From owner-freebsd-questions@freebsd.org Sun Mar 4 14:06:25 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 24C7CF365FD for ; Sun, 4 Mar 2018 14:06:25 +0000 (UTC) (envelope-from CQG00620@nifty.ne.jp) Received: from condef-02.nifty.com (condef-02.nifty.com [202.248.20.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7AE747C38B for ; Sun, 4 Mar 2018 14:06:23 +0000 (UTC) (envelope-from CQG00620@nifty.ne.jp) Received: from conssluserg-03.nifty.com ([10.126.8.82])by condef-02.nifty.com with ESMTP id w24DtX3R007634 for ; Sun, 4 Mar 2018 22:55:33 +0900 Received: from nifty.com (j081193.dynamic.ppp.asahi-net.or.jp [61.213.81.193]) (authenticated) by conssluserg-03.nifty.com with ESMTP id w24Dt2iv007957 for ; Sun, 4 Mar 2018 22:55:03 +0900 DKIM-Filter: OpenDKIM Filter v2.10.3 conssluserg-03.nifty.com w24Dt2iv007957 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nifty.ne.jp; s=dec2015msa; t=1520171703; bh=NrdVYvWWeQvxxNP78cGOJMzIf0i0Uiq4AD7toriFzvY=; h=Date:From:To:Subject:From; b=USnQ0SiVjVjzjOe33S/LqjE+aUns5y1h9O9ywn7J4IBvgROVpi04qVTmaUz/HzSCd fB25cuMRYrZviNbco8bukvL1332deqOqDGrJs7AmOHtza7+9wipoFSEaFElzOnX+c2 e6VR9WaNOXR44HzBe5ESaNH3azI9+sAw4znE0oTmh0YyufyQ7mDezeMZbUmkU6Rvtu JLXNEa7BYbRSVyzYUlJJwzsw9fdLfi2KGanIW/Qxq+OlI9nSAYi40E6FCQHkyu6dO7 upXjv4Yt3EeeV4QmFAQbgHSPR0r2sm9Lih+GTT7eEamBgnHjxKZbbnLZ6abigiCQ6r Byw20rvBQCPxg== X-Nifty-SrcIP: [61.213.81.193] Message-Id: <201803041355.w24Dt2iv007957@conssluserg-03.nifty.com> Date: Sun, 04 Mar 2018 22:55:02 +0900 From: WATANABE Kazuhiro To: freebsd-questions Subject: Cannot see anything in the Preview field which is a new bug description on FreeBSD Bugzilla User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI/1.14.6 (Maruoka) FLIM/1.14.9 (=?ISO-2022-JP-2?B?R29qGyQoRCtXGyhC?=) APEL/10.8 Emacs/25.3 (amd64-portbld-freebsd10.3) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Mar 2018 14:06:25 -0000 Hi. I have tried to write a new bug report on FreeBSD Bugzilla. I can write a description in the "Comment" field, but cannot see anything in the "Preview" field before clicking the "Submit Bug" button. In the "Preview" field: Firefox: show nothing. IE: show a string "null". But when I write an additional comment for a existing bug report, the "Preview" field shows a sentence properly. Does anyone occur the similar problem? --- WATANABE Kazuhiro (CQG00620@nifty.ne.jp) From owner-freebsd-questions@freebsd.org Mon Mar 5 07:31:09 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6BF19F38BB0 for ; Mon, 5 Mar 2018 07:31:09 +0000 (UTC) (envelope-from ml@netfence.it) Received: from smtp205.alice.it (smtp205.alice.it [82.57.200.101]) by mx1.freebsd.org (Postfix) with ESMTP id DD4D76813D for ; Mon, 5 Mar 2018 07:31:08 +0000 (UTC) (envelope-from ml@netfence.it) Received: from soth.ventu (79.32.63.138) by smtp205.alice.it (8.6.060.28) id 5A9C8883002542C4; Mon, 5 Mar 2018 08:25:04 +0100 Received: from alamar.ventu (alamar.local.netfence.it [10.1.2.18]) by soth.ventu (8.15.2/8.15.2) with ESMTP id w257P3c4029044; Mon, 5 Mar 2018 08:25:03 +0100 (CET) (envelope-from ml@netfence.it) X-Authentication-Warning: soth.ventu: Host alamar.local.netfence.it [10.1.2.18] claimed to be alamar.ventu Subject: Re: 11.1/amd64 hangs on boot From: Andrea Venturoli To: Adam Cc: FreeBSD Questions References: <854f2a4e-1264-7c7f-60c4-7f65efa290f7@netfence.it> <65360f40-2586-97e4-3eb8-daafe1e6434b@netfence.it> Message-ID: <42a958e4-b3b5-ba35-7038-42ce60539a27@netfence.it> Date: Mon, 5 Mar 2018 08:24:58 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <65360f40-2586-97e4-3eb8-daafe1e6434b@netfence.it> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Mar 2018 07:31:09 -0000 On 02/26/18 08:47, Andrea Venturoli wrote: > On 02/24/18 14:28, Adam wrote: > >> You could do a verbose boot. > > Thanks. > I've been using FreeBSD for the last 20 years or so, but I didn't know > about verbose boot. > I'll try this ASAP. Hello. After several days of "good" behaviour, today I had a hanged boot once. Unfortunately verbose booting didn't buy any additional message. Thanks anyway. bye av. From owner-freebsd-questions@freebsd.org Mon Mar 5 08:17:42 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 92D12F3C4D0 for ; Mon, 5 Mar 2018 08:17:42 +0000 (UTC) (envelope-from 01000161f52bd2e2-e45b71e2-b559-485d-9871-61f7043fc356-000000@amazonses.com) Received: from a9-99.smtp-out.amazonses.com (a9-99.smtp-out.amazonses.com [54.240.9.99]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3CF0A6A5D9 for ; Mon, 5 Mar 2018 08:17:41 +0000 (UTC) (envelope-from 01000161f52bd2e2-e45b71e2-b559-485d-9871-61f7043fc356-000000@amazonses.com) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=xi2fcwkatebqdkoe6uuutt53jubnl2jy; d=degustatoriacque.com; t=1520236745; h=Subject:Date:From:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; bh=wh4yINdLDU9IKIF+Ohgz7ldBJ4yBbnezEFsMLva5Jzo=; b=R2opsItYt9x/NE5Sexc5gQ3LeqFcRH0lK+mKm7XKQDAgeX2zFJbx8ZwPRTz56Asn kawhwND/Frebawhetwgb/C0kL4IcRLwbcIIXGJMzxI/MZwaOgrqZS7kr6xrDz+c+eTa m7OFzxZdKebVosQEgvS6OCgDSCPIN9nEg7vSztDo= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=224i4yxa5dv7c2xz3womw6peuasteono; d=amazonses.com; t=1520236745; h=Subject:Date:From:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID:Feedback-ID; bh=wh4yINdLDU9IKIF+Ohgz7ldBJ4yBbnezEFsMLva5Jzo=; b=dgxeX4CqrwcEwJDz/Zi+p0FcXDZL4+XCwHxoAzLwOimQYKSOpdYT3Jaov4/cyPzr PnH5Jhc7EdIZILh4x9VyjTvy8xA2wvxyr/Vo8PA+oeQ6UW7ES7w7/3xZNg+f10CGVqG +a/eH/Lp7si7uwX0hEq4pD798vOokalaMmJ/yHtk= Subject: =?UTF-8?B?Q29yc2kgcGVyIGxhIGZvcm1hemlvbmUgZGkgSWRyb3NvbW1lbGllciBhIFNlbmlnYWxsaWEu?= Date: Mon, 5 Mar 2018 07:59:05 +0000 From: "=?UTF-8?B?QXNzb2NpYXppb25lIERlZ3VzdGF0b3JpIEFjcXVlIE1pbmVyYWxp?=" To: "=?UTF-8?B?ZnJlZWJzZC1xdWVzdGlvbnNAZnJlZWJzZC5vcmc=?=" Message-ID: <01000161f52bd2e2-e45b71e2-b559-485d-9871-61f7043fc356-000000@email.amazonses.com> X-SES-Outgoing: 2018.03.05-54.240.9.99 Feedback-ID: 1.us-east-1.e5k5YvmJu4J2s7EAnCS8JTDvRfkODfY+JU94VVps3Tc=:AmazonSES MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Mar 2018 08:17:42 -0000 From owner-freebsd-questions@freebsd.org Mon Mar 5 12:18:34 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 52487F29B8C for ; Mon, 5 Mar 2018 12:18:34 +0000 (UTC) (envelope-from peo@nethead.se) Received: from ns1.nethead.se (ns1.nethead.se [5.150.237.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "ns1.nethead.se", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DF91576905 for ; Mon, 5 Mar 2018 12:18:33 +0000 (UTC) (envelope-from peo@nethead.se) X-Virus-Scanned: amavisd-new at Nethead AB DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nethead.se; s=NETHEADSE; t=1520252309; bh=XISQwwUOwjR/EybLrTPtNkaLkqGd5iVEvMmu1+wnjg0=; h=To:From:Subject:Date; b=pV0kvD5Y6BHlPYv5sqwzg38lCqPEUm0rNKfuTDm4fYfH3cgkOqu1B1fg+Qaib4gN1 +7DuW9Id0BzZZpF866y6CbbxSuM34/zycHx/AGWpWTkWmV4GKmM8fprEq/W5U5mYMS IraAvlaBDdPLh59FlH2OCWfQPwCvDFTN/QIvgY/0= To: freebsd-questions@freebsd.org From: Per olof Ljungmark Subject: Advise on PCIe serial card Message-ID: Date: Mon, 5 Mar 2018 13:18:28 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Mar 2018 12:18:34 -0000 Hi, Does anyone know of a low profile PCIe serial card that works with 11.1 amd64? One port is enough but if there are two it that's fine. Thanks! //per From owner-freebsd-questions@freebsd.org Mon Mar 5 23:54:46 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 557D5F357CA for ; Mon, 5 Mar 2018 23:54:46 +0000 (UTC) (envelope-from dave.mehler@gmail.com) Received: from mail-wm0-x22f.google.com (mail-wm0-x22f.google.com [IPv6:2a00:1450:400c:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C64707428E for ; Mon, 5 Mar 2018 23:54:45 +0000 (UTC) (envelope-from dave.mehler@gmail.com) Received: by mail-wm0-x22f.google.com with SMTP id q83so19400940wme.5 for ; Mon, 05 Mar 2018 15:54:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=t+V5QaF/o3VAOnz/GQVNEdqrNO8VORzaCKy0NrVwgIQ=; b=PhSgSSWs7h7iu+pMnPpr+i9JuzabcTDg7372pixhKsb8s6zcYsiDjX+n/pxv5hDrVj UPBlAbVZRw2qNjjJYYlgcf35SWIPefXeNcERgOj/hWg1C4OvcJtlPWQphtqg/VNIm+T4 AeAE3JjmSe6Gkth7kcSH26E+Q3n9JDGd8weMckWk3tA7UynPM9fHVXs+dSO/f2TDc1/c 3uwOFtyYUpeXl2nbWOOCIITqyci6S5X/oaJjAgplC/pFQAoMDozr+E9Xreu7fdEgpyw1 NjLFJ43Q57pezzLOuNNoGUi7cCHH+fTRVo93QzvKSOB56xgkGbvqSMrM5wG8mft5XoGH DFmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=t+V5QaF/o3VAOnz/GQVNEdqrNO8VORzaCKy0NrVwgIQ=; b=EU2lC+vrTEcOmQbydAgBfGPbsIfmgh7QU8p4ZVL57EhCKryy/iYYWuFMJMKgrFqNyc oxnTumlKh9CUC2h65oHN4kZNwzuLpTXtAunrG4p0dB/pzRmtOgTI6iUG4JNdT9NBLet3 GU9x0Ms5GrcNbnNZR6RTK52bh/TSapFHQPXcx978MfL6Q6FaGvYtVOiecihVwsJj2ggp tWJSBWeaiRYKrMg7we2YBAWkgISPDo2D8l+2eYZQ1DPxF9embhVsl3nozpDuODspTRyb v5Ui/BL9uwVPSGVdBQ1+C/+tq+n82xjRxXRpT/TXUpcqbbnhQhMjxtXbd2c3y5+14gAZ Ctbg== X-Gm-Message-State: AElRT7HayizwGOjPVHHA5Kzd16aA8SoU6HNSZxRCUsHOiWYPJS+ytPqE Uja6xlg4tZO5wPVFnpDGY7vG7oRDd1eldCYsTcY= X-Google-Smtp-Source: AG47ELsWzCl8AmP0bM2X0Ryma2K/tYBKBMzPAv8KVhVQJayhcp08nJgtr2xnEFuFgheE21qC0UFb7EpXsvncLXrU5ug= X-Received: by 10.28.54.98 with SMTP id d95mr10293625wma.104.1520294083771; Mon, 05 Mar 2018 15:54:43 -0800 (PST) MIME-Version: 1.0 Received: by 10.223.167.74 with HTTP; Mon, 5 Mar 2018 15:54:43 -0800 (PST) From: David Mehler Date: Mon, 5 Mar 2018 18:54:43 -0500 Message-ID: Subject: radicale or davical on FreeBSD? To: freebsd-questions Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Mar 2018 23:54:46 -0000 Hello, Does anyone have either radicale or davical going on FreeBSD? If so, how did you add users and configure calendars? Thanks. Dave. From owner-freebsd-questions@freebsd.org Tue Mar 6 02:37:10 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 39CEFF44790 for ; Tue, 6 Mar 2018 02:37:10 +0000 (UTC) (envelope-from non.euc.geo.1854@gmail.com) Received: from mail-pf0-x22e.google.com (mail-pf0-x22e.google.com [IPv6:2607:f8b0:400e:c00::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A7F737C16A for ; Tue, 6 Mar 2018 02:37:09 +0000 (UTC) (envelope-from non.euc.geo.1854@gmail.com) Received: by mail-pf0-x22e.google.com with SMTP id u5so8155034pfh.6 for ; Mon, 05 Mar 2018 18:37:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:from:subject:message-id:disposition-notification-to:date :user-agent:mime-version:content-transfer-encoding:content-language; bh=MnN7vEza3FvAq90SWIqq14Lz5CbgPAiE/4OMo4kn354=; b=JGpboWV7F7X2QJidEM48jPVRUuhKZr+4IIj5e0H5nAo7oHUQ+VHTaERIS8e6c2wyaL OsCtAsU8od0pP6wubKJ9hmA71K/T6mm8kSho33mSS9BAJACghZ1m5HlLCJ2KgauUAhmg X0BVwaD7Ic/Jc6UpOikRyDqns9qeYup8WfCdoWtTqo9mGw5Bi1ZPzLAANhBs+5k3VqhK GnIruN6X3PpmDY9teMPRJsRZzqQYVH2fe86lHn8hWnsPHgFvl82tsG65jbP89avne3nX oTZZussT+gIOLY9Vg5h8i1fssh8hUXMJit7pdyheRX5wMha1iP7LBlOpaGhYwjKgsbtX xg7Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:message-id :disposition-notification-to:date:user-agent:mime-version :content-transfer-encoding:content-language; bh=MnN7vEza3FvAq90SWIqq14Lz5CbgPAiE/4OMo4kn354=; b=gMM551EoxoYN+eWhmEsOu7SRmllercz0wbWRAs+fTdsNa7iHt6MOjxij8grjmj8urF fjfi5dsFLZfha4n79oScIr+gUYTceDnS1FgNDj7Ak6enWRXx5k2ar3pGHaoG+sVehcFv 14JFopNC45babwWgexDtdMIl64dAHWK5JdnSEvPiu8lUOlJ1rCnLcfNGxQ5ZZarZwj3M LkFFvfM/IyrNRA6v+/oMPmxcG+8Lc4saSN1SbhZtI0qzQesQsivGnz814c6ggNcViKZo hqxNCkgQ4a452Cq7VBWdZNDpxd2A6k/UlOGG8MxQ+kPozRAtN4Jiybchai40/YfeYBs3 k0+A== X-Gm-Message-State: APf1xPDf7rOKFaFiXHdUuYTnIeo4de78pIshriOhTjehG1lgasvOP2pB +7C2HphEeoYjU8Kx0279yB3K/w== X-Google-Smtp-Source: AG47ELsjYA3GXbTWedbxK50HroD1rY+6EQ8D5rrIvNYf3B9IVN8VD62yvuxcRbMUrf9OA1ak5DEgbA== X-Received: by 10.98.237.12 with SMTP id u12mr17231911pfh.72.1520303828632; Mon, 05 Mar 2018 18:37:08 -0800 (PST) Received: from [192.168.1.7] ([35.129.64.201]) by smtp.googlemail.com with ESMTPSA id q6sm22674992pga.37.2018.03.05.18.37.07 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 05 Mar 2018 18:37:08 -0800 (PST) To: freebsd-questions@freebsd.org From: "J.B." Subject: How to prevent HDD spin-down. Message-ID: <99f2e64c-577c-20e1-b595-9b8391efaf8e@gmail.com> Date: Mon, 5 Mar 2018 18:37:07 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Mar 2018 02:37:10 -0000 Hey. I purchased a new WD laptop hard disk drive, but it keeps spinning down and parking its heads after 25 seconds of inactivity. How can I disable that feature or extend the timeout to something less idiotic? I checked the BIOS, but there's no setting for it. I booted into a Linux (Debian-based) OS duel-booting on the same disk, and the disk doesn't spin down, so either Linux is doing something to override that feature, or FreeBSD is doing something to enable it (possibly a package I installed). Thanks. From owner-freebsd-questions@freebsd.org Tue Mar 6 06:31:03 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 74457F33642 for ; Tue, 6 Mar 2018 06:31:03 +0000 (UTC) (envelope-from joh.hendriks@gmail.com) Received: from mail-wm0-x236.google.com (mail-wm0-x236.google.com [IPv6:2a00:1450:400c:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DA11884CF0 for ; Tue, 6 Mar 2018 06:31:02 +0000 (UTC) (envelope-from joh.hendriks@gmail.com) Received: by mail-wm0-x236.google.com with SMTP id t6so20008069wmt.5 for ; Mon, 05 Mar 2018 22:31:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:cc:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=qhE7/fWfJcur3VXoCzpSWUzB51gtJO34fsua3XajA30=; b=b2KWqLF7E7DBCm+/QMZ5Ej+sJHCAo1DLKuUbDcqn0rYFftkvfEeEP11ozMEDAUFETT AlCuauUU76a/uTjuOtcWSeOXONJugV4aRYckn61g75ryAsvvkM45K4UJjT1rQlFyugHX mBO8Ev+NDIlZs6GmDs/H4LEmHiZy9eqsIpMc1zFvsr86pnDiod4SPwCuXzF19cAXhbPE i08LAcEmtO4VIeitcuimHWEBGHq2ROPXLGgMdNPFl3HA1CZYQmycNH8aWq54xohJGHcZ srn4Wvs0z2LO9LbJNOYJLSNYAayFioL0NPUt1sVPyHMKSWjx9UXtnyQG8T2bJiYQR1eh OCHQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:cc:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=qhE7/fWfJcur3VXoCzpSWUzB51gtJO34fsua3XajA30=; b=Isw/0T0FIWQS51aNb0IjFRAR3f46SGFW19PTmCH24jL4BMmnCkWY/U6h8bVpfx8oc0 gWKNCp9MZZgoSaDW5RCzQeFUzALxFML0cl9Oh5wcIqVPo7TWZy3A5xK/kbuxFZJt6NL6 TQm8FSN97ektN6B18X5NOyXFazmDHVs/quNP/9h+uNIPFwebvG54vZMGtCVjz/gguWX9 FYiLe+Z7Ek9/Kj6WJl99Gz2+XYOMLm6ASymDbEcAG7uzrXZoSuhbBeTNnqJ7czsp7/rp J6UAO728NgrhrzRuM+VK4OYDzVithZ9oPN2SrIM7nh5JUUmAXx0SX+9Wg5CJj1O47NQw vVAA== X-Gm-Message-State: APf1xPDYMoKSTcJ069d+hFB91Th4iCGPbjd5idg5sAuCJzv0u88Y2qDi SSLXaSy6RCrqABY1S13OeuN6jQ== X-Google-Smtp-Source: AG47ELu2gKn3lmaqTFUPV01L+A3greZg9x/z7PjWS4rAVzlUBkM1KAWlr5y/yXWq9b6YMmV82DRc5g== X-Received: by 10.80.169.227 with SMTP id n90mr21373519edc.201.1520317861053; Mon, 05 Mar 2018 22:31:01 -0800 (PST) Received: from Johans-MacBook-Air-2.local (53514933.cm-6-2b.dynamic.ziggo.nl. [83.81.73.51]) by smtp.googlemail.com with ESMTPSA id w2sm12682220edb.25.2018.03.05.22.31.00 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 05 Mar 2018 22:31:00 -0800 (PST) Subject: Re: How to prevent HDD spin-down. To: "J.B." References: <99f2e64c-577c-20e1-b595-9b8391efaf8e@gmail.com> From: Johan Hendriks Cc: freebsd-questions@freebsd.org Message-ID: <4a967d5f-0f83-e23e-ded3-1c89d2469c0d@gmail.com> Date: Tue, 6 Mar 2018 07:30:59 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <99f2e64c-577c-20e1-b595-9b8391efaf8e@gmail.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: nl X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Mar 2018 06:31:03 -0000 Op 06/03/2018 om 03:37 schreef J.B.: > Hey. I purchased a new WD laptop hard disk drive, but it keeps > spinning down and parking its heads after 25 seconds of inactivity. > How can I disable that feature or extend the timeout to something less > idiotic? I checked the BIOS, but there's no setting for it. I booted > into a Linux (Debian-based) OS duel-booting on the same disk, and the > disk doesn't spin down, so either Linux is doing something to override > that feature, or FreeBSD is doing something to enable it (possibly a > package I installed). Thanks. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" I do not think linux is doing something special. I think the disk on Linux do not spin down because the OS is touching the disk every so second for log or other things. Just install a fresh Ubuntu with no special options and boot it. You will see disk activity every x seconds even when the box is idle. On FreeBSD however there is almost no disk activity if a box is idle. So the disks is not touched for 25 seconds and the disk will spindown. If you are using Western Digital disks, there is a utility you can run to disable this feature or give it a timeout large enough so the os has touched the disk. It has been a long time since i used it and if i remember it worked only in DOS or windows. Just use google and search for your disk and disable headparking. regards Johan Hendriks From owner-freebsd-questions@freebsd.org Tue Mar 6 07:35:21 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 26952F3A705 for ; Tue, 6 Mar 2018 07:35:21 +0000 (UTC) (envelope-from guru@unixarea.de) Received: from sh4-5.1blu.de (sh4-5.1blu.de [178.254.11.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BD4FE87A08 for ; Tue, 6 Mar 2018 07:35:20 +0000 (UTC) (envelope-from guru@unixarea.de) Received: from ftp51246-2575596 by sh4-5.1blu.de with local (Exim 4.86_2) (envelope-from ) id 1et6hT-0006fy-Kd for freebsd-questions@freebsd.org; Tue, 06 Mar 2018 08:07:51 +0100 Date: Tue, 6 Mar 2018 08:07:51 +0100 From: Matthias Apitz To: freebsd-questions@freebsd.org Subject: Re: How to prevent HDD spin-down. Message-ID: <20180306070751.GA16403@sh4-5.1blu.de> Reply-To: Matthias Apitz Mail-Followup-To: Matthias Apitz , freebsd-questions@freebsd.org References: <99f2e64c-577c-20e1-b595-9b8391efaf8e@gmail.com> <4a967d5f-0f83-e23e-ded3-1c89d2469c0d@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <4a967d5f-0f83-e23e-ded3-1c89d2469c0d@gmail.com> X-Operating-System: FreeBSD 12.0-CURRENT r314251 (amd64) X-message-flag: Mails containing HTML will not be read! Please send only plain text. User-Agent: Mutt/1.5.24 (2015-08-30) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Mar 2018 07:35:21 -0000 El día Tuesday, March 06, 2018 a las 07:30:59AM +0100, Johan Hendriks escribió: > Op 06/03/2018 om 03:37 schreef J.B.: > > Hey. I purchased a new WD laptop hard disk drive, but it keeps > > spinning down and parking its heads after 25 seconds of inactivity. > > How can I disable that feature or extend the timeout to something less > > idiotic? I checked the BIOS, but there's no setting for it. I booted > > into a Linux (Debian-based) OS duel-booting on the same disk, and the > > disk doesn't spin down, so either Linux is doing something to override > > that feature, or FreeBSD is doing something to enable it (possibly a > > package I installed). Thanks. > > _______________________________________________ You might want to check sysutils/ataidle and see if this helps. matthias -- Matthias Apitz, ✉ guru@unixarea.de, ⌂ http://www.unixarea.de/ 📱 +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub From owner-freebsd-questions@freebsd.org Tue Mar 6 07:37:04 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1A002F3A8E6 for ; Tue, 6 Mar 2018 07:37:04 +0000 (UTC) (envelope-from ralf.mardorf@rocketmail.com) Received: from sonic303-19.consmr.mail.ir2.yahoo.com (sonic303-19.consmr.mail.ir2.yahoo.com [77.238.178.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 95F1287B8D for ; Tue, 6 Mar 2018 07:37:03 +0000 (UTC) (envelope-from ralf.mardorf@rocketmail.com) X-YMail-OSG: vf.1MccVM1khsrovQ7Edwf2EI6wFfZr6ZugfXnf.8UWoepOeplLCO3H5vMZ7HCf rlf3_FN1UwoQq00j1nGReEnUslGls4YJ8yeQidA0KEe1q9_h4dxGoDKytQeXy3mh5Q.LE_F5Uoy. 85DckZ1K_w9GMXy_9jzqulJUmeBQgLfcoJSoTMqCORA4yovtnw4K4FjCJFIxQ6g0h20Kd4pJ1MWa c8I5QgIduElTlCBkNqJwswLvpF3PsXl.20vGNw0KANweKixUoKNEXLcfeBozHVY1HmSgtzL.d2qV e7H8xKTaUbVTEisHpIBOfIDtZHKJ7DihpVWMqdWPeJSHLWvFKB7Gdz6A96UQhIsPddnY1ETPWFwJ zqfHVz8wPxtCqO154xoMEoOgXCaCW.7YGBlAizAMGqYGkFosDRImW.f1hidjrnxoVa2CCm9hfnhb 1cTsIhwVgY2Ki4v.yKx4c2PDFOufuh_Pm55b5bM7_TYHxbVvukYtKELPFJdeKOH_6GOF7QSU_sNa OwPWKe_poZDtLFj5qNEMTVgwtMWkejg27P68JQDoMR5B.izwB5vM- Received: from sonic.gate.mail.ne1.yahoo.com by sonic303.consmr.mail.ir2.yahoo.com with HTTP; Tue, 6 Mar 2018 07:36:55 +0000 Received: from smtp171.mail.ir2.yahoo.com (EHLO archlinux.localdomain) ([46.228.39.38]) by smtp416.mail.ir2.yahoo.com (JAMES SMTP Server ) with ESMTPA ID 784805d2cb802ec0d41f2b37f8758596 for ; Tue, 06 Mar 2018 07:36:53 +0000 (UTC) Date: Tue, 6 Mar 2018 08:36:52 +0100 From: Ralf Mardorf To: freebsd-questions@freebsd.org Subject: Re: How to prevent HDD spin-down. Message-ID: <20180306083652.4444971b@archlinux.localdomain> In-Reply-To: <4a967d5f-0f83-e23e-ded3-1c89d2469c0d@gmail.com> References: <99f2e64c-577c-20e1-b595-9b8391efaf8e@gmail.com> <4a967d5f-0f83-e23e-ded3-1c89d2469c0d@gmail.com> X-Mailer: Claws Mail 3.16.0git24 (GTK+ 2.24.32; x86_64-arch-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Mar 2018 07:37:04 -0000 On Tue, 6 Mar 2018 07:30:59 +0100, Johan Hendriks wrote: >Op 06/03/2018 om 03:37 schreef J.B.: >> Hey. I purchased a new WD laptop hard disk drive, but it keeps >> spinning down and parking its heads after 25 seconds of inactivity. >> How can I disable that feature or extend the timeout to something >> less idiotic? I checked the BIOS, but there's no setting for it. I >> booted into a Linux (Debian-based) OS duel-booting on the same disk, >> and the disk doesn't spin down, so either Linux is doing something >> to override that feature, or FreeBSD is doing something to enable it >> (possibly a package I installed). Thanks. >> >I do not think linux is doing something special. I think the disk on >Linux do not spin down because the OS is touching the disk every so >second for log or other things. Just install a fresh Ubuntu with no >special options and boot it. You will see disk activity every x seconds >even when the box is idle. >On FreeBSD however there is almost no disk activity if a box is idle. >So the disks is not touched for 25 seconds and the disk will spindown. > >If you are using Western Digital disks, there is a utility you can run >to disable this feature or give it a timeout large enough so the os has >touched the disk. It has been a long time since i used it and if i >remember it worked only in DOS or windows. Just use google and search >for your disk and disable headparking. GVFS and other software much used by default Linux installs wake up sleeping drives immediately, IOW the spin down and up again and again. I replace GVFS by an empty dummy packge to fullfill dependencies. But I'm using e.g. libfm, which suffered from the same issue. Fortunately a developer fixed it, after I reported this bug, somethging those from bloated DEs such as GNOME or KDE never ever would do. See https://github.com/lxde/libfm/commit/994a1e25ba0c3da80575fc002af17ab02ed5998b A workaround would be to write a script, that would touch the drive, before it could spin down. Again, don't confuse a drivre that never spins down, with a drive that spins down and up again and again. From owner-freebsd-questions@freebsd.org Tue Mar 6 08:45:17 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 45300F40837 for ; Tue, 6 Mar 2018 08:45:17 +0000 (UTC) (envelope-from ml@netfence.it) Received: from smtp205.alice.it (smtp205.alice.it [82.57.200.101]) by mx1.freebsd.org (Postfix) with ESMTP id 8F5726AFFD for ; Tue, 6 Mar 2018 08:45:15 +0000 (UTC) (envelope-from ml@netfence.it) Received: from soth.ventu (79.32.63.138) by smtp205.alice.it (8.6.060.28) id 5A9DDA0400194491 for freebsd-questions@freebsd.org; Tue, 6 Mar 2018 09:12:54 +0100 Received: from guardian.ventu (net-188-216-175-66.cust.vodafonedsl.it [188.216.175.66]) (authenticated bits=0) by soth.ventu (8.15.2/8.15.2) with ESMTPSA id w268CQ97012066 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Tue, 6 Mar 2018 09:12:28 +0100 (CET) (envelope-from ml@netfence.it) X-Authentication-Warning: soth.ventu: Host net-188-216-175-66.cust.vodafonedsl.it [188.216.175.66] claimed to be guardian.ventu Subject: Re: radicale or davical on FreeBSD? To: freebsd-questions@freebsd.org References: From: Andrea Venturoli Message-ID: Date: Tue, 6 Mar 2018 09:12:21 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.83 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Mar 2018 08:45:17 -0000 On 03/06/18 00:54, David Mehler wrote: > Hello, > > Does anyone have either radicale or davical going on FreeBSD? Here I am: I have a customer using Davical. > If so, how did you add users and configure calendars? I created them through the web interface... Perhaps I'm not understanding your question? bye av. From owner-freebsd-questions@freebsd.org Tue Mar 6 08:49:22 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 97D0BF40CEC for ; Tue, 6 Mar 2018 08:49:22 +0000 (UTC) (envelope-from freebsd@qeng-ho.org) Received: from bede.qeng-ho.org (bede.qeng-ho.org [217.155.128.241]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3CDD16B345 for ; Tue, 6 Mar 2018 08:49:21 +0000 (UTC) (envelope-from freebsd@qeng-ho.org) Received: from arthur.home.qeng-ho.org (arthur.home.qeng-ho.org [172.23.1.2]) by bede.qeng-ho.org (Postfix) with ESMTP id B18411066F; Tue, 6 Mar 2018 08:40:13 +0000 (GMT) Subject: Re: How to prevent HDD spin-down. To: "J.B." , freebsd-questions@freebsd.org References: <99f2e64c-577c-20e1-b595-9b8391efaf8e@gmail.com> From: Arthur Chance Message-ID: Date: Tue, 6 Mar 2018 08:40:13 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 In-Reply-To: <99f2e64c-577c-20e1-b595-9b8391efaf8e@gmail.