Search Results

Search found 1183 results on 48 pages for 'nick dong'.

Page 1/48 | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Congratulations Nick Colebourn - Microsoft Certified Master

    - by Christian
    Congratulations to Nick Colebourn who was brave enough to take his MCM lab exam in Seattle during PASS last month (at very short notice!) and is now a Microsoft Certified Master in SQL Server! Nick’s momentous achievement is especially exciting for us as he’s now the 5th member of our team to achieve Microsoft’s highest technical qualification for SQL Server – Coeo now has more SQL Server MCM’s than any other Microsoft customer or partner in the WORLD! Thank you Nick, and congratulations; it’s well deserved and we’re all very proud of you!   Christian Bolton - MCA, MCM, MVP Technical Director http://coeo.com - SQL Server Consulting & Managed Services You can read more about the Certified Master program on Microsoft’s website here: http://bit.ly/aOFLxm

    Read the article

  • Is Nick Clegg a man or a mouse?

    - by BizTalk Visionary
    Well we got the hung election so many of us wanted! I believe it really is time for electoral change. Why? Consider: the ConMen under Cameroon have polled 36% of the great British voting public – well those that got to vote!! That means 64% of us don’t want him as PM. So what gives him the right to govern? Well an ancient voting system ideal for two party politics. But for the last 30 years we’ve had multi-party politics and going forward we may see 4 or 5 parties stepping up. We have to set in place a system that makes this work! So what does that mean today: Nick has a golden chance to push forward the case and in fact the absolute right for the change. He needs to keep this in mind when he discusses coalition with both Labour and the ConMen. So the mouse approach: Decides it is only fair to side with the ‘biggest’ vote and team up with the ConMen. Chances of electoral change? Big fat zero. Chance of achieving any of his other targets. Big fat zero. Why? Simple (as the Meer Kat would say). Cameroon needs to become PM by hook or crook. Once PM he holds the whip hand. Labour will dump Brown and head off into Leadership race land, Clegg will be knocking on number 10, having meaningless meetings and seeing no reward. Finally while Labour is at 6‘s and 7’s  the ‘new’ PM will call a new election, gain the majority they need and dump luckless Nick!! So the man approach: Team up with Labour. As one of the conditions – Brown to go. Run referendum for PR. Get PR through then force Labour to have new election under PR. Nick now hero and should be in a much better place following a PR election!! The man bit is standing up to the media attack for supporting Labour. Come Nick – be a man for a better Britain!!

    Read the article

  • Is Nick Clegg a man or a mouse?

    - by BizTalk Visionary
    Well we got the hung election so many of us wanted! I believe it really is time for electoral change. Why? Consider: the ConMen under Cameroon have polled 36% of the great British voting public – well those that got to vote!! That means 64% of us don’t want him as PM. So what gives him the right to govern? Well an ancient voting system ideal for two party politics. But for the last 30 years we’ve had multi-party politics and going forward we may see 4 or 5 parties stepping up. We have to set in place a system that makes this work! So what does that mean today: Nick has a golden chance to push forward the case and in fact the absolute right for the change. He needs to keep this in mind when he discusses coalition with both Labour and the ConMen. So the mouse approach: Decides it is only fair to side with the ‘biggest’ vote and team up with the ConMen. Chances of electoral change? Big fat zero. Chance of achieving any of his other targets. Big fat zero. Why? Simple (as the Meer Kat would say). Cameroon needs to become PM by hook or crook. Once PM he holds the whip hand. Labour will dump Brown and head off into Leadership race land, Glegg will be knocking on number 10, having meaningless meetings and seeing no reward. Finally while Labour is at 6‘s and 7’s  the ‘new’ PM will call a new election, gain the majority they need and dump luckless Nick!! So the man approach: Team up with Labour. As one of the conditions – Brown to go. Run referendum for PR. Get PR through then force Labour to have new election under PR. Nick now hero and should be in a much better place following a PR election!! The man bit is standing up to the media attack for supporting Labour. Come Nick – be a man for a better Britain!!

