Weeknote w/c 2019-12-16

The concept of weeknotes is still odd to me, but they seem to be a thing that people do, so I’ll give it a go Move to Linux Desktop So, I’ve decided to drop Mac for my personal laptop. It’s not that there were any real problems with MacOS, but really I just needed a more powerful laptop. I’ve gone for a ThinkPad T495. It was decently priced on Black Friday, has a Ryzen 5 CPU, 16GB RAM, 512GB NVME storage.
Read more →

Automatically generate dnsmasq config from docker-compose files

Introduction Recently, I’ve introduced Pi-hole into my house, both for its ad-blocking capabilities, and to act as a slightly more powerful DNS server than my current home router, a FRITZ!Box 3490. Although that router looks jazzy as anything, there is no facility to add custom DNS records. I prefer to run my home docker containers on subdomains, rather than on a path, so having the ability to create internal DNS records is essential.
Read more →

Encrypted Automatic Off Site Backup Replication With Rclone

rclone is an rsync-like command line program to sync files and directories to and from various cloud storage providers. This post relates specifically to using Memset’s Cloud Storage product as a backend, however the methodology translates to the various other backends as well. This guide does not deal with the creation of the backups themselves, it assumes that backups are created and placed somewhere on the local machine (or no backups are taken, and this method is used to provide simple directory replication).
Read more →

Ansible Automation on Memset Servers

What is Ansible? Ansible is an open source automation tool, which facilitates configuration management, application deployment and task automation. A complex multi-step process can be automated and run with a simple command from your workstation: ansible-playbook task.yml. A key word for Ansible is ‘ensure’. Ansible will work to ensure that configuration / tasks are run. If a task completes without changing any settings, it is ‘ok’. Otherwise, it was ‘changed’ or sometimes ‘failed’ (which is not always a Bad Thing™)
Read more →

Blocking Wordpress xmlrpc Attacks on Cpanel

Finally, a way to block those pesky WordPress DoS attacks on cPanel A very common DOS attack on a cPanel server is against the WordPress API scripts, chiefly xmlrpc.php and wp-login.php. If you have been subjected to this kind of attack in the past, and have attempted to prevent reoccurrence, you will likely know that the oft-quoted .htaccess solutions, such as: <Files xmlrpc.php> order deny,allow deny from all </Files> Have limited success in mitigating this kind of attack.
Read more →