How to Mount Data Disk in Alibaba Cloud ECS?

If you are an Alibaba Cloud or any other similar cloud provider ECS instance user, most of the time I find that the data disk is not automatically mounted by default. Therefore, in this article, I am going to share how to mount a data disk to ECS instance.

Firstly, check if your ECS is attached with the correct disk from the Console.

List Disk

Now, remote SSH to the server. Then, run the following command to check if the attached disk is available.

sudo fdisk -l

 As you can see:
/dev/vda is your 40GB system disk.
/dev/vdb is your 20GB data disk.

There is an existing partition /dev/vda1 existed. So, we need to create one partition for the data disk.

Create Partition

Now, execute the following command to create partition.

sudo fdisk /dev/vdb

When it prompt for command, simply enter "n" which stand for new partition.
Next, key in the partition number, default 1
Next, key in first sector, default 2048 for the very beginning
Next, key in last sector, default 41953039 for the very end if you wish to partition the entire disk
Finally, enter command "w" to write the above setting and execute the partitioning.

Now, if you run the list disk command fdisk -l again, you will see new partition /dev/vdb1 is created.

Format Disk

Before we can save data into the disk, we need to create disk format for it first. Let's just create the most commonly used Linux file system ext4 format by executing the following command:

mkfs.ext4 /dev/vdb1

Mount Disk

In order to prevent the disk unmounted after server being rebooted, let's create an auto mount command in the file system table:

echo /dev/vdb1 /mnt ext4 defaults 0 0 >> /etc/fstab

For mounting the disk, simply run the following command:

mount /dev/vdb1 /mnt

Now, you may change directory to /mnt to access to your data disk.

How To Secure Your Alibaba Cloud ECS Instances?

Today I would like to share with you about how to secure your Alibaba Cloud ECS instances. Recently, I had been going through a lot about security issues with my servers, hence writing this blog to keep a record of what security measurement that I had done.

If you are an Alibaba Cloud user, have you ever seen or use the feature of Security Center that you may find in the cloud dashboard? It is free to use, and not sure if you have received any email notification about the security threat or risk about your server that need action? The email subject usually are "Threat Detection Service Unhandled Vulnerabilities Weekly Report" or "Threat Detection Service Security Events Notification".

If you have received any of the email notification related to Threat Detection, I would advice you to login to your Alibaba Cloud Console and go to the Security Center to check out what had happened to your server.

Security Center basic edition is free to use but with limited feature. If your budget allow and host business critical public facing servers, I strongly recommend subscribe the protection service. You save the hassles from monitoring and attack prevention.

Notice the Urgent Vulnerabilities suggestion on top of the dashboard? You can simply click it to enter the detail page, and then scan all your servers to check if any of them prone to any of the suggested vulnerabilities.

After done the vulnerabilities scanning, go to the Alert section to check out what had happened to your servers. You may find the list of all the threat detection on your servers here.

If you had read my previous post about my servers were attacked and injected with crypto mining scripts call Donald and Trump, then now you can see all the attack trails are showing in the Security Center. If you encountered the similar problem with crypto mining software injection, you may want to checkout my previous post to learn how to remove them HERE.

The cron job details also had been tracked successfully.

You also can further trace who actually logged in to your server and injected the script. From there, it tells the crypto mining scripts were not simply injected out from no where. Someone actually obtained the correct password to access my server. The details reveal the IP and location of the attacker.

I have another server being attacked by ransomware. The server crypto wallet and SQL Server database had been encrypted. Luckily it was just a test server, there is no impact to me.

From the Security Center, I can see that the server was being accessed through normal RDP.

We also can see how and what the attacker done to my server, first he download a ransomware script from some website and then execute some powershell command to perform the encryption.

In summary, whatever the hacker had done to the server cannot be undone. I do not blame the hacker, I blame myself for being careless. Also, the root cause investigation had been narrowed down to password access to the server to inject script and ransomware. Therefore, I suspect the strong password generator website that I usually use actually keep a copy of generated password in their database.

https://strongpasswordgenerator.com/
https://passwordsgenerator.net/

I strongly suggest anyone of you stop using the online random password generator. Prevention is very important. Lesson learned and I shall further strengthen the servers security and redesign my network architecture. In my new network architecture design, all the servers are locked down. In order to RDP or SSH access to the servers, I must connect to a proxy server first in order to access other servers. With this setup, proxy server become the only target to be attacked. Therefore, I only need to manage and monitor only one server.

Also, pay attention closely to the email alert sent by the Alibaba Cloud Security Center. When illegal logon activity happen, we need to take action immediately to investigate.