    Read the article

  • 50 Years of LEDs: An Interview with Inventor Nick Holonyak [Video]

    - by Jason Fitzpatrick
    The man who powered on the first LED half a century ago is still around to talk about it; read on to watch an interview with LED inventor Nick Holonyak. The most fascinating thing about Holonyak’s journey to the invention of the LED was that he started off trying to build a laser and ended up inventing a super efficient light source: Holonyak got his PhD in 1954. In 1957, after a year at Bell Labs and a two year stint in the Army, he joined GE’s research lab in Syracuse, New York. GE was already exploring semiconductor applications and building the forerunners of modern diodes called thyristors and rectifiers. At a GE lab in Schenectady, the scientist Robert Hall was trying to build the first diode laser. Hall, Holonyak and others noticed that semiconductors emit radiation, including visible light, when electricity flows through them. Holonyak and Hall were trying to “turn them on,” and channel, focus and multiply the light. Hall was the first to succeed. He built the world’s first semiconductor laser. Without it, there would be no CD and DVD players today. “Nobody knew how to turn the semiconductor into the laser,” Holonyak says. “We arrived at the answer before anyone else.” But Hall’s laser emitted only invisible, infrared light. Holonyak spent more time in his lab, testing, cutting and polishing his hand-made semiconducting alloys. In the fall of 1962, he got first light. “People thought that alloys were rough and turgid and lumpy,” he says. “We knew damn well what happened and that we had a very powerful way of converting electrical current directly into light. We had the ultimate lamp.” How To Get a Better Wireless Signal and Reduce Wireless Network Interference How To Troubleshoot Internet Connection Problems 7 Ways To Free Up Hard Disk Space On Windows

    Read the article

  • Why isn't this driver install working (sudo code)?

    - by Nick
    I have a soundcard that I'd like to use and I've been trying to install it and being a new Ubuntu user, I get about half way through this in the Terminal and it stops cooperating with me... See the link (soundcard hyperlink) but basically what I have here: I do the following and it works: sudo apt-get install subversion svn co https://line6linux.svn.sourceforge.net/svnroot/line6linux Change to the directory cd line6linux/driver/trunk Time to build from the source but first make sure you have the latest build and headers sudo apt-get install build-essential sudo apt-get install linux-headers Then after this point it says must specify file to install. Not sure how to do this or what it means. Then, running make gives the following output: ./set_revision.sh ./set_revision.sh: 9: test: https://line6linux.svn.sourceforge.net/svnroot/line6linux/driver/trunk: unexpected operator make -C /lib/modules/3.2.0-29-generic-pae/build CONFIG_LINE6_USB=m SUBDIRS=/home/nick/line6linux/driver/trunk modules make[1]: Entering directory /usr/src/linux-headers-3.2.0-29-generic-pae' CC [M] /home/nick/line6linux/driver/trunk/audio.o /home/nick/line6linux/driver/trunk/audio.c: In function ‘line6_init_audio’: /home/nick/line6linux/driver/trunk/audio.c:30:57: error: ‘THIS_MODULE’ undeclared (first use in this function) /home/nick/line6linux/driver/trunk/audio.c:30:57: note: each undeclared identifier is reported only once for each function it appears in make[2]: * [/home/nick/line6linux/driver/trunk/audio.o] Error 1 make[1]: * [module/home/nick/line6linux/driver/trunk] Error 2 make[1]: Leaving directory/usr/src/linux-headers-3.2.0-29-generic-pae' make: * [default] Error 2 This is in Ubuntu 12.04.1 LTS Another thing, semi related. Cut, copy, paste? Seems like it's different from program to program. I was in the terminal and hit Ctrl-C and then Ctrl-Shift-V in Firefox and it won't paste. But in terminal it will paste. I'm confused. Here is what it's giving me after I hit "Make": nick@NickUbuntu:~/line6linux/driver/trunk$ make ./set_revision.sh ./set_revision.sh: 9: test: https://line6linux.svn.sourceforge.net/svnroot/line6linux/driver/trunk: unexpected operator make -C /lib/modules/3.2.0-29-generic-pae/build CONFIG_LINE6_USB=m SUBDIRS=/home/nick/line6linux/driver/trunk modules make[1]: Entering directory /usr/src/linux-headers-3.2.0-29-generic-pae' CC [M] /home/nick/line6linux/driver/trunk/audio.o /home/nick/line6linux/driver/trunk/audio.c: In function ‘line6_init_audio’: /home/nick/line6linux/driver/trunk/audio.c:30:57: error: ‘THIS_MODULE’ undeclared (first use in this function) /home/nick/line6linux/driver/trunk/audio.c:30:57: note: each undeclared identifier is reported only once for each function it appears in make[2]: *** [/home/nick/line6linux/driver/trunk/audio.o] Error 1 make[1]: *** [_module_/home/nick/line6linux/driver/trunk] Error 2 make[1]: Leaving directory/usr/src/linux-headers-3.2.0-29-generic-pae' make: * [default] Error 2 Looks like these folks also had similar problems: http://ubuntuforums.org/showthread.php?t=1163608&page=3

