1 Weird Trick to Stop Random Bots from Britain From Hosing Your Ruby on Rails site

Add this to your apache configuration (assuming you have mod_rewrite enabled, and assuming you are not using nginx)

    RewriteEngine On
    RewriteCond %{HTTP_USER_AGENT} MJ12bot
    RewriteRule .* - [F]

Story: This stupid Majestic 12 bot from Britain with a User Agent string of “MJ12” that is totally not a spambot was hammering a Ruby on Rails site on this VPS, causing the system load to shoot up as high as 15.

I have used robots.txt for this kind of thing in the past, but I wanted to make sure. The request is told to go away before it even hits the Rails server. Now, the load is under 1, and the VPS is not using 95% of its swap space.

Much better.

I am also using the WP fail2ban plugin along with a bit of server configuration to stop the constant stream of bots trying to hack into this WordPress site.

Final Fantasy XV Random Note

In the boss battle against Leviathan, the part in which you are warping around from one platform to the next, I had a long period in which I was not able to hit the boss. I believe that I had to use the targeting function (R1 on the default setup for PS4) and then hit Triangle for the warp attack. So after 10 minutes of wasting potions and the like, I went out to the next stage, which was a lot more fun.

Book Review: Last Song Before Night

Last Song Before NightThis review contains MASSIVE SPOILERS.  So skip if that bothers you.

Last Song Before Night by Ilana C. Myer has ruined me for other books.  I’m reading another book and it’s OK I guess, but the writing just doesn’t sing like it does here. The writing flows lyrically in a clean, smooth way.  I’m not much of a re-reader, but I have the sneaking suspicion this book will make that short list.

Continue reading “Book Review: Last Song Before Night”

Letsencrypt Part Deux: Failed to connect to host for DVSNI challenge.

SSL Certficate Nerdery
All that work just to get a green lock!

I once worked at a job whose firewall was so idiotic, it did not allow access to blogs. Since 40% of blog entries are technical, I had to use my phone to do an end run around said idiotic firewall to do my job. I used that one blog post to make jQuery work with XUL (I know right!?) So it’s time to pay it forward.

I managed to get my secure certs from Let’s Encrypt renewed.  I ran:

letsencrypt-auto -renew

and got this error message (excerpted for brevity):

 Failed to connect to host for DVSNI challenge.

It turned out that an earlier futzing with the SSL stuff in ports.conf, I had changed away from the default entry, which is:

Listen 443

Putting that back to “Listen 443” worked. Apparently DVSNI (Domain Validation with Server Name Indication) is a way to prove you own the server.

I found a lot of solutions for folks on AWS and Cloudflare involving jiggering IP addresses and renewing the Google DNS cache, but I have a VPS from Rackspace so that wasn’t it for me.

I thought that having Apache 2.4.7 (because I’m on Ubuntu 14.04 LTS) would causes issues, but that turned out to not be the case, even though the dry-run only mentioned fullchain.pem, which will requires Apache 2.4.8 to work. The renew option also generates chain.pem and cert.pem as separate files. fullchain.pem is just those two files tacked together.

Of course the dry run did NOT show the DVSNI issue. I’m going to check back in a while and see if my automated cron job actually works now that I’ve done it manually.