Archive for the 'Guides' Category

posted by MariyaV @ 14:45 PM
September 9, 2013

w

Command w displays list of the currently logged in users and some additional information. If you want to check who else is connected to your server and what they are doing, w is the command you need.

Read the rest of this entry »

posted by MariyaV @ 14:52 PM
August 5, 2013

Today we are going to talk about sundry Linux command line utilities which kicks off the series of articles dedicated to commands every admin should know. The articles are aimed primarily to inexperienced users and some passages may appear to be spelling out the obvious things or oversimplified (and therefore a bit inaccurate). Some of the utilities are included in blank versions of OSs, some need to be installed additionally.  Read the rest of this entry »

posted by MariyaV @ 15:03 PM
June 10, 2013

Today we are going to talk about several ways of reporting such malicious activities as spam distribution and brute force hacking attempts. Just reporting the offence by no means makes the list of prevention measures complete (there are other ways of enhancing online security) but not reporting it does not make that very list complete either, which may turn out to be something we might start to regret one day. On the other hand, making spammers and hackers regret sounds like a way better idea. Before we start, we would like to ask you not to overrate the efficiency of such reporting and not to expect the results to be great. Chances are there will still be spam in your inbox but please don’t get discouraged. We can do our share of the job and let the consequences take care of themselves. It is not much and it is better than nothing.

So how do we know that a Linux server was a target of a brute force attack in the first place? The answer can be found in a log file /var/log/secure (for Debian/Ubuntu – /var/log/auth.log). This file shows the list all SSH connection attempts (successful and unsuccessful), the usernames which the connections were being tried to be established for (or established for), IP addresses of the client hosts and the exact time of each SSH connection attempt. If there are messages about authentication failure and you know for sure it is not you who entered the incorrect password, it means that, unfortunately, the cause for reporting has finally presented itself.

Once you know the attacker’s IP address you can find out the owner organization of the subnet it belongs to and contact it directly. The contact information of the owner is usually available in WHOIS databases. You can either visit http://who.is or ran “whois ip.ip.ip.ip” in Linux, FreeBSD or Mac terminal (where ip.ip.ip.ip is the IP address you need to look up WHOIS information for).

There is no strictly defined form for a brute force attacks report so usually it is enough to state that there was such an attack and enclose the extract from the /var/log/secure.

Dear Sir/Madam,

It has come to my attention that my server has been an object of continuous brute force attack. The attack source IP address (0.0.0.0) belongs to your subnet and therefore I am asking you to assume the measures in order to stop this hacking activity.

The relevant information can be found below.

[root@myserver ~]# cat /var/log/secure

May 23 20:54:56 myserver sshd[5364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=0.0.0.0 user=root

May 23 20:54:58 myserver sshd[5364]: Failed password for root from 0.0.0.0 port 43545 ssh2

May 23 20:54:58 myserver sshd[5365]: Received disconnect from 0.0.0.0: 11: Bye Bye

May 23 20:55:05 myserver sshd[5366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=0.0.0.0 user=root

May 23 20:55:06 myserver sshd[5366]: Failed password for root from 0.0.0.0 port 43933 ssh2

May 23 20:55:06 myserver sshd[5367]: Received disconnect from 0.0.0.0: 11: Bye Bye

May 23 20:55:08 myserver sshd[5368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=0.0.0.0 user=root

May 23 20:55:10 myserver sshd[5368]: Failed password for root from 0.0.0.0 port 44218 ssh2

May 23 20:55:10 myserver sshd[5369]: Received disconnect from 0.0.0.0: 11: Bye Bye

May 23 20:55:12 myserver sshd[5370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=0.0.0.0 user=root

May 23 20:55:14 myserver sshd[5370]: Failed password for root from 0.0.0.0 port 44537 ssh2

May 23 20:55:14 myserver sshd[5371]: Received disconnect from 0.0.0.0: 11: Bye Bye

May 23 20:55:16 myserver sshd[5372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=0.0.0.0 user=root

 

Keep in mind that usually writing such reports makes sense only if the attack has been carried out from a host with public IP address. If the IP belongs under the range of private IP address space (10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16) there is no need to look far off. It means the attacking host is located inside the local network your server is connected to and all you need to do is to contact the network administrator of your ISP or of your company’s IT Department. And of course running WHOIS queries for private IP addresses does not make much sense either.

