Chris’ Blog

… gone senile.

After my recent break in I have looked into ways of protecting SSH and my server resources. I employ fail2ban on my main server, it has the resources to run such a programme - my Linksys NSLU2’s however do not. The solution is to use iptables to limit the number of connections any host can make in a given time frame. I wrote up a quick how to on this over at my wiki. Enjoy.

So today I come to you with a confession, I discovered one of my boxen had been successfully attacked and the attacker had by the looks of things used it for launching DDoS attacks. I feel particularly stupid because the entire thing was my fault, I left the root password as root. Although I must stress I didn’t set it to this, I was using a pre-build debian install because the d-i installer was broken under arm and forgot to change the root password to something a little more secure.

So it is the other side of the festive period and I am slightly better for it, financially. Next pay day should be even better, worked over 70 hours plus in 2 1/2 weeks. I bought myself a new phone over Christmas, it is a Nokia 3110c, and I got it for cheap using staff discount - not complaining. I’ve filled it up with a 2GB SanDisk MicroSD card from the ever fantastic SVP and now use it as my music player as well.

I started up a little project after I got a new phone with the basic aim to write a basic webmail client in PHP optimised for portable devices, its untitled so far. But it is very light on resources making use of PHP 5 with the IMAP Extension, and memcached for caching of IMAP data. I will make the source available via Subversion soon enough.

Over the holidays I have just had a made some serious changes to my server configuration, doing away with my reliance on Linux-VServer because it is just not stable enough. One of the instances crashes it generally will not sort itself out in a reasonable time without a reboot of the entire host, what I was trying to avoid. So instead I have moved most stuff back onto sandman proper now, the exceptions are a couple of things which need Debian Testing which still run on a VServer host. I hope to remove the need for these and then remove VServer totally and install OpenVZ which appears to be much more robust.

I am now using Lighttpd to serve the bulk of my web content because it has much lower resource usage than Apache and is fairly extensible and customisable, certainly more so than Apache until I discovered mod_macro. It does have some draw backs to Apache, like I cannot do PAM authentication or run Subversion without piggy backing it through Apache and certain configuration drawbacks. But considering the only VHost that really needs PAM authentication is my Subversion repository and that cannot move away from Apache I think I am okay.