Interesting Reads

How Mechanical Watches Work (Quick Link)

I’m absolute floored by the detail that’s went into this site about how Mechanical Watches work. It’s broken down into smaller, digestible pieces of information that uses interactive graphics. The site and interactive graphics all look to be hand built.

Mechanical Watch

This isn’t the first time I’ve been in awe on Bartosz’s site. They’ve posted plenty of amazing interactive articles before. You should really go check it out. Some of my favourites include GPS and The Internal Combustion Engine.

You can view the rest of the articles at but be prepared to loose a few hours.

PHP Quick Post

AWK one-liners and Vim

Just a quick one – I had to edit an old PHP script that I wrote a while back to create calendar events. At the start of this file is a large array containing a number of letters which correspond to specific durations. As usual – I stuck with my one of the well known XKCD comics and decided that to update this file it was easier to learn a few new tricks (teach a man to fish and all that). In summary, I had to add to the file a list of formatted letters like


Each letter was repeated 3 times on recurring lines, and there was a total of 189 letters which had to be wrapped in quotation marks and have a comma at the end.

To begin with, I created a text file and entered in each line one character that would eventually become 3 lines. I then wrapped this up in AWK using the following one liner;

awk '{ print "\"" $0 "\","; print "\"" $0 "\","; print "\"" $0 "\","}' input.txt > output.txt 

I know that docent look pretty, however its a one liner and it works. To start with,

print $0

will print the current line, so by prepending and appending the characters I needed, properly escaped, around that


and repeating that 3 times I turned




for a total of 189 lines. I then moved this file to where I run my PHP script, and started VIM opening the two files at once. A quick press of


to select Visual Mode where I select the whole file, followed by a

:b 1

to move to the PHP script (the b stands for buffer, and the 1 is because that was the first file opened. 2 would be the seconds etc.) in VIM and a quick paste and I was almost done – I just had to remove the final comma


from the last array entry. I’m not good enough to have a bit of AWK work the last bit out – and the time spent implementing it would not be worth it.

AWK one liners, and AWK itself has never really been something I’ve used. In the past its been presented to me as a way to solve problems, but the solutions have been handed to me. This is the first time I’ve actively went hunting for a solution without asking for help – and even though its simple, I’m quite happy I managed to figure it out – even if it did take about 20 minutes of searching…

As a final note I’m also quite happy I managed this completely in the command line. No mice were used in the editing of this script!


Learning Python via GPS – Part 1

This shouldn’t be seen as a tutorial – there’s enough of them on the internet. This is just my notes as I wrote some stuff. Part 3 should have a complete write up with full code examples!

My last foray with Python turned out pretty neat – but you could tell I literally copied and pasted code together to make it work. Thats fine and all – but I wanted to actually start learning Python.

My first step in any language is the ubiquitous “Hello World!”, which, in Python, isn’t that difficult. Its a simple

print("Hello World")

Next, I figure out how to display the Fibonacci Sequence. I normally try this one as it starts to involve setting and getting variables, loops, includes math operators and combines it with outputting data. Again, not overly difficult.

loopCount = 1
num1 = 0
num2 = 1
maxIter = 100
print("0: 0")
while loopCount < maxIter:
    output = num1 + num2
    display = str(loopCount) + ": " + str(output)
    num1 = num2
    num2 = output
    loopCount = loopCount + 1

I still prefer CamelCase for my variables. I’ve been doing it for years and probably won’t stop.

I don’t use any shortcuts for this program and no shorthand for iterations – its designed just so I get used to the basic principles.

So after that I choose a project and dive into. Given the release of the Raspberry Pi Pico on 21/01/2021 that runs on either C++ or MicroPython I figured that it was the best tool for the job!

I grabbed one of the (many) cheap GPS Modules, paired it with a Pico, an Omnibus Board and a Pico Display (the last three all from Pimoroni) and set about making something.

I have a soft spot for GPS. I’m completely fascinated by it. I think it stems from my interest in the whole concept of time. GPS is known for (and its in its name) as a Positioning System – maps and directions. But it’s also a very very accurate time source. So accurate that when working out positions calculations have to be computed to figure out if parts of the earths atmosphere will interfere with time measurements. I’ve completed a fair few GPS projects in the past – and still working on others so with some limited knowledge of how these GPS Receivers works I figured it was the best to ease me into a new language.