    Read the article

  • Accessing the same service more than twice in the nick of time

    - by PointedC
    I have an application that will access interface service A which is to run from windows startup. This service is used by program B and my application functions on B's presence after getting a pointer to A. The scenario is translated as follows, public interface A{} ///my program public class MyProgram { public MyProgram() { ProgramB.DoA(); } public A GetA(){} } public class ProgramB { void DoA(){} } The translated source is not true, but that seems to be what I am looking for. In order to eliminate the overhead of allocating and realocating dynamic accesses to the same service used by other processes, would you please provide an actual solution to the problem ?(I am all out of any idea now)

    Read the article

  • How to get the Jabber ID for a Multi User Chat nick

    - by Kutzi
    I'm trying to get the Jabber ID for a nick in a multi user chat, but the following code returns only null: class JabberMUCMessageListenerAdapter implements PacketListener { private final MultiUserChat muc; public JabberMUCMessageListenerAdapter(MultiUserChat muc) { this.muc = muc; } @Override public void processPacket(Packet p) { if (p instanceof Message) { final Message msg = (Message) p; String jid = muc.getOccupant(msg.getFrom()).getJid(); // returns null ... } } } Does anyone know, what I'm doing wrong?

    Read the article

  • storing and retrieving socket

    - by Trevor Newhook
    From what I can understand, once I create a socket, I can then create an array to store it with userArray[socket.nickname]=socket; I can then send a message to it with: io.sockets.socket(userArray[data.to]).emit('private message', tstamp(), socket.nickname, message); The basic logic is to store a copy of each socket in an object, identified by nickname. When I want to send a message to that socket, I use the copy of the socket, and send the message via io.sockets.socket(id).emit(). The entire server code is below: io.sockets.on('connection', function (socket) { socket.on('user message', function (msg) { socket.broadcast.emit('user message', tstamp(), socket.nickname, msg); updateLog('user message', socket.nickname, msg); }); socket.on('private message', function(data) { socket.get(data.nickname, function (err, name) { console.log('Chat message by ', name); }); updateLog('private message', socket.nickname, data.message); message=data.message; io.sockets.socket(userArray[data.to]).emit('private message', tstamp(), socket.nickname, message); }); socket.on('get log', function () { updateLog(); // Ensure old entries are cleared out before sending it. io.sockets.emit('chat log', log); }); socket.on('nickname', function (nick, fn) { var i = 1; var orignick = nick; while (nicknames[nick]) { nick = orignick+i; i++; } fn(nick); nicknames[nick] = socket.nickname = nick; userArray[socket.nickname]=socket; socket.set('nickname', nick, function () { socket.emit('ready'); }); socket.broadcast.emit('announcement', nick + ' connected'); // io.sockets.socket(userArray[nick]).emit('newID', 'Your name is: ' + nick, '. Your ID is: '+ userArray[nick]); io.sockets.emit('nicknames', nicknames); });

    Read the article

  • with JQUERY, How to pass a dynamic series of data to the server

    - by nobosh
    What is the recommended way in JQUERY to send a dynamic set of data to the server, the set contains items like: ID: 13 Copy: hello world....hello world....hello world....hello world.... ID: 122 Copy: Ding dong ...Ding dong ...Ding dong ...Ding dong ...Ding dong ... ID: 11233 Copy: mre moremore ajkdkjdksjkjdskjdskjdskjds This could range from 1, to 10 items. What's the best way to structure that data to post to the server with JQUERY? Thanks

    Read the article

  • Linux Unable to Write to Directory Despite Permissions

    - by Nick Q.
    I'm trying to give myself permissions to /var/www/ however for some reason I am unable to do so. Currently what I'm facing is this: nick@server1:/var$ ls -l drwxrwxr-x 5 root wwwusers 232 Mar 15 19:31 www nick@server1:/var$ groups nick wwwusers nick@server1:/var$ mkdir www/trying mkdir: cannot create directory `www/trying': Permission denied I am running Ubuntu 10.04 LTS on a VPS and am used to running unix on my own machine so I may be doing something absolutely stupid, but I would like to be able to have the group wwwusers be able to write to www.

