Whitelist your own computer in fail2ban

Fail2ban is a great "dynamic" firewall for servers that is installed by default on many of our VPSs, and we can install it on your VPSs at your request. It protects against brute-force attacks, where an attacker is trying to guess a password or exploit certain classes of vulnerabilities on servers.

One potential problem with fail2ban and similar tools is the false positive problem, that is, banning yourself from your own VPS, particularly if you don't always get your password right. In this post, I'll explain how to fix that problem using fail2ban's whitelist feature.
Continue reading

Posted in HOWTO, Rimuhosting, Security | Tagged , , | Leave a comment

Lets Encrypt with Virtualmin

Virtualmin now supports Let Encrypt, this means you can easily get multiple SSL certificates easily and free if needed.

Here is how you can set that up.
Step 1: Login to your virtualmin, select the domain from the drop down in the top left.

Step 2: Click 'Edit Virtual Server' , under the 'Enabled Features' you will see 'SSL Website Enabled'. check the checkbox and save


Step 3: Expand the left menu under Server Configuration click on Manage SSL certificate. The top Far right should have a tab named 'Let's Encrypt' which you can click on.

Step 4: Change the 'Months between automatic renewal' from Manual to every 12 months or similar and save.


Step 5: Test the domain works with https and you are done.


Notes: You will need apache 2.4 to allow multiple SSL certificates on a single IP,

Posted in HOWTO | Tagged , , , , | Leave a comment

ClamAV: mpool_malloc and disk space

ClamAV is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats. The most common use we see is to check emails for bad content.

Some of our users have recently been seeing errors from "freshclam" processes that look like the below entry. These will occur quickly and will often cause log files to grow very fast, to the point your server may have run out of disk space.

Tue Nov  1 00:17:18 2016 -> WARNING: [LibClamAV] mpool_malloc(): Attempt to allocate 8388608 bytes. Please report to http://bugs.clamav.net

Continue reading

Posted in Security | Tagged , , , , | Leave a comment

Using Fail2ban on wordpress wp-login.php and xmlrpc.php

A fair few customer of ours use wordpress and occasionally notice that there are people hammering on a few URLs

This can cause high load, slow websites and a number of issues, espoecuially when you have more than a single IP hammering away at that.

The solution is simple, and it involves using fail2ban. Here are some simple fail2ban recipes that will stop most of that in its tracks.

Create a file /etc/fail2ban/filter.d/wordpress.conf with the following contents

failregex = ^<HOST> .* "POST .*wp-login.php
            ^<HOST> .* "POST .*xmlrpc.php
ignoreregex =

You can add as many regex in there as you want on new lines, but these will cover that for now. It opays to check the apache logs to make sure this regex is going to work on your server, and the fail2ban logs after applying to make sure its banning them

Create the file /etc/fail2ban/jail.d/wordpress.conf file add the following rules into that

enabled = true
port = http,https
filter = wordpress
action = iptables-multiport[name=wordpress, port="http,https", protocol=tcp]
logpath = /var/log/httpd/access_log
maxretry = 3
findtime = 120

The log paths i have used in here cover a few places, likely you will need to remove ones you dont need or have. The first log path is redhat/centos based, the next is debian, and the third is for those with virtualmin.
Other potential log paths may be something like the following
Plesk: /var/www/vhost/*/statistics/logs/*log or /var/www/vhost/*/system/logs/*log
CPanel: /home/*/log/*log

Make sure you keep an eye on the fail2ban log, and make sure that the ban is happening. It should look like this

2016-11-01 18:40:50,672 fail2ban.actions[958]: WARNING [wordpress] Unban
2016-11-01 19:47:53,081 fail2ban.actions[958]: WARNING [wordpress] Ban
2016-11-01 19:54:56,550 fail2ban.actions[958]: WARNING [wordpress] Ban
2016-11-01 19:57:53,747 fail2ban.actions[958]: WARNING [wordpress] Unban
2016-11-01 20:04:57,198 fail2ban.actions[958]: WARNING [wordpress] Unban
2016-11-01 20:33:35,094 fail2ban.actions[958]: WARNING [wordpress] Ban
2016-11-01 20:43:35,755 fail2ban.actions[958]: WARNING [wordpress] Unban
Posted in Rimuhosting, Security | Tagged , , | Leave a comment

Using Ansible to manage your VPSs – Part Two

In this post I'm going to introduce playbooks, and show you how to customise the /etc/resolv.conf file on each server.  I assume you have followed Part One of this series and have created a hosts file and files in ~/myansible/host_vars/.