The GPS receiver I’m using in this example is a Neo-6M. It has 4 pins, Power, Ground, TX and RX. The receiver can take a varying voltage level, but I’m used to providing it with 5V. Pins are, as best as I can figure from various internet searches, both 3.3 and 5v tolerant. I did have a level shifter ready to go should it be required but there’s been no real issues yet.

To make working with receiver and Pico Display easier I’m using the Omnibus Board. This just exposes the Pico’s pins for easier prototyping.

I started by program by laying out the basics. The Pico has a built in UART with pins defined for serial transmission and receiving. Hooking my receivers power, then TX up to the Pico’s RX, and likewise the RX up to the Picos TX was all the wiring required.

Using MicroPython getting the UART enabled is as simple as

from machine import UART,Pin
uart = UART(0,baudrate=9600, tx=Pin(0), rx=Pin(1), bits=8, parity=None, stop=1)
if uart.any(): rcvChar = uart.readline()
    line = rcvChar.decode("ascii") #print(line)

and that nets you some responses:


These responses confirm to the NMEA (National Marine Electronics Association) 0183 standard . Each one begins with a $ symbol, the next 5 characters is made up of a two then three character code. The two character code called an Identifier – GP in this case – lets us know that this data has came from a Global Positioning System receiver.

GPS isn’t the only system in use – you also have BeiDou (China), Galileo (Europe), GLONASS (Russia), QZSS (Japan), and others. Some only work in certain regional areas, others provide worldwide coverage. The majority of receivers I have only work with GPS but I’m eyeing up a GLOSNASS one next – hopefully with a Galileo receiver also (as long as it dissent go down).

The next 3 are the Sentence Identifier – and signal what kind of information is being transmitted. The most common are RMC, GSA, GGA, GSV, GLL, VTG. Each one provides relevant information for use – some more relevant than others.

RMC – Recommended Minimum Navigation Information C
GSA – GPS DOP and active satellites
GGA – Global Positioning System Fix Data
GSV – Satellites in view
GLL – Geographic Position – Latitude/Longitude
VTG – Track made good and Ground speed

A phenomenal resource I use while dealing with NMEA sentence sis gpsd service daemon. I’ve used that program itself numerous times but the documentation they provide is excellent – view all about the sentences here.

In my example above I have only selected 3 specific sentences. All have came from a GPS receiver. The first, RMC is Recommended Minimum Navigation Information C, GGA is Global Positioning System Fix Data and GSA is GPS DOP and active satellites.

With the three sentences above (when I have a good signal) this allows me to get the current location , speed (in knots), type of GPS Signal, quality of GPS Signal, date and time. To filter all these sentences into the three I need a simple

if "$GPGSA" in line or "$GPRMC" in line or "$GPGGA" in line:

can be used. This was my first “Gotcha” in Python. I spent an unreasonable amount of time trying to figure out why

if "$GPGSA" or "$GPRMC" or "$GPGGA" in line:

wasn’t working and I didn’t realise I had to explicitly confirm each part of the or statement. Thanks to the Python Discord I was swiftly corrected!

An actual set of sentences (with my location removed) would look similar to

$GPRMC,102011.00,A,4444.55555,N,55555.55555,W,0.471,,120321,,,A*6D $GPGGA,102011.00,4444.55555,N,55555.55555,W,1,05,3.20,63.5,M,50.7,M,,*76

and then picking out what I need in Python turned out to be pretty simple. As each sentence is comma delimitated, I just had to split the sentence into an array using that comma. The end portion (with the *) is a checksum but I’ll come to that later.

if "$GPRMC" in line:
    RMC = line.split(",")
    fixTypeB = RMC[2] # FixTypeB : Status, A = Valid, V = Warning
    dateGPS = RMC[9] # dateGPS : Date, ddmmyy
    timeGPS = RMC[1] # timeGPS : UTC Time of position,
    speedKnots = RMC[7] # speedKnots : Speed over ground, knots

and this allowed me to access each item in this array individually.

I’m going to cap this post here as I think its getting long enough already. Without revealing all the code this should be enough to get you hooked up and receiving what data you need. Some loops and print statements will get you data right onto your terminal. Part 2 will cover the screen and dealing with errors (hopefully!).


