Clicky

20201219

CCleaner update script

I am a longtime fan of CCleaner (former CrapCleaner). There is a "free" and a paid version. One difference between free and paid is an automated update of the application. In the newer versions there is an auto update in the free version, but that will show you nag screens.

The next Powershell script checks for a new version on the CCleaner website and when a newer version is available, it will download and install. You run the script manually or by Scheduled Task.


$ccleanserVersion = Get-ItemProperty -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where-Object DisplayName -eq CCleaner | Select -ExpandProperty "DisplayVersion"
write-host "*** Currently installed version: $ccleanserVersion"
$ver = $ccleanserVersion.replace(".","")

$latestVersion = Invoke-WebRequest -UseBasicParsing "https://www.ccleaner.com/ccleaner/download/standard" | Select -ExpandProperty "RawContent"
$versionMatch = $latestVersion -Match "https://download.ccleaner.com/ccsetup$ver.exe"

if (!$versionMatch) {
    write-host "*** Download and install new CCleaner app..."

    $latestVersion = $latestVersion -Match "https://download.ccleaner.com/ccsetup\d{3}.exe"
    $url = $Matches[0]   
    $intallerFile = "c:\temp\ccsetup.exe"

    Import-Module BitsTransfer
    Start-BitsTransfer -Source $url -Destination $intallerFile
    
    write-Output "*** Installing CCleaner..."
    & "C:\Windows\system32\cmd.exe" "/c" "start" "/wait" "$intallerFile" "/S"

    $ccleanserVersion = Get-ItemProperty -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where-Object DisplayName -eq CCleaner | Select -ExpandProperty "DisplayVersion"
    write-host "*** New version: $ccleanserVersion"   
    
}
    ELSE
{
    write-Output "*** No newer version available."
}

The update looks like this:


20201202

Tweakers paywall configuration

Update: 7-Apr-2021 b

Maybe you are aware that Tweakers will deploy a paywall for "Premium" articles. For those who are not interested in T.net links to paywalled articles, you may configure this rule in your favorite content filter:

!Tweakers Plus articles
tweakers.net##.plus
tweakers.net##tr:has(td:has(div.plus))

! Email subscription option on the front page, in the news overview
tweakers.net##.top.frontpage.mainColumn > .darkBlock

! Job offers on the front page
tweakers.net##.bottom.frontpage.secondColumn > .darkBlock

! Advertisements in news articles
tweakers.net##div#layout div#contentArea > div.wrap > div:nth-child(1):has(img[referrerpolicy="unsafe-url"])
tweakers.net##div#top > div#entity > div:nth-child(1) > div:nth-child(1)

! Requests for feedback in news articles
tweakers.net##.usabilla-survey.usabilla-trigger

! Delayed advertisements loaded through JavaScript
@@||tweakers.net^$ghide

This will result in showing "public" links only. Make sure you do not suppress adds, because that is not allowed!

20201031

Convert all FLAC files in a folder to MP3s

The next script takes a folder path as imput, checks all the FLAC files in that folder, and creates MP3 files for each FLAC file found. There is only one prerequisite: FFMPEG should be installed. Save the script as "ConvertFlacToMp3.bat"

Usage:

C:\> ConvertFlacToMp3.bat {path to FLAC files}

or:

Create a shortcut to this script on the desktop and you can drag folders (from Windows Explorer) to the icon.


There are couple of tricks in the script:

- Normalization of the passed folder (e.g. removal of qoutes, required for drag-and-drop)

- Enumeration of FLAC files in the folder

- Filename contruct of the MP3 filename 


You play around with the script and find out yourself. One improvement could be that the MP3 files are stored in a (new) seperate folder. 

