I am having trouble finding a good sysadmin for my needs. Has anyone else been in a similar situation? Does anyone have any advice on how to find somebody like this?
SITUATION:
I am having trouble finding a reliable RH sysadmin. I have a handful of clustered HA setups for customers (6+ servers & load-balancers) and a number of single-server dedicated hosting customers. I do a lot of the work myself. The additional sysadmin usually only has a small amount of actual worked hours per month, dependent on new installs. But, they need to be reliable, available, and familiar with the complexities of the setups.
From what I have seen, some sort of server management company wouldn't be able to be familiar with the setups well enough to not regularly make errors or modify setups correctly due to the amount of clients they have.
My server currently has some problems with DNS/mail, which i can't seem to fix myself. My colocation host offered to help me by giving him root access, but i don't know him very well yet. Is there some kind of script/logtool so i can track everything he did on the server? I don't want him snooping around through my webfiles and databases...
So one of the sites on our box was compromised earlier today.
We've shut it down for now and contacted our sysadmin to help research the problem. Not sure if he will be able to really help much as he's only done updates and such in the past.
Any idea of quality sysadmins who might be able to investigate the box and the site?
I have a website that can be seen in a part of the world but not on the other. How can I troubleshoot this issue. Is there a web utility that can help me figure out what is the problem?
Is security really that critical? If so, why are some of the largest software companies providing such a bad example for the rest of the industry? Why would someone want to target my website? Why is security often overlooked?
These are all common questions that arise on a daily basis within the online industry.
The rest of this article will provide some detailed answers, along with practical examples and true scenarios.
I've spoken with numerous hackers over the past short while. I can't count the number of times I've heard the line "Ignorant site owners deserve to be hacked". In my opinion, that's like claiming that cars without alarms deserve to be stolen, or homes without alarm systems deserve to be burglarized. It's not just wrong - it's illegal.
Security risks and vulnerabilities affect the entire online industry. When a single website is hacked, there are usually multiple other victims. This is most commonly seen with widely distributed software. A potential attacker has the ability to install the software on a test environment, locate the vulnerabilities, then attack random victims even before anyone else is aware of the potential exploits. Once a vulnerability is located, the attacker simply needs to search for other environments using the same software, and within minutes there are hundreds, often thousands of potential victims.
Typically, in the race to market, software providers are encouraged to release their products as soon as the applications are usable. Critical development procedures are often overlooked or intentionally bypassed. One such miss is an application vulnerability assessment. Although the product may be usable, the effects of a vulnerable application could be severe.
Sadly, nobody is "off limits" when it comes to hacking. Most hackers feel safe committing online crime, since the online industry has evolved much faster than the security industry. Many applications are not created with the intent to recognize hacking attempts. Some hackers view their actions as a competition - Who can attack the most valuable website? Who can exploit the most user databases? In many cases, these attacks are bragged about within the hacker's immediate network. The competitive nature of these hacking groups has become so severe, there have been reports of attacks between competing organizations.
You might ask, "If I use industry standards, won't my environment be secure?". The short answer: no, but it helps. Hackers are not restricted by industry standards. Most security companies only implement new standards once at least one victim is reported. This often gives hackers plenty of time to locate other vulnerable environments, and before long, the number of victims can increase rapidly. Hackers are some of the most innovative individuals within the online industry. The most logical way to combat them is to use similar methodology for security purposes.
I have a small dns cluster with 4 servers, the problem is that when i want to update a dns registry one of them doesnt sync, i have to try like 6 or 8 times to get that server to sync with all the others, and im concern because the one who gets trouble to sync is my secondary dns server
Is bandwidth going to be my most expensive cost if I open up a video hosting site? Is there a inexpensive alternative? Is there an inexpensive web host with low cost bandwidth allocation?
Some people sent spoofing mails from our mail users sent to our user from Postfix/local that is listed in maillog like below:
Apr 29 16:57:02 ns1 postfix/local[3075]: EC2153565E3: to=<user-mydomain.com@ns1.mydns.com>, orig_to=<user@mydomain.com>, relay=local, delay=486, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
Bu i do not know how to prevent this people not to use my Postfix/local delivery part. How can i prevent this attack?
When i connect to my mail server to sent or receive my mail it look like Apr 29 17:25:28 ns1 dovecot: pop3-login: Login: user=<user@mydomain.com>, method=PLAIN, rip=***.***.***.***, lip=***.***.***.*** .... Apr 29 17:25:55 ns1 dovecot: POP3(user@mydomain.com): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0....
A few people have asked me to give feedback on my experience with VolumeDrive so I decided I will be posting a 3 part review on them:
Part 1 - initial impressions Part 2 - three month review Part 3 - one year review (hopefully)
------------- When I first got in contact with VD, contact was slow: about an email a day. It was very annoying to say the least. However when VD realized that I was genuinely interested in purchasing a server, and not just a window shopper, contact was more frequent and acceptable.
After looking around and comparing, I ended up ordering the following server from VD for a whopping $105 per month:
Well just at face value, I don't think anyone will argue with me when I say you cannot beat the price. Where else will you find that kind of server w/ full management for $105 a month?
In the ordering process there were a few forgivable annoyances: 1) VD does not have any sort of automated, order online system for their "good" deals. I had to order via email and manually pay from PayPal. I was, however, emailed an invoice confirming my purchase after I paid.
2) It took VD 2 hours to send me my order request after I said "I am ready to purchase". Now it was late at night, so they probably only had a skeleton staff on hand, so this is understandable; however this point is sort of related to the lack of an automated system point mentioned above.
