Sysadmins be welcome!

Sysadmins of the North is just another technical blog, like so many others out there. Most posts are written in English, some in Dutch. For the most part, I write as it comes; posts may seem incoherently written sometimes (my apologies). Here on you’ll find all kinds of computer, server, web, sysadmin, database and security related stuff. Browse the latest posts per category here, search for posts, or make a selection from the categories menu.

Drop me a comment somewhere to say hi, or discuss about security, website or WordPress, MySQL optimization and performance, Windows Server and IIS web server topics.



Monit monitoring on Ubuntu 14.04 VM on Hyper-V

Monitor websites and services with Monit on Ubuntu 14.04 LTS on Hyper-V, on either Windows Server 2012 R2 or Windows 8.1.

This post is about setting up a monitoring service using Monit. Monit is a free and open source service monitoring application which can perform various event-based actions. Monit can send email notifications, restart a service or application, or take other responsive actions. We set Monit up on a Ubuntu 14.04 VM, built on Hyper-V. And we use Monit to monitor several websites, and send out notifications on downtime.

Read more

For my more novice Dutch readers, I started a new website project: A website dedicated to explain commonly used computer and internet techniques. Some of the topics include: What is DNS?, How do I edit wp-config.php through FTP?, How do I send an email with telnet?, and so on.

Read more

DOSBox, play old games

Play really old games on Windows 7, 8, 8.1 with DOSBox

PC retrogaming how-to for 64-bit Windows

We all love old games. It’s a nostalgia thing from when we played those really old games on our 286 (or older, like an MSX) computer, either using floppy disks or cassettes/cartridges. There is nothing much sysadmin about this, it’s all about FUN! You all remember Airborne Ranger, Operation Wolf, Blues Brothers, Gunboat and The Lost Vikings, right? …

Read more

Disable WordPress comments (how-to)

The WordPress comment system can be a bless for your blog, because of the user interaction. However, when the WordPress comment option is abused by spammers, it becomes a real pain in the “@ss”. With tens- or hundreds of thousands spam reactions, disabling and removing comments is the only way to go. Here is how to disable WordPress comments in both the WordPress Dashboard interface and in your MySQL database.

Read more

Implement a highly available private cloud to host virtual machines

This document explains how to implement a highly available private cloud to host virtual machines from scratch.

Microsoft Partner Romain Serre published a document that describes how to implement a highly available private cloud to host virtual machines from scratch. For that he uses technologies such as Hyper-V, Scale-Out File Server, SQL Always On, Virtual Machine Manager, RD Gateways, Service Provider Foundation and Windows Azure Pack.

Read more

logo Sysadmins of the North

Like, Share, Follow & +1

Did you know Sysadmins of the North is active on a number of social platforms? Social platforms include Twitter, Facebook, Google+ and Pinterest. Either as this website or on a more personal title. This post is to persuade you to follow and/or share posts with your friends, family, coworkers and other interested parties. So, if you read a post you found interesting, or a post that solved a problem you were facing, please share! :)

Read more

Explicit Congestion Notification (ECN) slows down outbound connections

Windows Server 2012 is the first Windows Server version to enable Explicit Congestion Notification, or ECN, in the TCP stack. This is also known as ECN Capability. Explicit Congestion Notification is an extension to the Internet Protocol and to the Transmission Control Protocol and is defined in RFC 3168. ECN allows end-to-end notification of network congestion without dropping packets. ECN is an optional feature that may be used between two ECN-enabled endpoints when the underlying network infrastructure also supports it.

