Author: Richard Applegate

  • I found a cool way to connect MiFi Hotspot to our Router with the Tablet.

    Sorry about Dusty from the Government Cabinet Network. We can’t use them for our business, so we have to use a hotspot solution. Now that I have a tablet, I connect it to a Type C hub using Ethernet. Then, my tablet connects to the WAN port on the router. Then I went to tablet settings and turned on tethering. Now our Router will get Internet via tablet. The hotspot MiFi only sees one device because my router is doing the job for us. So cool project to figure out. I couldn’t use the Wi-Fi extender, it won’t work… If the tablet goes off and is not used for a while, it will turn off the tether. I found another solution, I went to Developer Mode in Tablet Settings and turned on Stay awake when power charge then brightness dark all the way to save battery life spans.

  • Went to Sunnyside Beach for my mom’s anniversary <3

    Thank you for inviting us to participate with you. It was a beautiful day and a wonderful time, which we all enjoyed every year.

    Love you, mom

    I am grateful that Navi is there for my mom, no matter what. Teaching my mom how to operate a scooter is truly incredible. Despite being 5 years thick and thin, you’ve been with my mom.

    First time see my mom on a scooter, so cool
    beautiful beach and water is not that cold but it chilling and feel good.
    This flat of beach is so beautiful.
    Richard and Jasmine <3
    mom drain corn and putting on bean chips, BTW she making bomb and it yum.
    My mom put Bean chesse and corn and etc… and it still yummmy
  • Windows update cause this blue screen of death but got solution,

    https://www.cbsnews.com/news/microsoft-crowdstrike-outage-blue-screen-of-death-how-to-fix/

    I’m learning that if they enable auto-update, then some bugs happen. And then the best solution is to go back to safe mode and remove one driver. But I feel bad about all these TV apps that can’t remote control due to being blue screen death. And so few IT members in each business to do all TV. Unfortunately, my stores do have Windows 11 and 10, but they’re not enabled for autoupdate. I prefer to update my computer monthly in person. As of today, July 19th, 2024, all my stores are still working with Windows 10, 11. And they’re working pretty well. With last month’s update , i left it alone until Windows released the next update that fixed, but it fixed today. whew.That scary moment when you suddenly get a blue death screen all over your store at once during the middle of the night when you’re sleeping, and that nightmare comes true.

    Wa-DTT-Drink is maintenance repairing
  • Nextcloud: Google Drive Alternative, You May want to use Nextcloud.

    All my Google Drive accounts are migrated to my Nextcloud. I had built my Nextcloud on my server and finished it. I love that Nextcloud allows me to put private data where I can store to my Server instead of Google, OneDrive, or Apple Cloud Server data. We had to pay them to hold our data. I had the office installed on Nextcloud, and now we can do word, PowerPoint, spreadsheet, and draw. And also have Nextcloud Talk on Nextcloud, which is benefits to have all in one app.

    If you want to build your own server, you can! 🙂 Here link.

    https://nextcloud.com/install/#instructions-server

    I use Cloudron, which already has a package app pre-made, and it’s much more stable and fully supported by the community and cloudron team.

    https://www.cloudron.io/store/com.nextcloud.cloudronapp.html

    Photo preview:

    google drive miragrated to my cloud now everything is here and I am no longer paying google.

    App list for my cloud
    My photos (Memories)
    nextcloud Talk
    App Marketplace in Nextcloud

  • As instructed, I have swapped the network from the shelf to the cabinet in the Garyland cottage house.

    The reason we came and swapped the shelf network to the cabinet network was to ensure that our network is secured within the cabinet network and to reduce the number of visible power plugs.

    Before

    After

  • I did install two stores to have firewall, and now we get more proper firewall for our server.

    I installed a mini BOSGAME computer that was enough for speed internet and the performance was excellent with a multiserver firewall. Furthermore, I have also installed WireGuard VPN on the firewall to enable remote access to my server from a single IP address. I won’t get attacked or hacked from ssh.

