CAT | Site Updates
For the past month or so, there has been a large discussion on the Toronto Asterisk Users Group mailing list about SIP security and the increase in “brute force” attacks against hosts running Asterisk. The generally accepted solution is to use something like fail2ban to monitor log files and and block the offending hosts. This is a great way to add a layer of security to a server, but it’s reactive security, not proactive.
To help make things a bit more proactive, I’ve started a new project call CrowdSecure which aims to take intrusion attempt reports from users, aggregate the data, and produce a “blacklist” of hosts to proactively block at the firewall level before they even get a chance to start an attack.
The other benefit of the system is that unlike existing solutions (such as blockhosts) it is protocol agnostic, allowing users to report and obtain firewall rules for any protocol (HTTP, SIP, IMAP, SSH, etc). As an added benefit it supports real time lookup of data about an IP via an easy to use REST interface which will allow blog or other website owners to check a host submitting data (say a blog comment) in real time. For non-realtime applications, the system supports downloading of a list of hosts and the associated score, allowing system administrators to build firewall rules based on their own criteria.
I’m really excited about this project, and I hope I can get some momentum behind it. I am currently looking for people to assist with development, web design, and other aspects of this project, so let me know if you are interested in helping out.
If you’ve been following my blog, you’ll remember that yesterday I discovered that all the posts I made about my issues with my 2010 Chevy Equinox were removed from the Google search index sometime on Thursday. To test why they were removed, I put a copy of the same post on a static page and waited for Google to index it. The results are in – if you Google “My 2010 Equinox Story” my new static page comes up, but none of the other posts do.
So I’m baffled – how did my results get removed from Google? It’s very odd that only 3 pages of an entire site get dropped from Google and when the same content is posted under another URL it shows up again.
Update: 10:36 PM (4 minutes after I posted this article) – This post is already in Google’s index – so what happened to all my GM posts, and where did they go?
Something interesting happened to mgamble.ca over the past 24 hours in Google search results – all references to my posts about my 2010 Equinox have been removed, but every other page on my site is still in the google index. So far only the “My 2010 Equinox Story“, “GM Is Reading my Blog“, and my “GM Responds” posts have been removed. Now I’m not a conspiracy nut, but it’s a bit odd that only those 3 pages were removed from any Google search results, but the rest of the site remains. Normally if Google drops search results, they drop the whole site, not specific links.
So I’m trying a little experiment. I’ve updated my sitemap with a link to a static copy of “My 2010 Equinox Story” to see if it gets re-indexed by googlebot. If it does, that implies that the other pages were somehow removed from Google.
I’ll post another update in the morning once Google reindexes my site and I have a chance to review the results. All I can really say right now is that something really suspicious is going on.
Over the weekend I was moving the main webserver for mgamble.ca (and a bunch of other domains) between boxes and forgot to enable mod_rewrite on the new apache install. As such, clicking any link from the main blog page resulted in a 404 error because the wordpress .htaccess file was not being executed. I guess that should teach me to do more testing than “does the main page load” when moving sites around 
