Feel free to use the following iptable commands below to drop INVALID SYN packets that sometimes are also used to flood the server..
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
I am having a problem with a client who's using Mail.app and it seems to be sending invalid packets to the server. Here is a sample of the report from the firewall:
Code:
Hits: 21
Blocked: permanently
Sample of block hits:
Aug 17 11:24:14 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=48970 PROTO=TCP SPT=49174 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:14 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=5724 DF PROTO=TCP SPT=49173 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:14 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=23624 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:14 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=49421 DF PROTO=TCP SPT=49175 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:15 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=10507 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:21 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=38488 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:21 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=25402 DF PROTO=TCP SPT=49175 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:29 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=18975 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:29 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=52260 DF PROTO=TCP SPT=49175 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:29 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=18208 PROTO=TCP SPT=49174 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:45 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=30469 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:45 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=36698 DF PROTO=TCP SPT=49175 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:45 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=7445 PROTO=TCP SPT=49174 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:45 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=47645 DF PROTO=TCP SPT=49173 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:25:17 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=30465 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:25:17 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=44590 DF PROTO=TCP SPT=49175 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:25:17 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=2887 PROTO=TCP SPT=49174 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:25:17 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=35090 DF PROTO=TCP SPT=49173 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:26:21 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=4986 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:26:21 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=42867 DF PROTO=TCP SPT=49175 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:26:21 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=1310 PROTO=TCP SPT=49174 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
The report just says Invalid IN. Does anybody have any suggestions on what would be causing this? I use Mail.app myself and have never had problems with it triggering the firewall.
commands to log packets temporarily for a certain udp port with the IP information ect.
Any help would be appreciated. As for what I am doing, I am trying to find anything wierd or something that stands out from the packets sent from external IP's to my server.
I have a Virtuozzo VPS running Debian Sarge. I installed apf. My /etc/apf/conf.apf looks like:
IFACE_IN="venet0"
IFACE_OUT="venet0"
SET_MONOKERN="1"
IG_TCP_CPORTS="21,22,53,80,443,25,465,110,995,143,993,137,139,445,10000,3306"
IG_UDP_CPORTS="53"
Am am getting several "iptables: Invalid arguments" message. I traced this to these iptables calls from within /etc/apf/firewall. Each of these iptables calls gives "iptables: Invalid arguments":
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ALL NONE -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags SYN,FIN SYN,FIN -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags SYN,RST SYN,RST -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags FIN,RST FIN,RST -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ACK,FIN FIN -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ACK,URG URG -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ACK,PSH PSH -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ALL FIN,URG,PSH -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ALL ALL -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ALL FIN -j IN_SANITY
Any thoughts? According to my ISP, I have these iptables modules:
iptable_filter
iptable_mangle
ipt_limit
ipt_multiport
ipt_tos
ipt_TOS
ipt_REJECT
ipt_TCPMSS
ipt_tcpmss
ipt_ttl
ipt_LOG
ipt_length
ip_conntrack
ip_conntrack_ftp
ip_conntrack_irc
ipt_conntrack
ipt_state
ipt_helper
iptable_nat
ip_nat_ftp
ip_nat_irc
A friend pointed out today that urgentVPS' WHMCS license had expired so he was unable to get to support tickets, he also said about the phone number not working properly. Wondered if anyone could shed some light on this situation, or whether I should get ready to back up and pack up?
View 12 Replies View RelatedOne of my client has the following question but I don't have enough knoweldge on this topic. Hope some network experts out there can give me some advises.
I want to do this:
1. TCP SYN negotiation using fixed port
2. HTTP request
3. ACK
4. Another HTTP request (control words)
5. ACK
6. Another HTTP request (control words)
7. ACK
Unfortunately, I can only accomplish this:
1. TCP SYN negotiation using fixed port
2. HTTP request (control words)
3. ACK
4. FIN
5. TCP SYN negotiation using ANOTHER port
6. HTTP request (control words)
7. ACK
8. FIN
There is too much overhead in the second method. Can you comment on why the first method doesn't work? It processes the first HTTP request but ignore the second, third, etc. HTTP requests. WHY? Do I always have to choose another port to processes another HTTP request?
