Instal Ulang Windows XP Tanpa Aktivasi

Menyiasati pengguna Windows XP untuk melakukan aktivasi Windows ke situs Microsoft dalam waktu 30 hari


Perbedaan mencolok yang paling dirasakan pengguna yang baru bermigrasi ke Windows XP adalah ditambahkannya Windows Product Activation atau WPA. Program ini akan memaksa penggunanya untuk melakukan aktivasi Windows ke situs Microsoft dalam waktu 30 hari.

Jika dalam waktu yang telah ditentukan Anda sebagai pengguna belum juga melakukan aktivasi, Windows Anda akan terkunci dan baru dapat digunakan kembali setelah Anda mengaktifkannya.

Aturan yang sama juga mulai diterapkan pada berbagai software baru yang beredar belakangan ini. Kita ambil contoh produk anti virus dari Symantec, Norton AntiVirus 2004. Peranti lunak ini juga telah menerapkan aktivasi sebelum Anda bisa menggunakannya secara penuh. Pilihan aktivasi yang umum diberikan adalah melalui Internet atau melalui telepon.

Melihat tren aktivasi ini, mungkin Anda bertanya-tanya, untuk apa sebenarnya aktivasi software? Ide dibelakang pembuatan aktivasi ini adalah untuk mengurangi pembajakan software. Dengan adanya aktivasi, pengembang software dapat memastikan bahwa produk yang digunakan user sesuai dengan lisensi yang dibelinya. Misalkan seorang pengguna memiliki lisensi Windows XP untuk satu user, pengguna tersebut kemudian mengaktifkan Windows-nya. Jika ia memiliki komputer lain dan ingin menginstal Windows yang sama tanpa membeli lisensi tambahan, maka Windows pada komputer yang kedua tidak akan bisa digunakan lebih dari 30 hari. Penyebabnya, Windows tidak dapat diaktivasi karena masalah lisensi.

Meskipun penerapan Product Activation ini dijadikan solusi bagi para pengembang program, namun cara ini bisa menjadi batu sandungan bagi pemilik lisensi resmi. Mengapa? Karena, jika pemilik komputer tersebut melakukan instal ulang sistem operasi setelah melakukan aktivasi, ia tidak dapat lagi mengaktifkan Windows untuk keduakalinya. Tapi, jangan marah dan kecewa dulu dengan masalah tersebut. PCplus punya solusinya! Ikuti langkah berikut sebelum Anda menginstal ulang Windows.


1. Klik [Start]>[All Programs]>[Accessories]>[Windows Explorer].
2. Buatlah sebuah folder baru, misalnya dengan nama backup pada drive D.
3. Masuklah ke folder C:WINDOWSsystem32. Jika Anda menginstal Windows pada drive lain, Anda dapat menyesuaikannya dengan drive yang Anda gunakan.
4. Pada bagian kanan window akan muncul sebuah informasi yang menyatakan bahwa file yang ada pada folder tersebut pada kondisi hidden. Klik hyperlink [Show the contents of this folder] untuk menampilkan isi dari folder system32.
5. Setelah folder system32 terbuka, carilah file bernama wpa.dbl.
6. Copy file wpa.dbl tersebut ke folder yang sebelumnya telah Anda buat (D:ackup),




Jika Anda telah melakukan langkah-langkah di atas, sekaranglah saatnya Anda menginstal ulang Windows XP. Anda dapat memformat harddisk dan melakukan “Fresh Install” dengan aman. Setelah Windows baru terinstal di komputer Anda:


1. Restart komputer dan tekan tombol [F8] pada keyboard sesaat sebelum komputer masuk ke sistem operasi Windows.
2. Pilih [Safe Mode] untuk masuk ke mode “aman”.
3. Pada Safe mode, jalankan kembali Windows Explorer.
4. Masuklah ke folder di mana Anda menyimpan file backup wpa.dbl, kemudian copy-kan kembali file tersebut ke folder C:WINDOWSsystem32.
5. Ketika file wpa.dbl Anda paste, akan muncul informasi bahwa file tersebut telah tersedia pada folder system32. Klik [Yes] untuk melakukan overwrite.
6. Langkah terakhir, restart Windows dan lihat, Windows XP tidak lagi meminta aktivasi!

Read More..

DRIVER ACER 4920

Kesulitan Mencari Driver Laptop Acer 4920 Untuk Windows XP ?

Coba Link di bawah ini :



Notebook Driver
Acer

Read More..

MiniPE Versi Flashdisk

Bagi yang suka ngoprek Komputer, pasti ga asing sama Yang satu ini ” MINIPE LIVE CD “.

MINIPE memang Tool yang sangat powerfull. Bahkan buat para Newbe, Live CD ini sangat amat membantu. karena GUI - nya yang sangat mirip dengan Windows XP.

Tapi udah pada tau belum sih, kalau MINIPE Live CD bisa diganti jadi MINIPE LIVE Flashdisk ?

Maksudnya Booting MiniPe pake USB yang telah di instal MINIPE.

Apa sih kelebihannya menggunakan Flashdisk dibandingkan CD.

* Booting dengan Flashdisk lebih cepat dibandingkan dengan CD.
* Mudah di update, karena flashdisk merupakan media penyimpanan yang bisa ditulis ulang, bandingkan dengan CD.

OK, deh tanpa panjang lebar, langsung aja siapin senjata - senjata yang diperlukan :

1. FlashBoot
2. Ultra ISO
3. CD WinPE
4. Flashdisk (requirement 1 G)

Flashboot yang dipakai adalah versi 1.3xxx, karena miniPE pake engine XP SP1. Maka Kalau pakai versi 1.4. akan keluar pesan error bhw ISO-nya bukan XP-SP2.

Buat Image Iso dari dari CD MINIPE (dengan Ultra Iso). Kalau males bikin Iso, bisa saja, pencarian Boot source langsung dari CD. tapi dengan membuat Iso akan mempercepat proses dan tingkat kegagalan dalam membuat bootable flashdisk semakin kecil.

Instal flashboot.

>> Jalankan FlashBoot & dan pilih opsi pertama ” Convert BartPE bootable disk to bootable flashdisk “


>> Pilih lokasi sumbernya dari file ISO atau CD-ROM.



>> Pilih abjad drive USB-HDD



>> Terakhir, pilih format type “Partition disk (USB-HDD boot mode)”

>> Tunggu sampai Proses selesai.

Setelah proses selesai (Done), klik close untuk mengakhiri.

Restart PC, pilih First Boot Sequence ke USB-HDD.

Read More..

Instal Windows XP ke Laptop SATA

Diawali dengan Laptop bermerek Acer. Banyak orang komplin, karena laptop tersebut tidak bisa di instal Windows XP. HDD not detect. Sekarang para pemakai Laptop Toshiba pun mulai banyak yang menjadi korban vista.

Untuk menginstal Windows XP pada Laptop yang menggunakan SATA AHCI, ada beberapa cara / solusi yang dapat saya berikan :

SOLUSI PERTAMA :

Gunakan Floppy eksternal untuk instal driver SATA. Namun mahalnya Floppy eksternal dan sangat amat jarang digunakan menjadikan solusi ini masih membuat orang berfikir berulang kali untuk menggunakannya.

SOLUSI KEDUA :

Instal Driver SATA langsung ke CD Windows XP, sehingga tidak perlu menggunakan Floppy eksternal lagi karena Driver SATA telah kita tambahkan ke CD Installation XP.