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Mar 2018 08:49:22 -0000 On 06/03/2018 02:37, J.B. wrote: > Hey. I purchased a new WD laptop hard disk drive, but it keeps spinning > down and parking its heads after 25 seconds of inactivity. How can I > disable that feature or extend the timeout to something less idiotic? I > checked the BIOS, but there's no setting for it. I booted into a Linux > (Debian-based) OS duel-booting on the same disk, and the disk doesn't > spin down, so either Linux is doing something to override that feature, > or FreeBSD is doing something to enable it (possibly a package I > installed). Thanks. I had the same problem and fixed it with sysutils/smartmontools. Here's the start of my /usr/local/etc/smartd.conf (my mailer will line wrap). The attributes to monitor came from Backblaze's document on what SMART values are useful. It's the "-e" line that prevents spin down, but note that this is for a *server* system that's always on mains power. On a laptop this will probably eat your battery, so you'll need to tweak the value. Unfortunately ISTR the number isn't just the timeout in seconds but is more complex. You'll need to search for the exact spec I fear. ---- smartd.conf ---- # Monitor all disks. Use smartd_flags="-s /var/db/smartd/" # and mkdir /var/db/smartd beforehand. # set defaults for all drives. The test schedule is # long Mon 4 am, short all other days 5 am # # read_error_rate is ignored because nobody knows what it means DEFAULT -o on -S on \ # turn on offline tests, saving data -e standby,off \ # turn off spin down -H -f -C 197+ -U 198+ \ # report failures: health, old age, sector problems -t -R 5! -R 187! -R 188! \ # track attrs, report when 5,17,188 raw changes -I 1 -I 9 -I 194 \ # ignore -l error -l selftest \ # report errors, selftest fails -s (L/../../1/04|S/../../[234567]/05) \ -m root@qeng-ho.org \ # mail root with problems -M diminishing # repeat nags, but less frequently [The disks you want to monitor go here] -- An amusing coincidence: log2(58) = 5.858 (to 0.0003% accuracy). From owner-freebsd-questions@freebsd.org Tue Mar 6 08:50:33 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 23CA8F40E3F for ; Tue, 6 Mar 2018 08:50:33 +0000 (UTC) (envelope-from freebsd@qeng-ho.org) Received: from bede.qeng-ho.org (bede.qeng-ho.org [217.155.128.241]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7BA146B3E3 for ; Tue, 6 Mar 2018 08:50:32 +0000 (UTC) (envelope-from freebsd@qeng-ho.org) Received: from arthur.home.qeng-ho.org (arthur.home.qeng-ho.org [172.23.1.2]) by bede.qeng-ho.org (Postfix) with ESMTP id 6C903109E7; Tue, 6 Mar 2018 08:50:31 +0000 (GMT) Subject: Re: How to prevent HDD spin-down. From: Arthur Chance To: "J.B." , freebsd-questions@freebsd.org References: <99f2e64c-577c-20e1-b595-9b8391efaf8e@gmail.com> Message-ID: Date: Tue, 6 Mar 2018 08:50:31 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Mar 2018 08:50:33 -0000 On 06/03/2018 08:40, Arthur Chance wrote: > On 06/03/2018 02:37, J.B. wrote: >> Hey. I purchased a new WD laptop hard disk drive, but it keeps spinning >> down and parking its heads after 25 seconds of inactivity. How can I >> disable that feature or extend the timeout to something less idiotic? I >> checked the BIOS, but there's no setting for it. I booted into a Linux >> (Debian-based) OS duel-booting on the same disk, and the disk doesn't >> spin down, so either Linux is doing something to override that feature, >> or FreeBSD is doing something to enable it (possibly a package I >> installed). Thanks. > > I had the same problem and fixed it with sysutils/smartmontools. Here's > the start of my /usr/local/etc/smartd.conf (my mailer will line wrap). > The attributes to monitor came from Backblaze's document on what SMART > values are useful. It's the "-e" line that prevents spin down, but note > that this is for a *server* system that's always on mains power. On a > laptop this will probably eat your battery, so you'll need to tweak the > value. Unfortunately ISTR the number isn't just the timeout in seconds > but is more complex. You'll need to search for the exact spec I fear. > > ---- smartd.conf ---- > # Monitor all disks. Use smartd_flags="-s /var/db/smartd/" > # and mkdir /var/db/smartd beforehand. > > # set defaults for all drives. The test schedule is > # long Mon 4 am, short all other days 5 am > # > # read_error_rate is ignored because nobody knows what it means > > DEFAULT -o on -S on \ # turn on offline tests, saving data > -e standby,off \ # turn off spin down > -H -f -C 197+ -U 198+ \ # report failures: health, old > age, sector problems > -t -R 5! -R 187! -R 188! \ # track attrs, report when > 5,17,188 raw changes > -I 1 -I 9 -I 194 \ # ignore > -l error -l selftest \ # report errors, selftest fails > -s (L/../../1/04|S/../../[234567]/05) \ > -m root@qeng-ho.org \ # mail root with problems > -M diminishing # repeat nags, but less frequently > > [The disks you want to monitor go here] > OK, I found this about the standby timeout settings: > The encoding of the timeout value is somewhat peculiar. A value of > zero means "off". Values from 1 to 240 specify multiples of 5 > seconds for timeouts from 5 seconds to 20 minutes. Values from 241 > to 251 specify from 1 to 11 units of 30 minutes for timeouts from 30 > minutes to 5.5 hours. A value of 252 signifies a timeout of 21 > minutes, 253 sets a vendor-defined timeout and 255 is interpreted as > 21 minutes plus 15 seconds. -- An amusing coincidence: log2(58) = 5.858 (to 0.0003% accuracy). From owner-freebsd-questions@freebsd.org Tue Mar 6 09:56:29 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 62FBFF456B0 for ; Tue, 6 Mar 2018 09:56:29 +0000 (UTC) (envelope-from meyser@xenet.de) Received: from server1.xenet.de (server1.xenet.de [213.221.94.201]) by mx1.freebsd.org (Postfix) with ESMTP id D36F66DD71 for ; Tue, 6 Mar 2018 09:56:28 +0000 (UTC) (envelope-from meyser@xenet.de) Received: from [10.0.0.68] (xenet.gate.xenet.de [213.221.94.32]) (authenticated bits=0) by server1.xenet.de (8.12.5/8.12.5) with ESMTP id w269h3iG088393 for ; Tue, 6 Mar 2018 10:43:03 +0100 (CET) (envelope-from meyser@xenet.de) Subject: Re: How to prevent HDD spin-down. To: freebsd-questions@freebsd.org References: <99f2e64c-577c-20e1-b595-9b8391efaf8e@gmail.com> From: Matthias Meyser Organization: XeNET GmbH, Clausthal-Zellerfeld Message-ID: Date: Tue, 6 Mar 2018 10:43:06 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <99f2e64c-577c-20e1-b595-9b8391efaf8e@gmail.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: de-DE-1901 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Mar 2018 09:56:29 -0000 Am 06.03.2018 um 03:37 schrieb J.B.: > Hey. I purchased a new WD laptop hard disk drive, but it keeps spinning down > and parking its heads after 25 seconds of inactivity. How can I disable that > feature or extend the timeout to something less idiotic? I checked the BIOS, > but there's no setting for it. I booted into a Linux (Debian-based) OS > duel-booting on the same disk, and the disk doesn't spin down, so either > Linux is doing something to override that feature, or FreeBSD is doing > something to enable it (possibly a package I installed). Thanks. > Perhaps camcontrol standby -t0 /dev/ada0 camcontrol idle -t0 /dev/ada0 CU Matthias From owner-freebsd-questions@freebsd.org Tue Mar 6 18:05:19 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 91936F47125 for ; Tue, 6 Mar 2018 18:05:19 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-wm0-x22a.google.com (mail-wm0-x22a.google.com [IPv6:2a00:1450:400c:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0C0C88289F for ; Tue, 6 Mar 2018 18:05:19 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: by mail-wm0-x22a.google.com with SMTP id h21so24554570wmd.1 for ; Tue, 06 Mar 2018 10:05:18 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:subject:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=wPFRevbSzNVyM5agyf7FSkcKFan1PnycLZ5e9vXp/6o=; b=nuYqvrb7H3+Vmcr0LDu37uKGIICyzxg4sNJENinZ1HMATgNQ1gppgHck6EZj6EQPjY DskIWgtvOShVrVQaTvosCwVuNECPomLykQ4U70tzbmfDjK71sQUzluYYK9PoyFtApzM+ 5CmF6EqOdHEgljC7mVYwGg3fiIG66cbqrtZ4rcdypkip0rewv0HwVnjrz9zSnSVB0rMv uqcz6FfnfgpM347fbzBQfWPH7tn0WTZjXqfEyjQ1As7JR24uaCCu5nzDdBcBAUpb9CUh W8wP0BBzMLcvctI9sRYUhVElT4rsAdcSJiwI64axb7BdG+UzlUVXoXgyAKj28Un4A8qy bQvQ== X-Gm-Message-State: APf1xPAyQw7PHoD4csxFgJU7VGjM+YSLJdLwNMh9PdMB+KSVZTKtgr6J pWZTHH0pJtqSXk1deWjELyzEiw== X-Google-Smtp-Source: AG47ELv9RXTgSZirN3aghX4tgoJH1HyUTHj+4aR0S0pNmCEKFpy9Dgzg7h/vTSgBb2c8AmL3ss2doA== X-Received: by 10.80.186.81 with SMTP id 17mr24493817eds.107.1520359512903; Tue, 06 Mar 2018 10:05:12 -0800 (PST) Received: from gumby.homeunix.com ([185.128.42.29]) by smtp.gmail.com with ESMTPSA id q19sm13788857edd.86.2018.03.06.10.05.11 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 06 Mar 2018 10:05:12 -0800 (PST) Date: Tue, 6 Mar 2018 18:05:08 +0000 From: RW To: freebsd-questions@freebsd.org Subject: Re: How to prevent HDD spin-down. Message-ID: <20180306180508.3d7eaa95@gumby.homeunix.com> In-Reply-To: References: <99f2e64c-577c-20e1-b595-9b8391efaf8e@gmail.com> X-Mailer: Claws Mail 3.15.1 (GTK+ 2.24.31; amd64-portbld-freebsd11.1) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Mar 2018 18:05:19 -0000 On Tue, 6 Mar 2018 10:43:06 +0100 Matthias Meyser wrote: > Am 06.03.2018 um 03:37 schrieb J.B.: > > Hey. I purchased a new WD laptop hard disk drive, but it keeps > > spinning down and parking its heads after 25 seconds of inactivity. > > Perhaps > > camcontrol standby -t0 /dev/ada0 > camcontrol idle -t0 /dev/ada0 My understanding is that the disk is still spinning in idle mode, so there shouldn't be a need to turn-off that timeout. From owner-freebsd-questions@freebsd.org Tue Mar 6 21:19:46 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8E660F30569 for ; Tue, 6 Mar 2018 21:19:46 +0000 (UTC) (envelope-from non.euc.geo.1854@gmail.com) Received: from mail-pg0-x230.google.com (mail-pg0-x230.google.com [IPv6:2607:f8b0:400e:c05::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0BACF6C347 for ; Tue, 6 Mar 2018 21:19:46 +0000 (UTC) (envelope-from non.euc.geo.1854@gmail.com) Received: by mail-pg0-x230.google.com with SMTP id m19so35415pgn.1 for ; Tue, 06 Mar 2018 13:19:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:disposition-notification-to :date:user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=Sq5FkH++KZcWNUCYr7hgwfdhyMb3mhQ2qqWBtVdi88o=; b=J/hKCP2fwaGtb3pxM6taHjrxvRanmRpVTJeEzHCvXxq8dKTMmrSEstj9IKLMK+mIf/ adnJFPIXAsNOLywIiGc0vwJlmalcvfmudiedgVwviqXMAn/2J0XbYfxXONJ5UYIGDVY1 dMhQBdPEO0usTmoNT2Ies7GH3M8M94l9qzhK21z0DDBdMJN2lEks/gpVpBPjvI57JIER 0OTKe0Og5zrlm/+nYUFQPr8tEnwk45tfybNCe9VQBsa4QRuwmKT566OXzQVfbvvfQv6v 3uWfqk5Hq/h1zTwjkk+zl2RVbe21473XZWRXPjnG+gtzpBhcU+mjpyoNAz//AsUO4y2C XngQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id :disposition-notification-to:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=Sq5FkH++KZcWNUCYr7hgwfdhyMb3mhQ2qqWBtVdi88o=; b=m3pvFM0s+yRECm98HUPDkW+l9SHaezQem2wu7O4Ock/QB05iFv4D2DiY0byZ8SvTM9 I8wMx27S8gn8iwU15NGr4oD3xkHll7LQ+l015xaZEGr0qsdohLO6NmsARhCA15odUE/V VEduXrYfo6duMa0CPZ4EjrQjx9r9NnJhflxMt1o/n1BWHkPWYfZpttKYq0Kgbo5eFn12 lg6Dyr2DTpWAfIC/QlopbDqWbCq5zo264To5veenwKw5fXBsvllNJhogsVvZ9BtF13QL KG2ZZenwPxg020St4X2vB3YD85+CS8wwKsWtu776J2OP9ETLNvDT5Kmj7TdcjY/Jrswb 3E8g== X-Gm-Message-State: APf1xPD+j8HHULf+Vxif3GLD3R6y1yxV9XQqg+9Kp8LmBuQZM5SFK2d7 t+fbi0UB6b2h9XClHiQiBtVe+w== X-Google-Smtp-Source: AG47ELvtkpu2mnee2X8sNXkbrdaszbv1sRvaANJrA+GaQuds/1JDnbKI791xArElR3pI/p9dKXRB8A== X-Received: by 10.99.50.66 with SMTP id y63mr16625811pgy.207.1520371185003; Tue, 06 Mar 2018 13:19:45 -0800 (PST) Received: from [192.168.1.7] ([35.129.64.201]) by smtp.googlemail.com with ESMTPSA id o5sm33295348pfh.51.2018.03.06.13.19.44 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 06 Mar 2018 13:19:44 -0800 (PST) Subject: Re: How to prevent HDD spin-down. To: freebsd-questions@freebsd.org References: From: "J.B." Message-ID: <045b9b33-5982-c19c-d009-31bfd2c8fd7d@gmail.com> Date: Tue, 6 Mar 2018 13:19:43 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Mar 2018 21:19:46 -0000 On 03/06/2018 04:00 AM, freebsd-questions-request@freebsd.org wrote: > Re: How to prevent HDD spin-down. Thank you to everyone for your helpful tips and suggestions. You make FreeBSD great. :) I tried the camcontrol suggestion first since it didn't require installing anything, but it didn't seem to work. Tried sysutils/ataidle next since it allows keeping spindown but with a reasonable timeout, and it seems to have worked perfectly: ataidle -P 127 /dev/ada0. From owner-freebsd-questions@freebsd.org Tue Mar 6 21:37:46 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 90CA7F3191F for ; Tue, 6 Mar 2018 21:37:46 +0000 (UTC) (envelope-from freebsd@fongaboo.com) Received: from h4lix.wtfayla.net (helix.wtfayla.net [64.246.134.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3EE5D6CDF5 for ; Tue, 6 Mar 2018 21:37:45 +0000 (UTC) (envelope-from freebsd@fongaboo.com) Received: from localhost (localhost [127.0.0.1]) by h4lix.wtfayla.net (Postfix) with ESMTP id 60AEC81CBD9; Tue, 6 Mar 2018 16:31:58 -0500 (EST) Received: from h4lix.wtfayla.net ([127.0.0.1]) by localhost (h4lix.wtfayla.net [127.0.0.1]) (maiad, port 10024) with ESMTP id 81941-03; Tue, 6 Mar 2018 16:31:58 -0500 (EST) Received: from h4lix.wtfayla.net (h4lix.wtfayla.net [64.246.134.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by h4lix.wtfayla.net (Postfix) with ESMTPS id BBB2B81CBD7; Tue, 6 Mar 2018 16:31:57 -0500 (EST) Date: Tue, 6 Mar 2018 16:31:56 -0500 (EST) From: freebsd@fongaboo.com X-X-Sender: fongaboo@h4lix.wtfayla.net To: freebsd-questions@freebsd.org cc: "J.B." Subject: Re: How to prevent HDD spin-down. In-Reply-To: <045b9b33-5982-c19c-d009-31bfd2c8fd7d@gmail.com> Message-ID: References: <045b9b33-5982-c19c-d009-31bfd2c8fd7d@gmail.com> User-Agent: Alpine 2.20 (BSF 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset=US-ASCII X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Mar 2018 21:37:46 -0000 You didn't mention the line of WD drive, but I was offered this solution when trying to use a Caviar Green in my FreeNAS: https://forums.freenas.org/index.php?threads/hacking-wd-greens-and-reds-with-wdidle3-exe.18171/ https://youtu.be/J2eYyRI_F98 I haven't tried it myself yet but I wonder if it would apply to your situation. Unfortunately it's not a BSD-based solution and would require you to remove the drive and connect it directly to a DOS/Windows machine. I've also told that it needs to be a direct bus connection, and using things like a USB-to-ATA adapter would prevent the S.M.A.R.T. commands from being sent to the firmware of the drive. On Tue, 6 Mar 2018, J.B. wrote: > On 03/06/2018 04:00 AM, freebsd-questions-request@freebsd.org wrote: >> Re: How to prevent HDD spin-down. > > Thank you to everyone for your helpful tips and suggestions. You make FreeBSD > great. :) > > I tried the camcontrol suggestion first since it didn't require installing > anything, but it didn't seem to work. Tried sysutils/ataidle next since it > allows keeping spindown but with a reasonable timeout, and it seems to have > worked perfectly: ataidle -P 127 /dev/ada0. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > From owner-freebsd-questions@freebsd.org Wed Mar 7 04:36:22 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 75349F29315 for ; Wed, 7 Mar 2018 04:36:22 +0000 (UTC) (envelope-from daniellenastov@ashrambookshop.com.au) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 1084A7C683 for ; Wed, 7 Mar 2018 04:36:22 +0000 (UTC) (envelope-from daniellenastov@ashrambookshop.com.au) Received: by mailman.ysv.freebsd.org (Postfix) id C131FF29313; Wed, 7 Mar 2018 04:36:21 +0000 (UTC) Delivered-To: questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 85634F29312 for ; Wed, 7 Mar 2018 04:36:21 +0000 (UTC) (envelope-from daniellenastov@ashrambookshop.com.au) Received: from thewomenslibrary.org.au (thewomenslibrary.org.au [54.38.168.241]) by mx1.freebsd.org (Postfix) with ESMTP id 2BF4A7C682 for ; Wed, 7 Mar 2018 04:36:20 +0000 (UTC) (envelope-from daniellenastov@ashrambookshop.com.au) From: "ECG WEALTH" To: MIME-Version: 1.0 Subject: Invoice INV-4537 from ECG WEALTH Message-ID: <0.0.8.AB5.1D3B5CC6CCACE16.0@thewomenslibrary.org.au> Date: Wed, 7 Mar 2018 15:36:20 +1100 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2018 04:36:22 -0000 ECG WEALTH View full invoice details > View invoice =C2=A0=C2=A0=E2=80=BA We've attached invoice INV-4537 for $665.08. Payment is due by 12/03/2018. For your convenience we do accept payment by MasterCard or Visa with a 1.= 5% surcharge payable. Credit card payments can be made by calling the off= ice between 7am and 3pm Monday to Friday. Thank you for your business and if you have any queries regarding your in= voice, please do not hesitate to contact me direct. Kind Regards, Venecia boy ECG WEALTH Powered by =20 From owner-freebsd-questions@freebsd.org Wed Mar 7 07:50:36 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AA739F3642D for ; Wed, 7 Mar 2018 07:50:36 +0000 (UTC) (envelope-from hasse@bara1.se) Received: from smtprelay-h32.telenor.se (smtprelay-h32.telenor.se [213.150.131.5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 002A28471F for ; Wed, 7 Mar 2018 07:50:35 +0000 (UTC) (envelope-from hasse@bara1.se) Received: from ipb4.telenor.se (ipb4.telenor.se [195.54.127.167]) by smtprelay-h32.telenor.se (Postfix) with ESMTP id 9C799E94CA for ; Wed, 7 Mar 2018 08:19:45 +0100 (CET) X-SENDER-IP: [195.54.99.212] X-LISTENER: [smtp.glocalnet.net] X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A2ANAgBrkZ9aetRjNsNdHQEBBQELAYQ2c?= =?us-ascii?q?CgKjmKNBoIRgQeBcIooijEHFhCIFSE4FAECAQEBAQEBAhMBAQsLCwQqLoV1AVs?= =?us-ascii?q?ODQEFIQURB4VjAQurBIQFAYRrghIPhTGCLoY6AYMxLAWBTgEBCF4BgnKCMgSIH?= =?us-ascii?q?AeHFIswCYFWhH6GIoN7DoI1jEOLDId4NYFzMxoIMIJ9CQqCIBqBfHYBAQEBiVo?= =?us-ascii?q?NGIEKAYEXAQEB?= X-IPAS-Result: =?us-ascii?q?A2ANAgBrkZ9aetRjNsNdHQEBBQELAYQ2cCgKjmKNBoIRgQe?= =?us-ascii?q?BcIooijEHFhCIFSE4FAECAQEBAQEBAhMBAQsLCwQqLoV1AVsODQEFIQURB4VjA?= =?us-ascii?q?QurBIQFAYRrghIPhTGCLoY6AYMxLAWBTgEBCF4BgnKCMgSIHAeHFIswCYFWhH6?= =?us-ascii?q?GIoN7DoI1jEOLDId4NYFzMxoIMIJ9CQqCIBqBfHYBAQEBiVoNGIEKAYEXAQEB?= X-IronPort-AV: E=Sophos;i="5.47,434,1515452400"; d="asc'?scan'208";a="826760771" Received: from smtprelay-b21.telenor.se ([195.54.99.212]) by ipb4.telenor.se with ESMTP; 07 Mar 2018 08:19:44 +0100 Received: from ipb4.telenor.se (ipb4.telenor.se [195.54.127.167]) by smtprelay-b21.telenor.se (Postfix) with ESMTP id 16B36E873B for ; Wed, 7 Mar 2018 08:46:58 +0100 (CET) X-SENDER-IP: [85.227.12.184] X-LISTENER: [smtp.bredband.net] X-IronPort-AV: E=Sophos;i="5.47,434,1515452400"; d="asc'?scan'208";a="826760769" Received: from ua-85-227-12-184.cust.bredbandsbolaget.se (HELO ymer.bara1.se) ([85.227.12.184]) by ipb4.telenor.se with ESMTP; 07 Mar 2018 08:19:44 +0100 Received: by ymer.bara1.se (Postfix, from userid 1001) id 28CCDCA6E; Wed, 7 Mar 2018 08:19:44 +0100 (CET) Date: Wed, 7 Mar 2018 08:19:44 +0100 From: User Hasse To: freebsd-questions@freebsd.org Subject: Increased abuse activity on my server Message-ID: <20180307071944.GA30971@ymer.bara1.se> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="6c2NcOVqGQ03X4Wi" Content-Disposition: inline X-PGP-Key: https://www.bara1.se/pubkey.asc User-Agent: Mutt/1.9.4 (2018-02-28) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2018 07:50:37 -0000 --6c2NcOVqGQ03X4Wi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hello All I belive I see an increased amount of abuse attempt on my server by several 100% in the last couple of months. Anybody else noticed ? all the best Geir Svalland ------------------------- ymer.bara1.se login failures: Mar 5 00:07:35 ymer sshd[3394]: Invalid user postgres from 41.138.51.69 Mar 5 00:07:35 ymer sshd[3394]: input_userauth_request: invalid user postgres [preauth] Mar 5 00:12:12 ymer sshd[3419]: Invalid user ubnt from 31.30.120.136 Mar 5 00:12:12 ymer sshd[3419]: input_userauth_request: invalid user ubnt [preauth] Mar 5 00:43:20 ymer sshd[3488]: Invalid user zabbix from 202.129.16.124 Mar 5 00:43:20 ymer sshd[3488]: input_userauth_request: invalid user zabbix [preauth] Mar 5 00:55:48 ymer sshd[3532]: reverse mapping checking getaddrinfo for c62.15.comtelnet.pl [176.115.15.62] failed - POSSIBLE BREAK-IN ATTEMPT! Mar 5 00:55:48 ymer sshd[3532]: Invalid user oracle from 176.115.15.62 Mar 5 00:55:48 ymer sshd[3532]: input_userauth_request: invalid user oracle [preauth] Mar 5 01:14:21 ymer sshd[3572]: Invalid user zabbix from 185.173.226.39 Mar 5 01:14:21 ymer sshd[3572]: input_userauth_request: invalid user zabbix [preauth] Mar 5 01:26:45 ymer sshd[3605]: Invalid user admin from 39.109.10.138 Mar 5 01:26:45 ymer sshd[3605]: input_userauth_request: invalid user admin [preauth] Mar 5 02:02:07 ymer sshd[3687]: reverse mapping checking getaddrinfo for static-ip-181500122237.cable.net.co [181.50.122.237] failed - POSSIBLE BREAK-IN ATTEMPT! Mar 5 02:02:07 ymer sshd[3687]: Invalid user admin from 181.50.122.237 Mar 5 02:02:07 ymer sshd[3687]: input_userauth_request: invalid user admin [preauth] Mar 5 02:40:45 ymer sshd[3766]: Invalid user oracle from 123.207.237.12 Mar 5 02:40:45 ymer sshd[3766]: input_userauth_request: invalid user oracle [preauth] Mar 5 02:41:19 ymer sshd[3769]: Invalid user vmuser from 207.107.67.114 Mar 5 02:41:19 ymer sshd[3769]: input_userauth_request: invalid user vmuser [preauth] Mar 5 03:17:13 ymer sshd[4180]: Invalid user cacti from 190.97.60.94 Mar 5 03:17:13 ymer sshd[4180]: input_userauth_request: invalid user cacti [preauth] Mar 5 03:50:14 ymer sshd[4254]: Invalid user ftptest from 218.201.250.77 Mar 5 03:50:14 ymer sshd[4254]: input_userauth_request: invalid user ftptest [preauth] Mar 5 04:09:23 ymer sshd[4296]: Invalid user celia from 180.76.140.116 Mar 5 04:09:23 ymer sshd[4296]: input_userauth_request: invalid user celia [preauth] Mar 5 04:10:27 ymer sshd[4304]: Invalid user ftp_user from 125.212.249.115 Mar 5 04:10:27 ymer sshd[4304]: input_userauth_request: invalid user ftp_user [preauth] Mar 5 04:11:02 ymer sshd[4319]: Invalid user oracle1 from 13.59.239.183 Mar 5 04:11:02 ymer sshd[4319]: input_userauth_request: invalid user oracle1 [preauth] Mar 5 05:08:15 ymer sshd[4459]: Invalid user nagios from 128.199.91.171 Mar 5 05:08:15 ymer sshd[4459]: input_userauth_request: invalid user nagios [preauth] Mar 5 05:10:11 ymer sshd[4464]: Invalid user mia from 218.201.250.77 Mar 5 05:10:11 ymer sshd[4464]: input_userauth_request: invalid user mia [preauth] Mar 5 05:46:22 ymer sshd[4550]: reverse mapping checking getaddrinfo for broadband.actcorp.in [183.82.0.15] failed - POSSIBLE BREAK-IN ATTEMPT! Mar 5 05:46:22 ymer sshd[4550]: Invalid user applmgr from 183.82.0.15 Mar 5 05:46:22 ymer sshd[4550]: input_userauth_request: invalid user applmgr [preauth] Mar 5 05:48:43 ymer sshd[4553]: reverse mapping checking getaddrinfo for 38.102.112.112.broad.km.yn.dynamic.163data.com.cn [112.112.102.38] failed - POSSIBLE BREAK-IN ATTEMPT! Mar 5 05:48:43 ymer sshd[4553]: Invalid user admin from 112.112.102.38 Mar 5 05:48:43 ymer sshd[4553]: input_userauth_request: invalid user admin [preauth] Mar 5 05:54:02 ymer sshd[4558]: Invalid user ftpuser from 103.26.14.92 Mar 5 05:54:02 ymer sshd[4558]: input_userauth_request: invalid user ftpuser [preauth] Mar 5 05:56:19 ymer sshd[4575]: reverse mapping checking getaddrinfo for mail.jntukelearn.in [49.156.148.212] failed - POSSIBLE BREAK-IN ATTEMPT! Mar 5 05:56:19 ymer sshd[4575]: Invalid user manager from 49.156.148.212 Mar 5 05:56:19 ymer sshd[4575]: input_userauth_request: invalid user manager [preauth] Mar 5 06:07:01 ymer sshd[4845]: Invalid user test6 from 185.13.36.208 Mar 5 06:07:01 ymer sshd[4845]: input_userauth_request: invalid user test6 [preauth] Mar 5 06:36:44 ymer sshd[4909]: reverse mapping checking getaddrinfo for 133.subnet180-250-210.astinet.telkom.net.id [180.250.210.133] failed - POSSIBLE BREAK-IN ATTEMPT! Mar 5 06:36:44 ymer sshd[4909]: Invalid user admin from 180.250.210.133 Mar 5 06:36:44 ymer sshd[4909]: input_userauth_request: invalid user admin [preauth] Mar 5 07:02:22 ymer sshd[7417]: Invalid user user from 103.229.176.187 Mar 5 07:02:22 ymer sshd[7417]: input_userauth_request: invalid user user [preauth] Mar 5 07:26:31 ymer sshd[7455]: Invalid user gnats from 139.217.202.77 Mar 5 07:26:31 ymer sshd[7455]: input_userauth_request: invalid user gnats [preauth] Mar 5 07:27:00 ymer sshd[7458]: Invalid user tomcat from 60.250.168.200 Mar 5 07:27:00 ymer sshd[7458]: input_userauth_request: invalid user tomcat [preauth] Mar 5 07:34:14 ymer sshd[7486]: Invalid user max from 125.212.233.81 Mar 5 07:34:14 ymer sshd[7486]: input_userauth_request: invalid user max [preauth] Mar 5 07:34:14 ymer sshd[7486]: input_userauth_request: invalid user max [preauth] Mar 5 07:57:56 ymer sshd[7528]: Invalid user cvsuser from 112.171.152.12 Mar 5 07:57:56 ymer sshd[7528]: input_userauth_request: invalid user cvsuser [preauth] Mar 5 08:05:21 ymer sshd[7555]: Invalid user admin from 46.105.121.42 Mar 5 08:05:21 ymer sshd[7555]: input_userauth_request: invalid user admin [preauth] Mar 5 08:07:46 ymer sshd[7560]: Invalid user jboss from 187.162.208.209 Mar 5 08:07:46 ymer sshd[7560]: input_userauth_request: invalid user jboss [preauth] Mar 5 08:08:54 ymer sshd[7567]: Invalid user jboss from 46.101.198.164 Mar 5 08:08:54 ymer sshd[7567]: input_userauth_request: invalid user jboss [preauth] Mar 5 08:36:41 ymer sshd[7660]: reverse mapping checking getaddrinfo for static.customer-201-147-183-55.uninet-ide.com.mx [201.147.183.55] failed - POSSIBLE BREAK-IN ATTEMPT! Mar 5 08:36:41 ymer sshd[7660]: Invalid user alex from 201.147.183.55 Mar 