WordPress & Spam: Key’s Solution

Recently I began to see an increase in malicious login attempts to my servers from bots (ie. automated attempts to login via FTP, POP/IMAP, SSH and so on) which gave me an idea for a new side-project on NerdTools known as the Bad Bots Intrusion & Spam Detection database.

After a few hours of developing a database was generating before my eyes of all the bad bots and their failed attempts, which then got me thinking, aside from using the database with a firewall can this be intergrated with WordPress to stop spam before its even posted?

A few more hours developing and I have now created two plugins which are listed in the WordPress extension directory. One is called NerdTools Bad Bots Spam Reporter which cleverly and annonymously reports the IP address of an author whenever a comment is classed as spam, and the other is called NerdTools Bad Bots Spam Defender which again annonymously screens every authors IP address against the database and if a match is found it won’t allow the comment to be saved.

Going a little deeper into the reporting plugin; when a comment is classed as spam the authors IP address is reported to the database but it won’t be entered straight away, our system will wait and see if any patterns form, if so it will then be entered and further comments will not be allowed.

It may seem madness having two seperate plugins to work as one but I didn’t want to force people into reporting comments if they don’t want to and vice versa with the defending plugin.

In terms of infrastructure the database is hosted on a high performance SSD server which has memcache enabled. Future plans include clustered servers for even greater performance.

Not bad for a few hours work!

 

 

 

 

TRENDnet TV-IP310pi Night Vision Fix

Let’s face it, it’s not fun when things don’t work properly which is why I was a little annoyed recently – very big understatment! – when I discovered my TRENDnet TV-IP310pi cameras had a slight flaw, a flaw which is scarcely documented but fairly fundemental to the overall use of the camera… oh and did I forget to mention I own 5 of these cameras, all installed around my house, all which had the same problem? Yup!

So what is the actual problem?

Well the cameras work perfectly in the day delivering 25 frames per second of crisp 1080p footage which is great BUT when the night time comes – as it does – performance takes a dramatic hit and you are lucky to get a maximum of 4 frames per second… which is pretty rubbish! For months I’ve been thinking it  was a problem with my home server – an Intel I7 920 quad core 2.4GHz  running VMware – and I came to the conclusion that I needed a new rig as it just couldn’t cope with the amount of data passing through but oh was I wrong!

Anyway, long story short after pestering my friend Chris at work – who also runs his own CCTV system, only with the identical Hikvision DS-2CD2032F-I cameras – some extensive testing was done – I’ll spare you the details – but we came to the conclusion that the hardware was good, the network was good and were stumped until we found an Amazon review which also mentioned the same problem!

This unfortunatley opened up a can of worms and what followed was a very stressful 3 days which involved not sleeping much, scouring forums, downloading all sorts of firmware and almost losing ALL hope and contacting support! However, I’m very pleased to report that all of my cameras are now running the latest TRENDnet firmware – v5.3.4 – and are delivering 25 FPS 1080p footage at night time – Wow!

So how easy is it to fix?

The fix is easier than you might think, but you do need to be brave as we are essentially going to ‘brick’ the camera and make it an expensive paper weight by installing the Hikvision firmware, then we will reload the TRENDnet firmware fresh and enjoy ALL the frames per second! You might think this is a mad idea, but the TRENDnet TV-IP310pi is actually a rebranded version of the Hikvision DS-2CD2032F-I, so deep down the hardware is the same it just has a different sticker on the side.

I used the following files found below, combined with an XP laptop that was connected by cable directly to the PoE switch, this was connected to the camera directly and ideally  you’ll want to unplug all other devices so you only have the camera and the laptop plugged in but I might have got a bit lazy towards the end… Also, my Windows 7 laptop struggled to transfer the firmware as the TFTP file transfer kept looping and wouldn’t complete, hence using an old XP machine.

I’m up for the challenge!

Great! Before you continue please be aware that I won’t be liable if this goes wrong and it will reset your camera back to the factory default settings! I’ve done this process 5 times flawlessly so far but still – proceed at your own risk!