Kita dapat menambahkan Driver For SATA ke CD Windows XP dengan menggunakan program N-Lite.

Namun cara ini relatif sulit, terutama bagi user Newbe. Tidak semua orang bisa menggunakannya walaupun user tersebut telah terbiasa menginstal windows sendiri.

Saya tidak akan menerangkan cara menambahkan driver SATA ke CD XP, karena sudah banyak situs / blog yang menerangkan cara membuatnya. (sebenarnya ini cuma alasan doang, karena sampai sekarang saya sendiri belum berhasil memodifikasi CD XP menggunakan N-Lite . . . He he he . . . Jaim dikit boleh dong !)

SOLUSI KETIGA :

Cara ketiga ini adalah cara yang paling mudah dilakukan. Yaitu dengan mengubah option bios pada menu HDD mode. Ubah option-nya menjadi : ” SATA AHCI mode to IDE mode “

Syaratnya cuma satu … Bios pada laptop harus memiliki future menu tersebut. Untuk Laptop Acer sekarang sudah menggunakan future untuk merubah SATA AHCI mode to IDE mode.

Setelah melakukan perubahan pada bios silahkan langsung instalkan Windows Xp.

SOLUSI KEEMPAT :

Bila ketiga solusi di atas tidak bisa anda lakukan juga, maka silahkan download langsung saja Image Windows-XP-Dark-Edition-V.6-Power-Pack dari internet.

Read More..

Boot Dos 98 Dengan Flashdisk (Simple Methode)

Booting dari cdrom, itu sudah biasa. Tapi kalau booting dengan menggunakan usb Flashdisk, baru istimewa.

syaratnya :

1. kamu harus punya flashdisk. (ya iya laaahhh …. minjem juga boleh kok, ga harus punya sendiri)

2. mainboard kamu harus support booting via Flashdisk

3. download tool ini

4. Ekstrak file zip ini kedalam satu folder



Flashdisk yang kamu gunakan ga harus berkapasitas besar, 64 M pun bisa kok, karena file yang digunakan sama dengan file disket boot win 98, kecilkan ? Ga sampe 1 M …

Setelah kamu download Hp Usb format Tool, instal di komputer kamu.

Setelah terinstal, jalankan.

Jangan lupa sebelumnya, ekstrak terlebih dahulu file zip yang berisi boot file 98 kedalam satu folder (terserah kamu mau diletakan dimana, asal jangan di dalam flashdisk … ! )

Kemudian setelah tool dijalankan, akan keluar jendela seperti gb2 di atas.

Pilih / centang : Create a DOS startup disk

kemudian pilih kembali using DOS system files located at:

browse ke folder tempat anda meng-ekstrak file boot 98 tadi.

Klik start.

Selesai.

Sekarang tinggal atur boot priority mainboard kamu.

Read More..

Tips N Trik Windows XP

Press Win+L to switch to the Welcome screen.

—–

Press Win+L to lock your workstation.

—–

You can switch users without going through the Welcome screen: From Task Manager, go to the Users tab, right-click a user, and select Connect.

—–

Hold down the shift key in the shutdown dialog to change “Stand By” to “Hibernate”. Or just press H to hibernate instantly. You can even use the Power Control Panel to configure your power button to hibernate.

—–

To disable the password when resuming from standby or hibernation, open the Power Control Panel and uncheck “Prompt for password after returning from standby” on the Advanced tab.

—–

You can rename multiple files all at once: Select a group of files, right-click the first file, and select “Rename”. Type in a name for the first file, and the rest will follow.

—–

Hold down the shift key when switching to thumbnail view to hide the file names. Do it again to bring them back.

—–

When dragging a file in Explorer, you can control the operation that will be performed when you release the mouse button:



Hold the Control key to force a Copy.



Hold the Shift key to force a Move.



Hold the Alt key to force a Create Shortcut.

—–

If you create a file called Folder.jpg, that image will be used as the thumbnail for the folder. What’s more, that image will also be used as the album art in Windows Media Player for all media files in that folder.

—–

From the View Menu, select “Choose Details” to select which file properties should be shown in the Explorer window. To sort by a file property, check its name in the “Choose Details” in order to make that property available in the “Arrange Icons by” menu.



—–

To display the volume control icon in the taskbar, go to the Sounds and Audio Devices Control Panel and select “Place volume icon in the taskbar”.

—–

Hold down the shift key when deleting a file to delete it immediately instead of placing it in the Recycle Bin. Files deleted in this way cannot be restored.

—–

If you hold down the shift key while clicking “No” in a Confirm File Operation dialog, the response will be interpreted as “No to All”.

—–

To save a document with an extension other than the one a program wants to use, enclose the entire name in quotation marks. For example, if you run Notepad and save a file under the name



Dr.Z



it will actually be saved under the name Dr.Z.txt. But if you type



“Dr.Z”



then the document will be saved under the name Dr.Z. Note that a document so-named cannot be opened via double-clicking since the extension is no longer “.txt”.

—–

Put a shortcut to your favorite editor in your Send To folder and it will appear in your “Send To” menu. You can then right-click any file and send it to your editor.

—–

Ctrl+Shift+Escape will launch Task Manager.

—–

To arrange two windows side-by-side, switch to the first window, then hold the Control key while right-clicking the taskbar button of the second window. Select “Tile Vertically”.

—–

To close several windows at once, hold down the Control key while clicking on the taskbar buttons of each window. Once you have selected all the windows you want to close, right-click the last button you selected and pick “Close Group”.

—–

You can turn a folder into a desktop toolbar by dragging the icon of the desired folder to the edge of the screen. You can then turn it into a floating toolbar by dragging it from the edge of the screen into the middle of the screen. (It helps if you minimize all application windows first.)

—–

You can turn a folder into a taskbar toolbar.



First, unlock your taskbar.



Next, drag the icon of the desired folder to the space between the taskbar buttons and the clock. (Wait for the no-entry cursor to change to an arrow. It’s a very tiny space; you will have to hunt for it.)



You can rearrange and resize the taskbar toolbar you just created.



You can even turn the taskbar toolbar into a menu by resizing it until only its name is visible.

—–

In the Address Bar, type “microsoft” and hit Ctrl+Enter. Internet Explorer automatically inserts the “http://www.” and “.com” for you.

—–

To remove an AutoComplete entry from a Web form, highlight the item in the AutoComplete dropdown and press the Delete key.



To remove all Web form AutoComplete entries, go to the Internet Explorer Tools menu, select Internet Options, Content, AutoComplete, then press the “Clear Forms” button.

—–

To organize your Favorites in Explorer instead of using the Organize Favorites dialog, hold the shift key while selecting “Organize Favorites” from the Favorites menu of an Explorer window.

—–

You can organize your Favorites by dragging the items around your Favorites menu.



Alternatively, you can open the Favorites pane and hold the Alt key while pressing the up and down arrows to change the order of your Favorites.

—–

To run Internet Explorer fullscreen, press F11. Do it again to return to normal mode.

—–

If your “Printers and Faxes” folder is empty, you can hide the “Printers and Faxes” icon when viewed from other computers by stopping the Print Spooler service.

—–

To add or remove columns from Details mode, select Choose Details from the View menu, or just right-click the column header bar.

—–

In Internet Explorer, hold the Shift key while turning the mouse wheel to go forwards or backwards.