 

 ---8< ---------------------------------------------------------------

@echo off

setlocal ENABLEDELAYEDEXPANSION

echo.
echo *** Usage:
echo        C:\^> %0 {path to folder with *.FLAC files}
echo        Or drag the folder with FLAC files to a shortcut of this script.

if %1.==. goto :EOF
if not exist %1 goto :EOF

set cmdParam=%1
set firstChar=%cmdParam:~0,1%
if ^%firstChar% EQU ^"  (
    for /f "tokens=*" %%i in (%1) do set sourceFolder=%%~i
) ELSE (
    set sourceFolder=%1
)   
set SRC=!sourceFolder!

set t=%time%
set ffmpeg=c:\scripts\ffmpeg\bin\ffmpeg.exe

echo.
echo *** Processing folder: "%SRC%"...

for %%i in ("%SRC%\*.flac") do (
    
    set fPath=%%~dpi
    set fName=%%~ni
    
    for %%j in ("!fName!") do set nam=!fPath!!fName!.mp3
    
    echo *** %%i
    %ffmpeg% -y -loglevel panic -i "%%i" -vsync 0 -codec:a libmp3lame -qscale:a 2 "!nam!"

)

echo *** Start: %t%
echo *** End  : %time%

start /separate explorer "%SRC%"

ping -n 60 localhost >nul

---8< ---------------------------------------------------------------

 

Script invocation:


 After the script finishes, Explorer shows the folder with FLAC and MP3 files:



 

 

20200308

Trust comes by foot and goes by horse

In this post, I showed a geolocation lookup method for hMailserver, using a free geolocation webservice. At some point in time this webservice arrived in the DNSBL blacklist, and the geolocation lookups failed.

I do not have a clue why this service was placed on the blacklist, but during the time that it worked, I noticed that some malicious IP addresses were mapped to NL/Amsterdam instead of the country/locations that other geolocation services provide (so the trust in de geolocation webservice is lost here).

There are two things that we can do: place the existing geolocation service on the whitelist or use a local geolocation database. Since IPv4 addresses/subnets will not change that fast (anymore), it is a feasable solution to use a local database for lookups. So here we go!

You need to download the database itself and a (command line) tool to query the database. Create an account with Maxmind (https://www.maxmind.com/en/home) and download GeoLite2-Country.mmdb and mmdbinspect.exe

This is the modified geolookup function:

    function IPtoGeoLocal(IPaddr)

        const geoDbPath     = "{path to}\GeoLite2-Country.mmdb"
        const geoLookupExe  = "
{path to}\mmdbinspect.exe"
        const tempPath      = "c:\temp"
        const searchString  = "iso_code"
       
        dim wsh, fso
        set wsh = createobject("wscript.shell")
        set fso = createobject("scripting.filesystemobject")
       
        '--- Create a temp file with a unique filename to prevent conflicts...
        tempFile = tempPath & "\" & IPaddr & ".dat"
        geoLoc = "XX"

        '--- Invoke Maxmind command line tool, do a lookup and pipe the result in tempFile...
        runString = "cmd /c " & geoLookupExe & " --db " & geoDbPath & " " & IPaddr & " | find """ & searchString & """ > " & tempFile
        wsh.run runString,0,true
       
        '--- Read one line from tempFile...
        set f = fso.openTextFile(tempFile) : s = f.readLine : f.Close
        fso.deleteFile tempFile, true
       
        t = split(s, chr(34))
        if Instr(s, searchString) > 0 then IPtoGeoLocal = t(3)   
       
    end function


When the function is called:

wscript.echo IPtoGeoLocal("8.8.8.8")

You will get the two character ISO3166 code back ("US") or "XX" when the IP address is not found in the database. 

20200303

Capacitor Plague, deel 3

Vervolg op deel 1 en deel 2.

Op mijn studeerkamer hangt al een jaar of 9 een LG TV. Die begon kuren te vertonen. Als 'ie aan werd gezet met de afstandsbediening hoorde je het relais schakelen, maar de TV ging niet aan. Alleen nadat de voedingstekker ongeveer 15 seconden uit de wandcontactdoos gehaald was, en het lichtje op de voorkant van de TV gedoofd, kon de TV weer aangezet worden.

