My almost free dynamic dns replacement (AWS route53)

I use amazon route53 for DNS, it is easy, cheap, portable since it is separate from my domain registrar, and they have a pretty nice API.  There is a nice CLI tool for changing DNS called cli53, the official tool, awscli, would work too but I’d have to make JSON requests my self if I used that over cli53. See the last code block for the final script and you’ll see why cli53 is just easier than aws route53 change-resource-record-sets commands.

Just run

sudo pip install cli53

to get cli53 (install pip first if you’re missing that obviously)
Next login to Amazon Web Services IAM and restrict a new group/user to only have permission to route53 + your domain. My policy looks like this, update with your route53 hosted zone:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "route53:ChangeResourceRecordSets",
                "route53:GetChange",
                "route53:GetHostedZone",
                "route53:ListHostedZones",
                "route53:ListResourceRecordSets"
            ],
           "Resource": [ 
               "arn:aws:route53:::hostedzone/ZENV1B2ABCDEF"
            ]
        },
       {
         "Effect":"Allow",
         "Action":[
            "route53:GetHostedZone",
            "route53:ListHostedZones"
         ],
         "Resource":"*"
      }
    ]
}

Your web host needs a simple application to return external IPs, or you can use a openly free one (the only free one I found was throttled), something like this works on a PHP webserver:

<?php print $_SERVER['REMOTE_ADDR']; ?>

Finally here is the script to do the real work. This will need to be installed on a computer with cli53 and curl installed (sorry, I know a router would be more convenient). I setup a user called dyndns setup cli53′s .boto configuration AWS credentials file, see CLI53′s docs for more on that. Then just put it in the crontab to run every 5 minutes and perform some basic tests to confirm it works. Like deleting the ip_address.log and make sure cron re-generates it…the real test comes when your IP address changes…I suppose I should have tested that before posting :) oh well.

#!/bin/bash
 
SCRIPTPATH=$( cd $(dirname $0) ; pwd -P )
IP_LOG="${SCRIPTPATH}/ip_address.log"
if [ ! -f $IP_LOG ] ; then touch $IP_LOG ; fi;
LAST_IP=`tail -1 ${IP_LOG} | cut -d' ' -f3`
CURRENT_IP=`curl http://yourdomain.com/whatismyip.php`
 
if [ "$CURRENT_IP" != "$LAST_IP" ]; then
cli53 rrcreate yourdomain.com myip A $CURRENT_IP --replace --ttl 300
echo "$(date '+%F %T') $CURRENT_IP" &gt;&gt; $IP_LOG
fi;

How I used RSS services to email me when Google’s Nexus 4 came back on sale

This is a simple little tutorial of how to leverage and combine multiple RSS services to notify you when pages change.  You might need to do this when there is no RSS feed for a page you want to monitor or, like in my case, there’s a store which does not support email notifications for out of stock items. It could be any page, but for this example I wanted to know when they were text changed on the Google Play store so I knew when they removed the text stating that they were out of stock of the Google Nexus 4 phone. I only set this up 2 days ago or so and I was just in time. The final result was, Today I got an email saying the following text had been added to the Nexus 4 16GB page: “Ships Soon” (replacing Temporarily out of Stock)

To set this notification up, first, I got the RSS feed for the Nexus 4 page by taking the URL and submitting it to a service called page2rss (http://www.page2rss.com)

After turning whatever page into RSS with page2rss you get a sent to a page that looks like this (link here):

This is just a summary page where page2rss has tracked all the changes made to the page in the form of RSS items.  If you’re the first one to submit this link to page2rss then it starts with a fresh/blank slate and tracks all changes from that point on.  In my case others had submitted the Nexus 4 pages before me – so I could see some of the history of changes; they had been out of stock since mid December.

The RSS link, which you’ll want to copy, is on the right, under “Subscribe to Feed”. The link will look just like the summary page URL, but with rss/ in front, like this: http://page2rss.com/rss/11e73aa5895945d3e13bbedfe3d747bc

Next, I googled for an RSS notification service that sends an email every time a new RSS entry is posted to  a feed. A defunct, no longer in service, RSS notification service recommended trying an alternative, free service: BlogTrottr (http://blogtrottr.com/). This step was dead simple, just entre the RSS link from before, your email address, and leave the update frequency real time.

 

So that’s all there is to it.  After a day I got my first email notifying me of text changes to the page.  Fair warning: This won’t be true real time the second the page is updated, page2rss only scans for changes every so often and then blogtrottr also only checks for changes to the feed every so often.  As I mentioned before, these are free services and I’m not sure what their business model is so my very specific recommendation to use these 2 service won’t be relevant forever and you may have to go hunting for similar services.

Autostart a Virtualbox VM in Windows 7 the Easy Way

Update: I’d suggest checkout out James’ solution in the comments as an alternative to mine which doesn’t require 3rd party programs. I haven’t tested it yet so let me know if it works OK for you.

