Bembel-B Blog

2007/04/29

Blocking IP Addresses with Drupal Troll Module on Byethost’s Free Webspace

I’m running some Drupal site hosted by byethost.com which is more and more being overrun by spammers and harvesters. Sadly it’s not possible to block IPs with .htaccess with these free hosting plans, so I installed the Troll Module to provide IP blocking. But it was only possible to block single IPs and not whole networks. I’ve modified the Module to allow blocking whole networks, but without support for “odd” subnets.

Drupal Logo

Here’s my patch for the Drupal 4.6.x Troll Module, which might work for other versions too. I’ve submitted it on the Drupal site, so maybe it’ll be included in the official release someday.

To block all IPs 1.2.3.x for example, you’ll have to add 1.2.3 (without trailing dot!) to the IP blocking table using the Troll Module web administration pages.

Other ways I’ve tried to block spammers are not working. The great Bad Behaviour sadly isn’t working anymore since Byethost installed some transparent proxy for load balancing and caching. The Spam Module bayes filter isn’t trained enough yet. And the Spam SURBL doesn’t seem to work.
I signed in at Project Honey Pot, but I am only able to use their QuickLinks, which I’m also using on this blog. Hosting their Spam Trap scripts won’t work because of disabled PHP functions.

But for now I’m spared from those stupid spammers! :D

Advertisements

Preparing MP3s and Cover Art for SanDisk Sansa e200 Portable Audio Player

Last year I purchased a flash based 2 GB DAP SanDisk Sansa e250 to join my good ole 20 GB HDD player Creative Nomad Jukebox Zen Firewire. Sadly the Sansa is quite picky when it comes to ID3 tags.

SanDisk Sansa e200

By experimenting and reading up I found out how to retag my MP3s using Linux (and probably also Windows using Cygwin) so that they all will be fully recognized. I also found a procedure to nicely resize cover scans which can be displayed when playing a corresponding track.

Prerequisites

For ID3 tagging I’m using the command line application eyeD3, as it handles ID3v2.4 and – yes – it’s commandline driven. I made an RPM for Fedora Core 5. The original spec file didn’t work because of using the wrong python version. I’ve put my edited spec file and the RPM into my box.net share.

To handle the cover scans I use ImageMagick.

Preparation

For better performance one should copy the files to be uploaded to your player somewhere on your harddrive.

Copy your MP3s to some working directory and finally cd into it

mkdir -p ~/wrk/mp3new
cd /windows/g/mp3
cp -r _electronic/Aphex\ Twin/Aphex_Twin-...I_Care_Because_You_Do-1995/ /windows/g/mp3
cp -r _metal/Colonel\ Claypool\'s\ Bucket\ of\ Bernie\ Brains\ -\ Big\ Eyeball\ in\ the\ Sky/ /windows/g/mp3
cp -r _metal/Primus/primus-pork_soda-1993/ /windows/g/mp3
cd ~/wrk/mp3new

Retagging

The Sansa preferres ID3v2 tags over ID3v1 and can read up to ID3v2.3 tags. But it doesn’t seem to like some of the special fields possible with ID3v2.3 and therefore these will have to be removed. The following steps may seem a bit complicated, but it’s the only way to do the cleanup with eyeD3 currently.

1.) Convert to v1.x

find -type f -and  \( -name "*.mp3" -or -name "*.MP3" \) -print0 | xargs -0 eyeD3 --to-v1

2.) Remove v2

find -type f -and  \( -name "*.mp3" -or -name "*.MP3" \) -print0 | xargs -0 eyeD3 --remove-v2

3.) Convert to v2.3

find -type f -and  \( -name "*.mp3" -or -name "*.MP3" \) -print0 | xargs -0 eyeD3 --to-v2.3

4.) Remove v1

find -type f -and  \( -name "*.mp3" -or -name "*.MP3" \) -print0 | xargs -0 eyeD3 --remove-v1

To make things easier, I’ll try to condense all this to one single command next time. So stay tuned..

Cover Art

My procedure will only keep the front cover scans, where available. If you’d like to keep other images too, you’d have to follow the alternative procedure 1b/2b instead of 1a/2a.
Please note: even png images will be renamed to folder.jpg ImageMagick will correctly recognize them as pngs when converting.

