I love nuke, but ... the right host helps.

Posted: Wed Nov 15, 2006 12:51 pm

I love to nuke, but ...

Are you experienced with "to nuke or not to nuke" .. that love/hate thing? For sure it's not nuke's fault, usually. For me, the struggle is all the other bits of LAMP.

There have been recent troubled, work intense times for me and my nukes. Not helping was that my domain count went above 20 last month... at least 10 are some nuke version, or another.

For 4+ years I'd been reasonably happy with my server provider. Then, because I had too little access to root, (for example: services were going wonky when I sent out a nuke newsletter, and maybe a red herring about php as cgi (or something called suexec) and other little things ... well we all thought a vps would be a good idea! What I didn't know was that this host was not in the business of vps. I Cody, as usual, was their experiment. Rolling Eyes

Well, that relationship all blew up one day and I went looking for a new server provider who was in the business of vps. Thankfully I found one, reasonably close to my home. (bonus!) And now one month and at least 25 tickets later, I'm almost confident I can create a relationship for a long, long time to come. <whew> ... and I'm convinced that vps (just more shared hosting) is just a stepping stone to dedicated.

A nuker without a bucket full of sysadmin skills, obviously needs a host who understands nukes, or is willing to learn. Kudos to all who host nuke with style.

[rant mode=on]
But, what drives me nutty is that I pay more, but now have more work! The linux learning curve is way steep. For example, right now I need an iptables command to ban for more than x attempts at user authentication. Currently, I have to see the attack (tail -f /var/log/messages) and then I shut down the sshd service. And then run the only iptables command I know which finally bans the IP.
The old cpanel server had a brute force function, it would send me a nice message saying it had banned xxx.xxx.xxx.xxx. But the config was in need of tweeking because there were still way too many attempts before the ban kicked in. On my new plesk8/virtuosso the firewall thingy sucks and maybe my host is waiting for me to figure out this bit of linux on my own. <rolling eyes and feeling vulnerable>
[rant mode=off]

Anyways ... beyond the server side struggle, I've been updating all those nuke sites ... this past week, my biggest and best nuke was finally upgraded from ver6.9. (That was a sweet spot.) There was much angst about that upgrade, since the days of nuke7.3. <shudder> The actual upgrade was certainly a creative task with phpmyadmin, and I've got a couple of questions about some bbtables, and if I don't see the inside of a bbsearch_wordmatch table for another 4 years I'll be happy enough. So, now that I've gone live with this distro, my users are happy and that's all good.

[rave mode=on]
RN 2.0 is so sweet, it's like having new jeans, shoes and a hat ... and throw in a new bicycle too! .... You coding gurus rock my universe!
However, hoping RN2.1 is imminent, I'm holding back from applying those "nice to have" mods. (Besides, it's busy enough around here trying to get my head around what needs to be done with some legacy mods already on the troubleshoot list. (see lastseen))

I do love to nuke .. So thank you. My appreciation is in the mail and in my heart. And if you are ever in Victoria, BC ... let's lunch.

Have a happy nuking day.

Posted: Wed Nov 15, 2006 5:34 pm

I personally feel that more then a few would agree with you on the nuke and a few tid bits of the linux part, First off, Id recomend csf config server firewall developed by chirpy of the cpanel forums.

This is IMO the best firewall that comes with its own brute force detection softwayer as well.
This makes banning ips as easy as pie with the use of whm and not the command prompt.

Also some will say that apf firewall is the best, but the last time I checked, its not longer in developement and prone to security risks and alot more.

using iptables is a good skill to learn as some who have messed with linux for a while still dont know how to.

Theres a lot more that I could say for security, but I always recomend a lot of time and reading done at forums.cpanel.net as that will teach you more then you know.

Posted: Fri Nov 17, 2006 6:18 pm

well ... I've had a hair pulling 48 hours... even thoughts of looking for yet another new host.

It started with mail dupes. So support said they would reinstall the software.

My server and httpd is still running, but all mail and ftp are down since yesterday morning and "plesk is misconfigured."
I experienced plesk 6 years ago, yuck. And plesk 8? It still s****
I'm use to cpanel these days, and the only advantage of plesk is the price. As usual pay peanuts, get monkeys.

I hope my host is building something new for me right now, something with more resources and with cpanel. But this downtime is making me nutty.

Have a happy nuking day, I'll be back.

Posted: Sun Nov 19, 2006 8:29 pm

I've never had problems with Plesk. Not sure how it got misconfigured, may want to start with a clean reload of the OS

Posted: Mon Nov 20, 2006 8:42 am

Reloading the vps was the plan ... but then I learn that my plesk backups will be destroyed in the process... of course those backups probably have the same sendmail error. But never mind that ... support has just disappeared on me.

For the past two weeks I've been unable to access my sites in any meaningful way, either httpd or mail or ftp, for 7 out of those 14 days.