I’ve seen a few tutorials out there about setting up a headless Virtualbox service in windows in order to autostart a VM and wasted a few hours of my life following pages of instructions ending in giving up. I recently reinstalled windows 7 on my home HTPC/Server and wanted a linux VM to autostart whenever Windows decided to run updates and auto restart. I swore I wouldn’t attempt the awful services method again and would insead follow the principle of keep it simple stupid.

My only caveat in setting up this autostarting headless VM was that Windows 7 remain password protected when it started up (task scheduler’s on start trigger function didn’t prove much help with this goal BTW)…a little less simple but I managed to keep it under 3 steps somehow, mostly thanks to superuser’s superb knowledge base and some luck googling. Keep in mind I have a single user setup on this windows 7 machine. Multiple users might require you force the machine to always logon to your VirtualBox/Startup script user by default after a reboot…so you’ve been warned. Here’s how it’s done:

  1. download hstart (see README)
  2. Remove/un-check the “User must enter a username and password to use this computer” checkbox option from Start -> Run -> `control userpasswords2` (But wait…didn’t you just say…YES KEEP READING)
  3. write a batch script in your startup folder containing (psudocode): C:/hstart.exe /NOCONSOLE “VMBoxHeadless.exe -start-vm ‘your-vm-name’” followed by “rundll32.exe user32.dll,LockWorkStation”

The name VMBoxHeadless is a bit misleading since you still have a cmd window to leave open as long as you want your VM running if you run it through a batch script, that’s where hstart comes in. Then you have to tell windows to logon automatically instead of waiting for the user to enter a username/password. Finally your batch script run VMBoxHeadless through hstart and then just re-locks your computer afterwards and you have a primed and ready VM waiting for you upon restart. If your VM name has spaces it might require escaped quotes or single quotes around it, I used a hyphen in my name so I didn’t have to deal with that problem.

Here’s an eaxmple batch script

C:\Users\HTPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hstart a-serv headless.bat:

"E:\scripts\hstart64.exe" /NOCONSOLE "C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe -startvm a-serv" 
rundll32.exe user32.dll,LockWorkStation

References (yay superuser!)
What is the best way to hide a command prompt window?
Command line cmd command to lock a windows machine

Synchronize save games between windows computers. Cloud save games with Dropbox. [Minecraft/Dragon Age]

Steam Cloud in games like Valve’s Half Life franchise and Torchlight is really handy for synchronizing save games across laptops/desktops or work computers. But I want it in more games! So I did it my self with some easy symbolic links and a Dropbox account (signup for one now using my link if you don’t have one yet). Here are two quick examples of how you would make Minecraft and Dragon Age: Origins saves go to your dropbox rather than your user account tied to your computer.  You’ll have to do this on each computer you want to syncronize save games to the cloud.  Keep in mind, if you don’t know what you’re doing and screw up you might loose your saves by trying this so here’s your warning: Back up your save folders before running the below commands.

I’m writing the symbolic link commands so they are as copy pastable as possible, for multiple windows releases. If all else fails, use the full path rather than the environment variable (%APPDATA%, %HOMEPATH%).

Lets Begin, first make a folder in your dropbox folder called ‘Game Saves’ to house your new save games. Then within this new saves folder make a folder for your games, (e.g. Minecraft/Dragon Age)

Now you need to know where your save game folder is for each game, we’ll start with Minecraft. In either windows XP, Vista, or 7 you can just go to your Start button, Run (or windows+R shortcut) and enter `%APPDATA%\.minecraft\` and you’ll see the saves folder. Move it to some place safe or just rename it to “saves_backup”. Then you want to put another copy of the `saves` folder in your newly crated `Dropbox\Game Saves\Minecraft\` folder. [Note: Copying a large Minecraft saves folder can take a while because of the massive amount of tiny files used by Minecraft]

After that’s done successfully, open another Run prompt from the Windows Start menu and this time type in `cmd`. In the black DOS command prompt that opens enter this (Note you may need to change the Dropbox path if yours is “My Dropbox” or customized)

mklink /D "%APPDATA%\.minecraft\saves" "%HOMEPATH%\Dropbox\Save Games\Minecraft\saves"

For Dragon Age: Origins you should find your save games in `%HOMEPATH%\Documents\BioWare\Dragon Age`. Move and or backup the Characters folder. Then copy the Characters folder to `Dropbox\Game Saves\Dragon Age Origins\`

mklink /D "%HOMEPATH%\Documents\BioWare\Dragon Age\Characters" "%HOMEPATH%\Dropbox\Save Games\Dragon Age\Characters"

Just to reiiterate the fact you have to change your path, here is another command I had to run using a different dropbox path (one computer used ‘My Dropbox’, the other just used ‘Dropbox’ for some reason).

mklink /D "%HOMEPATH%\Documents\BioWare\Dragon Age\Characters" "%HOMEPATH%\My Dropbox\Save Games\Dragon Age\Characters"

This concept is easily applied to any game. Just change the paths to match where that game’s saved files folder are located; usually they’re in my `documents/my saves`, or` my docuemnts/publisher name`, or one of application data’s folders.