—–

In Internet Explorer, hold the Shift key while clicking on a link to open the Web page in a new window.

—–

In Internet Explorer, type Ctrl+D to add the current page to your Favorites.



This and many more keyboard shortcuts can be found by going to Internet Explorer, clicking the Help menu, then selecting Contents and Index. From the table of contents, open Accessibility and click “Using Internet Explorer keyboard shortcuts”.

—–

In some applications (such as Internet Explorer), holding the Control key while turning the mouse wheel will change the font size.

—–

To shut down via Remote Desktop, click the Start button, then type Alt+F4.

—–

Read More..

Windows XP : Rename with DateStamp

Sering Download Sesuatu ?? misal lagu,software atau Film B*** (baca:Baru, bukan Biru). Kalau ngenet dirumah enaknya bisa langsung ditaruh di Folder yang Sesuai, misal donlot MP3 bisa langung diunduh ke “E:\Music\”..Gimana kalau ngenet di warnet (kayak gw), kita harus mendonlot ke flasdisk dulu, truz baru di copy ke kompi masing2..Kalau yg didonlot banyak + gsempet copy 1/1, biasanya gw copy semua file di flashdisk ke folder “E:\Warnet\..” tapi lama kelamaan Foldernya jadi bertumpuk dan namanya gak karuan..Mulai Dari situ muncul ide untuk Membuat program kecil2an untuk merapikan Folder.

Idenya adalah membuat Program (Batch Script) + sedikit bermain dgn Registry ShellExtension untuk merapikan/menyusun folder agar tidak berantakan..Trik yang digunakan adalah me-rename folder dgn tambahan (stempel) tanggal hari itu. Trik ini juga bisa dipakai untuk merapikan dokumen penting anda..misal : Arsip [15-Oct-07], jadi untuk mencari lagi dokumen anda tidak akan begitu sulit..


Supaya gak bingung yuk kita langsung buat programnya :

HERE is THE CODE
(tested on Windows XP sp2)

:————————– start script ————————–:
@echo off
mode 40,5
TITLE Rename Folder w/ DateStamp
setlocal ENABLEDELAYEDEXPANSION
set “FOLDER=%~1″
if [!FOLDER!]==[] goto :END
:BEGIN
set /p name=# Rename Folder To :
if not defined name goto :BEGIN
set DateStamp=!Date:/=-!
set DateStamp=!DateStamp: =-!
Ren “!FOLDER!” “!name! [!DateStamp!]”
if errorlevel 1 (
msg %username% /TIME:2 “Failed to Rename ‘!FOLDER!’”
exit
) else (
msg %username% /TIME:2 “‘!FOLDER!’ was Succesfully Renamed”
)
:END
:————————- end of script ————————-:

Ketik / copy-paste script diatas di Notepad..
Save dgn nama : “DateStamp.bat” (tanpa tanda petik).
atau bisa donlot programnya Di sini

NB : Jgn lupa untuk menaruh file bat tersebut ke dalam direktori windows (C:\Windows)

Sekarang Buka Regedit :
Pindah ke HKEY_CLASSES_ROOT\Folder\shell
Buat subkey baru dgn nama : RWDS
Pindah lagi ke HKEY_CLASSES_ROOT\Folder\shell\RWDS
Ganti isi string “(Defaut)”nya menjadi : Rename w/ DateStamp

Buat lagi subkey baru dgn nama : command
Pada Key HKEY_CLASSES_ROOT\Folder\shell\RWDS\command
Ganti isi string “(Defaut)”nya menjadi : DateStamp.bat “%1″

# Penggunaan

[1]. Klik Kanan
Langkah pertama adalah meng-klikkanan folder yg akan direname.
Kemudian pilih menu “Rename w/ DateStamp”.

[2]. Ketik nama baru untuk folder tersebut
Pada tahap ini kita diminta untuk mengetikkan nama baru (nama depan) folder tsb.
Misal kita ketik “Update”, truz tekan [ENTER].




[3]. Proses Rename
Jika proses berhasil maka “New Folder” akan berubah menjadi “Update [tanggal sekarang]”

Read More..

Hacking Intranet + Dialup di Windows

Pertama buat test, saya luncurkan kotak prompt DOS, lalu test ping komputer lain di intranet.

F:prj>ping 192.168.100.64

Pinging 192.168.100.64 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.100.64:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms


Ternyata memang tidak bisa, padahal kalau cuma Intranet biasanya bisa.

Sedikit-sedikit, saya tahu ini pasti masalah routing. Jadi saya panggil "route print"

F:prj>route print

Active Routes:
Network Address Netmask Gateway Address Interface Metric
0.0.0.0 0.0.0.0 100.200.3.189 100.200.3.189 1
0.0.0.0 0.0.0.0 192.168.100.1 192.168.100.63 2
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.100.0 255.255.0.0 100.200.3.189 100.200.3.189 1
100.200.3.189 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.100.0 255.255.255.0 100.200.3.189 100.200.3.189 1
192.168.100.0 255.255.255.0 192.168.100.63 192.168.100.63 2
192.168.100.63 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.100.255 255.255.255.255 192.168.100.63 192.168.100.63 1
224.0.0.0 224.0.0.0 100.200.3.189 100.200.3.189 1
224.0.0.0 224.0.0.0 192.168.100.63 192.168.100.63 1
255.255.255.255 255.255.255.255 100.200.3.189 100.200.3.189 1

Dalam hal ini:
IP intranet laptop = 192.168.100.63
IP dialup laptop (disamarkan) = 100.200.3.189
Benar kan ... ternyata jalur routing-nya jadi berganda. Ada dua routing ke intranet (192.168.100.0/255.255.255.0) via interface 100.200.3.189 (modem) dan juga via 192.168.100.63 (ethernet). Masalahnya, yang lewat modem metricnya 1, jadi akan dipilih lebih dulu dibanding yang metric-nya 2. Dengan demikian, paket yang mestinya ke intranet, akan dikirim ke internet !!! Bahaya besar. Kalau ketahuan saya akan dimarahi oleh yang mbaurekso Internet.

Buat memperbaikinya, tentu saja routing salah tersebut harus dihapus. Kalau di Linux gampang. Di Windows 98 ternyata tidak bisa-bisa.

F:prj>route delete 192.168.100.0 mask 255.255.255.0 100.200.3.189
The route specified was not found.

F:prj>route delete 192.168.100.0
The route specified was not found.

F:prj>route delete 192.168.100.0 metric 1
The route specified was not found.

Hampir kehabisan akal, saya pergi ke ikon dial-up, buka propertiesnya. Setelah dicari sana sini, ketemu tempatnya, sembunyi jauh sekali:

* Buka properties dial-up networking.
* Klik tab "Server Type".
* Klik tombol "TCP/IP Settings".
* Hilangkan cek "default gateway on remote network".
* Klik OK, OK sampai selesai.


Saya coba ulangi dial lagi. Aha ... sekarang bisa jalan. Tabel routingnya ternyata berubah jadi begini:

F:prj>route print

Active Routes:

Network Address Netmask Gateway Address Interface Metric
0.0.0.0 0.0.0.0 192.168.100.1 192.168.100.63 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.100.0 255.255.0.0 100.200.3.189 100.200.3.189 1
100.200.3.189 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.100.0 255.255.255.0 192.168.100.63 192.168.100.63 1
192.168.100.63 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.100.255 255.255.255.255 192.168.100.63 192.168.100.63 1
224.0.0.0 224.0.0.0 100.200.3.189 100.200.3.189 1
224.0.0.0 224.0.0.0 192.168.100.63 192.168.100.63 1
255.255.255.255 255.255.255.255 100.200.3.189 100.200.3.189 1

Perhatikan sekarang jalur routingnnya sudah tidak berganda.

