Begin Linux Blog

Linux Distro Releases and News

Archive for November, 2008

« Previous Entries

Dealing With Content Spam

Posted by beginlinux on November 30, 2008

EMail Spam is against the law, however, it still fills your inbox. However, content Spam, which is on the rise, is not technically against the law or at least has less liability for those who do it. As a result many of us are constantly cleaning forums and blogs from this kind of trash. This tutorial will help you deal with the majority of Content Spam.

1. Restrict Comments to Some Boards
You can usually turn some boards off from comments as they are not necessarily where you want people to place comments anyway. This may even take a redesign of your blog so that you have fewer boards where they post. True, this does not stop Content Spam, however, it does cause them to recognize that the forum or blog is under supervision and being watched.

2. Require a Review on New Accounts
This is one thing I found very useful. When a new account signs up one way to check them is to take the IP Address that they registered from and put that in the Google search. If they ar known Spammers you will see a whole list of links about people complaining about these known Spammers. Then just ban the IP Address, the email and the account forever.

3. Create a Firewall to Limit Access
I basically became so frustrated with Content Spam I reviewed almost 8 million IP Addresses and subnets and created a list of the most frequent offenders. This is a very aggressive list and it certainly has subnets that contain some innocent users, but I put this together to stop Spam…period.

If you are using a CPanel you can enter subnets like you see below in the Firewall Options.

deny

If you are using an iptables script you can add this section toward the top of the firewall:
You will need to create a file called /etc/rc.d/banned and list subnets one line at a time as you see in the example below.

#####################################################
# BLOCK COUNTRY ATTACKS #
#####################################################
BADIP=”/etc/rc.d/banned”
BANNED=$( grep -v -E “^#” $BADIP )
for ip in $BANNED
do
iptables -A FORWARD -p tcp -s $ip -j DROP
done

# Example banned file
113.10.10.0/20
113.11.12.0/20
114.0.0.0/8
115.0.0.0/8
116.0.0.0/8
117.0.0.0/8
118.0.0.0/8
119.0.0.0/8
121.0.0.0/8
189.0.0.0/8
190.0.0.0/8
194.0.0.0/8
200.0.0.0/24
201.0.0.0/24
217.0.0.0/24
24.0.0.0/8
58.0.0.0/8
66.0.0.0/8
71.0.0.0/8
78.0.0.0/8
77.0.0.0/8
79.0.0.0/8
81.0.0.0/8
82.0.0.0/8
83.0.0.0/8
84.0.0.0/8
85.0.0.0/8
86.0.0.0/8
88.0.0.0/8
92.0.0.0/8
93.0.0.0/8
94.0.0.0/8
99.0.0.0/8

Again, these subnets include some IPs that should not be in there but it is easier to ban a subnet than to create 750 lines of code for the 8 million addresses I reviewed. Use at your own risk.

Worse Case Scenario: What to do when Comment Spam gets out of control.
1. Stop All Comments
Once you stop comments you will see that there is no point for Spammers. You must only use this as a temporary situation as it will not fix anything, it only gives you time to adapt a new strategy.

2. Stop All New Accounts
Again, this is temporary. Place a message in the blog or forum telling people that it is temporary and then work on a permanent solution, most people will understand especially if you tell them that it is only for 48 hours, etc.

Posted in Uncategorized | 1 Comment »

Monitoring Multiple Servers with Nagios 3

Posted by beginlinux on November 28, 2008

As an administrator you may be face with the task of constantly monitoring web servers, mail servers, ftp servers, etc. Basically, your organization wants all of their servers up and running all of the time. Nagios 3 offers an easy set up and configuration to make this happen so that you can monitor multiple servers and have Nagios alert you to problems. Nagios can notify you by email, pager or phone. This will allow you to have a life and count on Nagios to contact you when problems develop.

In the past Nagios has been a real difficult set up and configure job. Many have just given up and moved on. However, using Ubuntu 8.10 and the new Nagios 3 this is a breeze to set up and use effectively. Here are some key links to get you going:

Set up Nagios 3 on Ubuntu 8.10
Configure Web Server Monitoring
Configure Mail Server Monitoring

Take a Live Virtual Class on Nagios
nagio2

Nagios is based on Objects. Objects are hosts, services, contacts and timeperiods. A host is a physical device on your network like a server, router, switch or printer. Each of these hosts has an IP Address or MAC Address that you can use to monitor it with. A service is an attribute of the host. For example a service might be CPU load, disk usage, or uptime. A service might also be something that the host provides like HTTP, FTP, or POP3. Once you have set up a host and as service, Nagios will begin to monitor that service on the host. The contacts are the administrators that should get notified and how they should get notified when there are problems. Finally, timeperiods are blocks of time that determine when an administrator should get notified by Nagios. Put this all together, and you have a sophisticated monitoring process that will make your life easier.

Nagios has a web interface that you may log into so that you can see various hosts and services that you are monitoring. Here is an example.

nagios

Posted in Server Admin | Tagged: , , | 2 Comments »

Ubuntu 8.10 Uncomplicated Firewall GUI

Posted by beginlinux on November 23, 2008

The UFW has a GUI front end that you can add to it to provide an “easier” method of working with the firewall.

