1.4 billion email accounts compromised

The list of websites that have been hacked is growing, and it is VERY likely that every one of us has been affected.

Hackers have always compiled, sold and distributed a list of breached accounts, but in December 2017 researchers saw an unprecedented list show up on the Dark Web.

A hacker assembled 1.4 billion compromised email address and credentials into a very organized list. The hackers provided tools to quickly search, sort and add to the list.

The compromised accounts were from many recent hacks including LinkedIn, Equifax and Uber. To see an updated list of hacks, refer to the Wikipedia article.   https://en.wikipedia.org/wiki/List_of_data_breaches

The 42 GB list is currently shared on many Peer to Peer networks and it can be found by anyone that truly wants to.

Matraex researched this list and developed a Hack Check app at hackcheck.email to allow users to check whether they are on the list.

If you are a business with multiple domains and you need assistance researching how they were affected,  contact Michael Blood at 208.344.1115 x 250

Bridgepoint engages Matraex to create FrameTurn SAAS

Bridgepoint has engaged Matraex to build the FrameTurn SAAS product they plan to launch to the Optometry Industry.

FrameTurn is a dynamic product which helps small, medium and large Optometry clinics optimize the sales mix of their retail offerings to improve sales up to 30%.

Matraex, Inc is a Boise Idaho applications development company specializing in bringing custom business offerings to market.

 

The right app partner

The right app partner can change everything.

We have built many of the apps that your employees already know and love to use. With mobile and cloud apps it’s easy to integrate into your existing workflow, which means there’s no need to change how you already work to unlock efficiency.

Meet the worker bot.

An app can empower employees to produce more, faster, by offloading routine processes onto worker bots. A worker bot is a software process that handles chores for you.

A worker bot may also route information into disparate systems. Integrating your customer relationship management software with your Quickbooks installation has never been easier.

Now with worker bots and smart integrations, employees can stay productive and also monitor the small things that lead to huge savings.

When employees are unencumbered by simple tasks or data collection, they’re not just happier, they’re more engaged and more productive.

New ways to make an impact at work.

Today’s business world has never been more mobile. So we create apps that give employees everything they need to be productive, wherever they are. Your app may be customized to fit the precise needs of your business, or perhaps it is extended to fire an alert when some process falls out of variance.

Improving customer service may mean a more timely response, or having access to the manufacturing or shipping data from your mobile. Matraex integrates systems to make your sales and service teams more nimble.

The world’s experts are also our partners.

To help give your employees and customers the best app experience, we’ve engaged some of the world’s leading technology companies. Whether you are looking for a cloud hosting platform, backend system integration specialists, or mobile network services, you’ll have access to experts around the world you can work with and learn from.

At Matraex, our core is developing smart solutions for business. We build core infrastructure that creates recognizable returns. Is it time for us to help you elevate your business?

COMMANDDUMP – Monitor File for error – Ding if found

An Elusive error was occuring that we needed to be notified of immediately.  The fastest way to catch it was to run the following script at a bash command prompt so that when the error happened the script would beep until we stopped it.

while true; do ret=`tail -n 1 error-error-main.log|grep -i FATAL `;if [ “$ret” != “” ] ; then echo $ret; echo -en “\0007”; fi; sleep 1; done

COMMANDDUMP: postfix – explore and fix spam clogged mailq at the command line

  • SystemA is a postfix mailserver
  • SystemA receives all email messages sent to @domain.com
  • All @domain.com messages are forwarded to a Gmail Account remote.user@gmail.com.  (a catchall alias)
  • when spammers saturate @domain.com gmail starts defering emails and the server becomes plugged waiting to forward the emails

450-4.2.1

The user you are trying to contact is receiving mail at a rate that prevents additional messages from being delivered.  Please resend your message at a later time. If the user is able to receive mail at that time, your message will be delivered.

List the email addresses that were originally sent to with the number of times each.

