Using mod_spamhaus to block TOR in Apache

Some web spammers use the Tor Project to hide their wrongdoings. Because of this, I want to block Tor exit nodes from submitting forms on my web sites. However, there are many legitmate uses of the Tor Project, so I don’t want to block GET requests but primarily POST requests.
  1. Run sudo apt-get install libapache2-mod-spamhaus
  2. Open /etc/apache2/mods-enabled/mod-spamhaus.conf for editing (as root)
  3. Edit the MS_METHODS configuration setting. Make sure that POST is included and GET is not. Example:
    MS_METHODS  POST,PUT,OPTIONS,CONNECT
  4. Edit the MS_Dns configuration setting. If the IP address of your server is 198.51.100.222, and the port of your web server is 80 as usual, you start with the port number, reverse the numbers in the IP address and the setting becomes:
    MS_Dns 80.222.100.51.198.ip-port.exitlist.torproject.org
    So, for IP address A.B.C.D and port E, the value becomes E.D.C.B.A.ip-port.exitlist.torproject.org
  5. You may also want to edit the MS_CustomError setting. In my case it looks like this:
    MS_CustomError “Limited access for certain clients. Please contact abuse at 2good.net to get full access to our services.”
  6. Enable the apache module with sudo a2enmod mod-spamhaus
  7. Restart apache with sudo service apache2 restart
Your will get log entries like this:

[Fri Nov 16 04:28:05 2012] [crit] [client 37.59.162.218] mod_spamhaus: address 218.162.59.37.80.222.10.74.109.ip-port.exitlist.torproject.org is blacklisted. Deny connection to forum.taurin.se/index.php, referer: //forum.taurin.se/index.php?topic=1731.0

Unable to use Mosh to connect to one of my servers

I’ve only used Mosh: the mobile shell for a  couple of weeks, but I am definitely a convert! However, I couldn’t get mosh to connect to one of my servers (an OpenVZ instance).

The error manifested itself as the client trying to connect to the server but not getting any response:

mosh: Connecting... [To quit: Ctrl-^ .]

Today I decided to debug the issue. As the client actually was trying to connect, I tried to simply start the server:

$ mosh-server new

MOSH CONNECT 60001 rSbp4ENDdzd/TKBOrrEeVg

mosh-server (mosh 1.2.2)
Copyright 2012 Keith Winstein
License GPLv3+: GNU GPL version 3 or later .
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

[mosh-server detached, pid = 32582]

But when I checked the process list, it wasn’t running anymore:

$ pgrep mosh-server
$

Time to add some verbose output:

$ mosh-server new -v 

MOSH CONNECT 60001 hQ5ab1JjgUytXRZmy5ti6A

mosh-server (mosh 1.2.2)
Copyright 2012 Keith Winstein
License GPLv3+: GNU GPL version 3 or later .
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

[mosh-server detached, pid = 14208]
forkpty: No such file or directory

This must be important: forkpty: No such file or directory, but what does it mean?

Some googling showed that it meant that /dev/pts was not mounted on my system, and it was indeed not mounted:

$ mount
 /dev/simfs on / type reiserfs (rw,usrquota,grpquota)

(Yes, I’ve also wondered why my host is running ReiserFS.)

So I checked my /etc/fsab:

$ cat /etc/fstab
proc  /proc       proc    defaults    0    0
none  /dev/pts    devpts  rw          0    0

It’s there, but still not mounted? Oh well, easy fix:

sudo mount /dev/pts

After that fix, I could successfully connect to my server with mosh!