Using IPTables with Dynamic IP hostnames like dyndns.org

Whenever IPTables has a hostname in a rule it looks up the hostname’s IP address and uses that instead of the actual hostname – so it’s stuck with the IP until the next time IPTables is flushed/restarted. Here’s a quick little python script to stick in a crontab which checks the IP of your dynamic IP hostname (free ones provided by dyndns.org) and will restart iptables if it catches a change in your hostname. The script was made for CentOS so should work on Red Hat based distributions – if you don’t have an /etc/init.d/iptables file you’ll have to modify the reload iptables command in the source. Viewable Source After Jump

I just set this up as root and in root’s crontab.

Download Source

Continue reading

Bash Script: Confirm domains in your DNS Bind server are still pointed at your address (haven’t moved to other DNS)

Here’s a quick script I wrote last year which I forgot about until today. I thought I should share it since it works fairly well with some modifications – it could be refined/improved quite a bit; I’m not the best bash/shell scripter. Be prepared to get your hands dirty with mods if you want to use this. Here’s a quick run down & description of what’s going on.

The script’s input is the bind9 file containing all zone entries you want to confirm are pointed to your server, I suggest making a copy – not working with any live configs. The script will run an lookup using `host -t ns` on google’s DNS server to find out what the outside world thinks the domains’ name servers are; I tried `whois` in the past but it was too unreliable due to timeouts & limits on the number of calls per minute. Then it checks the results of that host lookup against the hostnames, all capitalized hostnames, and IP addresses of your DNS servers (3 in my case). If any one of the DNS servers matches than we know the domain is still using our DNS. The other options are 1) it doesn’t find any DNS servers that are ours 2) it finds the phrase ‘not found’ which host returns if the domain is expired or there are no ‘NS’ type records in DNS. The script echos to shell what DNS servers match as it runs, but it only logs the DNS servers that don’t have any matches (so they can be removed by automation or manually later).

With the zone-audit.log output I then can remove the domains that aren’t using our DNS since they’re no longer in use. Please leave feedback in the comments if you think of a good improvement.

Code after the jump or Here
Continue reading

Spamato vs SpamBayes [Win7]

Which spam prevention product wins: SpamBayes vs Spamato? SpamBayes is the clear winner in my mind.

I used Spamato with my outlook 2007 first and recently switched to Spambayes because Spamato simply wouldn’t work with Windows 7 even after going through an enormous hassle of hacking Microsoft’s .NET Framework 1.1 installer to get it to install in Windows 7.

I’m really glad I switched, SpamBayes has amazing accuracy when trained with your Spam/Ham folders. It even has a ‘Junk Suspects’ folder which has caught all (1 or 2) my ham messages which is mistook for spam. I don’t think any Ham has ended up in the Junk folder unless it was an automated mail/newsletter and those quickly stopped going to junk after useing the ‘recovering from spam’ toolbar button to improve training.

I used Spamato for more than a year and it works fairly well, I liked it and recommended it to others. Every time I recommended it to a non technical person I cringed a little bit after remembering the fact that it requires a couple, not so simple to explain over the phone, prerequisites.

The finite accuracy seems better in SpamBayes and the installation is definitely a hell of a lot easier than Spamato.

Using fail2ban to open back door ports in your iptables [Port Knocking]

The opposite of fail2ban would probably be called auth2allow (authenticate to allow) or fail2allow – but that’s not necessary because fail2ban’s configs can be customized to do exactly what I’m talking about. What am I talking about you ask? Basically what I’ve done and am about to explain how to do is setup fail2ban to look for a successful login on a FTP to allow the authenticated IP to get access to another port that isn’t as secure as FTP so is usually 100% black listed in IPTables. It’s just a hack of a security mechanism to allow your self or others into places securely through obscure means. Like most security it’s not perfect but it seems pretty solid in my mind.

If someone can authenticate on the FTP (could even be anonymous ftp, but I’d recommend using a special username you want to specifically grant access) then fail2ban triggers an ALLOW command for their IP on some port (or all ports), for example SSH (22) or apache https (443) with a private site on it that you want to keep private and totally hidden from the internet at large. This concept could really apply to anything. Any command IPTables can run can be triggered through something fail2ban sees in a log file basically, the possibilities are endless. In my example I’ll use https, port 443, but in real life I’m using an obscure port number and the program running on it that is not very secure by default.

So here are my slightly modified configuration files for setting up a custom fail2ban service that does the opposite of what fail2ban typically does.

Continue reading

GNUmp3d init.d with PIDs for running multiple instances of GNUmp3d

I made some modifications to my original gnump3d init.d script when I needed more than one instance of GNUmp3d running (for multiple folders completely separated). I still haven’t quite figured out how to get the tag database to work for my second GNUmp3d instance, if anyone can help please leave a comment. Here’s the script and some brief instructions:

Continue reading