ServerA>for fl in `mailq|grep remote.user@gmail.com -B4| awk '$1 ~ /^[A-Z0-9]+$/{print $1}' `; do grep original_recipient "/var/spool/postfix/defer/${fl::1}/$fl" ; done|awk -F= '{print $NF}'|sort|uniq -c | sort -n

Delete from the mail queue all email messages sent to a specific user

ServerA>for fl in `mailq|grep remote.user@gmail.com -B4| awk '$1 ~ /^[A-Z0-9]+$/{print $1}'`; do grep original_recipient=honeypot@domain.com -l "/var/spool/postfix/defer/${fl::1}/$fl" ; done|awk -F/ '{print "postsuper -d "$NF}'|bash
ServerA>#OR
ServerA>grep original_recipient=original_recipient=honeypot@domain.com /var/spool/postfix/defer/ -rl|awk -F/ '{print "postsuper -d "$NF}'

Delete all mail messages from ‘Maria*’

mailq |awk '$1 ~ /^[A-Z0-9]+$/'|awk '$NF ~/^Maria/{print $0}'|awk '{print "postsuper -d "$1}'|bash

 

Proftpd PassivePorts Requirements (or Not Working)

After an exhaustive research session attempting to enabled Passive FTP on a Proftpd server I found and am now documenting this issue.

PassivePorts is a directive in Proftpd.conf to configure proftpd to use a specific set of ports for Passive FTP –   You would the allow these ports through your firewall to your server.

The documentation on the full configuration and reason that you would use Passive vs Active FTP,  and how to set it up on your server and firewall are beyond the scope of this document but I a couple of links that might get you there are here.

In my first attempts I was attempting to use the port range between 60000 and 65535,  the firewall ports were forwarded,  and things did not work

  • PassivePorts 60000 65535

So I had to dig in and find the details of why not,   I enabled debugging on filezilla and ran at the command line in order to try and see what was happening

  • proftpd -n -d30

I found a post somewhere that explained how I could read the response to the PASV  command,

  • Entering Passive Mode (172,31,10,46,148,107)

These last two octets in the response are the port number that is to be used  here is how you calculate it (148*256 +107)=37995.    Even though I had the server setup to use PassivePorts 60000 – 65535 it was still attempting to use 37995.    Once I figured out how to confirm which port was being sent,  I realized that the issue was not a firewall or other problem, but rather something in the system.

I happened across a Slacksite article which helped me find this in the Proftpd Document

PassivePorts restricts the range of ports from which the server will select when sent the PASV command from a client. The server will randomly choose a number from within the specified range until an open port is found. Should no open ports be found within the given range, the server will default to a normal kernel-assigned port, and a message logged.

In my research I was unable to find a message logged so I dont believe that a message shows anywhere,  however this article helped me realize that there may be some issue on my system which was preventing ports 60000 to 65535 to be available and I started playing with the system

  • 60000-61000 and 59000-60000 had no effect the system was still assigning ports within the 30000 to 40000 range.
  • 50000 to 51000 had the same effect

So I tried some entries within the 30000 and 40000 and I found I could consistently control the ports if I used any range between 30000 and 40000

  • PassivePorts 30000 32000 – gave me 31456, 31245, 30511,  etc
  • PassivePorts 32000 34000 – gave me 33098, 32734, 33516,  etc
  • etc

From this I figured out that I can only control the ports on this system in a range lower than the ones I was originally attempting

I did more research and found that there is a sysctl variable that shows the local anonymous port range

  • sysctl -a|grep ip_local_port_range

On my system for some reason this was set to

  • net.ipv4.ip_local_port_range = 32768 48000

I attempted setting this to a higher number

  • sysctl -w net.ipv4.ip_local_port_range=”32768 65535″

However this did not change the way the proftpd allocated the ports   only the lower range was available.   Perhaps I could have set the variabl in sysctl.conf and restarted,  but I stopped my investigation here.  Instead I changed the firewall rules to allow port 32000 to 34000 through and I stuck with the configuration

  • PassivePorts 32000 34000

What I learned from this was:

PassivePorts only suggests that your system use range of ports you specify,   If that range is not available the system quietly selects a port outside the range you specified,  If you have problems with your FTP hanging at MLSD check your logs to verify which PORT has been assigned. using the calculation (5th octet *256 + 6th octet).

