VMWare Workstation: The VMware Authorization Service is not running

This error can occur after the Windows 10 update, either 1511 or 1607.

This issue occurs as part of the upgrade removes the VMWare authorization service. If you click Start->Run and type service.msc you will see the service missing.

Go to Control Panel->Add/Remove Programs and repair your VMWare Workstation installation.

The other option is to update your version. Ensure you have the correct licensing before you do this.

Block xmlrpc.php attacks with fail2ban + iptables wordpress

One of the issues I’ve faced on this server is xmlrpc.php attacks. These are normally bots trying to exploit old bugs in xmlrpc.php within WordPress. Many legit plugins use calls to this file such as Jetpack. So blocking it isn’t really an option.

In my case, I wanted to block these attacks with iptables. So I went about creating a rule using fail2ban.

To get started, get iptables and fail2ban installed:

apt-get install fail2ban iptables

Once installed, edit the default jail file. This won’t exist on a new install

nano /etc/fail2ban/jail.local

Add the following lines (make sure the path matches your own)

[xmlrpc]
enabled = true
filter = xmlrpc
action = iptables[name=xmlrpc, port=http, protocol=tcp]
logpath = /var/log/apache2/access.log
bantime = 43600
maxretry = 2

Now edit the following file (this won’t exist)

nano /etc/fail2ban/filter.d/xmlrpc.conf

Add the following lines

[Definition]
failregex = ^<HOST> .*POST .*xmlrpc\.php.*
ignoreregex =

Restart the fail2ban service

service fail2ban restart

You can watch the log in real-time to ensure it’s blocking correctly:

tail -f /var/log/fail2ban.log

putty_2016-08-12_13-25-33

IBM v3700 + Fusion MT HBA + Lenovo x3650 M5 – Multipath issue on VMWare 6

I’ve been working on an issue for the past week with the following hardware/software:

3x Lenovo x3650 M5 Type 5462
6x Fusion-MPT 12GSAS SAS3008 (two each host)
1x IBM v3700 SAN
VMWare 6.0 U2 (Lenovo image)

The HBA’s and SAN were configured in the following manner:

FC-attach+(1)

What I didn’t realise early on was that multipathing from the SAN to VMWare was not working. As I was in a rush, I saw the SAS connections were live. The SAN said everything was ok, so I didn’t think twice.

However, on closer inspection on the SAN, I found that only one SAS HBA on each host was active. Hmm, what was going on?

Capture (1)

VMWare was also reporting the same issue:

cap2

Initially, I thought this was a SAN issue. I contacted support who checked out the SAN and couldn’t find any issue.

I then contacted VMWare who initially said the configuration was not supported (driver wise). Actually, what I found is VMWare were referring to the wrong driver.

After about a week of going back and forward, I noticed the drivers that were shipped with the Lenovo VMWare image were not the latest. I proceed to update the drivers which in turn, enabled multi-pathing in VMWare.

VMWare:

chrome_2016-08-09_21-50-40

SAN:

chrome_2016-08-09_21-57-30

This was quite a simple issue but made a bit more complicated as all the hardware seemed supported and at the right driver level.

The correct driver was the lsi-msgpt3 driver found here. lsi-msgpt3 version lsi-msgpt3 version 13.00.00.00-1OEM. The installed version was lsi-msgpt3 version 12.00.00.00-1OEM.

Sometimes it pays to check the basics.

Fosshub.com compromised – Malware on popular downloads

As discovered tonight, popular download website, Fosshub, has been compromised.

Hackers have targeted popular downloads such as Audacity, WinDirStat, qBittorrent, MKVToolNix, Spybot Search&Destroy, Calibre, SMPlayer, HWiNFO, MyPhoneExplorer, IrfanView and others.

https://twitter.com/CultOfRazer/status/760668803097296897

When installing these programs from Fosshub, you will be infected with malware. This malware will re-write your MBR and you will not longer be able to boot into your operating system.

https://twitter.com/CultOfRazer/status/760752941066313728

CultOfTheRazor has claimed responsibility.

Microsoft removes features from Windows 10 Professional

Earlier in the month Microsoft announced their new subscription service for Windows 10 Enterprise. Starting at just $7 USD per month, end users are able to subscribe to Windows 10 enterprise on a monthly basis.

This, I  think, is a good move by Microsoft.

However, what is disturbing is what Microsoft is changing on lower tier versions, such as Windows 10 Professional. See the following changes:

Windows 10 changes

I’d say this is to target the small business users who now cannot disable the shop within Windows. This will push slightly larger businesses to go to Enterprise.

While a small change, I hope Microsoft doesn’t fall into the trap many other monthly subscription providers have fallen into.

See the following for more information.