Traffic Shaping And Dos Protection In Linux
Apr 17, 2008
Is there a way to use traffic shaping in Linux? Like limit traffic to certain port, set priorities etc. Like ex: I'd want to set FTP to use max of 1mbps, http max of 80mbps, and set total to 90mbps.
Also is there ways to setup dos protection within linux? What I'd basically want is if it detects a dos, it either turns off the server, or does some other action that would cut it off either until I take action or for a set amount of time. Think turning off would be only solution since if I just drop packets I'd still be paying for that traffic.
Basically I want to ensure that if I get a DoS I'm not stuck paying insane bandwidth overcharges. I rather have a few days of downtime to deal with, then a few thousand dollars to pay and me having to declare bankruptcy and sell property etc...
View 6 Replies
ADVERTISEMENT
Dec 11, 2007
I've got a LAN setup that share an internet connection with some friend but unfortunately we have a "Limit" we can download per day.
One of my friend's seems to enjoy downloading movies day in day out till we reach our cap.
Now I know ingress shaping doesn't change the fact that we are gonna reach our cap earlier but it might discourage him for downloading as much.
how can I shape his traffic to say 50KB/s both in and out for just an IP (so it doesn't affect the rest of us ?)
View 6 Replies
View Related
Feb 20, 2007
I just got a quote from a colocation provider but they said their standard policy was to customise traffic shaping for each customer..
The term "traffic shaping" on a server screams "bad idea" to me..
Being honest, my knowledge of shaping is limited.. but I don't want traffic shaping on my cable connection nevermind my server.
View 2 Replies
View Related
Oct 16, 2009
I am just in the process of setting up a new rack for some lower end clients.
At present we have both a local (National) and international traffic split. We need to offer our clients a 100/100 port speed on the national route/bgp/ip range but only a set amount on the international range. The port speed/throughput for international traffic would need to be as low as 128k/128k.
I would also like to have the flexibility to impose data limits on the international link as apposed to bandwidth shaping.
I have a spare Cisco 3750G-48TS I was hoping to utilize for the main switch on this rack (SFP Ports for multiple uplinks, National/International)
Hardware/Server wise what will be the easiest way to achieve this?
View 0 Replies
View Related
Aug 8, 2009
Can this switch do traffic shaping? Can this be done using Cisco Network Assistant? I dont know any CLI.
View 5 Replies
View Related
Jun 9, 2008
I was checking out the switch products from Cisco and I noticed that there is quite a few products that been discounted, and I am trying to find correct switches that does traffic shaping on port for inbound and outbound.
I preferred they are 48 ports with 2 Gigabit uplinks, with Enterprise L3 image and it is little difficult to find the correct older models that is being sold on ebay to pick up the correct one.
I am also open to Extreme and Foundry switches as well, but I rather like to stick to one type for deployment, since I am working on the plan to deploy 2 core switches which all edge switches will hook into it.
View 9 Replies
View Related
Jun 28, 2009
Currently we are using D-link 3026 and 3028 switches (Layer 2 switch) for our bandwidth shaping and mrtg graph.
But it seems unstable, etc sometime it might congest due to unknown reason, even though the particular server is not fully utilize their bandwidth yet.
So we decide to plug in our Linksys SFE2000 (Layer 3 switch) and everything goes smooth once again. But, we never really setup the linksys switch yet.
Can anyone recommend us what kind of switches we should use, is the best choice for bandwidth shaping / QOS for the amount of less than $ 600?
View 14 Replies
View Related
Jul 18, 2008
Anytime I've gotten these before, they were stored in:
/var/log/messages
Today (according to logwatch), I got a protection fault in "top".
But when I view /var/log/messages... nothing is there relating to a fault.
The only kernel message that appears is a martian source.
I also hadn't logged into ssh today, isn't "top" an ssh command.
View 9 Replies
View Related
Jul 6, 2015
After I've upgraded Plesk 1.0.18 to latest version, I'm unable to set protection on directories. Plesk say it is set, but it is not. I can access protected directory without pop-up of login-details. Old protected directories work, but for new one added not working anymore. I also tried by conventional way adding .htaccess and .htpasswd files to the directory, but it does not apply either.