Nothing has happened all weekend... still no mail, still no [ Only registered users can see links on this board! Get registered or login! ] I can't believe that they broke it while attempting to fix dupe mail messages and then they disappeared. I managed to get a .tar of files and db backup, but it looks like all my mail names have disappeared. Sendmail and the plesk interface refuses to restart ... and there isn't a support tech anywhere in site.

I signed up with a new host on Saturday. I hope they'll have my vps ready today and then I can begin the transfer process. The default install on this new server comes with php as cgi (suphp?) Because it's a vps I can install php as an apache module, but I'm now not sure if I need to do this. Maybe I should just stay with the php as cgi module????

Posted: Mon Nov 20, 2006 9:03 am

What - that sucks. Do you have a seperate FTP backup server? I use that to push all my backups out and restore the.

Hopefully you will get things settled. Definitely install PHP as an Apache module - do not run it as a CGI module.

Posted: Thu Nov 23, 2006 10:04 am

I don't know what I would do without this continuing rant, a chapter in the learning curve.

So... my canadian host gave me some kind of priority and the os was reinstalled. I'm still far from nominal.

I think the mail logs, and other logs, get totally out of hand and need a routine to manage them. current routine; if I find them, I delete them.

I need a command for find *.* files above 2MB recursive?)

I joined linuxchix.

Anyways... now I have 3 vps! Thankfully, I've stopped paying for one of them, vps 1, and need to move the last domain from there by Dec 1. Since vps 2 is currently humming along, with the iffy support (lesson learned... do my own troubleshooting first) ... my attitude is: the first install never works anyways.

Then there is vps 3 ... bought last Friday night. It took them until this morning to send me the welcome message. (egads) As this is US hosting with the php-cgi default. I'm going to take it down a notch and see if I can't get UltraDNS or anycasting happening, and as a backup server!

<whine mode=on>
I still don't have a brute force stopper on my main server ... the crackheads are ubiquitous... there was another IP hacking away at my ftp this morning... egads.
I can only hope I am smarter and faster they are they, but I feel useless because I haven't a clue about iptables (silly plesk), at the moment. Too busy reinstalling domains and checking and changing passwords, to do anything about it and wonder why no one has written an IP/user management interface for a newbie like me? Or is it just a plesk thing.

Some days I really miss my shared hosting.
<whine mode=off>

So, at the same time I'm working my previous 6.9 site with a squeaky clean RN2.02. It feels so sweet. 2.1 is going to rock the planet.

Have a happy nuking day!

Posted: Thu Nov 23, 2006 2:50 pm

CodyG wrote:

I need a command for find *.* files above 2MB recursive?)

find . -size +2048k

Smile

Posted: Thu Nov 30, 2006 5:53 pm

Update Rant:

Sheesh ... I finally got my 30 domain plesky installed, again. Besides pulling an all nighter to get things almost back to nominal re the missing domains, I'm going to have to take them a big box of cream puffs for Christmas just to be noticed around there.

Now, today's angst, besides the lack of a sane backup routine and a big loud server puppy to scare the kiddies, I'm worried about server resources.

top: cpu load 2.9, 2.0, 1.5 for example.

Most of this is coming from httpd which runs about .7. Isn't that too high? Normally, if everything is humming along just fine I see top numbers like 0.05, 0.01, 0.00 and services well below .5. I have no high demand websites, most of the time the server should look like it's sleeping.

My host says, it isn't a problem. For them, the problem is obviously my scripts.
hmmm... ROTFL

It is more likely I'll give up this host, rather than give up my scripts.

The right host helps and as I'm committed to seeing this one through for the next 5 months... and I'd like to stay close to home for years and years... I will find a way to get them to see the light and come round to my way of thinking.

Maybe everything would run better if this just a matter of topping up with more cpu and ram? Currently there is "guaranteed" 258 min RAM. One would think that would be sufficient, but the old saying goes, you never have enough memory ... cpu speed is currently 500MHz , would it help if I put it up to 800MHz

iow, besides my scripts, what could I be doing to get more rock and roll from httpd?

Posted: Thu Nov 30, 2006 10:07 pm

I would say this, if it was operating at the lower values before hand, you may have had some sort of optimizer, or accelerator. Now your still not dealing with a lot of issues, although your cpu and ram could use a boost. We run 2 3000 MHz cpus, yes that 2 cpus combined 6,000Mhz, We also run 2 Gigs of Memory, we dont get slow days, really we dont. I love our servers configuration and setup, We've paid lots of money for it too, so I wouldnt think this will be cheap.

Now I dont like vps, and heres why, 1st, if the node is breached, everything is breached, but you have no control over that node, the reason we left reseller.

2nd, You are limited in what you can do, banning ips and such, no firewall will stand on it, that I know of, except the one on the node, which really isnt much of one anyway.