Whenever the camera boots it scans a predefined IP for a TFTP server, if it finds this server it looks for a specific file and because of this we can do the recovery without having to open the camera up or get ‘hands on’! I reflashed all my cameras with them still fixed in position on the house, minimal effort required!

Update 24/03/2017 –

I can confirm the same process below works on Windows 10 Pro, the firewall had to be switched off but that was all – 79 seconds from start to finish!

  1. Download the files found here, extract them somewhere safe and keep reading
  2. Change your computers network settings so the IP address is 192.0.0.128, see picture below:
    trendnet_tv-ip310pi_recovery-network-config
  3. Connect your computer to the switch along with the camera, disable any other connections network – FLASH VIA ETHERNET CABLE ONLY!
  4. Copy the Hikvision_5-1-6–digicap.dav file into the TFTP Server folder and rename it digicap.dav
  5. Run tftpserv.exe and then restart your camera, after a few seconds you should see the following:
    trendnet_tv-ip310pi_recovery-tftp1
  6. Now you won’t get any confirmation here, so leave it 2 or 3 minutes then unplug your camera, close the tftpserv.exe and repeat step 3 but this time use the Trendnet_5-3-4–digicap.dav file
  7. Now start tftpserv.exe again and connect your IP camera, this time after a few minutes you’ll see a system update complete message like below:
    trendnet_tv-ip310pi_recovery-tftp2
  8. Close of tftpserv.exe and reboot the camera, after a few minutes check your router and you’ll have a fresh IP camera sat on DHCP waiting be configured! If you can’t find your camera straight away, don’t panic! Install the auto discovery program (SADPTool_V3.0.0.100.exe) and find the camera that way

Conclusion

I did try updating to the latest TRENDnet firmware via the web interface before going down the TFTP route but it still gave me low frames per second at night using the identical 5.3.4 file… I’m guessing installing the Hikvision firmware first completely screwed things up, after that the camera is left fresh, ready for the TRENDnet firmware? Either way it worked and I’m a happy nerd!

Notes

  • Again, I can’t be liable if this goes wrong for you!
  • The files in the link above were all found on the Internet, I take no credit, all  credit belongs to the respective authors (presuming that is Hikvision? Thanks!)
  • If you get really stuck I can reflash your cameras, after all not everyone has an old XP relic lying around! Drop me an email, pay for postage and send your camera in a box along with a little gift!
  • I found an easy way to tell the camera state during the reflashing process which is to do a constant ping to the IP addresses below – Note that in order to use this method you’ll need to assign your network card two IP addresses (192.0.0.128 and 192.168.1.128):
    • 192.0.0.64 – Camera is in rescue mode
    • 192.168.1.64 – Camera firmware has updated but not yet rebooted
    • No response from either – Somethings not right!
  • You can find the latest TRENDnet firmware direct from their website here
  • From various forum posts I read some people were saying you can flash using any TFTP server software, however this isn’t the case as you must use the Hikvision TFTP server as there is a special initiation process which waits for certain key to be sent back and forward before the firmware updating process begins
  • Make sure you clear your browser cache before logging in again otherwise things might not work properly
  • The default user/password combination is admin/admin

Bypass Queue-it.com’s Online Queuing Service

For Black Friday 2014 Currys enlisted the Queue-it.com online queuing service to presumably create some form of buzz and make impatient paying customers even more eager to see what amazing deals they had – there really weren’t that many.

A few people at work were trying to get onto their website but found themselves not getting very far being constantly pushed to the back of the queue. As a joke I was asked to get around the queue and within two minutes I was on the Currys website.

I tried reverse proxying and modifying my browser user agent string but still found I was being redirected, meaning something in the websites source code was redirecting me. After a quick look through the source I notice some Javascript coming from the Queue-it.com domain. I disabled Javascript and was browsing instantly!

So, disable Javascript and skip that queue!