    Read the article

  • Linux Unable to Write to Directory Despite Permissions

    - by Nick Q.
    I'm trying to give myself permissions to /var/www/ however for some reason I am unable to do so. Currently what I'm facing is this: nick@server1:/var$ ls -l drwxrwxr-x 5 root wwwusers 232 Mar 15 19:31 www nick@server1:/var$ groups nick wwwusers nick@server1:/var$ mkdir www/trying mkdir: cannot create directory `www/trying': Permission denied I am running Ubuntu 10.04 LTS on a VPS and am used to running unix on my own machine so I may be doing something absolutely stupid, but I would like to be able to have the group wwwusers be able to write to www.

    Read the article

  • Still confused about JavaScript's 'this'.

    - by Nick Lowman
    I've been reading through quite a few articles on the 'this' keyword when using JavaScript objects and I'm still somewhat confused. I'm quite happy writing object orientated Javascript and I get around the 'this' issue by referring the full object path but I don't like the fact I still find 'this' confusing. I found a good answer here which helped me but I'm still not 100% sure. So, onto the example. The following script is linked from test.html with <script src="js/test.js"></script> if (!nick) { var nick = {}; } nick.lowman = function(){ var helloA = 'Hello A'; console.log('1.',this, this.helloA); var init = function(){ var helloB = 'Hello B'; console.log('2.',this, this.helloB); } return { init: init } }(); nick.lowman.init(); What kind of expected to see was 1. Object {} nick.lowman, 'Hello A' 2. Object {} init, 'Hello B' But what I get is this? 1. Window test.html, undefined 2. Object {} init, undefined I think I understand some of what's happening there but I would mind if someone out there explains it to me. Also, I'm not entirely sure why the first 'console.log' is being called at all? If I remove the call to the init function //nick.lowman.init() firebug still outputs 1. Window test.html, undefined. Why is that? Why does nick.lowman() get called by the window object when the html page loads? Many thanks

    Read the article

  • Can the public ssh key from my local machine be used to access two different users on a remote serve

    - by Nick
    I have an new ubuntu (hardy 8.04) server, it has two users, User1 and User2. User1 is listed in sudoers. I appended my public ssh key (my local machine's public key local/Users/nick/.ssh/id_rsa.pub) to authorized_keys in remote_server/home/user1/.ssh/authorized_keys, changed the permissions on user1/.ssh/ to 700 and user1/.ssh/authorized_keys to 600 and both file and folder are owned my User1. Then added I User1 to sshd_config (AllowUsers User1). This works and I can login into User1 debug1: Offering public key: /Users/nick/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 277 debug1: Authentication succeeded (publickey). debug1: channel 0: new [client-session] debug1: Entering interactive session. Last login: Mon Mar 15 09:51:01 2010 from ..*.* I then copied the authorized_keys file remote_server/home/user1/.ssh/authorized_keys to remote_server/home/user2/.shh/authorized_keys and changed the permissions and ownership and added User2 to AllowUsers in sshd_config (AllowUsers User1 User2). Now when I try to login to User2 it will not authenticate the same public key. debug1: Offering public key: /Users/nick/.ssh/id_rsa debug1: Authentications that can continue: publickey debug1: Trying private key: /Users/nick/.ssh/identity debug1: Trying private key: /Users/nick/.ssh/id_dsa debug1: No more authentication methods to try. Permission denied (publickey). Am I missing something fundamental about the way ssh works? Thanks in advance, Nick