3rd, Ive never heard one good thing about them as far as stability goes.

So heres a small list of things to do.

First:
Run this: ps aux
Gives a list of current operations along with cpu usage.

Then run this if its http, or mysql:
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

This will list all ips connected to the server along with amount of times connected.

If not, verify the process is not needed:

Then run kill -9 {process id}

Now if interested in another host, contact me either msn or yahoo, I will introduce you to someone who has been dealing with vps for years, you wont be an experiment.

Posted: Fri Dec 01, 2006 11:39 am

You all are right ... I really need to go dedicated. (like my DOS PCBoard running on it's own 386, 6 - 14,400 modems and a huge telephone bill). It's about commitment, just what cost, in resources and time, and can I recover that cost without another layer of baggage/work... it's a balance between this hobby and ... funding a new car or the approaching retirement. But I think if I can just find that sweet spot for 50, not quite sleeping domains, then it's easy street from there... (lol, major denial)

So, now I have just 1 vps. #1 was closed, #3 I just canceled, hoping I'll get money refund, except for setup fees. (egads). Even if I wanted another part of a vps box, #3 wasn't a good fit.

vps2 is in Vancouver. The support is atrocious, but there is safety in knowing the server is only a bus and ferry ride away. Maybe I'm working my way up to co-location? In anycase, I need to have a good plan and I think 2 servers need to be in that plan.

Just to change the subject to a much needed Rave ....

So, after all this I finally get around to writing up a newsletter for one domain's 865 subscribed members. It's not surprizing that one's domain can get unsticky when switching servers three times and upgrading at the same time and way too much downtime. Stats were low and getting lower, it was time to get them back!

I guess there is something about my 6.9 newsletter module that I had fixed because this morning's 7.6 stock module newsletter went to 865, all without linebreaks.
<bashing head on desktop>

So, after that, I hightailed over to Montegos for his html newsletter module ... installed it in a wink, and after previewing and testing, I sent out a readable newsletter to 865 subscribers.

Thank you, Thank you Montego!! You rock.

Posted: Fri Dec 01, 2006 12:21 pm

Yes, thats an excellent newsletter module for sure Smile

You should spend any free time sending pleading letters to Mr Claus for a managed Dedicated Server, with the right supplier you'll be much, much better off.

I have used VPS myself in the past but always had problems because some other muppet on the same server was using all the resources at times which kept killing my own sites.

Luckily I don't have to worry about this sort of problem any more Smile

Posted: Tue Dec 12, 2006 11:10 am

Update .... and yet another question ...

My host and I have come to some sort of an understanding ... I sent more money and he provided more resources. lol Finally, for the moment anyways, page loading and services status are finally acceptable. (whew) Before I ever committed myself to this host, I told him about the outrageous size of one of my phpnuke databases, obviously one of us was in denial. Wink

We talked about dedicated ... maybe in the spring.

We talked about plesk vs cpanel. Economically, plesk is way better for me atm. But the problem with plesk is it gobbles up free memory every time I login to it's control panel. It grabs everything in sight and hangs on to it.

<whine mode=on>
So, I need to get to phpmyadmin easily without the use of the plesk control panel. I've been googling this for hours, but have yet to find an understandable way to accomplish this. I read something about phpmyadmin config file and an .htaccess file. Am I on the right path? How come creating a FF bookmark is so difficult?
<whine mode=off>

Posted: Tue Dec 12, 2006 12:00 pm

Port 3306 is the default phpmyadmin port, perhaps that will help you in some way.

Posted: Tue Dec 12, 2006 12:42 pm

I don't know why Plesk would be doing that. I use Plesk for most of the general management stuff. If you are just doing database accesses, phpMyAdmin should work fine. Just install the standalone phpMyAdmin (preferably not in any guessable directory name). Just set the default PMA config and you should get a login prompt

Posted: Mon Jan 08, 2007 10:51 am

Whew ... I for one am glad that year is over. The flood, the renos, the host panic, the upgrade of my 6.9 production site, the PNW weather, and Mom, 75, battling for her life against cancer ... it was quite the year. Mom is in Florida atm... Mom 1, Cancer 0.

Perhaps it's the vps environment in which my Plesk lives? That virtuozzo thingy has a shared .ini file or something.

I've still got so much to learn about managing my share of this box. Like how to install phpmyadmin so I can run it from the command line. But I spent far too much time over the holidays attempting to learn more php. It's hard to do both. A friend set up Komodo for me, so I'm learning how that works too. And I've just about finished the first version of sets of grade 10 chemistry exercises

2007 is looking up ... my server downtime and slow time has been remediated. Nothing like throwing more money and seeing what gravity does .... It's still not the fastest puppy in the litter, but she works and users aren't complaining about disappearing data.

And ... I'm registered to go to the php Vancouver conference! How cool is that? [ Only registered users can see links on this board! Get registered or login! ]