ServerBeach Review

June 21, 2014 Posted in General

I’ve been with ServerBeach for more than two years. One server had one ram problem; the other server never had any problems.

> uptime

3:42AM up 863 days, 1:48, 2 users, load averages: 0.10, 0.09, 0.08

ServerBeach also has excellent connections to Asia. I’ve been more than happy about their hosting, but unfortunately they dropped support of FreeBSD recently. If the servers fails, they won’t install FreeBSD for me. I need to move again, sigh.

Frequently used pf commands

November 9, 2013 Posted in Security

For my own convenience due to bad memory: (valid only with this article)

// Add or remove IP/subnet
# pfctl -t blockedips -T add 1.2.3.4
# pfctl -t blockedips -T delete 1.2.3.4

// Flush all NAT, filter, state, and table rules and reload /etc/pf.conf.
# pfctl -F all -f /etc/pf.conf

// View all IP address listed in tables
# pfctl -t blockedips -T show

// View statistics for each IP/CIDR
# pfctl -t blockedips -T show -v

AT&T Email

May 17, 2012 Posted in Email

Update: I resubmitted a unblock request with this post, AT&T has confirmed that they will remove the block. It was quick! Thanks!

AT&T blocked all emails sent from one of my servers, which I’m sure was a mistake, because the server hosts several forums and only sends notification emails to registered members, e.g., when a member asked a question on accessforums.net, if someone replied to his question, the forum will send a notification email. To be on the safe side, I have never sent out a single newsletter from these forums.

According to email server log, I submitted unblock requests here two times in the last two months, but no actions, no response whatever, just like a black hole. I’m sure they didn’t look into the problem at all, because anyone who read the emails or checked my server will know it’s a clean server.

Can anyone bring this post to AT&T admin’s attention? Your simple block has brought lots of inconvenience to our forum members (your customers).

(host gateway-f2.isp.att.net[207.115.11.16] refused to talk to me: 550-72.51.41.55 blocked by ldap:ou=rblmx,dc=att,dc=net 550 Error – Blocked for abuse. See http://att.net/blocks)
xxx@bellsouth.net

No custom kernel via ssh

August 21, 2011 Posted in FreeBSD General

Tried to build a custom kernel on a canceled server, I couldn’t connect to it once the build started, I also couldn’t connect to it after the build finished and server rebooted. I don’t think I will build custom kernels ever again on remote servers.

DoS Attacks

August 21, 2011 Posted in FreeBSD General

If your server was down due to insufficient swap space, usually needed by large amount of MySQL connections, it’s a sign of DoS attacks. My servers started to get attacks earlier this year, and they were getting increasingly frequent. Here are some simple practices I have employed, they have been proved to be effective for my server in the last few months.
Read More

Backup Script

August 21, 2011 Posted in Command & Utility

My simple backup script
It runs daily with cron job.

#!/bin/sh

# directory to backup
BACKUP_DIR=’/home/’

# directory to store backup files
DEST_DIR=’/backup/’

# number of days to store backup files
MAX_DAYS=30

# base backup file name
BASE_FILENAME=’home’

# remove files that are 30 or more days old.
find $DEST_DIR -mtime +$MAX_DAYS -maxdepth 1 -name ‘*.tgz’ -exec /bin/rm -f ‘{}’ +

# generate backup file name with date stamp, no hour/minute info for easier remote backup.
destfilename=$BASE_FILENAME`date “+%Y%m%d”`.tgz

cd $BACKUP_DIR
tar czf $DEST_DIR$destfilename . &

Read More

PHP 5.3 Isn’t That Bad

July 29, 2011 Posted in FreeBSD General

I complained about php5.3 generating huge log files, also, E_DEPRECATED doesn’t suppress those deprecated errors, as a result, I had to turn off php logs. Actually it doesn’t have to be that bad.

The reason why E_DEPRECATED doesn’t work is that, some scripts set error_reporting value and supersede the setting in php.ini, so, no matter how we configure php, we just couldn’t suppress those errors. Obviously, the best solution is modifying the scripts, but I didn’t want to risk breaking the code and had never given it a try. I was very wrong, the best solution is actually also the easiest solution, there is no risk at all. I fixed a dozen scripts within a couple of hours – just very simple replace. Read More

Add Zip Support

July 29, 2011 Posted in PHP

According to the PHP manual, zip extension uses the functions of zlib (archivers/php5-zlib), but it doesn’t work. Actually there is a separated package dedicated to zip support: archivers/php5-zip, after I installed this package, phpinfo() will have a zip section. Isn’t that confusing?

SSH Tunneling – Easy Secure Proxy

March 20, 2011 Posted in Networking

While I was trying to setup OpenVPN as a proxy, I found that SSH tunneling is a much easier and more convenient solution. The configuration only takes a few minutes, and the client side can be configured to use the proxy or not on a program-by-program basis.

Add the following line in /etc/ssh/sshd_config

PermitTunnel yes

Configure Windows client

Disable Remote Access for MySQL

March 19, 2011 Posted in MySQL

I’m seeing messages like below in mysql error log on my new server:

110318 10:48:02 [Warning] IP address ‘x.x.x.x’ could not be resolved: no reverse address mapping.

I don’t need to access mysql remotely, it should be disabled for either performance or security. This can be changed by adding “skip-networking” in my.cnf, mysql will not listen on a TCP/IP port at all.

[mysqld]
skip-networking

MySQL Backup and Restore

March 12, 2011 Posted in MySQL

Backup single database
# mysqldump -u root -p db_name | gzip > sql.gz

Restore
# gunzip < sql.gz | mysql -u root -p db_name

How to Setup Key Based Authentication in SSH

March 8, 2011 Posted in Security

This is for Windows client, please refer to this page for FreeBSD workstation.

Key Based Authentication, step by step

1. Download PuTTYgen (on Windows), generate private/public key pair.
Read More

Upgrading PHP 5.2 to 5.3 – Bad Move

September 5, 2010 Posted in PHP

Update: please see my new post: PHP 5.3 Isn’t That Bad

MediaWiki doesn’t like PHP 5.2.8, I had to upgrade PHP to install MediaWiki. PortUpgrade upgraded PHP to 5.3.3 successfully, but it got problems while upgrading PHP modules, it’s mainly caused by the change of PCRE package which became part of PHP on FreeBSD since 5.3. If you need to upgrade to PHP 5.3.x, make sure you read /usr/ports/UPDATING and this thread.
Read More

Disable Apache Log Files

August 11, 2010 Posted in Apache

Today I was overwhelmed by all kinds of error messages caused by insufficient storage space, this happened once 5 years ago. Since I linked /var/db/ and /var/log/www/ to another big partition, /var usually only uses a few hundred MB and should never use up its 10GB space. It turned to be the master Apache log file (/var/log/httpd-access.log). Read More

Welcome to Nginx! What’s This?

July 23, 2010 Posted in Security

When I visited one of my sites, I got a page with only the bold and big text:

Welcome to Nginx!

It looked like my site was hacked, actually I was pretty sure about it at that moment. I almost wanted to roll out my backup, fortunately it’s back to normal 20 minutes later, then I thought it might be my computer’s problem. After some digging, it turned out to be my ISP’s problem, somehow my ISP treated my site as an invalid domain and displayed their own search engine (evil), but their own site didn’t work, hence the default page from their proxy server.

« Older Entries



Archives