If you’d prefer not to use folder.jpg for the resized cover images you may instead use Album Art.jpg as filename.

1a.) List all jpegs and png files. Then manually delete all unneeded files!

find -type f -and \( -name "*.jpg" -or -name "*.JPG" -or -name "*.png" \)

2a.) Rename cover images to folder.jpg

OLDIFS=$IFS ; IFS=$'\n' ; \
for fn in `find -type f -and \( -name "*.jpg" -or -name "*.JPG" -or -name "*.png" \) -not -name "folder.jpg"` ; \
do mv -v "$fn" "${fn/`basename "$fn"`/folder.jpg}" ; \
done ; IFS=$OLDIFS

1b/2b.) Alternative: To keep other images as well, you’d have to manually rename (or copy to keep the original) the front cover images to folder.jpg

3.) Proportionally resize cover images to max 200 x 200 px

OLDIFS=$IFS ; IFS=$'\n' ; \
for fn in `find -type f -name folder.jpg` ; \
do mogrify -verbose -resize '200x200>' "$fn" ; \
done ; IFS=$OLDIFS

I must admit this isn’t the most elegant way. Maybe I’ll manage to make some little GUI and trying to automatically chose the front cover image files. We’ll see..

Uploading to the Player

Nothing special here. Just plug in your Sansa in MSC mode. Then move the files to the player.

mv -v * /media/Sansa\ e250/MUSIC

If you’re replacing files on your player, you’ll have to purge the tag database in order to let the player recognize the changes.

rm /media/Sansa\ e250/SYSTEM/DATA/PP5000.DAT

ChangeLog

[070923 Fix backslashes (“\\” markup was meanwhile rendered as “\\” and not “\” as before.]
[080120 Add “Sansa e200” category and link to it.]

2007/04/18

Freenet.de FreeMail IMAP Access with SSL/TLS Encryption on Sony Ericsson K750i Mobile

The CA certificate of freenet.de‘s certificate used for encrypted mailbox access was missing on my K750i. Trying to access my IMAP mailbox with SSL/TLS activated, it aborted with an error about untrusted certificate or something like that.

Sony Ericsson K750i

I found out by sniffing my PC mail client Evolution with tcpdump/Wireshark that the needed CA certificate is “TC TrustCenter Class 2 CA” by http://trustcenter.de/.
The K750i expects uploaded certificate files to be in DER format with the file extension cer. Download the DER file http://trustcenter.de/certservices/cacerts/tcclass2-2011.der as found at http://trustcenter.de/root_certificates.htm and rename it to tcclass2-2011.cer. Then upload the file to your mobile for example via Bluetooth and enjoy secure E-Mail access!

If you want to check the certificate being correctly installed, go to Settings > Connectivity: Internet settings > Security > Trusted cert. and you should find it at the bottom of the list.

This solution should most likely also cover POP3/SMTP access as well as paid freenet mail accounts and should be working on similar Sony Ericsson mobile phones.

I tried to do the same for the GMX.net‘s CA “Thawte Premium Server CA” found in the Zip file available here: http://www.thawte.com/roots/index.html. But sadly the included ThawtePremiumServerCA.cer (resp. identical ThawtePremiumServerCA.509) were not installable. After accepting the file transfer the phone kept flashing between white and black screen with backlights on and off and finally returned to the contacts menu after some message like “loading contacts…”.
I had the same effect when I first uploaded the PEM file from TrustCenter to the phone. But PEM files are base64 encoded and DER files are “binary”. Probably the certificate has to be converted with something like OpenSSL. Eventually I’ll try to get this working, but it isn’t that important for me now.

UPDATE

I finally got this Thawte certificate installed. But I haven’t tested yet, if it’s working.