Notes

  • If you are regularly faced with Queue-it.com’s incredibly useful service consider installing browser plugin such as AdBlock or NoScript to block the entire queue-it.com domain and resume happy browsing

 

Connect Directly to SunLuxy Camera Streams

For a while now I’ve used a cheap SunLuxy H.264 DVR as the heart of the CoopCam project and initially couldn’t get a direct link to the camera stream so had to screen captured the bog standard web interface using VLC and break the feed down into separate streams but recently after a fair bit of trial and error I discovered a much easier solution!

I had researched on and off for months, went through masses of trial and error with various software and ultimately found no solution but after being inspired again I headed to the DVR’s web interface to start from scratch. I stumbled across source code in a file called /js/view2.js that constructs an RTMP:// address to show live camera feeds through the web interfaces flash player – See snippet of code below:

dvr_viewer.ConnectRTMP(index, "rtmp://" + location.host, "ch" + index + "_" + (dvr_type=="main"?"0":"1") + ".264");

After removing the jargon the link came out as rtmp://dvraddress:port/ch#_#.264 with the first number being the channel you want to connect to (starting at 0) and the second being the stream (substream being 1 and main being 0)

I headed to VLC player, selected Open Network Stream and entered the following:

rtmp://192.168.0.100:81/ch0_0.264

Broken down you can see my DVR is on the local network as 192.168.0.100 at port 81  and that I wanted to view channel 1’s main stream, low and behold after a few seconds the camera started to play!

Notes

  • To convert the stream to something more useful you could use rtmpdump and ffmpeg on Linux systems – I’ll write another guide about that shortly
  • If you do something wrong and overload the DVR then you’ll hear a beep as the box reboots
  • If this works for you please comment your DVR make and model

Upgrade Windows Phone 8.0 to 8.1 Before Main Release Using Developer Preview

Recently I lost my smartphone and after lots of searching decided to give up and buy a new phone. As I only really use my phone for checking emails, a little remote desktop access and the odd bit of mobile banking I didn’t need anything overkill and I fancied a change from Android so I went for a Windows based Nokia Lumia 520.

The Lumia 520 can be picked up for £69.00 on O2 pay as you go (as of 01/07/2014, see here) but I paid a little extra and got mine the same day. I was initially blown away by the Windows Phone operating system as it was better than expected and I couldn’t find any flaws. I’d setup my email, installed the mobile banking app and so on which lead me to my final task which was to install the Remote Desktop app. You’d think this would be a straight forward task installing a Microsoft product on something Microsoft powered but no, when heading to the Microsoft Store on the phone the Remote Desktop app wasn’t showing so I searched the Microsoft Store online and it came up saying that it wasn’t compatible with the Windows Phone 8.0 operating system that was currently on the phone.

I had three options, to cry in the corner, wait for the update to be released or to try upgrade the phone manually. After a little research the update was said to be released within the “…first two weeks of July…” but there was no exact date and I just couldn’t wait.

After more research it turns out that you can use a free app called Preview for Developers which allows you to basically get the update there and then instead of having to wait.

Upgrading Windows Phone 8.0 to 8.1

Below you’ll find a guide on how to upgrade the Windows Phone operating system. Please note that any changes you do here are irreversible and this will no doubt void your warranty.

  • First things first we need to create a free account with Microsoft’s App Studio using the link found here as this will give you access to the developer previews service and give you the magical updates – I used my main Microsoft account that’s linked to the phone to keep things simple
  • Once you’ve created the account go to Microsoft Store on the phone, search Preview for Developers and install the app
  • Once the app has installed launch it and you will be asked to accept the terms and conditions and login using the account details created previously
  • Next you’ll see information about what the app does and so on, all we need to do here is tick the box next to Enable Preview for Developers and press done
  • Now that’s enabled head to Settings > phone update and press check now and then follow the on screen instructions – You may need to repeat this process several times as it took me two updates to prepare the phone before the update to Windows 8.1 was offered
  • After a little while you will now be running Windows 8.1! – You can check this by viewing Settings > about > more information under the OS version heading

