Controlling bandwidth usage with mod_cband or mod_bw on Apache2

Today's major problem was bandwidth. On one of my servers, there is a vhost that is beginning to consume a good chunk of bandwidth on a daily basis. I have daily reports sent to me showing the monthly total of bandwidth used on a per vhost basis. This is handy to see if any of my vhosts are hogging things up. I'll write another entry about that tool in a separate blog.

Either way, I have a site that normally consumes 3-4GBs of bandwidth a month, but looking at my report, I see that they've consumed 8.79GBs of bandwidth.. and it's only the 5th day of February!!!!

Snort upgrade from 2.4 to 2.6 Part 2

Ok. I figured out what the problem was with the preprocessors. Looks like there is a USE flag that needs to be set to bring in the dynamicpreprocessors (+dynamicplugin). Here are the USE flags that I have set:

net-analyzer/snort-  USE="dynamicplugin mysql -flexresp -flexresp2 -gre -inline -linux-smp-stats -odbc -perfprofiling -postgres -prelude -react (-selinux) -sguil -snortsam -timestats"

Snort upgrade from 2.4 to 2.6

Today, I needed to upgrade my snort 2.4 install to 2.6. I heard that it's heavy on the memory usage.. so I wanted to tread softly here.

After doing the initial install, I noticed that snort continually complained about preprocessors (ie: ftp_telnet, frag2, smtp, dcerpc and dns). Not sure why it's not wanting these. I'll need to do some research to make sure I'm not missing USE flags, etc. After that it then gave me the following on start up:

ParseFlowArgs: Invalid token noalerts

This was related to a bleeding rule:

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB phpMyAdmin Suspicious Activity"; flow:to_server,established; content:"POST"; depth:4; nocase; uricontent:"/grab_globals.lib.php"; flowbits:set,post.phpmyadmin.grab_globals; flowbits:noalerts; classtype: web-application-activity; sid:2002408; rev:3;)

Spamassassin and stopping stock/investment SPAM

So I've been getting a ton of Stock SPAM which is driving me nuts. The SPAM has been scoring real low, so it get's through my default cutoff level of 3. I'm currently using a nice virtualmail setup consisting of postfix, courier-imapd, spamassassin, clamd and amavisd-new tying it all together. The setup has been running perfectly for a couple of years now, but the last two months or so, I've been seeing an abnormal amount of SPAM coming through including Stock and graphical SPAM (fuzzy-ocr will be introduced soon).

Creating a Intrusion Prevention System (IPS) using Snort and SnortSam

This article discusses how to use Snort and SnortSam to create a intrusion prevention system. Normally Snort is referenced as a IDS Intrusion Detection System, but you can use snort to actually stop attacks on the server. Snort is a very popular application which uses rules to monitor network traffic. If alerts are triggered they can be sent to syslog or to a database. Snort is a vital tool to have on your server. It's important to see what kinds of attacks are being launched so your can weigh your own vulnerability assessment.

Creating tmpfs and swap space after partitions have already been written.

This how-to describes a process of creating a tmpfs and swap file system on your existing server, after the partition table has been written. I'll start off with a little history first. I was presented with a production server where there was only a / root partition and 500MB of swap allocated. We need to bump up RAM to 1GB, and I wanted to allocate more swap space. Also, I wanted to add an extra layer of security by making the /tmp directory noexec,nosuid. This is a nice method to counter script-kiddie attacks. It's by no means 'rock-solid', but can really help you on automated attacks. The solution is to use some disk space and create a file system. Once the file system has been created, you would mount it with special privileges.

MySQL Upgrade from 4.1 to 5.0 Done.. and a success!

Yesterday, I started the upgrade from mysql-4.1.21 to mysql-5.0.26. I was a little gun-shy and hesitant since the last upgrade from 4.0 to 4.1 caused all sorts of problems with charset, etc. This upgrade was pleasantly easy and pain free. There is a Gentoo MySQL upgrade guide that will be handy for upgrades that involve additional attention (ie: 4.0 to 50 instead of 4.1. to 5.0). Since my MySQL upgrade was from 4.1 to 5.0 I was able to do a straight upgrade. I'll list what I did before (mostly provided by the Gentoo Mysql upgrade guide mentioned earlier). Code Snippet and Programming Blog

I wanted to announce This is a great new Code Snippet database and programming blog which hopes to have some great web development articles. Currently there is a forum, but no action as of yet, and you can post snippets to the database. Currently, there are over 600 snippets in the database. I'd like to see the PHP library count get a little higher.

Dirvish backup system

Syndicate content