Monitoring and measuring bandwidth
Saturday, August 16th, 2008 | debian | No Comments
True “unlimited” bandwidth is pretty much dead these days, and so it should be in my opinion. I would much rather have high speed and a fixed amount bandwidth than be forced to a limited amount of bandwidth by having a slow access speed.
Whether you have a shared hosting, a vps or a dedicated server you are most likely to have a fixed amount of bandwidth whether you know it or not.
I’ve decided to monitor and measure my bandwidth usage from the start. I think its generally good practice and I certainly don’t want to get stung by excess charges if I use more than my host allows. Also a sudden increase could be a sign of a security breach.
I installed a couple of applications, the first was a real time bandwidth monitoring tool.
# apt-get install bwm
sailes:/# bwm
Bandwidth Monitor 1.1.0 Iface RX(KB/sec) TX(KB/sec) Total(KB/sec) lo 0.000 0.000 0.000 eth0 5.497 21.489 26.9860 Total 5.497 21.489 26.9860 Hit CTRL-C to end this madness.
The second records and summaries my bandwidth usage by hour and day.
# apt-get install vnstat
sailes:/# vnstat
Database updated: Sat Aug 16 22:20:01 2008
eth0
received: 895.92 MB (45.9%)
transmitted: 1053 MB (54.1%)
total: 1949 MB
rx | tx | total
-----------------------+------------+-----------
yesterday 12.75 MB | 83.79 MB | 96.54 MB
today 25 MB | 104.73 MB | 129.74 MB
-----------------------+------------+-----------
estimated 26 MB | 111 MB | 137 MB
Debian SSH Security
Saturday, August 16th, 2008 | debian | No Comments
Within two days of having my out of the box Debian install exposed to the internet I realised something had to be done about my SSH security.
I was getting a large amount of attempts to access my server. This was logged to /var/log/auth.log.
Attempts ranging from guessing the system’s users:
Aug 12 19:01:04 sailes sshd[11017]: Invalid user alex from 221.11.123.149
Aug 12 19:01:04 sailes sshd[11017]: (pam_unix) check pass; user unknown
Aug 12 19:01:04 sailes sshd[11017]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.11.123.149
Aug 12 19:01:05 sailes sshd[11017]: Failed password for invalid user alex from 221.11.123.149 port 41122 ssh2
Aug 12 19:01:08 sailes sshd[11021]: Invalid user brett from 221.11.123.149
Aug 12 19:01:09 sailes sshd[11021]: (pam_unix) check pass; user unknown
Aug 12 19:01:09 sailes sshd[11021]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.11.123.149
Aug 12 19:01:11 sailes sshd[11021]: Failed password for invalid user brett from 221.11.123.149 port 41238 ssh2
Aug 12 19:01:13 sailes sshd[11025]: Invalid user mike from 221.11.123.149
Aug 12 19:01:14 sailes sshd[11025]: (pam_unix) check pass; user unknown
Aug 12 19:01:14 sailes sshd[11025]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.11.123.149
Aug 12 19:01:16 sailes sshd[11025]: Failed password for invalid user mike from 221.11.123.149 port 41366 ssh2
Aug 12 19:01:19 sailes sshd[11029]: Invalid user alan from 221.11.123.149
Aug 12 19:01:19 sailes sshd[11029]: (pam_unix) check pass; user unknown
Aug 12 19:01:19 sailes sshd[11029]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.11.123.149
To attempting to brute force the root password:
Aug 16 21:05:12 sailes sshd[24111]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.75.189.67 user=root
Aug 16 21:05:14 sailes sshd[24111]: Failed password for root from 65.75.189.67 port 36171 ssh2
Aug 16 21:05:15 sailes sshd[24115]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.75.189.67 user=root
Aug 16 21:05:18 sailes sshd[24115]: Failed password for root from 65.75.189.67 port 36489 ssh2
Also alsorts of crazy other error messages which no doubt came from attempting to exploit various potential security flaws.
This was obviously not a good situation, luckily many people offered advice. Ideally what I should have done was to only allow management access to my own static ip address. But this doesn’t suit me, I like to be able to do anything from anywhere.
Another suggestion was to change the port ssh listens on. This is a very good suggestion, and one I would pass onto others. It seems like 99% of the attackers don’t bother to check for ssh listening on a non-standard port. I didn’t want to do this because that would mean I would have to remember yet another custom port, but also due to strict firewall policies I had to contend with.
Finally I decided on installing a piece of software called DenyHost
# apt-get install denyhost
This python application runs frequently throught the day monitoring my auth.log, when it sees suspicious behaviour it bans the ip address from the service.
Now my hosts.deny file is now increasing almost daily with naughty ip addresses.
sailes:/# cat /etc/hosts.deny
sshd: 221.11.123.149
sshd: 89.96.182.197
sshd: 211.239.157.222
Although this is not the most secure option, I feel it best suits my needs.
Migration - Dedicated Server
Saturday, August 16th, 2008 | migration | No Comments
I’m now doing more Java programming and less Php. Which is a good thing since I’m a terrible Php programmer.
It soon became apparent that to host my own Java applications and web sites I needed a new host. Fasthost.com is not a good organisation and I really wanted to cut all links with them. This was all the encouragement I needed to move to my own dedicated server.
I choose to jump into bed with a local (York) company called Bytemark.
A dedicated host gave me the chance to make my own decisions, my choice of web server and its configuation. Also the ability to run my own increasingly demanding Java applications since I had my own deadicated ram to play with.
However this came with the downside that I had to manage said server. I have basic knowledge of HP-UX and bits and pieces from various Linux distros. But I’ve always liked a challenge and I look forward to running the show for a change.
For the nosey people, I’ve got 2GB of Ram, mirrored hard drives running Debian Etch. I’m planning on installing Apache, php, mysql for various WordPress sites I run and Tomcat for Java.
Apologies
Saturday, August 16th, 2008 | Uncategorized | No Comments
Apologies if you are reading this after being redirected from missing content.
My previous content management system was just getting me down and not up to the job. I’ll may move some of the content over in time, meanwhile if you need to know anything specific contact me on mark at sailes dot co dot uk.
Regretfully
Mark,