Archives for 2015

You are browsing the site archives by date.

np1sec challenge

The challenge involve partially implementing some of our XMPP test client event handlers for namely join, receive and send. The result will be a client that people can use to join and chat securely. Note that the purpose of the challenge is for the EQ team to get to know the candidates and be comfortable with their C++ competence before commencing our interview process. Please reach out if you get stuck somewhere – this is not considered against you.

Step 1: Get the code and get it compiled:

You need our fork of libgrypt for it:

https://github.com/equalitie/libgcrypt

Then you need to get the code

https://github.com/equalitie/np1sec

and follow the README. Finally test with the mock client:

./libnp1sec_test

If you link to original libgcrypt you’ll get some kind of grypt related
error.

Step 2: Run the xmpp test client. It is implemented in

https://github.com/equalitie/np1sec/blob/master/test/xmpp_test.cpp

Login to two different accounts. try
to chat, etc.
Step 3: Implement the join/send and receive handler

Look at the example at:
https://github.com/equalitie/np1sec/blob/master/test/chat_mocker_np1sec_plugin.cc#L54

and

https://github.com/equalitie/np1sec/blob/master/test/chat_mocker_np1sec_plugin.cc#L127

Notes that in case of mock client join and receive handler both are being handled by chat_mocker_np1sec_plugin_receive_handler but it happens in different function in case of libpurple.

Step 4: Implement the call backs:

You need to give some call backs to np1sec library. You can find the
association in case of chat mocker here:

https://github.com/equalitie/np1sec/blob/master/test/session_test.cc#L62

mockops->send_bare = send_bare;
mockops->join = new_session_announce;
mockops->leave = new_session_announce;
mockops->display_message = display_message;
mockops->set_timer = set_timer;
mockops->axe_timer = axe_timer;
They are implemented here:

https://github.com/equalitie/np1sec/blob/master/test/chat_mocker_np1sec_plugin.cc#L135

You only need to implement send_bare and send a do nothing functions for set_timer/axe_timer.

Step 5: Test your client:

Follow the lines in

https://github.com/equalitie/np1sec/blob/master/test/session_test.cc#L189

to initiate the np1sec UserState and see if you can join and talk to yourself.

Read More

Be the (Web) Master of your own (Secret) Domain

We are very pleased to announce that all websites signing up for DDoS protection with Deflect will now receive an authenticated password giving them easy access to their admin panel without having to reconfigure settings on their host server.

In the past, our practice has always been to set up a special secret login address which we would send to each site (known as a nocache address) and webmasters would then have to configure their servers to respond accordingly whenever they needed to access their admin page (as detailed in Step 5 of the Walkthrough on our wiki)

We did this to avoid any problems with the admin panel itself being cached. In such circumstances, any changes in content made to the website would be subject to the caching process rather than take effect immediately, thus affecting the user experience.

The problem has been solved by tweaking our detection software to distinguish between legitimate users and attackers – just as it does with traffic to the public website – by checking that the authenticated password and authenticated cookie match up whenever a request is made to log in. If everything does match up, the user gets access to the admin panel and any changes made take effect immediately rather than being affected by the caching procedure. Unauthenticated users will be blocked.

We are in the process of offering current Deflect users the opportunity to switch to the authenticated password system.

In the previous procedure, hiding the URL added an extra layer of security for the site since it made it much more difficult for hackers to guess the address (…/admin , /login etc) and brute force their way in using password-cracking software. Of course it is good practice to keep a secret URL address to increase security by one more layer, so we will always provide the option for new users to change their admin URL from the default address to a secret one.

Today’s announcement marks another stage in our goal to simplify every step of the Deflect signup procedure. Below is a preview of the new Dashboard, the first thing you will see after signing up and receiving your login details. Notice the magnificently reduced steps involved in becoming a full Deflectee.

new_setup_screen_1

Coming very soon!

Read More

Creating a Hosts File Entry

If you wish to access your domain before your DNS has been updated, you can update your local ‘hosts file’, which will allow your computer to view your new site. Follow the appropriate instructions below.

Please note that this will work only with HTTPS and not with HTTP.

If you need any help with this procedure (for example because nslookup is not installed in your system and you can’t figure out what the IP of your SFTP server is), we are ready to help: please contact us through the Dashboard or send us an email.

OS X:

  1. Open Terminal
  2. Launch the following command (replacing SFTP_host with the address of your SFTP host you received in your activation email):

    $ nslookup SFTP_host

  3. The result will be something like the following output. The last line contains the IP address of your SFTP host, which you will need to add to your hosts file (numbers arranged in this form: XX.XX.XX.XX).

    Server:        YY.ZZ.XX.ZZ
    Address:    YY.ZZ.XX.ZZ#53

    Non-authoritative answer:
    Name:    grwtrcweg.deflect.ca
    Address: XX.XX.XX.XX

  4. Type ‘sudo nano /private/etc/hosts’
  5. Press Ctrl+Shift+V to take you to the end of the file
  6. Enter the text ‘XX.XX.XX.XX <yourdomain>’ (replacing `XX.XX.XX.XX` with the actual IP of your SFTP host and <yourdomain> with the URL of your website).
  7. Press Ctrl+x to exit
  8. Press y to save

Alternatively you can download the Hosts preference pane helper from here: https://github.com/specialunderwear/Hosts.prefpane/downloads

Windows:

  1. Launch the Command Prompt and enter:

    C:\>nslookup example.com

    whereby you need to replace example.com with your SFTP host address.

  2. The result will contain the IP address of your SFTP host, which you will need to add to your hosts file (numbers arranged in this form: XX.XX.XX.XX).

