Recent Posts by Mark Wilkinson

Topic: Brightbox Help / ssh script attacks

I’m noticing a fairly consistent level of sshd traffic caused by (I presume) attack scripts that are just working their way through a dictionary of usernames. For example:

Mar 1 15:54:37 … sshd ³¹⁶⁹⁹: Invalid user gambit from 125.152.96.154
Mar 1 15:54:40 … sshd ³¹⁷⁰³: Invalid user gambit from 125.152.96.154
Mar 1 15:54:42 … sshd ³¹⁷⁰⁷: Invalid user andrei from 125.152.96.154
Mar 1 15:54:44 … sshd ³¹⁷¹¹: Invalid user andrei from 125.152.96.154
Mar 1 15:54:47 … sshd ³¹⁷¹⁵: Invalid user andrei from 125.152.96.154

and so on. I’ve seen people write about using iptables rules to block these kinds of attacks, either as a result of too many password attempts (e.g. http://www.fail2ban.org/) or by rate limiting connection attempts (e.g. see bottom of http://www.aerospacesoftware.com/ssh-kiddies.html). Does anyone have a known-working solution on their Brightbox? I’m mostly concerned with removing the noise from my log files, reducing the load on the server and limiting the chances of one of these attacks being successful. I’m a bit wary of setting something up that might lock me out of the Brightbox completely!

Cheers,

-Mark.

Topic: Brightbox Help / kernel upgrades

I was just reading the Linux Kernel Stuff page on the Wiki (http://wiki.brightbox.co.uk/docs:kernel) and noticed the mention of using a 64bit kernel and a 32bit userland, as well as the warning that apt can’t install 64bit kernel packages in a 32bit userland. In the past I’ve allowed kernel upgrades to be installed when I’ve done the usual ‘sudo apt-get update; sudo apt-get upgrade’ – is this going to have resulted in my getting a 32bit kernel? I’m finding it tricky to determine whether my virtual machine is running a 64-bit kernel: ‘uname -a’ includes x86_64 in it’s output, but running ‘file’ on some of the .ko files under /lib/modules says ‘ELF 32-bit LSB relocatable, Intel 80386…’ where on my 64-bit laptop it says ‘ELF 64-bit LSB relocatable, x86-64…’.

If I have inadvertently installed a 32bit kernel, is there a way of repairing the damage?

A couple of other questions cross my mind also:

• Is there any way to select the kernel version that will be booted when the virtual machine is rebooted, as I now have multiple kernels installed?
• Is there a command to clean up the old kernels that I no longer need installed?

Cheers,

-Mark.

Topic: Brightbox Help / Finding out the xen hostname

In some of the status update posts Brightbox mention specific xen hosts failing and being replaced (for example, http://status.brightbox.co.uk/2009/03/02/xen15-… ). I might be missing something, but I can’t see how I’m supposed to work out the xen host name that a particular Brightbox is running on, so I wouldn’t be able to work out whether mine Brightbox would be affected by a particular status update. Is the information available somewhere?

Cheers,

-Mark.

Topic: Passenger / Is there a timescale to support Rails 2.3 on Passenger?

I’m interested in testing the new packages too, but I don’t see them in the apt repository. Are they available yet?

-Mark.

Topic: Brightbox Help / Minor issue with base install

Our box was deployed on January 27th.

Topic: Brightbox Help / Minor issue with base install

Assuming that all bright boxes are created the same, I noticed that mine started out with a partially uninstalled copy of nginx that is causing logrotate to report an error each night. This error is sent by email to root, and because there’s no alias routing root’s mail elsewhere, /var/mail/root is growing (slowly) with nothing to restrict it.

There are a couple of things that might improve matters:

1) purge nginx from the system by running ‘sudo dpkg -P nginx’, which will remove the extraneous configuration files including /etc/logrotate.d/nginx
2) perhaps suggest that people modify /etc/aliases to forward email for root to an external email address.

It might be useful for the first of these to be applied to new bright boxes.

-Mark.