basic functionality. The first echo 0 statement disables SELinux instantly but it will still be enabled on reboot. The second line disables it permanently. #!/bin/bash #disable SELinux Immediately echo 0 > /selinux/enforce #disable SELinux Permanently sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config........
  • MySQL Authentication fails after Upgrade to Version 5.5


    ERROR 1045 (28000): Access denied for user 'contentmanager'@'localhost' (using password: YES) For fun I thought I'd reset the password: GRANT ALL ON thecontent.* TO contentmanager IDENTIFIED by 'dfdfsdfdsfsdfsd'; ERROR 1470 (HY000): String 'contentmanager' is too long for user name (should be no longer than 16) This is ridiculous that this new version has some bizarre 16 character username limit and not only that but i........
  • SSH error slow login debug1: An invalid name was supplied Cannot determine realm for numeric host address - Solution


    debug1: An invalid name was supplied Cannot determine realm for numeric host address debug1: Local version string SSH-2.0-OpenSSH_4.3p2 Debian-9etch3 debug1: An invalid name was supplied Cannot determine realm for numeric host address debug1: An invalid name was supplied A parameter was malformed Validation error Solution, disable auth from the ssh client (this is a client side error)........
  • vino crashed/stopped working, restart vino manually without rebooting


    The normal solution would be as follows: export DISPLAY=:0.0 /usr/lib/vino/vino-server & But what happens if that doesn't work? I haven't been able to find much documentation about how to find the list of displays and how their numbering works in Xorg. Sometimes you'll get this error when trying to restart vino: Cannot open display: For some reason my display is not on 0.0........
  • sshd[9217]: Authentication refused: bad ownership or modes for file /root/.ssh/authorized_keys


    sshd[9217]: Authentication refused: bad ownership or modes for file /root/.ssh/authorized_keys I made sure the entire .ssh subdir is owned by the user root (this is root's account); chown -R root.root .ssh chmod 600 .ssh/authorized_keys but it still doesn't work and gives me the same message sshd[7339]: Authentication refused: bad ownership or modes for directory /root chmod 700 /root........
  • FUSE/Curlftpfs mount ftp account as drive partition in Linux


    This is a great way to use your ftp server space, for example on your web hosting account (althoughI believe many hosts don't allow storage like this), but if you have a VPS/Dedicated Server etc.., this would be perfect. Imagine how easy it is to work with an ftp account that you can just mount as a normal partition or directory in Linux, it would be great for backups etc.. Name curlftpfs - mount a ftp host as a local directory Synopsis........
  • SSH Automatic/Passwordless Logon - Setup Public Key Encryption In Single Command


    This is a very simple solution, but most guides out there make you login twice (once to scp the key) and once to put the key in authorized_keys. There's no need for that. If you don't already have a ~/.ssh/id_rsa.pub just type "ssh-keygen -t rsa" and keep hitting enter until it's done :) Just use this code to easily enable passwordless login with SSHD key=`cat ~/.ssh/id_rsa.pub`;ssh user@192.168.5.25 "echo $key >> ~/.ssh/auth........
  • SSH Public Key Authentication (Login Without Passwords)


    SSH Public Key Authentication (Login Without Passwords)I've gone over this before but just a quick note! the "authorized_keys" file in ~/.ssh must be chmodded to "600" or public key authentication won't work. I guess it's kind of a security/failsafe feature that I've seen on all Linux and Unix OS's........
  • MySQL Server 3.23 won't start after switching from 4.1


    MySQL Server 3.23 won't start after switching from 4.1I was using a 4.1 alpha version of mysql-server and some how version 3.23 of the client and 4.1 of the client were also both installed! So I forced uninstalled everything because after trying and trying even though MySQL server was using the short 16byte password authentication I got some other errors. After trying with the ports and having it fail because I had existing database data I force installe........
  • MySQL Error "ERROR 1045 (28000): Access denied for user"


    This happened with a select statement which writes the result to an external file. I didn't remember the privilege "FILE" must be granted on *.* for this to work successfully, it wasn't actually an authentication issue as it implies since I was already in the SQL prompt and doing the query. SELECT some_id FROM sometable INTO OUTFILE '/tmp/result.txt'........
  • SSH Slow Login even with SSHD UseDNS no parameter


    Icouldn't understand why on one system it took a few minutes to get the SSHlogin prompt when connecting to other systems. The other systems all had the UseDNS parameter set to no, which almost always resolves the login prompt delay. The reason is Ubuntu and perhaps Debian and other distributions /etc/nsswitch.conf file Edit yours to have the "hosts" line like so (notice that files and dns are the primary resolution choice........
  • Samba SMB Error - Server not using user level security and no password supplied. tree connect failed: NT_STATUS_WRONG_PASSWORD


    Server not using user level security and no password supplied. tree connect failed: NT_STATUS_WRONG_PASSWORD That happens when trying to use smbclient to connect to a share. The weird thing is that I can authnenticate just fine from Windows XP. It is partially my mistake, I forgot this share does have a password. I've tried authenticating with the correct user and also with "Guest" because this works in Windows. In Linux I ........
  • Latest Articles

  • FreePBX 17 How To Add a Trunk
  • Docker Container Onboot Policy - How to make sure a container is always running
  • FreePBX 17 How To Add Phones / Extensions and Register
  • Warning: The driver descriptor says the physical block size is 2048 bytes, but Linux says it is 512 bytes. solution
  • Cisco How To Use a Third Party SIP Phone (eg. Avaya, 3CX)
  • Cisco Unified Communication Manager (CUCM) - How To Add Phones
  • pptp / pptpd not working in DD-WRT iptables / router
  • systemd-journald high memory usage solution
  • How to Install FreePBX 17 in Linux Debian Ubuntu Mint Guide
  • How To Install Cisco's CUCM (Cisco Unified Communication Manager) 12 Guide
  • Linux Ubuntu Redhat How To Extract Images from PDF
  • Linux and Windows Dual Boot Issue NIC Won't work After Booting Windows
  • Cisco CME How To Enable ACD hunt groups
  • How to install gns3 on Linux Ubuntu Mint
  • How to convert audio for Asterisk .wav format
  • Using Cisco CME Router with Asterisk as a dial-peer
  • Cisco CME How To Configure SIP Trunk VOIP
  • Virtualbox host Only Network Error Failed to save host network interface parameter - Cannot change gateway IP of host only network
  • Cisco CME and C7200 Router Testing and Learning Environment on Ubuntu 20+ Setup Tutorial Guide
  • Abusive IP ranges blacklist