I also recommend you to subscribe the Security Center at least Advanced package. You may check out the package difference here. You can also click at this LINK to get a discount for the subscription.

How to Remove Donald Trump Virus/Script from Linux?

Today have been a bad day, at 3AM in the morning, received an email alert from Alibaba Cloud indicating successful brute force attacks to a few of my ECS servers. It was my mistake for not changing the server SSH default port, given the chance to the hacker to brute force attack my server access.

I discover what the hacker did to my ECS server is creating a cron job that constantly compile and generate 2 executable scripts call Donald and Trump. The scripts spike my server CPU to 100% and affecting my other application process being slow in performance.

How do I find the root if you ask me? Just run the top command and then press C, you will see the Donald script is running and eating the 100% CPU and also its source location. However, I spotted there is an unknown suspicious process actively running as well.

By deleting Donald and Trump executable scripts will not solve the problem. I discover that there is a cron job running to automatically compile and create both Donald and Trump scripts after a while.

So, I run the systemctl status command in order to further trace which and where actually started the process.

systemctl status <PID>

As you can see from the above screenshot, the culprits are:
/tmp/Donald
/usr/bin/ujwofa5

Also note that there is a cron job actually execute ujwofa5. Therefore, we need to remove all the executable scripts and cron job as well.

In order to trace the cron job, just run crontab -l command
For deleting the cron job, run crontab -r command
You may want to stop the cron job if you dont need it at all, just run service crond stop

Now, remove the Donald script and ujwofa5 by executing rm command. Then, kill both processes.

Now, you need to reboot the server in order to permanently remove the script to take effect. After server get back online, you can run top command again to monitor and see if the Donald or Trump script appear again. If everything goes normally, then the problem is considered solved.

It was lucky that Alibaba Cloud sent me email notification about suspicious login to my server actually triggered me to check what's wrong. Lesson learned that I should not being lazy even the server is not important, I should change the SSH default port.

For your knowledge how to change SSH default port, just login to the server again. Open up the SSH config file by executing command vi /etc/ssh/sshd_config

Modify the file by removing the # comment at the Port 22 row, then change the value 22 to your desire port number. Once done, save the file and then restart the SSH service by executing service sshd restart

Now, the server is resume back to normal. Let me know if this helpful, and note that the cron job script name is random and different from each server. You cannot assume your cron job script name is ujwofa5.

Alibaba Cloud MVP Global Summit

On the 24-27th of September, Alibaba Cloud MVP Global Summit and Apsara Conference was held at Hangzhou, it was an honor to be invited to participate in this event. On the first day itself, once I touch down the Hangzhou Xiaoshan Airport, I find there are free shuttle buses available to bring you from airport to hotels and conference venue.

The MVP Global Summit was held at The Cloud Town on the 24th September. It is a gathering for the domestic and international MVPs to get to know each other, and there are also sharing of Alibaba Cloud new company direction, new product milestone, and the experience of Alibaba Cloud product application.

During the event, I had made the acquaintance of the MVPs from China, Singapore, Japan, Spain and Netherlands. Since every MVP has his own area of expertise, it is interesting when everyone share their story, problem and insights about technology.

Also, I got a surprise during the event for receiving a most active MVP award. Thanks Alibaba Cloud for the recognition.

I personally find this event is a good opportunity to make new friends and broaden up our network. MVP Global Summit is a rare event that filled with technical experts from around the world come reunion together at one place, given the opportunity to meet with the person usually dealt from online to offline. Hope that next year we will be able to meet with each other again.

What Makes FiiiPay A Fast & Reliable Crypto Wallet in Asia?

FiiiPay had been launched ever since June, 2018. We had gone through a lot of obstacles from the beginning of the launch until today. In this article, I would like to share all my past experience about our FiiiPay system.

In August 2018, we organized security hackathon in Malaysia to invite hackers to attempt to hack or break into our API system, some even try to hijack the FiiiPOS terminal software, but all attempts were failed. The hackers managed to find minor bugs related to UI defects only.

Later in September 2018, we encountered hackers attack our API to create user account using fake mobile number in order to gain our FiiiCoin for free through the friend referral marketing campaign. However, we managed to stop it by applying stricter rules in order to earn the freebie. We were experiencing sudden surge of system load due to the script attack, and we addressed the issue by applying firewall rule base on the attack pattern.

During December 2018, our user base grew to 340,000 and 22,000 POS terminal online at the same time for FiiiCoin mining, active online users exceed 30,000 daily, server unable to cope the load. We decided to increase our server capacity and apply load balancing strategy.