5 08:36:41 ymer sshd[7660]: input_userauth_request: invalid user alex [preauth] Mar 5 08:49:08 ymer sshd[7690]: reverse mapping checking getaddrinfo for host-156.195.34.241-static.tedata.net [156.195.241.34] failed - POSSIBLE BREAK-IN ATTEMPT! Mar 5 08:49:08 ymer sshd[7690]: Invalid user admin from 156.195.241.34 Mar 5 08:49:08 ymer sshd[7690]: input_userauth_request: invalid user admin [preauth] Mar 5 08:49:08 ymer sshd[7688]: Invalid user admin from 180.251.50.186 Mar 5 08:49:08 ymer sshd[7688]: input_userauth_request: invalid user admin [preauth] Mar 5 08:49:23 ymer sshd[7694]: Invalid user admin from 171.229.253.137 Mar 5 08:49:23 ymer sshd[7694]: input_userauth_request: invalid user admin [preauth] Mar 5 09:10:45 ymer sshd[7750]: Invalid user informix from 178.32.17.209 Mar 5 09:10:45 ymer sshd[7750]: input_userauth_request: invalid user informix [preauth] Mar 5 09:19:37 ymer sshd[7775]: Invalid user admin from 78.149.116.204 Mar 5 09:19:37 ymer sshd[7775]: input_userauth_request: invalid user admin [preauth] Mar 5 09:25:55 ymer sshd[7800]: Invalid user backuppc from 171.244.34.34 Mar 5 09:25:55 ymer sshd[7800]: input_userauth_request: invalid user backuppc [preauth] Mar 5 09:27:17 ymer sshd[7805]: Invalid user midgear from 125.212.228.165 Mar 5 09:27:17 ymer sshd[7805]: input_userauth_request: invalid user midgear [preauth] Mar 5 09:56:26 ymer sshd[7862]: Invalid user ftp_user from 182.61.108.55 Mar 5 09:56:26 ymer sshd[7862]: input_userauth_request: invalid user ftp_user [preauth] Mar 5 09:59:10 ymer sshd[7870]: Invalid user admin from 110.10.189.182 Mar 5 09:59:10 ymer sshd[7870]: input_userauth_request: invalid user admin [preauth] Mar 5 10:20:38 ymer sshd[7923]: Invalid user oracle from 193.70.85.206 Mar 5 10:20:38 ymer sshd[7923]: input_userauth_request: invalid user oracle [preauth] Mar 5 10:25:47 ymer sshd[7946]: Invalid user admin from 111.230.100.145 Mar 5 10:25:47 ymer sshd[7946]: input_userauth_request: invalid user admin [preauth] Mar 5 11:54:32 ymer sshd[8110]: Invalid user applmgr from 202.54.249.131 Mar 5 11:54:32 ymer sshd[8110]: input_userauth_request: invalid user applmgr [preauth] Mar 5 12:22:57 ymer sshd[8189]: Invalid user michael from 138.197.79.125 Mar 5 12:22:57 ymer sshd[8189]: input_userauth_request: invalid user michael [preauth] Mar 5 12:45:54 ymer sshd[8249]: Invalid user zimbra from 38.108.53.157 Mar 5 12:45:54 ymer sshd[8249]: input_userauth_request: invalid user zimbra [preauth] Mar 5 13:26:42 ymer sshd[8342]: Invalid user manu from 61.178.220.148 Mar 5 13:26:42 ymer sshd[8342]: input_userauth_request: invalid user manu [preauth] Mar 5 14:21:45 ymer sshd[8459]: Invalid user cacti from 124.124.99.216 Mar 5 14:21:45 ymer sshd[8459]: input_userauth_request: invalid user cacti [preauth] Mar 5 14:33:28 ymer sshd[8500]: reverse mapping checking getaddrinfo for strelnikoveugene.fvds.ru [82.146.62.2] failed - POSSIBLE BREAK-IN ATTEMPT! Mar 5 14:33:28 ymer sshd[8500]: Invalid user squid from 82.146.62.2 Mar 5 14:33:28 ymer sshd[8500]: input_userauth_request: invalid user squid [preauth] Mar 5 14:37:30 ymer sshd[8505]: Invalid user oracle from 125.212.233.81 Mar 5 14:37:30 ymer sshd[8505]: input_userauth_request: invalid user oracle [preauth] Mar 5 14:52:35 ymer sshd[8531]: reverse mapping checking getaddrinfo for host251.181-111-193.telecom.net.ar [181.111.193.251] failed - POSSIBLE BREAK-IN ATTEMPT! Mar 5 14:52:35 ymer sshd[8531]: Invalid user admin from 181.111.193.251 Mar 5 14:52:35 ymer sshd[8531]: input_userauth_request: invalid user admin [preauth] Mar 5 15:34:12 ymer sshd[8624]: Invalid user kodi from 35.194.242.249 Mar 5 15:34:12 ymer sshd[8624]: input_userauth_request: invalid user kodi [preauth] Mar 5 15:51:04 ymer sshd[8649]: Invalid user setup from 103.26.14.92 Mar 5 15:51:04 ymer sshd[8649]: input_userauth_request: invalid user setup [preauth] Mar 5 16:22:17 ymer sshd[8738]: Invalid user pi from 78.129.204.130 Mar 5 16:22:17 ymer sshd[8738]: input_userauth_request: invalid user pi [preauth] Mar 5 16:22:17 ymer sshd[8738]: input_userauth_request: invalid user pi [preauth] Mar 5 16:55:47 ymer sshd[8828]: reverse mapping checking getaddrinfo for 203-154-158-250.inter.net.th [203.154.158.250] failed - POSSIBLE BREAK-IN ATTEMPT! Mar 5 16:55:47 ymer sshd[8828]: Invalid user admin from 203.154.158.250 Mar 5 16:55:47 ymer sshd[8828]: input_userauth_request: invalid user admin [preauth] Mar 5 17:21:40 ymer sshd[8874]: Invalid user allen from 61.6.165.220 Mar 5 17:21:40 ymer sshd[8874]: input_userauth_request: invalid user allen [preauth] Mar 5 17:38:11 ymer sshd[8914]: reverse mapping checking getaddrinfo for 212.224.88.142.living-bots.net [212.224.88.142] failed - POSSIBLE BREAK-IN ATTEMPT! Mar 5 17:38:11 ymer sshd[8914]: Invalid user postgres from 212.224.88.142 Mar 5 17:38:11 ymer sshd[8914]: input_userauth_request: invalid user postgres [preauth] Mar 5 17:43:12 ymer sshd[8919]: Invalid user usuario from 166.62.39.220 Mar 5 17:43:12 ymer sshd[8919]: input_userauth_request: invalid user usuario [preauth] Mar 5 18:02:29 ymer sshd[8970]: Invalid user oracle from 128.199.131.118 Mar 5 18:02:29 ymer sshd[8970]: input_userauth_request: invalid user oracle [preauth] Mar 5 18:24:13 ymer sshd[9020]: Invalid user arkserver from 61.6.165.220 Mar 5 18:24:13 ymer sshd[9020]: input_userauth_request: invalid user arkserver [preauth] Mar 5 18:25:15 ymer sshd[9025]: Invalid user dbuser from 88.26.245.85 Mar 5 18:25:15 ymer sshd[9025]: input_userauth_request: invalid user dbuser [preauth] Mar 5 18:36:07 ymer sshd[9048]: Invalid user osmc from 78.129.204.130 Mar 5 18:36:07 ymer sshd[9048]: input_userauth_request: invalid user osmc [preauth] Mar 5 18:41:58 ymer sshd[9057]: Invalid user fabiof from 110.34.24.24 Mar 5 18:41:58 ymer sshd[9059]: Invalid user fabiof from 110.34.24.24 Mar 5 18:41:58 ymer sshd[9057]: input_userauth_request: invalid user fabiof [preauth] Mar 5 18:41:58 ymer sshd[9059]: input_userauth_request: invalid user fabiof [preauth] Mar 5 18:51:06 ymer sshd[9080]: reverse mapping checking getaddrinfo for static.customer-201-147-183-55.uninet-ide.com.mx [201.147.183.55] failed - POSSIBLE BREAK-IN ATTEMPT! Mar 5 18:51:06 ymer sshd[9080]: Invalid user t7inst from 201.147.183.55 Mar 5 18:51:06 ymer sshd[9080]: input_userauth_request: invalid user t7inst [preauth] Mar 5 18:51:52 ymer sshd[9083]: Invalid user pos from 150.217.141.198 Mar 5 18:51:52 ymer sshd[9083]: input_userauth_request: invalid user pos [preauth] Mar 5 19:59:31 ymer sshd[9218]: Invalid user cvsuser from 128.199.91.171 Mar 5 19:59:31 ymer sshd[9218]: input_userauth_request: invalid user cvsuser [preauth] Mar 5 20:02:44 ymer sshd[9238]: Invalid user ftp_user from 36.66.164.143 Mar 5 20:02:44 ymer sshd[9238]: input_userauth_request: invalid user ftp_user [preauth] Mar 5 20:08:14 ymer sshd[9246]: Invalid user admin from 183.6.159.187 Mar 5 20:08:14 ymer sshd[9246]: input_userauth_request: invalid user admin [preauth] Mar 5 20:37:43 ymer sshd[9337]: Invalid user clinton from 201.23.109.210 Mar 5 20:37:43 ymer sshd[9337]: input_userauth_request: invalid user clinton [preauth] Mar 5 20:55:23 ymer sshd[9383]: Invalid user proba from 103.200.22.113 Mar 5 20:55:23 ymer sshd[9383]: input_userauth_request: invalid user proba [preauth] Mar 5 20:59:13 ymer sshd[9394]: reverse mapping checking getaddrinfo for 104-238-169-76.choopa.net [104.238.169.76] failed - POSSIBLE BREAK-IN ATTEMPT! Mar 5 21:03:45 ymer sshd[9418]: Invalid user postgres from 115.159.71.44 Mar 5 21:03:45 ymer sshd[9418]: input_userauth_request: invalid user postgres [preauth] Mar 5 21:05:58 ymer sshd[9428]: Invalid user admin from 200.23.233.67 Mar 5 21:05:58 ymer sshd[9428]: input_userauth_request: invalid user admin [preauth] Mar 5 21:06:02 ymer sshd[9426]: Invalid user admin from 171.229.108.211 Mar 5 21:06:02 ymer sshd[9426]: input_userauth_request: invalid user admin [preauth] Mar 5 21:06:04 ymer sshd[9431]: reverse mapping checking getaddrinfo for host-197.34.115.50.tedata.net [197.34.115.50] failed - POSSIBLE BREAK-IN ATTEMPT! Mar 5 21:06:04 ymer sshd[9431]: Invalid user admin from 197.34.115.50 Mar 5 21:06:04 ymer sshd[9431]: input_userauth_request: invalid user admin [preauth] Mar 5 21:10:05 ymer sshd[9438]: Invalid user midgear from 118.36.193.215 Mar 5 21:10:05 ymer sshd[9438]: input_userauth_request: invalid user midgear [preauth] Mar 5 21:16:20 ymer sshd[9455]: Invalid user houx from 94.46.186.49 Mar 5 21:16:20 ymer sshd[9455]: input_userauth_request: invalid user houx [preauth] Mar 5 21:30:14 ymer sshd[9479]: Invalid user admin from 112.6.224.2 Mar 5 21:30:14 ymer sshd[9479]: input_userauth_request: invalid user admin [preauth] Mar 5 21:36:06 ymer sshd[9496]: Invalid user daniel from 138.197.79.125 Mar 5 21:36:06 ymer sshd[9496]: input_userauth_request: invalid user daniel [preauth] Mar 5 21:43:05 ymer sshd[9511]: Invalid user zabbix from 77.82.90.234 Mar 5 21:43:05 ymer sshd[9511]: input_userauth_request: invalid user zabbix [preauth] Mar 5 22:13:57 ymer sshd[9603]: Invalid user administrateur from 193.70.85.206 Mar 5 22:13:57 ymer sshd[9603]: input_userauth_request: invalid user administrateur [preauth] Mar 5 22:16:20 ymer sshd[9608]: Invalid user aaron from 41.138.51.69 Mar 5 22:16:20 ymer sshd[9608]: input_userauth_request: invalid user aaron [preauth] Mar 5 22:53:57 ymer sshd[9682]: Invalid user debian-spamd from 197.230.82.115 Mar 5 22:53:57 ymer sshd[9682]: input_userauth_request: invalid user debian-spamd [preauth] Mar 5 22:55:07 ymer sshd[9699]: reverse mapping checking getaddrinfo for 51-15-12-149.rev.poneytelecom.eu [51.15.12.149] failed - POSSIBLE BREAK-IN ATTEMPT! Mar 5 22:55:07 ymer sshd[9699]: Invalid user alex from 51.15.12.149 Mar 5 22:55:07 ymer sshd[9699]: input_userauth_request: invalid user alex [preauth] Mar 5 23:00:25 ymer sshd[9718]: reverse mapping checking getaddrinfo for 103.15.74.82.static-pune.hostin.in [103.15.74.82] failed - POSSIBLE BREAK-IN ATTEMPT! Mar 5 23:00:25 ymer sshd[9718]: Invalid user testuser from 103.15.74.82 Mar 5 23:00:25 ymer sshd[9718]: input_userauth_request: invalid user testuser [preauth] Mar 5 23:32:14 ymer sshd[9767]: reverse mapping checking getaddrinfo for mail.jntukelearn.in [49.156.148.212] failed - POSSIBLE BREAK-IN ATTEMPT! Mar 5 23:32:14 ymer sshd[9767]: Invalid user oracle1 from 49.156.148.212 Mar 5 23:32:14 ymer sshd[9767]: input_userauth_request: invalid user oracle1 [preauth] Mar 5 23:49:11 ymer sshd[9806]: Invalid user ftpuser from 46.101.198.164 Mar 5 23:49:11 ymer sshd[9806]: input_userauth_request: invalid user ftpuser [preauth] Mar 5 23:54:37 ymer sshd[9814]: Invalid user yang from 203.223.42.55 Mar 5 23:54:37 ymer sshd[9814]: input_userauth_request: invalid user yang [preauth] --6c2NcOVqGQ03X4Wi Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQGTBAEBCgB9FiEEZmmwl+ajAr4eHVHbDLsBtTa490kFAlqfkoZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDY2 NjlCMDk3RTZBMzAyQkUxRTFENTFEQjBDQkIwMUI1MzZCOEY3NDkACgkQDLsBtTa4 90lnYwgA0n9Z6r6+8s9p1j7M0IPaiETgzMuK5d6yBXyaX57L59xFFF9/wUClC2ik 3ErziydXypnTYD3iW6pOfZ07EMwGcOqbvN4iwzH2a41DeuIllyb9KxphLqO9Mi9F MxpwbTVUYUGqaInKOjGtjTSrdBpKHC+Dqx5cA7rWcHtRlb/x5GW4O5RadjMekYKf B5yFHnSvteA9vicBw3epjhnEnO+Nu4BD7p2urIcfdOEr3jEMUkv35bvl9tvgeiBW FBvdBRHBsXntR/fYlWMHAUbDJD6Gj/7mA0fXBDtnyacdkxy140QEMs7kPr11Y5cZ xGoB9JwfrjWRoT6yRJTrIMVAE0WUog== =m43E -----END PGP SIGNATURE----- --6c2NcOVqGQ03X4Wi-- From owner-freebsd-questions@freebsd.org Wed Mar 7 09:06:42 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DD22AF3CCD7; Wed, 7 Mar 2018 09:06:42 +0000 (UTC) (envelope-from peter@boosten.org) Received: from smtpq1.mnd.mail.iss.as9143.net (smtpq1.mnd.mail.iss.as9143.net [212.54.34.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7524B87F3C; Wed, 7 Mar 2018 09:06:42 +0000 (UTC) (envelope-from peter@boosten.org) Received: from [212.54.34.119] (helo=smtp11.mnd.mail.iss.as9143.net) by smtpq1.mnd.mail.iss.as9143.net with esmtp (Exim 4.86_2) (envelope-from ) id 1etUn8-0005Oi-BT; Wed, 07 Mar 2018 09:51:18 +0100 Received: from 5419f71f.cm-5-2d.dynamic.ziggo.nl ([84.25.247.31] helo=ra.boosten.org) by smtp11.mnd.mail.iss.as9143.net with esmtp (Exim 4.86_2) (envelope-from ) id 1etUn8-00035z-A5; Wed, 07 Mar 2018 09:51:18 +0100 Received: from ra.egypt.nl (localhost.egypt.nl [127.0.0.1]) by ra.boosten.org (Postfix) with ESMTP id C8778343302B; Wed, 7 Mar 2018 09:51:17 +0100 (CET) X-Virus-Scanned: amavisd-new at boosten.org Received: from ra.boosten.org ([127.0.0.1]) by ra.egypt.nl (ra.egypt.nl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xKoRqwOlAkxT; Wed, 7 Mar 2018 09:51:14 +0100 (CET) Received: from www.boosten.org (ra.egypt.nl [192.168.13.15]) by ra.boosten.org (Postfix) with ESMTPA id A66393432F3F; Wed, 7 Mar 2018 09:51:14 +0100 (CET) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Wed, 07 Mar 2018 09:51:12 +0100 From: Peter Boosten To: User Hasse Cc: freebsd-questions@freebsd.org, owner-freebsd-questions@freebsd.org Subject: Re: Increased abuse activity on my server Reply-To: peter@boosten.org Mail-Reply-To: peter@boosten.org In-Reply-To: <20180307071944.GA30971@ymer.bara1.se> References: <20180307071944.GA30971@ymer.bara1.se> Message-ID: <5a6fcc9bf33e11d552ddd2a63cb8d83b@boosten.org> X-Sender: peter@boosten.org User-Agent: Roundcube Webmail/1.3.4 X-SourceIP: 84.25.247.31 X-Ziggo-spambar: / X-Ziggo-spamscore: 0.0 X-Ziggo-spamreport: CMAE Analysis: v=2.3 cv=YtchubQX c=1 sm=1 tr=0 a=JWBJsaPp29SgP5DpYRBqZw==:17 a=IkcTkHD0fZMA:10 a=v2DPQv5-lfwA:10 a=42Dk2T1fI0mS9-PlChgA:9 a=QEXdDO2ut3YA:10 none X-Ziggo-Spam-Status: No X-Spam-Status: No X-Spam-Flag: No X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2018 09:06:43 -0000 User Hasse schreef op 2018-03-07 08:19: > Hello All > I belive I see an increased amount of abuse attempt on my server by > several 100% > in the last couple of months. Anybody else noticed ? > I saw this all the time, until I removed access to sshd from the internet (only possible through VPN). You can use solutions like sshguard to block these (after a few false tries). I use ossec to null-route all kind of 'failures' (also some script kiddie trying to find my myPHPAdmin, and generating 10+ 404's on my webserver). -- Met vriendelijke groet / Kind regards / Mit freundlichem Gruß Peter Boosten From owner-freebsd-questions@freebsd.org Wed Mar 7 09:08:26 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EE6CBF3CF3D for ; Wed, 7 Mar 2018 09:08:25 +0000 (UTC) (envelope-from felixphew0@gmail.com) Received: from mail-io0-x243.google.com (mail-io0-x243.google.com [IPv6:2607:f8b0:4001:c06::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 84E6C6801C for ; Wed, 7 Mar 2018 09:08:25 +0000 (UTC) (envelope-from felixphew0@gmail.com) Received: by mail-io0-x243.google.com with SMTP id e30so2251280ioc.3 for ; Wed, 07 Mar 2018 01:08:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=GqU06aHAs8iwcPdwX1+BxOopighOM2WCBhrd56NKXbo=; b=TAaupU6p/uoB4lJiQBjltl8cegBeT8gvkJL5XZDrU47dpuzUYxyqd7FysNm1b+IaDz zsmUFWCK+h6BxpSjQS6JWPGXjiQiaOqJHQQrsU9OF+LK1DNMXx0sjmQhiQfOZFywbdEg j/OCk0czMEBM4EaobgJ9xAjIhcGxILcvmYdRVVDuAQlOyx2fwIxqlvZ474uEpsG3G3z6 X4Is9SNOQT2KDj+/HePEIfObapjsXXtiUtbvuGsI0CoZWM6yq/GHaXqdnO6smfKR63ky 3YCrjdaaymPL9qYqHvrXXvv6SQqgOlKUV1ALOxv6bUPHb6FpJkvVntLrmcOHHA04bYYn C8zg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=GqU06aHAs8iwcPdwX1+BxOopighOM2WCBhrd56NKXbo=; b=qqY855m5vDPI31QR4+4QPN/IctZ1OjYvg6bKA0hEPT62GEH4ospiwIItusP8PtDq8U isbNlezh42W7XEvdkTzqkd1i842Q1CCq1ZzYzf+6yvDdjbzUzZgJhh3cN3+bLlPtNMpr JmzpWM2gxjueuRCyEJpb/SKvsghkzOkAqONTEi/+EqfNgIzySKrmM4JQAHkZRFwU29sr 51wWXi2RRVoqdRiX0Nv+rHUHNaOnOTIcH7+bSSDE4HzuplDGkX85miFXQxHsSGJk7Rf/ N+5I+bDc2T/HXrb/g7hDFYOW1Oo+q1dyyuAZQkxH0OVnCckbcE0ajtuAupvkKv9MiNst /5xw== X-Gm-Message-State: AElRT7G/UpyBSpzzT08fsTjc636T1r5sq0vwMU7d7sLbZC+MPyOmDSo1 xVKNssiuI8jdq8+9xV0ry0puekdo X-Google-Smtp-Source: AG47ELvBMndZR9w+uY7eP1IxMmDW8ilSf/lq142lminocBkYEpKcEupF2+EB7N53zvZV+MIzsnISwA== X-Received: by 10.107.7.153 with SMTP id g25mr24952529ioi.271.1520413704468; Wed, 07 Mar 2018 01:08:24 -0800 (PST) Received: from [10.20.71.73] (BnG-nat-02.anu.edu.au. [130.56.207.2]) by smtp.gmail.com with ESMTPSA id x186sm8461907itb.6.2018.03.07.01.08.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Mar 2018 01:08:24 -0800 (PST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) Subject: Re: Increased abuse activity on my server From: Felix Friedlander In-Reply-To: <20180307071944.GA30971@ymer.bara1.se> Date: Wed, 7 Mar 2018 20:08:19 +1100 Cc: freebsd-questions@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <20180307071944.GA30971@ymer.bara1.se> To: User Hasse X-Mailer: Apple Mail (2.3445.5.20) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2018 09:08:26 -0000 > On 7 Mar 2018, at 6:19 pm, User Hasse wrote: >=20 > Hello All > I belive I see an increased amount of abuse attempt on my server by = several 100% > in the last couple of months. Anybody else noticed ? >=20 > all the best > Geir Svalland > ------------------------- > ymer.bara1.se login failures: > Mar 5 00:07:35 ymer sshd[3394]: Invalid user postgres from = 41.138.51.69 > Mar 5 00:07:35 ymer sshd[3394]: input_userauth_request: invalid user = postgres [preauth] > Mar 5 00:12:12 ymer sshd[3419]: Invalid user ubnt from 31.30.120.136 > Mar 5 00:12:12 ymer sshd[3419]: input_userauth_request: invalid user = ubnt [preauth] > Mar 5 00:43:20 ymer sshd[3488]: Invalid user zabbix from = 202.129.16.124 > Mar 5 00:43:20 ymer sshd[3488]: input_userauth_request: invalid user = zabbix [preauth] > Mar 5 00:55:48 ymer sshd[3532]: reverse mapping checking getaddrinfo = for c62.15.comtelnet.pl [176.115.15.62] failed - POSSIBLE BREAK-IN = ATTEMPT! > Mar 5 00:55:48 ymer sshd[3532]: Invalid user oracle from = 176.115.15.62 > Mar 5 00:55:48 ymer sshd[3532]: input_userauth_request: invalid user = oracle [preauth] > Mar 5 01:14:21 ymer sshd[3572]: Invalid user zabbix from = 185.173.226.39 > Mar 5 01:14:21 ymer sshd[3572]: input_userauth_request: invalid user = zabbix [preauth] > Mar 5 01:26:45 ymer sshd[3605]: Invalid user admin from 39.109.10.138 > Mar 5 01:26:45 ymer sshd[3605]: input_userauth_request: invalid user = admin [preauth] > Mar 5 02:02:07 ymer sshd[3687]: reverse mapping checking getaddrinfo = for static-ip-181500122237.cable.net.co [181.50.122.237] failed - = POSSIBLE BREAK-IN ATTEMPT! > Mar 5 02:02:07 ymer sshd[3687]: Invalid user admin from = 181.50.122.237 > Mar 5 02:02:07 ymer sshd[3687]: input_userauth_request: invalid user = admin [preauth] > Mar 5 02:40:45 ymer sshd[3766]: Invalid user oracle from = 123.207.237.12 > Mar 5 02:40:45 ymer sshd[3766]: input_userauth_request: invalid user = oracle [preauth] > Mar 5 02:41:19 ymer sshd[3769]: Invalid user vmuser from = 207.107.67.114 > Mar 5 02:41:19 ymer sshd[3769]: input_userauth_request: invalid user = vmuser [preauth] > Mar 5 03:17:13 ymer sshd[4180]: Invalid user cacti from 190.97.60.94 > Mar 5 03:17:13 ymer sshd[4180]: input_userauth_request: invalid user = cacti [preauth] > Mar 5 03:50:14 ymer sshd[4254]: Invalid user ftptest from = 218.201.250.77 > Mar 5 03:50:14 ymer sshd[4254]: input_userauth_request: invalid user = ftptest [preauth] > Mar 5 04:09:23 ymer sshd[4296]: Invalid user celia from = 180.76.140.116 > Mar 5 04:09:23 ymer sshd[4296]: input_userauth_request: invalid user = celia [preauth] > Mar 5 04:10:27 ymer sshd[4304]: Invalid user ftp_user from = 125.212.249.115 > Mar 5 04:10:27 ymer sshd[4304]: input_userauth_request: invalid user = ftp_user [preauth] > Mar 5 04:11:02 ymer sshd[4319]: Invalid user oracle1 from = 13.59.239.183 > Mar 5 04:11:02 ymer sshd[4319]: input_userauth_request: invalid user = oracle1 [preauth] > Mar 5 05:08:15 ymer sshd[4459]: Invalid user nagios from = 128.199.91.171 > Mar 5 05:08:15 ymer sshd[4459]: input_userauth_request: invalid user = nagios [preauth] > Mar 5 05:10:11 ymer sshd[4464]: Invalid user mia from 218.201.250.77 > Mar 5 05:10:11 ymer sshd[4464]: input_userauth_request: invalid user = mia [preauth] > Mar 5 05:46:22 ymer sshd[4550]: reverse mapping checking getaddrinfo = for broadband.actcorp.in [183.82.0.15] failed - POSSIBLE BREAK-IN = ATTEMPT! > Mar 5 05:46:22 ymer sshd[4550]: Invalid user applmgr from 183.82.0.15 > Mar 5 05:46:22 ymer sshd[4550]: input_userauth_request: invalid user = applmgr [preauth] > Mar 5 05:48:43 ymer sshd[4553]: reverse mapping checking getaddrinfo = for 38.102.112.112.broad.km.yn.dynamic.163data.com.cn [112.112.102.38] = failed - POSSIBLE BREAK-IN ATTEMPT! > Mar 5 05:48:43 ymer sshd[4553]: Invalid user admin from = 112.112.102.38 > Mar 5 05:48:43 ymer sshd[4553]: input_userauth_request: invalid user = admin [preauth] > Mar 5 05:54:02 ymer sshd[4558]: Invalid user ftpuser from = 103.26.14.92 > Mar 5 05:54:02 ymer sshd[4558]: input_userauth_request: invalid user = ftpuser [preauth] > Mar 5 05:56:19 ymer sshd[4575]: reverse mapping checking getaddrinfo = for mail.jntukelearn.in [49.156.148.212] failed - POSSIBLE BREAK-IN = ATTEMPT! > Mar 5 05:56:19 ymer sshd[4575]: Invalid user manager from = 49.156.148.212 > Mar 5 05:56:19 ymer sshd[4575]: input_userauth_request: invalid user = manager [preauth] > Mar 5 06:07:01 ymer sshd[4845]: Invalid user test6 from 185.13.36.208 > Mar 5 06:07:01 ymer sshd[4845]: input_userauth_request: invalid user = test6 [preauth] > Mar 5 06:36:44 ymer sshd[4909]: reverse mapping checking getaddrinfo = for 133.subnet180-250-210.astinet.telkom.net.id [180.250.210.133] failed = - POSSIBLE BREAK-IN ATTEMPT! > Mar 5 06:36:44 ymer sshd[4909]: Invalid user admin from = 180.250.210.133 > Mar 5 06:36:44 ymer sshd[4909]: input_userauth_request: invalid user = admin [preauth] > Mar 5 07:02:22 ymer sshd[7417]: Invalid user user from = 103.229.176.187 > Mar 5 07:02:22 ymer sshd[7417]: input_userauth_request: invalid user = user [preauth] > Mar 5 07:26:31 ymer sshd[7455]: Invalid user gnats from = 139.217.202.77 > Mar 5 07:26:31 ymer sshd[7455]: input_userauth_request: invalid user = gnats [preauth] > Mar 5 07:27:00 ymer sshd[7458]: Invalid user tomcat from = 60.250.168.200 > Mar 5 07:27:00 ymer sshd[7458]: input_userauth_request: invalid user = tomcat [preauth] > Mar 5 07:34:14 ymer sshd[7486]: Invalid user max from 125.212.233.81 > Mar 5 07:34:14 ymer sshd[7486]: input_userauth_request: invalid user = max [preauth] > Mar 5 07:34:14 ymer sshd[7486]: input_userauth_request: invalid user = max [preauth] > Mar 5 07:57:56 ymer sshd[7528]: Invalid user cvsuser from = 112.171.152.12 > Mar 5 07:57:56 ymer sshd[7528]: input_userauth_request: invalid user = cvsuser [preauth] > Mar 5 08:05:21 ymer sshd[7555]: Invalid user admin from 46.105.121.42 > Mar 5 08:05:21 ymer sshd[7555]: input_userauth_request: invalid user = admin [preauth] > Mar 5 08:07:46 ymer sshd[7560]: Invalid user jboss from = 187.162.208.209 > Mar 5 08:07:46 ymer sshd[7560]: input_userauth_request: invalid user = jboss [preauth] > Mar 5 08:08:54 ymer sshd[7567]: Invalid user jboss from = 46.101.198.164 > Mar 5 08:08:54 ymer sshd[7567]: input_userauth_request: invalid user = jboss [preauth] > Mar 5 08:36:41 ymer sshd[7660]: reverse mapping checking getaddrinfo = for static.customer-201-147-183-55.uninet-ide.com.mx [201.147.183.55] = failed - POSSIBLE BREAK-IN ATTEMPT! > Mar 5 08:36:41 ymer sshd[7660]: Invalid user alex from 201.147.183.55 > Mar 5 08:36:41 ymer sshd[7660]: input_userauth_request: invalid user = alex [preauth] > Mar 5 08:49:08 ymer sshd[7690]: reverse mapping checking getaddrinfo = for host-156.195.34.241-static.tedata.net [156.195.241.34] failed - = POSSIBLE BREAK-IN ATTEMPT! > Mar 5 08:49:08 ymer sshd[7690]: Invalid user admin from = 156.195.241.34 > Mar 5 08:49:08 ymer sshd[7690]: input_userauth_request: invalid user = admin [preauth] > Mar 5 08:49:08 ymer sshd[7688]: Invalid user admin from = 180.251.50.186 > Mar 5 08:49:08 ymer sshd[7688]: input_userauth_request: invalid user = admin [preauth] > Mar 5 08:49:23 ymer sshd[7694]: Invalid user admin from = 171.229.253.137 > Mar 5 08:49:23 ymer sshd[7694]: input_userauth_request: invalid user = admin [preauth] > Mar 5 09:10:45 ymer sshd[7750]: Invalid user informix from = 178.32.17.209 > Mar 5 09:10:45 ymer sshd[7750]: input_userauth_request: invalid user = informix [preauth] > Mar 5 09:19:37 ymer sshd[7775]: Invalid user admin from = 78.149.116.204 > Mar 5 09:19:37 ymer sshd[7775]: input_userauth_request: invalid user = admin [preauth] > Mar 5 09:25:55 ymer sshd[7800]: Invalid user backuppc from = 171.244.34.34 > Mar 5 09:25:55 ymer sshd[7800]: input_userauth_request: invalid user = backuppc [preauth] > Mar 5 09:27:17 ymer sshd[7805]: Invalid user midgear from = 125.212.228.165 > Mar 5 09:27:17 ymer sshd[7805]: input_userauth_request: invalid user = midgear [preauth] > Mar 5 09:56:26 ymer sshd[7862]: Invalid user ftp_user from = 182.61.108.55 > Mar 5 09:56:26 ymer sshd[7862]: input_userauth_request: invalid user = ftp_user [preauth] > Mar 5 09:59:10 ymer sshd[7870]: Invalid user admin from = 110.10.189.182 > Mar 5 09:59:10 ymer sshd[7870]: input_userauth_request: invalid user = admin [preauth] > Mar 5 10:20:38 ymer sshd[7923]: Invalid user oracle from = 193.70.85.206 > Mar 5 10:20:38 ymer sshd[7923]: input_userauth_request: invalid user = oracle [preauth] > Mar 5 10:25:47 ymer sshd[7946]: Invalid user admin from = 111.230.100.145 > Mar 5 10:25:47 ymer sshd[7946]: input_userauth_request: invalid user = admin [preauth] > Mar 5 11:54:32 ymer sshd[8110]: Invalid user applmgr from = 202.54.249.131 > Mar 5 11:54:32 ymer sshd[8110]: input_userauth_request: invalid user = applmgr [preauth] > Mar 