Read more

Microsoft out-of-band security update MS14-068 (3011780)

and MS14-066 reissued, fixing TLS 1.2 cipher suites issues with Google Chrome

Yesterday evening, Microsoft released an out-of-band security notification MS14-068: Vulnerability in Kerberos Could Allow Elevation of Privilege (KB 3011780). This one is severe, and I recommend everyone to install this patch asap! It allows oridinary Domain Users to become Domain Admins, wh00ps…

Read more

Denial of Service (DoS) Attack

Joomla! websites abused as open proxy for Denial-of-Service attacks

Joomla websites using the Googlemaps plugin for Joomla are actively abused as open proxy -or launchepad- for launching Denial-of-Service (DoS) attacks. Even though the vulnerability details in Googlemaps plugin file plugin_googlemap2_proxy.php were released over one and a half (1,5) years ago, I still see this abuse and DoS-attacks happening on a regular basis…

Read more

Convert decimal to hex in bash?

A quicky for my archive, hexadecimal to decimal and decimal to hexadecimal in bash:

In mathematics and computing, hexadecimal (also base 16, or hex) is a positional numeral system with a radix, or base, of 16. It uses sixteen distinct symbols, most often the symbols 0-9 to represent values zero to nine, and A, B, C, D, E, F (or alternatively a–f) to represent values ten to fifteen. If you want to convert hexadecimal values to decimal and decimal values to hexadecimal, here’s how. All on the bash prompt…

Read more global DNS load-balancing

Sysadmins of the North goes global!

Geolocation DNS load balancing with chrooted Bind9 + geoip-database, and Varnish Cache CDN back-end on DigitalOcean Debian Wheezy droplets.

I felt it was time to take Sysadmins of the North to the next level, it was time to expand with a global DNS load balancing and Varnish Cache (CDN) service. Here is how I set up my geo load balancing Varnish Cache HTTP reverse proxy CDN. It’s all for the fun, various configs are not advanced and may not be optimized. Never copy/paste anything to put into production without testing.
Read on to learn how to set up a global presense…

Read more

Microsoft warns for PowerPoint OLE 0-day

Security Advisory 3010060 provides additional protections regarding limited, targeted attacks directed at Microsoft Windows customers.

A cyberattacker could cause remote code execution if someone is tricked into opening a maliciously-crafted PowerPoint document that contains an infected Object Linking and Embedding (OLE) file.
Read more

Conditionally start Application Pools on remote IIS web servers

In my routine, I occasionally have to start multiple website application pools when they are in a stopped state. On more than one web server. Being a lazy system administrator, I find it too much work to log on every server. Therefor I start those application pools in a loop. A condition for me to start application pools is that the application pool autostart parameter is set to true. This is because I set autostart to false when I disable hacked websites, and those application pools may not be started until all problems are resolved of course. To start application pools, I use the AppCmd command.

Read more

Change WordPress stylesheet_uri with add_filter()

Just a quicky: To alter or change WordPress’ stylesheet URI, to offload some static content, place in your Theme functions.php file:

add_filter('stylesheet_uri', 'change_css');
function change_css() {
  return "[theme_name]/style.css";

Now your theme’s style.css will be loaded from a subdomain or hostheader called This can improve overall website performance.

PHP cURL to check website availability

The following PHP function checks whether a website is online available or not. Because: website uptime and availability is important and you want your website to be always online available. When your website is down, you want to be informed about the downtime.

The PHP code snippets uses PHP cURL (Client URL Library). This function takes a domain name as input parameter and outputs TRUE or FALSE (for available or unavailable), depending on the returned HTTP status code.
Read more

1900/UDP (SSDP) Scanning and DDOS

SSDP amplified reflective DDoS attacks

The Internet Storm Center (ISC) InfoSec Handlers Diary Blog writes about a recent -significant- increase in both scanning for 1900/UDP and a huge increase of 1900/UDP being used for amplified reflective DDOS attacks: 1900/UDP (SSDP) Scanning and DDOS

1900/UDP is the Simple Service Discovery Protocol (SSDP) which is a part of Universal Plug and Play (UPnP). The limited information available to me indicates that the majority of the devices that are being used in these DDOS attacks are DLink routers, and some other devices, most likely unpatched or unpatchable and vulnerable to the UPnP flaws announced by HD Moore in January of 2013.