[CentOS] Who's eating our bandwidth?

Wed Nov 4 12:03:31 UTC 2009
Peter Hopfgartner <peter.hopfgartner at r3-gis.com>

Niki Kovacs wrote:
> Hi,
>
> I've recently setup a new server for our public libraries. For the last 
> two years, this has been my first "big" job, since it involves 
> networking eleven small to medium size public libraries.
>
> There was a hiccup some time ago when the administration hiring me 
> wanted to do it on their own, but it took them less than two weeks to 
> get the server hacked and lose everything. So they decided to hire me 
> back :o)
>
> I've rented a little dedicated server at the french provider Ikoula. 
> Really a small thing, a KVM amounting to 1/2 a processor core, 512 MB 
> RAM and 25 GB of disk space. Usually there should be no more than like 
> ten people working simultaneously on the library management software 
> (running atop MySQL).
>
> For the last few days, users reported that the install was "terribly 
> slow". I checked, and indeed, the application took quite some time to 
> respond.
>
> First thing, I wonder if the configuration I chose is too modest for the 
> setup.
>
> Then, I took a peek in /var/log/httpd and the *-access.log files show 
> quite some activity. Some haphazard whois on various IP addresses show 
> me that these are no library users from around here. Like: Bogota?!? 
> Peking?!? And quite some search engines. Since I don't need search 
> engines for our application, I'm going to have to find a way to banish 
> these.
>
> The log files are not very handy to decipher, so I googled a bit, and I 
> think today I'm going to check out AWStats, which seems to be the right 
> thing to use in that case.
>
> I'm also wondering about activity on other ports, but here also I'm 
> taking stabs in the dark. Probably SSH, but I don't know where eventual 
> failed attempts get logged.
>
> I also googled a bit, and I think in this domain, fail2ban will be my 
> next experiment.
>
> I have this strange feeling that the next step in the "wise" direction 
> consists in describing my ignorance :o)
>
> Any suggestions?
>
> Cheers from the sunny south of France,
>
> Niki
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>   
Try to do some smart configuration on Apache:

1) You may consider to compress HTML, CSS and JS 
(http://httpd.apache.org/docs/2.2/mod/mod_deflate.html). This may save 
you quite some bandwidth.

2) Further, consider adding some expiration attributes 
(http://httpd.apache.org/docs/2.2/mod/mod_expires.html).

Peter

-- 
 
Dott. Peter Hopfgartner
 
R3 GIS Srl - GmbH
Via Johann Kravogl-Str. 2
I-39012 Meran/Merano (BZ)
Email: peter.hopfgartner at r3-gis.com
Tel. : +39 0473 494949
Fax  : +39 0473 069902
www  : http://www.r3-gis.com