Itu pengalaman saya hari ini. Mudah-mudahan ada gunanya.

Read More..

Tips Memperbesar spasi harddisk yang tersisa pada Windows XP

Apabila Anda menggunakan sistem operasi Windows XP dan kapasitas harddisk Anda semakin menipis, maka tips ini sangat cocok untuk Anda.

Setelah berpindah ke Windows XP dari Windows 98, saya merasakan perbedaan kapasitas harddisk yang tersisa setelah menginstall sistem operasi tersebut. Mengapa? Karena Windows XP memakan habis kapasitas harddisk saya sebesar 1,5 Gb. Sedangkan harddisk saya hanya 6,4 GB. Saya kaget juga, dan akhirnya setelah bergaul dengan Windows XP selama kurang lebih setahun, saya merasakan bahwa sisa harddisk saya semakin menipis, hingga kurang lebih 650 mb pada partisi drive C saya (saya sudah menambahkan harddisk dan saya memiliki 4 partisi).

Saya mencoba-coba fasilitas yang disediakan Windows XP yaitu Disk Cleanup, yang dapat diakses melalui :

Accecories > System Tools > Disk Cleanup.

Kemudian ditanyakan disk drive mana yang ingin dibersihkan, saya pilih C saja. Kemudian ada pertanyaan lain di mana Anda dapat memilih action apa saja yang dapat dilakukan untuk membersihkan spasi disk Anda.

Saya memilih untuk melakukan kompresi old file (file yang sangat jarang dipakai atau sudah lama tidak digunakan), membersikan file temporary internet, dan temporary secara umum. Setelah menjalankan proses Disk Cleanup selama beberapa saat yang cukup lama (karena proses kompresi) saya mendapati sisa harddisk saya sebesar 1,6 GB, jadi bayangkan saja senangnya saya karena spasi harddisk gratis yang ditambahkan oleh utiliti Disk Cleanup. Tetapi tentunya ukuran ini juga tergantung dari berapa banyak file temporary yang ada, file-file yang jarang digunakan serta seberapa banyak file temporary internet di komputer Anda.

Info tambahan lagi... untuk meningkatkan spasi harddisk Anda adalah dengan mengatur besar spasi harddisk yang dapat digunakan oleh System Restore. Meskipun fasilitas ini bagus, tetapi apabila Anda perlu mengatur spasi harddisk yang digunakan oleh fasilitas ini sehingga tidak menghabiskan spasi harddisk dengan fasilitas yang jarang Anda gunakan.

Anda dapat mengaturnya melalui:

Control Panel > System > Tab System Restore

Kemudian atur besar spasi pada masing-masing drive/partisi yang ada untuk digunakan oleh system restore. Apabila Anda yakin bahwa Anda mungkin tidak pernah menggunakan System Restore, maka matikan aja fasilitas ini. Anda pasti akan mendapati lebih banyak spasi harddisk bila fasilitas ini dimatikan.

Apabila Anda belum pernah mencoba dua trik ini... silakan mencobanya saja...

Read More..

Dedicated Server : Self-hosted Atau Sewa ?

Ada seorang client saya yang bermasalah - websitenya sering down. Saya jadi bingung, karena instalasi dari kami sebetulnya sudah beres. Ternyata;

1. Link ke internet dari datacenternya hanya memiliki bandwidth sebesar 128 Kbps
2. Website nya cukup high-profile (salah satu ormas terbesar di Indonesia), sehingga
3. Sangat sering diserang cracker (portscan, hack attempts, mailbomb, dll), atau
4. Diserbu spam


Poin nomor 3 memerlukan strategi & implementasi keamanan yang ekstra ketat & bandwidth yang besar (terutama untuk menghadapi mailbombing, portscan, DoS, dll), sedangkan poin nomor 4 membutuhkan bandwidth yang besar.

Masalah utama pada kasus client tersebut adalah bandwidth - walaupun linknya adalah dedicated dengan rasio 1:1, namun jelas masih jauh dari cukup untuk menghadapi kasus DoS. 2 zombie saja sudah cukup untuk menghabisi seluruh bandwidth yang ada!

Saya kemudian merekomendasikan client tersebut untuk memindahkan websitenya ke webhoster. Ybs setuju, dan kini sedang dalam proses pemindahannya. Webhoster ini juga memasang web-app firewall, sehingga akan sedikit membantu untuk mengatasi berbagai security hole di website ybs; sambil perlahan-lahan dilakukan security audit secara keseluruhan.

Setelah website mereka up & running, maka kami kemudian bisa membenahi infrastruktur datacenter mereka dengan tenang tanpa terburu-buru.

Salah kaprah

Ini adalah kasus salah paham yang cukup lazim terjadi — datacenter yang berfasilitas lengkap, server bermerek, operating system original versi enterprise; maka berarti sudah lebih dari mencukupi untuk sekedar “hanya” menghosting sebuah website ?
Tidak selalu demikian halnya, seperti yang ditemukan oleh client saya.

Jika suatu saat Anda perlu memiliki sebuah server di Internet, apa saja faktor-faktor yang perlu dipertimbangkan ?
Beberapa saya coba cantumkan di bawah ini :

Kelebihan Dedicated Self-hosted : (seperti pada kasus client saya)

* Full control : 100% kontrol server berada pada anda
* Physical access : mudah untuk mengakses server secara langsung / fisik.

Kekurangan Dedicated Self-hosted :

* Investasi infrastruktur : untuk mendapatkan uptime yang baik, perlu dilakukan investasi yang tidak sedikit untuk datacenter Anda — anti gempa, anti kebakaran, physical security, climate control, UPS, generator, dan jika ada banyak server di lantai tersebut maka mungkin lantai gedung tersebut mungkin perlu diperkuat / reinforced (karena satu rak server saja beratnya bisa lebih dari setengah ton pada footprint yang sangat kecil).
* Investasi SDM : perlu ada SDM yang ahli dan jumlahnya mencukupi untuk me maintain semua server yang ada.
* Biaya per server : untuk setiap server, ini adalah up-front cost yang biasanya dibayar 100% di muka. Ini mungkin dapat mengganggu cashflow perusahaan, apalagi jika jumlah server cukup banyak.
* Biaya akses Internet : akses internet di Indonesia tidak murah (lebih tepatnya; luar biasa mahal). Dan tidak cukup untuk hanya satu jalur, Anda perlu menyediakan paling tidak 2 jalur akses yang berbeda ke Internet, agar bisa didapatkan uptime yang baik untuk datacenter Anda.

Jadi dari sini saja sudah bisa kelihatan, bahwa self-hosted server adalah opsi yang cenderung hanya bisa dilakukan oleh institusi yang besar & memiliki sumber daya yang cukup.

Untunglah kini sudah ada banyak provider dedicated server yang biayanya terjangkau namun dengan pelayanan yang sangat baik. Beberapa di antaranya adalah :

* Layeredtech.com : saya sudah menggunakan ini selama hampir 4 tahun, dan belum pernah mengalami masalah yang fatal dengan mereka.
* Dreamhost.com : well, sebetulnya ini shared-webhosting provider, mereka tidak menyediakan dedicated server. Namun, disk space 200 GB & bandwidth 1024 GB dengan biaya hanya sekitar US$ 9 / bulan, mungkin banyak orang akan menemukan ini sudah lebih dari mencukupi bagi kebutuhan mereka.

