by Dan on Oct.03, 2013, under System Administration
Recently I was handed a WordPress site for a client that used qTranslate for various versions of their website in different languages. The caveat was that each language needed its own domain name, not a subdomain, path or query string of the main one. For sure I could have redirected the welsh domain to the english version with the /cy/ path in it, but I had a better idea. Use nginx. This is utterly genius.
by Dan on Sep.22, 2012, under System Administration
I finally had the opportunity to upgrade my laptop from Fedora 16 to 17. When I installed 16 originally, within the week 17 came out, and I was too busy to do anything about it. Granted now 18 is in beta, and is likely to be released tomorrow now that I’ve done this upgrade, I wanted to post about an issue that I came across that no one seems to have touched on much, or at least there’s no real mention of it online. Only by chance did using a couple of tricks combined sort the problem out.
by Dan on Aug.05, 2011, under System Administration
If, like us, you’re running a shared hosting platform on Amazon EC2, and have many clients requiring SSL certificates, you’ll probably be using Elastic Load Balancers to do the SSL termination for you, since you can’t have multiple Elastic IP’s associated with a single instance.
However, when you reach either 5 or 10 ELB’s, you’ll be greeted with this error message when trying to create another one:
Error: TooManyLoadBalancers: undefined
Amazon define relatively low quotas for new AWS accounts, which are usually fine for most users. However, some use cases apply where you need these limits to be increased. The problem with the ELB limit, is that there’s not very much documentation explaining that there is a limit, nor how to request to increase it. The answer lies hidden away here on Amazon’s AWS site. This is the form you need to fill in to request an increase on the account’s ELB limit.
by Dan on Jun.13, 2011, under System Administration
I realise that I’ve been neglecting my blog for a while now, with my last post published at the end of March. Quite frankly, I’ve not had anything interesting to write about. However, career starting pastures new, I’m starting to have interesting things to write about again. Over the course of time, I’ll probably post a lot of stuff about Amazon Web Services (AWS), Zend Framework, amongst other things. Today’s babble though is about implementing AWS as your core hosting infrastructure, and the benefits and downsides to it. I’ll also post my findings about the best way (in my opinion) to implement certain requirements.
I was recently recommended some software to prevent (or at least act on) automated hack/DoS attacks on services. The usual suspects triggered this, dictionary attempts on common usernames on servers, “admin”, “administrator”, “root”, etc. Up until now, I’ve been monitoring for unusual network activity. When the traffic reached a certain peak for a specific length of time which was out of the ordinary, I knew something was going on. The hard job then was trying to find out which service was being targeted. I started on the usual suspects, proftpd, ssh, httpd. What I wasn’t expecting at this particular point was someone trying to hack open apache.
Anyway, I digress. The software is called fail2ban. Basically, it’s a python daemon which you configure to sit and monitor the log files from all your exposed services. It uses various timestamp algorithms along with checking using regex for failed auth attempts (configurable). In the regex, it also uses extraction parentheses to extract the host/IP address, then automatically turns to iptables and bans the host within a certain number of failed auth attempts. It defaults to 3 failed attempts getting you a 10 minute ban, but again this is configurable. I’ve set mine to 3 failed attempts with a 30 minute ban, and it seems to be quite happy with that. Since then I’ve actually noticed server load go down a touch, which tells me how many times my servers were being targetted without me even knowing it!
And since it’s configurable for practically every service that logs to a file, it’ll also work for custom applications that do the same thing, no matter what they are. I’ll have to bear this in mind when I write stuff in the future that could be prone to hack attempts.
Check it out: fail2ban