My first attempt was to convert the base64 certificate to DER format with the command below, which resulted in an identical file as already provided.

openssl x509 -in ThawtePremiumServerCA_b64.txt -inform PEM -out ThawtePremiumServerCA_conv.cer -outform DER

Looking at the plain text certificate, I only found the X509v3 extensions to be different from the TrustCenter certificate. To see the plan text cert I did this:

[scheff@p512o downloads]$ openssl x509 -in ThawtePremiumServerCA_b64.txt -inform PEM -text
Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 1 (0x1)
         Signature Algorithm: md5WithRSAEncryption
         Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com
         Validity
             Not Before: Aug  1 00:00:00 1996 GMT
             Not After : Dec 31 23:59:59 2020 GMT
         Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com
         Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:d2:36:36:6a:8b:d7:c2:5b:9e:da:81:41:62:8f:
                    38:ee:49:04:55:d6:d0:ef:1c:1b:95:16:47:ef:18:
                    48:35:3a:52:f4:2b:6a:06:8f:3b:2f:ea:56:e3:af:
                    86:8d:9e:17:f7:9e:b4:65:75:02:4d:ef:cb:09:a2:
                    21:51:d8:9b:d0:67:d0:ba:0d:92:06:14:73:d4:93:
                    cb:97:2a:00:9c:5c:4e:0c:bc:fa:15:52:fc:f2:44:
                    6e:da:11:4a:6e:08:9f:2f:2d:e3:f9:aa:3a:86:73:
                    b6:46:53:58:c8:89:05:bd:83:11:b8:73:3f:aa:07:
                    8d:f4:42:4d:e7:40:9d:1c:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
    Signature Algorithm: md5WithRSAEncryption
        26:48:2c:16:c2:58:fa:e8:16:74:0c:aa:aa:5f:54:3f:f2:d7:
        c9:78:60:5e:5e:6e:37:63:22:77:36:7e:b2:17:c4:34:b9:f5:
        08:85:fc:c9:01:38:ff:4d:be:f2:16:42:43:e7:bb:5a:46:fb:
        c1:c6:11:1f:f1:4a:b0:28:46:c9:c3:c4:42:7d:bc:fa:ab:59:
        6e:d5:b7:51:88:11:e3:a4:85:19:6b:82:4c:a4:0c:12:ad:e9:
        a4:ae:3f:f1:c3:49:65:9a:8c:c5:c8:3e:25:b7:94:99:bb:92:
        32:71:07:f0:86:5e:ed:50:27:a6:0d:a6:23:f9:bb:cb:a6:07:
        14:42
-----BEGIN CERTIFICATE-----
MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkEx
FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
biBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2Vy
dmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29t
MB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYTAlpB
MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsG
A1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRp
b24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNl
cnZlciBDQTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNv
bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkE
VdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQ
ug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMR
uHM/qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
9w0BAQQFAAOBgQAmSCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUI
hfzJATj/Tb7yFkJD57taRvvBxhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JM
pAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcUQg==
-----END CERTIFICATE-----
[scheff@p512o downloads]$ openssl x509 -in tcclass2-2011.pem -inform PEM -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1002 (0x3ea)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 2 CA/emailAddress=certificate@trustcenter.de
        Validity
            Not Before: Mar  9 11:59:59 1998 GMT
            Not After : Jan  1 11:59:59 2011 GMT
        Subject: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 2 CA/emailAddress=certificate@trustcenter.de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:da:38:e8:ed:32:00:29:71:83:01:0d:bf:8c:01:
