Monthly Archives: August 2010

How-to fix Lotus Notes’ disabled TCPIP port error

Posted on by
3

Today I encountered this error message:

Error logging into server localhost: You must enable the Notes TCPIP port.

This appeared in the fat Lotus Notes client v7.0.3 running on Mac OS X Leopard (10.5).

To fix this issue, first of all, quit Notes. Then locate the Notes’ preference file attached to your current user. Mine was found in my home directory at /Users/kevin/Library/Preferences/Notes Preferences. At the end of this file, add these two directives:

TCPIP=TCP,0,15,0
Ports=TCPIP

Then relaunch Lotus Notes and switch from Island (Disconnected) location to another that will allow your client to listen to the network. In my case, Home (Network Dialup) did the trick:

Problem solved ! :)

Maildir deduplication script in Python

Posted on by
16

Some months ago I wrote a tiny Python script which scan all folders and sub-folders of a Maildir, then remove duplicate mails.

You can give the script a list of email headers to ignore while it compares mails between each others. This is particularly helpful to find duplicate mails having the exact same content but different headers/metadatas.

I created this script to clean up a Maildir folder I messed up after moving repeatedly tons of mails from a Lotus Notes database. As you can see below, the same mail imported twice contain a variable header based on the date and time the import was performed:

This variable header make mails looks different from the point of view of the script. That’s explain why I implemented the HEADERS_TO_IGNORE parameter with the default set to X-MIMETrack.

The script is available on my GitHub repository. It was tested on MacOS X 10.6 with python 2.6.2 but should work on other systems and versions as the code is really simple (and stupid).

Midnight in Paris: on-set photos of next Woody Allen movie

Posted on by
2

Last night, I was going back home from a photo trip with friends, when I spotted a film crew on Alexander III bridge in Paris. It happened to be the shooting of some scenes for the next Woody Allen movie: Midnight in Paris.

Here are some noisy photos I’ve taken with my Canon 7D and a 15-85mm f/3.5-5.6. If only I had a fast telephoto lens:(






QLC effects generator for LED panels

Posted on by
1

Here is another script I wrote some months ago. It’s called qlc-effects-generator.py. It’s a quick and dirty hack that generate chasers, groups and scenes for QLC (a QT-based DMX lighting software). It just produce XML statements you copy’n'paste in your .qxw QLC workspace file.

I used it to create some effects for my 4 el-cheapo Mac-Mah LED wider panels. This script helped me generate column and row presets of my 4×8 pixels LED matrix for some basic colors:

Here are some photos of my preliminary tests at home:

And finally photos of the panels on stage (taken by Toma Heroow during Cool Cavemen’s concert in last november):

As usual, use and hack this script at you own risks, and feel free to send me bug reports and contributions ! :)

Blocking e107 dDOS attack with fail2ban

Posted on by
3

Last month, a new security vulnerability was discovered in e107. If a fix was released quickly, some instances on the web were left unpatched. These sites are easy target for hackers script-kiddies, and a generalized dDOS attack was carry out on every e107 websites out there.

I’m no exception and the old and decrepit part of Cool Cavemen’s website still running on e107 was attacked. This was enough to crash my tiny server. Unfortunately this happened while I was on holidays. Without any time to address this issue properly, I decided to shutdown my web server. This explain why this blog and all Cool Cavemen’s websites were dead during half of july.

Now everything is back to normal (I hope), thanks to fail2ban. I created a set of rules (based on this article) to dynamically catch dDOS attempts and ban all IP addresses involved. Here is how I configured fail2ban

First, create a new empty file at /etc/fail2ban/filter.d/apache-e107ddos.conf and put the following directives there:

# Fail2Ban configuration file
# Notes.:  Regexp to catch all attemps to exploit an e107 vulnerability.
# Author: Kevin Deldycke

[Definition]
failregex = <HOST>\s-\s-\s.*\s"(GET|POST).*\/(help_us|contact|config|avd_start|\*)\.php
            <HOST>\s-\s-\s.*(Casper|b3b4s|dex|Dex|kmccrew|plaNETWORK|sasqia|sledink|indocom) Bot Search
            <HOST>\s-\s-\s.*MaMa CaSpEr
            <HOST>\s-\s-\s.*rk q kangen
            <HOST>\s-\s-\s.*Mozilla\/4\.76 \[ru\] \(X11; U; SunOS 5\.7 sun4u\)
            <HOST>\s-\s-\s.*perl post
ignoreregex =

Then update you fail2ban config file (/etc/fail2ban/jail.local in my case) with the appropriate section:

[apache-e107ddos]
enabled  = true
filter   = apache-e107ddos
port     = http,https
action   = iptables-allports
logpath  = /var/log/apache*/*access.log
maxretry = 1

Then restart your fail2ban service:

$ /etc/init.d/fail2ban restart

And you’ll start to get those nice logs:

$ tail -F /var/log/fail2ban.log
2010-06-23 16:05:37,417 fail2ban.actions: WARNING [apache-e107ddos] Ban 193.33.21.199
2010-06-23 16:05:58,113 fail2ban.actions: WARNING [apache-e107ddos] Ban 89.108.116.226
2010-06-23 16:05:58,521 fail2ban.actions: WARNING [apache-e107ddos] Ban 69.41.162.10
2010-06-23 16:05:58,541 fail2ban.actions: WARNING [apache-e107ddos] Ban 209.62.28.178
2010-06-23 16:06:03,573 fail2ban.actions: WARNING [apache-e107ddos] Ban 69.73.147.90
2010-06-23 16:06:42,975 fail2ban.actions: WARNING [apache-e107ddos] 69.41.162.10 already banned
2010-06-23 16:06:44,227 fail2ban.actions: WARNING [apache-e107ddos] 69.41.162.10 already banned
2010-06-23 16:06:54,238 fail2ban.actions: WARNING [apache-e107ddos] 69.73.147.90 already banned
2010-06-23 16:07:50,305 fail2ban.actions: WARNING [apache-e107ddos] Ban 80.55.107.74