Hi, I've recently setup a new server for our public libraries. For the last two years, this has been my first "big" job, since it involves networking eleven small to medium size public libraries. There was a hiccup some time ago when the administration hiring me wanted to do it on their own, but it took them less than two weeks to get the server hacked and lose everything. So they decided to hire me back :o) I've rented a little dedicated server at the french provider Ikoula. Really a small thing, a KVM amounting to 1/2 a processor core, 512 MB RAM and 25 GB of disk space. Usually there should be no more than like ten people working simultaneously on the library management software (running atop MySQL). For the last few days, users reported that the install was "terribly slow". I checked, and indeed, the application took quite some time to respond. First thing, I wonder if the configuration I chose is too modest for the setup. Then, I took a peek in /var/log/httpd and the *-access.log files show quite some activity. Some haphazard whois on various IP addresses show me that these are no library users from around here. Like: Bogota?!? Peking?!? And quite some search engines. Since I don't need search engines for our application, I'm going to have to find a way to banish these. The log files are not very handy to decipher, so I googled a bit, and I think today I'm going to check out AWStats, which seems to be the right thing to use in that case. I'm also wondering about activity on other ports, but here also I'm taking stabs in the dark. Probably SSH, but I don't know where eventual failed attempts get logged. I also googled a bit, and I think in this domain, fail2ban will be my next experiment. I have this strange feeling that the next step in the "wise" direction consists in describing my ignorance :o) Any suggestions? Cheers from the sunny south of France, Niki