Posts Tagged ‘default’

Newer Entries »

Howto remote access Windows PC which is behind Vivacom ADSL (Commtrend SmartAX MT882 router) modem with VNC server

Wednesday, May 11th, 2011

I had been assigned the not easy task to make a Windows XP Pro which is located behind an ADSL modem to be remotely accessible via VNC

The Windows is connected to the Bulgarian Vivacom Intrnet provider through their ADSL service and hence there is an ADSL router modem which is configured to disallow all inbuond connections by default.

The Windows Pro PC where the VNC server was needed to be accessible did not have a real IP address (e.g. was assigned a virtual IP address by the ADSL modem.

The exact ADSL model used to connect the computer via a lan cable to the internet was Huawei SmartAX MT882

As the device is owned by Vivacom (the ex BTK tele communication company) I did not have any admin user and pass credentials for the ADSL modem to configure the ADSL router to do a port NAT forwarding of port 5800 and 5900 used by the VNC software I installed on the PC (TightVNC)

Nevertheless the missing user and password I decided to check in google if I can find some default passwords that Vivacom ADSL modems are configured to work with

After a few minutes spend in Google I already had found few passwords which were said to work fine with the Vivacom ADSL router.
Here are the passwords I found for the Vivacom ADSL Internet modems:

ZTE ZXDSL 832
username: root
password:GSrootaccess

ZTE ZXDSL 831
username:root
password:GSrootaccess

ZTE
username:root
password:831access

Huawei SmartAX MT882
username:root
password:MT882rootaccess

ZTE ZXDSL-531b
username: root
password:warmWLspot

I tried some old school brute force techniques 😉 by trying all the passwords via the ADSL web interface located on http://192.168.1.1 (I was not sure which model the Vivacom ADSL modem is as on the router there was nothing written concerning the modem type but only the Vivacom logo was present.

After a bit of time I already knew that the ADSL modem model, user and pass was:

Huawei SmartAX MT882
-------------------------------
user: root
pass: MT882rootaccess

My next step was to configure port forwarding for the SmartAX MT882 ADSL in order to achieve from modem’s web administrator I had to follow the menus:

Advanced Setup -> Virtual Servers

ADSL virtual servers menu screen

Next in the NAT — Virtual Servers section I pressed the Add button to create new automatic redirection (port forwarding) rule.

Virtual Server port forwarding screenConfiguring ADSL SmartAX MT882 TightVNC NAT port redirection screenTightVNC requires also NAT port redirection rule for port 5900 in order to be able to connect to the VNC server behind the dsl, so analogically I added a Virtual Server NAT rule for port 5900.

Note that the private IP address of the Windows host was assigned by the ADSL router to the ip 192.168.1.3

Further on I expected the adsl port forwarding created rule would now allow me to connect to the VNC server on the pc located behind the dsl firewall, but I was wrong… even though all seemed to be configured just fine in the ADSL router still the port unmbers 5800 and 5900 were showing up as closed during nmap scan as well as a simple telnet connection to port 5800 and 5900 failed to get established.

My logical assumption was that some configured Firewall on the Windows PC is blocking port connections to 5800 and 5900 thus I decided to check the default Windows Firewall settings as a first possible cause for the vnc ports being blocked.

I did that via the Windows menus:

Start -> Settings -> Control Panel -> Windows Firewall

However weirly enought it seemed the Windows Firewall was disabled e.g. the Off (not recommended) option was set for the firewall.

A bunch of other lookup over all the running system and services on the windows hosts I have found the PC is protected by NOD32 Antivirus – Personal Firewall

The default behaviour of NOD32’s Persnal firewall was extremely restrictive and I found it’s causing a port filter of the 5800 and 5900 vnc connection ports.

To solve the filtering nod32 did I had to open NOD32 and navigate to the following menus:

Setup -> Personal Firewall -> Configure rules and Zones

In the Zone and rule setup menu config window I had to further press on:
New button to add new personal firewall rule.

In the New rule: menu I filled in the following info:
In the General tab:

Name: vnc
Direction: Both
Action: Allow

In the tab Local

I pressed over the Add Port

Number: 5800

in the Remote tab once again I had to fill in:
Number: 5800

Then to confirm settings just pressed OK

Next on I added in the same manner an allow rule for port 5900.

After this settings I restarted the NOD32 firewall to make sure the new settings takes place by pressing over the Personal firewall button Disable filtering: allow all traffic and right after enabling the firewall once again.