When it comes to spam, there are several ways of submitting reports or, to be more precise, several recipients of such complaints. Spam can be reported to Internet Service Provider of the spam sender, to hosting provider the spam is sent from, and to special organizations that collect data on the distributors of unsolicited email and take measures which include blacklisting domains and IP addresses (or excluding them from the white lists), filing spam reports to the abovementioned ISPs and hosting providers, etc. The most popular spam-reporting services are probably SpamCop, SpamAssassin, McAfee. For more information, please visit their websites.

So suppose you received a spam message. What should you do? Here is a short step-by-step guide to help you.

1. Do not follow any links contained in the message. We would not even recommend clicking on “Unsubscribe” links as, although spam might stop coming from the email address you received it from, your address can be “verified”, marked as a real one and added to multitude of other spam mailing lists.

2. Look at the domain name part of the email address. If it is not a well-known email service provider (e.g. Gmail, Hotmail, Yahoo, etc.) – look up the IP address it resolves to and MX records; do WHOIS query for the domain itself, the IP address, the domains set as MX records and the IPs those domains are pointed to. DNS records can either be looked up at http://who.is or by running “dig any domain.com”. At least some WHOIS outputs will yield emails for submitting the report (usually they look like abuse@).

3. Study Internet headers of the email message. If you use MS Outlook, – double-click on the email shortcut, then click File > Properties. The full email header contains the records of the mail user agent (MUA) (also known as email client in more common parlance, which basically is a sender endpoint) and all the mail transfer agents (MTA) the message gets passed through en route to the recipient. MUA IP is not always recorded in the headers but when it is, it makes it possible to track down the spammer. Note that MUA and MTAs are listed in reverse order so the sender’s IP is recorded at the bottom of the header. Once you know the sender’s IP you can WHOIS it.

Also there are plenty of online email headers analyzers which simplify the reading of the header (e.g. https://toolbox.googleapps.com/apps/messageheader/analyzeheader ).

4. Write a report, enclose the spam letter and text of the full header, and send it to the abuse@ addresses you have found when following the steps #1-#3. Here is an example of such a report.

Dear Sir/Madam,

This is to inform you that spam is sent from one of your network hosts. I am asking you to take prompt action in order to stop spam distribution coming from this host.

The relevant information can be found below.

====================

Full header:

Received: from example.com (1.1.2.3) by

mail.domain.net (10.1.1.243) with Microsoft SMTP Server id 4.2.255.0;

Sun, 26 May 2013 20:00:38 +0300

X-Virus-Scanned: amavisd-new at domain.net

Received: from mail-ee0-s70.google.com (mail-ee0-s70.google.com

[1.1.2.3])         by example.com (Postfix) with ESMTP id

BA6D7B80001                       for < jack.exmple.com >; Sun, 26 May 2013 17:00:37 +0000

(UTC)

Received: by mail-ee0-s70.google.com with SMTP id c431so1eek.53

for <jack.exmple.com>; Sun, 26 May 2013 10:00:37 -0700 (PDT)

X-Received: by 10.14.208.131 with SMTP id q3mr6827232eeo.111.1369587637090;

Sun, 26 May 2013 10:00:37 -0700 (PDT)

Received: from JohnPC ([7.7.5.5])        by mx.google.com with

ESMTPSA id e1s94534eem.10.2013.05.26.10.00.35        for

<jack.exmple.com>        (version=TLSv1 cipher=RC4-SHA bits=128/128);

Sun, 26 May 2013 10:00:35 -0700 (PDT)

From: John Smith <john@gmail.com>

To: “Jack Lee” <jack.exmple.com>

Subject:

Date: Sun, 26 May 2013 20:00:34 +0300

Message-ID: <00cnwkcj3bifio480onjnw$@gmail.com >

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary=”—-=_NextPart_000_0038_01CE5A4B.AFC98630″

X-Mailer: Microsoft Outlook 14.0

Thread-Index: Ac5aMolSPk+28qH/Q+6ybE/4h3HVUw==

Content-Language: uk

X-Gm-Message-State: LLmfz7+OJ1SDtW58tC1or17dGX8XFsgqrMaPESgyYiheqvYmI/uqQ+OtGWRk

Return-Path: john@gmail.com

==============================

Email message:

Good pharmacy! Cheap pills!

Order now!!!