Tasks, playbooks, groups and roles

ansible-pA note on terminology.  A task is something done on a server, like a file created or updated, a user, cron job, or os package added or removed etc.  A task could be done from the command line using the ansible binary, but usually multiple tasks get  grouped together in a yaml file called a playbook.  A playbook might install and configure one specific piece of software, for example.  The image above shows a set of 6 playbooks, each which will have multiple tasks within it (the tasks are not shown)
Continue reading

Posted in Rimuhosting | Leave a comment

Using Ansible to manage your VPSs – Part One

ansibleAnsible is a system to automate the updating of server configurations and other administration tasks.  In this post I'll explain what's necessary to get started with Ansible, creating a configuration structure, telling Ansble about your hosts and running ad-hock commands on multiple hosts.

Ansible is useful when you have 3 or more VPSs and need to keep changes synchronised or updates applied in a consistent manner.  It takes a little more work to do something through a configuration management system, but the reward is that you can apply your configuration change to 3, (or 3000) servers with little extra effort once that is done.
Continue reading

Posted in Clustering, HOWTO, Rimuhosting | Tagged , , , , | Leave a comment

New options for reduced VM pricing!

Not every server needs priority CPU, backups, and 24x7 fully managed support.  We have added a few options on our http://launchtimevps.com ordering interface to let you tweak these settings to enable you to get a lower price for your server if that is appropriate.

  • Option to enable/disable backups.  Less disk space usage costs less.
  • Select the number of CPU cores (1-4).
  • Select the CPU priority (over other VMs on the host).  Get a bit more CPU time when the host is busy (when the host is relatively idle, which is typical, nothing changes).
  • Sysadmin support level required.  Cheaper for self, managed a bit more if you want us to be fully managing your server.
  • Support level priority.  Options for customers needing to get sysadmin assistance 24x7 in emergencies.  Though to options for non-urgent support requests.

Screen Shot 2016-08-15 at 11.57.35 AM Screen Shot 2016-08-15 at 11.57.09 AM

Posted in Rimuhosting | Comments Off on New options for reduced VM pricing!

LXD containers now available for Ubuntu

containersThe latest Ubuntu LTS release, Xenial 16.04 , comes with support for a container system called LXD.  LXD builds on the existing LXC container system, allowing for more convenient management of those containers.

In this post I show how you can test out LXD containers on a Rimu VPS running Ubuntu 16.04.  I assume you already have a Ubuntu 16.04 VPS set up; if not you can grab one at RimuHosting  or launchtimevps.com.

Containers allow further separation between websites running on your VPS, which can be useful for removing dependency problems, for creating test environments for upgrading or developing new sites and perhaps for improving the security of your websites.
Continue reading

Posted in HOWTO, Rimuhosting | Tagged , , , , , | Comments Off on LXD containers now available for Ubuntu

How to get an A pass SSL rating for your SSL website

qualys-ssl-labs-logoEveryone wants security, and its ideal that your SSL certificates are also secure. With this in mind, websites like SSLLabs have a testing tool that is used to grade the SSL certificate installed on your server.

Often people get a low ranking when its fairly easy to get an A. I could make this post long winded and complex, but ultimately it comes down to adding the following items in your SSL configuration.

    SSLHonorCipherOrder on
    SSLProtocol All -SSLv2 -SSLv3

Note: If you are using Centos, then its likely you will need to add this to every virtualhost config after turning SSL on.
Continue reading

Posted in Security | Tagged , , , | Comments Off on How to get an A pass SSL rating for your SSL website

Monitor sites for exploits


We dislike dealing with exploited websites. A common cause is "the long forgotten outdated install from a web developer who left years ago. hoping works forever". Public facing services need to be kept updated in order to remain secure, so script-kiddies can't use your server for abuse, like selling dodgy medicinal products.

One would always try to enforce strong permissions and server settings to avoid these from happening, even use something like apparmor (which it is the way to do it), but there are other ways also to strengthen things a bit more. With the inotify feature in newer kernels, it is possible to monitor a file system location for changes and check those quickly with a scanner. We have made a script to help automate rapid notifications when possible issues are detected. This will work with a CMS or tomcat install. We also provide instructions on Maldetect ahead. Continue reading

Posted in HOWTO, Security | Tagged , , , | Comments Off on Monitor sites for exploits