We are interested to know how many VPS providers.. ( not resellers ) have hardware firewalls in front of their VPS hardware nodes?
If so, Do you find this impacts customer vps's?
What kind of hardware firewall do you use?
If not, how do you protect your hardware nodes from attack?
After some research I seem to find most providers do not in fact have any hardware firewalls in front of their VPS hardware nodes. Mostly they say it causes too many problems and tickets due to port blocking, etc... and customers complain about being restricted..
Forbidden You don't have permission to access /_vti_bin/_vti_aut/author.exe on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
I have done the following: uninstalled /re installed extensions via whm (same error)
.htaccess is default frontpage's code only, nothing else
/scripts/chownpublichtmls
dns zone propagated fully, correct (today)
.htaccess file:
Code: # -FrontPage- IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti* <Limit GET POST> order deny,allow deny from all allow from all </Limit> <Limit PUT DELETE> order deny,allow deny from all </Limit> AuthName www.domain.com AuthUserFile /home/user/public_html/_vti_pvt/service.pwd AuthGroupFile /home/user/public_html/_vti_pvt/service.grp
Initially I'm planning on interfacing with GMail as well as providing a downloadable plugging.
I'm planning on coloing @ 151 Front Street since Google peers at torix and the majority of my data transfer will be to them.
My concern is dealing with DOS attacks, since in the past some anti-spam companies have been subject to DOS attacks. Are there any providers at 151 front who specialize in high-risk hosting?
We're currently serving approx. 150mbit of traffic (mainly video files) via 2 round robin'ed front-end servers. The front-end servers are NFS mounting the content blades so we can access all content via dedicated links to each blade, A,B,C like:
mainsite.com/A/files.wmv (blade A) mainsite.com/B/files.wmv (blade B) mainsite.com/C/files.wmv (blade C)
We're fed up with this way of structuring our content because of space issues and because we need to go to blade A to get file X.wmv and to blade C for Y.wmv
We're looking for a better solution and we need your help, I have looked at the producs from Coraid, e.g:
[url] look for "Bundle - CLN21 + SR1521"
Would this be a way to do it? it will give us plenty of storage space and if we could buy 2 sets, we could mirror the sets and mount a set to each front end server to have some failover protection? and we could remove the A,B,C areas and have it all under:
projectABC/ X.wmv Y.wmv (not so important just an easier way for us to keep track of it)
But is Coraid even used for this kinda task or is it a LAN product? Can it keep up with the 150mbit of file requests, 20-400mbit a piece.
Another idea was to simply build 2 sets of raid boxed with a 16channel raid card some some disks and it would give us something similar to the coraid?
Why Wndows 2008 standard shows its IIS front page only
I am using windows 2008 standard version 64 bits
I am using an external DNS service and using none of Windows roles
I disabled the firewall completely
When I run IIS i can access to its front page from another machine but when I run jboss the browser can't get access to my web site front page! They both use port 80
Does ISS has some sorts of hidden privileges in Micorosoft which is not surprising
I am about to revert back to Windows 2003 if I can't find a solution to this problem. Or do I have use a certain role for remote access?
Today I was just going through some pricing and quotes trying to decide if multiple average priced servers ($150/mo - $400/mo) vs Powerhouse servers ($1,500/mo - $2,500/mo). The powerhouse servers look mathematically to pay off better in the end but I am thinking that they may bottleneck easier.
I have set up a backup node in PPA, and set it to be ready to provide, however backup tasks are saving the backups to the apache web server nodes? How do I find the cause of this?
Should excess bandwidth charges apply for traffic that occurs between 2 nodes on a lan?
We have 2 self service dedicated servers. One of them runs our production environment and the other is used for development and backups. We have a cron job which copies backup data from the production server to the development box. A few months ago a bug in our backup script resulted a $700 excess bandwidth charge from the hosting provider.
An analysis of the network stats showed this to be $350 for outbound traffic from the production server and $350 for inbound traffic to the development box. Internet traffic for the period in question was negligible. I disputed the charge but was unable to obtain a refund. I'm trying to decide whether to switch providers as a result.
Based on the information listed above what do you think most hosting providers would have done:
1. Exactly the same. The terms of service make the customer liable for all excess bandwidth. 2. Offered a $350 refund to avoid billing twice for the same traffic. 3. Refunded the full amount because the excess traffic did not touch the public wan.
I am having network issues, local servers in the /24 are unable to connect to VPS's.
If I make the /etc/sysconfig/network-scripts/ifcfg-eth0 too especific by adding a netmask then Nodes with assigned IPs on a different /28 will stop working/ping.
Right now it works, but it doesn't allow local servers to connect to VPS's (a problem) as one of those nodes is a VPS backup center.
