Press "Enter" to skip to content

Month: June 2022

Bug Report: [Known Issue] Memset: Inbound port 587 blocked on IPv6

In an effort to prove to myself that I am actually trying to do work this month, I’m making a note of all the bugs in 3rd party software I find.

Today is a bug reported to Memset Ltd (part of iomart Group plc) on the 20th June 2022 under their ticket id 871251564 which caused me to waste a day diagnosing the problem – as I was blaming my server configuration after changing a setting and then verifying it.

The conclusion was that today, 28th June 2022, the server hosting my blog was down for around an hour whilst it was migrated to a new datacenter. I then had to spend the rest of the day confirming settings, resetting the firewall (iomart’s firewall configuration suite is no where as good as Memset’s), checking settings, resetting the IPv6 address on all sites (turns out cPanel hasn’t got a nice way of doing this) and then updating all the SPF mail server records. What fun!

Bug Report: [Closed] cPanel WP Toolkit Does Not Work With Plugins With Slashes In Their Name

In an effort to prove to myself that I am actually trying to do work this month, I’m making a note of all the bugs in 3rd party software I find.

Today is a bug reported to cPanel Inc on the 4th June 2022 under their tracking request ID 94452913 affecting their WordPress Toolkit cPanel module which has a problem with slashes in plugin names.

Techy: Nixstats And Cloudflare – Allowing IPs

What is NixStats?

I’m currently trying the NixStats (affiliate link) monitoring tool for servers and websites – mainly because it’s cheap (starts at $0/month for 5 monitors and 1 server, $9.95/month for 10 servers and 25 web monitors) and partially because it’s owned by WebPros. Not heard of WebPros? Me neither until I went digging and found out that not only do they now own NixStats but also cPanel Inc and Plesk (both “rivals” in the web hosting control panel world) – along with a few others(!)

The Problem – Cloudflare’s security being triggered

Anyway – one of the sites I am monitoring using Nixstats is under the Cloudflare system – and because of the frequent monitoring, it may “trip up” Cloudflare’s security features so I needed to “allow list” (aka “white list”) the IP addresses used by NixStats. Luckily, they do provide a list at https://nixstats.com/whitelist.php and https://nixstats.com/whitelist.php?v6 (I’ve got no idea how often these are updated though) – but you can’t simply import these into Cloudflare due to two issues:

  1. One of the IP addresses (in the first list) has a trailing tab character which Cloudflare just rejects as being an invalid IP address. Took me a while to find that!
  2. The IPv6 addresses are not in a format that Cloudflare accepts – they only accept CIDR’d IPv6 address on a /64 or smaller (and if you are not that techy, you are forgiven for not understanding that!).

The solution

So I’ve put together a downloadable CSV file listing all those IP addresses in the “correct format” for you to easily import into Cloudflare’s lists (Cloudflare don’t have an export option 🙁 ).

You can download the file from here but I give no guarantee of accuracy etc etc.

But where in Cloudflare do I use the file?

It’s a two stage operation – first you’ve got to create the list and then you’ve got to setup the firewall rules.

Creating the IP Address List in Cloudflare

  1. Log into your Cloudflare account and get onto the main account screen (i.e. where it lists your individual sites)
  2. On the left hand menu near the bottom, there is an option labelled “Manage Account” – expand that.
  3. Under “Manage Account”, select “Configurations”
  4. On the “Configurations” screen, select “Lists”
  5. Select “Create new list” (free Cloudflare accounts can only create a single list by the way)
  6. Create the list with a name such as “nixstats” and a “Content type” of “IP Addresses”
  7. Edit the list and select “Add items”
  8. Select “Upload CSV” and upload the CSV of IP addresses ,
  9. Click “Add to list” and it should load them into the list.

Setting Cloudflare to use the list

  1. Log into Cloudflare (or, if you are already logged in, click the Cloudflare logo in the top left to return to home)
  2. Select the account of the domain name you are monitoring
  3. In the left hand menu, expand “Security”
  4. Under “Security”, select “WAF” (Web Application Firewall)
  5. Under “Firewall rules” (free accounts get 5 active firewall rules), select “Create firewall rule”
  6. Set a “Rule name” of something like “nixstats”
  7. Under the “When incoming requests match…” heading use the following settings
    • Field: “IP Source Address”
    • Operator: “is in list”
    • Value: “nixstats” (i.e. the list you created above)
  8. Under “Then…” select “Allow”
  9. Click “Deploy firewall rule” and it should take affect.

You’ll need to do this for each account you are monitoring using nixstats.

Getting Mailvelope working on Brave Browser

For the last few years, I’ve been using Brave as my primary web browser due to its advert and tracking blocking abilities – extremely useful on YouTube! It’s based on Chromium (like Google Chrome and Microsoft Edge), but more privacy/anti-ad orientated.

I’ve also been wanting to GPG/PGP sign some emails using my web based email clients so I’ve installed the Mailvelope plugin from the Google Chrome store and in conjunction with GPG4Win it means I should have access to all the PGP and GPG keys stored on my Windows 10 machine… Except it doesn’t work – it fails to list any installed keys… Why?

Well, it all comes down to a Chrome based protocol called NativeMessaging which requires software (such as GPG4Win) to registered their “acknowledgement” of browser plugins such as Mailvelope by adding (in the case of Windows) various registry settings for the browser to read and interlink.

In the case of Brave, it appears the others of GPG4Win aren’t (currently) aware of it and so don’t set the various registry settings for it to work correctly – and Brave, unlike Microsoft Edge, has no “fall back” facilities to check other browsers for their Native messaging setup. I have reported this to both the Brave Community and to GnuPG (the maintainers of GPG4Win) on their bug tracker – including suggested fixes for both organisations, but it may be some time before this is fixed. So what can you do in the meantime?

Easiest way:

If trust running random commands on your computer, run the following two commands in an escalated permissions (“Run as Administrator”) Windows Command Prompt to copy the existing settings from Chrome over:

REG COPY "HKCU\Software\Google\Chrome\NativeMessagingHosts\gpgmejson" "HKCU\Software\BraveSoftware\Brave-Browser\NativeMessagingHosts\gpgmejson" /s
REG COPY "HKLM\Software\Google\Chrome\NativeMessagingHosts\gpgmejson" "HKLM\Software\BraveSoftware\Brave-Browser\NativeMessagingHosts\gpgmejson" /s

Restart Brave and all should be working.

Manual way

Add/Set the following registry key:

Path: HKEY_CURRENT_USER\Software\BraveSoftware\Brave-Browser\NativeMessagingHosts\gpgmejson
Type: Reg_SZ
Data: C:\Program Files (x86)\Gpg4win\bin\gpgme-chrome.json

(updating the “Data” path to where you’ve installed Gpg4Win as appropriate)

Restart Brave and all should be working.