Notes

  • Make sure your phone is fully charged before attempting any updates as things could seriously go wrong otherwise!
  • As with anything in development stages things may be a little buggy so be aware that you may stumble across the odd glitch every now and again
  • Although not tested I assume the same steps will work for phones other than the Nokia Lumia 520, if you can confirm this I’d be grateful

Remove Adverts from All 4 Roku App

Disclaimer

This post is for educational purposes only, it briefly describes a technique for removing the adverts from Channel 4’s on demand service. I won’t be providing any working examples and won’t be held liable whatever the outcome if you try this, this was just setup as a test one afternoon and then destroyed shortly after. Do so at your own risk.

Why even bother?

Now I love TV but I always end up forgetting and then having to catch up later using on demand services via my NowTV box, some services are great – like the BBC iPlayer – where as others – 4OD or All 4 – lack basic features like being able to resume where you left off without having to sit through the ads again.

This got me thinking, is it possible to get around the ads? Picture this… you are watching an hour long programme on your Roku (or NowTV) box, you have 10 minutes to go and you have to nip out. You come back hoping to pick up where you left off.. but oh no, something happened and now you have to watch from the begining OR fast forward until you get to an ad break, watch the ads, then fast forward again… its not good right? This has happened to me many a time!

A quick Google suggested this is not possible, but that wasn’t good enough for me.

How did you get it to work?

It took a bit of nerdy know how, a decent router and a publicly accessible Linux box.

Decent router – I was using a NowTV (watered down Roku) box, these don’t have the option to manually specify the DNS server addresses so you have to set the DNS servers in my router

Linux box – I used a CentOS 7 box running BIND and Apache, BIND responded to the DNS requests aiming everything at the Apache server

The basic idea is to redirect any requests to ‘known advertiser servers’ to your own server which is returning a single pixel instead of the advertisers video, and it did work really well:

As you can see above the same programme has ads and one does not. This method also removes the ad cue points so you are literally just served with the entire video – cool, huh?

Notes

  • This was just a test, please don’t lecture me about the importance of advertising and the revenue it generates
  • I only tested it with the Roku app, although I think it would have worked for the Xbox app too
  • I guess the same tecnique could be used to create a ‘super’ ad blocker that works with more than just on demand services

Virtualmin GPL on CentOS 5.8

Update: 08/03/2017: The following guide was originally written many moons ago for installing the Virtualmin GPL (free) control panel on CentOS 5.8 x86, however it will work exactly the same on the current version of CentOS (7.0).

The following guide will assume you are logged into your CentOS machine via command line, ready to enter the following commands.

First you will want select a temporary directory to Virtualmin installation file to. We will only use the downloaded file once so it’s pointless keeping it, so to free up space and put it in /tmp!

cd /tmp

Download the Virtualmin GPL installer:

wget http://software.virtualmin.com/gpl/scripts/install.sh

Run the installer:

sh install.sh

The installer will then launch and prompt you to approve if you’d like to proceed. Simply type “y” and press enter and the installation process will begin.

After a short while you will see a message saying the installation has been completed. You will then be able to login to installation of Virtualmin by heading to https://hostname-or-ipaddress:10000 using the root username and password.

Once logged in you will then be guided through a final configuration process, once completed the installation will be complete and ready for use. Another guide will be written soon to explain how to configure Virtualmin.

Notes

  • You can download the original .sh file used in the example above by clicking here
  • If you don’t already have a server to try this on check out Linode, they offer reliable good spec servers starting from $5 a month
  • Depending on your CentOS installation you may get an error message about the Perl package being missing. To resolve this run the following command in terminal and then relaunch the installer:
    • yum install perl -y

Enable SSH on LinkStation Stock Firmware

Enabling SSH on the LinkStation is simpler than you might think and opens up a world of functionality (and nerdyness) that you never had before – All this with no firmware flashing which ultimately means no data loss and no risk of bricking your box.

