Post your VPS configuration here!

[vivalite]

Hey, how about post your VPS software environment here so it might help VPS newcomers getting hold of it faster?

Here is my environment configure:
1.   Python 2.3.4
2.   Yum 2.4.3 (using centosplus channel from http://3es.atomicrocketturtle.com/ )
3.   Apache 2.0.59 (updated via centosplus)
4.   PHP 5.1.6 (updated via centosplus)
5.   Mysql 5.0.27 (updated via centosplus)
6.   ConfigServer Security & Firewall (csf. Really good intrusion / root kit detection tool set, and also featuring a SPI firewall)
7.   Portsentry 1.2 (auto block port scanners)

For Apache I have mod_deflat and mod_evasive and mod_security enabled.

I have just tested current VPS configuration and found the best ServerLimit & MaxClients in httpd.conf should be set around 65, which usually gives me around 74 concurrent connections and won’t crash the VPS even with full load all the time.

[perestrelka]

Good idea, Vivalite!  I hope others will keep up this initiative.

[testall]

Can anybody help please ?

I think i did steps 1 to 5, but could not find mod_evasive and mod_security in /etc/httpd/modules directory.  if i enable them in httpd.conf, the httpd service would not start.

6.   ConfigServer Security & Firewall (csf. Really good intrusion / root kit detection tool set, and also featuring a SPI firewall)

For Apache I have mod_deflat and mod_evasive and mod_security enabled.

[perestrelka]

Hello testall,

Did you install the modules in the question?

[testall]

Hello testall,

Did you install the modules in the question?

How can i install the modules?
I have tried:
1. yum install mod_security
    No Match for argument: mod_security
    Nothing to do

2. download mod_security.c (version 1.9.4), tried to
   /usr/local/psa/admin/bin/apxs -cia mod_security.c
   got lots of errors, i know the apxs might not be the good one, but it is the only one i can found in my box.

any idea what should i do ? thanks

[perestrelka]

Hi,

There is no mod_security in default CentOS repository so you can't install it using yum unless you add a repository with this module.  Your tried to use apxs from Plesk Apache and it shouldn't work and it didn't.  Please install httpd-devel package and then compile mod_security using apxs provided in httpd-devel.

I hope this helps.

[testall]

since lunarpage already have DDOS protection according to this:
http://www.lunarpages.com/virtual-private-server/
 
it is usless to install mod_evasive. am i right?

 

[vivalite]

since lunarpage already have DDOS protection according to this:
http://www.lunarpages.com/virtual-private-server/
 
it is usless to install mod_evasive. am i right?

 

In my opinion, no. You still have to protect your server from typical DOSs attacks. While I say typical DOS attack I mean some user to LP hardware firewall looks like completely harmless but to you what they did totally nonsense. For example I have had a user favor to open 100+ connections at same time to download one single file on my site once and once again, and it end up he wasted most bandwidth while he is doing it and his questioning download behavior slow down the server as well. After I installed mod_evasive, and especially CSF the SPI firewall this kind of DOS attacks never the problem again.

mod_evasive only help you through some light DOSs. For example someone opened 100 connections to download single file on your site again and again.

You will probably need SPI firewall like CSF to fight off some median scale DOSs.

[vivalite]

My CSF configuration file. Guaranteed to work with Plesk.

please rename it to csf.conf

[vivalite]

Prefork MPM section setting in my httpd.conf :
(I tested this setting with 200+ simultaneous connections and it won’t crash my VPS)

Code:

<IfModule prefork.c>
ServerLimit  65
StartServers  5
MinSpareServers  5
MaxSpareServers  10
MaxClients  65
MaxRequestsPerChild 10000
</IfModule>

[testall]

My CSF configuration file. Guaranteed to work with Plesk.

please rename it to csf.conf

Hi, Thanks for you detailed posts.

Are you using VPS or dedicated server?
I tried to install APF, but it failed because of accessing ETH0.

[testall]

Hi, vivalite

After i installed CSF, and using csf -r to start it, i always got bellow error:

Error: iptables command [/sbin/iptables -v -A LOGDROPIN -p tcp  -m limit --limit 30/m --limit-burst 5 -j LOG --log-prefix 'Firewall: *TCP_IN Blocked* '] failed, at line 196

Do you know what it is?
is it something missing?
http://forum.configserver.com/showthread.php?t=212

Thanks.
 

[perestrelka]

Hi testall,

First of all, please do not run  APF and CSF simultaneously. As for the error are you getting, please contact the support and ask them to check that all iptables modules required by CSF are enabled for your VPS.

[testall]

Hi testall,

First of all, please do not run  APF and CSF simultaneously. As for the error are you getting, please contact the support and ask them to check that all iptables modules required by CSF are enabled for your VPS.

I have called the support number, i was told to chat with https://dedicated@lunarpages.com/

in the online chat, I was told "enable iptables"  can not be done in VPS, and i said somebody already did it in VPS, finally i was told to email the request and will get response in 30 mintues.

now half day passed, i havn't got any response. 

 

[vivalite]

My CSF configuration file. Guaranteed to work with Plesk.

please rename it to csf.conf

Hi, Thanks for you detailed posts.

Are you using VPS or dedicated server?
I tried to install APF, but it failed because of accessing ETH0.

You are welcome. I am using VPS and for network card setting on vps should be "venet0" other than eth0