So one of the sites on our box was compromised earlier today.
We've shut it down for now and contacted our sysadmin to help research the problem. Not sure if he will be able to really help much as he's only done updates and such in the past.
Any idea of quality sysadmins who might be able to investigate the box and the site?
I can resolve this situation I have.
I sent a server I have with a provider to have a RAM upgrade yesterday at 15:33 UTC, and ever since then I have had no access to my server.
SSH has been changed back to port 22, from a random high port.
root password has changed
RSA key has changed too.
I can see 3 possable reasons for this:
1) It's a different server plugged into the rack/router or a stolen IP
2) My provider "kindly" formatted and reinstalled my OS.
3) I have a compromised server, I very much doubt this as the server was offline.
I informed my provider about 18 hours ago that I had a "possable compromised server" and since then I have been given the run around as to what is happening.
For the last couple hours or so I have been trying to get them on live chat, which shows as online, but no-one answers. Thats another pet hate of mine.
I also have a couple tickets open asking for an update as they are not answering my origional ticket with updates.
Am I just being impaitent wanting a resolution to this in less than 18 hours or am I correct to complain?
I am trying to determine if i am hacked, here is details:
I just got a message from softlayer support: ABUSE - 66.228.xxx,xxx - HACKING/MALICIOUS ACTIVITY - IMMEDIATE ACTION REQUIRED. with some log like this:
Quote:
Connection attempt to TCP IP.IP.IP.34:80
>from 66.228.xxx.xxx:41212 flags:0x02 Sep 28 14:05:55 PDT kernel:
Also, I did a rkhunter scan and found:
Quote:
cat /var/log/rkhunter.log | grep Warning
[18:26:29] /usr/bin/GET [ Warning ]
[18:26:29] Warning: The command '/usr/bin/GET' has been replaced by a script: /usr/bin/GET: perl script text executable
[18:26:29] /usr/bin/groups [ Warning ]
[18:26:29] Warning: The command '/usr/bin/groups' has been replaced by a script: /usr/bin/groups: Bourne shell script text executable
[18:26:30] /usr/bin/ldd [ Warning ]
[18:26:30] Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne shell script text executable
[18:26:35] /usr/bin/whatis [ Warning ]
[18:26:35] Warning: The command '/usr/bin/whatis' has been replaced by a script: /usr/bin/whatis: Bourne shell script text executable
[18:26:36] /sbin/ifdown [ Warning ]
[18:26:36] Warning: The command '/sbin/ifdown' has been replaced by a script: /sbin/ifdown: Bourne-Again shell script text executable
[18:26:36] /sbin/ifup [ Warning ]
[18:26:36] Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again shell script text executable
[18:27:43] Checking '/etc/xinetd.d/ftp_psa' for enabled services [ Warning ]
[18:27:44] Checking '/etc/xinetd.d/poppassd_psa' for enabled services [ Warning ]
[18:27:44] Checking '/etc/xinetd.d/smtp_psa' for enabled services [ Warning ]
[18:27:44] Checking '/etc/xinetd.d/smtps_psa' for enabled services [ Warning ]
[18:27:44] Checking for enabled xinetd services [ Warning ]
[18:27:44] Warning: Found enabled xinetd service: /etc/xinetd.d/ftp_psa
[18:27:44] Warning: Found enabled xinetd service: /etc/xinetd.d/poppassd_psa
[18:27:44] Warning: Found enabled xinetd service: /etc/xinetd.d/smtp_psa
[18:27:44] Warning: Found enabled xinetd service: /etc/xinetd.d/smtps_psa
[18:27:59] Checking for hidden files and directories [ Warning ]
[18:27:59] Warning: Hidden file found: /usr/share/man/man1/..1.gz: gzip compressed data, from Unix, max compression
[18:27:34] Checking running processes for deleted files [ Warning ]
[18:27:34] Warning: The following processes are using deleted files:
[18:27:34] Process: /usr/libexec/mysqld PID: 4773 File: /tmp/ib2RpbEj
[18:27:34] Process: /usr/sbin/httpd PID: 8449 File: /tmp/.apc.PGGxew
[18:27:34] Process: /usr/sbin/httpd PID: 8452 File: /tmp/.apc.PGGxew
[18:27:34] Process: /usr/sbin/httpd PID: 12102 File: /tmp/.apc.PGGxew
[18:27:34] Process: /usr/sbin/httpd PID: 12950 File: /tmp/.apc.PGGxew
[18:27:34] Process: /usr/sbin/httpd PID: 13044 File: /tmp/.apc.PGGxew
[18:27:34] Process: /usr/sbin/httpd PID: 13046 File: /tmp/.apc.PGGxew
So does that mean my server was compromised?