What does it mean is it indicate ddos attacks?
From 58.32.23.4 - 1160 packets to tcp(1034,1036,1046,1055,1072,1084,1086,1097,1108,1109,1124,1138,1144,1146,1161,1174,1179,1180,1199,1206,1208,1237,1242,1275,1295,1296,1298,1313,1335,1 346,1349,1357,1384,1404,1419,1420,1475,1484,1509,1510,1538,1545,1547,1585,1593,1612,1684,1689,1690,1729,1731,1733,1736,1746,1749,1752,1753,1756,1762,1 763,1765,1768,1770,1779,1782,1784,1785,1786,1787,1789,1792,1794,1800,1806,1856,1877,1879,1885,1930,1988,2004,2005,2022,2027,2073,2077,2099,2109,2113,2 177,2178,2179,2180,2184,2185,2206,2237,2259,2266,2267,2282,2288,2313,2333,2500,2562,2565,2574,2585,2615,2617,2618,2657,2664,2666,2674,2686,2687,2808,2 821,2831,2836,2846,2867,2892,2904,2949,2950,2964,2984,2993,3101,3130,3210,3215,3285,3336,3359,3572,3638,3695,3696,3700,3848,3893,3973,4023,4030,4235,4 269,4293,4358,4370,4380,4398,4414,4472,4509,4549,4571,4585,4606,4608,4635,4685,4766,4778,4780,4812,4836,4844,4858,4902,4903,4909,4912,4916,4935,4936,4 937,4943,4955,4989,5534,5940,6245,6250,6256,6264,6367,7359,7564,7940,8538,9338,10203,10462,10763,11037,11332,11348,11462,11606,11633,11971,12177,12213 ,12242,12267,12276,12283,12307,12361,12399,12457,12472,12584,12645,12648,12793,12829,12842,12906,13197,13438,13807,14465,14493,14762,14765,14768,14769 ,14778,14779,14795,14981,15913,16474,16506,17060,17565,18047,18131,18191,18342,19113,20426,20702,21575,22062,22099,22379,22420,22423,22440,22675,22908 ,23100,23747,23766,24121,24248,24315,24365,24372,24411,24420,24425,24436,24486,24494,24639,25290,25507,26122,26702,26923,26975,27213,27302,27357,27409 ,27947,28731,28821,28982,29197,29227,29249,29285,29448,30472,30554,30564,30584,30632,31346,31628,31899,32074,32093,32306,32562,32566,32657,33968,33980 ,34442,34947,35047,35423,35599,35718,36937,38131,38404,38580,38696,38982,38995,38998,39001,39006,39036,39041,39077,39205,39288,39412,39822,39880,39999 ,40052,40942,41197,42090,42424,43419,43570,43991,43992,44917,46356,46515,46661,46669,46675,46814,46904,47594,48257,50086,50088,50316,50481,50511,50667 ,50786,50789,50790,50791,50792,50798,50802,50811,50930,50941,50951,50959,50999,51002,51008,51532,51650,51655,52362,52441,52448,52459,52531,52587,52612 ,53013,53223,53232,53237,53267,53284,53288,53941,54256,54789,55144,55228,55463,55522,55648,55846,56130,56807,57504,57765,57812,57814,58340,58850,59239 ,59945,60101,60150,60418,60648,60929,61313,61334,61431,61553,61733,61841,61848,61854,61857,61915,61921,61980,62035,62163,62403,62588,62899,62998,63081 ,63097,63198,63302,63379,63715,64214,64373,64380,64434,64442,64485,64491,64495,64501,64505,64514,65151)
I have a VPS with rDNS and SPF records configured fine. I am able to send email to all. But for hotmail I can not.
