wannacrypt killswitch morph proof

I was tracking Wannacrypt over the weekend and had an idea which I felt can be rolled out quickly. Listing it out as succinctly as possible:
  1. The killswitch is what it essentially hinges on. An unregistered domain in the code
  2. the encryption and further execution stops if the domain specified in code is resolved and a http connection established.
  3. the killswitch domainname in the wannacry code has changed which means sinkholing just one or two domain names will not work
  4. so what if we could resolve all unregistered domains to a honeypot.
  5. DNS by nature cannot be gamed to do this as it will cause havoc.
  6. Maxmind GeoIP has a domainame database 
  7. write a small dns server drop in replacement which uses a local copy of this database
  8. the drop in dns server sits infront of actual organization dns server
  9. checks domain name in the maxmind db.
  10. if found in db lets request pass on to actual dns or replies
  11. if not found our drop in dns server replies with a honeypot IP
  12. honeypot IP is running a http server and allows the http connect
  13. http connect happens and killswitch is activated. Wannacrypt/wannacry stops execution
This can be dynamically configured by giving dns IP to our drop in application server. Later as dust settles further course of action can be decided.
Potential to provide clients with a solution that so far is not available. Effect on normal working of applications is nil. It can be explained to clients in an advisory.

speed up with varnish

Varnish makes your websites fly

….so goes the byline and frankly they’re not lying. I use varnish on atleast 8 websites that do over 200,000 impressions a day. The way it works is actually pretty simple and can be implemented using a plethora of other tools, only varnish does it much more efficiently. Varnish is primarily a website accelerator but it can be configured to work as a high availability load balancer (hell yeah it can beat the pants of any hardware HA load balancer if configured right on the right hardware it can probably do better than an H5). Some of the advertised features

A modern design
VCL – a very flexible configuration language
Load balancing with health checking of backends
Partial support for ESI
URL rewriting
Graceful handling of “dead” backends

The important thing to know is that varnish can be easily dropped in into your cPanel or Plesk managed server and not cause havoc (unlike a lot of opcode caching solutions and other website speedup options). It can probably extend your servers capacity by atleast 50% and much more depending on what percentage of your content is static (images, videos for instance). I’ve used it on practically dead in the water servers, running 150+ sites with 140+ databases, the corresponding zones on named and email with spam/virus scanning for those 150+ sites all off of 2Gb RAM. Moved from 1.83seconds per kb to 0.01kbps, enuf said!!

So in case you’re looking to improve the user experience on your site without investing in improved hardware you should look at varnish as a solution. Also for much less than the cost of owning a hardware load balancer, or a slice of a shared load balancer for that matter, you can setup a software load balancer. Varnish works off one of your webservers alongside the webserver instance and takes the load off of your webserver(s) leaving it free to do the processing for more clients thus expanding your capacity without draining you at the bank.

Before upgrading hardware you’d probably do well to talk to us about setting up your server with Varnish. Please feel free to use the contact form or mail us on support@netbrix.net

varnish with plesk or cpanel

So this is what it is…. if you need help with the setup please use the contact form.

VARNISH
=======
rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
yum install varnish.x86_64 or aptitude install varnish

edit /etc/default/varnish or /etc/sysconfig/varnish — change ports as required
edit /etc/varnish/vcl.conf or /etc/varnish/default.vcl — change backend information

PLESK
=====
/usr/local/psa/admin/sbin/websrvmng –set-http-port –port=80
/usr/local/psa/admin/sbin/websrvmng –reconfigure-all

/etc/init.d/httpd stop
/etc/init.d/varnish start
/etc/init.d/httpd start

cPanel
======
go to tweak settings in WHM and change the port for apache to a non standard one (say 8081)

stop/start apache make sure its listening on new port
start varnish

vidEnable

Video Conversion script — Many formats to .flv

This is a script that converts your videos to flash video format, better known as flv, so as to be able to share them on the internet, just like on Youtube!

We have two different variants of this script, click the links below to try each one out:

We encourage you to try out all three scripts and let us know if you find something which you’d like integrated into your site.

We offer server setup for these and many other video share scripts. We also do script installs at $30 a pop. For a query about any script you need installed (besides the ones we develop) please feel free to use the Contact Form.