So after I paid and all, I was told they were building me a new server and it would take 3 business days to arrive. I was bummed out upon hearing this but this was understandable and justifiable - if they don't have the parts on hand, they don't have the parts, no big deal. I did appreciate the fact that they were honest with me upfront instead of trying to con me into giving me a different server (like I have been hearing stories about with other hosts).
So I waited. I was told my server would be setup on Tuesday afternoon and it was. The actual time between order and setup was about 5 and a half days: 3 days for the parts to arrive + Saturday + Sunday + time to build the server.
On Tuesday I was informed that my server has a Q8200 instead of a Q6600. To me this was not a big deal so I didn't object but if you are going to order from VD and you want one specific CPU I would be very clear with them that you won't accept any alternative. What did make me chuckle, however, is the fact that I was told "I received a free upgrade" to Q8200. It made me chuckle because I don't consider it a "free upgrade" when I was offered a choice between the Q6600 and a Q8200 for the same price during the ordering process. However, as I already said, a Q6600 or Q8200 - it does not matter to me: both are very similar in performance anyway.
So since I got my server I have been busy setting it up so VD can secure it after I am finished migrating my website (which by the way they just did - I just got an email ).
During that time I have emailed VD a fair amount of times, sometimes asking for clarification and sometimes asking for assistance with a problem, and they have responded back in a more than acceptable time frame and manner.
The only one major problem I have had so far is that initially, and by initially I mean first ~12 hours, it seems the connection to my server was not all the best. Randomly pages would take a while to load; I was curious as to why this was happening so I did some pinging and saw packets were being lost sometimes. This problem seems to have been auto-corrected itself now and I am did email VD about it; hopefully if it happens again we can get it perma-fixed.
Final verdict: people say "you get what you pay for". I say "I got more than I paid for". Hope it continues this way.
Today I'm back to encourage you to stay away from Crissic: I know the prices are tempting, but know that you will have no one on your side when a problem comes up. I finally closed my account with them after numerous major issues with my VPS.
I've had a simultaneous account with Slicehost for the past few months, just to see if paying the extra buck is worth while. Now I know it absolutely is. I'm paying double the price for half the resources with Slicehost, but their service is amazing and reliable, their support is stellar, and peace of mind that the server will stay up and running without load issues, memory or drive failures is worth every penny. The point of this post is not Slicehost though, back to Crissic.
When I signed up for Crissic, I knew that it was a relatively new web hosting startup, but I had no idea it was a one-man show. Yes it's probably possible for a single guy to run a small web hosting company--the problem, particularly in the case of Skylar, is that when something is beyond him, it isn't getting fixed.
A recent support incident occurred where I was suddenly unable to access my VPS via SSH or the console. I contacted support, here are some of his responses to my status inquiries: ....
Are there any web designers/developers who offer hosting to their clients as part of their website creation package. I am toying with the idea of only creating websites for people who host with me. I currently have a colo server, but only use it for personal things. So I have no experience with the needs and demands of clients in regards to hosting. What are some of your experiences with hosting for clients? Is it worth it?
I can't get access to a certain site. I always get the page with:
network time out - server at *** takes to long to respons. More people have noticed this and apparently it only happens to people with certain specific providers. And not all the time. Some times they DO get access eventy to they belong to the same ISP. So I guess an ISP isn't blocking access to it otherwise it would be permenantly/The site administrator insists that certain ISP's are blocking his site. He's hosting it on his own server. The domain belongs is registered at namecheap.com.
If an ISP is blocking this site (if that's possible?), that would lead to that 'network timeout' page wouldn't it?
What is the most likely reason for getting a timeout page anyway?
I have a dedicated server specs: AMD 3500+ 64 Bit CPU, 1 GB Ram, 160 GB Sata Drive. For 1 month, CPU load average reaches 40-50 value. This happens about 5-6 times in a day. When I stop httpd service for 30 seconds everything goes normal. I think this is not a DoS attack because it comes systematic, I dont believe no one makes this regularly except bots.
Maybe its a system service or a cronjob but it stops when I turn off httpd service? How can I be sure about what's making this regularly load?
I also did set up a script which mail me when load average of system goes crazy and restart httpd service. But instant restart is not working to stop load increase.
The server is going down from time to time, every 12 days or so the site hosted there is no longer accesible, everything starts with the site slowing don and down and then is not longer reachable, what we do is to request a power cycle, and with this we start all over again till next power cycle, so on so on, of course, here are my server details and more info on this:
- MySQL - 5.1.41-3ubuntu12.10 - Apache - 2.2.14-5ubuntu8.4 - PHP - 5.3.2-1ubuntu4.9 - operating system: Ubuntu Server 10.04 LTS
After some time emailing the support guys to barely check about what's going on, we received an email with a few things:
1.- found a few errors that likely would cause issues with Apache. The first error is: [Mon Feb 04 05:03:10 2013] [error] mod_fcgid: fcgid process manager died, restarting the server and the next error is: [Mon Feb 04 14:32:34 2013] [error] server reached MaxClients setting, consider raising the MaxClients setting ...
Both these errors seem to indicate that you have a process that is running out of control on your server. We were unable to determine what script on your site is running caused your connections to be maxed out however it does appear that before these errors were generated there was a WordPress plugin referenced in your access logs...
2.- Additionally during our review we did find that your error log for mercadodedinerousa.com is 45 GB's which is excessively large and can cause problems when Apache is trying to write a such a large file.
3.- The majority of the errors being logged are: [Wed Feb 06 12:12:31 2013] [error] [client 200.76.90.5] Options FollowSymLinks or SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden: /var/www/vhosts/mercadodedinerousa.com/httpdocs/index.pl, referer: [URL]
I have big problem, In my HyperVM i've change time to EUROPA/Sarajevo but in WHM still going 24 hours in forward. Please help me to resolve this. This is very important...