                    dc:da:c6:ad:39:a4:a9:8a:2f:d5:8b:5c:68:5f:50:
                    c6:62:f5:66:bd:ca:91:22:ec:aa:1d:51:d7:3d:b3:
                    51:b2:83:4e:5d:cb:49:b0:f0:4c:55:e5:6b:2d:c7:
                    85:0b:30:1c:92:4e:82:d4:ca:02:ed:f7:6f:be:dc:
                    e0:e3:14:b8:05:53:f2:9a:f4:56:8b:5a:9e:85:93:
                    d1:b4:82:56:ae:4d:bb:a8:4b:57:16:bc:fe:f8:58:
                    9e:f8:29:8d:b0:7b:cd:78:c9:4f:ac:8b:67:0c:f1:
                    9c:fb:fc:57:9b:57:5c:4f:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Digital Signature, Certificate Sign, CRL Sign
            Netscape CA Policy Url:
                http://www.trustcenter.de/guidelines
            Netscape Cert Type:
                SSL CA, S/MIME CA, Object Signing CA
    Signature Algorithm: md5WithRSAEncryption
        84:52:fb:28:df:ff:1f:75:01:bc:01:be:04:56:97:6a:74:42:
        24:31:83:f9:46:b1:06:8a:89:cf:96:2c:33:bf:8c:b5:5f:7a:
        72:a1:85:06:ce:86:f8:05:8e:e8:f9:25:ca:da:83:8c:06:ac:
        eb:36:6d:85:91:34:04:36:f4:42:f0:f8:79:2e:0a:48:5c:ab:
        cc:51:4f:78:76:a0:d9:ac:19:bd:2a:d1:69:04:28:91:ca:36:
        10:27:80:57:5b:d2:5c:f5:c2:5b:ab:64:81:63:74:51:f4:97:
        bf:cd:12:28:f7:4d:66:7f:a7:f0:1c:01:26:78:b2:66:47:70:
        51:64
-----BEGIN CERTIFICATE-----
MIIDXDCCAsWgAwIBAgICA+owDQYJKoZIhvcNAQEEBQAwgbwxCzAJBgNVBAYTAkRF
MRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFU
QyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJI
MSIwIAYDVQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAyIENBMSkwJwYJKoZIhvcN
AQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNlbnRlci5kZTAeFw05ODAzMDkxMTU5NTla
Fw0xMTAxMDExMTU5NTlaMIG8MQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFtYnVy
ZzEQMA4GA1UEBxMHSGFtYnVyZzE6MDgGA1UEChMxVEMgVHJ1c3RDZW50ZXIgZm9y
IFNlY3VyaXR5IGluIERhdGEgTmV0d29ya3MgR21iSDEiMCAGA1UECxMZVEMgVHJ1
c3RDZW50ZXIgQ2xhc3MgMiBDQTEpMCcGCSqGSIb3DQEJARYaY2VydGlmaWNhdGVA
dHJ1c3RjZW50ZXIuZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANo46O0y
AClxgwENv4wB3NrGrTmkqYov1YtcaF9QxmL1Zr3KkSLsqh1R1z2zUbKDTl3LSbDw
TFXlay3HhQswHJJOgtTKAu33b77c4OMUuAVT8pr0VotanoWT0bSCVq5Nu6hLVxa8
/vhYnvgpjbB7zXjJT6yLZwzxnPv8V5tXXE8NAgMBAAGjazBpMA8GA1UdEwEB/wQF
MAMBAf8wDgYDVR0PAQH/BAQDAgGGMDMGCWCGSAGG+EIBCAQmFiRodHRwOi8vd3d3
LnRydXN0Y2VudGVyLmRlL2d1aWRlbGluZXMwEQYJYIZIAYb4QgEBBAQDAgAHMA0G
CSqGSIb3DQEBBAUAA4GBAIRS+yjf/x91AbwBvgRWl2p0QiQxg/lGsQaKic+WLDO/
jLVfenKhhQbOhvgFjuj5Jcrag4wGrOs2bYWRNAQ29ELw+HkuCkhcq8xRT3h2oNms
Gb0q0WkEKJHKNhAngFdb0lz1wlurZIFjdFH0l7/NEij3TWZ/p/AcASZ4smZHcFFk
-----END CERTIFICATE-----

So I simply added the missing X509v3 extensions to the text file and converted it to DER like this:

$ openssl x509 -in ThawtePremiumServerCA_b64.txt -inform PEM -text > ThawtePremiumServerCA_text.txt
$ vi ThawtePremiumServerCA_text.txt 
$ openssl x509 -in ThawtePremiumServerCA_b64.txt -inform PEM -text | diff - ThawtePremiumServerCA_text.txt
27a28,33
>             X509v3 Key Usage: critical
>                 Digital Signature, Certificate Sign, CRL Sign
>             Netscape CA Policy Url:
>                 http://www.thawte.com/en/ssl-digital-certificates/free-guides-whitepapers
>             Netscape Cert Type:
>                 SSL CA, S/MIME CA, Object Signing CA
$ openssl x509 -in ThawtePremiumServerCA_text.txt -inform PEM -outform DER -out ThawtePremiumServerCA_text.cer

You can download the edited certificate in text and DER format here.

ChangeLog

[070429 Further attempts with Thawte Premium Server CA certs. Add photo.]
[2009-04-26: Fix box.net links.]

Create a free website or blog at WordPress.com.