Have you ever wonder what make us so efficient and change so fast to adapt to the situation? Thanks to Alibaba Cloud. If you are building a similar e-wallet application, you may consider take my solution as reference.

I am sure you are curious why Alibaba Cloud? Why not AWS? Why not Windows Azure? I had done a lot survey and testing, firstly my discovery is Alibaba Cloud Asia network performance is better compare to other cloud service provider, and in term of pricing, it is affordable. The consideration is depend on where is your business and where are your users location. My business focus on Asia market, hence Hong Kong is a strategic location where it is the center point of all Asia countries. Hong Kong is my best choice of data center location.

If you ask me why cloud? Why not on premise servers?

I would say my main consideration is costing. As a startup company, we need to survive by controlling the budget tightly, spend on things which are necessary only. On premise servers require high maintenance effort such as hiring DevOps or System Engineer to perform high availability, redundancy, regular backup, and disaster recovery. Furthermore, the local internet service provider provide limited network bandwidth and the charging fee is expensive. Therefore, Elastic Compute Service (ECS) by Alibaba Cloud provide the flexibility and solution that fit my requirement.

ECS allowed me to change the server specification anytime I want and quickly. While my system is suffering high load, and I need to temporary increase the server capacity including the network bandwidth, I can easily configure it through the Console.

Every software company practice System Integration Test (SIT) and User Acceptance Test (UAT), I find that ECS Pay-As-You-Go billing method gave me the flexibility to pay only when require. Most of the time, test servers are not in used unless test tasks being carried out. Hence, these test servers can be shutdown. Shut downed servers are not being charged except the used storage. It helped me save cost.

As an e-wallet solution provider, robust system and high availability are utmost important, we cannot afford down time as it will impact customer experience and affect the confidence level towards our product.

Database is a the heart of the entire system, it cannot be down not even a second. I like about ApsaraDB for RDS product. It enable me to provision a database in just a few minutes time. It gives me peace of mind in all the routine work such as differential backup, full backup, redundancy, replication and fail-over by just a few button click. Even the connection architecture is setup following the best practice.

Next is to provision the Server Load Balancer (SLB) for load distribution to different servers to support high concurrency. When single API server is unable to cope the concurrent requests, then you can opt for adding extra ECS instance to the share the load by having both ECS instances assigned into a Server Group of a SLB. The request will be distributed to the instances automatically.

Lastly, all the cloud services can be monitored. We can easily configure alarm rule to monitor ECS instances or RDS databases. If there is high CPU or RAM usage or the disk storage is running low, you will receive an alert in email form or notification in DingTalk.

In conclusion, by just relying on Alibaba Cloud service, you can run a full fledged IT operation for server, database and network with affordable price and enterprise level service. FiiiPay have been using Alibaba Cloud service for more than one year and never face any down time before and satisfied with the service.

FiiiPOS - FAQ

Background

FiiiCoin is designed to "incentivize" the contributors of the cryptocurrency payment ecosystem. Today the most common problem found in the blockchain world is a lot of cryptocurrencies are built for speculative investment but rarely being used for circulation and payment. Most of the people who purchase cryptocurrency always hope for a good return of investment instead of truly support a project. I am trying my best to correct everyone mindset.

There are very few merchants who actually support cryptocurrency and truly understand what is blockchain. The following are the commonly asked questions:

Why do I need FiiiPOS since I am happy accepting fiat currency now?

FiiiPOS is an extra payment accepting tool for you to accept payment from a different target group of customers who actually own cryptocurrency. It does not meant to be replaced by conventional credit card POS terminal. We treat it as "additional option".

How can I cash out the cryptocurrency?

At current stage, we enable simple payment accepting feature only in FiiiPOS. We are in the middle of working with multiple cryptocurrency Over The Counter (OTC) service provider to implement cash out feature - FiiiOTC into our FiiiPOS, allowing you to convert cryptocurrency into fiat currency in just one button click, and you will receive fiat currency in your bank account within 24 hours. Please stay tune for our FiiiOTC service by Q2 2019.

The volatility of cryptocurrency is high, how can I ensure my today's earning is not depreciated?

FiiiLab had foreseen such problem, hence we have FiiiExchange service to be rolled out by Q2 2019 as well in order to let our FiiiPOS merchants to quickly exchange high volatile crypto with a stable crypto (normally backed by fiat currency or real assets as a reserve such as USDT, GUSD, PAX, etc).