    Read the article

  • Active directory integration not working properly with winbind and samba

    - by tubaguy50035
    I'm trying to get my linux box to use active directory authentication. I believe I have almost everything setup correctly. I'm able to issue wbinfo -g and wbinfo -u and see all the groups and users respectively. Brief intro to my setup: The username I use on my linux box to do admin things is nick. My active directory username is nwalke. They have two different passwords. I am able to log in to the box with nick and that user's password and I'm also able to login as nwalke with nwalke's password. The curious bit: Upon creating the active directory user's home directory, I run a script that requires root access. This is to setup some system wide things like a samba share for them. When I log in as nwalke, I enter my nwalke password and it succeeds. I'm then greeted with [sudo] password for nick:. If I enter my nwalke password here, it says Sorry, try again.. If I enter nick's password, it says Sorry, user nick is not allowed to execute scriptname as root. If I do groups as nwalke, I see that magically my user has been given the group nick. Now, I accidentally thought that nick had a UID of 100, not 1000. So originally in my smb.conf I had idmap uid 1000-10000. The only thing I can think of, is that I logged in with nwalke while that was still set and now I'm just being presented with a UID of 1000 forcing linux to think I'm nick. I'm not really sure where to go from here. Like I said, I'm fairly certain active directory is communicating with my server properly, but something must not be mapped right on the linux side. Any thoughts? Here is my smb.conf: [global] security = ads netbios name = hostname realm = COMPANY.COM password server = adshost.company.com workgroup = COMPANY idmap uid = 10000-90000 idmap gid = 10000-90000 winbind separator = + winbind enum users = no winbind enum groups = no winbind use default domain = yes template homedir = /home/%D/%U template shell = /bin/bash client use spnego = yes domain master = no load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes Let me know if more information about something is required.

    Read the article

  • It is possible to record a data that have a straight row in mysql based on date or sequence?

    - by user1987816
    I want to get the data that have a straight Sell more than 3 times, it is possible in mysql? If not, how to get it right? I'm need it on mysql or php. my database:- +----------+---------------------+--------+ | Username | Date | Action | +----------+---------------------+--------+ | Adam | 2014-08-20 22:30:20 | Sell | | Adam | 2014-08-20 22:30:20 | Sell | | Adam | 2014-08-20 22:30:20 | Sell | | Adam | 2014-08-20 22:30:20 | Buy | | Adam | 2014-08-20 22:30:20 | Buy | | Adam | 2014-08-20 22:30:20 | Sell | | Adam | 2014-08-20 22:30:20 | Sell | | Adam | 2014-08-20 22:30:20 | Sell | | Adam | 2014-08-20 22:30:20 | Sell | | Nick | 2014-08-20 22:30:20 | Sell | | Nick | 2014-08-20 22:30:20 | Sell | | Nick | 2014-08-20 22:30:20 | Sell | | Nick | 2014-08-20 22:30:20 | Sell | | Nick | 2014-08-20 22:30:20 | Buy | +----------+---------------------+--------+ From the table above, I need to list out all data that have a straight sell more then 3 times. RESULT +----------+---------------------+--------+-------------+ | Username | Date | Action | Straight 3+ | +----------+---------------------+--------+-------------+ | Adam | 2014-08-20 22:30:20 | Sell | 3 | | Adam | 2014-08-20 22:30:20 | Sell | 4 | | Nick | 2014-08-20 22:30:20 | Sell | 4 | +----------+---------------------+--------+-------------+

    Read the article

  • How properly perform passing operation result to View

    - by atomAltera
    I'm developing web site on self made MVC engine. I have actionController that handles operations like register, login, post submit and etc. actionController receives operation name and parameters. Of course it mast handle errors such user with same nick already exists or password is to short about which action handler have to notify user. The question is which is the best way to organize errors, such that View could easily get localized user notification message. I see two ways First one: define error constants like ERR_NICK_BUSY = '1' ERR_NICK_INVALID = '2' ... and localization map local[ERR_NICK_BUSY] = 'User with the same nick already registered' local[ERR_NICK_INVALID ] = 'Nick, you entered is invalid' ... And second one: define abstract constants like ERR_FIELD_BUSY = '1' ERR_FIELD_INVALID = '2' ... and pass them with field name. In this case localization looks like local['nick_'+ERR_FIELD_BUSY] = 'User with the same nick already registered' ... I don't like both this methods. Can you advise something else?

    Read the article

  • Using the public ssh key from local machine to access two remote users [closed]