Setup a new headless Ubuntu VM in VirtualBox on FreeBSD

  1. Download from //virtualboxes.org/images/ubuntu-server/
  2. VBoxManage register “/storage2/virtualboxes/Ubuntu server 11.10/Ubuntu server 11.10.vbox”
  3. VBoxManage list vms
    “Ubuntu server 11.10” {231c28f0-19bb-48d7-9db4-ba29de37e5fd}
  4. VBoxManage modifyvm “Ubuntu server 11.10” –usbehci off
  5. VBoxManage modifyvm “Ubuntu server 11.10” –pae on
  6. VBoxManage modifyvm “Ubuntu server 11.10” –nic1 bridged –bridgeadapter1 em0
  7. VBoxManage sharedfolder add “Ubuntu server 11.10” –name backup –hostpath /backup
  8. nohup VBoxHeadless –startvm “Ubuntu server 11.10” -n 2>&1 &
  9. Connect from desktop via VNC to configure and install guest additions (sudo apt-get install virtualbox-guest-dkms)
(Note that my blog converts two dashes to a single long dash above.)

Moving a DokuWiki site to a new server

I have customized my DokuWiki installation to allow multiple wikis, similar to running multiple WordPress blogs on different domains. My /etc/dokuwiki/local.php looks like this:

This means that I have multiple DokuWiki sites in my /var/lib/dokuwiki/ directory. To copy only one of them:

  1. Copy the /etc/dokuwiki/hostname directory and symbolic links
  2. Copy the /var/lib/dokuwiki/hostname directory and symbolic links
  3. Copy the template(s) from /var/lib/dokuwiki/tpl/templatename or /var/lib/dokuwiki/lib/tpl/templatename

Installing tarsnap on a vanilla Ubuntu server

  1. cd /var/tmp/
  2. curl -O //www.tarsnap.com/download/tarsnap-autoconf-1.0.31.tgz  (or actually the latest version from //www.tarsnap.com/download.html)
  3. sudo apt-get install gcc e2fslibs-dev zlib1g-dev libssl-dev make
  4. cd tarsnap-autoconf-1.0.31 (directory name corresponding to the downloaded tarball)
  5. ./configure && make && sudo make install
  6. sudo tarsnap-keygen –keyfile /root/tarsnap.key –user username –machine machinename (note that my blog converts two dashes to a single long dash so you need to edit this line after cut & paste)
  7. sudo cp /usr/local/etc/tarsnap.conf.sample /usr/local/etc/tarsnap.conf
  8. sudo vim /usr/local/etc/tarsnap.conf (if you need to edit any options)

Gmail as Mail Reader in GNOME

Simply install GNOME Gmail in your Linux distro and change the Mail Reader in System -> Preferences -> Preferred Applications:

If you use Ubuntu Maverick Meerkat (10.10) or earlier you need to download the GNOME Gmail .deb but in Natty Narwhal (11.04) you can install it directly from the unsupported universe repository.

Maverick Meerkat joys

In retrospect, I really don’t understand why I didn’t upgrade my primary laptop (Thinpad T60p with ATI graphics) earlier, as the Spotify issue was resolved a long time ago.

Maverick feels a bit faster than Lucid, so I’m really happy.

Maverick Meerkat disappointments

Ubuntu 10.10, with codename Maverick Meerkat, was released on 10 October 2010. So far it has only made me disappointed.

First of all, when I have the USB cable for my LG L1510SF touch screen, X crashes in xf86findOption. I have submitted bug reports via Apport, see Launchpad bug #657895.

Second, Spotify crashes on certain mouse events with the newer Qt version. More information:

Don’t upgrade if you want any of the above to work!

Spotify 0.4 in WINE: “File is an unsupported format”

I bought Serengeti‘s album Standing Steady on MP3 from Bengans and wanted to play it in Spotify as “Local Files”. It worked perfectly in MS Windows, but on Ubuntu I got “File is an unsupported format”. WTF?

Spotify acknowledges this:

Spotify uses the system-supplied MP3 decoder on all platforms, and during our limited testing we found the Wine decoder to be excessively unstable on quite a few MP3 files, including some from our purchase partners. We are therefore blocking codecs with the identifier “WINE-MPEG3″ until the Wine system works satisfactorily.

One workaround I found involved recompiling or binary-patching WINE. Not so fun.

The official support forum contained a solution based around installing Windows Media Player 10. I have downloaded and installed it now according to the instructions, but already the playback froze once. Well, Spotify isn’t perfectly reliable in WINE anyway, so this is probably Good Enough.