Converting DVD to MP4 (H264) on windows (With the free ffmpeg tool)

Converting DVD files to MP4

Video files on a DVD are usually in the video_ts directory and have the extension VOB.

On Windows, the easiest way to do this is by copying the files in the video directory on the DVD to a folder in your hard drive, then running the commands below, then deleting the source VOB files,

NOTE to ignore: surely, you can do it by adding absolute paths, but that would force me to explain much more here. with find the directory and copy the path then append it here then copy the names and append them to the path and all that good stuff, so why not just make it simple with copy then delete the source.

Assuming you have ffmpeg installed and in your path, you would execute the command like so, concatenating all the video files in the DVD

cd c:\directory_where_you_put_the_vob_files
ffmpeg -i "concat:VTS_01_1.VOB|VTS_01_2.VOB|VTS_01_3.VOB|VTS_01_4.VOB|VTS_01_5.VOB" outfile.mp4
Another note to ignore, On a linux box (The above works on both linux and windows), you can concatinate the VOB files then pipe them into ffmpeg like so
cat VTS_01_1.VOB VTS_01_2.VOB VTS_01_3.VOB VTS_01_4.VOB VTS_01_5.VOB | ffmpeg -i - outfile.mp4

Disable windows automatic restart in Windows 10, the new way

So, Microsoft decided to change things a bit on how this can be done. To make a long story short, this is no longer inside “Advanced options” But rather in a different link names “Restart Options” on that same page

So open your settings app, then visit Updates and security, then windows update, then restart options (And active hours if needed)

Now, You can move your update hours to your weekend if that need to be the time for restarts

Force mount hibernated NTFS volume

This problem is one i face often, because of how older versions functioned, the answers online no longer apply, online, you will find that

ntfsfix /dev/sdc2

should do the trick, in reality, it will not as you will see the following error

Mounting volume... OK
Processing of $MFT and $MFTMirr completed successfully.
Checking the alternate boot sector... OK
NTFS volume version is 3.1.
NTFS partition /dev/sdc1 was processed successfully.

The solution in reality is asking ntfs-3g’s mount to remove the hiberfile

WHAT YOU NEED – YOU WILL LOSE THE HIBERFILE

mount -t ntfs-3g -o remove_hiberfile /dev/sdc2 /hds/intelssd

Without the remove_hiberfile instruction, you will probably get an error message such as

Windows is hibernated, refused to mount.
Failed to mount '/dev/sdc2': Operation not permitted
The NTFS partition is in an unsafe state. Please resume and shutdown
Windows fully (no hibernation or fast restarting), or mount the volume
read-only with the 'ro' mount option.

Where you can actually mount it as read only if you do not want to write to it with the line

 mount -o ro /dev/sdc1 /hds/intelssd

ufw – the 2 minute guide

apt-get install ufw

ufw allow ssh

but what do you know, i got an error

ERROR: initcaps
[Errno 2] modprobe: ERROR: could not insert 'ip6_tables': Unknown symbol in module, or unknown parameter (see dmesg)
ip6tables v1.4.21: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.

Well, that was not so nice, so i went into the file /etc/default/ufw and disabled IPv6, and now it works

So, before we enable it, i enabled SSH access otherwise i will be locked out

ufw allow ssh

now, enable it with

ufw enable

Now, enabled a few more ports for website or SIP for example

I have a website under development, so i will want to open port 80 and 443 for my ip only ! I would like to delete those rules as my IP changes

ufw allow from 213.139.53.70
# and When my ip changes
ufw status numbered
ufw delete 4

Then add the new IP like in the first line

restoring lost tabs in firefox

Every once in a while (often), something happens and the “Restore session” option in firefox disappears (right now it is june 2016), usually this happens after a crash where i try to re open firefox early or when computer hangs then i do something stupid, if you just opened firefox, keep it open, then go to C:\Users\techg\AppData\Roaming\Mozilla\Firefox\Profiles\8xve5flx.default (Or whatever your profile folder is named), and WITH YOUR FIREFOX STILL OPEN, copy the file sessionstore.js (back it up), Now close firefox, your original might have reset to a small file size as soon as you close firefox, Now, the tabs are all stored in sessionstore.js.bak (or whatever you called the copy), so delete the one you have, and copy this file back in it’s place.

With that done, it is editing time

The bad copy starts like this

{"version":["sessionrestore",1],"windows":[{"tabs":[{"entries":[{"url":"about:home","title":"Mozilla Firefox Start Page","charset":"","ID":716087720,"docshellID":11510,"docIdentifier":13,"persist":true}],"lastAccessed":1465298115431,"hidden":false,"attributes":{},"userContextId":0,"index":1,"image":"chrome://branding/content/icon32.png"}],

delete some text (“version”:[“sessionrestore”,1],) to make it look like this

{"windows":[{"tabs":[{"entries":[{"url":"about:home","title":"Mozilla Firefox Start Page","charset":"","ID":716087720,"docshellID":11510,"docIdentifier":13,"persist":true}],"lastAccessed":1465298115431,"hidden":false,"attributes":{},"userContextId":0,"index":1,"image":"chrome://branding/content/icon32.png"}],

Now, open your firefox browser, and you should see the restore button come back up.

Review of the Seagate ST8000DM002 8TB 7200rpm desktop hard drive

This is not a review in the sense that it explores the drive in every possible aspect, this is better seen as a user review.

I got this drive on 2016-04-06 (6th of april), the first thing that catches your eye about this drive is that every inch of the space a regular hard drive uses (that empty area under the disk) is used, as a consequence, there is no middle screw hole, only in the back and in the front, a bit of a problem for many computer and NAS cases that rely on that hole to fasten the drive in place.

