content + info + hacks + solutions
I had a dream I was on a shelf in the refrigerator.
Someone closes the door, and the light goes off
and I know everyone is out there eating.
And then, they open the door and you see them smiling
and they’re happy to see you,
but maybe they don’t look right at you,
and maybe they don’t pick you.
Then the door closes again. The light goes off.
We had a need recently to batch insert a pdf into hundreds of other PDFs prior to distribution. There are a lot of slimy PDF applications out there that seem to be able to help compile merged PDFs, but I wasn’t happy when I tried a bunch of them. The good news is Adobe Acrobat XI has the Action Wizard functionality that can do this pretty easily. Here is how we did it.
1. Put all the PDFs you want to augment into a folder. Put the PDF you want to insert into all the PDFs in that folder outside the folder.
2. Go into Acrobat Pro (Version X or higher) and go to Tools > Action Wizard
3. Go ahead and “Create a New action” and change the first area of “Files to be Process” default option to “Add Folder” and under “Pages” add “Insert Pages” and specify settings as desired. You can leave the defaults.
4. Add “Save” to the action sequence after insert so you won’t have to save each individual PDF after the insert happens.
5. Inside the “Save” tool, you can decide to tweak the filenames as well. We left them at default so they save over the existing PDFs.
6. Save the action.
and you will see this in your Acrobat Pro > Tools > Action Wizard menu.
7. Click the saved action to start the batch process. Specify the folder for all the PDFs you will be inserting pages into. When you select the folder, it will put a list of the pdfs in the preview.
8. Click “Start” to be prompted for the PDF you want to insert.
9. And then the magic happens. Acrobat should go through the PDFs in the specified folder and play the insert. This is much, much better than having to play the inserts manually to the dozens or hundreds of PDFs.
The WordPress XML-RPC ping attack is pretty annoying. For large sites and coordinated attacks, the XML-RPC issue can get insane. For my site, the /xmlrpc.php queries/post attempts are more of a log annoyance. Still, it is a hassle that I wanted to kill. The various WordPress plugins to help with this and the .htaccess commands really didn’t give me the closure I wanted, so it was time to leverage the bundled firewall, UFW, on my Ubuntu server.
Here is the problem. A quick grep of the /var/log/apache2/access.log will show the issue.
$ sudo tail -100000 /var/log/apache2/access.log | grep /xmlrpc.php
The various plugins for WordPress, the Apache .htaccess allow/deny commands or the rewrite don’t really stop the query to the webserver service but they do minimize the response traffic required. For most of these servers doing the attacks, there is no value in even having them connect to server anymore once they have pinged it to death for hours. These are not users, these are bots and I’d rather not even let them have a response.
I had very minimal firewall rules around web and mail services on this server prior to going after the xmlrpc.php attacks. But, it was time to add a few to the serial offending ips coming after my xmlrpc.php and WordPress. If your server is getting attacked by hundreds or thousands of IPs, than this method is more laborious that what you want to do. You can try to go with the fail2ban framework with WordPress and Linux. On my server running Ubuntu, the request problem is pretty contained to just a few IPs from time to time trying their luck with my WordPress xmlrpc.php. So, the path of blocking them outright is an easy thing to do.
The UFW community page at Ubuntu is great. I have always hated manual IPTables rules, so UFW is nice and clean to deal with.I reset ufw to default rules to clean-out all my old setups and start from scratch again. Add the rules you need for basic services and ports via the standard or advanced methods. There is also a GUI tool, GUFW, to handle this, but it has it’s limitations. You need to enable UFW if it isn’t active and add some rules to kill off the bad guys from even connecting to the server. If you can do this via a perimeter firewall, great. This is a home server, so the router in doesn’t have much beyond basic port forwarding functionality.
The issue with Apache and UFW is that Apache will read the rules in numeric order. So, any deny commands you do by IP or IP/port/service need to be ahead of the 80/http and 443/https allow rules. If you try to block and do your deny rules below the Apache2 allow rule for 80/443, it will not do anything for you. Get those deny rules up!
You can do this through the insert ufw command.
$ sudo ufw insert 1 deny from <evil.ip.address.source>
After pumping in a few of them, your rules will start to look like this:
$ sudo ufw status numbered
I could have been specific to the IP and incoming port and only block http or https, but why with these IPs either evil bots or compromised servers. My allow for port 80 and 443 rules are further down the numeric list. Issuing a reload and watching the apache2 access.log will provide validation that these servers aren’t going to bug you anymore. You can also flip the ufw logs to medium to get a better sense of the activity it is deflecting if you need proof.
One would think Lenovo would have done some work to scrub the existing inventory in their own warehouses after the debacle around Superfish leaked last month. It’s clear that they haven’t.
My wife and I just ordered a Yoga 2 Pro late last week to replace our old MacBook Pro 2011 that died recently with motherboard failure. We received the Yoga 2 Pro today and as I set it up. I removed the various bundled crapware applications and I was sure that Lenovo would had the sense to clean-up their Superfish mess (at least on all inventory that didn’t ship yet out to resellers) but they didn’t even do that.
I was shocked to see Windows Defender find Superfish and nuke it.
This is very surprising to me. Lenovo got rightfully hammered for the decision to bundle Superfish with their products and I thought they had righted their wrongs. They make great hardware and I happen to love the Yoga series units, but this is very dissapointing. I see others are finding out the same thing.
Ugh! Get it together Lenovo. You make great hardware, but the revenue stream from bundled apps and malware is damaging whatever brand you have left.