Now remote tightvnc connections to the Windows XP Pro pc works like a charm once again, Thanks God 😉

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in System Administration, Various | 1 Comment »

How to fix wicd 1.7.0+ds1-5 Connection Failed: Bad Password on Ubuntu 10.10 (Maverick Merkaaat)

Tuesday, May 3rd, 2011

I’ve been struggling with fixing a nasty error with wicd network manager for about 2 hours.
The exact error message I faced was:

Connection Failed: Bad Password

The issue occured after some suggested updates from the Ubuntu graphical update tool.
The wireless network to which it was connected was a WPA-PSK (WPA2) Passphrase authentication.
The network key was properly typed in and was working well on another system so the error Connection Failed: Bad Password made no sense.

There was nothing unusual in /var/log/wicd/wicd.log , that made me even more curious about what might be causing the error.After a lot of try outs and a lot of readings and tests I finally got the cause of the weird Bad Password errors produced by wicd

Weirdly enought, somehow the Ubuntu package update tool has installed the default gnome network-manager package.
The installed network-manager package has mismatched somehow the way wicd connects to wireless networks and as a cause the wpa_supplicant binary was not properly invoked.

As a consequence of the network-manager being present on the system the wpa_supplicant process which made the exact connection to the wireless network was not launching in, the exact wpa_supplicant invocation missing was:

wpa_supplicant -B -i wlan0 -c /var/lib/wicd/configurations/0022b0aa424a -D wext

Luckily the solution to the notebook wireless device unable to connect to the Wireless network was simple.

All I had to do is completely remove all occurance of network-manager packages installed on the Ubuntu system, by issuing the commands:

ubuntu:~# apt-get remove --yes network-manager
ubuntu:~# dpkg --purge network-manager-pptp-gnome network-manager-pptp network-manager

The reason for issuing the a dpkg –purge command was my desire to completely get rid of all kind of network-manager related configurations.

Now after re-connecting with wicd wireless manager, it worked fine 😉

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Linux, Linux and FreeBSD Desktop | 17 Comments »

Getting around “Secure Connection Failed Peer’s, Certificate has been revoked., (Error code: sec_error_revoked_certificate)

Friday, April 8th, 2011

Certificate has been revoked, sec_error_revoked_certificate screenshot

One of the SSL secured websites (https://) which I have recently accessed couldn’t be opened with an error message showing up:

Secure Connection Failed

An error occurred during a connection to www.domain.com.

Peer’s Certificate has been revoked.

(Error code: sec_error_revoked_certificate)

* The page you are trying to view can not be shown because the authenticity of the received data could not be verified.
* Please contact the web site owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.

That error catched my attention so I digged further in what the message means. Here is what I found as an explanation to what is certificate revocation online

What is a SSL Certificate revocation

Revocation of a certificate means that the Certificate Authority (CA) that issuer of the certificate for a website have decided that the certificate is no longer valid, even if it has not expired.

The information about revocation can be distributed in two ways: Certificate Revocation Lists (CRLs), or by using the Online Certificate Status Protocol (OCSP).

CRLs are (usually) large files that contain a list with information about all the currentely active (unexpired) certificates that are no longer valid. This file has to be downloaded from the CA by the client at regular intervals (usually at least a week apart), and may be quite large.

OCSP, on the other hand, means that the client asks the CA “Is this particular certificate still valid?”, and the server responds “Yes” or “No”. This method can usually be fairly well up to date, meaning the information is at most a few days old, as opposed to at least a week for CRLs.

All the major browsers support OCSP, but some (like Opera) does not currently support CRLs.

By this time most of the modern browsers (Firefox, Chrome, Opera and Internet explorer does support revocation lists and all of the aforementioned hsa enabled at least OCSP by default.

Why SSL revocation error might occur:

A CA can revoke a certificate due to a number of reasons:

– A new certificate has been issued to the website, meaning the old one is not going to be used anymore.
– The website with the certificate is being used for purposes that are not accepted by the CA.
– The certificate was issued based on incorrect information.
– The owner is no longer able to use the private key associated with the certificate, for example the password is lost, the key storage was destroyed somehow, etc.
– The private key has been compromised or stolen, which means traffic to the site is no longer secure.
– The certificate and key have been stolen and is actually being used for fraud while posing as a legitimate website …

Now after all above being said the error:

Secure Connection Failed Peer's, Certificate has been revoked., (Error code: sec_error_revoked_certificate)

is a sure indicator that the website which had the certificate problem as a one you could not trust to make money transactions or do any operation that has a direct relation to your personal private date.