5 12:22:57 ymer sshd[8189]: Invalid user michael from = 138.197.79.125 > Mar 5 12:22:57 ymer sshd[8189]: input_userauth_request: invalid user = michael [preauth] > Mar 5 12:45:54 ymer sshd[8249]: Invalid user zimbra from = 38.108.53.157 > Mar 5 12:45:54 ymer sshd[8249]: input_userauth_request: invalid user = zimbra [preauth] > Mar 5 13:26:42 ymer sshd[8342]: Invalid user manu from 61.178.220.148 > Mar 5 13:26:42 ymer sshd[8342]: input_userauth_request: invalid user = manu [preauth] > Mar 5 14:21:45 ymer sshd[8459]: Invalid user cacti from = 124.124.99.216 > Mar 5 14:21:45 ymer sshd[8459]: input_userauth_request: invalid user = cacti [preauth] > Mar 5 14:33:28 ymer sshd[8500]: reverse mapping checking getaddrinfo = for strelnikoveugene.fvds.ru [82.146.62.2] failed - POSSIBLE BREAK-IN = ATTEMPT! > Mar 5 14:33:28 ymer sshd[8500]: Invalid user squid from 82.146.62.2 > Mar 5 14:33:28 ymer sshd[8500]: input_userauth_request: invalid user = squid [preauth] > Mar 5 14:37:30 ymer sshd[8505]: Invalid user oracle from = 125.212.233.81 > Mar 5 14:37:30 ymer sshd[8505]: input_userauth_request: invalid user = oracle [preauth] > Mar 5 14:52:35 ymer sshd[8531]: reverse mapping checking getaddrinfo = for host251.181-111-193.telecom.net.ar [181.111.193.251] failed - = POSSIBLE BREAK-IN ATTEMPT! > Mar 5 14:52:35 ymer sshd[8531]: Invalid user admin from = 181.111.193.251 > Mar 5 14:52:35 ymer sshd[8531]: input_userauth_request: invalid user = admin [preauth] > Mar 5 15:34:12 ymer sshd[8624]: Invalid user kodi from 35.194.242.249 > Mar 5 15:34:12 ymer sshd[8624]: input_userauth_request: invalid user = kodi [preauth] > Mar 5 15:51:04 ymer sshd[8649]: Invalid user setup from 103.26.14.92 > Mar 5 15:51:04 ymer sshd[8649]: input_userauth_request: invalid user = setup [preauth] > Mar 5 16:22:17 ymer sshd[8738]: Invalid user pi from 78.129.204.130 > Mar 5 16:22:17 ymer sshd[8738]: input_userauth_request: invalid user = pi [preauth] > Mar 5 16:22:17 ymer sshd[8738]: input_userauth_request: invalid user = pi [preauth] > Mar 5 16:55:47 ymer sshd[8828]: reverse mapping checking getaddrinfo = for 203-154-158-250.inter.net.th [203.154.158.250] failed - POSSIBLE = BREAK-IN ATTEMPT! > Mar 5 16:55:47 ymer sshd[8828]: Invalid user admin from = 203.154.158.250 > Mar 5 16:55:47 ymer sshd[8828]: input_userauth_request: invalid user = admin [preauth] > Mar 5 17:21:40 ymer sshd[8874]: Invalid user allen from 61.6.165.220 > Mar 5 17:21:40 ymer sshd[8874]: input_userauth_request: invalid user = allen [preauth] > Mar 5 17:38:11 ymer sshd[8914]: reverse mapping checking getaddrinfo = for 212.224.88.142.living-bots.net [212.224.88.142] failed - POSSIBLE = BREAK-IN ATTEMPT! > Mar 5 17:38:11 ymer sshd[8914]: Invalid user postgres from = 212.224.88.142 > Mar 5 17:38:11 ymer sshd[8914]: input_userauth_request: invalid user = postgres [preauth] > Mar 5 17:43:12 ymer sshd[8919]: Invalid user usuario from = 166.62.39.220 > Mar 5 17:43:12 ymer sshd[8919]: input_userauth_request: invalid user = usuario [preauth] > Mar 5 18:02:29 ymer sshd[8970]: Invalid user oracle from = 128.199.131.118 > Mar 5 18:02:29 ymer sshd[8970]: input_userauth_request: invalid user = oracle [preauth] > Mar 5 18:24:13 ymer sshd[9020]: Invalid user arkserver from = 61.6.165.220 > Mar 5 18:24:13 ymer sshd[9020]: input_userauth_request: invalid user = arkserver [preauth] > Mar 5 18:25:15 ymer sshd[9025]: Invalid user dbuser from 88.26.245.85 > Mar 5 18:25:15 ymer sshd[9025]: input_userauth_request: invalid user = dbuser [preauth] > Mar 5 18:36:07 ymer sshd[9048]: Invalid user osmc from 78.129.204.130 > Mar 5 18:36:07 ymer sshd[9048]: input_userauth_request: invalid user = osmc [preauth] > Mar 5 18:41:58 ymer sshd[9057]: Invalid user fabiof from 110.34.24.24 > Mar 5 18:41:58 ymer sshd[9059]: Invalid user fabiof from 110.34.24.24 > Mar 5 18:41:58 ymer sshd[9057]: input_userauth_request: invalid user = fabiof [preauth] > Mar 5 18:41:58 ymer sshd[9059]: input_userauth_request: invalid user = fabiof [preauth] > Mar 5 18:51:06 ymer sshd[9080]: reverse mapping checking getaddrinfo = for static.customer-201-147-183-55.uninet-ide.com.mx [201.147.183.55] = failed - POSSIBLE BREAK-IN ATTEMPT! > Mar 5 18:51:06 ymer sshd[9080]: Invalid user t7inst from = 201.147.183.55 > Mar 5 18:51:06 ymer sshd[9080]: input_userauth_request: invalid user = t7inst [preauth] > Mar 5 18:51:52 ymer sshd[9083]: Invalid user pos from 150.217.141.198 > Mar 5 18:51:52 ymer sshd[9083]: input_userauth_request: invalid user = pos [preauth] > Mar 5 19:59:31 ymer sshd[9218]: Invalid user cvsuser from = 128.199.91.171 > Mar 5 19:59:31 ymer sshd[9218]: input_userauth_request: invalid user = cvsuser [preauth] > Mar 5 20:02:44 ymer sshd[9238]: Invalid user ftp_user from = 36.66.164.143 > Mar 5 20:02:44 ymer sshd[9238]: input_userauth_request: invalid user = ftp_user [preauth] > Mar 5 20:08:14 ymer sshd[9246]: Invalid user admin from 183.6.159.187 > Mar 5 20:08:14 ymer sshd[9246]: input_userauth_request: invalid user = admin [preauth] > Mar 5 20:37:43 ymer sshd[9337]: Invalid user clinton from = 201.23.109.210 > Mar 5 20:37:43 ymer sshd[9337]: input_userauth_request: invalid user = clinton [preauth] > Mar 5 20:55:23 ymer sshd[9383]: Invalid user proba from = 103.200.22.113 > Mar 5 20:55:23 ymer sshd[9383]: input_userauth_request: invalid user = proba [preauth] > Mar 5 20:59:13 ymer sshd[9394]: reverse mapping checking getaddrinfo = for 104-238-169-76.choopa.net [104.238.169.76] failed - POSSIBLE = BREAK-IN ATTEMPT! > Mar 5 21:03:45 ymer sshd[9418]: Invalid user postgres from = 115.159.71.44 > Mar 5 21:03:45 ymer sshd[9418]: input_userauth_request: invalid user = postgres [preauth] > Mar 5 21:05:58 ymer sshd[9428]: Invalid user admin from 200.23.233.67 > Mar 5 21:05:58 ymer sshd[9428]: input_userauth_request: invalid user = admin [preauth] > Mar 5 21:06:02 ymer sshd[9426]: Invalid user admin from = 171.229.108.211 > Mar 5 21:06:02 ymer sshd[9426]: input_userauth_request: invalid user = admin [preauth] > Mar 5 21:06:04 ymer sshd[9431]: reverse mapping checking getaddrinfo = for host-197.34.115.50.tedata.net [197.34.115.50] failed - POSSIBLE = BREAK-IN ATTEMPT! > Mar 5 21:06:04 ymer sshd[9431]: Invalid user admin from 197.34.115.50 > Mar 5 21:06:04 ymer sshd[9431]: input_userauth_request: invalid user = admin [preauth] > Mar 5 21:10:05 ymer sshd[9438]: Invalid user midgear from = 118.36.193.215 > Mar 5 21:10:05 ymer sshd[9438]: input_userauth_request: invalid user = midgear [preauth] > Mar 5 21:16:20 ymer sshd[9455]: Invalid user houx from 94.46.186.49 > Mar 5 21:16:20 ymer sshd[9455]: input_userauth_request: invalid user = houx [preauth] > Mar 5 21:30:14 ymer sshd[9479]: Invalid user admin from 112.6.224.2 > Mar 5 21:30:14 ymer sshd[9479]: input_userauth_request: invalid user = admin [preauth] > Mar 5 21:36:06 ymer sshd[9496]: Invalid user daniel from = 138.197.79.125 > Mar 5 21:36:06 ymer sshd[9496]: input_userauth_request: invalid user = daniel [preauth] > Mar 5 21:43:05 ymer sshd[9511]: Invalid user zabbix from 77.82.90.234 > Mar 5 21:43:05 ymer sshd[9511]: input_userauth_request: invalid user = zabbix [preauth] > Mar 5 22:13:57 ymer sshd[9603]: Invalid user administrateur from = 193.70.85.206 > Mar 5 22:13:57 ymer sshd[9603]: input_userauth_request: invalid user = administrateur [preauth] > Mar 5 22:16:20 ymer sshd[9608]: Invalid user aaron from 41.138.51.69 > Mar 5 22:16:20 ymer sshd[9608]: input_userauth_request: invalid user = aaron [preauth] > Mar 5 22:53:57 ymer sshd[9682]: Invalid user debian-spamd from = 197.230.82.115 > Mar 5 22:53:57 ymer sshd[9682]: input_userauth_request: invalid user = debian-spamd [preauth] > Mar 5 22:55:07 ymer sshd[9699]: reverse mapping checking getaddrinfo = for 51-15-12-149.rev.poneytelecom.eu [51.15.12.149] failed - POSSIBLE = BREAK-IN ATTEMPT! > Mar 5 22:55:07 ymer sshd[9699]: Invalid user alex from 51.15.12.149 > Mar 5 22:55:07 ymer sshd[9699]: input_userauth_request: invalid user = alex [preauth] > Mar 5 23:00:25 ymer sshd[9718]: reverse mapping checking getaddrinfo = for 103.15.74.82.static-pune.hostin.in [103.15.74.82] failed - POSSIBLE = BREAK-IN ATTEMPT! > Mar 5 23:00:25 ymer sshd[9718]: Invalid user testuser from = 103.15.74.82 > Mar 5 23:00:25 ymer sshd[9718]: input_userauth_request: invalid user = testuser [preauth] > Mar 5 23:32:14 ymer sshd[9767]: reverse mapping checking getaddrinfo = for mail.jntukelearn.in [49.156.148.212] failed - POSSIBLE BREAK-IN = ATTEMPT! > Mar 5 23:32:14 ymer sshd[9767]: Invalid user oracle1 from = 49.156.148.212 > Mar 5 23:32:14 ymer sshd[9767]: input_userauth_request: invalid user = oracle1 [preauth] > Mar 5 23:49:11 ymer sshd[9806]: Invalid user ftpuser from = 46.101.198.164 > Mar 5 23:49:11 ymer sshd[9806]: input_userauth_request: invalid user = ftpuser [preauth] > Mar 5 23:54:37 ymer sshd[9814]: Invalid user yang from 203.223.42.55 > Mar 5 23:54:37 ymer sshd[9814]: input_userauth_request: invalid user = yang [preauth] Hello, This is about par for the course with internet-facing SSH. (Indeed, I = recently saw much worse on a server I was doing some work on.) Assuming your credentials are non-guessable (and ideally key-only) it = isn=E2=80=99t a huge concern, but consider firewalling so that only = trusted hosts can connect on port 22 at all. - Felix= From owner-freebsd-questions@freebsd.org Wed Mar 7 09:38:36 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7F93DF3F761 for ; Wed, 7 Mar 2018 09:38:36 +0000 (UTC) (envelope-from ole@free.de) Received: from smtp.free.de (smtp.free.de [91.204.6.103]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0E28A695CC for ; Wed, 7 Mar 2018 09:38:35 +0000 (UTC) (envelope-from ole@free.de) Received: from bard (x4db62a19.dyn.telefonica.de [77.182.42.25]) by smtp.free.de (Postfix) with ESMTPSA id 126DF15CF8; Wed, 7 Mar 2018 10:31:41 +0100 (CET) Date: Wed, 7 Mar 2018 10:31:36 +0100 From: Ole To: User Hasse Cc: freebsd-questions@freebsd.org Subject: Re: Increased abuse activity on my server Message-ID: <20180307103136.25881537.ole@free.de> In-Reply-To: <20180307071944.GA30971@ymer.bara1.se> References: <20180307071944.GA30971@ymer.bara1.se> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; boundary="Sig_/NCG5nzjOW/1Ps+pwEN94G=x"; protocol="application/pgp-signature" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2018 09:38:36 -0000 --Sig_/NCG5nzjOW/1Ps+pwEN94G=x Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Wed, 7 Mar 2018 08:19:44 +0100 - User Hasse : > Anybody else noticed ? Welcome to the internet :-) If you have strong passwords or better only public key authentication allowed, just don't care. If you want to increase security you could use a VPN + Firewall to only allow connections from your VPN. If you just don't want them to spam your logs you could just move sshd from port 22 to port 24. regards Ole --Sig_/NCG5nzjOW/1Ps+pwEN94G=x Content-Type: application/pgp-signature Content-Description: Digitale Signatur von OpenPGP -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJan7F7AAoJECWWkUao5JRQi9AQAIuZWsE01i/ILWhR71n6KaHU MP/qiU86yMOxRCI39C+Q1K0JV/2khsB8f3gc7y3qkQuCZI8+cZzZx+PHCzUh1Q9W QWP3XcO82v6TzTVW2Tn6amwA2GU8PBSnqdMGP69CFhtyHJzR5YUWwcwKKYVFNN1f T35g7zVkwTAjVoErbOuvGcs4X4whW3qQ1fNWMdU2Cml1WIZcrtyX1784GMhvUXW6 9a/XrYLYGYrRSCaHOsrQUwLwurzXvNr+2CfJXCMIrHHsPUr/fUuisSxNPxQdontR CaAuNioo9ojPnyEiLwZlsmROVGjMyDSUq/hubkQYXBvYNTCslOMnZegVyBGKXfp2 TzXf17rx54A+pIxzBSBsjb7SZvdWE3HY+mKwCI2WTXX+SAZKZ2o3wIAp/RWRjq1G bpV8homDjBH96gs2CCbZ5eO8qqbDPpyJ1RTYEEO5OQgVCr+qG5yueAC2OYSU3SZW knxqcXQl06E8UBY/YF34cAZEbj0vyf45lIJYwrz/FijzX65PFNKRBIyIeIojdZql OGmkL7sQBZjOG/W9vsPapRVPHAL3c+G+YE0Ah5APTSSYRRk7Sk692Zz8HBJjRe51 xTaXpbcY182GcMP6wYLHE2C2L5GL+m4sWSOAzZVRQH7uShrfQM0WlnL6CgWN8kPH Ht6iqRC2cMXcdPUPr/Ht =e1Qe -----END PGP SIGNATURE----- --Sig_/NCG5nzjOW/1Ps+pwEN94G=x-- From owner-freebsd-questions@freebsd.org Wed Mar 7 14:20:04 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9D759F30695 for ; Wed, 7 Mar 2018 14:20:04 +0000 (UTC) (envelope-from wfdudley@gmail.com) Received: from mail-yb0-x22a.google.com (mail-yb0-x22a.google.com [IPv6:2607:f8b0:4002:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 34699762F0 for ; Wed, 7 Mar 2018 14:20:04 +0000 (UTC) (envelope-from wfdudley@gmail.com) Received: by mail-yb0-x22a.google.com with SMTP id h19-v6so758248ybj.11 for ; Wed, 07 Mar 2018 06:20:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:cc; bh=al9ohFbklCbvyX+Fp6587NypdHx53Nf5maKPE4Guu6E=; b=Kuv0u/LP8dztBmwT00QZBy8F5vnfuoV6NT9CncZ3QULgsQSpLQHCQUQXJslgFQnfh2 YbQ8YtPb3wz3TQiR6pkyFgh8OLpHRIF3F9H2SC4ZmysAvcwfjHK2pFWrUCKYJsgcwTN9 n1L3NPxVRxc99mFIOVvMz9KL1ggJGze9lmb4XXl228gvgiagS+uQRDSAbFvDLwRp1KKo 6cDAl3YgwmnpLvm9gwrzwjp2mpJ3bSmLzfQmx4nv9Ydgy7UNxiHHNZdvXBaW3FgJZVFv LuLcH16FNfpQK1gw4bbV7XMb6Ziix+v10FiFMUiGUEwcn2PmUvYIiYe5guBkCt7pI4qZ BZ2g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:cc; bh=al9ohFbklCbvyX+Fp6587NypdHx53Nf5maKPE4Guu6E=; b=MrRruwPVAZ9PAUkyKm+VW1l7wQvCSHuGkN2p0iID+YW3SzNj+3Sdezkq2YgzkP1+dD lVGaN3ELNMJEF/BqW9fPyONblhw8kAQZ2slIYcddw1zDd1U9U4da2UWuH9OPRi+5GoFd JuOiubrpXPdCBJl3By8Ra4IwnZZFfNF+G97na1IzZSC8Ogeh4EEsynz38RxyLyby8Up/ zUcH6UOivom1Os4rGjOf2NsNzxugqgdoS5Ho2lwVFWgwa8VgRLIbkvatpMikZdeBmq12 DhBgqONNZrtOVLdCLkcIJM2pIJQQbipuc0AcnKZHRP+mHIXZYRb/6EDR8f1mTQ16YuHp j2ag== X-Gm-Message-State: APf1xPDupLgUvG6+bNuGPIT3dTxicpIp4nlqQ4EQDKjrKWcbevYO6D5P zbLe0wbta9pDbtKSlHrmyH7w/xc2XAJUfPwR7Vw= X-Google-Smtp-Source: AG47ELtjPRkCMmALcTXZuN/6Zqou9Km9YFRvKzgVD9TKLth91OUW7UrtXopbFYH7ZLMKJ8SlPaoTlfVfu1vnXuKideo= X-Received: by 2002:a25:67c6:: with SMTP id b189-v6mr13899097ybc.199.1520432403316; Wed, 07 Mar 2018 06:20:03 -0800 (PST) MIME-Version: 1.0 Received: by 2002:a25:324f:0:0:0:0:0 with HTTP; Wed, 7 Mar 2018 06:20:02 -0800 (PST) In-Reply-To: <20180307103136.25881537.ole@free.de> References: <20180307071944.GA30971@ymer.bara1.se> <20180307103136.25881537.ole@free.de> From: William Dudley Date: Wed, 7 Mar 2018 09:20:02 -0500 Message-ID: Subject: Re: Increased abuse activity on my server Cc: freebsd-questions Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2018 14:20:04 -0000 This may sound stupid and obvious, but I moved my ssh port to a high "random" port number, and that completely stopped the random attempts to ssh in. I know that "security by obscurity" "doesn't work", but it did! I picked a port like 5792 -- not related to anything else. (i.e. don't pick 2222 or 2022 etc.) I've had this in place for months and months (perhaps a year) and the attackers haven't found the port yet. I think this works because unless you, specifically, are at *target* of somebody *serious*, (think "kbg"), most of these attackers are opportunists who won't spend the time to do a full port scan of your server. They just try the standard ports: 21, 22, 23, 25, etc. ALSO, you should disable password auth for ssh and use only public/private key. Then you know the attackers are REALLY wasting their time. Bill Dudley This email is free of malware because I run Linux. On Wed, Mar 7, 2018 at 4:31 AM, Ole wrote: > Wed, 7 Mar 2018 08:19:44 +0100 - User Hasse : > > > Anybody else noticed ? > > Welcome to the internet :-) > > If you have strong passwords or better only public key authentication > allowed, just don't care. If you want to increase security you could > use a VPN + Firewall to only allow connections from your VPN. If you > just don't want them to spam your logs you could just move sshd from > port 22 to port 24. > > regards Ole > From owner-freebsd-questions@freebsd.org Wed Mar 7 14:50:28 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 571CFF332F1 for ; Wed, 7 Mar 2018 14:50:28 +0000 (UTC) (envelope-from duane@nofroth.com) Received: from mail-vk0-x22b.google.com (mail-vk0-x22b.google.com [IPv6:2607:f8b0:400c:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EE5BF781F9 for ; Wed, 7 Mar 2018 14:50:27 +0000 (UTC) (envelope-from duane@nofroth.com) Received: by mail-vk0-x22b.google.com with SMTP id z190so1456173vkg.1 for ; Wed, 07 Mar 2018 06:50:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nofroth.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=wTbwiYSEOoh/TukkC8qUkWelVHsTlRTZnwm2/R0Rv5E=; b=Jrd8wcD6aqwOV/8Jks1/a9jdYmSb7/AuU2iMP/3hjzuc4icHg1wxRk3AZqcTmVXgNg yefonxujz79w1muTW9KRa+xld+bZP81obWl2jM0Z2jBTW7Gpk9po/FecpfUP92/dQByQ olY5zwsjvN7iyUX2N4IJ9x9Kav3n8YIV3zM/9tqOo0qrVeLq/HmFZ1OKEGbsjEbZBkzD +3dIGFfyVcysgz8difb3CgzTf4AMQRBOpzZoV2ofDreUIj54AH8kFYa5JihwTaj2ZQoZ RNfVNUJBj0bokuCEdsqb75lJwRMzd3AZz7WerxV91qjUGB81TVrCfXXgPBNZJ9obALIM UJlQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=wTbwiYSEOoh/TukkC8qUkWelVHsTlRTZnwm2/R0Rv5E=; b=Yfs1yJC12pGSp9AFAtnA9uPbr+qncecZLdgMaEyh+Jk27HIa6me1OFcVlmsc8AXvCm wtWq08owyg6vwqaz+PKPhW4W8ZxzLcnvd+BFlQx9yUj2kmC04Azr2BD7XErQfqPxkPC5 2M4ufVrTUytJBcxXfBmjqTIdH0Jp6Q67Tsqt8yd+yDl4JkxIOv0OpDFpj57JS7bwObOg Rju3vtieuxCqyzWkxdu4XkvQmtqdRa736BBCotbLdqqWQyrUc/UdAa2qRxQFpac/xZeF hZ9PYIRYCluF77mAgxeWTf3EcljRJoJWWQri1xKfh6y74/rdIVeVUAG9HU1NiUptWH+U 7mBQ== X-Gm-Message-State: APf1xPB0DdDHUDd9DVsIg5YPQZ0BFN9lHjdMVz/jmVt155g/z7itCma6 rjIw+DWefdZS8SDmuaq57kcNlL6jMetLuWVcm8wA/pw9 X-Google-Smtp-Source: AG47ELsF3o3GUofvBmxxybZM4hXnH+Cm6Q3A6rlwloLfdzyA6++wxXVUtz3Ln8JcjR0iCGHxvMxCBtTQYkeMnxofdlY= X-Received: by 10.31.202.133 with SMTP id a127mr16998604vkg.100.1520434227164; Wed, 07 Mar 2018 06:50:27 -0800 (PST) MIME-Version: 1.0 Received: by 10.31.52.139 with HTTP; Wed, 7 Mar 2018 06:50:26 -0800 (PST) Received: by 10.31.52.139 with HTTP; Wed, 7 Mar 2018 06:50:26 -0800 (PST) In-Reply-To: References: <20180307071944.GA30971@ymer.bara1.se> <20180307103136.25881537.ole@free.de> From: Duane Whitty Date: Wed, 7 Mar 2018 10:50:26 -0400 Message-ID: Subject: Re: Increased abuse activity on my server To: freebsd-questions@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2018 14:50:28 -0000 +1. Works great On Mar 7, 2018 10:24, "William Dudley" wrote: > This may sound stupid and obvious, but I moved my ssh port to a high > "random" port > number, and that completely stopped the random attempts to ssh in. I know > that > "security by obscurity" "doesn't work", but it did! > > I picked a port like 5792 -- not related to anything else. (i.e. don't > pick 2222 or 2022 etc.) > > I've had this in place for months and months (perhaps a year) and the > attackers > haven't found the port yet. > > I think this works because unless you, specifically, are at *target* of > somebody *serious*, > (think "kbg"), most of these attackers are opportunists who won't spend the > time > to do a full port scan of your server. They just try the standard ports: > 21, 22, 23, 25, etc. > > ALSO, you should disable password auth for ssh and use only public/private > key. > > Then you know the attackers are REALLY wasting their time. > > Bill Dudley > > > This email is free of malware because I run Linux. > > On Wed, Mar 7, 2018 at 4:31 AM, Ole wrote: > > > Wed, 7 Mar 2018 08:19:44 +0100 - User Hasse : > > > > > Anybody else noticed ? > > > > Welcome to the internet :-) > > > > If you have strong passwords or better only public key authentication > > allowed, just don't care. If you want to increase security you could > > use a VPN + Firewall to only allow connections from your VPN. If you > > just don't want them to spam your logs you could just move sshd from > > port 22 to port 24. > > > > regards Ole > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org" > From owner-freebsd-questions@freebsd.org Wed Mar 7 15:38:50 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8200DF38088 for ; Wed, 7 Mar 2018 15:38:50 +0000 (UTC) (envelope-from donald@dibyahost.com) Received: from mail-vk0-x244.google.com (mail-vk0-x244.google.com [IPv6:2607:f8b0:400c:c05::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 256F57B857 for ; Wed, 7 Mar 2018 15:38:50 +0000 (UTC) (envelope-from donald@dibyahost.com) Received: by mail-vk0-x244.google.com with SMTP id k187so1541963vke.12 for ; Wed, 07 Mar 2018 07:38:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dibyahost-com.20150623.gappssmtp.com; s=20150623; h=mime-version:sender:from:date:message-id:subject:to; bh=DNHverRVLEb5XpgD8kZ2uuurXjkYxWanrKfnmPLu7xU=; b=X1OC7EyB1K+gfglXEgg8Rtp16mlwjo2kFdorzEgiCGG3q411iWA0OKUZCH+bkUQGaQ HwF0G522U3yJ9bM2oKf4UXR0H4+aBFLw2mDbmWamN3J58YKLe55OHcoM0aCklDoiwefK YGLcHclPXwXx9F0yDdTbt+Kxgq2ZH29+0PDH8qW9Z3oigDBxk3A6LqMebrKt17rAniU6 9LmXAGS7UfMHDt/XTTc7ZbVCPNjuPlMt2HZUGZRSmfRMPPIWIsxMYOw81cTJsZCON1gA HQvWOGWYk4R7yLIm0be91M95BT6/nGSo46WYUXmJgd19nR+szrFMOD6bIS7L020w9lPk j/og== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to; bh=DNHverRVLEb5XpgD8kZ2uuurXjkYxWanrKfnmPLu7xU=; b=orYSlaGzUXovWJzj2/Q6+QUDBzR1eJcNtTpceyzQfMeWEFrCQGqzj4Me3LhToIciSX ebPbqchKS966ueQtnF685rjv/2e3J3TaYtc6vmbqNr4BndJCToIlqpQ0ik8CX8B3KHS0 ygaOqOJEWnocbmYbkgONDzMxnnTeA42Tnt5F8xN4bVh1fOsl76VLU7mMN2H1rvOXz0/h w6hWMU08i5zz28nBl4QCHxUPTioSh68N8tEvqrJCPJKh/APUFjbP7+wO6PkORtZCOS7E 9jaTibc6ikb00nXYElcWqKHWu5WjvWeCaX9hYtfL3K06yMzveuCHTuyXLG8MOzzQhn3x BSzg== X-Gm-Message-State: AElRT7HONYNxZqHqlq49auJ7jfNy2odPERQLlIHDfAW5QsVXUT5R3Rvf hLu6jzIDHNLcv0RRMseZs1pjrvitVEMwr923q3b4SNLv X-Google-Smtp-Source: AG47ELvAsV+ckk39zlY1/RsahcyJxUCEGU0x0SJBSW1rAHwKiTacrYBcuDfmzpiI0REabUunIE2DJfyQnC9ez5LolCc= X-Received: by 10.31.60.73 with SMTP id j70mr15809133vka.178.1520437128879; Wed, 07 Mar 2018 07:38:48 -0800 (PST) Received: from 52669349336 named unknown by gmailapi.google.com with HTTPREST; Wed, 7 Mar 2018 07:38:47 -0800 MIME-Version: 1.0 Sender: Donald Jackson From: Donald Jackson Date: Wed, 7 Mar 2018 07:38:47 -0800 X-Google-Sender-Auth: lXQAevcENYtztRnqsAwrEtCejj0 Message-ID: Subject: Re: Issues found while visiting your website : lemis.com To: Freebsd-Questions Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2018 15:38:50 -0000 =E2=80=8BHello lemis.com Team, Hope you are doing great. This is a follow-up to my previous email. I am wondering if you feel that, more Online Promotion could be implemented to maximize your website's exposure and create huge traffic. Last time I found some technical factors present in the website which needs to be improved and for that reason your website is lagging behind the competitors. =E2=80=A2 The organic keyword rank of your website is low. =E2=80=A2 The visitor level is also not so high. =E2=80=A2 Some errors present like =E2=80=93 HTML error, Meta elements erro= r etc. =E2=80=A2 Your website has limited number of quality back links. =E2=80=A2 Lack of quality and user readable page contents. If you want to know more about what your website needs and what works we do, then our Sale Manager can provide the details. Kind Regards, Donald Jackson | Business Analyst ------------------------------------------------------------ -------------------------------------------------------------------- *Note:- **If you are interested then my Sales Manager will come back to you with an affordable SEO & Digital Marketing plan which contains our services, client reference, price list etc.