Saya belum bisa merekomendasikan secara pribadi selain 2 provider di atas, namun saya yakin masih ada lagi yang kualitasnya juga baik. Untuk memeriksa kualitas suatu provider dan menemukan penawaran-penawaran khusus, Anda bisa membuka WebHostingTalk.com

Catatan :

Pada berbagai paket Dedicated server, seringkali ada pilihan “Managed”. Jadi, server tersebut akan di manage oleh tim provider.

Tapi hati-hati, definisi “managed” itu sendiri amat, sangat bervariasi. Kadangkala “managed” bisa berarti hanya sekedar reboot; tim mereka tidak akan mau memasangkan software yang Anda butuhkan. Jadi, periksa dulu semua detailnya dengan seksama, sebelum Anda mengeluarkan biaya ekstra untuk layanan “managed” ini.

Read More..

Filesystem SSH di Ubuntu

Seringkali kita perlu meng copy file antar server Unix / Linux, dengan parameter cp tertentu, seperti /u (updated files only). Namun fasilitas ini tidak ada di scp. Atau, perlu mounting remote filesystem, namun secara secure. Apa akal ?

Dengan ssfs / fuse, maka kita bisa melakukan ini dengan mudah.


Copy-paste di Ubuntu perintah-perintah berikut ini :

sudo aptitude install sshfs
sudo modprobe fuse
sudo sh -c “echo ‘fuse’ >> /etc/modules”

sshfs / fuse telah terpasang, dan otomatis akan selalu berjalan.

Untuk mounting, ketik perintah berikut ini :

sshfs user@hostname:/path/to/folder /local/folder

Maka kini kita bisa mengakses folder di server remote tersebut via /local/folder, nice!

Ketika sudah selesai, ketikkan perintah berikut ini :

sudo umount /local/folder

Ingin agar ini selalu dilakukan setiap booting ? Cukup edit file /etc/fstab, dan tambahkan baris seperti ini :

[hostname/IP]:/path/to/folder /local/folder fuse defaults 0 0

Semoga bermanfaat.

Read More..

IP Limit dengan IPTABLES

This adds CONFIG_IP_NF_MATCH_IPLIMIT match allows you to restrict the
number of parallel TCP connections to a server per client IP address
(or address block).

Examples:

# allow 2 telnet connections per client host
iptables -p tcp --syn --dport 23 -m iplimit --iplimit-above 2 -j REJECT

# you can also match the other way around:
iptables -p tcp --syn --dport 23 -m iplimit ! --iplimit-above 2 -j ACCEPT

# limit the nr of parallel http requests to 16 per class C sized
# network (24 bit netmask)
iptables -p tcp --syn --dport 80 -m iplimit --iplimit-above 16 \
--iplimit-mask 24 -j REJECT

Read More..

Setting POP3 Yahoo

Setelan Server Server Surat masuk (POP3): pop.mail.yahoo.co.id
— Gunakan SSL, port: 995
Server Surat Keluar (SMTP): smtp.mail.yahoo.co.id
— Gunakan SSL, port: 465, gunakan authentication
Nama Akun/Nama Pengguna: ID Yahoo! Anda
Alamat email: Alamat e-mail Yahoo! Anda
Sandi: Sandi Surat Yahoo! Anda

Read More..

Reshade 1.41 (Portable)

Reshade upsamples photos to larger resolutions using the most realistic method available to date.
This is a frequent problem for graphic designers that receive small size
photos from clients and need to use them for high resolution printing.
nlarging your photos is also a necessity when cropping part of a dynamic scene or long distance shot. Has it every happen that you accidentally saved long hours of work at a lower resolution?
Well, Reshade is the only choice in this situation.
It works great even when up-sizing video still frames to
create high-definition video from standard-definition. These are just a few of the possibilities.

Innovative scaling algorithm - allows for over 2000% enlargements with no loss in clarity
Easy to use interface - simple adjustments, with quick preview
Fast access - use keyboard shortcuts to open and save files
Drag and drop - open files directly from your internet or file browser
Multiple file types - support various formats including jpeg, png, bmp
Standard image modes - can use CMYK, RGB and grayscale images

Download Links
http://rapidshare.com/files/106960496/Reshade_141_Port.rar
Or

http://rapidshare.com/files/105691910/Reshade_v1.41.exe

Read More..

Pinnacle Hollywood FX Pro 5.2

Create stunning 3D transitions, titles and animation effects with Pinnacle Hollywood FX Pro version 5, the powerful creative tool for Pinnacle Edition, Pinnacle Studio and Pinnacle Liquid Systems. Packed with over 400 exciting 3D effects and transitions, Pinnacle Hollywood FX Pro version 5 gives you more creative freedom than any other application in its class.

Features Include:
Advanced Keyframe Editing - Hollywood FX Pro gives you full keyframe editing of flight paths and every parameter through its advanced keyframe editor. HFX Pro includes advanced shift and scale tools as well as spline curve presets.

Download Links
http://rapidshare.com/files/105012251/Hollywood_FX_Pro_v5.2_-Link_Wizards.us.zip
Or

http://w16.easy-share.com/1700058004.html

Read More..

Smart Install Maker 5.02

Smart Install Maker 5.02 | 1,44 MB

At last! There is now a much smoother and faster way to create setup files for easy installation of applications. As a developer, you will no longer be bogged down learning complex installation programs or yet another awkward scripting language. This guarantees hassle-free programming, quicker market delivery and ultimately a faster turnaround with more satisfied users.
. Smart Install Maker enables the creation of a professional-looking, custom-made setup file in just a few mouse clicks. The simplicity of Smart Install Maker means:
* No Scripts
* No brain twisters
* No unreasonable charges

Download Links
http://rapidshare.com/files/105591514/smarinsmak.rar

Read More..

Bee Icons 4.0.3.0

Bee Icons 4.0.3.0

Bee Icons - one of the most powerful yet easy to use icon-changing tools, allowing you to replace most of default icons with only a few mouse clicks. The program is designed for Windows 95/98/Me/2000/XP and allows customization of Desktop icons, Start Menu, any Drive or Folder, and of all File Type icons. Using Bee Icons, you can easily change one, a couple, or even all icons (using icon themes). It is easy to use and has a multilingual interface (35 languages are currently supported). Why Bee Icons? Bee Icons can change more than 250 icons in Windows 95/98/Me/2000/XP individually, or all at the same time. More Info Bee Icons can change the icons of individual disks and folders. Bee Icons supports the most popular Icon Theme formats of other programs. The Bee Icons interface supports more than 34 languages. We gather only the Best icon themes from the whole Internet and make them available on our website to guarantee maximum pleasure from your use of Bee Icons. We do not add any advertising to our Icon Themes. You get ten additional OUTSTANDING Icon Themes (containing more than 1000 separate icons) absolutely free if you register Bee Icons in the first ten days after downloading. more info
@http://www.beeicons.com

Download Links

http://rapidshare.com/files/74465381/Bee_Icons_v4.0.3.0_softmatic.rar

Pass: apadanagroup

Or

http://rapidshare.com/files/106086139/BeeIcons4.0.3.rar

Read More..