==============================

Also it is probably worth mentioning that not every organization you send spam complaints to will reply you back and provide you with the information on the actions it has taken in response to your request. It doesn’t mean they ignored you report, they just may be too busy or not process every report manually. Also it may be a part of their policy not to answer such complaints at all.

If you have ordered one of our cheap VPS hosting packages and have difficulties configuring the SPAM filtering system, you can consider the Full Management option for your server where we will assist you with the setup.

posted by admin @ 19:25 PM
June 3, 2011

RAMThis question is the one many people ask themselves before purchasing their first VPS. Indeed, when you only check out the plans, you cannot tell for sure what intensity of RAM usage you expect. What you know, is the approximate amount of physical memory used by the software you are going to run on your VPS. Software system requirements, however, are usually not enough to estimate the real use of RAM needed for the particular application or script to operate, and thus it is hard to know how much physical memory the entire server with all its background processes in general is going to need.

There are some facts that you know that might help you there. For instance, we know that the server in its basic installation – usually LAMP – requires at least 128 MB of RAM. Choice of the control panel will make you add another 64 MB to your requirements (if your choose WebMin or DirectAdmin) or even 128 MB – if you want to run cPanel. This makes a minimum of 256 MB with a lack of operating options. What you can run there is email and FTP exchange (not intensive though) and hosting of simple websites. Dynamic and script-driven websites, such as CMS will also fit this configuration but you may need to implement many adjustments, some of which can limit the functionality of your online project.

If you look into running something more serious on the Web, you will need to search for a more solid solution. Let us review bigger VPS configurations and estimate what can be hosted there.

512 MB

This is one of the most popular configurations available on the market of VPS hosting. A VPS with 512 MB of RAM usually becomes a step-up for users who have never dealt with VPS servers before and who gave this type service a try on a smaller plan and then requested an upgrade.

If you want to host E-commerce software or run a script that is going to use your server resources constantly – a VPS with 512 MB of RAM is going to suit you perfectly. This plan will also fit those, who look into using a VPS as a platform for hosting reselling – simple shared hosting, of course. WordPress and Magento users will also find such a VPS a better luck, since 256 MB virtual machines never let them run those CMS full-throttle.

1024 MB

A one-Gig VPS is a choice of a Pro. Many gurus and experienced webmasters, as well as resellers and other online business holders, either purchase those servers at once or upgrade to them shortly.

If you deal with hosting reselling, you will find a VPS with 1024 MB RAM to be a perfect solution for serious reseller business. Unlike smaller VPS plans, those and higher let you offer the so-called Master reseller hosting which implies that your resellers will be able to sell hosting, too. And of course, a more powerful VPS will let you manage the clients easier. Indeed, if you have a thousand clients or more, whatever the business you do is, why should you partition them into groups to send emails hourly so as not to overload the server. You deal with e-commerce, so you must have some special offers and discounts and you want to be sure, everyone knows it – a powerful VPS will let you notify everyone at once without overloads or any other issues.

2048 MB

If you need a power of a dedicated server, but do not want to pay extra for the features you do not need, a 2 GB VPS is something you will like.

Those servers are usually the top ones among many VPS hosting providers and thus have the highest privileges on the carrier. This feature will make you feel absolutely comfortably on your VPS and it is worth it. Such a powerful VPS is heaven for big online projects and geeky things – those servers are capable of letting you refuse from standard server configuration, so one can easily install there such popular software as Java, Tomcat webserver, FFMPEG and many other tools, to make their online project a hi-tech multimedia pad.

We hope that this review of the most popular VPS plans helped you find out what you need or may need for your online business. If it did, you may like the news that since recently we run a special offer that has doubled RAM on all our VPS servers, so now our 256 MB, 512 MB and 1024 MB plans come with 512, 1024 and 2048 Megabytes of RAM accordingly.

But if you think VPS is not enough for you, take a look at our cheap Linux dedicated server hosting offers.

posted by Archie @ 14:13 PM
May 24, 2011

Cost cuttingIf you want to run your own online shop you should not expect your expenses to be limited to renewal of your hosting account and domain. You will need to spend some more money to organize your business, so those expenses or let us call them investments, need to be as efficient as possible – you need to spend your money wisely. While some expenses cannot be avoided, some may be easily pruned – today we are going to let your know which exactly steps you can cut cost on and how.