So that, merchant can secure the received value. At the end of the day, use FiiiOTC service to cash out the stable crypto into fiat currency. At this stage without FiiiExchange and FiiiOTC service, merchant can limit accepting only stable crypto from the customers.

Why mining in FiiiPOS?

FiiiPOS mining is an extra feature to attract and educate merchant to accept cryptocurrency. We intend to create one stone two birds effect whereby the merchant is being incentivized for using the FiiiPOS, generating a little income while the FiiiPOS is idle for charging, at the same time helping in maintaining our blockchain network.

I would like to emphasize to our FiiiPOS users that this device is not a mining machine. I hope this machine is put into good use. Let the true cryptocurrency circulation really happen.

How FiiiCoin mining work?

Delegate Proof of Capacity (DPoC) rely on the hashes that was pre-calculated and stored in a storage and then these hashes to be submitted to a dedicated mining pool. Therefore, during the very beginning stage of the mining work, FiiiPOS must initialize the nonce files first. It should take about 40 minutes to initialize 100MB of nonce. Once it is done, it will begin the mining work by submitting the nonce and hashes to the mining pool. The mining reward is distributed based on the quantity of hashes submitted to the mining pool that actually contributed to the block generation work. The mining reward is released daily at 2.00AM UTC +0800 and to be credited to your FiiiCoin wallet in your FiiiPOS by default.

Please take note that due to the nature mentioned above, you must expect the mining reward is very little due to the quantity of hashes submission to the mining pool is very limited. In order to achieve full hash rate, you need about 1 month time to initialize 29GB of nonce in your 32GB SD card (29GB is the usable storage of a 32GB SD card). Our FiiiPOS program that while submitting hashes to the mining pool, it utilize the 2nd CPU of the FiiiPOS to generate nonce. Hence, you will not need to stop the mining while generating nonce. In fact, you leave the mining on despite occasionally not able to connect to the mining pool, it will still generate nonce. Once the mining pool connection is established or restored, you can get into speed in submitting the nonce and then getting more reward.

Why my FiiiCoin mining keep showing 0 H/s hash rate in my FiiiPOS?

FiiiCoin mining is actually done by submitting hashes to the mining pool. However, due to the new FiiiPOS new empty SD card has very little of hashes, therefore, it take only a few seconds to finish uploading all the hashes that it has. You will see the hash rate will show some value for a few seconds then stop and become zero. The reason is you have finished submitting all the hashes that you have in your SD card.

What is verifying status during FiiiCoin mining?

The FiiiPOS is trying to connect to the FiiiCoin mining pool, however, due to the network is congested, it failed to establish connection. Hence, the status keep showing verifying which at the background it is trying to keep reconnect. However, please leave the machine on still as it is generating more nonce despite failed to connect to mining pool. So that, you can submit more nonce to the mining pool when it is able to connect to the mining pool.

When will FiiiCoin mining open for all users?

Currently, we only open mining for our merchants due to the reason that in order to attract merchant support our cause, we incentivize and appreciate our merchants who actually done the value contribution to the payment ecosystem first, lower down their risk of cost in purchasing the POS machine, transaction fee, withdrawal fee and also crypto volatility. We shall open mining for our consumer users when FiiiPOS adoption has achieved huge availability around the world.

With the limitation of funding and at the same time pushing the adoption, we leverage on the beauty of blockchain incentive tokenomic design to let the crypto community who are into the same belief, together achieve the mass adoption of cryptocurrency payment.

Why my country is not supported in the list in FiiiPOS and FiiiPay account registration?

We launch our product starting from our home ground which is Southeast Asia countries, attempt to build strong foundation, then stage by stage, gaining feedback, refine and enhance, then only go for mass market expansion.

During the mid or latest by end of November 2018, we will open account registration to all countries except some sanction countries.

Summary

FiiiLab strive to answer all the questions above and provide one stop solution to all our customers. We want and we will, be the world first cryptocurrency payment solution provider to everyone, then together all the cryptocurrencies achieve the same success by bringing true value of blockchain to the payment ecosystem.

Stay tune and thanks for your support!

Milestone Achieved - FiiiCoin Mining

New Milestone Achieved!

28 October 2018 is our FiiiCoin mining exact launch date. Hurray! We have deployed a patch to all our FiiiPOS terminal to enable mining FiiiCoin. Finally the FiiiCoin feature has completed one of the milestone in our road-map.

Misconception of Mining

Since our FiiiPOS has enabled for mining, I have received a lot of complaints, and yes, I have heard your voices, I acknowledged it. We are working hard on solving all the issues.