View 2 Replies
View Related
Oct 22, 2014
I have 5 Linux Plesk 12 servers, and I use Spamassassin, usually at a sensitivity of 2 or 3, I also use the following DNS
Blackhole lists: zen. spamhaus. org;b. barracudacentral.org;abuse.rfc-ignorant.org;cbl.abuseat.org;bl.spamcop.net;nomail.rhsbl.sorbs.net
But all of this seems to have minimal effect. I examine spam that comes through which looks very obviously like spam, but Spamassassin gives it a very low score, usually in the negative numbers.
Is SA just not as effective as I thought? Seems like if Gmail, etc can filter spam so effectively, then why can't SA? If there's something I'm not doing right, or what you all do to combat spam with Plesk 12.
View 5 Replies
View Related
Jul 3, 2014
I have some error when the new outgoing spam protection (limitation for outgoing mail) is enabled. Mail clients are unable to use SMTP for sending mails. "My mail client says: The message could not be sent. You are not allowed to use sendmail utility."
I don't undestand the blocking behaviour since the checkbox "Allow scripts and users to use Sendmail" is checked and no limit is exeeded.This is the relevant log part of maillog:
Code:
Jul 3 00:44:36 srv01 postfix/smtpd[3326]: C0E5182A20: client=46.128.x.x.dynamic.cablesurf.de[46.128.x.x], sasl_method=CRAM-MD5, sasl_username=info@domain.de
Jul 3 00:44:36 srv01 postfix/cleanup[3331]: C0E5182A20: message-id=<0A380CA8-AAE3-4FA8-BA7A-A3FDF7CD16E2@domain.de>
Jul 3 00:44:37 srv01 /usr/lib/plesk-9.0/psa-pc-remote[3280]: handlers_stderr: DATA REPLY:554:[B]5.7.0 The message could not be sent. You are not allowed to use sendmail utility.[/B] REJECT
Jul 3 00:44:37 srv01 /usr/lib/plesk-9.0/psa-pc-remote[3280]: REJECT during call 'limit-out' handler
Jul 3 00:44:37 srv01 postfix/cleanup[3331]: C0E5182A20: milter-reject: END-OF-MESSAGE from 46.128.213.43.dynamic.cablesurf.de[46.128.x.x]: 5.7.0 The message could not be sent. You are not allowed to use sendmail utility.; from=<info@domain.de> to=<mail@domain2.de> proto=ESMTP helo=<[192.168.1.20]>
Jul 3 00:44:37 srv01 postfix/smtpd[3326]: disconnect from 46.128.x.x.dynamic.cablesurf.de[46.128.x.x]
Moreover I disabled the line "non_smtpd_milters" in postfix main.conf since my server has same issues discribed in the following thread:
Postfix: mails sent through sendmail binary are blocked because of wrong HELO
View 1 Replies
View Related
Mar 11, 2015
Is there a command to turn on antivirus for all mailboxes without having to enter each mailbox and update manually. I have over 800 mailboxes which need updating,
View 6 Replies
View Related
Jan 11, 2015
I have configured the DNS zones for DNSBL service as follows;
"zen.spamhaus.org;b.barracudacentral.org;bl.spamcop.net"
but I continue to to get spam from ip adressess that are confirmed as blacklisted at the above zones by testing them at [URL] ...
Is there something that I have missed in the config.
View 2 Replies
View Related
Aug 15, 2014
Today when I visited my plesk-stat folder, I saw that it is publicly available. Everyone can see the stats.
https://example.com/plesk-stat/
Is not this folder supposed to be protected by password as default?
View 3 Replies
View Related
Aug 25, 2014
When this option is enabled on the Mail Server Settings page, the page loads with the bottom of the page in focus and not the top.
View 1 Replies
View Related
Jan 15, 2015
Is there a way to see what domain is getting hit when I have a huge traffic spike? Not the daily report, but in real time? Like when it is happening?
View 1 Replies
View Related
May 8, 2009
I am trying to find an application that can listen on a given UDP port, say "6271" and forward all traffic (UDP) sent to that port to another IP (not on the same subnet).
I should not call this forwarding, but instead, cloning (because forwarding usually is only on the same subnet or vlan). The packets should not be modified, (thus IP information in packet ect.)
Is this possible? I have tried some applications such as,
samplicator
View 4 Replies
View Related
May 31, 2008
We just ordered a new Dell server and trying to decide which flavor of Linux to use. The server is going to be used exclusively for a MySQL 5 database.
The MySQL database is very large about 9 gigs, (GIS data), and will be hit quite hard.
I was looking at CentOS and Fedora.