Linux Fedora 5
I just got a letter from my dedicated host stating we had just been compromised. These servers just were set up last week! And there is nothing on them yet. The only thing I have done is modified the /etc/hosts file via SSH.
My servers are not even public yet. Can SSH'ing in from an unsecured wireless network make me vulnerable?
What do you guys think? Best way not to let this happen again?
Oh this is great :-| He's still logged in!
[root@server~]# who
root pts/0 2007-06-06 07:12 (xxx)
test pts/2 2007-06-06 03:08 (81.89.10.92)
I receive reports from my DC that my server is launching some hacking / malicious activity. This is the log that they provide:
Quote:
>
> Aug 20 12:34:35 ensim sshd[30628]: Did not receive identification
> string from MY.SERVER.IP
>
> Aug 20 12:44:23 ensim sshd[444]: Failed password for admin from
> MY.SERVER.IP port 57896 ssh2
>
> Aug 20 12:44:23 ensim sshd[444]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:26 ensim sshd[445]: Failed password for root from
> MY.SERVER.IP port 58029 ssh2
>
> Aug 20 12:44:26 ensim sshd[445]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:28 ensim sshd[446]: Failed password for root from
> MY.SERVER.IP port 58141 ssh2
>
> Aug 20 12:44:28 ensim sshd[446]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:31 ensim sshd[449]: Failed password for root from
> MY.SERVER.IP port 58276 ssh2
>
> Aug 20 12:44:31 ensim sshd[449]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:33 ensim sshd[450]: Failed password for root from
> MY.SERVER.IP port 58421 ssh2
>
> Aug 20 12:44:33 ensim sshd[450]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:36 ensim sshd[453]: Failed password for root from
> MY.SERVER.IP port 58565 ssh2
>
> Aug 20 12:44:36 ensim sshd[453]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:38 ensim sshd[455]: Failed password for root from
> MY.SERVER.IP port 58672 ssh2
>
> Aug 20 12:44:38 ensim sshd[455]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:41 ensim sshd[456]: Failed password for root from
> MY.SERVER.IP port 58787 ssh2
>
> Aug 20 12:44:41 ensim sshd[456]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:43 ensim sshd[457]: Failed password for root from
> MY.SERVER.IP port 58961 ssh2
>
> Aug 20 12:44:43 ensim sshd[457]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:46 ensim sshd[458]: Failed password for root from
> MY.SERVER.IP port 59132 ssh2
>
> Aug 20 12:44:46 ensim sshd[458]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:48 ensim sshd[459]: Failed password for root from
> MY.SERVER.IP port 59348 ssh2
>
> Aug 20 12:44:48 ensim sshd[459]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:51 ensim sshd[465]: Failed password for root from
> MY.SERVER.IP port 59495 ssh2
>
> Aug 20 12:44:51 ensim sshd[465]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:53 ensim sshd[466]: Failed password for admin from
> MY.SERVER.IP port 59622 ssh2
>
> Aug 20 12:44:53 ensim sshd[466]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:56 ensim sshd[467]: Failed password for admin from
> MY.SERVER.IP port 59803 ssh2
>
> Aug 20 12:44:56 ensim sshd[467]: Received disconnect from
> MY.SERVER.IP: 11:
one of the worst things (in hosting) has happened. I received a notice this morning from lfd (configserver) that someone had logged into my server as root and it wasn’t me.
Unfortunately I didn’t notice it until eight hours later so I have no idea (yet) what happened during that period. Thankfully I don’t have any really critical data on the system that could have been stolen.
I’m in the process of restoring from a full system backup right now. After that’s done I’m going to look to see what the differences are between the files from the backup and that on the comprised drive. I’m not sure if I’ll get anything useful from the diff but hopefully I’ll find a clue as to how they got root access.
Then of course I need to get my server back up. However, I don’t want to do this until I’ve taken some steps to identify how the individual got in and take some additional preventative steps.
Here’s what I am planning on doing:
1) Check to make sure all exposed services are patched and look at some security sites to see if there are any known vulnerabilities for these services. Anyone know which sites are good to look at?
2) Change firewall to only allow ssh access from a couple specific IP addresses.
3) Disable root ssh access so I have to login via a different account and perform sudos, etc.
4)?
I’ll also look for a good server-hardening guide to see if there are some obvious things I forgot to secure.
Do any of you find folks have any other suggestions or resources that I should check out?
My windows server 2003 server password has been changed. My host tells me they must reload the entire OS in order to fix it..
Is there no way they can go in and rescue my server? Would save me alot of work.
I have been trying to troubleshoot our Windows 2003 server for weeks, but have made no lead way. The following are the steps they take to breach the server.
“They” are able to create an account. Some used usernames they have created are: sysadmin, adm, mssqladm.
It is very odd, looking in the event viewer, they just appear to create accounts out of the blue, they don’t even login or attempt to login or anything, all the sudden it says, New Account Created.
“They” then change the password of the account they just created.
Then “They” assign themselves the following group permissions, ‘Users’, and ‘Administrators’. ** SHAKING MY HEAD ** How the bloody hell do they assign themselves Administrator rights?
Then the do a few different actions depending, often times they disabled the windows firewall, and change open ports, other times they simply just logoff, other times, they have placed Trojans horses and other malware in their temporary internet folder under their use folderr.
This has been a cat and mouse game for weeks, I catch the new account, and immediately delete it, and check the firewall and enable if needed, then run a full system scan with AVG and Prevx. Sometmies AVG finds Trojans and malware, other times its clears.
I have racked my brain, checked all running processes with google, and they are seem legit. I have updated everything in windows via windows update, we are running windows 2003 server SP2. I have looked at the users and groups and everything seems secure.
Do you have guys have any idea what is going on? I have feeling something is running internally, which is allowing them to create the accounts.
Is there a tool that tracks all currently running processes, and allows you to go look at the logs to see what exactly was running at a certain time?
My server (using plesk 8.1 on windows 2003 server) has been compromised with some sort of rootkit and I'm investigating vulnerabilities. This server hosts some of my asp.net applications and I have to grant Modify Permission to IIS WP (iwam_plesk) user on Some subfolders (under Httpdocs folder for each domain). Is it a security problem? if yes, how else can I allow asp.net applications to write to, say, an Access db?
View 2 Replies View RelatedMy server currently has some problems with DNS/mail, which i can't seem to fix myself. My colocation host offered to help me by giving him root access, but i don't know him very well yet. Is there some kind of script/logtool so i can track everything he did on the server? I don't want him snooping around through my webfiles and databases...
View 13 Replies View RelatedI am having trouble finding a good sysadmin for my needs. Has anyone else been in a similar situation? Does anyone have any advice on how to find somebody like this?
SITUATION:
I am having trouble finding a reliable RH sysadmin. I have a handful of clustered HA setups for customers (6+ servers & load-balancers) and a number of single-server dedicated hosting customers. I do a lot of the work myself. The additional sysadmin usually only has a small amount of actual worked hours per month, dependent on new installs. But, they need to be reliable, available, and familiar with the complexities of the setups.
From what I have seen, some sort of server management company wouldn't be able to be familiar with the setups well enough to not regularly make errors or modify setups correctly due to the amount of clients they have.
Suddenly Apache started acting weird, I rebooted the server, Disabled suexec, and a lot more thing to make it work..
But I'm not able to figure it out.
i have problem in SSH if i want to restart it its say:
sshd has failed, please contact the sysadmin
can any one tell waht i do?
httpd has failed, please contact the sysadmin
View 13 Replies View Relatedwill time i restarted server,ssh don`t run
give me error
sshd status root 25754 0.9 2.3 23264 21592 ? S 08:54 0:00 /usr/local/cpanel/whostmgr/bin/whostmgr ./ressshd
May 23 08:54:13 part5 sshd: Stopping sshd failed May 23 08:54:13 part5 sshd: succeeded sshd has failed, please contact the sysadmin.