The Marvel Cinematic Universe

I’ve stared watching WandaVision. I seem to be missing certain key plot points and I think it’s becUse I’ve never seen the Marvel Cinematic Universe in its complete form. Sure, I’ve seen a few – the Iron Mans, the Guardians of the Galaxy etc but not them all – and especially not the most recent ones including End Game.

Thanks to Disney+ I’m now in a position to start watching the majority of them, and in some semblance of order. Thanks to techradar I’ve managed to get the general list of what to watch and when – and I’ll update this list as I watch them.

On this list there are a few that aren’t listed on Disney+. Gotta love movie rights.

  • Captain America: The First Avenger
  • Captain Marvel
  • Iron Man
  • Iron Man 2
  • The Incredible Hulk (Netflix UK)
  • Thor
  • The Avengers
  • Iron Man 3
  • Thor: Dark World
  • Captain America: Winter Soldier
  • Guardians of the Galaxy
  • Guardians of the Galaxy Vol. 2
  • Avengers: Age of Ultron
  • Ant-Man
  • Captain America: Civil War
  • Spider-Man: Homecoming (Sky Cinema)
  • Doctor Strange
  • Black Widow
  • Black Panther
  • Thor: Ragnarok
  • Avengers: Infinity War
  • Ant-Man and The Wasp
  • Avengers: Endgame
  • Spider-Man: Far From Home
  • Shang-Chi
  • Eternals
  • Spider Man: No Way Home

Update: 3 down. One feature I’m loving is that Disney+, much like most streaming services offer a “Skip” button. Usually it’s to skip the opening title of a TV show. They’ve enabled it for the end of the Marvel (and possibly other) movies.

Let’s see how long it takes me!

Equipment General

Its a costly month

It took me all of 2 weeks to weigh up my options and bite the bullet. I’ve put the cash down for a new Mac mini M1 – with 16Gb memory and a 1TB HDD.

The biggest annoyance over it all is the cost associated with storage. I know I can add additional storage via USB and Thunderbolt (and I plan on doing so) but I wouldn’t mind having it all together for ease, but the pricing just wasn’t there. The base model, 8GB Memory and a 256GB HDD costs £699. Each upgrade is around £200, so £200 to bump the memory up to its max, 16GB – not brilliant by any stretch of the imagination, but not terrible when it comes to Apple pricing. To take the HDD up to 512Gb is another £200. Then to 1Tb adds an additional £200. To get the top of the line storage is another £400 on top of that, and I just can’t justify an extra £400 for 1Tb of storage when I’ve already paid an additional £400 for 3/4 of that.

Im clearly drinking the kool-aid if I’m moaning about this cost but still paying it. My late 2012 Mac mini no longer gets OS Updates. I now have an annoying red badge letting me know some apps need updating, but they won’t update because I don’t have the latest OS. I’ve manager 8 years with this one computer, and it still runs fairly well. But it’s time to upgrade. Because I like to average out the cost of things, my current mini has cost me a total of:

Unit: £679.00
Accessories: £57.00
RAM Upgrade: £58.13
HDD Upgrade: £150 (approx)
Total: £944.13

Lifetime cost per month: £9.83.

For the new mini to make those same costs I’ll need to keep it for around 10 years. If I manage to sell my existing mini I’ll update the charge above. Lets see how the new one holds up…

Raspberry Pi

PiAlert – V1

I had a bit of an idea, and the PiAlert was the result. A video is the best demonstration but in short, different coloured lights light up when certain things are triggered, and a counter is kept for each light. My primary trigger is access attempts on port 22 (SSH) on my servers. Its usually all automated attempts, but after 24 Hours one of my VPS’s where I have normal login enabled recorded 1633 attempts, and another where I have SSH set to only allow password-less logins via SSH Keys recorded 9 attempts. Similarly, automated WordPress logins were detected once. The video shows it being manually triggered prior to it being exposed to the outside world.

And some photos of it in action

I won’t lie. This is at best an alpha level item. I’ve uploaded all the code and design files in the hope that someone finds it interesting and possible wants to help improve it for others.

I haven’t been able to share this post in the Raspberry_Pi subreddit as I was banned over 4 months ago for asking about the Pi HQ Camera (boring story). I’ve tried for the last 4 months to at least appeal the ban but no one replies to the mod mail. If anyone wants to help rectify that by speaking to the mods I’d be over the moon so I can get my project posted there!

