2014

JanFebMarApr
MayJunJulAug
SepOctNovDec

2013

JanFebMarApr
MayJunJulAug
SepOctNovDec

more...

2011

JanFebMarApr
MayJunJulAug
SepOctNovDec

2010

JanFebMarApr
MayJunJulAug
SepOctNovDec

2009

JanFebMarApr
MayJunJulAug
SepOctNovDec

2008

JanFebMarApr
MayJunJulAug
SepOctNovDec

2007

JanFebMarApr
MayJunJulAug
SepOctNovDec

2006

JanFebMarApr
MayJunJulAug
SepOctNovDec

2005

JanFebMarApr
MayJunJulAug
SepOctNovDec

2004

JanFebMarApr
MayJunJulAug
SepOctNovDec

2003

JanFebMarApr
MayJunJulAug
SepOctNovDec

Photolog

Through the Looking-Glass
2010-10-12: Through the Looking-Glass
My radio speaks is binary!
2010-10-10: My radio speaks is binary!
Gigaminx: (present for my birthday)
2010-09-16: Gigaminx: (present for my birthday)
Trini on bike
2010-09-05: Trini on bike
Valporquero
2010-08-28: Valporquero
My new bike!
2010-08-22: My new bike!
Mario and Ana's wedding
2010-08-13: Mario and Ana's wedding
Canyoning in Guara
2010-08-07: Canyoning in Guara
Trini and Mari in Marbella
2010-08-05: Trini and Mari in Marbella
Trini and Chelo in Tabarca
2010-08-03: Trini and Chelo in Tabarca
Valid XHTML 1.1
Log in

Since a few years ago, it is beginning to be very common to have hundreds of connection attempts to SSH port, trying common usernames and passwords.

This has several drawbacks: log files can be filled up, SSH service can be irresponsible and, what is worst, some of the attacks could be successful if one of your users has a weak password.

To prevent those attacks, you can use these simple iptables rules that forbid establishing more than 6 connections per minute from every IP:

iptables -N SSH_CHECK
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_CHECK
iptables -A SSH_CHECK -m recent --set --name SSH
iptables -A SSH_CHECK -m recent --update --seconds 60 --hitcount 6 --name SSH -j DROP
pop-before-smtp Nov 11, 2005

I have just finished a quick pop-before-smtp implementation in C... I needed it in a hurry, to make my brother able to send e-mails from his laptop (with Win*!) from everywhere without having to change the configuration, and without having an open relay :-)

It is basically a quick-and-dirty hack: it execs "tail -f /var/log/syslog" to see which lines from the logs come from the POP server I am using (teapop), it reads the IP address and stores it in a list, next to a timeout. When some IP in the list changes, it modifies the list of IP addresses that the SMTP server relays (in my case, I use qmail with tcpserver; therefore I exec "tcprules").

cespedes@gmail.com Jul 10, 2004
Labels: internet
Many weeks after its launch, I finally managed to make someone invite me to an account in gmail.

Marielle Fois was the one who sent the invitation to me. Thank you, Marielle :-)

New WWW page design Apr 7, 2004
Labels: internet blog
I spent most of the day redesigning and writting my new home page.

It is XHTML 1.1 Strict compliant and CSS compliant, and it is finally integrating my (several) other pages, such as my pictures page and my blog (yes, *this* blog ;-)), but it isn't quite finished yet.

www.orkut.com Feb 1, 2004
Labels: internet

A few hours ago, Amaya invited me to join a new "online community" called orkut. I did it, and I must say that it is very interesting. It has a lot of members and it is growing at a very impressive rate. If you still don't know what I am talking about, ask me or find someone else who is already an orkut member; there is currently no way to join the community without being invited from someone inside it.

If you are inside orkut, this is a link to my profile.