Niki Kovacs wrote: > Hi, > > I've recently setup a new server for our public libraries. For the last > two years, this has been my first "big" job, since it involves > networking eleven small to medium size public libraries. > > There was a hiccup some time ago when the administration hiring me > wanted to do it on their own, but it took them less than two weeks to > get the server hacked and lose everything. So they decided to hire me > back :o) > > I've rented a little dedicated server at the french provider Ikoula. > Really a small thing, a KVM amounting to 1/2 a processor core, 512 MB > RAM and 25 GB of disk space. Usually there should be no more than like > ten people working simultaneously on the library management software > (running atop MySQL). > > For the last few days, users reported that the install was "terribly > slow". I checked, and indeed, the application took quite some time to > respond. > > First thing, I wonder if the configuration I chose is too modest for the > setup. > > Then, I took a peek in /var/log/httpd and the *-access.log files show > quite some activity. Some haphazard whois on various IP addresses show > me that these are no library users from around here. Like: Bogota?!? > Peking?!? And quite some search engines. Since I don't need search > engines for our application, I'm going to have to find a way to banish > these. > > The log files are not very handy to decipher, so I googled a bit, and I > think today I'm going to check out AWStats, which seems to be the right > thing to use in that case. > > I'm also wondering about activity on other ports, but here also I'm > taking stabs in the dark. Probably SSH, but I don't know where eventual > failed attempts get logged. > > I also googled a bit, and I think in this domain, fail2ban will be my > next experiment. > > I have this strange feeling that the next step in the "wise" direction > consists in describing my ignorance :o) > > Any suggestions? > > Cheers from the sunny south of France, > > Niki > Hi Niki, Why not just use iptables rules to filter the traffic and allow only public (and static) IPs from the libraries ? Or create also VPNs between your VM and the remote networks -- -- Fabian Arrotin idea=`grep -i clue /dev/brain` test -z "$idea" && echo "sorry, init 6 in progress" || sh ./answer.sh