The Project

I’m a bit late for the whole “lockdown project movement”, and seeing as I worked through any lock downs that happened I didn’t get the time to sit and tinker like I would have. That changed recently thanks to surgery where I’m now sat up in the house with very little to do.

After the recent incident with one of my servers I realised I quite enjoyed watching the logs scroll past showing what was happening. I usually run

tail -n 80 -f /var/log/apache2/error.log
tail -n 80 -f /var/log/apache2/access.log
tail -n 80 -f /var/log/auth.log

and it’s interesting seeing what pages random bots are trying to access, or what accounts they attempt to login to SSH via. It’s also got that same look as hacker movies do. I figured I could create a more visually appealing system and thats where this project came from.

Watching SSH logins have changed recently for me since I implemented a more strict login procedure – the number of failed attempts have dropped dramatically and this is evident after running this for 24 hours – as detailed above.

This post will be split into three sections, Hardware, Server Software Configuration and Pi Software.


This device is made up of a Raspberry Pi Zero W, a Pimoroni Blinkt! and a cheap 4 Digit 7 segment display (in white) from AliExpress, and is hooked up like so

A simple diagram – please forgive the slightly-better-than-MSPaint attempt.

The Blinkt! has been attached using DuPont wires which have been cut at one end and soldered direct onto the same 40-PIN GPIO connector on the Blinkt!, because I had to use the Pi’s GPIO pins to also hook up the 4 digit display.

Getting the Blinkt! to work this way turned out to be a bit tricker than I first thought. I thought my Blinkt! just had some poor mechanical connections in the connector and the amount of trial and error it took to get it working was more than I want to admit to. It turns out, after reaching out to Pimoroni on twitter that early versions of the Blinkt! used Pin 2 for 5V, instead of Pin 4, as shown on In my haste I ordered a second Blinkt! in case my one was faulty – but now I have to think of another project to use the second one for!

All these components were then put into a case I designed in Tinkercad and 3D Printed on my Ender 3 Pro, which to an extent worked, but I could not get my head around how to create a case that clips together for a friction/clip fit. I ended up throwing two large columns that an M5 Screw would fit into to hold it all together. These columns are off centre to all room for the Pi to fit.

It was printed in some cheap no-brand PLA at 217°C, 10% infill, and regular settings that I’ve tweaked over time watching various YouTube channels.

This took 9 iterations of printing, measuring and tweaking before I got the front part of the case looking pretty decent. Each time I printed it something else could just be moved a bit over, or it could just be adjusted ever so slightly, and because I’m using Tinkercad a few times I ended up moving a key part or two and had to almost start over again. During my iterations I ended up getting rid of my attempt at clamps to keep the Blinkt! in place, and resorted to a hot glue gun (a first for me!). I ended up using that on the 4 digit display, and to keep the Pi Zero set. One of the last iterations was the mounting for the Pi Zero itself. I had initially left it floating in the case but plugging the usb cable was a bit of an adventure with it moving about so much. My final revision, if there ever is one, is to remove the screw posts and holes for M5 screws, and figure out how to get the case to snap-fit together. If anyone wants to take a bash at remixing it, please, feel free! My only other issue is I wouldn’t mind a piece of opaque glass or acrylic to sit over the front. On the one hand it hides the obvious parts that look very tech-y, and two, it should diffuse the light somewhat.

The Pi Zero W I used was used previously in another project that needed the 40 Pin GPIO connecter mounted backwards. This actually turned out to be a bonus, and as it was being popped in a case and this will more than likely be its final project, I decided to bend some of the pins to help it fit a bit better.

A final design idea is that I really should have included a button or two, even just hidden around the case somewhere. One for cycling through the detected hits so I don’t have to wait on a specific hit to see that number, and one to switch off the display with a short press, and gracefully shut the Pi down with a long press. If needed, its always accessible via SSH and if absolutely needed I could write a URL route that calls

sudo halt

Server Software Configuration

As part of the process of securing and monitoring my servers after my last incident I verified that fail2ban was actually installed on them. fail2ban is an amazing piece of FOSS software that, in summary, watches logs on your sever, takes a note if anything is happening that shouldn’t be like multiple failed login attempts to the SSH Service, and bans that IP Address from reaching your server if the issue is severe or repeated for a predetermined time. By default it watches SSH traffic, but it can also be extended to monitor other things like the amount of 404 errors, or incorrect login attempts to WordPress etc.

