[CentOS] Who's eating our bandwidth?

Wed Nov 4 09:22:26 UTC 2009
Andrew Colin Kissa <andrew at topdog.za.net>

Since your users are just in one country you could limit access to  
only that country
using either geoip for apache or geoip for iptables.

On 04 Nov 2009, at 11:16 AM, Niki Kovacs wrote:

> Hi,
>
> I've recently setup a new server for our public libraries. For the  
> last
> two years, this has been my first "big" job, since it involves
> networking eleven small to medium size public libraries.
>
> There was a hiccup some time ago when the administration hiring me
> wanted to do it on their own, but it took them less than two weeks to
> get the server hacked and lose everything. So they decided to hire me
> back :o)
>
> I've rented a little dedicated server at the french provider Ikoula.
> Really a small thing, a KVM amounting to 1/2 a processor core, 512 MB
> RAM and 25 GB of disk space. Usually there should be no more than like
> ten people working simultaneously on the library management software
> (running atop MySQL).
>
> For the last few days, users reported that the install was "terribly
> slow". I checked, and indeed, the application took quite some time to
> respond.
>
> First thing, I wonder if the configuration I chose is too modest for  
> the
> setup.
>
> Then, I took a peek in /var/log/httpd and the *-access.log files show
> quite some activity. Some haphazard whois on various IP addresses show
> me that these are no library users from around here. Like: Bogota?!?
> Peking?!? And quite some search engines. Since I don't need search
> engines for our application, I'm going to have to find a way to banish
> these.
>
> The log files are not very handy to decipher, so I googled a bit,  
> and I
> think today I'm going to check out AWStats, which seems to be the  
> right
> thing to use in that case.
>
> I'm also wondering about activity on other ports, but here also I'm
> taking stabs in the dark. Probably SSH, but I don't know where  
> eventual
> failed attempts get logged.
>
> I also googled a bit, and I think in this domain, fail2ban will be my
> next experiment.
>
> I have this strange feeling that the next step in the "wise" direction
> consists in describing my ignorance :o)
>
> Any suggestions?
>
> Cheers from the sunny south of France,
>
> Niki
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos