Windows Firewall Diagnostics

While looking into what wermgr.exe was () and why it was trying to communicate with 65.55.53.190 I found this page with some useful information about how to generate a XML file with the reasons why a connection is blocked…

http://superuser.com/questions/451862/windows-firewall-blocks-outbound-connection-that-is-allowed-by-a-rule

After asking for help in the Windows Filtering Platform (WFP) forum on MSDN I learned that you can capture the activity of WFP (which the firewall employs) using the following commands:

netsh wfp capture start
netsh wfp capture stop

The resulting log file is XML which makes it human readable and from that file I learned that wermgr.exe is blocked by the rule WSH Default Outbound Block with the description Blocks all outbound traffic for services who have been network hardened. Apparently, this rule takes precedence over my “allow” rule.

I’m not sure exactly why wermgr.exe is affected by the Windows Service Hardening default rule but I assume that one of the hardened services execute wermgr.exe to perform a task of connecting to the server at 65.55.53.190 (a Microsoft IP address), and wermgr.exe is then blocked just as the service would be.

As yet untested, but looks interesting…

 

FreeBSD 10, apache 2.4, php56 & Segmentation fault (11)

Error logs were filling up with these….

[core:notice] [pid 1282] AH00052: child pid 29796 exit signal Segmentation fault (11)

Web visitors where shown…

No data received

Unable to load the web page because the server sent no data.
Error code: ERR_EMPTY_RESPONSE

Tracked the issue down to the fact php5-extentions port was compiled with zip and / or zlib support.

Recompiles lang/php5-extention withouth zip & zlib support and removed old modules with…

cd/usr/ports/archivers/php56-zip && make deinstall
cd/usr/ports/archivers/php56-zlib && make deinstall

(later reinstalled zlib due to wordpress requiring it to unpack plugin updates, everything continued to work)

.. and 99% of things started working again. Still had one problem with the contact us pages on our site though, seems to be related to contact-form plugin

 

Update.

Tracked issue do use of imagepng in really-simple-captcha.php, line 146. Obviously not really-simple-captcha.php’s fault…

 

Used the following script to test further

<?php
 header('image/png');
 $img=imagecreatetruecolor(200, 30);
 $text_color=imagecolorallocate($img, 200, 200, 200);
 imagestring($img, 5, 5, 5, 'test', $text_color);
 imagepng($img);
 imagedestroy($img);
?>
Everytime the above script was called via a browser it would "Segmentation fault (11)" error.

Went back and recompiled /usr/ports/graphics/php56-gd (+T1lib, +TrueType, -JIS, -X11, -VPX) without success
Recompiled /usr/ports/graphics/png without APNG (-APNG, +PNGTEST) but didn't seem to make any difference.
Went back and recompiled again /usr/ports/graphics/php56-gd (+T1lib, +TrueType, -JIS, -X11, -VPX) and started to work.

Symlink, ln

Common synlink’s you do.

ln -s /usr/bin/svnlite /usr/bin/svn

ln -s /usr/local/share/munin/plugins/scs_directory_size_v3_ /usr/local/etc/munin/plugins/scs_directory_size_v3___var___db___mysql

ln -s [SOURCE FILE / DIR] [CREATE SYM LINK HERE]