The strange is that on VPS log I have message that the trasation was competed:
**************
$
2008-02-29 23:22:07 1JVHMV-00069K-PE <= adriano@domain.com.br H=localho$
2008-02-29 23:22:08 1JVHMV-00069K-PE => teste.noreply@hotmail.com R=lookuphost $
2008-02-29 23:22:08 1JVHMV-00069K-PE Completed
***************
But the message was not delivered in any teste.noreply@hotmail.com folder (inbox or spam folder).
I can not understand it. What can to be happening?
Is it normal for a ton of packets to be dropped? My server goes so slow after it gets a bunch of connections, even if I kill everything (i have to restart), and I can't figure out what the problem is. on my other servers it says no packets were dropped. how can i fix this?
ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:1C:C0:C1:8B:3E
inet addr:xx.xx.xx.xx Bcast:xx.xx.xx.255 Mask:255.255.255.0
inet6 addr: fe80::21c:c0ff:fec1:8b3e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:56435 errors:0 dropped:3049109175 overruns:0 frame:0
TX packets:87780 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6804084 (6.4 MiB) TX bytes:118424651 (112.9 MiB)
Interrupt:50 Base address:0xa000
what is packets lost,
I used just-pings.com site and its says my site had 100% losts packets in some locations, what does this mean?
One of my other host doesn't have any packets lost, so for a new package should I go with them, rather than the host which has packets lost?
[url]
When I asked my host they said do not trust just-ping and told me to use,
[url]
Does this site check for packets lost?
My server is being hit by many ICMP packets. Very abnormal but many of them a from indonesian IP.
My server runs on cPanel + CSF.
Should I change CSF to APF? I read most antiDOS attack articles ICMP; eth0; 48 bytes; from 68.66.136.118.fast.net.id to pete.myserver.com; fragment
Tue Nov 25 00:47:52 2008; ICMP; eth0; 1368 bytes; from 125.167.122.253 to pete.myserver.com; echo req
Tue Nov 25 00:47:52 2008; ICMP; eth0; 48 bytes; from 179.subnet125-160-99.speedy.telkom.net.id to pete.myserver.com; fragment
Tue Nov 25 00:47:52 2008; ICMP; eth0; 1468 bytes; from 118.100.245.111 to pete.myserver.com; echo req
Tue Nov 25 00:47:52 2008; ARP request for 202.71.103.231; eth0; 40 bytes; from 0011bb064fc1 to ffffffffffff
Tue Nov 25 00:47:52 2008; ICMP; eth0; 1368 bytes; from 202.152.37.210 to pete.myserver.com; echo req
Tue Nov 25 00:47:52 2008; ICMP; eth0; 1368 bytes; from 202.152.37.210 to pete.myserver.com; echo req
Tue Nov 25 00:47:52 2008; ICMP; eth0; 1368 bytes; from 202.6.234.126 to pete.myserver.com; echo req
note: pete.myserver.com is my server
please advise solution it's causing me 10mbps of inbound bandwidth. my bandwidth is sufficient to handle those for now, but not for long if they increase. my munin shows 20mbps last night
What are the different methods to drop DDOS attack?
View 10 Replies View Relatedway to restart mysql and named if they drop. I'm on cpanel.
I've searched and found the following:
For mysql:
Code:
NUMBER=`ps --no-heading --user mysql | wc -l`;
[ $NUMBER -eq 0 ] && service mysql restart;
For named:
Code:
NUMBER=`ps --no-heading --user named | wc -l`;
[ $NUMBER -eq 0 ] && service named restart;
I have these set to run every 5 minutes, just to check if mysql/named are running. I found out that it doesn't work: I woke up to a whole bunch of sql errors and realized that mysql dropped while I was asleep... I type in "service mysql restart" manually and it restarts as usual, so I know that the command to restart sql works fine, but the restarts aren't triggering in the first place.
I keep having tons of spams in the Drop folder of my Windows SMTP which I enable only for sending out forms. How do you normally stop this? I cant stop the SMTP as it is for forms usage. Relays are already set to my local IPs
View 1 Replies View RelatedI'm getting slow server response times I've been struggling with this for quite some while.
Here is what I know so far:
1. My website divinelightingdotcom through justping returns average 60-80% packets lost for all locations but Santa Clara, which usually has 0-20% loss.
2. My VPS is in Dallas
3. My ISP is also in Dallas, yet justping their website returns 0 packets lost
4a. When I ping my site from Atlanta, the avg trip is 44 ms
4b. However, the first access of my website through a browser usually takes about 5-10 seconds to respond
4c. I assume that my customers have this same experience (if so, this is killing me on my sponsored search advertising)
5. subsequent navigation through the website is usually acceptably fast.
6. wait an hour or so, and the initial page load has 5-10 second response delay again (can be any page on the site)
7. perhaps related, WinMTR from my location in Atlanta shows an comcast IP in virginia that consistently has 20% loss. I have opened a trouble ticket with Comcast.
ping: 64.191.50.55
location result min. rrt avg. rrt max. rrt
Santa Clara, U.S.A. Okay 108.6 127.3 165.2
Florida, U.S.A. Okay 86.9 94.8 110.9
San Francisco, U.S.A. Okay 101.0 115.2 142.9
New York, U.S.A. Packets lost (30%) 47.0 50.2 54.3
Austin1, U.S.A. Packets lost (10%) 80.7 88.9 118.2
Austin, U.S.A. Packets lost (10%) 77.1 86.4 116.8
Vancouver, Canada Okay 172.9 185.3 240.5
Chicago, U.S.A. Packets lost (10%) 59.2 66.1 71.5
London, United Kingdom Okay 102.2 113.3 119.9
Amsterdam3, Netherlands Packets lost (30%) 126.7 129.9 132.7
Amsterdam2, Netherlands Packets lost (30%) 112.7 117.5 123.5
Stockholm, Sweden Packets lost (10%) 139.2 145.6 148.2
Cologne, Germany Packets lost (10%) 129.3 135.5 143.4
Amsterdam, Netherlands Packets lost (10%) 121.9 126.4 130.0
Krakow, Poland Packets lost (20%) 139.0 147.2 152.5
Madrid, Spain Packets lost (10%) 129.2 136.5 143.3
Paris, France Packets lost (10%) 129.4 132.1 135.7
Munchen, Germany Packets lost (20%) 133.5 137.0 142.0
Copenhagen, Denmark Packets lost (20%) 110.9 120.2 124.2
Lille, France Packets lost (10%) 117.8 123.5 127.6
Cagliari, Italy Packets lost (20%) 156.8 159.3 162.8
Sydney, Australia Packets lost (20%) 251.4 264.2 268.4
Melbourne, Australia Okay 280.7 291.1 301.5
Zurich, Switzerland Packets lost (10%) 155.3 163.6 169.1
Shanghai, China Okay 321.8 328.5 337.7
Hong Kong, China Packets lost (30%) 282.9 292.8 304.5
Porto Alegre, Brazil Packets lost (10%) 200.1 208.8 217.1
Singapore, Singapore Packets lost (20%) 311.3 333.3 371.3
Mumbai, India Packets lost (20%) 240.5 245.2 249.7
Johannesburg, South AfricaPackets lost (40%) 390.4 427.0 517.8
It is bad than my vps on vps4less.de .
I currently have my own dedicated server located with the following prefs;
Linux: CentOS 4.6 (final)
Kernel Version: 2.6.9-67.0.15.ELsmp
I know this is possible, but I am seeking how to drop empty udp packets automatically with iptables.
I have created virtual SMTP server in IIS6 and while send e-mail from the same server using SMTP IP address, the e-mail do not reach recipient, all sent e-mails goes directlly to DROP folder and stay it that folder.
I have checked event viewer, no error, also used telnet to create and send e-mail, no error.
(This is the first review I've ever written for practically anything so please bear with me. I feel the need to share my experience to try to help others after all the great advice and info I've received around here.)
If you've done everything you think you can do to improve the responsiveness of your websites like add a mysql cache, PHP opcode cache and various other tweaks, I discovered there is still one more easy thing you can do for a big improvement: replace Apache with LiteSpeed. It's way too easy not to try it and you can leave Apache completely intact to go back to at a moment's notice if you so desire.
