[CentOS] Who's eating our bandwidth?
fabian.arrotin at arrfab.net
Wed Nov 4 09:39:25 UTC 2009
Niki Kovacs wrote:
> I've recently setup a new server for our public libraries. For the last
> two years, this has been my first "big" job, since it involves
> networking eleven small to medium size public libraries.
> There was a hiccup some time ago when the administration hiring me
> wanted to do it on their own, but it took them less than two weeks to
> get the server hacked and lose everything. So they decided to hire me
> back :o)
> I've rented a little dedicated server at the french provider Ikoula.
> Really a small thing, a KVM amounting to 1/2 a processor core, 512 MB
> RAM and 25 GB of disk space. Usually there should be no more than like
> ten people working simultaneously on the library management software
> (running atop MySQL).
> For the last few days, users reported that the install was "terribly
> slow". I checked, and indeed, the application took quite some time to
> First thing, I wonder if the configuration I chose is too modest for the
> Then, I took a peek in /var/log/httpd and the *-access.log files show
> quite some activity. Some haphazard whois on various IP addresses show
> me that these are no library users from around here. Like: Bogota?!?
> Peking?!? And quite some search engines. Since I don't need search
> engines for our application, I'm going to have to find a way to banish
> The log files are not very handy to decipher, so I googled a bit, and I
> think today I'm going to check out AWStats, which seems to be the right
> thing to use in that case.
> I'm also wondering about activity on other ports, but here also I'm
> taking stabs in the dark. Probably SSH, but I don't know where eventual
> failed attempts get logged.
> I also googled a bit, and I think in this domain, fail2ban will be my
> next experiment.
> I have this strange feeling that the next step in the "wise" direction
> consists in describing my ignorance :o)
> Any suggestions?
> Cheers from the sunny south of France,
Why not just use iptables rules to filter the traffic and allow only
public (and static) IPs from the libraries ?
Or create also VPNs between your VM and the remote networks
idea=`grep -i clue /dev/brain`
test -z "$idea" && echo "sorry, init 6 in progress" || sh ./answer.sh
More information about the CentOS