It’s late (or very very early). The heat from today has finally gone, though its still muggy and sweaty. I’ll post a picture of the view from the back of the apartment block when I get the chance. Why would you be reading this anyway, I don’t have any great pearls of wisdom like randsinrepose, and I certainly don’t have a fascinating life jetting around the world, riding a web 2.0 wave.

Nope, I’m just me. I’m a hacker, or so I like to think, the white hat variety if you want to classify me further. I spend countless hours writing code in a variety of languages, and perhaps I’ll share some of that here. 

No, what I am is a man in his late twenties who is struggling to find balance and purpose…beyond that of just surviving. I watch as people get rich in the industry around me and wonder where I went wrong. Not that anything is drastically wrong, but I’m not making a bucket load of money or solving all the worlds problems either. I haven’t created any great and wonderous technologies that I can be proud of.

I am dark and empty. I’m looking to build, and expand – to learn and to excel. This is certainly not the first time I’ve blogged. But it is a new beginning. A lot of what I would like to accomplish is to learn to put words on paper again. I’m no poet or author but I do have stories to tell and questions to ask.

Enough for now, I have to sleep and then get up and go to work. One more day.

The room is empty except for a desk and a chair. I walk across and unpack my laptop, setting it up on the desk and plugging it into the power. I haven’t even swept the place yet, or replaced the blown light globe. It has the dusty feel of a place that hasn’t been used in quite a while.

There is power but no phone or internet, so its just as well that I have a couple of 3g cards hanging around from my work. The apartment is not the nicest place that I’ve ever lived but it has the benefit of being close to the city.
About the only thing that I’ll definately *have* to have to make the apartment habitable is an airconditioner.  I am definately not fond of the hot summers that cook Sydney. My first love affair with air conditioning came when I’d just started high school and we moved to the country town of Mildura, VIC. Its a farming town at the tip of Victoria, right before where the Darling River joins the Murray.

As towns went I didn’t hate Mildura, of course I had the internet for the very first time in Mildura so maybe that puts it up there on the list of place i’ve lived. I digress, Mildura bakes in the dry heat that only a place on the edge of the desert can. EVERY house has an airconditioner, they don’t make them without the big box on top.

The heat will burn you to a crisp out there, so having somewhere to escape after walking home from school is what made me appreciate air conditioning.

I have to go out. I’ll tell you more later.

I’m not a graphic designer. But my use of Twitter has done exactly what I’d hoped and been a focus for my thoughts. As an individual if I want to pump out an impressive web site I have to be able to do every part of it. Unfortunately that means being able to implement a CSS design.

Admittedly you can rely on sites like OSWD, OpenDesigns and OpenWebDesign for a while, or you could buy a commercial design. There is also some good *base* templates around, but in the end though you’ll need to customise those designs at the very least, and at the very worst you won’t find something you need.

With this in mind I decided that it was high time that I created some simple designs of my own, using the best techniques I can manage. They won’t be perfect, but they’ll be a starting point. I’ll post my first results in a couple of days. In the meantime I’m very interested to talk to people that do Web 2.0 designs and pick their brains as to the right way of doing things.

A while ago (right after Rails Rumble) I decided to rework Bort to suit my own tastes. I renamed my Bort derived rails base app to Boiler. Yesterday I went through and reworked Boiler from a newer copy of Bort. I added a more inviting default theme and some of the other plugins and gems that I use regularly. You can check it out at www.github.com/vertis/boiler

I’ve avoided using twitter for quite a while (for who knows what reason). But I finally relented and signed up for an account while I was looking for good ruby and rails blogs to follow and stumbled across a post that had a complete list of famous Ruby people (Rubyists). I have to say that so far I haven’t been disappointed with it.

It reminds me a lot of IRC but without the having to join lots of channels and check all of them for discussions (when mostly their idle with spurts of discussion). I’ve wanted to be more involved with the ruby and rails social aspect since I took part in Rails Rumble 2008.

I will be interesting to see how my usage of twitter evolves over time.

In my afternoon break I’ve been reading about a photographer that was arrested and charged for taking photographs at Penn Station in New York. You can read about it on Carlos Millers blog.

I’ve been following the Australian Internet Censorship debate pretty closely, and this is another issue that while on the other side of the world distresses me.

I’ve taken photos at train stations numerous times without incident. Hell I’ve taken photos at (domestic) airport terminals without problems.But thats out here, where we haven’t been touched quite so much by terrorism. Sure we came along for the ride in Afganistan and Iraq (like any good ally will). But we’ve not had the world appear to end above our heads (or quite likely at eye level since I’m sitting in a skyscrapper right now). I understand where someone on the other side of the fence is coming from…its simpler if noone takes photos.

What the Amtrak police did was make a presumption of guilt. Wielding a camera makes you a terrorist (because thats what terrorists do). It is beside the point that you’ve got credibility (veteran/ticket/contest) when they scratch the surface, there is now an environment of paranoia about terrorist attacks. The sad thing is that it means that the terrorist attacks have been successful, they have instilled terror into the hearts of Americans.

I’ve been quiet over the Christmas/New Year period, that doesn’t mean that I’ve left my computer alone on the contrary I been working on some projects that have been waiting for quite a while. The most important of which is a tool to fight back against the hackers and bot networks that have been trying (unsucessfully) to bruteforce servers I own or manage for the last 2-3 years. I have seen other posts about the rise of bruteforcing attacks on ssh servers recently, and the added complexity of those attacks coming from multiple locations (botnet coordinated).

Bruteforce attacks on SSH are nothing new, I remember seeing them as far back as 2005. At the time I was managing about 25 linux servers and the bruteforce attacks would cause accounts to get locked out (which I would then have to unlock). For the most part we dealt with the problem by having a strict hosts.allow/hosts.deny setup (and of course auditing passwords for complexity). Beyond that, I was somewhat powerless to do anything about the attempts.

These days I run a dedicated server and a couple of virtual servers, and I was seeing the same kind of attempts in my logs. Unlike managing someone elses servers though I have the ability to actively fight back against the attacks. So I am.

I started using ‘kojoney’, an SSH honeypot, but found that while it was fun watching the hackers login and try and compromise a sandbox, it was not what I wanted. So I modified kojoney to log the password used as well (in addition to the username) and setup a ruby on rails project that would record this information, along with the originating IP address, and attempt to login to the IP address with the username/password combo. I called the project mirror, a sort of if you bruteforce me it’ll bruteforce you kind of thing.

Then I left it alone. I hadn’t expected to see any success. But when I checked the logs a few days later I’d successfully logged into a host in poland. It was a non priviledged account but I backed up everything that the people had uploaded, and changed the password on the account.

A few days later I scored another server, this time a root account. I decided that rather than manually logging in and disabling their access I would go one step further and setup capistrano tasks to secure the box (as much as you can a box that has been compromised at a root level). Not only that but the ssh bruteforcer that had been running on this host had gotten 2 more vulnerable root accounts.

There is typically 2 pieces of software installed on the box. A ssh bruteforcer, and a botnet client, at times there are multiple copies of both, if the host has been compromised multiple times.

So far its ME 4 to Crackers 0. I know the battle isn’t over, and that what I’m doing is somewhat grey, but I don’t know of a more ‘white hat’ way of helping stop hackers. If those four servers are managed by people that a *clearly* stupid, then someone has to step into the breach. Now if only I could find somewhere to send the invoice for my time.

I will provide anyone that is a legitimate security researcher with more details (upon request), including copies of the botnet and ssh-scan software (which shouldn’t be to hard to get with a regular honeypot anyway).