Een mogelijk geval van "brownout". De electronica bestaat uit een voedingsprint en een TV print. Op de voedingsprint zit een 5VDC voeding met twee elco's die bol stonden en electroliet lekte:



Twee vervangende elco's gesoldeerd en de TV werkte weer als een zonnetje:


Wat opviel was dat de twee originele elco's (merk: Sam Young, type: NXT, 1500uF, 6.3V) de enige van dit merk en type waren op de gehele voedingsprint. Het specificatieblad van deze serie elco laat ook zien dat 'ie zeer slechte specificaties heeft. Terwijl de overige elco's van betere kwaliteit zijn. Dit doet sterk vermoeden dat LG hier bezig is geweest met geplande veroudering.

Hoe dan ook, dit is toch de laatste LG TV vanwege dit akkefietje en een aantal andere zaken met LG die niet in de haak waren.

P.S. ik ben niet de enige met precies hetzelfde probleem in een LG TV: https://www.youtube.com/watch?v=eZna3Fj3O4Q&feature=youtu.be 



20200208

hMailserver: reject emails that have long subjects

Some people paste long strings in the Subject field of emails. The maximum number of characters of the Subject field is 998 characters but can be tweaked to more. It does not make sense to have more than ~160 characters so lets reject messages that have long Subject fields.

In hMailserver we can reject those emails very simply. In the OnSMTPData sub the Subject field is available and we can measure the amount of characters (length):

Sub OnSMTPData(oClient, oMessage)

    subjectLength = len(oMessage.Subject)


    if subjectLength > 160 then
        Eventlog.Write("OnAcceptMessage: email rejected because of Subject = " &  subjectLength & " characters (>160). From: " & oMessage.FromAddress)
        result.value=1
    end if

end sub

When a subject field of an email is longer than 160 characters, the event will be logged in the hMailserver logfile and the email will be rejected.

4144    "2020-02-08 09:02:37.138"    "OnAcceptMessage: email rejected because of Subject = 236 characters (>160). From: email@sender.com"

Also, the sender gets an email that the email is rejected:


Your message did not reach some or all of the intended recipients.

      Subject:     RE: 1234567890RE: 1234567890RE: 1234567890RE: 1234567890RE: 1234567890RE: 1234567890RE: 1234567890RE: 1234567890RE: 12345678901234567890
      Sent:  2/8/2020 9:03 AM

The following recipient(s) cannot be reached:

      Email Sender (email@sender.com) on 2/8/2020 9:03 AM
            554 Rejected

hMailserver geolocation blacklist

The purpose of the next scripts is twofold:
  1. Block email sessions of email servers that are on the blacklist
  2. Automatically create a blocking firewall rule in case of bad behaving or misconfigured remote email servers
Let start with requirement #1: We use here the free gelocation service (max 20 lookups per minute) of https://extreme-ip-lookup.com. They provide different IP-to-Geo lookup methods. Here we use the JSONP method:

The IP address of the remote email server is available in the OnClientConnect subroutine of the hMailserver EventHandler.vbs script. The code to obtain the remote emailserver's IP address is this:

Sub OnClientConnect(oClient)

    Const BlackList=" AR BG BO BR CC CM CO GA IN IQ IR KE KZ MA ME MX RO RO RU TH TH TK TW UA VN "
      
    geoLocation = IPtoGeo(oClient.ipaddress)


    if len(geoLocation) = 2 and geoLocation <> "XX" then
        if Instr(Blacklist, geoLocation) > 0 then
            Eventlog.Write("[Blacklist] OnClientConnect: " & oClient.ipaddress & " - " & geoLocation & " is in the Blacklist and the session is disconnected.")
          