Part of fail2ban allows you to create custom actions when various triggers happen. This ended up being more difficult than just plonking a curl request in and I ended up reaching out and asking on GitHub because no matter what I tried it wasn’t working. For ease of reference – this is how I made custom actions for fail2ban on a debian based server –

Create a jail.local file and add the following

enabled = true
port = ssh
banaction = pinotifyred[myhost="SCRIPTHOSTSERVER"]
Replacing SCRIPTHOSTSERVER with a suitable URL (i.e dev.testing:8080) - no protocol at the start, no path at the end, and no trailing slash. 

This inherits all the actions for SSHD, so it will continue to ban as normal, but it allows us to define additional actions. Unfortunately, you can’t just define a command to run here (and this was my issue), but instead tell it what action you would like to run, which gets called from the action.d folder. In the action.d folder create a file named after the ban action, in this case pinotifyred.conf, and have the following code in there

# sends get request like ""

actionban = curl --fail "http://<my-host>/red" >> /dev/null

# overwrite this in jail as action parameter:
Again, replacing SCRIPTHOSTSERVER with a suitable URL (i.e dev.testing:8080) - no protocol at the start, no path at the end, and no trailing slash. You can see that the actual address and protocol are set here in the actionban section.

This code calls the action ban, and replaces the <my-host> variable with what it has been defined as. I couldn’t get it to work without having that as a variable.

This code performs the command required, and also defines some variables that are needed for fail2ban to work. As a bonus feature, the way this is set up means that you can send a curl or wget request with various parameters including what IP has been banned, time and date it was banned etc, so if you’re after a more data-rich solution this could also be used. To do that, you could have a file in your action.d folder containing something similar to

#sends get request like ";ip=":

actionban = curl -G --data-urlencode "jail=%(name)s" --data-urlencode "ip=" --fail "http://<my-host>/ban.php"

overwrite this in jail as action parameter:

As a small side note – I think theres a bug here in that the ban action is being called when an IP is unbanned. It’s something I’ll look into later as it’s possibly double counting.

Pi Software

I’ll be completely honest. The code is an absolute mess. It’s written in Python 3 by someone (me) who doesn’t know python, but knows how to search for and get answers on Stack Exchange, and with a grasp of basic programming fundamentals, managed to create the python program.

I’m not going to go over the process for formatting and getting you Pi to a headless and login-able state via SSH as that been done a thousand times before. The code below is hosted at GitHub, with only two files, the main

script to be run at startup, and a

library, gracefully used from RaspberryTips.

You can see the code in its entirety at my GitHub page.

This Python program just simply sets itself up to act as a HTTP server (and I know its not meant for production, but this is one of those “quick and easy” projects) and listen for any requests. Its single threaded, so if it gets a lot of attention it’ll more than likely fall down. It simply waits for a URL, if its defined, it runs an action. The action is to light up the Blinkt! in a Larson style scanner and then increment the counter. Depending on the URL means different colours LED’s illuminate. Theres no real error checking, theres no check to make sure the counter won’t overflow, and the program has the added benefit of showing me that even my home network is constantly under attack by malformed URL’s looking to gain access via any vulnerability they can find (which also throws up an exception error but doesn’t crash the program).

The penultimate piece of the puzzle is setting up the Pi so that as soon as it boots, it loads this script, and then just sits and runs. This is accomplished by editing


in vi by adding the command thats usually used to run the program –

python3 /home/pi/PiAlert/ &

The last piece of this whole puzzle is making sure the Pi, which is sitting behind a firewall on a home network with a Dynamic IP, will always be able to be reached by my VPS’s. I could use Dynamic DNS or any of the other myriad of services out there, however someone on the self hosted subreddit created a free service called which does exactly what I need it to do, and does it well. The service doesn’t seem popular yet and with the phenomenal price of free I’m sure that won’t be the same for long — but given how simple it is I would gladly kick a few quid their way. I also noticed that a second service has been set up by someone else on the sub, which I’ll have to give a bash at some point.

This isn’t meant to be one of those mission-critical pieces of kit that you see in every action movie. It’s meant just as a small reminder that every day, there are thousands of bots in the ether attempting to gain access to something they’re not meant to. This device just brings those attempts into the physical world, reminds you about them, and it looks quite nice.