    - by Nick
    I have an new Ubuntu (Hardy 8.04) server; it has two users, Alice and Bob. Alice is listed in sudoers. I appended my public ssh key (my local machine's public key local/Users/nick/.ssh/id_rsa.pub) to authorized_keys in remote_server/home/Alice/.ssh/authorized_keys, changed the permissions on Alice/.ssh/ to 700 and Alice/.ssh/authorized_keys to 600, and both the file and folder are owned my Alice. Then added I Alice to sshd_config (AllowUsers Alice). This works and I can login into Alice: ssh -v [email protected] ... debug1: Offering public key: /Users/nick/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 277 debug1: Authentication succeeded (publickey). debug1: channel 0: new [client-session] debug1: Entering interactive session. Last login: Mon Mar 15 09:51:01 2010 from 123.456.789.00 I then copied the authorized_keys file remote_server/home/Alice/.ssh/authorized_keys to remote_server/home/Bob/.shh/authorized_keys and changed the permissions and ownership and added Bob to AllowUsers in sshd_config (AllowUsers Alice Bob). Now when I try to login to Bob it will not authenticate the same public key. ssh -v [email protected] ... debug1: Offering public key: /Users/nick/.ssh/id_rsa debug1: Authentications that can continue: publickey debug1: Trying private key: /Users/nick/.ssh/identity debug1: Trying private key: /Users/nick/.ssh/id_dsa debug1: No more authentication methods to try. Permission denied (publickey). Am I missing something fundamental about the way ssh works?

    Read the article

  • Can the same ssh key be used to access two different users on the same server?

    - by Nick
    I have an new ubuntu (hardy 8.04) server, it has two users, User1 and User2. User1 is listed in sudoers. I appended my public ssh key to authorized_keys in /home/user1/.ssh/authorized_keys, changed the permissions on user1/.ssh/ to 700 and user1/.ssh/authorized_keys to 600 and both file and folder are owned my User1. Then added I User1 to sshd_config (AllowUsers User1). This works and I can login into User1 debug1: Offering public key: /Users/nick/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 277 debug1: Authentication succeeded (publickey). debug1: channel 0: new [client-session] debug1: Entering interactive session. Last login: Mon Mar 15 09:51:01 2010 from 86.141.61.197 I then copied the authorized_keys file to /home/user2/.shh/ and changed the permissions and ownership and added User2 to AllowUsers in sshd_config (AllowUsers User1 User2). Now when I try to login to User2 it will not authenticate the same public key. debug1: Offering public key: /Users/nick/.ssh/id_rsa debug1: Authentications that can continue: publickey debug1: Trying private key: /Users/nick/.ssh/identity debug1: Trying private key: /Users/nick/.ssh/id_dsa debug1: No more authentication methods to try. Permission denied (publickey). Am I missing something fundamental about the way ssh works? Thanks in advance, Nick

    Read the article

  • Postfix rewrite sender: why doesn't this work

    - by Nick Coleman
    I have server A with an IP address only and a dummy FQDN (on the basis all machines should have a FQDN): pants.net.invalid. All mail is relayed through another server elsewhere, which works fine. On server A, Postfix rewrites the sender address with smtp_generic_maps = hash:/etc/postfix/generic. According to the Rewrite manual at http://www.postfix.org/ADDRESS_REWRITING_README.html#remote, this should rewrite all outgoing external mail's Sender address: $ cat /etc/postfix/generic @pants.net.invalid [email protected] but it does not. postmap -q [email protected] returns nothing. This works: [email protected] [email protected] It seems as though it is doing regex matching even though I specify type hash:. Clearly I am misunderstanding the manual. I don't want to use regex or pcre expressions because there are only a couple of users (root and two others) and I don't want the overhead. I can specify the users exactly and it works. But, I would like to know what I am misunderstanding for future reference. Thanks.