Linux/WinXP Separtisi Berdua

Kalau di satu komputer terpasang dual boot Windows dan Linux, sudah jamak kita ingin beberapa filenya bisa diakses bersama. Untuk hal ini biasanya kita pakai suatu partisi yang diformat dengan FAT32 (VFAT). Itu sudah absolete. Mari coba IFS driver.

Singkatnya, IFS drive memungkinkan Windows mengakses partisi dengan format ext2/ext3 (yang notabene adalah format native Linux). Keuntungannya dibanding pakai VFAT:

• Kencang, paling tidak kalau dari Linux.
• Sistem permisinya sesuai dengan linux, dan lancar saja dari Windows. Sebaliknya VFAT agak bermasalah di Linux.
• Partisi bisa lebih dari 4 GB dengan efisiensi tinggi.
• Bisa tulis dan baca dari Windows (dari Linux sih pasti bisa).

Kalau anda terbujuk, silahkan mencoba sebagai berikut.

INSTALASI DI LINUX

Di Linux anda tidak perlu install apa-apa, cukup siapkan dan mount partisinya.

• Siapkan satu partisi kosong (misal pakai cfdisk)
• Format dengan tipe ext2 atau ext3. Kalau dari command line perintahnya:

  mkext2 -j /dev/hda10

• mount di suatu folder, misal /mnt/data. Biasanya hal ini dilakukan dengan menambah entry pada /etc/fstab

  # This is a root linux  partition:
  /dev/hda7  /      ext3  noatime  0  1
  
  # This is a linux ext3 partition (shared with XP)
  /dev/hda10      /mnt/data      ext3    defaults        0 2
  
  # Don't use this for shared partition anymore
  # /dev/hda5   /mnt/win vfat   umask=0,quiet,shortname=mixed,user,noauto  0  0
  

Dengan demikian, partisi /dev/hda10 akan bisa diakses di Linux sebagai folder /mnt/data.

INSTALASI DI WINDOWS XP

Sementara itu di Windows XP:

• Download driver dari http://www.fs-driver.org/download.html
• Jalankan file exe tersebut untuk menginstall driver ext2.
• Pergi ke kontrol panel, cari ikon IFS Drive dan klik.
• Akan muncul dialog berikut. Pilih partisi yang mau di-shared, beri huruf G:

• Setelah reboot, gunakan file explorer untuk mengakses drive G tersebut.

Sementara itu, namanya juga proyek masih percobaan, anda harus agak hati-hati. Jangan dulu menyimpan data yang sangat penting di situ. Saya pribadi cuma taruh MP3, JPG, MPEG dan file-file download. Terus jangan share partisi root (/) Linux anda, sebab kalau si Windows berbuat bodoh bisa celaka (ketularan virus misalnya, lol). Selamat mencoba.

Read More..

Reg Script for Multi Yahoo Messenger

REGEDIT4

[HKEY_CURRENT_USER\Software\yahoo\pager\Test]
"Plural"=dword:00000001

...save with ext .reg

Read More..

How to make a HotSpot gateway

To setup simple HotSpot Gateway follow the steps below:

1. Configure wireless interface on HotSpot Gateway:

[admin@HotSpot]> interface wireless set wlan1 ssid=HotSpot band=2.4ghz-b \
\... mode=ap-bridge

2. Configure ip address for HotSpot interface:

[admin@HotSpot] > ip add add address=192.168.0.1/24 interface=wlan1

3. Configure ip address for WAN/LAN interface:

[admin@HotSpot] > ip add add address=10.5.8.250/24 interface=ether1

4. Add a route on HotSpot Gateway

[admin@HotSpot] > ip route add gateway=10.5.8.1

5. Configure Hotspot on wlan1 interface and add user admin with pasword test

[admin@MikroTik] > ip hotspot setup
hotspot interface: wlan1
local address of network: 192.168.0.1/24
masquerade network: yes
address pool of network: 192.168.0.2-192.168.0.254
select certificate: none
ip address of smtp server: 0.0.0.0
dns servers: 10.5.8.2
dns name: hs.example.net
name of local hotspot user: admin
password for the user: test

In order to access network resources HotSpot clients have to configure their wireless interfaces setting proper ssid, band and mode, and enabling dynamic host configuration (dhcp) on the wireless interface.

Read More..

Two gateways failover

This example explains how to use multiple gateways with one taking over when first fails. It begins with adding the gateways. Set bigger distance value for the secondary one, and check-gateway for the first one:

/ip route add gateway=192.168.1.1 check-gateway=ping
/ip route add gateway=192.168.2.1 distance=2

That's all, there are no more steps!

The first gateway will begin as it's distance is smaller (default 0); the check-gateway will make sure it's up; when the ping will fail, it will disable the first gateway and the second will take over; when first one comes up, it will return to it's function.

Read More..

How to Block Websites & Stop Downloading Using Proxy

This example will explain you “How to Block Web Sites” & “How to Stop Downloading”. I have use Web-Proxy test Package.

First, Configure Proxy.

/ip proxy
enabled: yes
src-address: 0.0.0.0
port: 8080
parent-proxy: 0.0.0.0:0
cache-drive: system
cache-administrator: "webmaster"
max-disk-cache-size: none
max-ram-cache-size: none
cache-only-on-disk: no
maximal-client-connections: 1000
maximal-server-connections: 1000
max-object-size: 512KiB
max-fresh-time: 3d

Now, Make it Transparent

/ip firewall nat
chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080

Make sure that your proxy is NOT a Open Proxy

/ip firewall filter
chain=input in-interface= src-address=0.0.0.0/0 protocol=tcp dst-port=8080 action=drop

Now for Blocking Websites

/ip proxy access
dst-host=www.vansol27.com action=deny

It will block website http://www.vansol27.com, We can always block the same for different networks by giving src-address. It will block for particular source address.

We can also stop downloading files like.mp3, .exe, .dat, .avi,…etc.

/ip proxy access
path=*.exe action=deny
path=*.mp3 action=deny
path=*.zip action=deny
path=*.rar action=deny.

Try with this also

/ip proxy access
dst-host=:mail action=deny

This will block all the websites contain word “mail” in url.

Example: It will block www.hotmail.com, mail.yahoo.com, www.rediffmail.com

ENJOY BLOCKING…….

Read More..

How to block MSN Messenger

Create a set of rules:

Connected with SSH or Console to your Mikrotik server, using command like this one:

[admin] ip firewall filter add chain=forward protocol=tcp dst-address=207.46.110.0/24 action=drop log=yes comment="MSN Messenger" disabled=no

The whole set of rules I used in my scenario were:

14 X ;;; MSN Messenger

chain=forward protocol=tcp dst-port=1863 action=drop

15 X ;;; MSN Messenger

chain=forward dst-address=207.46.110.0/24 protocol=tcp action=drop

16 X ;;; MSN Messenger

chain=forward protocol=tcp dst-port=5190 action=drop

17 X ;;; MSN Messenger

chain=forward protocol=tcp dst-port=6901 action=drop

18 X ;;; MSN Messenger

chain=forward protocol=tcp dst-port=6891-6900 action=drop

Read More..

How to autodetect infected or spammer users and temporary block the SMTP output

Here can see in the solution which i invented and work excellent to autodetect and block SMTP viruses or spammers!