My code has 4 coloured lights set, and I have them set up as follows:

  1. Blue for failed WordPress attempts on this site
  2. Red for failed SSH attempts on Server A
  3. Purple for failed SSH attempts on Server B
  4. Green for failed URL’s from Server C

I’ll probably extend and change this as time goes on but this is a good indicator of what’s happening without having to log in to any server.

The best part? The design is somewhat neutral and is very, very flexible. If I decide I don’t want this anymore I can rewrite the code and turn it into a clock, or a counter for page hits, or any other number of things. Theres 8 RGB Leds and 4 7-Segment displays. Its also very portable. I have it sitting at my desk where I write my code, and its a nice reminder that bad people are trying bad things. But because of the low power requirements it can be ran from a battery pack – I could plug it in anywhere in the house where it will get a WiFi signal and it’ll happily run the code, and if a different network is needed all I have to do is SSH in, or create a new


file on the



So in summary — the codes a mess and could really be refactored. If I ever learn python it’ll be one of the first things I do. The enclosure could do with some love, and again, if I ever learn a 3D Modelling program I’ll get to that as well. But apart from that? I’m happy.



I’ve said before about how much I enjoy playing the game Destiny, and, to a much smaller extent, its successor Destiny 2. I used to be an avid player — jumping on for a few hours a night, playing with a clan, running strikes, missions and raids.

I was a late start into Destiny. I remember buying the base game just before House of Wolves launched. That meant I missed out on the real experience of running Vault of Glass first.

I was never a PvP person. I enjoyed the stories, the character building, the worlds, the music and the exploitability the PvE experience had to offer. After playing by myself a bit I got into a clan – Legion of Morn (Which sadly is no more) after watching Brendan on Twitch. LoM were great with a few really active players and I was always able to jump on and have a run at some PvE activity. The whole community surround Destiny at the time was phenomenal. Bungie had a pretty open API that allowed people to build incredible applications. Ones that transferred gear to your characters or gave you insights into how you or other people played, and even how much time you spent on Destiny in various activities.

I ran my first raid, Vault of Glass, away back 03/03/2016, and then various raids since then. My favourite of all was Kings Fall. A proper, behemoth of an activity that replied on multiple people doing multiple things, with everyone having to take their turn – so you could always be the one who did certain things thanks to the mechanics. I only ever completed Kings Fall 4 times but man, I still reminisce on it fondly.

Destiny 2 then came out and despite being better looking, with better playability, something just didn’t strike the same feelings as Destiny 1 did. I went with my clan into Destiny 2 full of wonder, but very quickly it was apparent that some decisions had been made by Bungie that put the whole game in jeopardy — not from a “this game is going to crash” type thing, more of a “this game is about to lose all its player base”.

Destiny 2 has always had 2 sides. PvE (Player vs Everything – where you normally fight or battle computer based opponents) and PvP (Player vs Player, where you would fight against other Destiny players from around the world), and for a while, it seemed as though PvP wash the driving force behind the decisions Bungie was making, and it affected a large portion of the player base — me included.

Destiny 2 was the start of me realising that it’s not the game I started playing. It’s not the game I enjoyed playing. I’ve forced myself time and time again to play Destiny 2, having now clocked more hours in it vs Destiny, and I still just don’t feel the same about it. Some missions are brilliant. The opening story and subsequent story missions have been phenomenal, but more recently the stories just don’t feel like they have the same depth or planning as they used to.

Its a shame. I still love the stories. I still love the lore. I love the background, almost everything about it apart from playing the game. I’ll happily read the lore entries, and watch other people play – anything to do with Destiny. Apart from play it.

That saddens me.


New Domains!

Because everyone needs more domains, right?

During a conversation the other week I was lamenting about how much of a pain it is to have to explain my domain when giving it out —

Yeah, its hyphen web — the take-away sign then the word web. W for Whisky, E for Echo, B for Bravo.

A typical reply when asked for my email address

I was asked — why don’t you just buy it without the hyphen? Good advice I suppose. Except that it had already been purchased. I checked on it previously and had done so at random intervals since registering The last update the wayback machine was on the 10th January 2018 – where it simply proclaimed

Welcome to

Staging Server

and had done so since May 2013. Prior to this is looked like a personal server for a Nick B.

