I was surprised today when I noticed that someone had posted a new article to this site at 6:36AM this morning titled “3 Reasons to Start Using Dealspaces”. Interestingly enough the user account used to post the article was a test account under my wife’s name that I probably haven’t used in years.

I went looking at the nginx access.log files and found the relevant entires;

213.164.204.89 - - [17/Feb/2021:11:36:17 +0000] "POST //xmlrpc.php HTTP/1.1" 200 141 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0"
213.164.204.89 - - [17/Feb/2021:11:36:18 +0000] "POST //xmlrpc.php HTTP/1.1" 200 2253 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0"
213.164.204.89 - - [17/Feb/2021:11:36:19 +0000] "GET /2021/02/3-reasons-to-start-using-dealspaces/ HTTP/1.1" 200 9985 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0"

The IP address belongs to a Swedish Internet Service Provider named Bahnhof, not particularly helpful as it could have also been a Tor endpoint or exit node. I can tell from the time stamps that the action was likely scripted as there was exactly one second between each request.

Needless to say I immediately deleted the post and the user account that was used to make the post and then changed my own password out of an abundance of caution. I then scoured the entire WordPress filesystem using the recent backup I had to try and make sure that nothing else was changed. I even dumped the database and ran a quick comparision against a recent backup, again looking for any changes or any obfuscated code.

My Thoughts?

Old user accounts are becoming a bigger and bigger problem as the longer they hang around in the wild they will eventually end up being compromised. This is why IT security professionals plead with users to use different passwords on every single website and to frequently change those passwords. Unfortunately in this case I’m going to guess that the password used for this account likely wasn’t very secure (Test123) and that’s likely how the hacker was able to login to WordPress and post the article. So shame on me for yet again falling into the roll of a user.

Are you curious if your user credentials have ever been leaked? Check out have i been pwned?

Cheers!

This afternoon I thought I would take some time to share with everyone two tools that I each started using about two years now. They’ve really helped me be both more efficient and secure. And with all the recent retail breaches it’s more important than ever to have complex and distinct passwords for each and every site where you have an account.

LastPass

I started using LastPass about two years ago after I became very agitated trying to manage a growing list of passwords in an encrypted Excel spreadsheet. Initially I was wary of having all my eggs in one basket but in time I overcame that fear after digging into the technology around LastPass to learn how it works and I haven’t looked back since. The idea behind the product is pretty simple? They’ll store and save all your passwords in the cloud behind an AES 256 bit encryption that is keyed to your master password. All they store is the encrypted data so they don’t have access to any of your information. You can quickly and easily automatically generate new passwords and you can have LastPass fill in the forms and even auto-login if you so wish. I subscribe to LastPass as a premium user ($12 yearly) in order to have access to their mobile application on my Android devices. You can create an account for free for use on any number of browsers including Internet Explorer 8+, Firefox 2.0+, Chrome 18+, Safari 5+ and Opera 11+. The wife is a big online shopper and I’m still trying to help her get the hang of using LastPass but it’s my opinion that my time spent educating her will pale compared to the time I’ll end up spending if all her different accounts get breached at a single time. You can download LastPass for Windows, MAC, Linux or Mobile free of charge. I’m still mindful to only access LastPass from a known trusted device, so as to avoid any malware or miscreants capturing my master password.

Evernote

I’m one of those folks that has hundreds of text documents scattered all over their laptop, desktop and/or mobile device. I waste far too much time trying to locate my notes from a previous upgrade or problem often failing to find the actual data I’m seeking. About two years ago I met Greg Ferro in person at Networking Field Day 4 and was impressed at how he organized himself. I picked up Evernote shortly thereafter and I’ve been trying to keep myself better organized every since. The great thing about Evernote simlar to LastPass is that you can basically carry it with you anywhere. Your notes are all centralized and maintained in the cloud which allows you access from your laptop, desktop, mobile device or web browser. I’ve taken to using a Samsung Galaxy Note 10.1 2014 Edition with the stylus for taking notes while working on problems or issues. There’s been a lot of competition lately from both Google Keep and Microsoft OneNote. I haven’t really had an opportunity to try either out but from the reviews and posts I’ve read it sounds like Google Keep really can’t match the features of Evernote, while Microsoft OneNote is a compelling choice for new users.