Only create these 2 rules in firewall forward:

/ip firewall filter

add chain=forward protocol=tcp dst-port=25 src-address-list=spammer
action=drop comment="BLOCK SPAMMERS OR INFECTED USERS"

add chain=forward protocol=tcp dst-port=25 connection-limit=30,32 limit=50,5 action=add-src-to-address-list
address-list=spammer address-list-timeout=1d comment="Detect and add-list SMTP virus or spammers"

When an infected user is autodetected with a virus worm or doing spam, the user is added to a spammer list and block the STMP outgoing by 1 day, all the values can be adjusted for different networks types or at your convenience

Logging detected users

Next, to display a red Log each 30 minutes listing the detected infected or spammers users using hotspot, add the next script:

/system script
add name="spammers" source=":log error \"----------Users detected like \
SPAMMERS -------------\";
\n:foreach i in \[/ip firewall address-list find \
list=spammer\] do={:set usser \[/ip firewall address-list get \$i \
address\];
\n:foreach j in=\[/ip hotspot active find address=\$usser\] \
do={:set ip \[/ip hotspot active get \$j user\];
\n:log error \$ip;
\n:log \


error \$usser} };" policy=ftp,read,write,policy,test,winbox

Read More..

User Manager/Hotspot Example

Introduction

To make this setup, you should have running Hotspot server on the router. Let us consider configuration steps for HotSpot and User Manager routers, in order to use User Manager for HotSpot users.
HotSpot configuration

* Set HotSpot to use User Manager for HotSpot server users,

/ ip hotspot profile set hsprof1 use-radius=yes

* Add radius client to consult User Manager for HotSpot service.

/ radius add service=hotspot address=y.y.y.y secret=123456

'secret' is equal to User Manager router secret. 'y.y.y.y' is the User Manager router address. By default this is 127.0.0.1. If using a remotely located Router (perhaps via a VPN) then the IP address entered is the IP address of that remote Router. The router could be a Radius Server, or another ROS with User Manager installed.

* Note, first local HotSpot database is consulted, then User Manager database.

It means that if you have configuration in '/ ip hotspot user print', users will be able to authenticate in HotSpot using these data. Delete users configuration from '/ ip hotspot print' to stop using local HotSpot database for authentication. To move batch of local HotSpot users to the User Manager database use export/import . Use text editor program to create appropriate file to import local users to the User Manager database.
User Manager configuration

* First, you need to download and install User Manager package;
* Create User Manager subscriber;

/ tool user-manager customer add login="MikroTik" password="qwerty" permissions=owner

* Add HotSpot router information to router list,

/ tool user-manager router add subscriber=MikroTik ip-address=x.x.x.x shared-secret=123456

'x.x.x.x' is the address of the HotSpot router, 'shared-secret' should match on both User Manager and HotSpot routers. Adding 'x.x.x.x' as a router allows Radius requests from 'x.x.x.x' to be passed to the Radius Server built into User Manager. Therefore if you have any remote ROS Hotspots that require access to this Radius Server, then all their IP addresses must be added to this list.

* Add HotSpot user information, it is equal to 'ip hotspot user' when local HotSpot is used for clients

/ tool user-manager user add username=demo password=demo subscriber=MikroTik

We discuss only basic configuration example, detailed information about 'user' menu configuration.

* You can use User Manager web interface after first subscriber created.

* To make sure, that client is using User Manager for AAA,

/ ip hotspot active print
Flags: R - radius, B - blocked
# USER ADDRESS UPTIME SESSION-TIME-LEFT IDLE-TIMEOUT
0 R 00:01:29:2... 192.168.100.2 1m29s

'R' means that client uses User Manager server for AAA services.

Read More..

Drop port scanners

To protect the Router from port scanners, we can record the IPs of hackers who try to scan your box. Using this address list we can drop connection from those IP

in /ip firewall filter

add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="Port scanners to list " disabled=no

Various combinations of TCP flags can also indicate port scanner activity.

add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="NMAP FIN Stealth scan"

add chain=input protocol=tcp tcp-flags=fin,syn
action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="SYN/FIN scan"

add chain=input protocol=tcp tcp-flags=syn,rst
action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="SYN/RST scan"

add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="FIN/PSH/URG scan"

add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="ALL/ALL scan"

add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="NMAP NULL scan"

Then you can drop those IPs:

add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no

Similarly, you can drop these port scanners in the forward chain, but using the above rules with "chain=forward".

Read More..

Bruteforce login prevention (FTP)

These are 2 basic scripts I use frequently that are from the forum (written by other users)

Allows only 10 FTP login incorrect answers per minute

in /ip firewall filter

add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop

add chain=output action=accept protocol=tcp content="530 Login incorrect" dst-limit=1/1m,9,dst-address/1m

add chain=output action=add-dst-to-address-list protocol=tcp content="530 Login incorrect" \
address-list=ftp_blacklist address-list-timeout=3h


This will prevent a SSH brute forcer to be banned for 10 days after repetitive attempts. Change the timeouts as necessary.


in /ip firewall filter

add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop \
comment="drop ssh brute forcers" disabled=no

add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage3 action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=10d comment="" disabled=no

add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m comment="" disabled=no

add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage1 \
action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m comment="" disabled=no

add chain=input protocol=tcp dst-port=22 connection-state=new action=add-src-to-address-list \
address-list=ssh_stage1 address-list-timeout=1m comment="" disabled=no

Read More..

VOIP

It could be nice if some people who have experience in this field would like to share best practice in VOIP. How do you handle Firewall,vlan,que,mangle, and so on.

1: How to controle SKYPE, and other p2p voice sevices (not fileshare), and get the best benefit out.

2: Make prioity que´s that handle normal VOIP

Layer 3 prioritization.

The priority of VOIP can be increased over other traffic by marking the traffic and then using queue tree to assign a priority to that marked traffic.

Marking can be done of various things that identify the traffic as VOIP.

If you are trying to prioritize your VOIP or a known partnering VOIP service, you could mark traffic based on IP range. Here is an example. a.a.a.0/24 would be a network that includes the VOIP servers.

/ip firewall mangle
add chain=forward src-address=a.a.a.0/24 action=mark-packet new-packet-mark=VOIP\
passthrough=no comment="VOIP" disabled=no

add chain=forward dst-address=a.a.a.0/24 action=mark-packet new-packet-mark=VOIP\
passthrough=no comment="VOIP" disabled=no

Many VOIP hardware use TOS in the IP packet headers to express their preferred priority. If the VOIP equipment configuration does not say what the TOS value is, you can capture packets from it using /tool sniffer on your Mikrotik and look at those packets using wireshark/ethereal on your desktop computer. The RTP packets coming from the VOIP equipment will show the TOS in binary and hex. This value should be converted to decimal for use with Mikrotik's packet marking. Here is an example, using xxx as the decimal value of the TOS information we gathered using sniffer and wireshark.

/ip firewall mangle
add chain=forward tos=xxx action=mark-packet new-packet-mark=VOIP passthrough=no \
comment="voip tos xxx" disabled=no

After the packet is marked, queue tree can assign proper higher priority to the packets marked as VOIP. A queue should be setup on each interface which needs to assign a proper priority. Mikrotik priorities range from 1-8 with 8 being the lowest priority. (This differs from the unrelated but popular Lan CoS priority where 8 is the highest priority.) In my example, I set the priority for 2, which is higher than other traffic, but not the highest, which is typically reserved for routing protocol or other important network functionality.