    Firewall to protect our server to avoid any hacking, malware, ransomware and more… Our firewall had Phishing Blocker and spam blocker for our Email server. Very benefits for our business.

    I also like bandwidth control for our server to improve performance.

    Testing Speed Test with WireGuard with mini PC.

    With WireGuard VPN

    without VPN

    I am happy with the speed because I had Server at location was 600mbps download and 200 uploads from Comcast business. So My firewall can handle VPN and firewall and many features. Now our Server and Web hosting is safe again. My home is 300 and 35 from Xfinity, So My Upload is perfect.

    Firewall Hardware Specific

    This pretty good to handle our server. 🙂

    Brand‎BOSGAME
    Series‎MINI PC
    Item model number‎E1
    Operating System‎Windows 11 Pro
    Item Weight‎1.83 pounds
    Product Dimensions‎4.96 x 4.41 x 1.61 inches
    Item Dimensions LxWxH‎4.96 x 4.41 x 1.61 inches
    Color‎Black
    Processor Brand‎Intel
    Number of Processors‎4
    Computer Memory Type‎DDR4 SDRAM
    Flash Memory Size‎16 GB
    Hard Drive Interface‎PCIE x 2
    https://www.amazon.com/BOSGAME-E1-Windows-Computer-Supports/dp/B0CSK4C2ZR
    Standing screen display size‎75
    Screen Resolution‎3840 x 2160
    Max Screen Resolution‎3840 x 2160 pixels
    Processor‎3.4 GHz Celeron
    RAM‎16 DDR4
    Hard Drive‎512 GB SSD
    Graphics Coprocessor‎Intel UHD Graphics
    Chipset Brand‎Intel
    Card Description‎Integrated
    Graphics Card Ram Size‎16 GB
    Number of USB 3.0 Ports‎4
    https://www.amazon.com/BOSGAME-E1-Windows-Computer-Supports/dp/B0CSK4C2ZR

    https://www.amazon.com/BOSGAME-E1-Windows-Computer-Supports/dp/B0CSK4C2ZR

    I also Did PC to Smaller PC because it can fit in Cabinet network to secure.

  • TpLink Omada: Services→ DNS proxy with Cloudron AdGuard Home. We like using DoH on our router.

    I finally got this to work with cloudron AdGuard Home because it won’t work just use DNS port or encryption until you add IP or Client ID in allowed Clients, so I am using Client ID. This will show you how to set up DOH AdGuard Home with TpLink Omada DNS Proxy.

    This explains to us what Client IDs are, and I found DNS over HTTPS is useful for our networks, since I had a wildcard certification.

    Open AdGuard home and log into your admin account. Navigate to the DNS settings and find allow clients. I put laketapp that I would use for our stores nickname. Then make sure you save it.

    Then go to TpLink Omada Controller Webgui and Login your admin, then select the location you want to set DNS over HTTPS with cloudron AdGuard Home.

    After you select Location, go to Services on the left side.

    Then go to DNS Proxy then go enable DNS proxy then DoH then add your AdGuard Server, mine is https://laketapp.dns195.richardapplegate.io.

    Now go check AdGuard Home, see if there are any queries,

    yep, it’s working, Now My Router is communicating with my DNS Server secured.

  • I did build an Arista Firewall for Sunrise Village to protect against DDoS.

    I built another mini computer for Sunrise Village and added another network card to my mini computer for internal and external network. Not only that, but I also set Internal to “bridge” and set my Modem wire to firewall “external” and then firewall “internal” to a 1 gigabit switch. So I can put more Server in one 1gig switch. We had static IP, and we’re using these on our server, so My Firewall will not protect my server until I create rules and firewall and Threat Prevention and virus Blocker.

    We can upgrade to 2.5Gig or 10gig speed on our server and firewall, but our plans are 600mbps and 200mbps uploads, so it is enough for all my server to hosting on switch.

    Not only that, but we have Three locations that require a firewall. I set up a firewall at Sunrise Village a few days ago, and it is working well. We need to protect where our server is that runs all of our store network and slack alternative and cloud storage.

