Incremental banning with Fail2Ban

Fail2Ban is a useful tool to keep bad traffic away from your server or VPS. It scans log files for suspicious entries (like failed password entries for SSH logins) and can ban the IPs of these attackers automatically. Naturally if a bot from a certain IP continues to attempt to attack your server or VPS, you would like Fail2Ban to react more strongly over time. No reason such an IP should be banned for one hour (or whatever the “bantime” is set to), unbanned, then banned again for just one hour a moment later and for that to repeat itself endlessly.

Btw, I’m going to assume you’ve already installed and configured Fail2Ban in this article. If you want to know how to do that, just Google it: there are tons of tutorials on setting up Fail2Ban.

Some people got clever and tried to have Fail2Ban parse it’s own log file to implement incremental banning (increasing the ban time with each offense). However as of Fail2Ban v0.10 such hacks aren’t necessary anymore. This version should be available on all recent versions of major Linux server distributions. The recent Ubuntu 20.04 includes v0.11.1 for example.

Continue reading “Incremental banning with Fail2Ban”

Visei.com refresh

Finally, after way too long time I’ve given some attention to this site. I had already replaced the main page with a profile (kind of like a resume page) a few months earlier, but that was more of a hack that kind of broke WordPress.

This new design makes use of a custom made WordPress theme. Not quite the one I talked about a few years prior, but a new attempt called “Prutser” (mainly named so because I also own the .com domain). The theme makes use of Bootstrap 4 and is based on the Gutenberg Starter Theme, the Twenty Nineteen Theme and Understrap Theme (for Bootstrap integration solutions).

The basic Prutser theme, like Understrap, looks rather plain and boring. To spruce things up the Visei.com child theme makes use of Bootswatch’s Litera style (though modified to oddly look more closely to Bootstrap’s default). The profile page I previously mentioned is now integrated into the child theme.

I really like the end result, it looks fresh and clean again, words that the old (ancient) theme I used before didn’t inspire. And to be honest that theme was so old that I wasn’t sure if it would work on PHP 7, which this site now also finally runs on.

Will I use this new theme as an incentive to write more on this blog? Maybe not, as I would like to start a few other sites using the same Prutser base theme + Bootswatch style combination.

Hemingway Editor review

To improve the content of my websites I looked into writing tools recently. It is easy just to hit the “ABC” button in WordPress or copy your text in Word, but that won’t tell you if your text has style errors. The first tool I stumbled upon was Grammarly, but some digging suggests they have a terrible privacy policy. Next, I stumbled upon Hemingway Editor. It seemed to do everything I wanted (at first). As I wanted the ability to save files locally, I forked over the cash ($19.99) for the desktop app (Windows version).

I’ve now tried the Hemingway Editor for a few days, and well, it’s not bad nor great. One of the biggest issues is that it checks only for style errors. It doesn’t check spelling or grammar. So you inevitably end up having to copy your content into another editor (like Word) to do that. Having to copy text back and forth is a bit of a drag. So for this issue alone I will try something else next, probably ProWritingAid.

But core functionality isn’t my only gripe with the Hemingway Editor. When you open the app, it shows an empty document that for some reason is automatically marked “unsaved.” Which means it asks you to save the empty & unchanged document if you try to close it, and if you open a file it’ll do so in a new window instead of the existing window. Opening existing files is also a bit of a drag: there isn’t a “Recent Files” menu option.

More indefensible is that .hemingway files aren’t associated with the application during installation, and if you try to associate them manually, it turns out the app has no support for that! Meaning, if associate the app with .hemingway files and try to open them, it’ll just open an empty document instead. Something else I found out while trying to create the file association for the app is that it installed itself into the “AppData” folder. I’m not an expert in Windows software development, but I doubt that’s the right location.

So in conclusion, would I recommend it and is it worth its money? No. But of course you can still use it for free online.

Edit: I ended up going for Grammarly after all (but using the standalone app and not as browser plugin). And ProWritingAid too. I’ll probably end up using all three tools together. What made me reconsider Grammarly was: in the original text of this review (I used it to test all three), I accidentally wrote “expect” instead of “expert.” That’s not an easy mistake to spot, yet Grammarly did it. ProWritingAid isn’t bad either though not as smart, and it sometimes makes suggestions that make little sense. There is no substitute for your brain as the best proofreader.

Corrupted files during development using PhpStorm & Vagrant

I’m currently trying to develop my own WordPress theme from scratch (called “Tengu” but be warned: at time of writing it’s nowhere near usable yet). And I encountered a rather odd bug: part of the style.css file would get corrupted when viewing through the browser.

I am using PhpStorm on Windows and for live testing I use a virtual machine using Vagrant. On it I was using a plain, hardly modified installation of nginx to serve a WordPress test blog. As it turns out, by default nginx configuration turns the “sendfile” option on which usually makes sense, but sendfile apparently is extremely unreliable when used with remote file systems (in my case, VirtualBox extensions).

The quick solution: turn sendfile off during development (look for the appropriate line in /etc/nginx/nginx.conf). Supposedly this also applies to Apache btw. The problem went away immediately when I did that.

Source: https://coderwall.com/p/ztskha/vagrant-apache-nginx-serving-outdated-static-files-turn-off-sendfile

Fixing a Let’s Encrypt certificate renewal error

So just a moment ago I was wondering why my Let’s Encrypt certificate on a particular server wasn’t renewing. I’m using a simple script called acme-tiny for Let’s Encrypt as it’s just about the lightest implementation for it.  However it failed with this error message:

Traceback (most recent call last):
  File "/home/user/acme_tiny.py", line 198, in 
    main(sys.argv[1:])
  File "/home/user/acme_tiny.py", line 194, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)
  File "/home/user/acme_tiny.py", line 161, in get_crt
    raise ValueError("Error signing certificate: {0} {1}".format(code, result))
ValueError: Error signing certificate: 403 {
  "type": "urn:acme:error:unauthorized",
  "detail": "Error creating new cert :: authorizations for these names not found or expired: example.com",
  "status": 403
}

The answer is here: https://github.com/diafygi/acme-tiny/issues/167 and the solution is simple: this was a bug, it has been fixed, just get the latest version. The problem went away after that.