However as there are still websites which use an SSL encryption and are entertainment websites or just a news websites, sometimes getting around the ssl revocation issue to check this website is a necessity.

Therefore to enable your Firefox 3.5 / Iceweasel browser with a website which has ssl certificate revocation issue you need to do the following:

Edit -> Preferences -> Advanced -> Encryption -> Validation

After you see the Certificate Validation screen remove the tick set on:

Use the Online Certificate Status Protocol (OCSP) to confirm the current validity of certificates

Now refresh the website and you will skip the certificate revocation issue error and the webpage will open up.
Note that even though this will work, it’s not recommended to use this work around!

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Various, Web and CMS | No Comments »

Speed up your DNS resolve if your Internet Service Provider DNS servers fail or resolve slowly / Privacy concerns of public DNS services use

Wednesday, March 30th, 2011

In my experience with many network Internet Service Providers by so far I’ve encountered a lot of DNS oddities and therefore surfing (web) and mail slowness.

It’s sometimes very irritating especially in cases, when I use my internet over Wireless public or university wireless networks.
In principle many of the Wireless routers which distribute the internet especially in organizations are badly configured and the slowness with DNS resolvings is an absolute classic.
If you haven’t encountered that slowness in opening web pages when connected from your University’s canteen, whether it’s fill with people for the lunch break, then I should say you’re really lucky!

My personal experience with this bad configured devices DNS services has been quite negative and every now and then I use to set and use public DNS servers like OpenDNS and Google DNS

Very often when I connect to a wireless network with my notebook running Debian Linux and the internet is too slow in opening pages I automatically set the Google or OpenDNS servers as a default DNS IP resolving servers.

1. DNS IP addresses of Google Public DNS are:

8.8.8.7
and
8.8.8.8

2. OpenDNS Public DNS servers has the IP addresses of:

208.67.222.222
208.67.222.220

I do set up and use the upper public DNS services addresses via the commands:

3. Set and use Google Public DNS services on my Linux debian:~# cp -rpf /etc/resolv.conf /etc/resolv.conf.orig
debian:~# echo "nameserver 8.8.8.7n nameserver 8.8.8.8 n" > /etc/resolv.conf;

I first create backu pof my resolv.conf under the name resolv.conf.orig just to make sure I can revert back to my old DNSes if I need them at some point.

If you prefer to use the OpenDNS services for some let’s say privacy reasons, you do it in the same manner as in the above commands, you only change the IP addresses. 4. Configure and use the OpenDNS public DNS services

debian:~# cp -rpf /etc/resolv.conf /etc/resolv.conf.orig
debian:~# echo "nameserver 208.67.222.222n nameserver 208.67.222.220 n" > /etc/resolv.conf;

Of course using Public DNS services has it’s disadvantages over the domain resolving speed up advantage.
One major issue is that Public DNS services are running on a top of a cloud and if you have red my previous article Cloud Computing a possible threat to users privacy and system administrator employment you might be agaist the idea of using a services which are powered by cloud.

The other primary concern is related to your SECURITY and a PRIVACY by using Public DNS networks, you risk that your Public DNS provider might use some DNS spoof techniques to mislead you and resolve you common domain names which usually resolve to let’s say 1.1.1.1 to let’s say 1.5.5.10

Even though this kind of practices on a side of a public DNS provider is not a likely scenario the possible implications of Public DNS providers using DNS forgery to fool you about domain names locations is a very serious issue.

As public DNS providers does contain again the good old philosophy of cloud computing embedded in themselves and they strive to become some kind of a standard which people might vote to adopt and use, the future implications of a wide adoption of Public DNS servers might be a terrible thing on internet users privacy!!!

Just think about a future scenario where we users of the Internet are forced to use a number of public DNS servers in order to use the Internet!
Usually a very huge companies are possessing the Public DNS services and do pay for the tech equipment required for building up the cluster clouds which provide the DNS services and therefore, if in the short future public DNS becomes a fashion and (God forbid!) a standard which shifts up the regular ISP DNS servers to resolve domains to IPs then it will be terrible.

