Secure Ubuntu Server Application with Fail2ban Behind CloudFlare

One case study involved an Ubuntu 20.04 (Focal Fossa) system that was protected with Fail2fan.  However the server was also protected with Cloudflare, so there was some work needed to get the remote IP of the attacker (this topic was covered in another post). If you try to ban the offender’s real IP (not the Cloudflare IP) with that configuration, you may receive messages in the fail2ban.log that look similar to the below:

fail2ban.observer INFO [jail] Found x.x.x.x, bad
fail2ban.actions NOTICE [jail] x.x.x.x already banned

You should also see the ban in iptables:

sudo iptables -L

However with the bans in place, the offending IP can still access the resource. The root cause is because the attack is originating from Cloudflare.

The solution is to ban and unban attacker’s remote IPs using Cloudflare’s API for their firewall.  Fail2ban has a built in actions.d/cloudflare.conf to help with that.   However with the Fail2ban version (0.11.1) available in Ubuntu 20.04 , the action file included was not completely functional, especially on the unban side.  The trick is  replace it (or use an action local file) using the latest action file on GitHub:

https://github.com/fail2ban/fail2ban/blob/master/config/action.d/cloudflare.conf

Duplicate the latest action file, then:

  1. Populate cftoken with your Global API key from Cloudflare
  2. Populate cfuser with the email address of your Cloudflare account.

Save the new action file (e.g., cloudflare.conf or cloudflare.local).  Before proceeding further, flush out any old bans that may be present in Fail2ban from previous attempts at banning, doing one or more of the following:

sudo fail2ban-client set JAILNAME unbanip x.x.x.x

Once complete, the next step is to update your jail to have the following line (NOTE – if your action file is not called cloudflare.conf or cloudflare.local, change it below accordingly):
action = cloudflare

Save the jail and then reload Fail2ban:

sudo service fail2ban reload

Test to see if the banning works. You can monitor fail2ban in real time using the command:

sudo tail -f /var/log/fail2ban.log

As of today, you can view and manage bans in your Cloudflare account at Websites -> “Your-Site” -> Security -> WAF -> Tools.  Any bans that come in through the API will have a note “Fail2Ban JAILNAME”  under the IP address.

phpMyAdmin 5.2.1 on Ubuntu 20.04 Error After Logon (Unknown named parameter $$dbi)

On Ubuntu 20.04 (Focal Fossa) running PHP 8.2, you may run into an issue after installing the latest phpMyAdmin (5.2.1) using the PPA (ppa:phpmyadmin/ppa).

When you try to log in to phpMyAdmin, you will get the following message:

 Error: Unknown named parameter $$dbi

I first found discussion about the issue on Stack Overflow, but neither solutions would result in staying on the PPA:
https://stackoverflow.com/questions/76213404/error-unknown-named-parameter-dbi-in-phpmyadmin-5-2-1

However the issue has been identified by the development team:
https://github.com/phpmyadmin/phpmyadmin/issues/16968
https://github.com/phpmyadmin/phpmyadmin/wiki/DebianUbuntu#known-issues
https://github.com/phpmyadmin/phpmyadmin/issues/18498
https://github.com/symfony/symfony/commit/8e34978e4e2c4bf7dac97e44e904368c4cfb54f8

The quick steps to fix the problem:

  1. Edit the file (nano, vi, etc.)
    /usr/share/php/Symfony/Component/DependencyInjection/ContainerBuilder.php
  2. Change this line
    $service = null === $r->getConstructor() ? $r->newInstance() : $r->newInstanceArgs($arguments);

    to look as follows:

    $service = null === $r->getConstructor() ? $r->newInstance() : $r->newInstanceArgs(array_values($arguments));
  3. Save and close the file.  Refresh the browser (or try to log in again) and you should now have a working phpMyAdmin instance.

Remove Previous Phone Number from Sprint Blackberry

If you have a Sprint branded Blackberry phone (in this case a Bold 9930 running OS 7.1) that has an old phone number (MDN) on it, you may find that the number remains even after performing a Security Wipe of the data from the device. However, you can remove easily remove it with a device reset using these steps:

  1. From the home screen, press the Send key.
  2. Dial ##72786.
  3. Tap Continue (Call ##72786)
  4. You will receive a prompt: SCRTN will change to factory default value for DSS
  5. Choose Continue
  6. You will receive another prompt: SCRTN Successful. The device will now reset to apply the necessary changes
  7. Click OK
  8. The device will restart and the old phone number will have been removed.

Disable Corporate Encryption and Password on Blackberry

On a Blackberry (in this case a Bold 9930 running Blackberry OS 7.1), you can check for forced encryption on the device by going to: Options -> Security -> Encryption.

There you will see a lock symbol illuminated for Device Memory and possibly Media Card as well.

Under Options -> Security -> Password, you may also have some options forced.

You can view all of the policies that are being forced on the device (typically on a company phone) by going to Options -> Security -> Security Status Information -> View IT Policy button.

You may have already tried to remove encryption by wiping the phone via Options -> Security -> Security Wipe. While this may remove data on the device and memory card, it doesn’t remove the IT policies (such as password, encryption, etc.).

To fully reset the phone, you will need to use the Blackberry Desktop Software.  As of 2023 the software carries the same name as the original, but has been repurposed for Blackberry VPN service (https://www.blackberry.com/content/dam/blackberry-com/Documents/pdf/desktop/br-desktop.pdf).   Blackberry phones are no longer supported by the version of the software that is available for download. (https://www.blackberry.com/us/en/support/downloads/notice).

Fortunately, you can still acquire the software that works on either Windows or Mac using the Internet Archive project.  A version of Blackberry Desktop that supports Blackberry OS 7.1 and earlier is available. Software is also available for Blackberry 10 OS (Blackberry Link and Blackberry Blend).

https://archive.org/details/blackberry-desktop-software_202112

You can check the model of phone and also the version of Blackberry OS running on the device by going to Options -> Device -> About Device Versions.   Download the appropriate software from the link above.

For a Bold 9930 you’ll need BlackBerry Desktop software for BlackBerry 7.1 OS and earlier.  

If running Windows 10, use the link above to download:
Desktop Software v7.1.0 B42 (Multilanguage)
710_b042_multilanguage.exe

If on Mac OS, download:
BlackBerry Mac Desktop Software v2.4.0.18 (Mac OS)
BlackBerry Desktop Software.dmg

Once installed, connect the device to the computer (in this case using a micro USB cable) and launch the software.  Verify the phone is detected.   In the top right of the software there is a box with a question mark inside of it.  Click it, then choose -> Support resources -> Support tools.  There you will have the option to Reset to Factory Settings.  Click the Reset button.

If it gets interrupted or you receive an error related to the Application Loader, simply repeat the steps.

Once complete, the device should be free of any forced policies.