My motivation to enable SSH came about when my older LinkStation (a 500GB HS-DHGL) was doing a Disk Backup to my newer one (a 2TB LS-WXL) and it just seemed to be taking forever. It turned out the backup had hung part way through and the only official way to fix this problem as listed on Buffalo’s support website was to reset the box back to factory settings – That’s a bit ridiculous in my opinion but there is a work around, see this post here for more information on how to unstick a backup.

The activation process is done by a program called ACP Commander which is a command line tool that can be a little confusing to work at times with its lack of user friendly interface (if you search for this online you’ll see what I mean) however by chance I came across a reworked version that has a decent interface and is fairly easy to use.

Enabling SSH

The following guide will assume that you are on the same network as your LinkStation and are able to access it freely as you normally would day-to-day,  also if you want to keep your warranty with Buffalo do not continue!

  • Download ACP Commander GUI for Windows (.EXE file) or Mac (.DMG file)
  • Run your newly downloaded file and you should see a screen similar to the one below:
    lsunlock-1
  • Select your LinkStation IP address from where it says Select LinkStation, then enter your password where it says Admin password and press Enable SSH
  • After a couple of seconds you will be shown a SSH enabled OK! message as seen below:
    lsunlock-2
  • The next step is to set your root password for SSH, click Set root PW, type in a password and then press OK and you will see another message like the one below:
    lsunlock-4
  • Now head to your favourite SSH software and connect to your box! If all is well you will see something similar to this:
    lsunlock-5
  • That’s all you need to do to enable SSH!

Notes

  • This method is proven to work on both Windows and Mac for the following models/firmware: LS-WXL/v1.68, HS-DHGL/v2.11, LS-QVL/v1.64
  • Common out of the box commands include: top – process viewer, vi – text editor, cp – copy files, mv – move files
  • Mine and my friends newer LinkStations had HTOP installed – Epic!
  • Enabling SSH will no doubt void your warranty with Buffalo but who needs that anyway?!
  • I didn’t create the program recommended and take no credit for it
  • Finally, if you could let me know if you encounter any problems or can confirm if this works for other models I’d be grateful
  • Thanks to Callum for confirming this works on the LS-QVL and Michael for confirming this works on the TS-X/R5 with version 1.66 firmware

Sunluxy H.624 DVR Factory Reset

I had previously purchased two Sunluxy DVR’s for various projects (see CoopCam.co.uk to find out more) and was impressed with how easy they were get up and running, it was literally a straight forward task of fitting a hard drive and then setting and forgetting… literally… setting the admin password and then forgetting it.

Not to worry though, the user manual will have some helpful tips on what to do? Wrong! Poor translation meant the manual ended up in the bin, never mind the Internet will be able to help surely… maybe not. After much research I thought my box was going to end up living with the user manual in the bin but then I turned to good old fashioned trial and error as a last resort.

Factory Resetting the DVR

So lets get to the juicy bit! For the steps below you will need to be near your Sunluxy DVR but before you continue please be aware that this process will not only reset the admin password, it will also remove any settings entered previously such as network configuration, recording preferences and so on. The hard drive and all existing data will be left untouched.

  • First things first switch off your DVR. In my case there was a power switch on the back that I flicked, so far so good!
  • The next step is to hold the Back button (the one that lets you flick back to the previous menus – labelled with a back arrow, sometimes also labelled ESC) whilst switching the DVR back on, the button can be seen circled in the image below:

sunluxy_password_reset

  • After a short delay you will see that all lights apart from the power light go out and hear a beep, this means the DVR has reset itself  and will automatically restart so release the Back button and you will see the DVR begin to boot as normal
  • Once everything has loaded you will then be able to login to your DVR using the default username of admin and leaving the password field blank

Notes

  • In this example we used a Sunluxy branded DVR, however this process (or something very similar) should work with most generic H.624 DVR’s as well
  • The steps above assume your monitor is connected via the VGA connection, as Chris suggested in the comments below, try using the BNC connection if you have trouble with menus not showing
  • Finally, if you could let me know if you run into any problems or if the process works on other brands or models I’d be grateful