So, formatting the system into ext4 and copying files onto it, the drive seems very fast, how fast exactly remains to be seen in the coming few hours as i can only run the test after ext4lazyinit completes and finalizes the ext4 partition. I also enabled lazy write-back and removed the journal (tune2fs -O ^has_journal /dev/sdb1)

Now, let us take a better look at some parameters that were given to us by seagate

This is not the SMR (Shingled magnetic recording) disk, this is a proper hard drive meant to run as your desktop’s hard drive, the hard drive features 6  1.33TB plates, which is very high density compared to any disk on the market.

Price per gigabyte at the time of writing on this drive is 4 cents, that is pretty good for a desktop hard drive (The archive drive costs less per GB, but is much less of a performer), the archiving drive, with the SMR needs to delete neighbouring bytes and rewrite them whenever it needs to update a certain byte, so it suffers in performance, not to mention that other things are designed with this in mind too.

Using cloud linux

Basically, CloudLinux sets limits on hosting accounts, here is what you need

1- Remove limits for a certain user
lvectl set-user techg –unlimited

2- Restore all limits to defaults
lvectl apply all
Or
lvectl delete-user techg

3- Increase speed of website to use 3 cores
lvectl set-user techg –speed=300%

Change the defaults
lvectl set default –speed=100% –pmem=2048m

Server unable to read htaccess file, denying access to be safe

I am very new to centos (Debian usually), and on my cpanel / whm server, i got this error

Forbidden

You don't have permission to access / on this server.
Server unable to read htaccess file, denying access to be safe

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

Something seemed seriously wrong, I had already chowned all the files

chown -R techg:techg public_html

I also even deleted the htaccess file, but still, the server was reporting the error.

The solution turned out to be making the public_html directory executable

I found that out through the apache log files that read

[Sun Mar 06 02:48:10.894154 2016] [core:crit] [pid 1261] (13)Permission denied: [client 46.xxx.216.169:55886] AH00529: /home/techg/public_html/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that ‘/home/techg/public_html/’ is executable

Protecting roundcube against bruit force attacks

You probably have protected your dovecot, postfix, exim, dbmail, or any other port opening application that needs to be protected from bruit force and dictionary attacks.

But what about roundcube, the problem with roundcube is that you have to whitelist it (whether it is on the same server or a different server) so that it does not get blocked, so now you have another security issue, this way a hacker can bruit force your server even when fail2ban is monitoring all SMTP and IMAP and POP ports.

The solution to this is to actually protect RoundCube itself against bruit force.

Forget the apache logs, we don’t need to use those as roundcube will log failed attempts in it’s /logs/errors file, this file has something similar to the following line

IMAP Error: Login failed for aaa@bbb.com from xxx.xxx.xxx.xxx. AUTHENTICATE PLAIN: Authentication failed

You should also note that there is a certain roundcube config file in fail2ban, which i am not using because i like to make things as simple as possible but not too simple, the file that comes with fail2ban roundcube-auth.conf seems to account for older installations of roundcube, something i don’t really need.

Now, here is a step by step manual to protect roundcube (Or phpmyadmin or ispconfig or what have you) from bruit force attacks and dictionary attacks.

1- Make sure fail2ban is installed
apt-get install fail2ban

2- add the following two configuration file to fail2ban programs directory (/etc/fail2ban/filter.d/)

1- roundcube.conf

# Fail2Ban configuration file for roundcube webmail
#
# Author: Fabian Wenk 
#
# $Revision$
#
# To have logging information available, it is necessary to adjusting
# the following option in config/main.inc.php from Roundcube:
#
# $rcmail_config['debug_level'] = 1;	// not sure, probably not needed
# $rcmail_config['log_session'] = true;
#
# and point in the fail2ban jail config to the correct logfile,
# or change also the following config to log to syslog:
#
# $rcmail_config['log_driver'] = 'syslog';
#

[Definition]

# Option: failregex
# Notes.: regex to match the password failures messages in the logfile.
#	first line is for Cyrus IMAP (2.4.x)
#	second line is for Dovecot (2.1.x)
# Values: TEXT
#
#failregex = roundcube: IMAP Error: Login failed for .* from . AUTHENTICATE PLAIN: authentication failure in .*$
failregex = roundcube: IMAP Error: Login failed for .* from . AUTHENTICATE PLAIN: Authentication failed. in .*$

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =  

2- roundcube-repeat.conf, this rule inspects the fail2ban log file itself, and if there are repeated bans (repeated violations), imposes a bigger penalty

# roundcube configuration file
#


[Definition]

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P\S+)
# Values:  TEXT
#
failregex = \[roundcube\] Ban 

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =

The above is how fail2ban will identify failed logins, now in the /etc/fail2ban/jail.local we need to tell fail2ban 1- Where to look for this rule, 2- what file to look for the logs in !

So, to activate the above, we need to add some rules in /etc/fail2ban/jail.conf

[roundcube]
enabled  = true
port     = http,https
filter   = roundcube
logpath  = /var/sys_ssl/rcmail/logs/errors
maxretry = 5
findtime = 600
bantime = 3600

[roundcube-repeat]
enabled = true
port = http,https
filter = roundcube-repeat
logpath = /var/log/fail2ban.log
maxretry = 3
findtime = 21600
bantime = 86400

Now, to the testing, mind you, if you test, you will be blocked, depending on how you test, you might get blocked for a whole day, so keep that in mind

For those of you on a recent cpanel installation, you should probably know that iptables are disabled by default in favor of firewalld, fail2ban will update the rules, but the rules will not work 😉