The corporations which does own the Public DNS service/s might have a direct control over filtering and censoling information posted on any website on the internet.
Even worser if the world decides to adopt public DNS services somewhere in the future this means that large corporations owning the open dns cluster or clusters will be able to check each and every resolving made by any user on the net.
If you think closely such an information possessed by a company is not the best thing we want.

So let me close up this article, I’m not a fan and an evangelist who preaches the use of Public DNS services. Right on Contrary I do honestly hate the idea behind public DNS.
Nevertheless apart from my personal opinion I’m a practical person and using the public DNS servers every now and then when this will accelerate my access to the internet is still an option I do enjoy.

Maybe it’s time for a free software project (a tor like), which will provide users with an OpenDNS alternative which will run on hobbyist computers around the globe (just like with tor).

What’s rather funny is that the loud name OpenDNS is a big lie in reality OpenDNS is not opened it’s a company owned closed source service 😉

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Linux, Linux and FreeBSD Desktop, System Administration | 1 Comment »

Fix weird problem with Apache default encoding (AddDefaultCharset) not taking effect on FreeBSD with Apache version (2.0.63)

Tuesday, March 23rd, 2010

I encountered a weird problems a couple of minutes before. I tried to put some text files written in UTF-8 which contain cyrillic in the file names as well as the content the files has in my Apache directory listing. Trying that produced a lot of “alien symbols” for both file names and file content.
I have to admit that wasn’t exactly what I expected. I’ve checked my /usr/local/etc/apache/httpd.conf just to find out I already have the:

AddDefaultCharset utf-8

within in the configuration, I thought that somehow Apache could have difficulties applying that rules for the custom Virtualhost and therefore give the directive a try locally in the VirtualHost. Grievously that didn’t produced any positive result. That’s why I decided to check if somebody has experienced the same weird behavior and I stumbled on this wondeful blog post .
In short on the plug and pray’s blog … Wait and moment plug and pray? Yes you read that correctly it’s plug and pray :), on that blog it’s explained that newer versions of Apache 2.2.4 as this is the version the blogger talks about as well as the latest Apache release has an issue with AddDefaultCharset not working anymore. Fortunately the issue with the AddDefaultCharset not taking effect in Apache no more is easily solved. All that needs to be done is including the:

IndexOptions Charset=UTF-8

Within Apache conf file. In my case on FreeBSD I had to include that in /usr/local/etc/apache2/httpd.conf after which all worked perfectly fine and I can see all my cyrillic symbols showing anew.

Tags: , , , , ,
Posted in FreeBSD, System Administration | No Comments »

Solution to a problem with VirtualHosts on Debian Lenny (Default Virtualhost opening by default overwritting the rest of the configured VirtualHosts)

Wednesday, February 17th, 2010

Configuring some Virtualhosts on a Debian server I administrate has led me to a really shitty problem. The problem itself consisted in that nomatter what kind of the configured VirtualHosts on the server I try to access the default one or the first one listed among Virtualhosts gets accessed. Believe me such an Apache behaviour is a real pain in the ass! I went through the VirtualHosts configurations many without finding any fault in them, everything seemed perfectly fine there. I started doubting something might prevent VirtualHosts to be served by the Webserver. Therefore to check if VirtualHosts configurations are properly loadedI used the following command:

debian-server:~# /usr/sbin/apache2ctl -S

Guess what, All was perfectly fine there as well. The command returned, my webserver configured VirtualHosts as enabled (linked) in: /etc/apache2/sites-enabled I took some time to ask in irc.freenode.net #debian channel if somebody has encountered the same weirdness, but unfortunately noobody could help there. I thinked over and over the problem and I started experimenting with various stuff in configurations until I got the problem.

The issue with non-working Virtualhosts in Debian lenny was caused by;
wrong NameVirtualHost *:80 directive
It’s really odd because enabling the directive as NameVirtualHost *:80 would report a warning just like there are more than one NameVirtualHost variable in configuration, on the other hand completely removing it won’t report any warnings during Apache start/restart but same time VirtualHosts would still be non-working.