            '--- Reject message...
            Result.Value = 1   
        end if
      
    end if

End Sub


We use a seperate function (IPtoGeo) to map the IP address to a countrycode. The function IPtoGeo looks like this:

function IPtoGeo(IPaddr)

    Const countryString = """countryCode"".*"   
   
    geoLocation = "XX"
   
    if Instr(IPaddr,"192.168.") <> 1 and Instr(IPaddr,"10.") <> 1 and Instr(IPaddr,"127.") <> 1 then
   
        lookupGeolocation = "https://extreme-ip-lookup.com/json/" & IPaddr & "?callback=getIP"
       
        Set objHTTP = CreateObject("Msxml2.XMLHTTP")
        objHTTP.open "GET", lookupGeolocation, False
        objHTTP.send
        returnString = Cstr(objHTTP.responseText)

        set objRegexp = new RegExp
        objRegexp.pattern = countryString
        objRegexp.ignoreCase = true
        objRegexp.global = false
        set matches = objRegexp.execute(returnString)
       
        if matches.count = 1 then
            s = matches(0).value
            t = split(s,":")
            u = split(t(1), chr(34))
            geoLocation = u(1)
        end if
       
    end if

    IPtoGeo = geoLocation

end function


When an IP address is mapped to a country code that is the blacklist (Const BlackList), the email session is disconnected (Result.Value = 1) and the hMailserver eventlog (hmailserver_events.log) shows:

4376    "2020-02-08 03:36:46.319"    "[Blacklist] OnClientConnect: 79.124.62.14 - BG is in the Blacklist and the session is disconnected."

It happens somtimes that remote email servers start retrying or even hammering the hMailserver after a rejected session. E.g. I found a remote email server continuously trying to connect twice per minute. We want to block those connections in an earlier stage.

So for requirement #2 we use a small Powershell script to create a firewall block rule. We use Powershell because the regular expressions in VBscript are slow and Powershell provides the -Match method and an easy method to set a firewall rule.

$maxAttempts = 10
$logFile = get-content "d:\hMailserver\logs\hmailserver_events.log"
$today = (get-date).ToString("yyyy-MM-dd")
$searchBase = ($logFile -match $today)

$ip = $args[0]

if ($ip -match "(?:[0-9]{1,3}\.){3}[0-9]{1,3}")
{
    $hammerCount = $searchBase -match $ip
    if ($hammerCount.count -GT
$maxAttempts) {
        $ruleDate = (get-date).toString("yyyy-MM-dd")
        $blockName = "hammerBlock ($IP, $ruleDate)"
        write-host "*** Setting rule: $blockName"
        $ruleExists = Get-NetFirewallRule -DisplayName $blockName -erroraction SilentlyContinue
        if ($ruleExists) {
            Remove-NetFirewallRule -DisplayName $blockName
        }
        New-NetFirewallRule -DisplayName $blockName -Direction Inbound -Action Block -RemoteAddress $IP | out-null
    }
}   


The powershell script (hammerBlock.ps1) is called in the OnClientConnect sub:

Sub OnClientConnect(oClient)

    dim wsh

    Const BlackList=" AR BG BO BR CC CM CO GA IN IQ IR KE KZ MA ME MX RO RO RU TH TH TK TW UA VN "

    set wsh = CreateObject("wscript.shell")
       
    geoLocation = IPtoGeo(oClient.ipaddress)
    if len(geoLocation) = 2 and geoLocation <> "XX" then
        if Instr(Blacklist,geoLocation) > 0 then
            Eventlog.Write("[Blacklist] OnClientConnect: " & oClient.ipaddress & " - " & geoLocation & " is in the Blacklist and the session is disconnected.")
           
            '--- Run the Firewall block script from here...
            runString = "powershell -file ""c:\scripts\hammerBlock.ps1"" " & oClient.ipaddress
            wsh.run runString,0,true

           
            '--- Disconnect...
            Result.Value = 1    
        end if
       
    end if

End Sub


When a remote email server, that is in the blocklist, tries to connect more than 10 times on one day, a firewall block rule is created. The rule looks like this:


I know that there are many more methods to block sessions based on geolocation. Most of them are quite hard to configure and maintain. With the scripts above, all work is executed in the hMailserver ecosystem. This also allows easy management and migration to other hMailserver instancesor adapt the scripts here for different purposes.


20200117

XS4ALL IPTV en pfSense, update

De beeldschermafdruk van IGMP Proxy instellingen was weggevallen in de originele post. Stel IPTV_BRIDGE in naar je eigen IPTV subnet.

Real Time Web Analytics