Thejesh GN

A Blog, A Website and A container for all my views with excerpts from technology, travel, films, india, photography, kannada, friends and other interests. I am Thejesh GN. Friends call me Thej

Then they came for whistleblowers

Posted by Thejesh GN On October - 17 - 20123 COMMENTS

Today’s Salman Kurshid incident reminds me

First they came for the communists,
and I didn’t speak out because I wasn’t a communist.

Then they came for the socialists,
and I didn’t speak out because I wasn’t a socialist.

Then they came for the trade unionists,
and I didn’t speak out because I wasn’t a trade unionist.

Then they came for me,
and there was no one left to speak for me.

You can replace communists, socialists, trade unionists by virtually anybody who is honest and interested in India. This is probably worst time in Indian politics Hope Manmohan Singh comes out and sacks his law minister.

If you haven’t seen the leaked video yet then check the report below

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...Loading...

Instgram for Crowdsourcing Postbox Locations

Posted by Thejesh GN On October - 16 - 20124 COMMENTS

Update: Its become an all India postbox data collection project. Now we use the tag #openpostboxindia. The source code is open sourced and can be used for any type of photo and location based data collection using Instagram and Twitter.

I have been using instagram a lot. If you follow me on instagram you would have noticed pictures of postboxes. If you check the details they all have a similar tagging pattern. They all are tagged with #openbangalore #openpostboxindia #postbox and #pin<pin_code>. The last tag #pin<pin_code> in real will look like #pin560100. All these pictures belong to my secret project called postboxes.


I like sending post cards. It’s such a pain to send post card because its difficult to find a postbox. There aren’t many these days. So for last few months I had been taking geo tagged pictures thinking one day I will clean them up. But that never happened.

But then instagram gave me an option to collect and organize this data in a fun way. I jumped into it. So now I instagram a post box with #openbangalore #postbox and #pin<pin_code>. I also geo tag them. I have a script which uses the instagram API and pulls the image url,Tags, Location, Time, User credits out of it. Cleans up that data and inserts into a SQLite database.
Read the rest of this entry »

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...Loading...

Awesome weekend

Posted by Thejesh GN On October - 15 - 20123 COMMENTS

I had an awesome weekend at Pondicherry. I dont want to write anything about it other than saying it was my best birthday. Here are some pictures from instagram.

1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 4.33 out of 5)
Loading...Loading...

Grand Parents

Posted by Thejesh GN On September - 22 - 20122 COMMENTS

I didnt get to spend time with my grandparents. I really dont know how kids interact with their grand parents. Its fun too watch how my parents communicate with their grand kids (my sisters kids). Kind of very new experience for me.

Read the rest of this entry »

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 4.50 out of 5)
Loading...Loading...

Securing your server using DenyHosts

Posted by Thejesh GN On September - 21 - 2012ADD COMMENTS

Running an internet accessible server means you are opening yourself to crackers. Running the server in itself is a risk, so risk management is of top priority when you open up the ports for accessing the server.
The standard ports are 80(http), 443(https) and mostly 22(for ssh). Port 22 is the most important one. Even though ssh assures secure (encrypted) communication. It’s still not safe, say against dictionary attacks. You can do few things to manage the risk

1. Change the ssh port from 22 to something else. This is simple. Even though it doesn’t protect against the attacks, it will surely slowdown the automated attacks.

#1.Edit the sshd_config 
nano /etc/ssh/sshd_config 
#2.Locate the below line and change the number 22 to say 1001
Port 22
#3.restart sshd 
service sshd restart
#or by running
/etc/init.d/ssh restart

2. Installing and DenyHosts to control the logins through ssh

#1.Install the denyhosts.
sudo apt-get install denyhosts
#2.edit the denyhosts config
sudo nano /etc/denyhosts.conf
#3.restart denyhosts
sudo /etc/init.d/denyhosts restart
#4.check the logs to see who is trying to login etc
less /var/log/auth.log
#5.see what ip address are blocked
less /etc/hosts.deny

It’s important to go through every configurable item in denyhosts.conf before you enable denyhosts. According to me the most important ones are below. These are three important thresholds which will lockup the ip address.

#########################################################
# DENY_THRESHOLD_INVALID: block each host after the 
# number of failed login attempts has exceeded this value.  
# This value applies to invalid user login attempts
# (eg. non-existent user accounts)
#
DENY_THRESHOLD_INVALID = 5
#
##########################################################
# DENY_THRESHOLD_VALID: block each host after the number 
# of failed login attempts has exceeded this value.  This 
# value applies to valid user login attempts (eg. user 
# accounts that exist in /etc/passwd) except for the "root" 
# user
DENY_THRESHOLD_VALID = 10
#
##########################################################
# DENY_THRESHOLD_ROOT: block each host after the number of
# failed login attempts has exceeded this value.  This 
# value applies to "root" user login attempts only.
#
DENY_THRESHOLD_ROOT = 1
#########################################################

Remember denyhosts deosn’t lock the account. It locks only the IP address from where an user/cracker tried to login. So in case if you are locked yourself out. Try login from a different IP address (make sure your password right this time) and follow the steps below to remove your IP address.

  1. Stop DenyHosts
  2. Remove the IP address from /etc/hosts.deny
  3. Edit WORK_DIR/hosts and remove the lines containing the IP address. Save the file.
  4. Edit WORK_DIR/hosts-restricted and remove the lines containing the IP address. Save the file.
  5. Edit WORK_DIR/hosts-root and remove the lines containing the IP address. Save the file.
  6. Edit WORK_DIR/hosts-valid and remove the lines containing the IP address. Save the file.
  7. Edit WORK_DIR/user-hosts and remove the lines containing the IP address. Save the file.
  8. (optional) Consider adding the IP address to WORK_DIR/allowed-hosts
  9. Start DenyHosts

You can try Fail2Ban if you want an alternative. Also remember DenyHosts is just one of the security related steps you have to take and not the only step.

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...Loading...

Get in touch