I forgot to install fail2ban on a box. I was expecting something. But script kiddies, are you serious?
Nov 18 18:43:43 *** sshd: Invalid user this-is-not-an-attack from 220.127.116.11
Nov 18 18:43:43 *** sshd: Failed none for invalid user this-is-not-an-attack from 18.104.22.168 port 58982 ssh2
Sunucu olarak Debian’la uğraşmaya başladığımdan beri monitoring uygulamalarına bakınıyordum. Parlayan web arayüzleri ile ticari -veya olmak isteyen- uygulamaların arasından şöyle hafif birşeyler bulurum diye gezindikten sonra, ufak ve iş gören bir zımbırtı bulabildim. Eminim benim gibi kırıkların zaten bildiği bir olaydır, çünkü çok iyi.
Monit, basit bir web arayüzü de içeren bir izleme uygulaması. Bash tarzı yapılandırma dosyasında gezinince ne kadar yetenekli bir araç olduğunu anlıyorsunuz. Belirli aralıklar ile servis(uptime, bağlantı) ve dosya(içerik, hash, timestamp etc..) kontrolleri yapıp belirttiğiniz durumlara göre servisleri yeniden başlatma/durdurma veya bilgi e-postası gönderme gibi işleri becerebiliyor. Olasılıklar oldukça geniş. Aşağıda 3 günden fazla çalışan bir servisi yeniden başlatan basit bir bloğu veriyorum, anlayın.
check process myapp with pidfile /var/run/myapp.pid
start program = "/etc/init.d/myapp start"
stop program = "/etc/init.d/myapp stop"
if uptime > 3 days then restart
Daha fazla detay için şurayı öneririm.
[Edit: Munin‘e geçtim, çok daha iyi ve derin, tavsiye ederim. Monit’i kaldırdım 🙂 ]
I’ve moved the blog on my server. And discovered pureftpd is painfully slow on upgrades. I mean really slow. I’ve found some solutions but nothing helped. Including ForcePassiveIP and DontResolve.
After unpacking a plugin, WordPress was trying to put files one by one as I can see from pure-ftpd/transfer.log. But it was so fuckin slow, an average plugin was getting about 5 min.
Yes, I’m pissed off. And this is not a troubleshooting post. This is a workaround post. Use the fucking suPHP. You won’t need to deal FTP crap on WordPress actions.
apt-get install libapache2-mod-suphp
(You can check this tutorial.)
Please hire better employees *or* educate existing ones better Thawte.
Here is a transcript.. Enjoy.
You have been connected to Andrea B****.
Andrea B****: Good day, how may I help you today?
*me*: Hi, there was a reissue about *order number*
*me*: but customer can’t get the domain approval e-mail
*me*: so he changed the WHOIS information for the domain
Andrea B****: ok bare with me ill check the order
Andrea B****: thank you
Andrea B****: ok we cannot accept the approval domain
Andrea B****: sales@*domain*.com
*me*: Sorry I don’t understand. You can’t accept the sales@*domain*.com?
Andrea B****: exactly
Andrea B****: we need update the authorization email address
Andrea B****: this is not registered in the whois
Andrea B****: so we cannot accepted
Andrea B****: or you need to choose
Andrea B****: an alias
*me*: So what can we do?
Andrea B****: You can use an alias for the Authorizing Contact Email,
as an option you have: admin, webmaster, administrator, hostmaster,
root or postmaster@domain.
*me*: But there is a problem in e-mail service on customer’s new server
*me*: can’t you provide an alternative?
Andrea B****: as an option you have: admin, webmaster, administrator,
hostmaster, root or postmaster@domain
Andrea B****: customer needs to check alternative
*me*: By the way customer did all re-issue operations on sales@*domain*.com
before and thawte didn’t have any objections with that
*me*: like i said, @*domain*.com have no e-mail services for now.
*me*: Even you accept sales@*domain*.com, customer is not be able to approve
Andrea B****: again we cannot accept that
Andrea B****: customer needs to register in the whois the email address
that he want to set up
Andrea B****: or choose an alias
*me*: So you’re saying thawte is not providing SSL certificates with
domains which does not have an email services for its own domain
Andrea B****: that i mentioned previously
Andrea B****: is not about the domain
Andrea B****: is about the authorising contact email
*me*: Like I said. There is a problem with e-mail service generally.
The @*domain*.com is not avaliable for providing e-mail service for anything,
not even sales@*domain*.com
*me*: Thawte accepted the sales@*domain*.com , did all the reissues.
So please don’t say again you can’t accept sales, because I don’t want you
that accept sales e-mail
Andrea B****: sorry this is not registered in the whois
Andrea B****: and is not an alias
Andrea B****: so i cannot resend the email approval
*me*: I can. You’re insisting for not understanding
*me*: I can re-send the domain approval e-mail to sales@*domain*.com on customer service portal
*me*: and I don’t want you to re-send that address
*me*: Can you please put me to the tech support
So, thank you for not understanding me, Thawte ..
I needed to run a dot desktop as a command, cause I wanted to apply KDE env variables on that shit. So it’s like:
kstart –service /usr/share/applications/pidgin.desktop