Blocking WordPress Pingback Verification DDoS

Recently one of the websites I host has come under a few reasonably sized DDoS attacks. The attacker has been (mis)using a WordPress feature, pingback verfications. The attacker sends requests to WordPress sites that have this feature enabled, the WordPress sites then send a HTTP request to the target site to verify the pingback. If […]

ExaBGP – BGP routing with health checks

ExaBGP is an excellent tool for playing around with BGP. It is feature rich, has an API and gives you the option to run scripts which can announce/withdraw routes. In my environment I use ExaBGP for certain services to ensure high availability (and load balancing using equal cost multipath, ECMP). To do this I wrote […]

PuppetDB: [400 Bad Request] Missing required query parameter ‘payload’

After upgrading the packages on my puppet master server with puppetdb I was getting this error when running the agent:

During the package upgrade puppetdb was restarted, but the restart didn’t work (a new process was started but the port was already in use). To fix this, kill the puppetdb process and then start […]

Nginx + Google Pagespeed Debian Package

The normal Debian mirrors do not carry the nginx package with the Google Pagespeed Module. These instructions will allow you to create your own package that includes Pagespeed. The nginx package is from wheezy-backports which has a newer copy of nginx than the normal wheezy repo, remove -backports from any commands you run if you […]

Debian ISCSI Oops

I upgraded a Debian Squeeze server to Wheezy recently which was running iSCSI with a Windows 7 initiator. When I started writing to the iSCSI device it would drop out and the server would show an oops message on screen like this:

SSHFP records

I hate getting this prompt:

If you see it often enough you probably ignore it – it then loses its purpose if you find yourself blindly typing yes. SSHFP records stop that happening. As I secure my DNS zone with DNSSEC already I think this is an acceptable way of verifying the host at […]

ESX/vSphere grow disk under Linux

If you are running VMware ESX/vSphere with a Linux VM that is running out of disk space it is usually a trivial task. Assuming you have a simple partition layout like this:

If you want to grow the root partition follow these instructions. If you are growing a block device that has no partitions […]

StartSSL certificates with Apache mod_ssl

I have been using StartSSL for free SSL certificates for a while. They are great for personal projects – they are trusted by every device I have tried so far and they are issued almost immediately. You can test if the certificate is trusted by accessing this post as https – click here. Note that […]

Debian Multiple IPv6 Interfaces

I have been trying to figure out how to set up multiple IPv6 interfaces properly the “Debian” way but it seems like something is a bit broken now. Lets say I have two interfaces: eth0 and eth1. eth0 is on vlan 100 and eth1 on vlan 200. I would expect this to work in /etc/network/interfaces:

Debian Wheezy ipvsadm error

After upgrading some load balancers to Debian Wheezy I noticed this error (happens when dpkg-reconfigure ipvsadm) is ran:

If you encounter this error you can run this sed command to fix up the template: sed -i -r ‘s/^_+//’ /var/lib/dpkg/info/ipvsadm.templates