Cheers!

Note: This is a series of posts made under the Network Engineer in Retail 30 Days of Peak, this is post number 12 of 30. All the posts can be viewed from the 30in30 tag.

These are very small business offices, doctor’s offices and senior executives homes where we don’t need the features that an Ethernet Routing Switch 4500 or 5500 series switch would provide. There are really fours variables to keep in mind; price, size, noise and features. One of the features we were looking for was Power over Ethernet (PoE) ports for an IP phone and/or a wireless access port.

We evaluated the BES50FE-24T PWR and the BES50GE-24T PWR and they both performed nicely in bandwidth tests. We did observe some odd behavior with some different end devices that all seemed to be resolved when we upgraded the switches to that latest software release (v1.0.5.0 for the BES50GE-24TPWR and v1.0.3.0 for the BES50FE-24TPWR).

Quick Install Guide

Default Username: nnadmin
Default Password: PlsChgMe!

Default Read Only SNMP String: PlsChgMe!RO
Default Read-Write SNMP String: PlsChgMe!RW

I’ve generally found that the BES50 will default to an IP address of 192.168.1.128 although Nortel advises the use of the Nortel Business Element Manager to search for the device (please refer to the Quick Install Guide above).

Cheers!

Update: January 12, 2009

How do you factory reset the BES50?

When pressed for 5 seconds, the reset button reinitializes the switch. This returns the switch to the factory default settings if, for example, you forget the default IP address, your user name, or your password.

The reset button is found on the front of the BES50 as depicted in the graphic above. The actual button is approximately 1 inch inside the faceplate and Nortel advises that you use a non-metallic object to depress the button.

Cheers!

There are multiple models to choose from in both the 24port and 48port form factors, there are PoE (Power over Ethernet) models as well.

A full list of the models and there feature sets can be found here.

There are some re-occuring questions from folks that I thought I would post on;

What is the default username and password?

Username: nnadmin
Password: PlsChgMe!

How can I factory reset the switch or recover the password?

There is a reset button in the front of the switch depicted in the figure below as (2);

What is the default IP address of the switch?

The default IP address is 192.168.1.132 with a subnet mask of 255.255.255.0.

How can I login to the switch?

Just give your desktop or laptop a static IP address in the 192.168.1.0/24 network, connect your desktop or laptop to any of the RJ45 ports and open a web browser to http://192.168.1.132.

While I’m happy to post this information here let me just point out that all this information is in the documentation if you chose to RTFM.

Cheers!

Since that time Nortel has added a few lower end SOHO solutions, Nortel VPN Router 200 series, to the product line which I believe are OEM’d from ZyXEL. I’m not very fond of the 200 series and I would NOT recommend them to anyone. I am, however, very fond of the 1100 series as it runs the same software that the larger models run.

Thankfully they all share the same default username and password. Unfortunately they don’t all share the same software or configuration interface.

The default username is “admin”.
The default password is “setup”.

With the traditional Nortel (Contivity Switches) VPN routers there are two internal IP addresses assigned to the one physical internal interface. One IP address is for management and the other for routing traffic. The default management IP address for these models (Nortel VPN Router 1000 Series, 2000 Series, 4000 Series, 5000 Series) is;

http://192.168.1.2

The actual traffic interface is 192.168.1.1 and the default DHCP address range should be between 192.168.1.3 – 192.168.1.254.

Cheers!

In order to access the configuration menu of the Nortel i2007 IP phone while the phone is booting you’ll be challenged to enter the “Administration Password”. The following key sequence should work;

2, 6, 5, 6, 7, *, 7, 3, 8, OK

In order to access the configuration menu of the Nortel 1110/1120E/1140E/1150E IP phone while the phone is booting you’ll be challenged to enter the “Administration Password”. The following key sequence should work;

2, 6, 5, 6, 7, *, 7, 3, 8, Down

If the Nortel 1110/1120E/1140E/1150E IP phone is already running (connected to a Nortel Succession Call Server / Success Remote Gateway) you access the configuration by pressing the Services key twice and select the Network Configuration option.

Cheers!