/ queue tree
add name="ether1_voip" parent=ether1 packet-mark=VOIP limit-at=0 queue=default priority=2 \
max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="ether2_voip" parent=ether2 packet-mark=VOIP limit-at=0 queue=default priority=2 \
max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no

You can use winbox to observe packet count of the various items in queue tree when making a VOIP phone call. If the counters increase, your marks are getting the right traffic and prioritizing it. If the counters are not increasing, you are not prioritizing the proper data.

Layer 2 prioritization.

On a busy LAN is may be desirable to separate your VOIP traffic from your normal data traffic. Many small networks aren't sufficiently busy or burst to even need this. Some administrators keep the voice and data separate for better security or management using the same techniques.

You setup a separate IP range for your IP phones and equipment, assign that network to your mikrotik using a Vlan interface (or an additional ethernet card). Your other traffic would use a different Vlan (or network card). You need a managed ethernet switch to keep Vlans separate on a LAN infrastructure. A single ethernet port capable of Vlan tagging on the Mikrotik can support multiple Vlans. Some network cards don't do Vlan tagging well, for those you are best not putting Vlan tagged data on them.

On the managed ethernet switch, configure ports going to equipment for their respective proper vlan and to be untagged. (Voip phone on switch port 23 should be part of Voip vlan, file server on switch port 22 should be on the other vlan.) Ports going to other managed switches or to a vlan tagging Mikrotik should be part of both vlans with tagging enabled. If you use separate ethernet cards in the Mikrotik for voice and data, tagging would not be used.

Managed switches and other smart vlan capable layer 2 equipment have vlan prioritization called CoS. This lets you give your voice vlan traffic a higher priority than other vlans. Prioritization must be enabled and configured on every device the data passes through. CoS priorization is the opposite numbering of Mikrotik prioritization, so 8 will be the highest priority. If you have two ethernet switches, both must support Vlans and prioritization and be configured for it. Since it is layer 2, it does not pass through routers. Thus if you use a Mikrotik to route between two networks, both networks would need to be independently configured. CoS is not needed on the Mikrotik itself, but you should implement layer 3 QoS so that priority is maintained as it passes through the Mikrotik and goes out another Mikrotik interface.

Read More..

Blocking Rapidshare.com web page

Blocking connection to Rapidshare.com web page.

/system script \
add name="block_rapidshare" source={ \
:foreach i in=\
"62.67.46.0/24,62.67.57.0/24,64.215.245.0/24,80.129.35.0/24,80.239.151.0/24, \
80.239.159.0/24,80.239.236.0/24,82.129.35.0/24,82.129.36.0/24,82.129.39.0/24, \
195.122.131.0/24,195.219.1.0/24,207.138.168.0/24,212.162.63.0/24" \
do={ /ip firewall filter add chain=forward dst-address=$i dst-port=80 protocol=tcp action=drop } \
};


second simple method is :-

add rules to your firewall:-

ip firewall filter add chain=forward content=rapidshare action=drop

Read More..

VPN with Virtual Routing and Forwarding / Mikrotik and Cisco

This example shows how to setup an VPN using Virtual Routing and Forwarding (VRF), Virtual Routing and Forwarding (VRF) is a technology used in computer networks that allows multiple instances of a routing table to co-exist within the same router at the same time. Because the routing instances are independent, the same or overlapping IP addresses can be used without conflicting with each other. In this example you can find setup between Mikrotik and Cisco routers. Below are the steps to complete the configuration.

First should configure a Tunnel Interface on Mikrotik Router1 and Router2

Router1:

/ interface ipip
add name="tunnel" local-address=218.100.100.29 remote-address=218.100.98.5 comment="" disabled=no

Router2:

/ interface ipip
add name="tunnel" local-address=218.100.100.30 remote-address=218.100.98.5 comment="" disabled=no

After all interfaces are configured, we should asign IP addresses for interfaces on Router1 and Router2

Router1:

add address=218.100.100.29/27 network=218.100.100.0 broadcast=218.100.100.31 interface=uplink comment="" disabled=no
add address=192.168.1.1/24 network=192.168.1.0 broadcast=192.168.1.255 interface=ether1 comment="" disabled=no
add address=172.16.1.1/30 network=172.16.1.0 broadcast=172.16.1.3 interface=tunnel comment="" disabled=no

Router2:

add address=218.100.100.30/27 network=218.100.100.0 broadcast=218.100.100.31 interface=uplink comment="" disabled=no
add address=192.168.2.1/24 network=192.168.2.0 broadcast=192.168.2.255 interface=ether1 comment="" disabled=no
add address=172.16.1.5/30 network=172.16.1.4 broadcast=172.16.1.7 interface=tunnel comment="" disabled=no


On Cisco router create VRF instance :

cisco#conf t
cisco(config)#ip vrf TEST
cisco(config-vrf)#rd 10:10
cisco(config-vrf)#end


Create interface on Router1 and add to vrf TEST:

cisco#conf t
cisco(config)#interface Tunnel 900
cisco(config-if)#ip vrf forwarding TEST
cisco(config-if)#description Tunnel_to_Mikrotik_router1
cisco(config-if)#tunnel destination
cisco(config-if)#tunnel source Loopback1
cisco(config-if)#load-interval 30
cisco(config-if)#tunnel mode ipip
cisco(config-if)#tunnel path-mtu-discovery
cisco(config-if)#ip address 172.16.1.2 255.255.255.0
cisco(config-if)#end


Create Interface on Router2 and add to vrf TEST:

cisco#conf t
cisco(config)#interface Tunnel 901
cisco(config-if)#ip vrf forwarding TEST
cisco(config-if)#description Tunnel_to_Mikrotik_router2
cisco(config-if)#tunnel destination
cisco(config-if)#tunnel source Loopback1
cisco(config-if)#load-interval 30
cisco(config-if)#tunnel mode ipip
cisco(config-if)#tunnel path-mtu-discovery
cisco(config-if)#ip address 172.16.1.6 255.255.255.0
cisco(config-if)#end

Set up route and some rules on Mikrotik and Cisco

Router1:

/ip firewall mangle
add chain=prerouting action=mark-routing new-routing-mark=tun passthrough=yes
in-interface=ether1 src-address=192.168.1.0/24 disabled=no

/ip route rule
add add routing-mark=tun action=lookup table=tun
/ip route
add dst-address=192.168.2.0/24 gateway=172.16.1.2 routing-mark=tun

Router2:

/ip firewall mangle
add chain=prerouting action=mark-routing new-routing-mark=tun passthrough=yes
in-interface=ether1 src-address=192.168.2.0/24 disabled=no

/ip route rule
add add routing-mark=tun action=lookup table=tun
/ip route
add dst-address=192.168.1.0/24 gateway=172.16.1.6 routing-mark=tun

Cisco Router:

cisco#conf t
cisco(config)#ip ro vrf TEST 192.168.1.0 255.255.255.0 Tunnel900
cisco(config)#ip ro vrf TEST 192.168.2.0 255.255.255.0 Tunnel901
cisco(config)#end


It can be done vpn directly from Router1 to Router2, but when you have a lot customers with a lot routers and many of them have same address space , this is a great and easy solution.

All adresses are for example only.
Retrieved from "http://wiki.mikrotik.com/wiki/VPN_with_Virtual_Routing_and_Forwarding_/_Mikrotik_and_Cisco"

Read More..