Posted on May 20, 2008 under Security, Webserver |
It is better to disable ping on your linux servers which will eventually lessen the visibility
of your server. Which also prevents hacking using certain scripts and another optional
thing is to specify a different port range for ssh rather than default 22, it is always better
to specify higher ports.
Wikipedia on “PING” :
ping is a computer network tool used
to test whether a particular host is reachable across an IP network.
It works by sending ICMP “echo request” packets to the target host and
listening for ICMP “echo response” replies. ping estimates the
round-trip time, generally in milliseconds, and records any packet
loss, and prints a statistical summary when finished.
The word
ping is also frequently used as a verb or noun, where it can refer
directly to the round-trip time, the act of running a ping program or
measuring the round-trip time.
Command to disable ping :
echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_all
Coomand to enable ping :
echo 0 >/proc/sys/net/ipv4/icmp_echo_ignore_all
Posted on Dec 23, 2007 under Apache, General, Ubuntu, Webserver |
You can setup your own webserver in your home and use it to host your own blog from home and fully utilizing your internet access. What do you need for the start of something certain people think its impossible to do?
1. Any working condition PC. (Yes, can be an old one or a latest one, doesn’t matter because we only need HDD space, Good processor and a sufficient amount of RAM)
2. Modem+Router
3. Ethernet Card for that PC
Then you have all the ingredients that is required to cook, why not? Get the Ubuntu 7.10 iso image from this http://www.ubuntu.com/getubuntu/download , download it and burn the image to a cd. If your processor if 64bit , you must get the one for 64bit processors. After you have finished burning the image, just insert the cd into your PC and reboot it. You will be prompted to a menu whereby you need to select Install to the hard disk.
Then the rest will be a guided installation until you reach this stage :
For more guided images of the installation, visit this link http://howtoforge.com/perfect_server_ubuntu7.10 . Just following until the installation only, the rest of the server setup I will guide you through it. Now login to your new ubuntu server. If the router is connected to the server you will be able to ping google.com and get a reply from the packets sent.
Run this command :
sudo apt-get install apache2 mysql-server-5.0 vim mysql-client-5.0 php5-mysql mysql-common php5 php5-common libapache2-mod-auth-mysql libapache2-mod-php5 openssh
This will probably take a while to download and install all of those services needed. Just put a “y” in every request that you get during this installation. Oka, meanwhile waiting for the installation, if your isp doesnt provide you with a static ip address, you probably need to get one ip address from http://dyndns.com . The you will have to create a host , for example mine is gravin.homelinux.net . So if you visit http://gravin.homelinux.net , that will be the exact webserver that we are trying to install here. The blog website is running on wordpress . Later on will guide you on installing wordpress after the setup of your webserver.
Then after that you need to setup inadyn (for dynamic ip adresses only) :
sudo vim /etc/inadyn.conf
Press “a” to insert these text :
username yourdyndnsusername
password yourdyndnspasswdhere
update_period 60000
alias gravin.homelinux.net(here will be your selected dyndns host name)
background
Then type “:wq” to save the file.
You have to set root passwd now ,
sudo passwd root
Enter your passwd and verify again. Then do a “su root” . Once you are root, type “crontab -e” , you will editing the crontab file, type in this text “@reboot /usr/sbin/inadyn” and hit “ctrl + o and ctrl + x. Thats it and you should see @reboot /usr/sbin/inadyn when you type “crontab -l” .
Now, whenever your server starts/reboots, it will automatically direct your dynamic ip address to the dyndns hostname. Direct your web browser to your dyndns hostname, you should see It Works!. Which means your webserver is up and running. Now you just need to install wordpress (which i will guide you on the next post) on it and start blogging!
Posted on Dec 05, 2007 under General, Streamyx, Webserver |
Since a lot of Telekom Malaysia’s broadband service called streamyx ip addresses have been banned by anti-spam organizations such as http://www.spamhaus.org whereby since most of corporations sync their database of spammers with these anti-spam organization drastically effects the outgoing mails to these recipients.
Therefore, TM is taking immediate action to address this issue. Effective 3 December 2007, TM will block OUTBOUND Simple Mail Transfer Protocol (SMTP) traffic or port 25 for all out going e-mails from dynamic IP addresses. Only Outbound SMTP traffic from smtp.streamyx.com and smtp.tm.net.mywill be allowed.
Which means, relatively we can’t send mail in this network using our own email servers. But unless if you change the smtp port in your email server to anything than 25, then it should work fine. Another option is using their smtp-proxy.tm.net.my as your outgoing configuration.
Posted on Nov 27, 2007 under Security, Ubuntu, Webserver |
Are you browsing and checking emails or other websites which has no SSL connections unlike banking websites which secures you and make sure every transactions are secured via SSL. (https://somebank.com). Any data that is not encrypted is exposed can be easily sniffed through the LAN network.Doesn’t this bothers you if you are connecting from some WIFI spots from somewhere?
Well this is when Squid comes in. You just need to install squid on a remote server and get it up and running.The server can be your home pc which runs linux or you have remote server will be great.I have installed it on my debian 4.0 , for other distros please refer to the packages and look for squid.
In your Debian type this :
sudo apt-get install squid
And.. Thats about it you are done.Now by default, if you didn’t touch the configurations files that comes along with squid you just need to change the way your browser connect to the internet.For example:
In Firefox:
Edit > Preference > Advanced > Network > Settings
Choose the option saying Manual Configuration and and the http proxy part into “localhost” and port “3128″.And choose “use this proxy server for all protocols”.Next you have create a tunnel to your remote squid server:
ssh -L squidport:ipordomainname:squidport username@ipordomainname
ssh -L 3128:linuxbay.org:3128 gravin@linuxbay.org
Remember that you must be always connected to the remote squid server via ssh tunneling.If you are not, you can’t keep browsing using squid.Now, go to www.whatismyip.com and you will see that your ip is different.This is because you are using a ssh tunneling via squid server into the internet rather than direct connection to the internet. How awesome is that. 