I have a few shred hosting servers I run. One of them keeps getting listed on CBL. It is very frustrating. Does anyone have an tools, tips, or tricks on finding the compromised?
So far I have confirmed that a script is using PHP to send mail out bypassing the MTA. It is faking the HELO and impersonating a well known ISP.
I used a combination of tshark and netstat. tshark can show me the HELO and EHLO. When I see the wrong entry I cross check that with netstat to see what. So Netstat only shows that it was PHP not the script path.
Here are the commands I'm running:
Code:
nohup netstat -c -p -n -e | grep -i ":25" > /var/log/monitor/netstat-smtp.log &
nohup tshark -f "port 25 and src host XX.XX.XX.XX" > /var/log/monitor/tshark-smtp.log &
Then I grep for what I'm looking for:
grep -i "HELO" /var/log/monitor/tshark-smtp.log
Is there a way to get Netstat to show the script path or complete command that is establishing the connection? Currently these scripts are eating up memory to a point that other process or getting killed off.
I also tried to force all mail through the MTA, but When I enable SMTP_BLOCK in my firewall config I get and error:
*WARNING* Cannot use SMTP_BLOCK on this VPS as the Monolithic kernel does not support the iptables module ipt_owner - SMTP_BLOCK disabled.
If there is a better way I'm game. Maybe some IDS that can tell me more of what is going on with the server?
I have read many helpful feedbacks regarding choosing a reliable web host. Most of the concerns are centered around costs. However, I am more particular about the relative security of my website in addition to other perks such as space, speed and bandwidth. I rate my concerns on a 1-10 scale:
Security 9/10
Bandwidth 7.5/10
Disk space 6/10
E-mails, backups, etc: 8/10
Cost: 7/10
Ok...posting this here to hopefully get someone's attention at gnax.net.
I've written their abuse@gnax.net and engineer@gnax.net multiple times and even called into their support line and spoke with Stephen (or Steven). No one there seems to care.
They have a group of Vietnamese hackers on their network that are launching attacks from several of their servers. They also have a google phising site on one of the servers.
Spoke with Stephen at Gnax support and his answer was that it wasn't his job and I needed to send a e-mail to abuse. After telling him that I'd done that multiple times he basically said oh well that he didn't know what to do.
Seems like the admins of gnax.net are either very irresponsible, stupid or just ignorant.
Here are the URL's.
[url]
[url]
Just replace the 1's with t's and you can see for yourself. The fwooshnet.com attempts to download a trojan to your system so if you don't know what your doing don't visit either URL.
Hopefully admins from Gnax watch this forum.
I just received a fairly scary WHMCS notice, you can view the details here:
<<please don't paste the file names, there are accounts that may have these on them>>
What are your thoughts on the entire situation? Personally, I'm a tad fearful (luckily, I hadn't upgraded to the next version yet as I was letting the other users play beta-testers) given the fact that there wasn't any versioning / modification 'notification' system in place on their end.
I'm fearing further updates. In essence, my concern is that the WHMCS development team isn't entirely certain how they were backdoored or to what scale they were backdoored.
Are their own billing systems & servers hosted in the same environment, were our billing details also released? etc. I want to know the scale of the attack.
whose has 5 email accounts and several computers Windows and Mac.
Some spam has been sent out to people in his address book. I received one and have the email headers.
What tools are there for identifying which account/machine has been compromised?
Even worse, they didn't even notice until I called. If you're a 1and1.com customer I recommend you change your username and password now!
I included some log snippets to help you make sure your account hasn't been compromised.
1and1.com hacked
I'd like to start an ongoing thread here listing the 'Good Hosters with Good TELEPHONE tech support'. In other words, out of the 1,000s of host companies, this may cut it down to less than a dozen.
( And for all you Hosters out there who really want your company to grow, and want to know how, - it's easy: just read here.)