* [image: beacon] From owner-freebsd-questions@freebsd.org Wed Mar 7 16:17:49 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A0883F3BC00 for ; Wed, 7 Mar 2018 16:17:49 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from kicp.uchicago.edu (kicp.uchicago.edu [128.135.20.70]) by mx1.freebsd.org (Postfix) with ESMTP id 54A507D6D1 for ; Wed, 7 Mar 2018 16:17:49 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from point.uchicago.edu (point.uchicago.edu [128.135.52.6]) by kicp.uchicago.edu (Postfix) with ESMTP id D7DDD718063; Wed, 7 Mar 2018 10:17:42 -0600 (CST) Subject: Re: Increased abuse activity on my server To: William Dudley Cc: freebsd-questions References: <20180307071944.GA30971@ymer.bara1.se> <20180307103136.25881537.ole@free.de> From: Valeri Galtsev Message-ID: Date: Wed, 7 Mar 2018 10:17:42 -0600 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2018 16:17:49 -0000 On 03/07/18 08:20, William Dudley wrote: > This may sound stupid and obvious, but I moved my ssh port to a high > "random" port > number, and that completely stopped the random attempts to ssh in. I know > that > "security by obscurity" "doesn't work", but it did! No it doesn't. One mostly fools oneself by seeing less symptoms, whereas illness is still as bad as it was (if it was there that is). Sorry, it looks like I'm in contradictive mood, still bear with me. > > I picked a port like 5792 -- not related to anything else. (i.e. don't > pick 2222 or 2022 etc.) Do you know why ports for central standard services are chosen in a range from 1 to 1023? Just for those who forgot: because on UNIX and Linux these ports can be opened by root only. Higher ports do not require root privileges to open. Therefore, connecting to higher port that asks for your username/password is the same as giving some regular user on that machine your credentials. I will stop here, because if someone does not realize how bad it is, I hardly can help by continuing. > > I've had this in place for months and months (perhaps a year) and the > attackers > haven't found the port yet. > > I think this works because unless you, specifically, are at *target* of > somebody *serious*, > (think "kbg"), most of these attackers are opportunists who won't spend the > time > to do a full port scan of your server. They just try the standard ports: > 21, 22, 23, 25, etc. If someone as after you, moving port to "non-standard", or hiding machine behind some sort of perimeter firewall and using VPN will not save you, it will just slow down penetration a bit. Attacker can scan ports of your box, and will know on which ports your box is listening. VPN usually is used to get on the network where multiple machines are, and some of them may be vulnerable to something, which may get one bypass step for penetration. > > ALSO, you should disable password auth for ssh and use only public/private > key. This is another common misconception, that public key authentication is more secure than password based. It is not. Misconception is due to disregarding some of the ways of of bad guys getting regular user account on the machine. Weak passwords are bad (that is why I usually user term "passphrase" when talk to my users). Of course, you can be owned from the network on root level if you set root password to something which on the very top of the list of crackers dictionary attack. One of other ways bad guys get some account is if they compromise some machine. Then there are two things they can do: they can set up keystroke logger, and get username/password pairs to machines people connect to from compromised machine. This takes some time to collect. The other thing doesn't take any time: they can just collect all ssh key pairs (private/public), and history where each person connected. There is protection against this: using secret key protected with password (which in my observation people rarely use), then it just will take some time to collect these similarly to passwords (keystroke logger). One more thing: steal password hashes, and crack them to get all accounts on this machine, which is much faster that network based brute force attack. This all is if bad guys have root [on compromised machine]. What one can conclude from the above? Zero: ssh key pair based authentication is not a panacea, and can be as vulnerable as password based one First: always judge when connecting between two machines which machine is more trustworthy than the other, and connect from it to the other (not other way around) Second: never use the same password (or key pair) on different machines. (keeypassx is one of the ways to keep many different ones handy and secure) Third: (this one is for sysadmins, I guess) Run multi user machines in an assumption that password of some regular user is stolen and bad guys are already inside. Which is: update, update, update... and have one or another system integrity watch system so you will know when ultimate bad happened (but if you came to this level, after you have done simpler things, ultimate bad probably will not happen). > > Then you know the attackers are REALLY wasting their time. They will, if you just protect from them, not hide symptoms. You can user ssghuard of fail2ban. And as you sound like Linux person (judging from "hack" way of solution you use - sorry if I am wrong here), you can use on Linux in iptables firewall block with --hitcount rule, thus dropping connections from those persistent brute force attackers (this thing just hangs their script, so you do some bad to them too ;-). Anyway, I was kind of surprised to read this on FreeBSD mail list, will be much less surprised if it were on Linux. I mean here "hack" way of solving things which often quite comon for Linux. On the other hand, this probably is great news and FreeBSD gets much wider userbase ;-) I must mention here, I am myself Linux refugee (not quite recent, and not full refugee, as I support big bunch of Linux machines as well). Valeri > > Bill Dudley > > > This email is free of malware because I run Linux. > > On Wed, Mar 7, 2018 at 4:31 AM, Ole wrote: > >> Wed, 7 Mar 2018 08:19:44 +0100 - User Hasse : >> >>> Anybody else noticed ? >> >> Welcome to the internet :-) >> >> If you have strong passwords or better only public key authentication >> allowed, just don't care. If you want to increase security you could >> use a VPN + Firewall to only allow connections from your VPN. If you >> just don't want them to spam your logs you could just move sshd from >> port 22 to port 24. >> >> regards Ole >> > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > -- ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++ From owner-freebsd-questions@freebsd.org Wed Mar 7 16:25:18 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 27CD5F3C780 for ; Wed, 7 Mar 2018 16:25:18 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: from mail-qk0-x22d.google.com (mail-qk0-x22d.google.com [IPv6:2607:f8b0:400d:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C266A7DC82 for ; Wed, 7 Mar 2018 16:25:17 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: by mail-qk0-x22d.google.com with SMTP id f25so3337690qkm.0 for ; Wed, 07 Mar 2018 08:25:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tenebras-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=JomQK/i5FBkIVvUYATMCLZC3JVfk8tkAPJ7U8dT60BM=; b=iBPeZXiuNWow4zRZlTCRHY1Qd+IwmU8vqywmk7hhkil4/xBLl2esITmt3GtbMpW4ry goInYnnghTYsDr+wRlo/fM4dV1MrzXRy4RZKryraslRceVzhbRdp2fTbkH8g+y6Ql0sH 0nDMCfo/xEN9Zx2XVp3iBS9nMordM5OYhQtZ9aSR6WpyXlVa3QlnI5+n2jFR1nMSchN3 raY9JxFBpnxz7N+2LFOPSwMzZFY6mYXNvmif/OwGeZ2ED/CXdRgeOcxqhc92ozDdeJb5 G2AKlBFwOOkp9qGV+VS38s6xtno20Xp16D1Vjwj+ZarbaYgt0zZ3b3U+Ecojo54VUu3m IjSA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=JomQK/i5FBkIVvUYATMCLZC3JVfk8tkAPJ7U8dT60BM=; b=hKvUtOhfu/puDFIyHF3lz5U60imP9tvqproXIKlZnl0SA1ZN1Qb3ZBglJ4ouNgMaNR q+sPJlsFe6XEIBbRrEGVhpoHqrQnqbE4dgWoLFz0cMrCHxSibE4Jx3JaOxfEp93KD9Nw FBui70VPp5Ad0jAuSeBPfQL7FMmS9zL7Uv/QVHg9i7pu6sAO6DiwRDlDZbqxVLBICgl9 V2U6E+SOczpW57OOctVkg7ylumCbQrabpXQfBg+u0tzZt6EJ04tGTZXJNaKAKv45/71r SvT4v7O6+kSBUjGXpaovb8aleGk/DE0gFh7F5/NL1CiW08JrZAwReF9MRvcZ9+7FDYEN 26Ng== X-Gm-Message-State: AElRT7E9RUvdTnWu2ng2MGXpSTTWrBGOCP/U4HoyhYy/+fLT7AJX/bo0 ztBmZvkbJTpkDpPEVF5QwuF0xBQa2LFOfwOvh4dBdxmXB/M= X-Google-Smtp-Source: AG47ELt3MKojBp0US2ER+Q536+Vifu/tka4XphRqBSUrvq04eJyt+Tz6veAhbQPXAmTNL92ucCd2tGZlMcfTgfR2QRM= X-Received: by 10.55.115.1 with SMTP id o1mr35241585qkc.50.1520439916816; Wed, 07 Mar 2018 08:25:16 -0800 (PST) MIME-Version: 1.0 Received: by 10.200.64.194 with HTTP; Wed, 7 Mar 2018 08:25:16 -0800 (PST) From: Michael Sierchio Date: Wed, 7 Mar 2018 08:25:16 -0800 Message-ID: Subject: amd64 source update via freebsd-update breaks kernel build To: FreeBSD Questions Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2018 16:25:18 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D226423 Updated sources via freebsd-update subsequent to FreeBSD-SA-18:01.ipsec Cause kernel compile to fail. /usr/src/sys/netipsec/xform_ah.c:622:43: error: use of undeclared identifier 'buf' ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)), ^ /usr/src/sys/netipsec/ipsec.h:323:51: note: expanded from macro 'DPRINTF' #define DPRINTF(x) do { if (V_ipsec_debug) printf x; } while (0) ^ /usr/src/sys/netipsec/xform_ah.c:625:3: error: use of undeclared identifier 'error' error =3D EACCES; ^ /usr/src/sys/netipsec/xform_ah.c:626:8: error: use of undeclared label 'bad= ' goto bad; ^ --=20 "Well," Brahma said, "even after ten thousand explanations, a fool is no wiser, but an intelligent person requires only two thousand five hundred." - The Mah=C4=81bh=C4=81rata From owner-freebsd-questions@freebsd.org Wed Mar 7 16:43:53 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C3AD2F3DECC for ; Wed, 7 Mar 2018 16:43:52 +0000 (UTC) (envelope-from duane@nofroth.com) Received: from mail-qt0-x230.google.com (mail-qt0-x230.google.com [IPv6:2607:f8b0:400d:c0d::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 671617F287 for ; Wed, 7 Mar 2018 16:43:52 +0000 (UTC) (envelope-from duane@nofroth.com) Received: by mail-qt0-x230.google.com with SMTP id z14so3390684qti.2 for ; Wed, 07 Mar 2018 08:43:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nofroth.com; s=google; h=cc:subject:to:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=WCl54Z6cJxwW+bxoHnLfcQMRamh8AnLW3XMKb6Zvifw=; b=JjSt1VT0DRapppC6EngrNEAHSFPhLc7SY5+FtDH3SRkxob/qNfPH2eY2iGfdqme6yX fxY5EzSKAVOYNxiopwsbasUcyM/jkOG7oomQae+ppDLAXKViROQFdcChEWDHwGqJriAu ZiOYMTKtIwd1IKvH9qtR8lNfQwI794tY4gs2Sjc7uJPlFOSdQWLJE96XTjwlIADnCr6M xHPdOs8xzaMhU5A7tboPKvxoq9GTkYtAzekWsvc6NBM7S2FC22XxUKr7BtBsf9F8OIWk 7S1CVieoJpVDNg2X+Bqdv7ATJHf6Y1THwSRLj36n72jZ/lAeRtDxvalugjKDdYl1ghxY 22VQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:cc:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=WCl54Z6cJxwW+bxoHnLfcQMRamh8AnLW3XMKb6Zvifw=; b=uhGFyto30pYIR1anViXL3w/2OI5+OlW3R690t4Zo4fdYakQCoyByyOBTb9Wc0aHajm pNsPsKjpSCRIkbhg/K8RpKFgS1dTUTDHg2feci+1FLuIzKMzFsU8pV5ZE0k3p/Q65zqW D3jhC2kXbCIzdhMquT2jsjh4OHyDdD9cwLGDuqaGN4XTihMt97bUoeQjviPyNF3WToXL Bwqirauvr/yYPsiTmZOwJ5Bpx/LOwbfBVgUn29AcTtUg155ftVc9vsS9WniQMCSgbOPe F/TcS+r88TGlhjEdTguqkMCgEpQor5plOETpT4Mx40A/UiYi6vZK8vgONL6InYhzsDEh 289Q== X-Gm-Message-State: AElRT7H6cRwcuzN7crwbFuibbwbe6yWwWhuOyhIdfc8dmpjYjc3NdQpn VPW8Z22jJkuYcVUQwoEUdJqFjyjs3Ew= X-Google-Smtp-Source: AG47ELuYwxic8+xHl4sg9ykHtUpbNnnBUOqM1ODJnmTtLIBBqxfRRWNNG2pqfnIMK+8aumhIUlRYFw== X-Received: by 10.237.33.170 with SMTP id l39mr36520153qtc.100.1520441031869; Wed, 07 Mar 2018 08:43:51 -0800 (PST) Received: from [10.8.8.30] ([162.253.131.178]) by smtp.gmail.com with ESMTPSA id j7sm11342217qtn.58.2018.03.07.08.43.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Mar 2018 08:43:51 -0800 (PST) Cc: duane@nofroth.com Subject: Re: Increased abuse activity on my server To: freebsd-questions@freebsd.org References: <20180307071944.GA30971@ymer.bara1.se> <20180307103136.25881537.ole@free.de> From: Duane Whitty Message-ID: Date: Wed, 7 Mar 2018 12:43:49 -0400 User-Agent: Mozilla/5.0 (X11; Linux i686; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2018 16:43:53 -0000 On 18-03-07 12:17 PM, Valeri Galtsev wrote: > > > On 03/07/18 08:20, William Dudley wrote: >> This may sound stupid and obvious, but I moved my ssh port to a high >> "random" port >> number, and that completely stopped the random attempts to ssh in. I know >> that >> "security by obscurity" "doesn't work", but it did! > > No it doesn't. One mostly fools oneself by seeing less symptoms, whereas > illness is still as bad as it was (if it was there that is). Sorry, it > looks like I'm in contradictive mood, still bear with me. > Are the symptoms not diagnostic of the illness in this case or are you saying that there may be ssh login attempts that aren't being logged after being moved to a randomly selected port over 1024? That would seem unusual. Regarding ports over 1024 I agree it's true non-root users can open them but not sure what that is going to get an attacker. How does sshd listening on port 15391 etc make it more vulnerable than listening on port 22? Can you provide an example of an exploit? Also, I don't recall the OP mentioning anything about having many users ssh'ing in. Perhaps the OP is the only user that logs in for administrative purposes. Also, perhaps he already doesn't allow root logins from the Internet, he hasn't said and we haven't asked. Does moving sshd to a high port number make you all that more secure? No not really but it does avoid a lot of log activity and makes seeing real attacks easier. Combine that with sensible host and firewall policies and a large majority of attackers just aren't going to bother because it will be so much easier for them to attack someone else and have a higher probability of attack. You do make some good points though that administrators should consider when implementing systems security. Best Regards, Duane -- Duane Whitty duane@nofroth.com From owner-freebsd-questions@freebsd.org Wed Mar 7 16:56:21 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A9209F3F2F8 for ; Wed, 7 Mar 2018 16:56:21 +0000 (UTC) (envelope-from tech-lists@zyxst.net) Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5767B808B4 for ; Wed, 7 Mar 2018 16:56:20 +0000 (UTC) (envelope-from tech-lists@zyxst.net) Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 6458720FAC for ; Wed, 7 Mar 2018 11:56:20 -0500 (EST) Received: from frontend2 ([10.202.2.161]) by compute4.internal (MEProxy); Wed, 07 Mar 2018 11:56:20 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zyxst.net; h= content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=+yOeeK9jGx3nNZYoOtqO2VLDYPZRx DDri8xS2rC0RIk=; b=WZ1T/c+ew9DzrMat9XOlG3tHASCg7mwFNB5FtmmkHkiCd w1l0R2+bWHphImYLVvqkPSR2TZfPXsIIk765vadK4yQOFmdlcA9gJWcSJJ4GC+ym yvNgXe0bTtweKYYYFymhvi8bCi7Of3277KKrHrE3W1IYIEwVt8KQTLeZNQxKDYvr 6KV7831eCpJK7XBgiuIBi4bykdefqBIe11BN2igP39tw1MFlFRYYQ6Cz74rNhKEw QTtOLPUDs9nLLTiE9otE2DMUnsFwzZd4EEgzfREZ0hgMRmDe2FjvtZvPbp/4R9bN Ljob9A6gMr8ad8lgDDmpIFjxT8dOfOTfMw/MsqDUg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=+yOeeK 9jGx3nNZYoOtqO2VLDYPZRxDDri8xS2rC0RIk=; b=kBA1CzNkdoTcA6cP6+ufGf 94fWuy3kkyDF7tDtl6UWteQRy+yZkaj+b4nHWmz6rWAbndwukv7j2uqYLkMGLx8r hf2jlqhSQnest2Gzp0dGjrWexU9FWe3dtEvCgNTr7c/0hQb8zz3gdTrX9LML2i+7 xKsN1AZFZ4FtycsHntC27RP77OQkS8V2u1Qa7jxdYUZrf5aY93ziuA9yKzW13lvo XSF/Bae3PyYLVGj91DgX/B9p5fHhoc3yFfZIUCpdL5CpZti6yWoYpqbRqX7kVNN2 Pv9cLbO0V1vfMA+fuakmwcWHuyI+HedYSGrmdxVVmWznQXKWBUbuYikQgk4zkExw == X-ME-Sender: Received: from desktop.local (parsley.growveg.org [82.70.91.97]) by mail.messagingengine.com (Postfix) with ESMTPA id 0262E247A1 for ; Wed, 7 Mar 2018 11:56:19 -0500 (EST) Subject: Re: Increased abuse activity on my server To: freebsd-questions@freebsd.org References: <20180307071944.GA30971@ymer.bara1.se> From: tech-lists Message-ID: <45bb7ffb-c11e-6664-827e-7e2e6a31ad93@zyxst.net> Date: Wed, 7 Mar 2018 16:56:19 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <20180307071944.GA30971@ymer.bara1.se> Content-Type: text/plain; charset=windows-1252 Content-Language: en-GB Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2018 16:56:21 -0000 On 07/03/2018 07:19, User Hasse wrote: > Hello All > I belive I see an increased amount of abuse attempt on my server by several 100% > in the last couple of months. Anybody else noticed ? You'll get that especially if you run on the standard port. You need a layered approach. man 5 sshd_config. 1. put ssh on a non-standard port [but this won't stop some scanners scanning all ports until they get a ssh response] Make sshd log auth attempts to a file that gets cleared every week because you don't want to be DOSed by your log files filling up. Compress your logs daily. 2. if you can, allow only certain users in /etc/ssh/sshd_config via the AllowUsers statement. 3. if you can, wrap those sshd users to known ips using the same AllowUsers statement. Syntax is user@192.168.1.0/24 for example. I think, but am not sure, that you can have multiple statements for the same (and other) users. There's also AllowGroups if you want to group your ssh users. There's DenyUsers for logins like root you want to specifically protect. 4. make sshd listen on only one interface [because sshd by default listens to them all] 5. if you're dual-stack, make sshd either inet or inet6 [by default it'll listen on both] 6. make ssh access via public key only. I think (though I haven't tried) to make only certain logins able to log in with a (tunneled) password, and all others public key only. 7. RSA keys are becoming depreciated. I think ed25519 is the most modern. This is what I do, anyways. I'm sure you can fine tune this more. -- J. From owner-freebsd-questions@freebsd.org Wed Mar 7 17:12:36 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3357BF412A2 for ; Wed, 7 Mar 2018 17:12:36 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from kicp.uchicago.edu (kicp.uchicago.edu [128.135.20.70]) by mx1.freebsd.org (Postfix) with ESMTP id D6ACB81B1C for ; Wed, 7 Mar 2018 17:12:35 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from point.uchicago.edu (point.uchicago.edu [128.135.52.6]) by kicp.uchicago.edu (Postfix) with ESMTP id 5DDAA71805E; Wed, 7 Mar 2018 11:12:35 -0600 (CST) Subject: Re: Increased abuse activity on my server To: Duane Whitty , freebsd-questions@freebsd.org References: <20180307071944.GA30971@ymer.bara1.se> <20180307103136.25881537.ole@free.de> From: Valeri Galtsev Message-ID: <2a1e844e-e2ba-5b43-9dd7-cd69915e12b4@kicp.uchicago.edu> Date: Wed, 7 Mar 2018 11:12:34 -0600 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2018 17:12:36 -0000 On 03/07/18 10:43, Duane Whitty wrote: > On 18-03-07 12:17 PM, Valeri Galtsev wrote: >> >> >> On 03/07/18 08:20, William Dudley wrote: >>> This may sound stupid and obvious, but I moved my ssh port to a high >>> "random" port >>> number, and that completely stopped the random attempts to ssh in. I know >>> that >>> "security by obscurity" "doesn't work", but it did! >> >> No it doesn't. One mostly fools oneself by seeing less symptoms, whereas >> illness is still as bad as it was (if it was there that is). Sorry, it >> looks like I'm in contradictive mood, still bear with me. >> > > Are the symptoms not diagnostic of the illness in this case or are you > saying that there may be ssh login attempts that aren't being logged > after being moved to a randomly selected port over 1024? That would > seem unusual. > > Regarding ports over 1024 I agree it's true non-root users can open them > but not sure what that is going to get an attacker. How does sshd > listening on port 15391 etc make it more vulnerable than listening on > port 22? Can you provide an example of an exploit? I normally don't like to answer things when my original point that is being discussed is edited away. I still will just reiterate here that if you don't see any bad in using port above 1024, then it will take me writing a book and having you read that which is impractical. We'll see if someone chimes in. And by no means I intended to state some bad practice on its own creates "and exploit". Still sysadmins stick to good practices, you should be able to tell yourself why. > > Also, I don't recall the OP mentioning anything about having many users > ssh'ing in. Perhaps the OP is the only user that logs in for > administrative purposes. > > Also, perhaps he already doesn't allow root logins from the Internet, he > hasn't said and we haven't asked. > > Does moving sshd to a high port number make you all that more secure? > No not really but it does avoid a lot of log activity and makes seeing > real attacks easier. Combine that with sensible host and firewall > policies and a large majority of attackers just aren't going to bother > because it will be so much easier for them to attack someone else and > have a higher probability of attack. > > You do make some good points though that administrators should consider > when implementing systems security. > Thank you. I am just repeating what I learned, and a lot of it comes from clever people one lists like this one. They are to be credited, not I ;-) Valeri > > Best Regards, > Duane > -- ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++ From owner-freebsd-questions@freebsd.org Wed Mar 7 17:17:30 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 449CAF41D22 for ; Wed, 7 Mar 2018 17:17:30 +0000 (UTC) (envelope-from 4250.10.freebsd-questions=freebsd.org@email-od.com) Received: from bca5.email-od.com (bca5.email-od.com [207.246.239.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 032DB821DA for ; Wed, 7 Mar 2018 17:17:28 +0000 (UTC) (envelope-from 4250.10.freebsd-questions=freebsd.org@email-od.com) DKIM-Signature: v=1; a=rsa-sha256; d=email-od.com;i=@email-od.com;s=dkim; c=relaxed/relaxed; q=dns/txt; t=1520443050; x=1523035050; h=content-transfer-encoding:content-type:mime-version:references:in-reply-to:message-id:subject:cc:to:from:date:x-thread-info; bh=9spS03MqLYhCeJp12GLGoLoVKdr3B89ipn4LD1nQFOY=; b=j4kDOg2A+r4ETBnUWrdHCgT6H91yG6TuKSCYrcH1rS1OztFotVVq8jbL0z6lbrRhIisVE1+jIRebuiBvta1l0fbjmDlgs2ZsaqdCV+OQruIYYUKg4aGpOzQuqXlnPVLrd9OmwV8aVToxFZW4aOmySVOyjv6Iq72ObBakPDwcVdw= X-Thread-Info: NDI1MC4xMi45MjAwMDAwMDg4ZGJhNC5mcmVlYnNkLXF1ZXN0aW9ucz1mcmVlYnNkLm9yZw== Received: from r2.us-west-2a.aws.in.socketlabs.com (r2.us-west-2a.aws.in.socketlabs.com [54.186.58.227]) by bca2.email-od.com with ESMTP(version=Tls12 cipher=Aes256 bits=256); Wed, 7 Mar 2018 11:17:14 -0500 Received: from smtp.lan.sohara.org (EMTPY [89.127.62.20]) by r2.us-west-2a.aws.in.socketlabs.com with ESMTP(version=Tls12 cipher=Aes256 bits=256); Wed, 7 Mar 2018 11:17:11 -0500 Received: from [192.168.63.1] (helo=steve.lan.sohara.org) by smtp.lan.sohara.org with smtp (Exim 4.90 (FreeBSD)) (envelope-from ) id 1etbka-000Ltp-AW; Wed, 07 Mar 2018 16:17:08 +0000 Date: Wed, 7 Mar 2018 16:17:08 +0000 From: Steve O'Hara-Smith To: David Mehler Cc: freebsd-questions Subject: Re: radicale or davical on FreeBSD? Message-Id: <20180307161708.ff94e3073b86b9ab0eb718ef@sohara.org> In-Reply-To: References: X-Mailer: Sylpheed 3.6.0 (GTK+ 2.24.31; amd64-portbld-freebsd11.0) X-Clacks-Overhead: "GNU Terry Pratchett" Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2018 17:17:30 -0000 On Mon, 5 Mar 2018 18:54:43 -0500 David Mehler wrote: > Hello, > > Does anyone have either radicale or davical going on FreeBSD? If so, > how did you add users and configure calendars? I have radicale up and running here, it's been a while since I set it up for the family. I used htpasswd authentication with crypt and built the password file with the python crypt package. I only use it for address books so I can't talk about calendars. -- Steve O'Hara-Smith From owner-freebsd-questions@freebsd.org Wed Mar 7 18:33:22 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BE252F481FE for ; Wed, 7 Mar 2018 18:33:22 +0000 (UTC) (envelope-from non.euc.geo.1854@gmail.com) Received: from mail-pf0-x234.google.com (mail-pf0-x234.google.com [IPv6:2607:f8b0:400e:c00::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 44EED86A3F for ; Wed, 7 Mar 2018 18:33:22 +0000 (UTC) (envelope-from non.euc.geo.1854@gmail.com) Received: by mail-pf0-x234.google.com with SMTP id z10so1270612pfh.13 for ; Wed, 07 Mar 2018 10:33:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:disposition-notification-to :date:user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=WCEQYYp9EIcwQfk9Cy4x/DydHvbFpye5ndDqLZwcKgI=; b=n0m7Ca8KRHOqkHWCvJjk1hcLH1Ci6Y5Y2QXdw7MLTNLHAZDVxDgvPQdT+Vu2Ek4uD3 txzuSnlp3qty1sWCT1a5Na62Twnrv60Qo+2n71ap0Mb0FPhv/CFnDusIqmKjuk79EFVs UgE2cvIB3u30ZQ4xicT0X+1G/vO49q71nO5N/1vwQg1Es1gL9HRYVBWM5hGRs3QH4eXB Bu3RdhjYX/t6cYiE/nO/8AwaiuGjdnI3+kA9QMdH+qjcJbxd7YBihKIE0HbxjI3sIh7E ergtq+FXEcuqeFp5+3OJScw4QOeDeaThtnRzYXRdlq+GaNuUcmTh+ZP5nA/pE8ccy+5L 0jwQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id :disposition-notification-to:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=WCEQYYp9EIcwQfk9Cy4x/DydHvbFpye5ndDqLZwcKgI=; b=lpofznL1vGODQFop0pvnmTZwfNKQN7QcpdPB+sfzA2q929TzPNS5yoBnCACVcy9rst YXeDcmzaSUS/A18TdiHv1JKIiFHLV5BgkVMp5KrjlapU6HghwT8OKL+acDmwHnBbpUNi ZVNUN8/aX/p/FJwylagD1xk8bzio15jmYYboOjx+lqzyZeVJHPV/ozBisOnOsyxTKOLM sY6e3O7jzU90Ihfx6y7Hq8EOXOuOMmu0P4aL5uBa+O1jRqpM7hVz6AbCF/1tEGkUcgGt qtAw14yxb42pDk4D/FVNlPWWWxVdAUsEesnPzAXkl3ZwLJBEsXzfTTTo0gTc3q/gQnKH Uw5A== X-Gm-Message-State: APf1xPDH//yMEHDUqHyH3WOx3fIp/e28HezD5YduFP2qB7RekG7a7Eva pFHhbrosM0NtWu6UVISjNVVPJw== X-Google-Smtp-Source: AG47ELssqYgf00rgOOIvft7m2D1QEHTxsIfVP7ucDtgYvqwKSOeUFRn76cb9etzGb88+heUJHvbOxQ== X-Received: by 10.98.206.1 with SMTP id y1mr23552251pfg.196.1520447601043; Wed, 07 Mar 2018 10:33:21 -0800 (PST) Received: from [192.168.1.7] ([35.129.64.201]) by smtp.googlemail.com with ESMTPSA id 9sm38514340pfq.63.2018.03.07.10.33.19 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Mar 2018 10:33:20 -0800 (PST) Subject: Re: How to prevent HDD spin-down. To: freebsd-questions@freebsd.org References: <045b9b33-5982-c19c-d009-31bfd2c8fd7d@gmail.com> From: "J.B." Message-ID: Date: Wed, 7 Mar 2018 10:33:18 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2018 18:33:23 -0000 On 03/06/2018 01:31 PM, freebsd@fongaboo.com wrote: > > You didn't mention the line of WD drive, but I was offered this > solution when trying to use a Caviar Green in my FreeNAS: > > https://forums.freenas.org/index.php?threads/hacking-wd-greens-and-reds-with-wdidle3-exe.18171/ > > > https://youtu.be/J2eYyRI_F98 > > > I haven't tried it myself yet but I wonder if it would apply to your > situation. Unfortunately it's not a BSD-based solution and would > require you to remove the drive and connect it directly to a > DOS/Windows machine. > > I've also told that it needs to be a direct bus connection, and using > things like a USB-to-ATA adapter would prevent the S.M.A.R.T. commands > from being sent to the firmware of the drive. > > Thanks for the suggestion. My new HDD is a WD Black, so I was surprised to see it spinning down down frequently. I'd heard about the Caviar Green drive issues before, so avoided purchasing one. Good to know there are so many potential work-arounds for their issues, though. From owner-freebsd-questions@freebsd.org Wed Mar 7 18:35:23 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9D438F483E5 for ; Wed, 7 Mar 2018 18:35:23 +0000 (UTC) (envelope-from peter@boosten.org) Received: from smtpq1.tb.mail.iss.as9143.net (smtpq1.tb.mail.iss.as9143.net [212.54.42.