So to fix the whole mess-up with VirtualHosts not working I had to modify in; my /etc/apache2/sites-enabled/000-default as follows;

NameVirtualHost *:80 changes toNameVirtualHost *

The rest of the Virtualhost stays the same;
This simple thing eradicated the f*cking issue which tortured me
for almost 3 hours! ghhh

Tags: , , , , ,
Posted in System Administration | 4 Comments »

Howto to detect file encoding and convert default encoding of given files from one encoding to another on GNU/Linux and FreeBSD

Sunday, February 7th, 2010

I wanted to convert an html document character encoding to UTF-8, to achieve that of
course it was first needed to determine what kind of character encoding was used in
creation time of the file.
First thing I tried was:

hipo@noah:~/Desktop/test$ file File-Whole.htm
File-Whole.htm: HTML document text

as you can see that’s shit cause for some reason mime encoding is not printed by the file
command.
Next what I tried was:
hipo@noah:~/Desktop/test$ file --mime File-Whole.htm1File-Whole.htm1: text/html; charset=unknown-8bit

Here you see that character encoding is reported as charset=unknown-8bit which
ain’t cool at all and is of no use and prompts an error if I try it in iconv
Here is why I needed concretely to determine what kind of character set my file uses to later
be able to convert it using iconv .
To achieve my goal after consulting with Mr. Google , I found
out about enca — detect and convert encoding of text files
It’s obviously my lucky day because good guys from Debian has packaged enca so, everything came to the point of
apt-getting it.
# apt-get install enca

On FreeBSD enca port is available, so installing it cames simply to installing it from port tree.
Here is how:
pcfreak# cd /usr/ports/converters/enca;pcfreak# make install clean

Now I tried launching enca directly without any program parameters, but I was unlucky:

hipo@noah:~/Desktop/test$ enca file-Whole.htm
enca: Cannot determine (or understand) your language preferences.
Please use `-L language', or `-L none' if your language is not supported
(only a few multibyte encodings can be recognized then).
Run `enca --list languages' to get a list of supported languages.

I gave it another try, following prescribed usage parameters though I first checked my possibility
as a languages I can pass by to enca’s -L parameter.
Preliminary knowing that my text contains text in Bulgarian language, it wasn’t such a big deal
for me to determine the required language:

hipo@noah:~/Desktop/test$ enca -L bulgarian File-Whole.htm
transformation format 8 bits; CP1251

Knowing my character set all left for me was to do do the convert to UTF-8 to make text,
much more accessible.

hipo@noah:~/Desktop/test$ iconv --from-code=unknown-8bit --to=UTF-8 File-Whole.htm > File-Whole.htm.new
hipo@noah:~/Desktop/test$ mv File-Whole.htm.new File-Whole.htm

Well here we are conversion mission accomplished 🙂

Tags: , , , ,
Posted in FreeBSD, Linux and FreeBSD Desktop, System Administration | 6 Comments »

Disable default Thunberbird annoying Display Images blocking (Display Pictures in Thunderbird by default)

Friday, September 11th, 2009

Since quite some time I’m experiencing this annoying behaviour on side of Thunderbird. Every time I receive a new mail which includes embedded html code with pictures, Thunderbird blocks them until I explicitly select the picture and allow it to display or either allow picture displaying for the whole domain for the future references. Today I decided at last to put an end to this boredom and look for a solution.
Here is the way I changed this terrible behaviour:
1. Go to Thunderbird “Edit -> Preferences -> Advanced -> General -> Config Editor”2. Look for the variables record mailnews.message_display.disable_remote_imageuse the mouse to select “toggle” value to switch the default value from”true” to “false”.That should be it. END—–

Tags: , , , , ,
Posted in Linux and FreeBSD Desktop, System Administration | 1 Comment »

Fix to annoying reoccuring problem “Enter password for default keyring to unlock”

Monday, February 8th, 2010

About a week and a half, everytime I do start my epiphany browser a really annoying prompt
occurs. Here is a screenshot of the gnome default keyring to unlock I was required to fill in,
everytime I started epiphany.
keyring prompt picture

I know one possible solution was to completely eradicate gnome-keyring package, however
that is definitely not a wise idea.
To fix this mimor though annoying issue I did the following:

1. Opened gnome-control-center (e.g. pressed alt+f2 and issued the gnome-control-center command)
2. Next find the "Encryption and Keyrings" menu and click on it
3. On the "Encryption and Keyrings" submenu "PGP Passphrases" I had to select
"Always remember passphrases whenever logged in This is it, the annoying prompt won’t bother you anymore!
🙂

Tags: , , , , ,
Posted in Linux and FreeBSD Desktop | 1 Comment »

Newer Entries »