Here is the server specs:
2 Intel Quad Core Xeon 5410 2.33GHZ
8 Gigs Ram
2 146GB 15000RPM SAS Drives In Raid 1
View 14 Replies
View Related
Aug 16, 2013
Our Server doesn't show the Traffic History under "Tools & Settings -> Summary Report -> View Traffic History", but for every Domain it runs.
We Migrate this Server from a Dedicated to an OpenVZ Server - on another Server with OpenVZ its running without Problems, but this one we don't migrate.
View 3 Replies
View Related
Nov 15, 2007
What traffic monitor would everyone recommend for sites that have as many as 5,000 to 10,000 hits an hour?
View 8 Replies
View Related
Nov 11, 2014
I have two sites that register a high amount to SMTP traffic. Both sited have only forwarding email addresses.
Do forwarding addresses accumulate SMTP traffic on the log?
Also, if a forwarding email is created without a mailbox is it necessary to add a password so that "others" cannot use the blank SMTP server to send email out?
View 2 Replies
View Related
Dec 25, 2014
Today I try to fit all FW rules to my need. After i blocked the traffic "allow other incoming traffic" in the Plesk FW i dont get folders listed via FTP. The FTP client connect to my server, but listing content times out. After allow other traffic the content get listed. The rule "Allow FTP connections" ist in all enabled all the time.
View 3 Replies
View Related
Jun 14, 2015
I'm getting a traffic notification on a site I restored from a backup that originally came from a standard Plesk edition. Web Admin Edition doesn't appear to have access to Subscriptions, and all I can find with regard to limits under Webspaces is a hard disk quota, which isn't even editable. How do I amend of remove the limit?
View 6 Replies
View Related
Jun 25, 2015
When I deny all other traffic for the "System policy for incoming traffic" to secure the server by only allowing the explicit ports I've requested to open, my server stops operating correctly.
It appears when I set the "System policy for incoming traffic" to deny, it appears to be disrupting various functions such as web traffic over ports 80/443, FTP, SSH, they either work extremely slow or don't work at all.
I brought this up with my Plesk license provider and they stated that the Plesk firewall doesn't add any tracking for ephemeral ports, therefore if you set the policy to drop for incoming/outgoing, it's not going to allow proper TCP communication since the return socket can't be opened. Also that the firewall is an explicit deny system rather than explicit allow based system.
Am I doing something wrong? All I want to do is to block all ports other than the ones I've set to allow. Is this how it is supposed to work?
View 1 Replies
View Related
May 31, 2007
I have a situation like this:
There is a directory say, "Master" and inside, "Master" there is sub-directory, "Slave". A user who has access to, "Master" should be able to access, "Slave" automatically. However, a user who has access to, "Slave" should not have access to, "Master". Inside cPanel this type of protection is not possible.
View 3 Replies
View Related
Jan 29, 2015
I migrated from one server running Plesk 10.4.4 Update #59 to a new server running Plesk 11 which I then updated to 12.0.18 Update #32. Since moving to Plesk 12 the "Notify when disk space/traffic usage reaches" emails have been being sent to our customers set up on the server whereas previously they were sent to the server admin email address.
Is this a change with this version?
View 1 Replies
View Related
Oct 8, 2009
I am looking for some good ddos protection providers, via protected dns. I've searched on internet, but most of them are really expensive.
Please tell me some ddos protection providers what could help me.(gige is too expensive btw).
And I found some ddos protection scripts. How can a script protected a server from ddos? A sript like CSF or DDoS deflate?
View 12 Replies
View Related
Jan 6, 2007
my linksys switch comes with a web control panel under "qos" where i can control bandwidth there is Ingress Rate Limit and Egress Shaping Rate, what are they?
View 6 Replies
View Related
Apr 16, 2009
Hey guys If there was a way to have the ips of the dedi change constantly would this help prevent ddos attacks or would there be no difference if the domain was being attacked.
View 2 Replies
View Related
May 25, 2009
i'am looking for a software based ddos protection,some one know something for try to mitigate a ddos or help to get the server rock a solid?And i need to know too where i change the DNS(vhost) of my DEDICATED server.
View 4 Replies
View Related
Sep 24, 2009
so a guy I know runs a site, it's being hit very hard with a DDoS attack. He's spending about 500 /month to keep his site online. He's using ServerTech, but for the last few days, it's been offline and they have been non-responsive for the most part. I'm guessing they just don't know what to do.
Do you guys have any recommendations for any DDoS protected hosting? He doesn't really want to pay more, if he doesn't have to.
View 14 Replies
View Related