Install GUFW

apt-get install gufw

You will see that it will be installed and available using System/Adminstration/Firewall administration.
The interface is set up for several different options. The “Current Configuration” has a default deny on all incoming traffic which should be a standard choice for all Desktop situations. You can see that the firewall is enabled. You have three tabs to add rules to the firewall. Note that because the firewall is deny, you will have to allow incoming links. The one caution that you need to understand is that when you open ports you are doing so because you want to provide services to other users, for instance if you wanted to allow them to view a web site or get a ftp download. You should not open your computer to other computers unless you know what you are doing.

gufw1

Simple Tab
The simple option allows you to allow a service, like ftp. Just enter ftp in the window and you can see the rule has been created. Now anyone can access ftp on your machine. The simple tab does not allow you to choose who can use ftp, thus this is not a good choice if you want to restrict who can connect to your machine.

gufw2

Preconfigured Tab
The preconfigured tab allows you so select a service, like ssh, and choose Add and now two rules are added. This tab suffers from the same issue as UFW in that in terms of SSH you really do not want to open up port 22 and udp. Why the preconfigured option adds an unwanted protocol and port is hard to understand. It is difficult to even understand why this preconfigured tab is an option.

gufw3

Advanced Tab
Unfortunately the only tab that really provides a decent way to construct a firewall is the advanced tab. You may select “Allow” and choose a protocol, like tcp, and then you can restrict who may access your machine. If you do not add any ports, as in the example it will create a rule that will allow a computer to connect on any ports available. So in the example192.168.5.14 can connect on any port to the computer at 192.168.5.43.

gufw4

This next example is a better option because a port is added so that the computer at 192.168.5.14 is only allowed to connect on port 22.

gufw6

Another feature of the firewall is you can set limits on different services so that you can give priority to other services, thus managing your bandwidth. Here is an example of limiting bandwidth for SSH by choosing limit on the Preconfigured tab.

gufw5

Posted in Desktop User | Tagged: , | 2 Comments »

Ubuntu 8.10 USB Drive Review

Posted by beginlinux on November 18, 2008

Ubuntu 8.10 offers a way to create a USB drive from the Live CD or an .iso. The question is, how well does this really work. In order to test we created several of these USB drive installs. The first thing to note is that the process is easy to do. Here is a step by step in create a USB Pen Drive disk.

Insert the USB Pen Drive once you have booted the Live CD. Now go to System/Administration and Create USB startup disk in the menu. You will see it has detected the 2 GB San Disk. You can use as small as 1 GB for the disk. You will also need to indicate the location of the Live CD or an .iso so the system can build the disk. Here we used the Live CD.

d2

It provides you with the option to decide how much free space to allow for files that you create. What this does is give you a way to move this Pen Drive from computer to computer and save your files. A mobile Pen Drive.

d3

Installation process is quick.

d4

Now remove the USB drive and boot from the USB drive. On most computers at boot time you will have an option to choose your boot drive by selecting F12 at boot. Then select boot from USB drive. If all is well the Ubuntu USB drive should boot and you will see the same thing as the Live CD. Your computer must be able to boot from a USB drive, if it does not have that capability it will not work.

Results Were Mixed:
We tried it on a Lenovo T60p and it would not work at all. Error message ” No operating system”. So for some reason it could not read the disk. On a Dell Inspiron 1100 it booted fine. A little slow but you have to remember it is creating the whole operating system off the USB drive initially.

Posted in Desktop User | Tagged: , , | 8 Comments »

How To: Linux on a Pen Drive

Posted by beginlinux on November 15, 2008

There are many options with USB Flash drives now. Here is a tutorial on how to install Damn Small Linux on a Pen Drive. This is version 4.4.7, the newest version. Plugin your Pen Drive in to the USB slot. For DSL it is a great one to experiment with because you can use a small Pen Drive to work with. A 256 MB Pen Drive allows you a lot of space since the operating system is only 50 MB.

damnsmall Cllick the Image to Purchase DSL on a Pen Drive

Spin up a Live CD of DSL or use DSL off an existing computer and go to the menu Apps/Tools and Install to USB-HDD Pen Drive. Please note that the computer you will use the Pen Drive on must be capable of booting to a USB Pen Drive, that acts as a hard drive (HDD). You will see the first window and it will ask you if you want to check to make sure the is at /dev/sda. Be sure you do not have any other USB Pen Drives attached and DO NOT MOUNT THE PEN DRIVE (that potentially could damage the Pen Drive).

du1

You will have a number of options that you can have with the install. The default options will place the entire operating system in RAM when it boots, this makes it run much faster. The default boot options are the best way to start.

du2

Add a different language if needed.

du3

Verify that you want to continue.

du4

Watch the install.

du5

To use the new USB Pen Drive plug it into a computer that is off and then boot the machine. Many machines will allow you to choose the F12 key to determine how it will boot. Click F12 as the machine starts and select to boot off the USB Pen Drive. This will not hurt your existing operating system in any way. This allows you to boot your DSL drive off any machine and save your files on your Pen Drive.

Posted in Desktop User | Tagged: , , , | 4 Comments »

« Previous Entries