I love that about the Wayback Machine — pop in a domain and see how its changed over the years. I’m a bit annoyed at myself as a number of years ago I requested that I be excluded from it and I can’t figure out how to re-enable it, but I digress.

Checking the domain I seen that it was now available for purchase! So I jumped on it, meaning is now improved, with one character less! 14 to 13 characters – a whopping 7.1% decrease!

But Wait – Theres More!

Nominet have also introduced the .uk domain – dropping the .co section. Checking with OVH they had a deal and I ended up grabbing that domain for less than £2 for the first year. A bargain! So that means that the domain now has 10 characters, translating to a near 30% reduction in characters!

The domains will all redirect to the domain as I’ve had it since 2002. I can’t get rid of it that easily!

Why? Why not…

Hosting PHP

What to expect when your expecting… to be hacked

A bit of a disappointing one this. Theres nothing worse (well, I’m sure there is but in this context lets leave it as is) than receiving that dreaded e-mail from your host. It starts with a subject line similar to

Security Incident Concerning

and a body of text along the lines of

A security risk has been detected on your server.
We have been informed that your server contains or redirects to harmful or malicious content, such as malware or phishing sites.

Not at all ideal. In summary — the server in question began to host malicious content. It was from a domain that I don’t use and have a holding page only up, and a user at some point has reported the URL as a malware/phishing attempt. This then gets reported to my host, who then reports it to me.

After getting the email I was a bit perplexed as to how this site had been flagged as a security risk. I checked the URL given and sure enough, a redirect was in place taking it away from my server to some other (compromised) server. I thought it might have been a coding issue that allowed my domain to freely redirect pages (meaning any attacker could mask their own server with mine). I logged in and checked a few things. It wasn’t my code that was doing anything. I checked and seen a few other files that shouldn’t have been there, all with recent creation dates. A quick

find . -maxdepth 20 -mtime -20

netted me a few files that had been created 2 days prior. These were in a variety of directories, and as I spread my domains across a couple of servers these files also appeared in those directories. The suspect files all were all Base 64 encoded, and executed php scripts – given that they all started with

<?php eval(base64_decode('BASE64ENCODEDSTRINGHERE')) ?>

These files either redirected pages, contained a mass emailer (LeafPHPMailer) or opened up a (pretty feature rich but visually poor) file manager. I’m not going to go into too much detail but the reason for the infection came from one WordPress installation that I had completely forgot about after transferring to the new host. Its a site thats very seldom accessed, and to be honest, doesn’t require a WordPress Installation, but it was an easy CMS solution for someone.

Using an out-of-date plugin the attacker managed to place obfuscated PHP file on the server. This file was then accessed via a web browser which ran the PHP code, and allowed other files to be placed in different locations on the server.

When I deployed these servers I began hardening them against attacks like this. Unfortunately, I didn’t finish it. Some of my actions stopped the potential full-scale destruction of the server which I’m thankful for, but I’m a bit annoyed I didn’t finish my hardening steps.

Having separate users for different tasks on the server helped. This meant that any file modifications were only able to be done at the root web-directory level. Config files, where appropriate were hosted out-with the directory, and permissions meant that other files could not be modified. There were a few other steps that I’m not going to go into detail about however cashing up on a couple of guides on how to harden or secure your server should help.

After figuring out what happened, and how it happened, I stopped any public access – essentially shutting down the HTTP Daemon, removed any newly created files matching the time scales above, pretty deleted any WordPress installations and re-downloaded fresh copies of the MD5-checked files from, then manually checked all the database tables for Indicators of Compromise (IoC’s) line by line, entry by entry, and slowly reloaded everything.

I then finished my hardening that I should have done before.

I think it’s important to vent that “hacking” isn’t hacking any more. It’s what used to be known as “Script Kiddies” who are now essentially Serious and Organised Crime Groups that use these phishing and malware scams to extract money. Theres no hacking in the traditional sense – just the unauthorised access to computers that wreck havoc on people who are caught by it. It’s the same as a teenager using a Low Orbit Ion Cannon.

Am I embarrassed this happened to me? Of course. Annoyed? Yep. But I’m also relieved that it did — it means I was able to stop it before it became much, much worse.

Quick Post

A phenomenal cover

I love this song by The Weeknd – it’s called Blinding Lights and this is one of my favourite covers. I really like Teddy Swims voice – I’m not a fan of all his covers, or even his original songs, but man. This song just hits the mark.