Good telephone support is the #1 ultimate requirement, because:
-It's a lot faster and easier for both the user and the host company, because you can state and answer all questions and clarifications on the spot, you don't need to continually pass new emails with new questions and clarifications, back and forth for days on end, until the issue is solved. It saves tech time and user's time. And saves a lot of nerves.
- It's the best way to sort the good guys from the bad. A bad company isn't going to bother to answer the phone, - or will make you wait way too long, - because they are likely getting endless complaints. The good guys are always ready to answer the phones, with a friendly voice, - because they really WANT to please the customer.
- If a company can't be bothered to pick up the phone, we can't be bothered to even consider them. They're a joke, and so won't be listed here on this thread. (So, before adding or listing any Hosters here, please verfify that they do have Good, quick, friendly, telephone support,; ideally 24/7, but 9am to 10pm might be acceptable, if it was supplemented by some emergency contact.
AND:
- Hoster ALSO needs good EMAIL support (and preferably, Chat online, extended hour availability). (I spend a lot of time overseas). It sems all emails should get a non-automated response within about an hour, - and then support should jump on fixing any problem.
I only need support a few times a year. To answer some questions, or fix a problem, or do an install. That's lesss than 1 hour total, so any company paying maybe $18/hour tech support should be able to handle this. It IS reasonable to charge a custm for extended calls, beyond say, 90minutes a year, IF you don't count the 80%? Of times an issue is the Hoster;s fault of stmg gone wrong, and don't count the 'hold' times.
ALSO IMPORTANT:
- Uptime
- site Speeds
- Monthly plans, no contract (Only a dishonest host will try to force you into a contract, where they can then ignore you.)
- Reasonable price. (? Maybe $12 to $18/month for a basic business site. We don't need massive bandwitdths, - we all know that's an overselling scam, and can't ever be delivered.)
- a good upgrade plan of bigger options. Maybe even VPS.
- Dedicated IP, and availbility of SSL
-PHP 5, mysql, phpMyAdmin, etc
- cPanel ( Some Hosts are using problematic panels, like Hsphere, which are slow to load, slow in operation, require many more clicks, have too many options, spread apart on many separate pages. Time is money, and this really slows down the ability of a small business to manage his own site in effective time. For example, one WHT user wrote somewhere: "I don't feel that HSphere's interface is nice at all, although I have worked with cPanel and DA all my life... I just found it to include un-necessary features or split features up in to different hard to find pages, such as backups - mysql backups you had to find on a completely different page than file backups, and then there were options to have it in the home directory or server-end backup, in which then you had to wait a good 10 minutes before it was ready. cPanel, just hit backup and hit download and instantly it does everything you need...".
I have used several hosters. Currently on Aplus.net and Godad, which have phone support, and mediocre service.
My LIST So Far:
- Liquidweb: a very impressive company with good, 24 hour support. But to get dedicated IP, you need to go with their $25/month plan. Yikes!
- NewIdeaHosting.com. A very small company. My call was returned, and the owner chatted with me for an hour on the phone! Plans have small bandwidth, but promises No overselling, and personalized attention. Extra $5 for dedi IP. He specializes in Small business sites, and small eCommerce sites. He has only 250 accounts, on 3 servers. He rents servers from the Equinox data center of Chicago. Seems exceptionaly honest.
- MegaHosters. Excellent phone support and WHT reviews. But company was taken over by another company, and so may well go downhill in future. Another problem: uses Hsphere.
- Steadfast. Has a good rep on WHT, and seems impressive. Tech answered the phone immediately, but they say they prefer emails. Sales phone has limited hours. Good price on $20 SSL. But, uses Hshhere.
- JodoHost 24 hour phone. But, uses Hsphere. An Indian company with office in Florida, and good rep. I like the idea of outsourcing phone support, if it makes it more available and affordable. But, the accent on the phone was very hard for me to understand, so maybe this might not work.....
- Hostgator. Yes, it's a big overseller, but seems to get good reviews/results anyway, and good phone support.
- ? ThePrimeHost ?? Mostly good WHT reviews; some dissenters. Site says 24hour phone, but when I called on several nights, no one ever answered...
- Can anyone add to this list? Please list only hosts that meet the above minimum requirements of phone support, etc. Especially useful is hosters you've tried.