Hosting

That’s where it all begins – the first mistake many e-commerce owners make is they get expensive hosting on a powerful server while having just a small website. What happens is they waste their money on hosting, which power they don’t exactly use full-throttle. This is something incorrect that needs to be looked after – if you are only launching your project, it is worthwhile to take a simple budget plan that will be enough for your needs while your business is being developed. Hosting providers are loyal about upgrades, so you are not going to have any troubles when you need to change your environment to something bigger and more powerful – you may even get a discount, so you can expect much money to be saved while acting that far-sighted.

Domain

Domain cost cutting usually comes down to getting a free domain along with your hosting account. That looks and sounds nice, but they usually offer only one domain – what if you need more? Well, you may need more since you may want to run your corporate blog or newsfeed or whatsoever under a separate domain, not a subdomain. You may also need to have some similar names “reserved”, so anytime a websurfer makes a typo, he or she gets to your and your website only. Finally, you may simply have several projects to run, so regardless of the purpose of multiple domains registration, you need to get them with as much profit as possible – therefore you need to find a registrar that offers discounts even on small batches of domains. Checking the latest deals, that registrars constantly offer may help you a lot with that, especially if you not only check their main website but media resources – blogs, Twitter and Facebook profiles, etc. – as well.

Advertising and promotion

That’s the very point you have a great deal of options at. To put it simple – the more manual work you do in advertising, the more money you save on it. What you can choose among is: guest blogging, link exchange, review posting, social media activity, affiliation and PPC. Of course, we can hardly tell you about each of those activities in many details, but a short review we are going to give you should help you with making your choice.

Guest blogging. This type of self-promotion will be useful if you offer some services. You will need to find a relevant guest blog, usually in business or in certain niche you particularly deal with and place an interesting eye-catching article that is going to represent you as a pro and show that your project is the one to trust. Since the idea of guest blogging is noncommercial self-promotion, your article should not look spamvertized, additionally, they may limit you in backlinking (usually 2 links are allowed), so you need to think carefully what those are going to be. If you have a blog, it’s advisable to put the first link there but not to your website directly.

Link exchange. This is another free way of advertising. Although it has lost its popularity lately, you can still gain something on it, but what you need to make sure about, is that the resource you are going to exchange links with is as relevant is possible, otherwise you may have issues with SEO that is going to harm your search engine visibility.

Review posting. This activity is kind of close to posting at guest blogs, but it allows your message to look more advertising. Review placement makes sense for many online businesses – what you need to do is find the directory that would match the niche of your business and leave a review about your company or about some of its services or products specifically. You can also search for websites that create listing of companies of a certain category. Reviews on such sites are usually left by prospect or existing customers, so adding your company information there will do you good, too. There is, however, something to look after –review posting and company listing can be both free and paid, so it’s always advisable to learn the website policy first.

Social media activity. This way of self-promotion can also be free or paid – depending on your goals. Usually you start with creation of a business profile on Facebook, Twitter, LinkedIn and probably some other resources which is free. And then everything depends on your strategy – you may either pick your target audience manually by communicating with people and sharing interesting useful things, or simply grab and take them to your page using targeted ads.

Affiliation. This advertising activity is definitely costly, but what is good about it is that you define the cost on your own. If your business is about selling goods or bringing customers to use some of your services, you may look for some helpers among your most active clients. Of course, helpers need to be rewarded for what they do, so you need to work out an affiliate program that is going to deliver affiliate commissions for sales your partners make. If based on a percentage rate, your affiliate program is not going to take that much.

PPC. Finally we have come to the most popular and effective advertising activity – PPC marketing. This means involvement of such search engines as Google and Yahoo!. Talking about Google and namely its AdWords – one of the most powerful advertising tools so far we can’t hide the fact that it can’t be cheap. But if you setup your campaign effectively, your Return On Investment (ROI) is going to make you happy. Additionally, getting back to the topic of hosting we can give you a tip, that some hosting providers offer Adwords credits along with their hosting accounts. Apart from that, Google issues Adwords coupons so you may have some free credits on those, too.

Summary.

If you look into starting your own e-commerce project, you need to work out a business plan that is going to show you all the expenses you expect to have. If you are lucky and conscious enough, believe us those are going to be covered soon and effectively. If you don’t know where to start at – have a look at the E-commerce hosting plan we offer and Sitevalley.com. Give it a try with 30-days money back period and make sure you are on your way to success.