    User 1: Omada TpLink Router Hosting
    User 2: Web and Email Hosting
    User 3: all apps in one server solution.

    A firewall serves as a safeguard against distributed denial-of-service attacks on the Internet.
    The firewall on our modem is weak, and we’re still getting DDoS attacks. We need a better firewall, so we can’t worry about our server and network systems.

  • Using Fail2Ban for SSH Brute-force Protection on your server.

    Fail2Ban is a Python program that helps safeguard Linux systems and servers from brute-force attacks. This program can be configured to provide SSH protection for your server. With it, you can be sure that your server is secure from attacks that employ brute force. It also enables you to see how strong the attacks are in terms of how many authentication attempts are being made.

    Brute-force attacks can be powerful and may result in thousands of failed authentication attempts each day. Understanding how to safeguard your server against these attacks and how to block IP addresses is essential.

    Fail2Ban makes it easier to block brute-force attacks by restricting the number of failed authentication attempts a user can make before being blocked.

    This is extremely useful for servers that have user accounts that utilize passwords for remote authentication, rather than SSH key-pair authentication.

    First, update and upgrade your server to Ubuntu.

    sudo apt update && sudo apt upgrade

    Installing and Configure Fail2ban

    Fail2Ban is completely free and works with most of the most popular software package managers.

    1. Please install Fail2Ban by running the following command:
    sudo apt-get install fail2ban

    2. Please use the following command to ensure that Fail2ban runs at system startup:

      sudo systemctl enable fail2ban.service

      3. After you have installed Fail2Ban, you can start setting up Fail2Ban to create a jail for your SSH server. The configuration files for Fail2Ban are in the directory /etc/fail2ban.

      Fail2Ban uses the default configuration in the jail.conf file, but it’s not recommended to use the default configuration files. This is because the default configuration files can be overwritten by new updates to the Fail2Ban package. The preferred approach to creating configurations for a particular service is by creating a new configuration file in the /etc/fail2ban directory with the .local extension. For example :

      path is /etc/fail2ban/jail.local

      Creating SSH Jails With Fail2Ban

      1. Begin by creating a new file within the same directory called jail.local. You can then add the necessary security configurations for the sshd jail.
      sudo nano /etc/fail2ban/jail.local

      2. You can explore the options that Fail2Ban provides to customize the security and blocking of the SSH service. Fail2Ban Configuration Options:

      ConfigurationsFunction
      enabledJail status (true/false) — This enables or disables the jail
      portPort specification
      filterService specific filter (Log filter)
      logpathWhat logs to use
      maxretryNumber of attempts to make before a ban
      findtimeAmount of time between failed login attempts
      bantimeNumber of seconds an IP is banned for
      ignoreipIP to be allowed

      3. With the information in the table above, you can create the jail.local configuration for OpenSSH server (sshd). The values used in this guide example are listed in the sample file after you have entered the configuration options and I created file: /etc/fail2ban/jail.local and configured it for SSH ban if wrong Password 3 times.

      [sshd]
      enabled = true
      port = ssh
      filter = sshd
      logpath = /var/log/auth.log
      maxretry = 3
      findtime = 300
      bantime = 3600
      ignoreip = 127.0.0.1

      4. After you have specified the configuration options and their respective values, save the file and restart the Fail2Ban service with the following command:

      sudo systemctl restart fail2ban.service

      5. After you restart the OpenSSH server service, Fail2Ban uses this new configuration, and the jail for the sshd service is activated and runs.

      How to Unban IP here instructions

    1. I did upgrade Network Cabinet at Sunrise Village.

      I did upgrade Network Cabinet at Sunrise Village.

      The amount of wiring and stacking up each other wasn’t a good idea for the long term. So I asked my boss to upgrade and make it secure and long-term because the cabinet network will help reduce dust and overheat. A cabinet network exhaust fan pulls all the hot air out of the cabinet network. It will also assist in cooling the system. 3 more stores to go to finish up the network cabinet.

      Before
      I intend to rewire and cable everything next month to ensure proper cable management.
      After.