TO AVOID:
- Avoid Arvixe. I had a horrid experience with them, here: [WHT forum]:/showthread.php?p=5097822#post5097822
- Avoid WebHostingBuzz. This company never returned my phone msessage inquiries.
what is your opinion on this server?
Processor : P4 3.0Ghz Processor
Memory: 2GB of RAM
Hard Drive : 2x160GB SATA Drives (RAID 1) Management Level : DEFCON 2
1500GB B/W
100mp/s uplink
With cpanel and WHM.
That normally goes for $383 at the company I'm looking at. I'm curious because I was offered that they give me this server for free, and in exchange give them some advertising. So price doesn't really matter right now.
How good is this server, and how large of sites would you say it could handle?
newegg.com/Product/Product.aspx?Item=N82E16856152019
I have an opteron 148 I can throw into this, plus 2GB ram.
Would this be a good web server using win serv 2k3 + sql server 2k5? I want to start hosting my websites on this. I hope to support 100+ low traffic websites with this setup. Is this possible? I know a separate db would be better but I want to start off cheap. Any other options that can get me in the game for about $600?
i was looking for a vps hosting and i found a local one! they told me that they do 20 vps in one server only! is that good or bad? cuz they said that as a good thing? their servers are pretty good! but is 20 vps in one server can be handled?
View 14 Replies View RelatedHi! I am looking for a good dedicated server for a good price, i've gone through many of the dedicated server offers but did not find on that satisfied me completely.
I am looking for someone who can match up their dedicated specs with (e secure data . com), i would go with them but the charge a very high setup fee , i don't want to pay more then $100 just for the first month.
Please give me a server thats $100 or less monthly, free setup and the following specs:
MINIMUM 250gb Space
MINIMUM 1500gb bandwith
MINIMUM 2gb RAM
MINIMUM OS: 2.0GHz
And someone who can have the server setup FAST and have a very good customer service!
I'll soon buy Virtuozzo with 3 VE on each server. I won't be selling VPS for now, but I'm planning to. The main reason why I'm doing this move it's because I want a good backup and fast recovery over problems and an easy way to do maintenance with almost no downtime.
Both servers will run one "main" VE within Virtuozzo, the other spare will be for testing and/or Live Move between them.
Both server that I'm running now are P4 2.8 GHz Dual Core, 2 GB RAM, 160 GB SATA, everything’s run fine!
I'm looking for a server with this configuration and I want you to tell me if it's good. (And if there’s anything I should change since it won’t work well in team)
1 x Supermicro SuperServer 5015M-T+ 1U
1 x Processor - 1 x Intel Core 2 Duo E6600
1 x Kingston - Memory - 4 GB ( 2 x 2 GB ) - DIMM 240-pin - DDR II - 667 MHz - registered
2 x Seagate SV35 Series 7200.2 ST3500630SV - Hard drive - 500 GB - internal - 3.5" - SATA-300 - 7200 rpm - buffer: 16 MB (RAID 1)
I’ll get this server for about 2000$CAD with taxes and shipping. I’ve looked at Xeon, but even with a low 5110, it’s pretty heavy in price!
What do you think (except that my English is bad!)?
suggest me good backup server and not very costly too. I just required ftp and possibly web interface to check for disk usage.... I required around 40GB of disk space.
View 10 Replies View RelatedI want ASK What is the Good server For streaming ? I have one server with 8GB RAM But its not working good when to mach user Streaming Video,
And i also want ask Web hosting Company's about Somthing I am Planing To do,
I am Planing To Make Flex APP will allow to the site Owner To know How many visitors they Have Every Day (The correct figure 100%) and From What Country They Come With NO for Each Country And with 3D map FOR Earth , And How the visitors come to the site (google , yahoo etc ) And A lot Of information,
and that for 3$ a month, I know some site Do this For Free But I am Planing To make this statistics 100% true and Clean,
Spent a lot of time on this and out of ideas so would appreciate any help. There is one site (database driven forum) with about 300 online at the peak. At peak the load spikes at 6-7 and CPU and RAM usage are very low...
Server:
Intel QuadCore Xeon X3360 2.83Ghz
6GB RAM
Additions:
eAccelerator
Zend Optimizer