I call LiteSpeed a "drop-in" replacement because it uses all my httpd.conf and .htaccess settings without modification. This was critical for me as my sites have some very complex rewrite rules. Other solutions like LightHttpd require extensive work to make changes if you use fancy mod-rewrite rules. LiteSpeed does not need any fiddling. LiteSpeed just adds it's own clean little web interface so you can tweak if you want to, but I didn't really have to change anything. Last but not least, LiteSpeed gets along with Cpanel and DirectAdmin without any conflicts. LiteSpeed's so compatible I can literally do this on my server and the visitors don't even notice the difference (except speed of course!)
service httpd stop
service lsws start
(and visa versa)
I discovered LiteSpeed after reading that the main WordPress.com site had switched to it and had great success (they have a quarter million registered bloggers and of course many millions more daily readers).
The main reason I tried LiteSpeed is because it's roughly twice as efficient in memory use and performance than Apache 1.3 & 2. It runs PHP up to 50% faster than Apache and static files get served several times faster (faster than thttpd & lighthttpd). So this means you can either double the number of active connections you currently max out at now, or make a regular website respond nearly twice as fast, or under heavy loads still respond within a reasonable amount of time when Apache would be completely unresponsive.
The last situation was exactly what I was hoping for and LiteSpeed helped me keep my sanity on a bad VPS node.
Basically a couple months into owning my first VPS (after many years of shared-hosting experience) I started to realise many of the industry promises about VPS are an outright lie. You are far from isolated from your neighbours. Any disk load created by bad neighbours, mysql abuse or otherwise, will directly affect you and you are powerless to stop it. It's the most poorly regulated resource on any VPS node and it can be made worse by slack, ignorant or inexperienced hosts who do things like move accounts during busy periods onto and off a node at the root level which ties up the entire node for an hour or more. Under Apache, I was getting timeouts during peak visitor times and that was very upsetting.
On top of my VPS neighbour troubles, no matter how I fiddled with Apache's settings (with all the helpful guides around here) I could not make it comfortably fit within the guaranteed memory limit of my VPS with Cpanel, which I really wanted to keep as it's much easier for my end-users. Switching to LiteSpeed caused a radical drop in memory use. I've seen nearly 1000 people online within a one minute period on one of my sites and it still fit comfortably within my memory limits and stayed extremely responsive.
I've discovered another plus to LiteSpeed along the way that no-one else seems to mention. It's the only server software that "out of the box" seems to serve web compressed (gzipped) pages properly as chunked output. This means a visitor will start to see the page immediately as soon as the first part is sent vs. on Apache, mod_gzip actually de-chunks all the output, waits for it to finish, then compresses, then sends.
Mod_deflate on Apache 2.0 was supposed to fix this but it usually doesn't work properly and I've never gotten 2.0 to do compressed+chunked output on my sites without alot of fiddling and help from PHP. It also doesn't seem as smooth as LiteSpeed's output which gives you that "silky" watch-the-webpage render effect that's mentally rewarding to visitors.
On the downside, there is one reason you wouldn't use LiteSpeed - if you use highly customised Apache mods. LiteSpeed cannot support custom mod's and their directives. It does have a lot built in however that Apache does not, so you may way to examine if you can accomplish what you are trying to do another way.
I started with LiteSpeed 3.1 and when I found an incompatibility with an obscure Apache feature (ie. ErrorDocument's as plain text output: ErrorDocument 404 "Not Found" was not supported) they fixed it for me in a day or so after I reported it on their forum. The same for PHP support of "Apache_Response_Headers". Note I am not even a commercial customer! They are now up to 3.2 which has a few other fixes.
The free version of LiteSpeed has a limit of 150 simultaneous connections (plus the linux stack of 200 more which will backlog). I've never seen that limit hit. It's so intelligent about closing connections as needed that it's not an issue for me. Perhaps on a dedicated server with many virtual hosts this will be a problem. Up to version 3.1.1 that was the only limitation, however unfortunately in 3.2 they have decided to also limit virtual hosts to "5", so that's something else you'll have to consider if you want the free version, otherwise the commercial version has a free trial and money back guarantee.