    Read the article

  • Auto blocking attacking IP address

    - by dong
    This is to share my PowerShell code online. I original asked this question on MSDN forum (or TechNet?) here: http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/f950686e-e3f8-4cf2-b8ec-2685c1ed7a77 In short, this is trying to find attacking IP address then add it into Firewall block rule. So I suppose: 1, You are running a Windows Server 2008 facing the Internet. 2, You need to have some port open for service, e.g. TCP 21 for FTP; TCP 3389 for Remote Desktop. You can see in my code I’m only dealing with these two since that’s what I opened. You can add further port number if you like, but the way to process might be different with these two. 3, I strongly suggest you use STRONG password and follow all security best practices, this ps1 code is NOT for adding security to your server, but reduce the nuisance from brute force attack, and make sys admin’s life easier: i.e. your FTP log won’t hold megabytes of nonsense, your Windows system log will not roll back and only can tell you what happened last month. 4, You are comfortable with setting up Windows Firewall rules, in my code, my rule has a name of “MY BLACKLIST”, you need to setup a similar one, and set it to BLOCK everything. 5, My rule is dangerous because it has the risk to block myself out as well. I do have a backup plan i.e. the DELL DRAC5 so that if that happens, I still can remote console to my server and reset the firewall. 6, By no means the code is perfect, the coding style, the use of PowerShell skills, the hard coded part, all can be improved, it’s just that it’s good enough for me already. It has been running on my server for more than 7 MONTHS. 7, Current code still has problem, I didn’t solve it yet, further on this point after the code. :)    #Dong Xie, March 2012  #my simple code to monitor attack and deal with it  #Windows Server 2008 Logon Type  #8: NetworkCleartext, i.e. FTP  #10: RemoteInteractive, i.e. RDP    $tick = 0;  "Start to run at: " + (get-date);    $regex1 = [regex] "192\.168\.100\.(?:101|102):3389\s+(\d+\.\d+\.\d+\.\d+)";  $regex2 = [regex] "Source Network Address:\t(\d+\.\d+\.\d+\.\d+)";    while($True) {   $blacklist = @();     "Running... (tick:" + $tick + ")"; $tick+=1;    #Port 3389  $a = @()  netstat -no | Select-String ":3389" | ? { $m = $regex1.Match($_); `    $ip = $m.Groups[1].Value; if ($m.Success -and $ip -ne "10.0.0.1") {$a = $a + $ip;} }  if ($a.count -gt 0) {    $ips = get-eventlog Security -Newest 1000 | Where-Object {$_.EventID -eq 4625 -and $_.Message -match "Logon Type:\s+10"} | foreach { `      $m = $regex2.Match($_.Message); $ip = $m.Groups[1].Value; $ip; } | Sort-Object | Tee-Object -Variable list | Get-Unique    foreach ($ip in $a) { if ($ips -contains $ip) {      if (-not ($blacklist -contains $ip)) {        $attack_count = ($list | Select-String $ip -SimpleMatch | Measure-Object).count;        "Found attacking IP on 3389: " + $ip + ", with count: " + $attack_count;        if ($attack_count -ge 20) {$blacklist = $blacklist + $ip;}      }      }    }  }      #FTP  $now = (Get-Date).AddMinutes(-5); #check only last 5 mins.     #Get-EventLog has built-in switch for EventID, Message, Time, etc. but using any of these it will be VERY slow.  $count = (Get-EventLog Security -Newest 1000 | Where-Object {$_.EventID -eq 4625 -and $_.Message -match "Logon Type:\s+8" -and `              $_.TimeGenerated.CompareTo($now) -gt 0} | Measure-Object).count;  if ($count -gt 50) #threshold  {     $ips = @();     $ips1 = dir "C:\inetpub\logs\LogFiles\FPTSVC2" | Sort-Object -Property LastWriteTime -Descending `       | select -First 1 | gc | select -Last 200 | where {$_ -match "An\+error\+occured\+during\+the\+authentication\+process."} `        | Select-String -Pattern "(\d+\.\d+\.\d+\.\d+)" | select -ExpandProperty Matches | select -ExpandProperty value | Group-Object `        | where {$_.Count -ge 10} | select -ExpandProperty Name;       $ips2 = dir "C:\inetpub\logs\LogFiles\FTPSVC3" | Sort-Object -Property LastWriteTime -Descending `       | select -First 1 | gc | select -Last 200 | where {$_ -match "An\+error\+occured\+during\+the\+authentication\+process."} `        | Select-String -Pattern "(\d+\.\d+\.\d+\.\d+)" | select -ExpandProperty Matches | select -ExpandProperty value | Group-Object `        | where {$_.Count -ge 10} | select -ExpandProperty Name;     $ips += $ips1; $ips += $ips2; $ips = $ips | where {$_ -ne "10.0.0.1"} | Sort-Object | Get-Unique;         foreach ($ip in $ips) {       if (-not ($blacklist -contains $ip)) {        "Found attacking IP on FTP: " + $ip;        $blacklist = $blacklist + $ip;       }     }  }        #Firewall change <# $current = (netsh advfirewall firewall show rule name="MY BLACKLIST" | where {$_ -match "RemoteIP"}).replace("RemoteIP:", "").replace(" ","").replace("/255.255.255.255",""); #inside $current there is no \r or \n need remove. foreach ($ip in $blacklist) { if (-not ($current -match $ip) -and -not ($ip -like "10.0.0.