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3415486B40 for ; Wed, 7 Mar 2018 18:35:23 +0000 (UTC) (envelope-from peter@boosten.org) Received: from [212.54.42.134] (helo=smtp10.tb.mail.iss.as9143.net) by smtpq1.tb.mail.iss.as9143.net with esmtp (Exim 4.86_2) (envelope-from ) id 1etdbE-00070q-Eg; Wed, 07 Mar 2018 19:15:36 +0100 Received: from 5419f71f.cm-5-2d.dynamic.ziggo.nl ([84.25.247.31] helo=ra.boosten.org) by smtp10.tb.mail.iss.as9143.net with esmtp (Exim 4.86_2) (envelope-from ) id 1etdbE-0000h3-D0; Wed, 07 Mar 2018 19:15:36 +0100 Received: from [192.168.13.34] (peters-iphone.egypt.nl [192.168.13.34]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ra.boosten.org (Postfix) with ESMTPSA id 07B4E3432F49; Wed, 7 Mar 2018 19:15:36 +0100 (CET) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (1.0) Subject: Re: radicale or davical on FreeBSD? From: Peter Boosten X-Mailer: iPhone Mail (15D100) In-Reply-To: <20180307161708.ff94e3073b86b9ab0eb718ef@sohara.org> Date: Wed, 7 Mar 2018 19:15:33 +0100 Cc: David Mehler , freebsd-questions Content-Transfer-Encoding: quoted-printable Message-Id: <9CFA2507-3FA8-448B-ADF9-B077CEB97993@boosten.org> References: <20180307161708.ff94e3073b86b9ab0eb718ef@sohara.org> To: Steve O'Hara-Smith X-SourceIP: 84.25.247.31 X-Ziggo-spambar: / X-Ziggo-spamscore: 0.0 X-Ziggo-spamreport: CMAE Analysis: v=2.3 cv=HM/t6Llv c=1 sm=1 tr=0 a=JWBJsaPp29SgP5DpYRBqZw==:17 a=IkcTkHD0fZMA:10 a=v2DPQv5-lfwA:10 a=n999FUABAAAA:8 a=pGLkceISAAAA:8 a=3IO3uFnrT6rzLZMnbpkA:9 a=QEXdDO2ut3YA:10 a=STucfUEt0Ir3pRv2o46G:22 none X-Ziggo-Spam-Status: No X-Spam-Status: No X-Spam-Flag: No X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2018 18:35:23 -0000 > On 7 Mar 2018, at 17:17, Steve O'Hara-Smith wrote: >=20 > On Mon, 5 Mar 2018 18:54:43 -0500 > David Mehler wrote: >=20 >> Hello, >>=20 >> Does anyone have either radicale or davical going on FreeBSD? If so, >> how did you add users and configure calendars? >=20 > =20 I missed the original post, so I=E2=80=99ll answer here.=20 I used davical for quite some time, but since my entire family has an iPhone= , I switched to iCloud-family sharing, since that fits our neefs better.=20 Users adding to davical is done through the web interface (which has to be c= onfigured in /etc/davical iirc), and any caldav-enabled calendar application= then can connect. Sharing calendars can be done through the web interface a= s well. Users can also share address books. I think there was a problem with= PHP7, but I=E2=80=99m not sure (anymore). Ran fine on 5.6 though.=20 Peter= From owner-freebsd-questions@freebsd.org Wed Mar 7 19:39:13 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4D2C5F296E8 for ; Wed, 7 Mar 2018 19:39:13 +0000 (UTC) (envelope-from dave.mehler@gmail.com) Received: from mail-wm0-x244.google.com (mail-wm0-x244.google.com [IPv6:2a00:1450:400c:c09::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C1FFB69FA6 for ; Wed, 7 Mar 2018 19:39:12 +0000 (UTC) (envelope-from dave.mehler@gmail.com) Received: by mail-wm0-x244.google.com with SMTP id i3so6846005wmi.4 for ; Wed, 07 Mar 2018 11:39:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=9aNPkjvVfowanENNQozANpajLuuk9zDsk7PGgUyeIxE=; b=a5cMXLJXDb1OatQQyvFj7Yxrk8LoXMU8+ezfEGuEpBCWesao8BAqr7EwVhntsPE3Un ZHAtoLmV/qEU6RAzSxUZHoHr+OAE20XBsozu0yK29gn/qGlZKPq+v2HjuCg9lNgR2v1s WNAJnblBF2NPLBwowqvmODKhpUolJC/fUiT4v37eZ5vLXEruMGNX5I70ujWWMfAsXWWE vYv0TS1+xROCk9XP44nMUNFMd10Y3bJZRXPDGMUZbb3+uPJjeJ8PzCD4FxbEvvxQdxIe 4d0p1C+AaxSpglloMmosP7N4zT2sTMCsgE/r86Rc6zqf240aBP9rqc/XQulbzzn5Ljh7 VScQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=9aNPkjvVfowanENNQozANpajLuuk9zDsk7PGgUyeIxE=; b=afCm/8H9OuawXad/aKhVPXitejTlRZZIIfbuEcb8tELu1tNjDjIr2TFbFG5bRz3a4D g1BxLGHdQcaJjKggBQh7sUG81dZLEhq4v+Oon82Nr0zIVWjJiEU+TxvohlyqIPwg3Dzm xxg3mfT5JHoNPKpksoEZ1jEU4KD0WPqfxf2WAwWAk9mc/Vsb62+Y2xK7CrRa9poJyzgM /5Y7tIuS/oZuXF23ik7xaru+YHDTZGDHaWHFn5Qe59n5c57yXeFokP6u8rbEfoiJFGWR cxXOUiwcjoKQtNnjNqpJv7ofssfadt43jc8kslQGfdMEntCJUy5Z9mXdsbDattwe5ANP aQnQ== X-Gm-Message-State: AElRT7Hbo23awbA56PEjL+ft70MiDMBMuOGLU3D7Gq2X41u9I2N0IzuK JV3LAFYD725QlIflAmPrLcOoLxoD8d/IpOUlpSs= X-Google-Smtp-Source: AG47ELsnptEMp3VLs64n2fDRSZxnr4s22JG13O2JG18dnVHsG/P9JzD4yL2kXiucyW7Y889c+opIu4QNArnqvX/0fkE= X-Received: by 10.28.183.9 with SMTP id h9mr13866197wmf.99.1520451551737; Wed, 07 Mar 2018 11:39:11 -0800 (PST) MIME-Version: 1.0 Received: by 10.223.167.74 with HTTP; Wed, 7 Mar 2018 11:39:11 -0800 (PST) In-Reply-To: <9CFA2507-3FA8-448B-ADF9-B077CEB97993@boosten.org> References: <20180307161708.ff94e3073b86b9ab0eb718ef@sohara.org> <9CFA2507-3FA8-448B-ADF9-B077CEB97993@boosten.org> From: David Mehler Date: Wed, 7 Mar 2018 14:39:11 -0500 Message-ID: Subject: Re: radicale or davical on FreeBSD? To: Peter Boosten Cc: "Steve O'Hara-Smith" , freebsd-questions Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2018 19:39:13 -0000 Hello Peter, Thanks for your reply. Where in the config file do you set up web users. I am wanting to set up users for myself and 3 others and then share calendars. Thanks. dAve. On 3/7/18, Peter Boosten wrote: > > >> On 7 Mar 2018, at 17:17, Steve O'Hara-Smith wrote: >> >> On Mon, 5 Mar 2018 18:54:43 -0500 >> David Mehler wrote: >> >>> Hello, >>> >>> Does anyone have either radicale or davical going on FreeBSD? If so, >>> how did you add users and configure calendars? >> >> > I missed the original post, so I=E2=80=99ll answer here. > > I used davical for quite some time, but since my entire family has an > iPhone, I switched to iCloud-family sharing, since that fits our neefs > better. > > Users adding to davical is done through the web interface (which has to b= e > configured in /etc/davical iirc), and any caldav-enabled calendar > application then can connect. Sharing calendars can be done through the w= eb > interface as well. Users can also share address books. I think there was = a > problem with PHP7, but I=E2=80=99m not sure (anymore). Ran fine on 5.6 th= ough. > > Peter > From owner-freebsd-questions@freebsd.org Wed Mar 7 19:44:52 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CECACF29FD8; Wed, 7 Mar 2018 19:44:52 +0000 (UTC) (envelope-from peter@boosten.org) Received: from smtpq1.mnd.mail.iss.as9143.net (smtpq1.mnd.mail.iss.as9143.net [212.54.34.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 505416A67D; Wed, 7 Mar 2018 19:44:51 +0000 (UTC) (envelope-from peter@boosten.org) Received: from [212.54.34.119] (helo=smtp11.mnd.mail.iss.as9143.net) by smtpq1.mnd.mail.iss.as9143.net with esmtp (Exim 4.86_2) (envelope-from ) id 1etezZ-0002Is-9V; Wed, 07 Mar 2018 20:44:49 +0100 Received: from 5419f71f.cm-5-2d.dynamic.ziggo.nl ([84.25.247.31] helo=ra.boosten.org) by smtp11.mnd.mail.iss.as9143.net with esmtp (Exim 4.86_2) (envelope-from ) id 1etezZ-0003fG-7v; Wed, 07 Mar 2018 20:44:49 +0100 Received: from ra.egypt.nl (localhost.egypt.nl [127.0.0.1]) by ra.boosten.org (Postfix) with ESMTP id 1225C3433023; Wed, 7 Mar 2018 20:44:49 +0100 (CET) X-Virus-Scanned: amavisd-new at boosten.org Received: from ra.boosten.org ([127.0.0.1]) by ra.egypt.nl (ra.egypt.nl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eQJ93K-KB87e; Wed, 7 Mar 2018 20:44:47 +0100 (CET) Received: from www.boosten.org (ra.egypt.nl [192.168.13.15]) by ra.boosten.org (Postfix) with ESMTPA id 3A4D43432FCE; Wed, 7 Mar 2018 20:44:47 +0100 (CET) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Wed, 07 Mar 2018 20:44:45 +0100 From: Peter Boosten To: David Mehler Cc: Steve O'Hara-Smith , freebsd-questions , owner-freebsd-questions@freebsd.org Subject: Re: radicale or davical on FreeBSD? Reply-To: peter@boosten.org Mail-Reply-To: peter@boosten.org In-Reply-To: References: <20180307161708.ff94e3073b86b9ab0eb718ef@sohara.org> <9CFA2507-3FA8-448B-ADF9-B077CEB97993@boosten.org> Message-ID: <17bdd8790b26fb86956323fda16724ba@boosten.org> X-Sender: peter@boosten.org User-Agent: Roundcube Webmail/1.3.4 X-SourceIP: 84.25.247.31 X-Ziggo-spambar: / X-Ziggo-spamscore: 0.0 X-Ziggo-spamreport: CMAE Analysis: v=2.3 cv=YtchubQX c=1 sm=1 tr=0 a=JWBJsaPp29SgP5DpYRBqZw==:17 a=kj9zAlcOel0A:10 a=v2DPQv5-lfwA:10 a=NkP-a4czAAAA:8 a=T_I9p0_7xxuMJwxW_6AA:9 a=CjuIK1q_8ugA:10 a=ML7hCE0zMv4A:10 a=gIl-oCMzNES9r4DxRppW:22 none X-Ziggo-Spam-Status: No X-Spam-Status: No X-Spam-Flag: No X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2018 19:44:53 -0000 David Mehler schreef op 2018-03-07 20:39: > Hello Peter, > > Thanks for your reply. Where in the config file do you set up web > users. I am wanting to set up users for myself and 3 others and then > share calendars. > You don't set up web users in the config file: the config file contains credentials for your database connection (postgresql). Users are defined in the webgui. Here's some info: https://www.davical.org/installation.php Peter From owner-freebsd-questions@freebsd.org Wed Mar 7 23:48:08 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C5CFEF3DCBA for ; Wed, 7 Mar 2018 23:48:07 +0000 (UTC) (envelope-from wfdudley@gmail.com) Received: from mail-yw0-x230.google.com (mail-yw0-x230.google.com [IPv6:2607:f8b0:4002:c05::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 568AB765B0 for ; Wed, 7 Mar 2018 23:48:07 +0000 (UTC) (envelope-from wfdudley@gmail.com) Received: by mail-yw0-x230.google.com with SMTP id b70so1383811ywh.5 for ; Wed, 07 Mar 2018 15:48:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=YQCAsC9uztMfZcPgReOzOZGfHMURUf7mnGPKgD2uyDI=; b=dJ3JHPzPGL9hlOF1n5dzd+NHVuooZW+bxpdqDMYZqEilCF0mR66o9TGj8AsBO7K5Wu MDn7xKpXStQddHCt6KrHCCaHV6xrlZo09+crZepH5GwAB+wo4APCzqtWQmOiVGtjaWKh QBlDHwWYPVGrHLrXCAOKTzLvNwswloRZ4cGguSzPVZoWoq/rrIaCJuQgcJytK9F58rzC E0LG5vlTFLjt+FDzKCgMBvSvIYN+jAtdphuuG/rjtku9s+Uszg4Uz5hdSvx176jc0lZe ilCfqq4TNuWsC+vgB6OCYNrhGlVbT13kKOYvBIavTI0F6p2D4o4poe9y/VUqQn67L4YV ZRjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=YQCAsC9uztMfZcPgReOzOZGfHMURUf7mnGPKgD2uyDI=; b=FPkvOsHgpaKyFOIruOzOuQ8HeZ7PxACqp5JEnuJod+vrgp1o3gbaSOvxXbazx/0Cik T3BGKabnKSwHhdl3q8cFLBj18c4hOIlXXdLZa3Bo3qDl0hwtKQ3WG+kZEBPUmeyAlMPf oj//Xdnyp0m/CRngSDzWfZMGnaLC8W3VGQXGiWraT1YaPuH9o68XewD0/I1d7JQqg8F0 mZbvPjcdTE4Qo3gURzUz2YBzjWkzLiT7uG6EjzwXU93PsUoAagmqMr55Z/EMyBaRzhxQ +ZKwbo4SDLDCvgh5lDWm/FB3VgTDrIZ5I4eQj9gbTCumSjbRYkrs4SiA09o7R1wnx7xE TLUg== X-Gm-Message-State: APf1xPC3HVhbwDRekDS7ekVQegAFWFGy8e9o2BMtOitVk0iI3CTQYwEt BD0Sh20pME+HQNK9LSyyeOYVFW3ZJLrXiOc9Ang= X-Google-Smtp-Source: AG47ELtmiEDvNoGOQlEXNs2Voa1ORXXmHpbrxKbwa/jbAfXrUZohaVpHq7zSLlblkl46bziFPKtnAvGb0tJwjlsXiIU= X-Received: by 10.13.225.148 with SMTP id k142mr16075756ywe.302.1520466486661; Wed, 07 Mar 2018 15:48:06 -0800 (PST) MIME-Version: 1.0 Received: by 2002:a25:324f:0:0:0:0:0 with HTTP; Wed, 7 Mar 2018 15:48:06 -0800 (PST) In-Reply-To: References: <20180307071944.GA30971@ymer.bara1.se> <20180307103136.25881537.ole@free.de> From: William Dudley Date: Wed, 7 Mar 2018 18:48:06 -0500 Message-ID: Subject: Re: Increased abuse activity on my server To: Valeri Galtsev Cc: freebsd-questions Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2018 23:48:08 -0000 Fortunately, I don't open the "funny" port on the server. I use the firewall to redirect traffic on the funny port to port 22 on the server. So it only looks funny from outside the firewall. Inside, the freebsd box is just responding to port 22 as usual. I think that sorts out the "high port is unsafe" problem. I don't allow root logins. Only a couple of users even use ssh. There are only a handful of accounts on the machine, and most aren't in "wheel"/"sudoers". Bill Dudley This email is free of malware because I run Linux. On Wed, Mar 7, 2018 at 11:17 AM, Valeri Galtsev wrote: > > > On 03/07/18 08:20, William Dudley wrote: > >> This may sound stupid and obvious, but I moved my ssh port to a high >> "random" port >> number, and that completely stopped the random attempts to ssh in. I know >> that >> "security by obscurity" "doesn't work", but it did! >> > > No it doesn't. One mostly fools oneself by seeing less symptoms, whereas > illness is still as bad as it was (if it was there that is). Sorry, it > looks like I'm in contradictive mood, still bear with me. > > >> I picked a port like 5792 -- not related to anything else. (i.e. don't >> pick 2222 or 2022 etc.) >> > > Do you know why ports for central standard services are chosen in a range > from 1 to 1023? Just for those who forgot: because on UNIX and Linux these > ports can be opened by root only. Higher ports do not require root > privileges to open. Therefore, connecting to higher port that asks for your > username/password is the same as giving some regular user on that machine > your credentials. I will stop here, because if someone does not realize how > bad it is, I hardly can help by continuing. > > >> I've had this in place for months and months (perhaps a year) and the >> attackers >> haven't found the port yet. >> >> I think this works because unless you, specifically, are at *target* of >> somebody *serious*, >> (think "kbg"), most of these attackers are opportunists who won't spend >> the >> time >> to do a full port scan of your server. They just try the standard ports: >> 21, 22, 23, 25, etc. >> > > If someone as after you, moving port to "non-standard", or hiding machine > behind some sort of perimeter firewall and using VPN will not save you, it > will just slow down penetration a bit. Attacker can scan ports of your box, > and will know on which ports your box is listening. VPN usually is used to > get on the network where multiple machines are, and some of them may be > vulnerable to something, which may get one bypass step for penetration. > > >> ALSO, you should disable password auth for ssh and use only public/private >> key. >> > > This is another common misconception, that public key authentication is > more secure than password based. It is not. Misconception is due to > disregarding some of the ways of of bad guys getting regular user account > on the machine. Weak passwords are bad (that is why I usually user term > "passphrase" when talk to my users). Of course, you can be owned from the > network on root level if you set root password to something which on the > very top of the list of crackers dictionary attack. One of other ways bad > guys get some account is if they compromise some machine. Then there are > two things they can do: they can set up keystroke logger, and get > username/password pairs to machines people connect to from compromised > machine. This takes some time to collect. The other thing doesn't take any > time: they can just collect all ssh key pairs (private/public), and history > where each person connected. There is protection against this: using secret > key protected with password (which in my observation people rarely use), > then it just will take some time to collect these similarly to passwords > (keystroke logger). One more thing: steal password hashes, and crack them > to get all accounts on this machine, which is much faster that network > based brute force attack. This all is if bad guys have root [on compromised > machine]. > > What one can conclude from the above? > > Zero: ssh key pair based authentication is not a panacea, and can be as > vulnerable as password based one > > First: always judge when connecting between two machines which machine is > more trustworthy than the other, and connect from it to the other (not > other way around) > > Second: never use the same password (or key pair) on different machines. > (keeypassx is one of the ways to keep many different ones handy and secure) > > Third: (this one is for sysadmins, I guess) Run multi user machines in an > assumption that password of some regular user is stolen and bad guys are > already inside. Which is: update, update, update... and have one or another > system integrity watch system so you will know when ultimate bad happened > (but if you came to this level, after you have done simpler things, > ultimate bad probably will not happen). > > >> Then you know the attackers are REALLY wasting their time. >> > > They will, if you just protect from them, not hide symptoms. You can user > ssghuard of fail2ban. And as you sound like Linux person (judging from > "hack" way of solution you use - sorry if I am wrong here), you can use on > Linux in iptables firewall block with --hitcount rule, thus dropping > connections from those persistent brute force attackers (this thing just > hangs their script, so you do some bad to them too ;-). > > > Anyway, I was kind of surprised to read this on FreeBSD mail list, will be > much less surprised if it were on Linux. I mean here "hack" way of solving > things which often quite comon for Linux. On the other hand, this probably > is great news and FreeBSD gets much wider userbase ;-) I must mention here, > I am myself Linux refugee (not quite recent, and not full refugee, as I > support big bunch of Linux machines as well). > > Valeri > > > >> Bill Dudley >> >> >> This email is free of malware because I run Linux. >> >> On Wed, Mar 7, 2018 at 4:31 AM, Ole wrote: >> >> Wed, 7 Mar 2018 08:19:44 +0100 - User Hasse : >>> >>> Anybody else noticed ? >>>> >>> >>> Welcome to the internet :-) >>> >>> If you have strong passwords or better only public key authentication >>> allowed, just don't care. If you want to increase security you could >>> use a VPN + Firewall to only allow connections from your VPN. If you >>> just don't want them to spam your logs you could just move sshd from >>> port 22 to port 24. >>> >>> regards Ole >>> >>> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to "freebsd-questions-unsubscribe >> @freebsd.org" >> >> > -- > ++++++++++++++++++++++++++++++++++++++++ > Valeri Galtsev > Sr System Administrator > Department of Astronomy and Astrophysics > Kavli Institute for Cosmological Physics > University of Chicago > Phone: 773-702-4247 > ++++++++++++++++++++++++++++++++++++++++ > From owner-freebsd-questions@freebsd.org Thu Mar 8 01:39:47 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8544AF470A0 for ; Thu, 8 Mar 2018 01:39:47 +0000 (UTC) (envelope-from brian@brianwhalen.net) Received: from mail-qk0-x22b.google.com (mail-qk0-x22b.google.com [IPv6:2607:f8b0:400d:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 03BD87BE4F for ; Thu, 8 Mar 2018 01:39:46 +0000 (UTC) (envelope-from brian@brianwhalen.net) Received: by mail-qk0-x22b.google.com with SMTP id b130so5054044qkg.9 for ; Wed, 07 Mar 2018 17:39:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brianwhalen-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=5KPcF3xbiaxhycEYNAEm4dv1yHVQhEBD4NGkR0gN4WU=; b=Aet97ikAUwoeFYPcblES62CVfOjqTWx3pXWGN7DR0QvvxgingI2heNaz6Kr79ErUwo OTolzTEJseJsWNMP8yAKxVAj6i5eAbXALDhkkJBMT3Yl5Yv6B209u/UT9MgMSy7MCu7+ tveXmqM9kzI0Ce1HPpcprTGdjVOCcq8RihCcIaghbWQ3q/knY/8GwcnR5X3u18ZjwALN 3uvvp7yKderQx3j66TD2KBg6qFu93vWj6ELIK5EuKzQ9dWEjgYiiqVgj1uZ6LQoPLr01 6XrWmbQl/o863mFP3bJCOYvmCoIfa/xgB5g+z6sR0hExsBKvnnqCZjGtguNZ5nyJFqN5 5/0A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=5KPcF3xbiaxhycEYNAEm4dv1yHVQhEBD4NGkR0gN4WU=; b=aesa0Fcs2L/Jb6vc3E1LuPs89i7hc2nLJMk20RP4WbI6gU7TOf5qBZJOTNwPUmNAi/ FIq/VEZ+1qhbXMr+ACyCF31PbNsY6sHBmTvaa4ZGYqPf5JaAtzVMMZf2GML/pGdJ6Mc6 gBABBRvK/C/U5vS0XBozn1n5fxH0DKwWybHsTFVTrEneI39EFuVvhthwmlFU3bIHreiS BMZE43JkOIJ2QszHXQyGDssy6Xza+8t30YSkF2WWB8ApuxTMUgSo3A36KRBeafnKdobA Fc+Fpx03tRlqsQW5WPU8kRxP+xTOKHAfJh/Wu2KmNshf7gq8PIxpx8iT5J7a8nr4Mo07 TnZA== X-Gm-Message-State: AElRT7EgHY3FO0VG3i/8i8PsYkMgMvyjTj1WmmnWA3XtcHZCbLTOru50 6dGUrXZGix38kk/dqix+B8ibosa5+tbeZ73LeYXaS0/J X-Google-Smtp-Source: AG47ELtGFVAwjc9a5EQjy35SNn+pL1OJc3bw4lFR94IKhAVbQ3+0sOXIAccNicgEy9Ti0rPJcKoR4LkV0vDHDvpl0D0= X-Received: by 10.55.239.26 with SMTP id j26mr36964279qkk.315.1520473186083; Wed, 07 Mar 2018 17:39:46 -0800 (PST) MIME-Version: 1.0 Received: by 10.140.16.198 with HTTP; Wed, 7 Mar 2018 17:39:45 -0800 (PST) X-Originating-IP: [2606:6000:cd02:9600:99d8:8942:55ec:6bbb] Received: by 10.140.16.198 with HTTP; Wed, 7 Mar 2018 17:39:45 -0800 (PST) In-Reply-To: References: From: "Brian W." Date: Wed, 7 Mar 2018 17:39:45 -0800 Message-ID: Subject: Instantiation errors with ccache and 11.1 To: FreeBSD Mailing List Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Mar 2018 01:39:47 -0000 Anyone else seeing instantiation errors while building an 11-stable kernel with ccache? I already disabled ccache and saw it work, so I know that is the cause. I installed 11.1, did freebsd-update, and then used svnlite to grab src, configured ccache per the text doc, and then tried to build, using a freebad vm on an esxi host. Brian From owner-freebsd-questions@freebsd.org Thu Mar 8 04:56:37 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 923DAF32247 for ; Thu, 8 Mar 2018 04:56:37 +0000 (UTC) (envelope-from xxjack12xx@gmail.com) Received: from mail-wm0-x234.google.com (mail-wm0-x234.google.com [IPv6:2a00:1450:400c:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E794A84C28 for ; Thu, 8 Mar 2018 04:56:36 +0000 (UTC) (envelope-from xxjack12xx@gmail.com) Received: by mail-wm0-x234.google.com with SMTP id x7so8631135wmc.0 for ; Wed, 07 Mar 2018 20:56:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=zIspLXj93wSzHkJZow0tjPKxzcsexRYUOJOztrl74W8=; b=DWFd6wSs4RNB2VpVI4c/dhyrkwPY95tmMR6WBlGBZWhceHeImdpGjRKdAY7N+14yLp cHrkW9gpBMMw57HtfrRgBAEFK561dZRmiuE+9jWimJvP42fwWR0Z1onMiWsgiVZUHMbh hj0caDFFHVkYdDG7/YwstAtZSFflwTmH7eClYgdE1mwTwTbNgoGFN/VZJ2L39+ZAeu3i ZkKQEA80xdFTWLln4jz0aV2sBXZPe2ZywVxTqa8oOIkz6NWuRVAMgKQ9F7Jof2di1p43 MCKfLt3O5oauRtPNBzhJuILDr9mIl4UBhOQSiKYjY3g/nbCJZ0lx3szsYD7y5Cp+JXeL dpjw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=zIspLXj93wSzHkJZow0tjPKxzcsexRYUOJOztrl74W8=; b=s+mL9xrGrmdbo4K9R/U8/jPuXhaNVuvMwfw1QZm5KIR8edqE6dZcvgzTAzNu8m1Fq5 G+VWv9ZaGwYPNnZoMwk17z5CntnW7uRFtDc84z6c+Dymzglq988kgzQlaDW5tjjpLOdw wFJ0bRL1F0GMEOdxz4GIoOOF/B6eTbpE/81zicWiWuTkjoPUxuG2IiYFUOEMH6lhsMQJ aiKg+PvTZlvnggOe/H8wFw6TRYHwKfmwme8DJqcElwF7neBCa9yEcpDIkfTctUv4FOvO jaHFpdr8xd4rDpwDEIrR1MDbh47oY6iBZquUtOF9UzYSuMRzFSx4/kujIesJSj8xc/yu zbHw== X-Gm-Message-State: AElRT7EL0RxVD9s2bf9X/2lsdAeL7pspQkW4qiB2RKyuRUwkzdNZXm2V qMPstr7fm9Tsdocq/I0y1zoTb4kgPMKYVpoLrMCK0A== X-Google-Smtp-Source: AG47ELt+x+HrqDSjxlY516Y99jpNIGHSVjtO1hQWQGumGvFXglDWLF9iEDti/lfT/nI7FS5MRZ3FakhDd+bcj5oMzes= X-Received: by 10.28.137.21 with SMTP id l21mr15060228wmd.31.1520484995109; Wed, 07 Mar 2018 20:56:35 -0800 (PST) MIME-Version: 1.0 Received: by 10.223.170.3 with HTTP; Wed, 7 Mar 2018 20:55:54 -0800 (PST) In-Reply-To: <045b9b33-5982-c19c-d009-31bfd2c8fd7d@gmail.com> References: <045b9b33-5982-c19c-d009-31bfd2c8fd7d@gmail.com> From: "Jack L." Date: Wed, 7 Mar 2018 20:55:54 -0800 Message-ID: Subject: Re: How to prevent HDD spin-down. To: "J.B." Cc: "freebsd-questions@freebsd.org" Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Mar 2018 04:56:37 -0000 I use this to make those seagates quit "chirping" /sbin/camcontrol cmd drive# -a "EF 85 00 00 00 00 00 00 00 00 00 00" On Tue, Mar 6, 2018 at 1:19 PM, J.B. wrote: > On 03/06/2018 04:00 AM, freebsd-questions-request@freebsd.org wrote: > >> Re: How to prevent HDD spin-down. >> > > Thank you to everyone for your helpful tips and suggestions. You make > FreeBSD great. :) > > I tried the camcontrol suggestion first since it didn't require installing > anything, but it didn't seem to work. Tried sysutils/ataidle next since it > allows keeping spindown but with a reasonable timeout, and it seems to have > worked perfectly: ataidle -P 127 /dev/ada0. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe > @freebsd.org" > From owner-freebsd-questions@freebsd.org Thu Mar 8 19:49:36 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8F3A5F2A69A for ; Thu, 8 Mar 2018 19:49:36 +0000 (UTC) (envelope-from hasse@bara1.se) Received: from smtprelay-h32.telenor.se (smtprelay-h32.telenor.se [213.150.131.5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BBC4D6D4DD for ; Thu, 8 Mar 2018 19:49:34 +0000 (UTC) (envelope-from hasse@bara1.se) Received: from ipb2.telenor.se (ipb2.telenor.se [195.54.127.165]) by smtprelay-h32.telenor.se (Postfix) with ESMTP id 35416E982E for ; Thu, 8 Mar 2018 20:49:27 +0100 (CET) X-SENDER-IP: [195.54.99.212] X-LISTENER: [smtp.glocalnet.net] X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A2D2AADrkqFamNRjNsNeGQEBAQEBAQEBA?= =?us-ascii?q?QEBAQcBAQEBAYQ2bxUBAREKiBuGPI0EggIPgQeBcIohii0HJoUCAoMKITgUAQI?= =?us-ascii?q?BAQEBAQECEwEBAQEBCAsLBiguhSQBAgNLAS0QCxMFCQ0BBRIPBREHMYUwAQqtZ?= =?us-ascii?q?IQFAYRiggkPhTWCLoZpgwIsBYFOAQEIXgGCcIIyBIgUB4cOhAuHGwmGSYYdg3Q?= =?us-ascii?q?OgjGMMIsIh2s1gXMzGggwgVcIgR4JCoIgDgyBfHYBAQEBiHANGIEKAYEWAQEB?= X-IPAS-Result: =?us-ascii?q?A2D2AADrkqFamNRjNsNeGQEBAQEBAQEBAQEBAQcBAQEBAYQ?= =?us-ascii?q?2bxUBAREKiBuGPI0EggIPgQeBcIohii0HJoUCAoMKITgUAQIBAQEBAQECEwEBA?= =?us-ascii?q?QEBCAsLBiguhSQBAgNLAS0QCxMFCQ0BBRIPBREHMYUwAQqtZIQFAYRiggkPhTW?= =?us-ascii?q?CLoZpgwIsBYFOAQEIXgGCcIIyBIgUB4cOhAuHGwmGSYYdg3QOgjGMMIsIh2s1g?= =?us-ascii?q?XMzGggwgVcIgR4JCoIgDgyBfHYBAQEBiHANGIEKAYEWAQEB?