http://www.cyberciti.biz/tips This is a Linux sys admin journal by Vivek about sys admin work, Linux tips & tricks, hacks, news and more. Wed, 24 Apr 2013 18:50:55 +0000 en-US hourly 1 http://wordpress.org/?v=3.5.1 http://www.cyberciti.biz/tips/lighttpd-set-throughput-connections-per-ip.html http://www.cyberciti.biz/tips/lighttpd-set-throughput-connections-per-ip.html#comments Sun, 21 Jun 2009 00:02:13 +0000 nixCraft http://www.cyberciti.biz/tips/?p=5148 If you do not control or throttle end users, your server may run out of resources. Spammers, abuser and badly written bots can eat up all your bandwidth. A webserver must keep an eye on connections and limit connections per second. This is serving 101. The default is no limit. Lighttpd can limit the throughput for each single connection (per IP) or for all connections. You also need to a use firewall to limit connections per second. In this article I will cover firewall and lighttpd web server settings to throttle end users. The firewall settings can be applied to other web servers such as Apache / Nginx and IIS server behind PF / netfilter based firewall.]]> http://www.cyberciti.biz/tips/lighttpd-set-throughput-connections-per-ip.html/feed 15 http://www.cyberciti.biz/tips/apache-http-dos-tool-released.html http://www.cyberciti.biz/tips/apache-http-dos-tool-released.html#comments Fri, 19 Jun 2009 14:50:39 +0000 nixCraft http://www.cyberciti.biz/tips/?p=5138 Apache Security Update - a flaw In Apache can be used to carry out DoS. Slowloris is a new Apache DoS tool which can use slow Internet links to bring down Apache servers, rather than flooding networks. Most D/DoS tool requires faster net connections but this tool works with minimal bandwidth. This tool can lead to a DoS attack on Apache 1.x, 2.x, dhttpd, GoAhead WebServer, and Squid, while MS IIS6.0, IIS7.0, and lighttpd are confirmed not vulnerable to this attack.]]> http://www.cyberciti.biz/tips/apache-http-dos-tool-released.html/feed 9 http://www.cyberciti.biz/tips/introduction-to-firewall-builder-4-0.html http://www.cyberciti.biz/tips/introduction-to-firewall-builder-4-0.html#comments Mon, 16 Mar 2009 07:01:09 +0000 nixCraft http://www.cyberciti.biz/tips/?p=6486 This is the first article in the mini-series of two articles about Firewall Builder.

Systems administrators have a choice of modern Open Source and commercial firewall platforms at their disposal. They could use netfilter/iptables on Linux, PF, ipfilter, ipfw on OpenBSD and FreeBSD, Cisco ASA (PIX) and other commercial solutions. All these are powerful implementations with rich feature set and good performance. Unfortunately, managing security policy manually with all of these remains non-trivial task for several reasons. Even though the configuration language can be complex and overwhelming with its multitude of features and options, this is not the most difficult problem in my opinion. Administrator who manages netfilter/iptables, PF or Cisco firewall all the time quickly becomes an expert in their platform of choice. To do the job right, they need to understand internal path of the packet inside Linux or BSD kernel and its interaction with different parts of packet filtering engine. Things get significantly more difficult in the installations using different OS and platforms where the administrator needs to switch from netfilter/iptables to PF to Cisco routers and ASA to implement coordinated changes across multiple devices. This is where making changes get complicated and probability of human error increases. Unfortunately typos and more significant errors in firewall or router access list configurations lead to either service downtime or security problems, both expensive in terms of damage and time required to fix.]]> http://www.cyberciti.biz/tips/introduction-to-firewall-builder-4-0.html/feed 11 http://www.cyberciti.biz/tips/rhel-centos-vsftpd-anonymous-internet-server.html http://www.cyberciti.biz/tips/rhel-centos-vsftpd-anonymous-internet-server.html#comments Wed, 21 Jan 2009 14:34:11 +0000 nixCraft http://www.cyberciti.biz/tips/?p=4804 This example shows how you might set up a large internet facing FTP site for distributing file or software updates. The emphasis will be on security and performance. VSFTPD will make sure only world-readable files and directories are served to the world via anonymous / ftp account. You force to originates FTP port connections from a secure port - so users on the FTP server cannot try and fake file content. You will hide the FTP server user IDs and just display ftp in directory listings. This is also a performance boost. Set a 40000-60000 port range for passive connections. This will help firewall setup.]]> http://www.cyberciti.biz/tips/rhel-centos-vsftpd-anonymous-internet-server.html/feed 1