Firstly, our FiiiCoin mining pool is facing heavy network congestion. I can see thousands of active FiiiPOS has begun mining. The server unable to cope the sudden surge of concurrent connections, hence causing the mining force quit or occurrence of network error. We are in the middle of fine tuning the mining pool source code as as well increasing number of servers to solve this issue.

Secondly, base on the feedback that I have received, I find that the public has a misconception or wrong perception about "mining" in the blockchain world. The "mining" is an activity that contribute value to the blockchain ecosystem in return getting some incentive. For instance, Bitcoin, the person who contributed proof of work by competing being the first in finding the correct hash. Same concept applies to FiiiCoin.

The FiiiCoin mining reward is distributed base on the quantity of work that you had performed. Therefore, the key condition is the number of hashes that you had submitted to the mining pool. The following are the criteria that directly affect your FiiiCoin mining reward:

1. Hashes reading speed from SD card
2. Hashes submission to the mining pool base on network speed
3. Number of hashes initialized and plotted in SD card
4. The competition from other FiiiPOS

User Experience

FiiiCoin consensus is proof of capacity, hence, the mining cannot be kicked start immediately without plot files. You may read my previous article Delegate Proof of Capacity for more detail. Therefore, we enforce user to initialize 100MB size of plot files first prior to mining. It usually takes 40 minutes to 1 hour time to prepare the plot files depending on the SD card data writing speed. FiiiPOS can support up to 32GB SD card only.

Once the FiiiPOS has completed the 100MB plot files initialization, it will begin the mining at the same time plotting more files up to 29GB (32GB SD card usable space). Therefore, at the beginning of mining, you should expect very little FiiiCoin will be mined because of limited hashes contributed to the mining pool. You will need to wait 1 month time to get 29GB of SD card fully filled up with hashes. The reason is the 2 core CPU in FiiiPOS, one core will be used for mining, another core is to compute SHA3-256 hashes for file plotting.

Calculation & Assumption

FiiiCoin coinbase reward is 250 per block. Each block average generation time is 1 minute. Please take note that mining pool takes 10% pool fee to maintain the server cost and distribute to FiiiPOS referral campaign. Therefore, the reward left only 225 FiiiCoin to be shared and distributed to all the miners.

Assume there are 10,000 FiiiPOS mining at the same time and all are equal having 29GB of hashes:

225 / 10,000 = 0.0225 FiiiCoin per minute
which can generate up to 1.35 FiiiCoin per hour
which can generate up to 32.4 FiiiCoin per day
which can generate up to 972 FiiiCoin per month

The above condition is possible based on good network condition, mining pool no downtime, 24/7 FiiiPOS mining non-stop, and no new FiiiPOS join into the pool.

The early bird who participate in mining definitely earn more FiiiCoin compare to the later. When the quantity of FiiiPOS make available worldwide and all are participating in mining, the more mining reward to be shared and the gain will be reduced. You may use the same formula above to assume for 100,000 FiiiPOS.

Disclaimer

Please be informed that FiiiLab Technology Ltd does not guarantee the FiiiCoin mining reward. The FiiiCoin mining is done under user own willingness and due diligence. User is expected to fully understand the concept of FiiiCoin delegate proof of capacity consensus algorithm.

A Sad Situation

FiiiPOS is designed for cryptocurrency payment. The mining feature is to lower the risks for merchant to try accepting cryptocurrency payment. It is not easy to push the cryptocurrency adoption due to it is still skeptical to most of the people especially non-tech savvy. The mining feature can be a good start, a new concept, a revolutionary payment solution. The FiiiCoin original purpose is to ease the burden of merchant to pay the transaction fee, hardware cost and the value fluctuation at the same time help maintaining our blockchain network without additional hardware cost.

However, most of the individuals who purchase our FiiiPOS is to mine FiiiCoin. It has defeated our original purpose to create FiiiPOS. It is sad to see many FiiiPOS units have been kept in a warehouse just for mining. I hope every FiiiPOS owner please use it to circulate cryptocurrency. Only circulation can bring value to the ecosystem, not mining. I wish FiiiCoin will not be abused to become another speculative investment coin.

What's Next?

Our next target now is to solve merchant daily cash out problem, hence will begin our next milestone development - the FiiiOTC service to be included into the FiiiPOS and FiiiPay. We want to let our users and merchants to be able to convert cryptocurrency into fiat in just one button click.

FiiiLab strive to serve blockchain community with the best cryptocurrency payment one-stop solution in the world! Stay tune! And, thanks for your support!