= X-IronPort-AV: E=Sophos;i="5.47,442,1515452400"; d="asc'?scan'208";a="1080280857" Received: from smtprelay-b21.telenor.se ([195.54.99.212]) by ipb2.telenor.se with ESMTP; 08 Mar 2018 20:49:26 +0100 Received: from ipb3.telenor.se (ipb3.telenor.se [195.54.127.166]) by smtprelay-b21.telenor.se (Postfix) with ESMTP id AEE40EA666 for ; Thu, 8 Mar 2018 21:16:39 +0100 (CET) X-SENDER-IP: [85.227.12.184] X-LISTENER: [smtp.bredband.net] X-IronPort-AV: E=Sophos;i="5.47,442,1515452400"; d="asc'?scan'208";a="1729719111" Received: from ua-85-227-12-184.cust.bredbandsbolaget.se (HELO ymer.bara1.se) ([85.227.12.184]) by ipb3.telenor.se with ESMTP; 08 Mar 2018 20:49:25 +0100 Received: by ymer.bara1.se (Postfix, from userid 1001) id 5839B169F5; Thu, 8 Mar 2018 20:49:25 +0100 (CET) Date: Thu, 8 Mar 2018 20:49:25 +0100 From: User Hasse To: User Hasse Cc: freebsd-questions@freebsd.org Subject: Re: Increased abuse activity on my server Message-ID: <20180308194925.GA67577@ymer.bara1.se> References: <20180307071944.GA30971@ymer.bara1.se> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="xHFwDpU9dbj6ez1V" Content-Disposition: inline In-Reply-To: <20180307071944.GA30971@ymer.bara1.se> X-PGP-Key: https://www.bara1.se/pubkey.asc User-Agent: Mutt/1.9.4 (2018-02-28) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Mar 2018 19:49:36 -0000 --xHFwDpU9dbj6ez1V Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello Thank you all for answering. My server is well protected. But ..... I was just puzzeled by the increase of attempts, and wondered if anybody el= se had seen a simalar pattern. Thanks a lot everone answering. /Geir -------------------------------- On Wed, Mar 07, 2018 at 08:19:44AM +0100, User Hasse wrote: > Hello All > I belive I see an increased amount of abuse attempt on my server by sever= al 100% > in the last couple of months. Anybody else noticed ? >=20 > all the best > Geir Svalland > ------------------------- > ymer.bara1.se login failures: > Mar 5 00:07:35 ymer sshd[3394]: Invalid user postgres from 41.138.51.69 > Mar 5 00:07:35 ymer sshd[3394]: input_userauth_request: invalid user pos= tgres [preauth] > Mar 5 00:12:12 ymer sshd[3419]: Invalid user ubnt from 31.30.120.136 > Mar 5 00:12:12 ymer sshd[3419]: input_userauth_request: invalid user ubn= t [preauth] > Mar 5 00:43:20 ymer sshd[3488]: Invalid user zabbix from 202.129.16.124 > Mar 5 00:43:20 ymer sshd[3488]: input_userauth_request: invalid user zab= bix [preauth] > Mar 5 00:55:48 ymer sshd[3532]: reverse mapping checking getaddrinfo for= c62.15.comtelnet.pl [176.115.15.62] failed - POSSIBLE BREAK-IN ATTEMPT! > Mar 5 00:55:48 ymer sshd[3532]: Invalid user oracle from 176.115.15.62 > Mar 5 00:55:48 ymer sshd[3532]: input_userauth_request: invalid user ora= cle [preauth] > Mar 5 01:14:21 ymer sshd[3572]: Invalid user zabbix from 185.173.226.39 > Mar 5 01:14:21 ymer sshd[3572]: input_userauth_request: invalid user zab= bix [preauth] > Mar 5 01:26:45 ymer sshd[3605]: Invalid user admin from 39.109.10.138 > Mar 5 01:26:45 ymer sshd[3605]: input_userauth_request: invalid user adm= in [preauth] > Mar 5 02:02:07 ymer sshd[3687]: reverse mapping checking getaddrinfo for= static-ip-181500122237.cable.net.co [181.50.122.237] failed - POSSIBLE BRE= AK-IN ATTEMPT! > Mar 5 02:02:07 ymer sshd[3687]: Invalid user admin from 181.50.122.237 > Mar 5 02:02:07 ymer sshd[3687]: input_userauth_request: invalid user adm= in [preauth] > Mar 5 02:40:45 ymer sshd[3766]: Invalid user oracle from 123.207.237.12 > Mar 5 02:40:45 ymer sshd[3766]: input_userauth_request: invalid user ora= cle [preauth] > Mar 5 02:41:19 ymer sshd[3769]: Invalid user vmuser from 207.107.67.114 > Mar 5 02:41:19 ymer sshd[3769]: input_userauth_request: invalid user vmu= ser [preauth] > Mar 5 03:17:13 ymer sshd[4180]: Invalid user cacti from 190.97.60.94 > Mar 5 03:17:13 ymer sshd[4180]: input_userauth_request: invalid user cac= ti [preauth] > Mar 5 03:50:14 ymer sshd[4254]: Invalid user ftptest from 218.201.250.77 > Mar 5 03:50:14 ymer sshd[4254]: input_userauth_request: invalid user ftp= test [preauth] > Mar 5 04:09:23 ymer sshd[4296]: Invalid user celia from 180.76.140.116 > Mar 5 04:09:23 ymer sshd[4296]: input_userauth_request: invalid user cel= ia [preauth] > Mar 5 04:10:27 ymer sshd[4304]: Invalid user ftp_user from 125.212.249.1= 15 > Mar 5 04:10:27 ymer sshd[4304]: input_userauth_request: invalid user ftp= _user [preauth] > Mar 5 04:11:02 ymer sshd[4319]: Invalid user oracle1 from 13.59.239.183 > Mar 5 04:11:02 ymer sshd[4319]: input_userauth_request: invalid user ora= cle1 [preauth] > Mar 5 05:08:15 ymer sshd[4459]: Invalid user nagios from 128.199.91.171 > Mar 5 05:08:15 ymer sshd[4459]: input_userauth_request: invalid user nag= ios [preauth] > Mar 5 05:10:11 ymer sshd[4464]: Invalid user mia from 218.201.250.77 > Mar 5 05:10:11 ymer sshd[4464]: input_userauth_request: invalid user mia= [preauth] > Mar 5 05:46:22 ymer sshd[4550]: reverse mapping checking getaddrinfo for= broadband.actcorp.in [183.82.0.15] failed - POSSIBLE BREAK-IN ATTEMPT! > Mar 5 05:46:22 ymer sshd[4550]: Invalid user applmgr from 183.82.0.15 > Mar 5 05:46:22 ymer sshd[4550]: input_userauth_request: invalid user app= lmgr [preauth] > Mar 5 05:48:43 ymer sshd[4553]: reverse mapping checking getaddrinfo for= 38.102.112.112.broad.km.yn.dynamic.163data.com.cn [112.112.102.38] failed = - POSSIBLE BREAK-IN ATTEMPT! > Mar 5 05:48:43 ymer sshd[4553]: Invalid user admin from 112.112.102.38 > Mar 5 05:48:43 ymer sshd[4553]: input_userauth_request: invalid user adm= in [preauth] > Mar 5 05:54:02 ymer sshd[4558]: Invalid user ftpuser from 103.26.14.92 > Mar 5 05:54:02 ymer sshd[4558]: input_userauth_request: invalid user ftp= user [preauth] > Mar 5 05:56:19 ymer sshd[4575]: reverse mapping checking getaddrinfo for= mail.jntukelearn.in [49.156.148.212] failed - POSSIBLE BREAK-IN ATTEMPT! > Mar 5 05:56:19 ymer sshd[4575]: Invalid user manager from 49.156.148.212 > Mar 5 05:56:19 ymer sshd[4575]: input_userauth_request: invalid user man= ager [preauth] > Mar 5 06:07:01 ymer sshd[4845]: Invalid user test6 from 185.13.36.208 > Mar 5 06:07:01 ymer sshd[4845]: input_userauth_request: invalid user tes= t6 [preauth] > Mar 5 06:36:44 ymer sshd[4909]: reverse mapping checking getaddrinfo for= 133.subnet180-250-210.astinet.telkom.net.id [180.250.210.133] failed - POS= SIBLE BREAK-IN ATTEMPT! > Mar 5 06:36:44 ymer sshd[4909]: Invalid user admin from 180.250.210.133 > Mar 5 06:36:44 ymer sshd[4909]: input_userauth_request: invalid user adm= in [preauth] > Mar 5 07:02:22 ymer sshd[7417]: Invalid user user from 103.229.176.187 > Mar 5 07:02:22 ymer sshd[7417]: input_userauth_request: invalid user use= r [preauth] > Mar 5 07:26:31 ymer sshd[7455]: Invalid user gnats from 139.217.202.77 > Mar 5 07:26:31 ymer sshd[7455]: input_userauth_request: invalid user gna= ts [preauth] > Mar 5 07:27:00 ymer sshd[7458]: Invalid user tomcat from 60.250.168.200 > Mar 5 07:27:00 ymer sshd[7458]: input_userauth_request: invalid user tom= cat [preauth] > Mar 5 07:34:14 ymer sshd[7486]: Invalid user max from 125.212.233.81 > Mar 5 07:34:14 ymer sshd[7486]: input_userauth_request: invalid user max= [preauth] > Mar 5 07:34:14 ymer sshd[7486]: input_userauth_request: invalid user max= [preauth] > Mar 5 07:57:56 ymer sshd[7528]: Invalid user cvsuser from 112.171.152.12 > Mar 5 07:57:56 ymer sshd[7528]: input_userauth_request: invalid user cvs= user [preauth] > Mar 5 08:05:21 ymer sshd[7555]: Invalid user admin from 46.105.121.42 > Mar 5 08:05:21 ymer sshd[7555]: input_userauth_request: invalid user adm= in [preauth] > Mar 5 08:07:46 ymer sshd[7560]: Invalid user jboss from 187.162.208.209 > Mar 5 08:07:46 ymer sshd[7560]: input_userauth_request: invalid user jbo= ss [preauth] > Mar 5 08:08:54 ymer sshd[7567]: Invalid user jboss from 46.101.198.164 > Mar 5 08:08:54 ymer sshd[7567]: input_userauth_request: invalid user jbo= ss [preauth] > Mar 5 08:36:41 ymer sshd[7660]: reverse mapping checking getaddrinfo for= static.customer-201-147-183-55.uninet-ide.com.mx [201.147.183.55] failed -= POSSIBLE BREAK-IN ATTEMPT! > Mar 5 08:36:41 ymer sshd[7660]: Invalid user alex from 201.147.183.55 > Mar 5 08:36:41 ymer sshd[7660]: input_userauth_request: invalid user ale= x [preauth] > Mar 5 08:49:08 ymer sshd[7690]: reverse mapping checking getaddrinfo for= host-156.195.34.241-static.tedata.net [156.195.241.34] failed - POSSIBLE B= REAK-IN ATTEMPT! > Mar 5 08:49:08 ymer sshd[7690]: Invalid user admin from 156.195.241.34 > Mar 5 08:49:08 ymer sshd[7690]: input_userauth_request: invalid user adm= in [preauth] > Mar 5 08:49:08 ymer sshd[7688]: Invalid user admin from 180.251.50.186 > Mar 5 08:49:08 ymer sshd[7688]: input_userauth_request: invalid user adm= in [preauth] > Mar 5 08:49:23 ymer sshd[7694]: Invalid user admin from 171.229.253.137 > Mar 5 08:49:23 ymer sshd[7694]: input_userauth_request: invalid user adm= in [preauth] > Mar 5 09:10:45 ymer sshd[7750]: Invalid user informix from 178.32.17.209 > Mar 5 09:10:45 ymer sshd[7750]: input_userauth_request: invalid user inf= ormix [preauth] > Mar 5 09:19:37 ymer sshd[7775]: Invalid user admin from 78.149.116.204 > Mar 5 09:19:37 ymer sshd[7775]: input_userauth_request: invalid user adm= in [preauth] > Mar 5 09:25:55 ymer sshd[7800]: Invalid user backuppc from 171.244.34.34 > Mar 5 09:25:55 ymer sshd[7800]: input_userauth_request: invalid user bac= kuppc [preauth] > Mar 5 09:27:17 ymer sshd[7805]: Invalid user midgear from 125.212.228.165 > Mar 5 09:27:17 ymer sshd[7805]: input_userauth_request: invalid user mid= gear [preauth] > Mar 5 09:56:26 ymer sshd[7862]: Invalid user ftp_user from 182.61.108.55 > Mar 5 09:56:26 ymer sshd[7862]: input_userauth_request: invalid user ftp= _user [preauth] > Mar 5 09:59:10 ymer sshd[7870]: Invalid user admin from 110.10.189.182 > Mar 5 09:59:10 ymer sshd[7870]: input_userauth_request: invalid user adm= in [preauth] > Mar 5 10:20:38 ymer sshd[7923]: Invalid user oracle from 193.70.85.206 > Mar 5 10:20:38 ymer sshd[7923]: input_userauth_request: invalid user ora= cle [preauth] > Mar 5 10:25:47 ymer sshd[7946]: Invalid user admin from 111.230.100.145 > Mar 5 10:25:47 ymer sshd[7946]: input_userauth_request: invalid user adm= in [preauth] > Mar 5 11:54:32 ymer sshd[8110]: Invalid user applmgr from 202.54.249.131 > Mar 5 11:54:32 ymer sshd[8110]: input_userauth_request: invalid user app= lmgr [preauth] > Mar 5 12:22:57 ymer sshd[8189]: Invalid user michael from 138.197.79.125 > Mar 5 12:22:57 ymer sshd[8189]: input_userauth_request: invalid user mic= hael [preauth] > Mar 5 12:45:54 ymer sshd[8249]: Invalid user zimbra from 38.108.53.157 > Mar 5 12:45:54 ymer sshd[8249]: input_userauth_request: invalid user zim= bra [preauth] > Mar 5 13:26:42 ymer sshd[8342]: Invalid user manu from 61.178.220.148 > Mar 5 13:26:42 ymer sshd[8342]: input_userauth_request: invalid user man= u [preauth] > Mar 5 14:21:45 ymer sshd[8459]: Invalid user cacti from 124.124.99.216 > Mar 5 14:21:45 ymer sshd[8459]: input_userauth_request: invalid user cac= ti [preauth] > Mar 5 14:33:28 ymer sshd[8500]: reverse mapping checking getaddrinfo for= strelnikoveugene.fvds.ru [82.146.62.2] failed - POSSIBLE BREAK-IN ATTEMPT! > Mar 5 14:33:28 ymer sshd[8500]: Invalid user squid from 82.146.62.2 > Mar 5 14:33:28 ymer sshd[8500]: input_userauth_request: invalid user squ= id [preauth] > Mar 5 14:37:30 ymer sshd[8505]: Invalid user oracle from 125.212.233.81 > Mar 5 14:37:30 ymer sshd[8505]: input_userauth_request: invalid user ora= cle [preauth] > Mar 5 14:52:35 ymer sshd[8531]: reverse mapping checking getaddrinfo for= host251.181-111-193.telecom.net.ar [181.111.193.251] failed - POSSIBLE BRE= AK-IN ATTEMPT! > Mar 5 14:52:35 ymer sshd[8531]: Invalid user admin from 181.111.193.251 > Mar 5 14:52:35 ymer sshd[8531]: input_userauth_request: invalid user adm= in [preauth] > Mar 5 15:34:12 ymer sshd[8624]: Invalid user kodi from 35.194.242.249 > Mar 5 15:34:12 ymer sshd[8624]: input_userauth_request: invalid user kod= i [preauth] > Mar 5 15:51:04 ymer sshd[8649]: Invalid user setup from 103.26.14.92 > Mar 5 15:51:04 ymer sshd[8649]: input_userauth_request: invalid user set= up [preauth] > Mar 5 16:22:17 ymer sshd[8738]: Invalid user pi from 78.129.204.130 > Mar 5 16:22:17 ymer sshd[8738]: input_userauth_request: invalid user pi = [preauth] > Mar 5 16:22:17 ymer sshd[8738]: input_userauth_request: invalid user pi = [preauth] > Mar 5 16:55:47 ymer sshd[8828]: reverse mapping checking getaddrinfo for= 203-154-158-250.inter.net.th [203.154.158.250] failed - POSSIBLE BREAK-IN = ATTEMPT! > Mar 5 16:55:47 ymer sshd[8828]: Invalid user admin from 203.154.158.250 > Mar 5 16:55:47 ymer sshd[8828]: input_userauth_request: invalid user adm= in [preauth] > Mar 5 17:21:40 ymer sshd[8874]: Invalid user allen from 61.6.165.220 > Mar 5 17:21:40 ymer sshd[8874]: input_userauth_request: invalid user all= en [preauth] > Mar 5 17:38:11 ymer sshd[8914]: reverse mapping checking getaddrinfo for= 212.224.88.142.living-bots.net [212.224.88.142] failed - POSSIBLE BREAK-IN= ATTEMPT! > Mar 5 17:38:11 ymer sshd[8914]: Invalid user postgres from 212.224.88.142 > Mar 5 17:38:11 ymer sshd[8914]: input_userauth_request: invalid user pos= tgres [preauth] > Mar 5 17:43:12 ymer sshd[8919]: Invalid user usuario from 166.62.39.220 > Mar 5 17:43:12 ymer sshd[8919]: input_userauth_request: invalid user usu= ario [preauth] > Mar 5 18:02:29 ymer sshd[8970]: Invalid user oracle from 128.199.131.118 > Mar 5 18:02:29 ymer sshd[8970]: input_userauth_request: invalid user ora= cle [preauth] > Mar 5 18:24:13 ymer sshd[9020]: Invalid user arkserver from 61.6.165.220 > Mar 5 18:24:13 ymer sshd[9020]: input_userauth_request: invalid user ark= server [preauth] > Mar 5 18:25:15 ymer sshd[9025]: Invalid user dbuser from 88.26.245.85 > Mar 5 18:25:15 ymer sshd[9025]: input_userauth_request: invalid user dbu= ser [preauth] > Mar 5 18:36:07 ymer sshd[9048]: Invalid user osmc from 78.129.204.130 > Mar 5 18:36:07 ymer sshd[9048]: input_userauth_request: invalid user osm= c [preauth] > Mar 5 18:41:58 ymer sshd[9057]: Invalid user fabiof from 110.34.24.24 > Mar 5 18:41:58 ymer sshd[9059]: Invalid user fabiof from 110.34.24.24 > Mar 5 18:41:58 ymer sshd[9057]: input_userauth_request: invalid user fab= iof [preauth] > Mar 5 18:41:58 ymer sshd[9059]: input_userauth_request: invalid user fab= iof [preauth] > Mar 5 18:51:06 ymer sshd[9080]: reverse mapping checking getaddrinfo for= static.customer-201-147-183-55.uninet-ide.com.mx [201.147.183.55] failed -= POSSIBLE BREAK-IN ATTEMPT! > Mar 5 18:51:06 ymer sshd[9080]: Invalid user t7inst from 201.147.183.55 > Mar 5 18:51:06 ymer sshd[9080]: input_userauth_request: invalid user t7i= nst [preauth] > Mar 5 18:51:52 ymer sshd[9083]: Invalid user pos from 150.217.141.198 > Mar 5 18:51:52 ymer sshd[9083]: input_userauth_request: invalid user pos= [preauth] > Mar 5 19:59:31 ymer sshd[9218]: Invalid user cvsuser from 128.199.91.171 > Mar 5 19:59:31 ymer sshd[9218]: input_userauth_request: invalid user cvs= user [preauth] > Mar 5 20:02:44 ymer sshd[9238]: Invalid user ftp_user from 36.66.164.143 > Mar 5 20:02:44 ymer sshd[9238]: input_userauth_request: invalid user ftp= _user [preauth] > Mar 5 20:08:14 ymer sshd[9246]: Invalid user admin from 183.6.159.187 > Mar 5 20:08:14 ymer sshd[9246]: input_userauth_request: invalid user adm= in [preauth] > Mar 5 20:37:43 ymer sshd[9337]: Invalid user clinton from 201.23.109.210 > Mar 5 20:37:43 ymer sshd[9337]: input_userauth_request: invalid user cli= nton [preauth] > Mar 5 20:55:23 ymer sshd[9383]: Invalid user proba from 103.200.22.113 > Mar 5 20:55:23 ymer sshd[9383]: input_userauth_request: invalid user pro= ba [preauth] > Mar 5 20:59:13 ymer sshd[9394]: reverse mapping checking getaddrinfo for= 104-238-169-76.choopa.net [104.238.169.76] failed - POSSIBLE BREAK-IN ATTE= MPT! > Mar 5 21:03:45 ymer sshd[9418]: Invalid user postgres from 115.159.71.44 > Mar 5 21:03:45 ymer sshd[9418]: input_userauth_request: invalid user pos= tgres [preauth] > Mar 5 21:05:58 ymer sshd[9428]: Invalid user admin from 200.23.233.67 > Mar 5 21:05:58 ymer sshd[9428]: input_userauth_request: invalid user adm= in [preauth] > Mar 5 21:06:02 ymer sshd[9426]: Invalid user admin from 171.229.108.211 > Mar 5 21:06:02 ymer sshd[9426]: input_userauth_request: invalid user adm= in [preauth] > Mar 5 21:06:04 ymer sshd[9431]: reverse mapping checking getaddrinfo for= host-197.34.115.50.tedata.net [197.34.115.50] failed - POSSIBLE BREAK-IN A= TTEMPT! > Mar 5 21:06:04 ymer sshd[9431]: Invalid user admin from 197.34.115.50 > Mar 5 21:06:04 ymer sshd[9431]: input_userauth_request: invalid user adm= in [preauth] > Mar 5 21:10:05 ymer sshd[9438]: Invalid user midgear from 118.36.193.215 > Mar 5 21:10:05 ymer sshd[9438]: input_userauth_request: invalid user mid= gear [preauth] > Mar 5 21:16:20 ymer sshd[9455]: Invalid user houx from 94.46.186.49 > Mar 5 21:16:20 ymer sshd[9455]: input_userauth_request: invalid user hou= x [preauth] > Mar 5 21:30:14 ymer sshd[9479]: Invalid user admin from 112.6.224.2 > Mar 5 21:30:14 ymer sshd[9479]: input_userauth_request: invalid user adm= in [preauth] > Mar 5 21:36:06 ymer sshd[9496]: Invalid user daniel from 138.197.79.125 > Mar 5 21:36:06 ymer sshd[9496]: input_userauth_request: invalid user dan= iel [preauth] > Mar 5 21:43:05 ymer sshd[9511]: Invalid user zabbix from 77.82.90.234 > Mar 5 21:43:05 ymer sshd[9511]: input_userauth_request: invalid user zab= bix [preauth] > Mar 5 22:13:57 ymer sshd[9603]: Invalid user administrateur from 193.70.= 85.206 > Mar 5 22:13:57 ymer sshd[9603]: input_userauth_request: invalid user adm= inistrateur [preauth] > Mar 5 22:16:20 ymer sshd[9608]: Invalid user aaron from 41.138.51.69 > Mar 5 22:16:20 ymer sshd[9608]: input_userauth_request: invalid user aar= on [preauth] > Mar 5 22:53:57 ymer sshd[9682]: Invalid user debian-spamd from 197.230.8= 2.115 > Mar 5 22:53:57 ymer sshd[9682]: input_userauth_request: invalid user deb= ian-spamd [preauth] > Mar 5 22:55:07 ymer sshd[9699]: reverse mapping checking getaddrinfo for= 51-15-12-149.rev.poneytelecom.eu [51.15.12.149] failed - POSSIBLE BREAK-IN= ATTEMPT! > Mar 5 22:55:07 ymer sshd[9699]: Invalid user alex from 51.15.12.149 > Mar 5 22:55:07 ymer sshd[9699]: input_userauth_request: invalid user ale= x [preauth] > Mar 5 23:00:25 ymer sshd[9718]: reverse mapping checking getaddrinfo for= 103.15.74.82.static-pune.hostin.in [103.15.74.82] failed - POSSIBLE BREAK-= IN ATTEMPT! > Mar 5 23:00:25 ymer sshd[9718]: Invalid user testuser from 103.15.74.82 > Mar 5 23:00:25 ymer sshd[9718]: input_userauth_request: invalid user tes= tuser [preauth] > Mar 5 23:32:14 ymer sshd[9767]: reverse mapping checking getaddrinfo for= mail.jntukelearn.in [49.156.148.212] failed - POSSIBLE BREAK-IN ATTEMPT! > Mar 5 23:32:14 ymer sshd[9767]: Invalid user oracle1 from 49.156.148.212 > Mar 5 23:32:14 ymer sshd[9767]: input_userauth_request: invalid user ora= cle1 [preauth] > Mar 5 23:49:11 ymer sshd[9806]: Invalid user ftpuser from 46.101.198.164 > Mar 5 23:49:11 ymer sshd[9806]: input_userauth_request: invalid user ftp= user [preauth] > Mar 5 23:54:37 ymer sshd[9814]: Invalid user yang from 203.223.42.55 > Mar 5 23:54:37 ymer sshd[9814]: input_userauth_request: invalid user yan= g [preauth] --xHFwDpU9dbj6ez1V Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQGTBAEBCgB9FiEEZmmwl+ajAr4eHVHbDLsBtTa490kFAlqhk7pfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDY2 NjlCMDk3RTZBMzAyQkUxRTFENTFEQjBDQkIwMUI1MzZCOEY3NDkACgkQDLsBtTa4 90nGJAf9GQARcTzGyEjvI0am2u7uyO4DDrXiy2abEZwATTkO8qsdER1dXpg4ZU5G UHDi1c2P4l/t9NwNYTQ7FcUxDvK/PEYluyYY7uZ+zOPdfkMYfjKaDV3L+vx5KAn/ WeuDmlQjvXAbpgQp6SXeaZ3g6YmoWLWxhiLddi+wortxIeJS8tHDXAPGbB0t8Z1M zg5PGbXevQSaKH5Zp3kN+4J+YkHaU1/SeemLD2n/1jArcdRzey+5xjlgoGpm5RCM b3R4WQQSzw79kN0MxqeFEEWyX2+iHlSoVIV8otfZTiECSwUgpGJm2FDlJsaELPAG p8NgPkZdkTsdE4n67YP5qju63Cyl/Q== =wSt3 -----END PGP SIGNATURE----- --xHFwDpU9dbj6ez1V-- From owner-freebsd-questions@freebsd.org Thu Mar 8 22:16:10 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 99DC3F35EDB for ; Thu, 8 Mar 2018 22:16:10 +0000 (UTC) (envelope-from srs0=l7op=f6=mail.sermon-archive.info=doug@sermon-archive.info) Received: from mail.sermon-archive.info (sermon-archive.info [71.177.216.148]) by mx1.freebsd.org (Postfix) with ESMTP id 3A4B77398D for ; Thu, 8 Mar 2018 22:16:09 +0000 (UTC) (envelope-from srs0=l7op=f6=mail.sermon-archive.info=doug@sermon-archive.info) Received: from [10.0.1.251] (mini [10.0.1.251]) by mail.sermon-archive.info (Postfix) with ESMTPSA id 3zy4Ql2Hnrz2fjQx for ; Thu, 8 Mar 2018 14:08:31 -0800 (PST) From: Doug Hardie Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) Subject: Server Refuses to Boot Message-Id: <65110EA3-A090-4D78-AA43-021A36BED3D2@mail.sermon-archive.info> Date: Thu, 8 Mar 2018 14:08:31 -0800 To: FreeBSD Questions X-Mailer: Apple Mail (2.3445.5.20) X-Virus-Scanned: clamav-milter 0.99.4 at mail X-Virus-Status: Clean X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Mar 2018 22:16:10 -0000 I have a server running 11.0-Release just fine. I created a new drive = with 11.1. It boots on several different systems I have here at the = house. However, when installed on the production machine (not local), = it refuses to boot. The console output for the first time after power = on is: /boot/kernel/kernel text=3D0x14972f8 data=3D0x1384c0+0x4c15e8 = syms=3D[0x8+0x15e8b0+0x8+0x178422] /boot/entropy size=3D0x1000 Booting... Copyright (c) 1992-2017 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights = reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 11.1-RELEASE-p4 #0: Tue Nov 14 06:12:40 UTC 2017 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC = amd64 FreeBSD clang version 4.0.0 (tags/RELEASE_400/final 297347) (based on = LLVM 4.0.0) VT(vga): resolution 640x480 CPU: Dual-Core AMD Opteron(tm) Processor 2214 HE (2200.04-MHz K8-class = CPU) Origin=3D"AuthenticAMD" Id=3D0x40f13 Family=3D0xf Model=3D0x41 = Stepping=3D3 = Features=3D0x178bfbff Features2=3D0x2001 AMD Features=3D0xea500800 SVM: NAsids=3D64 real memory =3D 9428795392 (8992 MB) avail memory =3D 826394976 (7880 MB) Event timer "LAPIC" quality 100 ACPI APIC Table: FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs FreeBSD/SMP: 2 package(s) x 2 core(s) random: unblocking device. kpapic0 irqs 0-23 on motherbo# Ficatal dstoubleck ove fault rip =3D 0xflffow fdeftefctefff80ecad; 7dbaf ay p t=3D 0xfffffe01fac0e3250 m00 rbpe co =3D 0xfffffe0rr1f03250up10 ted ipuid c=3D 1pu; apic id =3D 3 KD =3D 01 leB: stacpk abniacc:kt rdoaceu:b 0 fault# 0xffcpfufidfff f=3D80 a1a dac7 atU kpdtib_mbaec:kt r1ace+s 0x67 Rebooti#1n 0gx.ff.f. fffff8 Eventually it reboots. The second and subsequent boots show: /boot/kernel/kernel text=3D0x14972f8 data=3D0x1384c0+0x4c15e8 = syms=3D[0x8+0x15e8b0+0x8+0x178422] /boot/entropy size=3D0x1000 Booting... Copyright (c) 1992-2017 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights = reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 11.1-RELEASE-p4 #0: Tue Nov 14 06:12:40 UTC 2017 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC = amd64 FreeBSD clang version 4.0.0 (tags/RELEASE_400/final 297347) (based on = LLVM 4.0.0) VT(vga): resolution 640x480 CPU: Dual-Core AMD Opteron(tm) Processor 2214 HE (2200.04-MHz K8-class = CPU) Origin=3D"AuthenticAMD" Id=3D0x40f13 Family=3D0xf Model=3D0x41 = Stepping=3D3 = Features=3D0x178bfbff Features2=3D0x2001 AMD Features=3D0xea500800 SVM: NAsids=3D64 real memory =3D 9428795392 (8992 MB) avail memory =3D 826329MB) Event timer "LAPIC" quality 100 ACPI APIC Table: FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs FreeBSD/SMP: 2 package(s) x 2 core(s) random: unblocking device. ioapic0 irqs 0-23 on motherboard SMP: AP 11.0 Boot shows: /boot/kernel/kernel text=3D0x14ee820 data=3D0x1324b8+0x4baa68 = syms=3D[0x8+0x159db0+0x8+0x172ba2] /boot/entropy size=3D0x1000 Booting... Copyright (c) 1992-2016 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights = reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 11.0-RELEASE-p8 #0: Wed Feb 22 06:12:04 UTC 2017 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC = amd64 FreeBSD clang version 3.8.0 (tags/RELEASE_380/final 262564) (based on = LLVM 3.8.0) VT(vga): resolution 640x480 CPU: Dual-Core AMD Opteron(tm) Processor 2214 HE (2200.04-MHz K8-class = CPU) Origin=3D"AuthenticAMD" Id=3D0x40f13 Family=3D0xf Model=3D0x41 = Stepping=3D3 = Features=3D0x178bfbff Features2=3D0x2001 AMD = Features=3D0xea500800 AMD Features2=3D0x1f SVM: NAsids=3D64 real memory =3D 9428795392 (8992 MB) avail memory =3D 8257220608 (7874 MB) Event timer "LAPIC" quality 400 ACPI APIC Table: FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs FreeBSD/SMP: 2 package(s) x 2 core(s) random: unblocking device. ioapic0 irqs 0-23 on motherboard random: entropy device external interface kbd1 at kbdmux0 netmap: loaded module module_register_init: MOD_LOAD (vesa, 0xffffffff8101d970, 0) error 19 vtvga0: on motherboard cryptosoft0: on motherboard acpi0: on motherboard acpi0: Power Button (fixed) Looking through the entire good output, it appears the last lines of the = bad boot come from: SMP: AP CPU #1 Launched! SMP: AP CPU #2 Launched! SMP: AP CPU #3 Launched! However, what happened to all the hardware detection listing? Any ideas = what is happening here? -- Doug From owner-freebsd-questions@freebsd.org Fri Mar 9 12:22:57 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 89D16F4978B for ; Fri, 9 Mar 2018 12:22:57 +0000 (UTC) (envelope-from dave@daveharker.com) Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0077.outbound.protection.outlook.com [104.47.2.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT TLS CA 4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D04907485D for ; Fri, 9 Mar 2018 12:22:56 +0000 (UTC) (envelope-from dave@daveharker.