DNS amplification DoS attacks

loudspeakersIf you are running a DNS server, then you need to check it is not being co-opted into 'DNS amplification attacks'.

Random nasty servers (typically part of virus created bot-nets) send your DNS server a short request but use a fake source IP address.  Your DNS server then sends a (typically) long reply back to that fake source IP address.

The fake source IP address gets a lot of traffic from your DNS server.  You get abuse complaints.  Your server uses a ton of bandwidth.

Why do the 'nasty servers' do this?

First, their involvement is hidden.  The target IP is getting traffic from your server responding to the fake source IP.  And you cannot easily tell where the traffic is really coming from.  Typically the requests are fire-and-forget UDP requests.

Continue reading

Posted in Rimuhosting | Tagged , , , | Comments Off

Happy holidays 2012

UntitledThank you to all our wonderful customers for your business in 2012.

A number of our staff are taking a break over Christmas and the New Year to be with friends and family. And to take advantage of this beautiful kiwi summer. Sometimes downtime really is a good thing.

So we will be operating with a reduced support crew for a while.

If you have non-URGENT requests, questions and comments then just forget about them for a bit and instead just enjoy the holidays.

We are still 'all go' for any emergencies or urgent issues.

We will be back up to regular staffing levels from about 3 January.  And our rested staff will back to their keen, prompt and helpful selves.

Posted in Rimuhosting | 3 Comments

Ubuntu 12.10 Quantal Quetzal install images

We are proud to announce the release of the new installer images for Ubuntu 12.10 Quantal Quetzal Server Edition. It is available as an reinstall option for existing servers, or in the new servers orders page

The version is intended for those looking at getting newer versions of the packages for the 12.04 LTS (long term support) image. The trade off is that it is not LTS, having only 18 months of package updates from Ubuntu.

On the server-side there is not too much new or remarkable in the 12.10 image.  Most packages get minor updates.  We have provided a new kernel 3.6.4 for these images.  The install comes with a refreshed Python 3.2.

Posted in Rimuhosting | Tagged , , , , , , , | Comments Off

Custom VPS Image via API

The RimuHosting server management API can be used to create new servers (and shut them down and reinstall them and more).

The API lets you pass in scripts that run during setup.  And to provide links to external files.

This lets you do some interesting things.  Like using the API to setup a custom image.  Maybe a snapshot of a server you have.  Or migrating a dedicated server image to a VPS image.  Or installing a TurnKey ISO.  Or grabbing an image of a distro type we do not offer as standard.  Or deploying a custom image you have created for your distributed web service.

The below script accepts a filesystem image from a URL with a zip, tar.bz2, tag.gz or iso which will be used to populate the VPS filesystem. This needs to be a live system image (not an installer).

Continue reading

Posted in Rimuhosting | Tagged , , , | Comments Off

New Relic Shirts and Goodies Arrived

Today a box arrived apon my doorstep, i was super excited when i saw the New Relic stickers on the outside! I took it to work, and opened it to find a slew of goodies including shirts, bottle openers, can coolers, stickers galore!

I carefully went around every ones desk in the office sharing out the goodies so when they came in they had a nice surprise when they arrived at work.

Everybody was super happy with their new shirts, and other bits and pieces, huge thanks go out to the guys at New Relic!

Back Row: Eugene, Peter, Erwin, Glenn
Front Row: Juan, Paul

Posted in Office | Tagged , , | Comments Off

Finding Exploits and Trojan php hacks on a website

Its always unfortunate when you are exploited, and the best method to fix a site is to wipe and restore from a known backup as well as track down the entry point they gained access and fix it.

Sometimes you need to 'clean' a site of these files before migrating things over however , or to keep the site going for a short time until you are able to do this. This is what this HOWTO is for, keeping things going for a short time until you can track down the entry point, or migrate/upgrade the site and get it back online.

I use multiple methods to identify scripts, and even doing so there will probably be things that are missed. Here are the ones i usually use
Continue reading

Posted in HOWTO, Security | Tagged , , , , , , , | 4 Comments

Servers for Hurricane Sandy refugees

Has your hosting been affected by Hurricane Sandy?  We would like to offer you free hosting.

Order a server from http://launchtimevps.com

In the order comments say "My server xyz.com is affected by Hurricane Sandy.  May I please have the $50 credit."

