[CentOS] Who's eating our bandwidth?
contact at kikinovak.net
Wed Nov 4 09:16:50 UTC 2009
I've recently setup a new server for our public libraries. For the last
two years, this has been my first "big" job, since it involves
networking eleven small to medium size public libraries.
There was a hiccup some time ago when the administration hiring me
wanted to do it on their own, but it took them less than two weeks to
get the server hacked and lose everything. So they decided to hire me
I've rented a little dedicated server at the french provider Ikoula.
Really a small thing, a KVM amounting to 1/2 a processor core, 512 MB
RAM and 25 GB of disk space. Usually there should be no more than like
ten people working simultaneously on the library management software
(running atop MySQL).
For the last few days, users reported that the install was "terribly
slow". I checked, and indeed, the application took quite some time to
First thing, I wonder if the configuration I chose is too modest for the
Then, I took a peek in /var/log/httpd and the *-access.log files show
quite some activity. Some haphazard whois on various IP addresses show
me that these are no library users from around here. Like: Bogota?!?
Peking?!? And quite some search engines. Since I don't need search
engines for our application, I'm going to have to find a way to banish
The log files are not very handy to decipher, so I googled a bit, and I
think today I'm going to check out AWStats, which seems to be the right
thing to use in that case.
I'm also wondering about activity on other ports, but here also I'm
taking stabs in the dark. Probably SSH, but I don't know where eventual
failed attempts get logged.
I also googled a bit, and I think in this domain, fail2ban will be my
I have this strange feeling that the next step in the "wise" direction
consists in describing my ignorance :o)
Cheers from the sunny south of France,
More information about the CentOS