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=daveharker.onmicrosoft.com; s=selector1-daveharker-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=BYrc3ibfXePUEzHeagTU1CBSqd0Uqiwf2IZN2JnA9Yg=; b=DK4xDlyFBJdqDzAitL9fDI+GkgiqpDgQ67z/6OQMyD/7ohhUuOEBydJSl0+FYIRSebgkxdnqSDCYtV0TGt4gZBeSFrYAI2IOlEJyTNmFmtmP7srgOM81cFjseok2BrJA9HfvGujDUPc4VQ42DG7qjPfXbHA/e9toRYBi2q+RgJE= Received: from HE1PR1001MB0876.EURPRD10.PROD.OUTLOOK.COM (10.167.193.8) by HE1PR1001MB1242.EURPRD10.PROD.OUTLOOK.COM (10.171.95.7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Fri, 9 Mar 2018 12:22:52 +0000 Received: from HE1PR1001MB0876.EURPRD10.PROD.OUTLOOK.COM ([fe80::d06b:21b0:11d7:54cf]) by HE1PR1001MB0876.EURPRD10.PROD.OUTLOOK.COM ([fe80::d06b:21b0:11d7:54cf%13]) with mapi id 15.20.0567.015; Fri, 9 Mar 2018 12:22:52 +0000 From: Dave Harker To: "freebsd-questions@FreeBSD.org" Subject: FreeBSD NIST or CIS Hardening Thread-Topic: FreeBSD NIST or CIS Hardening Thread-Index: AQHTt6FYfrUkUmhF+kCPUZ6sMZ9eKw== Date: Fri, 9 Mar 2018 12:22:52 +0000 Message-ID: Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=dave@daveharker.com; x-originating-ip: [193.240.153.162] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; HE1PR1001MB1242; 7:6jnplRYAk5kHOHB0OU5nxc9LUh4sk1lAgFSzF9jOpYMmjCfG++L8EFiQcjGWcmZ7pVHXPVHfT89Es9/3EIKtPtU0T4W8+Ef4HHX3Z6436TL7Ei/iATAj92w+YPDtBcJtI07HK/75hAb07R6J8BjGnTCkNULD11kHx5DA4wN3QWHrBqX1CVKEf9jOba5epkZTcatTVS0+76J7z4uHBV67CFm6J3ZeZNIi20sU+Lb4uyKnL772IY+mFdfAi+gx4zqM x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-correlation-id: 777668a1-8936-41fb-e950-08d585b87af9 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(7021125)(5600026)(4604075)(3008032)(4534165)(7022125)(4603075)(4627221)(201702281549075)(7048125)(7024125)(7027125)(7028125)(7023125)(2017052603328)(7153060)(7193020); SRVR:HE1PR1001MB1242; x-ms-traffictypediagnostic: HE1PR1001MB1242: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(273802758526341); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(5005006)(8121501046)(3231220)(944501244)(52105095)(93006095)(93001095)(3002001)(10201501046)(6041310)(20161123564045)(20161123558120)(2016111802025)(20161123562045)(20161123560045)(6072148)(6043046)(201708071742011); SRVR:HE1PR1001MB1242; BCL:0; PCL:0; RULEID:; SRVR:HE1PR1001MB1242; x-forefront-prvs: 0606BBEB39 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(396003)(39830400003)(366004)(39380400002)(346002)(189003)(199004)(7736002)(2351001)(99286004)(6116002)(102836004)(3846002)(3660700001)(5250100002)(2501003)(186003)(6506007)(33656002)(26005)(316002)(3280700002)(81166006)(81156014)(966005)(478600001)(82746002)(14454004)(606006)(8676002)(106356001)(97736004)(8936002)(25786009)(59450400001)(2906002)(5640700003)(83716003)(6436002)(105586002)(6306002)(6512007)(54896002)(68736007)(66066001)(6486002)(5660300001)(6916009)(236005)(36756003)(53936002)(2900100001)(86362001)(15398625002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR1001MB1242; H:HE1PR1001MB0876.EURPRD10.PROD.OUTLOOK.COM; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: daveharker.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: YMSN9iZnC45jQETVRdzXrP65LVNZ2hrYUkaccK+4t5vFFj/45LSGv+26E10/gPoz03QnNUJT22O/49dAOefm/qZKx9gof4sMIngqVFpCa0zgS+qsqDukw49+vow6bEEj8GPyOgP9aL4OV9EH2zaF4DZzM4ZwlspU+ZZSpU/Iiw6VDfkOW7Bn2g/ZRNAuRMlDl2OPXB8vlPWoF/C5Z4xsl1P1je93SjJhUZU76LreSByZaa9QNrWbBO0LSZuKrfr+2vaAVdxwfBPeqe+pzxm2GhkqmLqyFJilAVmnsNScYh3wuCalBEicjI229J2XnozbxI62HkkHFqsotJAc0Oieag== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-OriginatorOrg: daveharker.com X-MS-Exchange-CrossTenant-Network-Message-Id: 777668a1-8936-41fb-e950-08d585b87af9 X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Mar 2018 12:22:52.3968 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 20adbdcb-1008-44f7-9df7-7646ccdd1402 X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR1001MB1242 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Mar 2018 12:22:57 -0000 Hi, I notice that the last CIS Hardening Benchmark is from 2004 and is for vers= ion 4.10. https://www.cisecurity.org/wp-content/uploads/2018/02/FreeBSD_benchmark_v1.= 0.5.pdf Is there any effort underway to produce either an up to date CIS Benchmark = or a specific NIST Stig to certify FreeBSD for high assurance use? - Dave From owner-freebsd-questions@freebsd.org Fri Mar 9 12:48:29 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 96D25F4B663 for ; Fri, 9 Mar 2018 12:48:29 +0000 (UTC) (envelope-from rsk@gsp.org) Received: from taos.firemountain.net (taos.firemountain.net [207.114.3.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "taos.firemountain.net", Issuer "taos.firemountain.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 2638B7570B for ; Fri, 9 Mar 2018 12:48:28 +0000 (UTC) (envelope-from rsk@gsp.org) Received: from gsp.org (localhost [127.0.0.1]) by taos.firemountain.net (8.15.1/8.14.9) with SMTP id w29CUMTL014034 for ; Fri, 9 Mar 2018 07:30:22 -0500 (EST) Date: Fri, 9 Mar 2018 07:30:21 -0500 From: Rich Kulawiec To: freebsd-questions@freebsd.org Subject: Re: Increased abuse activity on my server Message-ID: <20180309123021.GA9355@gsp.org> References: <20180307071944.GA30971@ymer.bara1.se> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180307071944.GA30971@ymer.bara1.se> User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Mar 2018 12:48:29 -0000 On Wed, Mar 07, 2018 at 08:19:44AM +0100, User Hasse wrote: > I belive I see an increased amount of abuse attempt on my server by several 100% > in the last couple of months. Anybody else noticed ? This is a question that can't be answered because it's not correctly asked. "abuse" has many facets, and what you see on your server is totally different in character, source, volume, etc., from what everyone else sees. Yes, it's possible to collate many different reports from disparate operations and perhaps -- MAYBE -- arrive at some general conclusions about the overall state of abuse Internet-wide, and that's an interesting intellectual exercise...but it's not much help to you. Moreover, given the high degree of sophistication among some abusers, what you see today may have little or no relationship to what you see tomorrow. So reacting to recent events, while not necessarily bad, may not avail you much in the long term. A better approach is to be pro-active. Not only should you turn off all services that you don't need, but you should block access to them from every part of the world that doesn't have an operational need for them. For example: Suppose you run an ssh server. And suppose that you only need to allow access to it from the US, Canada, and the UK. Then (a) put in a firewall rule that denies access globally and (b0 add rules to allow access from only those three countries. (See ipdeny.com for the network blocks.) This does *nothing* to stop ssh abuse from the US/CA/UK, but it does *everything* to stop it from the rest of the world. (Yes, I'm aware of proxies and VPNs.) The next step is to look at the ssh abuse coming from cloud operations: for example, AWS is a notorious, chronic, systemic source of abuse and attacks because the people running it are incompetent and negligent. Block it. All of it. Because unless you have an operational need for personnel to ssh in from there, there's no reason not to. Repeat with other cloud operations that behave in a similarly hostile fashion. And then keep track of where further abuse comes from. Keep the logs and look at the statistics over a day/week/month/year. Other entries for firewalls will suggest themselves. Use them. This is a *vastly* better approach than attempting to react on the fly with things like fail2ban. It shuts down the abuse -- at least from the sources you enumerate -- permanently. After all, if someone out there insists on providing you with evidence of their malicious intent all day every day, how much evidence do you need to see before you believe them? And if you believe them, why in hell would you continue to provide them with services? The same approach works with pops and imaps and other services. Firewall out every place that will never need them, then start firewalling out every place that attacks them. If you're careful and diligent about this, then over time you'll find that it gets easier -- because there's less and less to deal with. Of course it never stops entirely: there are always newly-emerging sources of abuse. But this approach drastically reduces the scale of the problem and makes it tractable. It works in nearly all production environments with a few exceptions -- and you're not one of those. ---rsk From owner-freebsd-questions@freebsd.org Sat Mar 10 11:11:01 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4173FF31C46 for ; Sat, 10 Mar 2018 11:11:01 +0000 (UTC) (envelope-from hasse@bara1.se) Received: from smtprelay-h22.telenor.se (smtprelay-h22.telenor.se [195.54.99.197]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BE9D76F29B for ; Sat, 10 Mar 2018 11:11:00 +0000 (UTC) (envelope-from hasse@bara1.se) Received: from ipb5.telenor.se (ipb5.telenor.se [195.54.127.168]) by smtprelay-h22.telenor.se (Postfix) with ESMTP id 75A0414019 for ; Sat, 10 Mar 2018 11:43:56 +0100 (CET) X-SENDER-IP: [195.54.99.213] X-LISTENER: [smtp.glocalnet.net] X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A2BeAQBWtqNakNVjNsNeGQEBAQEBAQEBA?= =?us-ascii?q?QEBAQcBAQEBAYQ2QC8oCo5YjH+CBA+BB4wbiiUCBQcbC4QzTwKDESE4FAECAQE?= =?us-ascii?q?BAQEBAhMBAQEBFBEoLoUkAQEBAwEBTBgIBAcQCw4KCRMSDwUTAQQFLAgHBAEcB?= =?us-ascii?q?IR7AQqsfYhhggsPhTWBNGkRhVw6VIMuAQSBTgEBCINOgjIEiByLHYcdCYZDhXu?= =?us-ascii?q?EFw6BY06GfIU0iXmIezUggVMzGggwOoJDCYI5ggZ2EIhLgSIBgRcBAQE?= X-IPAS-Result: =?us-ascii?q?A2BeAQBWtqNakNVjNsNeGQEBAQEBAQEBAQEBAQcBAQEBAYQ?= =?us-ascii?q?2QC8oCo5YjH+CBA+BB4wbiiUCBQcbC4QzTwKDESE4FAECAQEBAQEBAhMBAQEBF?= =?us-ascii?q?BEoLoUkAQEBAwEBTBgIBAcQCw4KCRMSDwUTAQQFLAgHBAEcBIR7AQqsfYhhggs?= =?us-ascii?q?PhTWBNGkRhVw6VIMuAQSBTgEBCINOgjIEiByLHYcdCYZDhXuEFw6BY06GfIU0i?= =?us-ascii?q?XmIezUggVMzGggwOoJDCYI5ggZ2EIhLgSIBgRcBAQE?= X-IronPort-AV: E=Sophos;i="5.47,450,1515452400"; d="asc'?scan'208";a="826972672" Received: from smtprelay-b22.telenor.se ([195.54.99.213]) by ipb5.telenor.se with ESMTP; 10 Mar 2018 11:43:55 +0100 Received: from ipb5.telenor.se (ipb5.telenor.se [195.54.127.168]) by smtprelay-b22.telenor.se (Postfix) with ESMTP id 7CE3EEB409; Sat, 10 Mar 2018 11:43:55 +0100 (CET) X-SENDER-IP: [85.227.12.184] X-LISTENER: [smtp.bredband.net] X-IronPort-AV: E=Sophos;i="5.47,450,1515452400"; d="asc'?scan'208";a="826972671" Received: from ua-85-227-12-184.cust.bredbandsbolaget.se (HELO ymer.bara1.se) ([85.227.12.184]) by ipb5.telenor.se with ESMTP; 10 Mar 2018 11:43:55 +0100 Received: by ymer.bara1.se (Postfix, from userid 1001) id 9AA2D40EAE; Sat, 10 Mar 2018 11:43:54 +0100 (CET) Date: Sat, 10 Mar 2018 11:43:54 +0100 From: User Hasse To: Rich Kulawiec Cc: freebsd-questions@freebsd.org Subject: Re: Increased abuse activity on my server Message-ID: <20180310104354.GA11201@ymer.bara1.se> References: <20180307071944.GA30971@ymer.bara1.se> <20180309123021.GA9355@gsp.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="r5Pyd7+fXNt84Ff3" Content-Disposition: inline In-Reply-To: <20180309123021.GA9355@gsp.org> X-PGP-Key: https://www.bara1.se/pubkey.asc User-Agent: Mutt/1.9.4 (2018-02-28) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Mar 2018 11:11:01 -0000 --r5Pyd7+fXNt84Ff3 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello and thank you very much for your reply. Regarding the first part of your answer, I thought my question was perfectl= y clear and easy to answer. "Anybody else noticed increased abuse activity on your = servers ?" and that was my sole and only question. But your answer was interresting to read. Specially the AWS part, that I wa= s not aware of. So, thank you very much for your time and effort to help. All the best Geir Svalland. =20 ------------------------------------------ On Fri, Mar 09, 2018 at 07:30:21AM -0500, Rich Kulawiec wrote: > On Wed, Mar 07, 2018 at 08:19:44AM +0100, User Hasse wrote: > > I belive I see an increased amount of abuse attempt on my server by sev= eral 100% > > in the last couple of months. Anybody else noticed ? >=20 > This is a question that can't be answered because it's not correctly aske= d. >=20 > "abuse" has many facets, and what you see on your server is totally > different in character, source, volume, etc., from what everyone else > sees. Yes, it's possible to collate many different reports from > disparate operations and perhaps -- MAYBE -- arrive at some general > conclusions about the overall state of abuse Internet-wide, and that's > an interesting intellectual exercise...but it's not much help to you. >=20 > Moreover, given the high degree of sophistication among some abusers, > what you see today may have little or no relationship to what you see > tomorrow. So reacting to recent events, while not necessarily bad, may > not avail you much in the long term. >=20 > A better approach is to be pro-active. Not only should you turn off > all services that you don't need, but you should block access to them > from every part of the world that doesn't have an operational need for th= em. >=20 > For example: >=20 > Suppose you run an ssh server. And suppose that you only need to allow > access to it from the US, Canada, and the UK. Then (a) put in a firewall > rule that denies access globally and (b0 add rules to allow access from > only those three countries. (See ipdeny.com for the network blocks.) >=20 > This does *nothing* to stop ssh abuse from the US/CA/UK, but it does > *everything* to stop it from the rest of the world. (Yes, I'm aware > of proxies and VPNs.) >=20 > The next step is to look at the ssh abuse coming from cloud operations: > for example, AWS is a notorious, chronic, systemic source of abuse and > attacks because the people running it are incompetent and negligent. > Block it. All of it. Because unless you have an operational need for > personnel to ssh in from there, there's no reason not to. Repeat with > other cloud operations that behave in a similarly hostile fashion. >=20 > And then keep track of where further abuse comes from. Keep the logs > and look at the statistics over a day/week/month/year. Other entries > for firewalls will suggest themselves. Use them. >=20 > This is a *vastly* better approach than attempting to react on the fly > with things like fail2ban. It shuts down the abuse -- at least from > the sources you enumerate -- permanently. After all, if someone out > there insists on providing you with evidence of their malicious intent > all day every day, how much evidence do you need to see before you > believe them? And if you believe them, why in hell would you continue > to provide them with services? >=20 > The same approach works with pops and imaps and other services. Firewall > out every place that will never need them, then start firewalling out > every place that attacks them. If you're careful and diligent about this, > then over time you'll find that it gets easier -- because there's less > and less to deal with. Of course it never stops entirely: there are > always newly-emerging sources of abuse. But this approach drastically > reduces the scale of the problem and makes it tractable. It works > in nearly all production environments with a few exceptions -- and > you're not one of those. >=20 > ---rsk > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" --r5Pyd7+fXNt84Ff3 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQGTBAEBCgB9FiEEZmmwl+ajAr4eHVHbDLsBtTa490kFAlqjtuJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDY2 NjlCMDk3RTZBMzAyQkUxRTFENTFEQjBDQkIwMUI1MzZCOEY3NDkACgkQDLsBtTa4 90kmTAf/b5ZwvwhbxObLcP/IBJt+7+iqMkHExeY9p6B2S9iG8mtkYfa5r9Fukd4M MgiLLkSnhOqabDv0oAzdegPp9wER4UK4v/4r2BICzanp+lcwJRj/5h0UjHdal7/C 5jak3OGyiU07TUAW6sBPUrW+Zfr/wCJ19JtIJxg81TY5Y0hDCgkhWko5ug1iZiPa h7AIe74q2QuabymbdUmCD/sG3GJ25oPLOaEvn3v89oXHoGIWQLOUzYkw0Fb3wXsu Sl0fMb0i3vrjGwkaskt1OwkW1JDVBlxtYfJA2e1iDY1Ea8DUsEgJ/eq3vUBHHybZ q42uWokPAvP5pLTSNmKLnQZwyVoDBg== =czMn -----END PGP SIGNATURE----- --r5Pyd7+fXNt84Ff3-- From owner-freebsd-questions@freebsd.org Sat Mar 10 18:50:42 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 49FB5F293B3 for ; Sat, 10 Mar 2018 18:50:42 +0000 (UTC) (envelope-from non.euc.geo.1854@gmail.com) Received: from mail-pl0-x22d.google.com (mail-pl0-x22d.google.com [IPv6:2607:f8b0:400e:c01::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BF9927F6A9 for ; Sat, 10 Mar 2018 18:50:41 +0000 (UTC) (envelope-from non.euc.geo.1854@gmail.com) Received: by mail-pl0-x22d.google.com with SMTP id y8-v6so7026120pll.13 for ; Sat, 10 Mar 2018 10:50:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:disposition-notification-to :date:user-agent:mime-version:in-reply-to:content-language; bh=mRLLtWSnHtISRgbP6zO2Iv31+b7H+uUc+ffi2o5JejE=; b=YzWHFyoPmxXGqF2naIqmegHlcw6wit5KsUrrzTfKDe6mnLX5om1TVmZ8P9T1nEnaA9 Ygh29gkd1uxLm6w6g1LvuX/J8EhO+ihAhAmdd5lN4lf9aOI9PVrzcxgfJ4SML/ezcu/a D5j1wfVSLlVJvVuOp62NcrIvK13Cjdhbd2RHrhoFHpBMpxtg5LH6rb6Z9/S+zthEgh84 jFolIYQEtndG/xpIhWMNnGt/q4UIIaVh8Bf3TFn3XXvyp7jzqjwE/SEPwj7hc1si0WRK iGZWoavEQeGDgT+9mFnY69xalSgxaBNusQ1QqnngpvxQkhJj6mIYJ6mLLlDPb5am8ivQ q75w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id :disposition-notification-to:date:user-agent:mime-version :in-reply-to:content-language; bh=mRLLtWSnHtISRgbP6zO2Iv31+b7H+uUc+ffi2o5JejE=; b=cwXVK4IgM/T3JP+/KQmgHTSFVIvVG1obPahTswA8IpN3K4xRfyN3+eXl7dJKLRjDVr ppkG2jO2SxJuOqX1gXZv5ry/J1QFttHCSJ4DmoC0TdBWylQg6gLY7KN9CMVu2+DFIyK8 Ws6s6zMD+44tbqXxm9nWn1jWkvF1oSlAsBFwJrUqi/P0YvqF9QZeXMhKMAAT5QYK3/Q+ eaauRvvMMSNXGzv3QpQhuUVUx70KCwY84gh42/LNqPIMtib2SL2Nbk5ua9HluefIO3uT FATU/D8/XgiQErkdDK6DUZwRtJ/PzSEk2/iJtH/gJXaSzynGvyDsNKKBFnkpEPuLCmry u1Mw== X-Gm-Message-State: AElRT7EFYCX0ulMX4T7MAaNUkIZkcsFymtQyj0vCoC1al4HFmgS1I5ko U5LyZjLz8lXsWC5b4uSSoHLMug== X-Google-Smtp-Source: AG47ELswMV//kZjK3F9BXhTlmoEHMQpdUN4YXnAj3LxUQ8v+sRE6vglnvvM7F2i5a6o6RjfvCKuExw== X-Received: by 2002:a17:902:600e:: with SMTP id r14-v6mr2875295plj.200.1520707840628; Sat, 10 Mar 2018 10:50:40 -0800 (PST) Received: from [192.168.1.7] ([35.129.64.201]) by smtp.googlemail.com with ESMTPSA id 205sm9005498pfw.88.2018.03.10.10.50.39 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 10 Mar 2018 10:50:40 -0800 (PST) Subject: Re: freebsd-questions Digest, Vol 717, Issue 4 To: freebsd-questions@freebsd.org References: From: "J.B." Message-ID: Date: Sat, 10 Mar 2018 10:50:39 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Mar 2018 18:50:42 -0000 On 03/08/2018 04:00 AM, freebsd-questions-request@freebsd.org wrote: > Message: 16 > Date: Wed, 7 Mar 2018 20:55:54 -0800 > From: "Jack L." > To: "J.B." > Cc:"freebsd-questions@freebsd.org" > Subject: Re: How to prevent HDD spin-down. > Message-ID: > > Content-Type: text/plain; charset="UTF-8" > > I use this to make those seagates quit "chirping" > > /sbin/camcontrol cmd drive# -a "EF 85 00 00 00 00 00 00 00 00 00 00" > > On Tue, Mar 6, 2018 at 1:19 PM, J.B. wrote: > >> On 03/06/2018 04:00 AM,freebsd-questions-request@freebsd.org wrote: >> >>> Re: How to prevent HDD spin-down. >>> >> Thank you to everyone for your helpful tips and suggestions. You make >> FreeBSD great.:) >> >> I tried the camcontrol suggestion first since it didn't require installing >> anything, but it didn't seem to work. Tried sysutils/ataidle next since it >> allows keeping spindown but with a reasonable timeout, and it seems to have >> worked perfectly: ataidle -P 127 /dev/ada0. >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to "freebsd-questions-unsubscribe >> @freebsd.org" >> Interesting, thanks. (`man 3 cam_cdbparse` has the command and data specification syntax). From owner-freebsd-questions@freebsd.org Sat Mar 10 23:35:28 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D5F94F40182 for ; Sat, 10 Mar 2018 23:35:27 +0000 (UTC) (envelope-from carl@chave.us) Received: from mail-pf0-x231.google.com (mail-pf0-x231.google.com [IPv6:2607:f8b0:400e:c00::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 68A286BA4E for ; Sat, 10 Mar 2018 23:35:27 +0000 (UTC) (envelope-from carl@chave.us) Received: by mail-pf0-x231.google.com with SMTP id a16so2786155pfn.9 for ; Sat, 10 Mar 2018 15:35:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chave-us.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=I0IRHDcI5B8yY2klxdjZjzbgSidtxjbyzkaf09S0BUo=; b=GmVP3+aodpip25gy3zYtnvnA1BqLY4LbyIj/ftGM1wAFdUtwlej6lhDtPi8OvpGGs1 nh/GFd/ECNxARvMS9zaWhCqTtyxOsSK2FMJa6Chm77PIhUYZahMAw1I52BQVwa0M89+s IqEx2B+vFjY/FVaVL1sPw1gkmxZOru2YQ5TkAPDC6N7TQ473urPTvziXhTAlc7vwd4E8 +RKzry4/Qsdvenrdn3gcCtfcofiirajFf1UDGZIN579UCgyTbfsd26mEt6TBGkwqvRrH H0FZRhwVdxvrcl8KT/H4UjjkLXDAUAJYnT/5jeiPF9GXh8ZBWvzngndhlh5ucycHnVzJ UXLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=I0IRHDcI5B8yY2klxdjZjzbgSidtxjbyzkaf09S0BUo=; b=ZOsBupKqtWDjfJifBQUrDy6xc65QVQZvtSqajLFaBcxNU1Tb0NwhUJyX7jA475Btld zOTtuAb+YcLnRb7M8QefkkF+OemcR7yIB8ltWOVzWjZiX23VFsaHoCefJCHS+hfYojhb D0cocwAxfM4qTb9jzI4nix+q75pTYrpY0mfw3RjPGrBOr7VxDWAo9YmtjIeYeHqWkBBU Z8ecRMFyDXbQWXYhfTC+5b0nROgDGbN7D/EyVmJvX99JjmfRsfLwU1qzG9HXr22UCH6p zUXxS7IjDhRd6+pW6MYseXCJJ3xvR5qt14DpSNJ/0O7Zlg5P5KvPywSMJ39O0EirN7J3 wMBw== X-Gm-Message-State: AElRT7GdIR/EpP55E67RZS4gasGAfmCB8MYiEzJjw7x+ou2PVgBhUQP6 NdVF798kzs1WpvuZx5IEDgUq7F7cww1mHAm+IShjZw== X-Google-Smtp-Source: AG47ELuwXQRPL1a+/royTB/B4WQ5VlvUpwoUfcFR+s+Da5VtwEpFOspTnhyKE4BkttYbHHxltUGSF1MANOh0UO8r+gA= X-Received: by 10.98.82.144 with SMTP id g138mr3169120pfb.239.1520724926145; Sat, 10 Mar 2018 15:35:26 -0800 (PST) MIME-Version: 1.0 Received: by 10.100.255.149 with HTTP; Sat, 10 Mar 2018 15:35:25 -0800 (PST) In-Reply-To: <20180310104354.GA11201@ymer.bara1.se> References: <20180307071944.GA30971@ymer.bara1.se> <20180309123021.GA9355@gsp.org> <20180310104354.GA11201@ymer.bara1.se> From: Carl Chave Date: Sat, 10 Mar 2018 18:35:25 -0500 Message-ID: Subject: Re: Increased abuse activity on my server To: FreeBSD Questions Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Mar 2018 23:35:28 -0000 I always thought "port knocking" was a neat method to minimize port exposure. Never actually used it myself but maybe worth a mention here. On Sat, Mar 10, 2018 at 5:43 AM, User Hasse wrote: > Hello and thank you very much for your reply. > > Regarding the first part of your answer, I thought my question was > perfectly clear > and easy to answer. "Anybody else noticed increased abuse activity on your > servers ?" > and that was my sole and only question. > > But your answer was interresting to read. Specially the AWS part, that I > was not aware of. > > So, thank you very much for your time and effort to help. > > All the best > Geir Svalland. > > ------------------------------------------ > On Fri, Mar 09, 2018 at 07:30:21AM -0500, Rich Kulawiec wrote: > > On Wed, Mar 07, 2018 at 08:19:44AM +0100, User Hasse wrote: > > > I belive I see an increased amount of abuse attempt on my server by > several 100% > > > in the last couple of months. Anybody else noticed ? > > > > This is a question that can't be answered because it's not correctly > asked. > > > > "abuse" has many facets, and what you see on your server is totally > > different in character, source, volume, etc., from what everyone else > > sees. Yes, it's possible to collate many different reports from > > disparate operations and perhaps -- MAYBE -- arrive at some general > > conclusions about the overall state of abuse Internet-wide, and that's > > an interesting intellectual exercise...but it's not much help to you. > > > > Moreover, given the high degree of sophistication among some abusers, > > what you see today may have little or no relationship to what you see > > tomorrow. So reacting to recent events, while not necessarily bad, may > > not avail you much in the long term. > > > > A better approach is to be pro-active. Not only should you turn off > > all services that you don't need, but you should block access to them > > from every part of the world that doesn't have an operational need for > them. > > > > For example: > > > > Suppose you run an ssh server. And suppose that you only need to allow > > access to it from the US, Canada, and the UK. Then (a) put in a > firewall > > rule that denies access globally and (b0 add rules to allow access from > > only those three countries. (See ipdeny.com for the network blocks.) > > > > This does *nothing* to stop ssh abuse from the US/CA/UK, but it does > > *everything* to stop it from the rest of the world. (Yes, I'm aware > > of proxies and VPNs.) > > > > The next step is to look at the ssh abuse coming from cloud operations: > > for example, AWS is a notorious, chronic, systemic source of abuse and > > attacks because the people running it are incompetent and negligent. > > Block it. All of it. Because unless you have an operational need for > > personnel to ssh in from there, there's no reason not to. Repeat with > > other cloud operations that behave in a similarly hostile fashion. > > > > And then keep track of where further abuse comes from. Keep the logs > > and look at the statistics over a day/week/month/year. Other entries > > for firewalls will suggest themselves. Use them. > > > > This is a *vastly* better approach than attempting to react on the fly > > with things like fail2ban. It shuts down the abuse -- at least from > > the sources you enumerate -- permanently. After all, if someone out > > there insists on providing you with evidence of their malicious intent > > all day every day, how much evidence do you need to see before you > > believe them? And if you believe them, why in hell would you continue > > to provide them with services? > > > > The same approach works with pops and imaps and other services. Firewall > > out every place that will never need them, then start firewalling out > > every place that attacks them. If you're careful and diligent about > this, > > then over time you'll find that it gets easier -- because there's less > > and less to deal with. Of course it never stops entirely: there are > > always newly-emerging sources of abuse. But this approach drastically > > reduces the scale of the problem and makes it tractable. It works > > in nearly all production environments with a few exceptions -- and > > you're not one of those. > > > > ---rsk > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org" >