Some people were upset with me that I wouldn't name my VPS host when I was constantly complaining of troubles but that's just my style when I have nothing nice to say still have to do business with them, so don't name names. But when I have something nice to say about a company, I like to speak up. So I heartily recommend LiteSpeed and hope other people give it a try - especially if you are on my VPS node ;-)
I execute the following commands, in the following order:
iptables --flush
iptables --zero
iptables -A INPUT -s 218.65.12.161 -j DROP
will that last command successfully ban that IP until reboot?
If not, what needs to be done? I can't access my site if I don't flush + zero iptables first but I need to be able to ban with iptables.
I am facing very unique issue at two of my servers hosted at hivelocity from last 3 or 4 months.
In every couple of days all incoming and outgoing activity get stopped except on port 3386 (RDP) i.e. no one can get website hosted on the server or neither I can access any website from the server but all other services continue to work. A reboot to the server will solve the issue but that is only a temp solution.
I have checked event logs one by one but no issue or error found on it. I have even run the server without firewall but still it stops working.
Scanned the server from 3 different antiviruses one by one but they didn't found any virus.
Datacenter tech staff monitored the server and found no DoS or other such kind of attack on the server or IP.
I am totally clueless on this issue on how to solve it.... anybody here who can help me?
OS: Windows 2003
Firewall: Previous hardware based, then software based and now windows firewall (same issue with all)
Third party softwares: No
Scripts: ASP, ASP.NET, PHP
Database: SQL and MySQL
No other software installed on the server
I just got my servers up, DNS servers what not and my main plesk server for shared/reseller hosting.
Now for the weirdest thing ever!
I started working on my plesk packages a few days ago, after I got plesk installed.
Systems stats as follows
Supermicro AS1021M-T2 barebone
[url]
Has 16GB of infeon DDR2-667 memory.
2 250GB hard drives in mirrored configuration with the Acera 9500 w/ 256MB of memory
Running Cent OS 4.4
For some reason, Everytime I go into Plesk, or any of the websites that are contained in Plesk, The nic card drops out, wont allow any activity to get through, both ways.
Plesk12 has been installed on Windows2012R2. In the Tools and Settings/Database Servers list we have
· Local MySQL server (default for MySQL)
· .MSSQLSERVER2012
· sql-db-1 (default for MS SQL)
We only expect to use the remote sql-db-1 database for user databases.
Can we delete the other 2 databases and is this recommended? Does the Local MySQL server contain the Plesk Management database/schema?
On my way searching for an hosting provider, I try pinging every host.. some of them have packets lost, one between 20-30%.
View 10 Replies View RelatedI run CentOS 5.2 (Sometimes CentOS 4.6). I have been messing around with IPTables, and cannot find out how to filter zero-length packets.
I believe I might need an unclean module. I have already done hours of reading and researching, but I have come up with nothing, for I do not think this is that common.
If anyone could please let me know the commands to use to filter out all zero-length packets, or the unclean module I need to use with IPTables, I would really appreciate it.
I compiled apache 2.2 with php 4 (+ phpsuexec) last night. Seems all is well, only one domain facing an issue and the apache error log states this
Invalid mimetype: should contain a slash
I've never seen such an error to be honest. Any help appreciated.
This is a cpanel box with php 4, apache 2.2, phpsuexec
My server is fedora core 4
in whm :
Invalid Hostname. (This account is currently not available.). Hostnames must be
fully qualified domain names and not contain any spaces or tabs.
litespeed - Invalid Credentials
I always got a Invalid Credentials error when I tried to login to admin panel
Is there any way to I can fix it or how can I change litespeed username/password via ssh
[Wed May 14 18:15:17 2008] [error] [client 66.228.119.67]
Invalid URI in request entersomenicedatastringshereidontthinkthisislongenoughsoiwilladdmoreheherr669760763646r