*")) {"Adding this IP into firewall blocklist: " + $ip; $c= 'netsh advfirewall firewall set rule name="MY BLACKLIST" new RemoteIP="{0},{1}"' -f $ip, $current; Invoke-Expression $c; } } #>    foreach ($ip in $blacklist) {    $fw=New-object –comObject HNetCfg.FwPolicy2; # http://blogs.technet.com/b/jamesone/archive/2009/02/18/how-to-manage-the-windows-firewall-settings-with-powershell.aspx    $myrule = $fw.Rules | where {$_.Name -eq "MY BLACKLIST"} | select -First 1; # Potential bug here?    if (-not ($myrule.RemoteAddresses -match $ip) -and -not ($ip -like "10.0.0.*"))      {"Adding this IP into firewall blocklist: " + $ip;         $myrule.RemoteAddresses+=(","+$ip);      }  }    Wait-Event -Timeout 30 #pause 30 secs    } # end of top while loop.   Further points: 1, I suppose the server is listening on port 3389 on server IP: 192.168.100.101 and 192.168.100.102, you need to replace that with your real IP. 2, I suppose you are Remote Desktop to this server from a workstation with IP: 10.0.0.1. Please replace as well. 3, The threshold for 3389 attack is 20, you don’t want to block yourself just because you typed your password wrong 3 times, you can change this threshold by your own reasoning. 4, FTP is checking the log for attack only to the last 5 mins, you can change that as well. 5, I suppose the server is serving FTP on both IP address and their LOG path are C:\inetpub\logs\LogFiles\FPTSVC2 and C:\inetpub\logs\LogFiles\FPTSVC3. Change accordingly. 6, FTP checking code is only asking for the last 200 lines of log, and the threshold is 10, change as you wish. 7, the code runs in a loop, you can set the loop time at the last line. To run this code, copy and paste to your editor, finish all the editing, get it to your server, and open an CMD window, then type powershell.exe –file your_powershell_file_name.ps1, it will start running, you can Ctrl-C to break it. This is what you see when it’s running: This is when it detected attack and adding the firewall rule: Regarding the design of the code: 1, There are many ways you can detect the attack, but to add an IP into a block rule is no small thing, you need to think hard before doing it, reason for that may include: You don’t want block yourself; and not blocking your customer/user, i.e. the good guy. 2, Thus for each service/port, I double check. For 3389, first it needs to show in netstat.exe, then the Event log; for FTP, first check the Event log, then the FTP log files. 3, At three places I need to make sure I’m not adding myself into the block rule. –ne with single IP, –like with subnet.   Now the final bit: 1, The code will stop working after a while (depends on how busy you are attacked, could be weeks, months, or days?!) It will throw Red error message in CMD, don’t Panic, it does no harm, but it also no longer blocking new attack. THE REASON is not confirmed with MS people: the COM object to manage firewall, you can only give it a list of IP addresses to the length of around 32KB I think, once it reaches the limit, you get the error message. 2, This is in fact my second solution to use the COM object, the first solution is still in the comment block for your reference, which is using netsh, that fails because being run from CMD, you can only throw it a list of IP to 8KB. 3, I haven’t worked the workaround yet, some ideas include: wrap that RemoteAddresses setting line with error checking and once it reaches the limit, use the newly detected IP to be the list, not appending to it. This basically reset your block rule to ground zero and lose the previous bad IPs. This does no harm as it sounds, because given a certain period has passed, any these bad IPs still not repent and continue the attack to you, it only got 30 seconds or 20 guesses of your password before you block it again. And there is the benefit that the bad IP may turn back to the good hands again, and you are not blocking a potential customer or your CEO’s home pc because once upon a time, it’s a zombie. Thus the ZEN of blocking: never block any IP for too long. 4, But if you insist to block the ugly forever, my other ideas include: You call MS support, ask them how can we set an arbitrary length of IP addresses in a rule; at least from my experiences at the Forum, they don’t know and they don’t care, because they think the dynamic blocking should be done by some expensive hardware. Or, from programming perspective, you can create a new rule once the old is full, then you’ll have MY BLACKLIST1, MY  BLACKLIST2, MY BLACKLIST3, … etc. Once in a while you can compile them together and start a business to sell your blacklist on the market! Enjoy the code! p.s. (PowerShell is REALLY REALLY GREAT!)

    Read the article

1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >