nmap scanning for ip camera in the network

Here’s an nmap snippet for scanning for hidden cctv / ip camera in the network

nmap -sV --script=http-enum,http-title,rtsp-url-brute -p 80,443,554,8000 <ip range>

Or you can write as :

sudo nmap -sV --script=http-enum,http-title,rtsp-url-brute -p 80,443,554,8000 192.168.0.0/24

Make sure you have permission to scan on the network!

Configuration to run OJS 3 smoothly behind nginx reverse proxy

A lot of people struggling in configuring PKP Open Journal System 3 (OJS3) to run behind nginx reverse proxy as OJS3 does not support nginx natively

So most implementation would settle with Apache HTTPD server or install it behind nginx reverse proxy.

However the problem is that the OJS3 behave badly when placed behind nginx reverse proxy, especially when the reverse proxy is using HTTPS / TLS. This messed up the based URL in the OJS3, subsequently causing some resources from the website to be unavailable.

To solve this, you only need to add a single line in the Apache HTTPD site configuration file.

        SetEnvIf X-Forwarded-Proto "https" HTTPS=on

A full blown example is included via gist

# Mohammad Hafiz bin Ismail <mypapit@gmail.com>
# blog.mypapit.net
# this is for Ubuntu/Debian Apache server config
#/etc/apache2/sites-available/your-ojs.conf
<VirtualHost *:9080>
ServerAdmin ojs@example.com
ServerName ojs-site.example.com
ServerAlias ojs-site.com
DocumentRoot /mnt/websites/ojs/public_html
#add this line -- this is essential!!
SetEnvIf X-Forwarded-Proto "https" HTTPS=on
<Directory /mnt/websites/ojs/public_html/>
Options FollowSymlinks
AllowOverride All
Require all granted
Allow from all
</Directory>
</VirtualHost>

Solving DKIM verification FAILED with Bad Format in Gmail email messages

DKIM (Domain keys identified Mail) is a scheme for which allows a receiver to verify that the email originated (or authorized) by the domain’s owner via a digital signature.

Having DKIM signature adds credibility to the email messages sent from the origin host/domain, which is crucial for automated emailing system to avoid the messages from being suspected as SPAM email or spoofed email.

I managed to set up DKIM for an academic journal website which I’ve managed. The journal’s runs on Open Journal System web application, the addition of DKIM is crucial to avoid GMail or Microsoft Live from labeling the automated emails sent from the academic journal from being labeled as spam.

At first I found that the DKIM scheme that I’ve setup was running fine and the email messages was verified correctly from my Organizational email domain. However, I’ve noticed a problem when the automated email sent from OJS is not properly verified by Gmail-addressed account (@gmail.com). Upon inspection in the email header, I’ve noticed that the GMail marked the DKIM signature sent from my domain as “bad format”. Example below:

DKIM:	'FAIL' with domain jcrinn.com

dkim=neutral (bad format) header.i=@example.com header.s=mail header.b=AbCdE5g;

After hours of searching and debugging, including referring to the DKIM NS TXT record for reference, I finally found out that Gmail treat the “g=*” optional parameter as required, and thus I’ve to append “;g=*” to the DKIM TXT record on my domains’ DNS record.

So it become similar like this:

TXT default._domainkey  v=DKIM1; p=yourPublicKeywHiCHi5+abit+1OnG; g=*

After altering the records, it seems GMAIL finally able to verify the automated emails sent from my OJS-based web application

The “signed-by” is visible when DKIM is successfully validated by GMail

Hopefully this will work out fine for you too!

P/S: DigitalOcean has an excellent tutorial on DKIM installation and setup in GNU/Linux operating system.

How to convert character encoding in text files

Here is how to convert text files from one character encoding to another in GNU/Linux:

#eg1
iconv -f ASCII -t UTF-8//IGNORE file.txt -o output.txt

#eg 2
iconv -f ISO-8859-1 -t UTF-8//TRANSLIT file.txt output.txt

The -f parameter denotes “from” and -t parameter denotes “to” character set.
//IGNORE means the “iconv” will ignore any characters that are not available in the target character set.

While “//TRANSLIT” means the converter will attempt to substitute characters that are not available in the target character set to the closest characters available, failing that, “???” will be replaced in its place.

Most GNU/Linux distribution have iconv preinstalled, if not, please consult your distribution documentation.