We will verify that server has been 'Sandy-ized', apply the credit and setup your server.

You will not be required to make any payment until after the credit runs out (typically in 1-2 months depending on what server you order).  You can cancel and shutdown the server at any time.

If you have any questions, just let us know here (in the comments) or in live chat at http://rimuhosting.com/chat.jsp

Posted in Rimuhosting | 2 Comments

Blocking malicious crawlers or scrapers in Apache

Occasionally we see a customer who has a popular website that often gets people trying to crawl it and copy the lot, This has the unfortunate side effect that its hammering the site.

Made worse only by dynamic pages and loops this can literally take down a server in some occasions. Often you can slow them down by putting something in a robot.txt in the DocumentRoot like this

User-agent: *
Crawl-delay: 5

You can even use various geoip blocking techniques and firewalls, though these are harder and more complex.

If you are unlucky then you need to take another form of action. You can manually block these when you see them in the logs, but if you are getting hit by them a lot it may pay automate blocking them.
In one such case a user had taken every option he could to block them, including firewalling entire countries from his server. This is what we ended up resorting to
I put the following code into a script called crawlerblock.sh and ran it on a crontab every 5 minutes.

# This is the threshold they get blocked at
# logfile to parse
apachelogfiles="/var/www/vhosts/site1.com/statistics/logs/access_log /var/www/vhosts/site2.com/statistics/logs/access_log"
if [ ! -f /tmp/cb.txt ];
touch /tmp/cb.txt
for logfile in $apachelogfiles ; do
        /bin/cat ${logfile} | /usr/bin/awk '{print $1}' | /usr/bin/sort | /usr/bin/uniq -c | /usr/bin/sort -n | /usr/bin/tail | while read line
        do num=$(echo ${line} | /usr/bin/awk '{print $1}')
        ip=$(echo ${line} | /usr/bin/awk '{print $2}')
        # echo Num ${num} and IP ${ip}
        if [ $num -gt $threshold ];then
                if ! /bin/grep -Fxq ${ip} /tmp/cb.txt
                        echo ${timestamp} detected bot from ${ip} - blocking >>/var/log/messages
                        /sbin/iptables -I INPUT -s ${ip} -j REJECT
                        echo ${ip} >>/tmp/cb.txt

This script basically searches for anyone who has hit the server over 2500 times in your current log. That number is changeable if you want more or less leeway, and it would be easy to adapt that to ignore local ips or similar (just add in a grep -v in the line under timestamp).

If you used this regularly it would probably help to remove the ip cache from /tmp/cb.txt and save the iptables every now and again.

Let us know if you need this setup at all on your VPS by dropping in an email to support.

Note: this script was made to work on debian based system, may need paths tweaked for other distros

Posted in HOWTO | Tagged , , , , , , , | Comments Off

Finding spam sending PHP scripts on your server

PHP LogoEveryone has the occasional user who may leave something on their server that may send spam, or not update things as fast as they should. Tracking down the spammer can be a real problem though.
Sometimes you can track down the domain, but not the script, other times they may have so many files that its nearly impossible.

Continue reading

Posted in HOWTO | Tagged , , , , , | 5 Comments

Installing Oracle RDBMS Server

Oracle is a very popular database.  Particularly for enterprise customers running on dedicated servers with lots of CPU and fast RAID setups.

This tutorial will guide you to install Oracle database server on CentOS Linux distro.  Hopefully the steps are simple enough that even a technically minded non-DBA can get the database installed.

Oracle RDBMS can use quite a bit of server resources.  So for reliability and best performance we recommend that Oracle is installed only on one of our dedicated servers (or VPS-on-dedicated server) setup (rather than on our shared VPS hosts).

If you get stuck or just need Oracle RDBMS installed, simply pop in a support ticket for our sysadmin team to do the install for you.

1) Install openmotif.  So you will have a window manager and when a pop-up or dialog window appears during installation you will be able to switch to it or interact with it. Firefox is needed to download Oracle 11gR2 installer when you don't have the cd media installer and the rest of the other packages are required part of the software requirements. Take note some packages that will be installed are a mix of i686 and x86_64 packages as noted in the manual under Package Requirements. You can also check a screenshot below of Prerequisite Checks - Step 8

Continue reading

Posted in Rimuhosting | Tagged , , , | 1 Comment