    Address: XX.XX.XX.XX

  3. Click “Start” button
  4. Click “All Programs”
  5. Click “Accessories”
  6. Right-click on Notepad and then click Run as administrator.
  7. If you are prompted for an administrator password or for a confirmation, type your password, or click Allow/Yes.
  8. Open the Hosts file. Discover the location for your version of windows here (https://en.wikipedia.org/wiki/Hosts_(file)#Location_in_the_file_system)
  9. Enter the text ‘XX.XX.XX.XX <yourdomain>’ (replacing `XX.XX.XX.XX` with the actual IP of your SFTP host and <yourdomain> with the URL of your website).
  10. Click Save on the Edit menu. (If using Windows 7, you will need to click Save on the File menu.)

Linux:

  1. Open a terminal.
  2. Launch the following command (replacing SFTP_host with the address of your SFTP host you received in your activation email):

    $ nslookup SFTP_host

  3. The result will be something like the following output. The last line contains the IP address of your SFTP host, which you will need to add to your hosts file (numbers arranged in this form: XX.XX.XX.XX).

    Server:        YY.ZZ.XX.ZZ
    Address:    YY.ZZ.XX.ZZ#53

    Non-authoritative answer:
    Name:    grwtrcweg.deflect.ca
    Address: XX.XX.XX.XX

  4. Open the file /etc/hosts with vim or your favourite editor as root:

    $ sudo vim /etc/hosts

  5. Add the following line, replacing `XX.XX.XX.XX` with the IP address of your SFTP host, `example.com` with the URL of your website and `example` with the name of your website:

    XX.XX.XX.XX example.com example

  6. Ensure that the nsswitch.conf file is correct. The nsswitch.conf file controls in which order services will be consulted for name service lookups, in our case we are looking for the “hosts” service:

    $ grep host /etc/nsswitch.conf hosts: files dns

    Check that “files” comes before “dns”. If it doesn’t, edit the file to obtain the above result.

  7. Check that your changes produced the wanted effect with this command:

    $ ping -c 1 example.com

    The result should be something like this (with XX.XX.XX.XX being replaced by the IP of your SFTP host):

    PING example.com (XX.XX.XX.XX) 56(84) bytes of data.

Read More

Migrating Your WordPress Site to Us

If you already have a working WordPress site that you wish to move to eQPress, the first thing you need to do is sign up with Deflect and specify that you would like to move your existing website to eQPress, providing us with the first and last name of your admin (they don’t have to be the official ones!). It would be also helpful to know if your WordPress instance contains a single website or is a multi-site with subdomains (http://sub.example.com) or subdirectories (http://example.com/sub).

This post contains information for migrating your website to eQPress. If you need any help, don’t hesitate to ask for our support.

What we need:

  1. A database dump of your existing WordPress site. You may need to request this from your existing hosting provider if you do not have the facilities to make a database dump yourself, or you can follow these instructions.
  2. The complete backup of your existing WordPress site files, which you can easily obtain by following this guide.

If you want, you can use a plugin to obtain your database dump and website backup. There are many such plugins for WordPress, and you can pick the one you prefer from this list.

Read More

How to Flush Your Local DNS Resolver’s Cache

If your computer cannot reach a certain website this could be because your local DNS resolver’s cache contains an outdated record. For example, you updated your DNS records to point to eQPress but instead you are seeing your old website. This is when flushing your DNS cache will speed things up.

Mac (OS X)

In the Command Terminal, type one of these commands:

sudo killall -HUP mDNSResponder
sudo discoveryutil udnsflushcaches

sudo dscacheutil -flushcache
sudo lookupd -flushcache

Windows

Run the following command in a Command Prompt window:

ipconfig /flushdns

Read More

Deflect – 2014 in numbers

The Deflect projects protects human rights and independent media websites from distributed denial of service (DDoS) attacks. It is a free service for qualifying organisations and the source code is publicly available on the project wiki. In our third year of operations we protected websites from over 60 countries and present herein some interesting facts and figures from 2014.

deflectpartners2014

 

2014 AVERAGES

MONTHLY VISITORS (UNIQUE): 3.14 MILLION

PAGES SERVED (DAILY): 1.44 MILLION

DAILY TRAFFIC (MB): 193374.54

 

2014 ATTACKS

DDOS ATTACKS MITIGATED: 100%

HIGHEST TRAFFIC LEVEL*: ~50GBPS

LARGEST BOTNET: ~15000 MEMBERS

 

* These measurements do not include UDP layer attacks, which are known to generate the biggest traffic levels

 

The Deflect network is attacked all the time by various botnets. These attacks can often be measured by a spike in bandwidth, connections to our servers and number of banned IPs. The following diagram represents network bandwidth in 2014.

bandwidth_2014_zoom

And now the same diagram but zoomed out so as to capture traffic levels generated by large DDoS attacks against Deflect protected websites.

Bandwidth (http level attacks)

We have developed various botnet identification and banning toolkits. They are publicly available from the project wiki. The following diagram displays malicious bot IPs we identified and banned in 2014. Note that this diagram would not line up with the generated traffic levels since banned IPs cannot request data from the network.

 

malicious_bots_banned_by_deflect

 

TOP 5 COUNTRIES VISITING DEFLECT PROTECTED WEBSITES

1. ua Ukraine 116,736,778 pages

2. us United States 79,519,912 pages

3. ru Russian Federation 32,841,316 pages

4. de Germany 19,842,609 pages

5. it Italy 15,610,504 pages

 

2014 IN DETAIL

https://deflect.ca/stats/2014.html

Deflect

Read More