WordPress Website Check Instant tool 3 feedback areas

When working with WordPress websites, there are three main areas we assess within the first few seconds, speed, security and exposure. To help us quickly do this, we built a tool, WordPress Website Check Instant tool 3 feedback areas, which pulls this information quickly and puts it into a single interface.

WordPress Website Check – https://www.matraex.com/website-check.php

While each of the three areas of speed, security and exposure go much deeper than this small scan, we are able to see some very important metrics very quickly.

Three Checks

Speed

We can see the download speed,  the size of your home page,  the number of external CSS files and the number of external scripts.   This helps us to see how well the site has been optimized.  Typically wordpress websites are made up of a Theme with enabled capabilities,  as well as a number of plugins.  Each of the capabilities and plugins will often have their own stylesheets and script files which can add up to a bloated website.

Security

WordPress websites are the subject of frequent hack attempts.  Website scanners quickly find WordPress sites that have their admin and login scripts exposed.  The scanner identifies the scripts.  If the scripts do not block access after a number of failed attempts (with the username ‘admin’ and then with a random username)  the script fails.

Exposure

WordPress websites often publish their version number as well as details about which plugins it uses.  This information ideally is private and if possible should be kept private.  When vulnerabilities in these tools are found,  this is an advertisement to exploit your site.

The results can be saved and a link will be sent to your email so you can permanently have access to the results

The tool is our way of checking a site within seconds,  and we offer it free.   Our hope is that others find this useful ad will come to Matraex, Inc for their Website Development, Design, Hosting and Security needs.

Matraex, Inc
208.344.1115

 

 

Website Performance Assessment Tool

Webpage performance is important and there are a plethora of tools out there that allow you to see your website’s performance.

The tools give a large amount of information and website owners can use that information to make assessments and improvements.

As we use these tools to help our clients improve the performance of their websites, we found a couple of needs:

  • We needed a tool to quickly compare the results between changes
  • We needed somewhere we could go to quickly lookup results next time that we evaluated the performance

So,  we built the Website Performance Assessment Tool (matraex.com/website-performance).

This tool allows us to:

  1. Enter a web page url
  2. Link to two third party performance tools(pingdom,PageSpeed)
  3. Enter the results and
  4. Save

The numeric results are then stored in a table and as we make changes we can see how performance improves.

With a couple of enhancements (the ability to track multiple urls and an improved User Interface) we decided to make this tool public and encourage others to use it.

The primary benefits we see are:

  • The ability for non technical users to track their site performance
  • Website owners can track and evaluate changes made by their website developer
  • Website developers and website owners can use the tool to communicate performance expectations and results

Here is one example of how it can work:

  • A website owner opens the website assessment performance tool and enters their website url
  • They use the quick links to generate metrics for a Performance Grade, Number of Requests,  Load time, Page size and a Desktop and Mobile Grade
  • They enter the metrics into the tool and click Save
  • They notice that the total Load time is more than 4 seconds so they ask their website developer to improve the results.
  • Specifically they describe they want:
    • the Load Time to decrease to less than 2 seconds and
    • the Desktop and Mobile Grade should improve to better than 85% each
  • The developer makes changes and tells the owner the changes are complete.
  • The owner opens the Performance Tooland re enters the metrics and evaluates whether it is true.
  • One month later the owner comes back to the tool and checks again and can see the history and whether performance has degraded.

 

Utility – Bulk Convert the Unix Timestamp in log messages To a Readable Date

I have often run into the need to convert a large list of timestamps from Unix Timestamp to a readable date.

Often times this is simply a need that I have when receiving an error message from a server,  or when reviewing log files which only use Unix Timestamps.

So I created a simple utility,  just paste in your text from the log file,   the utility will search out the string for timestamps listed as the first part of each line,  and convert the timestamp to a date.

While this might be useful at some point as an automated process,  for now I just use it when I need it.

I am documenting the tool here with a link for myself (or any one else that may need it) so that it is simple to find.

https://www.matraex.com/batch-timestamp-to-date.php

Possible future upgrades to this utility will likely search out Unix Timestamps anywhere in the text and convert them,  instead of just at the first of the line.