I'm testing PPA and have now a questions. How can restrict a subscription to a service node? I have try that over the subscriptions and custom atribute's. That work for the most thinks (Apache/Postfix) but not for MySQL, all customers can by a create to choose the database server (all database servers). How can i customer don't allow to choose the database server?
For a example (web1, mail1 only -> db1) (web2, mail2 only -> db2)
And for the DNS settings to create automaticly a DNS for the database service? (as a sample: db.domain.de -> database service node)....
I can't seem to find if there is a way to specify what hostname is used for a service on a service node. For instance, if one creates a service node named web01, and makes it a DNS service node, is web01 what will be used when creating NS records in zone files, or is there a way to change that?
The ppademo.com site is offline (and was unlicensed again last week).
after learning that server aliases are not available for PPA, we are needing to rename our service nodes. We have looked through the documentation, and did see the ppa.hostname command for the management node but there does not seem to be an equivalent for service nodes.
I'm attempting to run PPA on Azure but I only have one IP to work with, the public IP address. It's not possible to communicate between servers using the internal IP addresses as they are not necessarily on the same sub net. How can I get PPA and service nodes running on a single IP address per machine?
An example of the error I get when setting up a service node is
Failed to execute command 'cscript /Nologo http_download.js http://<private ip address>/tarballs/Win32Bin/support.cab'. Check logs in 'c:POA_Deploy' at host '<public ip address>' for more details about the reasons of failure.
I am working on a new install of PPA, and after installation on the management node Im trying to add the other nodes. Ive tried to add a Apache, Postfix, DNS & DB node, and they all have the same issue. The installation task fails with the following error:
Destination host 'node.domain.com' (#3), IP '192.168.1.*' : The operation can not be completed because the following component is missing or is not running: pleskd (sc_name '', sc_id #45)
(domain and IP are removed here, correct in the original error. The IP is a backchannel IP, and the public IP was properly set in the management node).
I've verified that pleskd was installed and is running on each node:
Code:
24710 ? S 0:00 /usr/local/pem/sbin/pleskd --props-file /usr/local/pem/etc/pleskd.props --send-signal 24712 ? S 0:00 /usr/local/pem/sbin/pleskd --props-file /usr/local/pem/etc/pleskd.props --send-signal 24714 ? S 0:00 /usr/local/pem/sbin/pleskd --props-file /usr/local/pem/etc/pleskd.props --send-signal ...
I've verified that my management node can connect to the nodes in question via 8532:
Code: ]# telnet 192.168.1.* 8352 Trying 192.168.1.*.. Connected to 192.168.1.*. Escape character is '^]'. ^] telnet> quit Connection closed.
So there shouldn't be any firewall or other networking issues.
Do you recommend a software firewall when behind a hardware firewall?
All of our servers are behind Cisco ASA 5505 firewalls which we rent from Liquidweb. All are being managed correctly and setup to there optimal levels. With hardware firewalls firmly in place, do you still recommend a software firewall such as APF or IPTables (we're talking linux); in our opinion we see it as an extra administration overhead. If this is however untrue, we will change out thinking.
I received an unusual question from a friend earlier tonight, and I couldn't figure out the answer to his problem, so I thought I would post it here and see if anyone has a solution.
How to configure your server to automatically add "www." in front of domain names?
For example, someone--let's say Bob--typed in [url] in his URL blank on his browser window, how can I make it so that my server automatically changes it to [url]?
I have noticed a number of major web hosts have the www automatically added in front--including webhostingtalk.com and google.com.
I've found a dedicated server at a great price and plan to stick with it, my first ( already have 2 vps accounts ). I don't have the money for a hardware firewall. However, I do have a chance to renew a Kerio WinRoute Firewall license from way back.
Does anyone think this would be better than the default windows 2003 firewall?
i had access in some servers via SSH and when i try to connect i get:
Welcome to The HOST! login as: nickname -------------------------- We monitor/log everything on that server! IP Logged! -------------------------- nickname@host's password: .............
I know that there is the motd file in /etc that i can put a message but i see it when i full be recognized by the server.. (after putting the password).. How can i put the other 2 messages?
Im using the latest cPanel release. Using Pure-FTPD as the ftp server. I have CSF Firewall installed and configured and have also got [url]installed. on the dos deflate software ive set the ban limit to 250 connections.
But what my problem is that while downloading on ftp clients with internet that can download very fast that it will ban them. Ive kinda realised that it is to do with the DDos software but im unsure what i should do. Increase the limit of connections but that would mean that more minor Ddos attacks might get through so that would affect more clients. Or leave the limit at 250 and let clients get blocked for 20 minutes.
Or alternatively is there a way i can stop people getting banned via FTP completly. As i dont see that option on the Ddos or csf.
