[00:00] 4505 or 4506? [00:00] delinquentme: does netstat -lnp show something listening on 4505 or 4506? [00:00] delinquentme: .. if so, is it bound to localhost? [00:00] sarnold, nope ! [00:01] delinquentme: nmap can only tell if a port is open if a process is actively listening on that port [00:01] actually i used $ nmap -v 104.130.135.79 -p 4505 to check it from a remote machine [00:02] delinquentme: shows closed for me too, but '22' for example is openbecause sshd is listening [00:03] well theres a web server called zeroMQ which should be listening on ports 4505 and 4506 and [00:03] and I ran $ sudo ufw allow 4505 && sudo ufw allow 4506 [00:04] delinquentme: what does sudo netstat -lnp | grep :450 show? [00:06] sarnold, nothing [00:07] delinquentme: okay, how about ps auxw | grep -i z ? does it show zeromq running? that'll let you know if you need to figure out (a) why it isn't starting or (b) why it isn't listening on the ports you expect [00:09] zeromq is not showing up [00:09] damn. [00:09] is there not a way to tell whether a port is open by itself? [00:11] delinquentme: nc -l 4505 on the host where you want to run zmq, then on another host, run "echo hi | nc 4505" -- if you see 'hi' in your first terminal, then the firewall lets the port through [00:12] sarnold, check. I got "hi" on the first terminal [00:13] so then it could be an issue that zeroMQ is only running while its needed ( this is a infrastructure provisioning software ) [00:13] delinquentme: nice; if you want to make sure your firewall is okay,try again on ports e.g. 4000 or something :) [00:13] delinquentme: no idea there. from what I know of zmq it seems very unlikely to me that it wouldn't be running all the time.. [00:14] sarnold, yeah cool trick ! [00:14] right now im trying to sort out why im getting so many hanging instance events on rackspace [00:14] IE I ask for a node and it takes > 10 minutes for it to answer back as being up + provisioned [00:15] owwwwwww [00:16] yeah i was thinking it was rackspace ... but it might have been that I failed to open up the right ports for the software source on the master [00:16] ... but then im not sure why it ever even once provisioned [01:51] HI I want to create a local repo of some debian packages with their dependencies what tool would be the best and easiest to do this task? thanks [02:54] hey guys, trying to figure out which video driver I need. it is a bit of an odd question since I am running server, but I installed xbmc on my nuc and now xbmc is saying it needs a video driver. was looking at this package, i965-va-driver. that look right? [03:01] the simple question, which driver do I need for this? 00:02.0 VGA compatible controller: Intel Corporation 3rd Gen Core processor Graphics Controller (rev 09) [03:02] intel :) [03:03] Patrickdk: aye, but which? [03:03] xorg isn’t installed [03:03] sudormrf, this one I believe https://01.org/linuxgraphics/downloads [03:03] what does xorg have to do with graphics drivers? [03:04] cfhowlett: is it in the repos? [03:04] Patrickdk: nothing. was just mentioning it in case it mattered :) [03:04] I never bothered [03:04] it *just works* [03:04] Patrickdk: ? [03:08] sudormrf, /kernel/drivers/video/intelfb/intelfb.ko [03:08] that is the video driver for it [03:09] so if you see intelfb in lsmod, it's loaded [03:09] Patrickdk: it is not loaded [03:09] well, what are you using? [03:09] is this a laptop? [03:10] an intel NUC [03:24] sorry had to make some change [03:24] changes [03:24] not sure where to go from here [03:25] would prefer to load using apt === apb_ is now known as apb1963 === Ursinha is now known as Ursinha-afk === deegee__ is now known as drussell [06:18] Good morning. [06:51] can u tell me why ext4 partition displays 93GB but actual size is 99GB [06:51] I can't understand the mathematics behind it [06:52] abhishek: echo "1024 * 1000 * 1000 * 99 / (1024 * 1024 * 1024)" | bc -l :) [06:53] what is 1000 here [06:53] actually I am confirmed that this is 1024 as a unit [06:53] that's what your drive maker calls a "megabyte" and "gigabyte" :) [06:54] I thought this is taken by some jounaling features [06:54] overhead probably does account for some of that.. === trijntje_ is now known as trijntje === melmoth_ is now known as melmoth === yofel_ is now known as yofel === Lcawte|Away is now known as Lcawte === deegee is now known as drussell === jpds_ is now known as jpds [10:57] Hello, I installed some caintainers. [10:57] But I see some tun-tap cards that are not attached with containers. [10:57] container* [10:57] Suggestion...? === deegee is now known as drussell [11:24] morning === Ursinha-afk is now known as Ursinha === moparsthbest is now known as moparisthebest [12:30] does the order of the files in /etc/apache2/sites-enabled matter? [12:30] somehow one of my virtual hosts is allways ignored [12:30] the others are working [12:32] Aison: The order matters in the regards that the first one will become the default vhost. [12:33] Assuming you are dealing with named vhosts. [12:33] ok, this one starts with 000 [12:33] andol, yes, i'm dealing with named vhosts [12:34] Yepp, that 000 prefix is often used for the purpose of making sure the default really ends up being the default. [12:38] looks like the hostname is not submitted to apache [12:38] very strange [12:38] 10.0.1.1 - - [26/Aug/2014:14:38:13 +0200] "GET /phpsysinfo.txt HTTP/1.1" 404 516 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" [12:39] "-" no hostname here [12:43] Aison: I've seen that happen, but somewhat never understood how to fix it without disabling the "default" site. Try that first. [12:43] heh? [12:44] patdk-wk: heh. [12:44] hostname not being submitted when using http 1.1, is invalid, and will cause an error [12:44] Aison: can you do wireshark dump of that? hostname should be submitted, but apache may mess it up (or your config may) [12:45] and "-" != hostname, that is the referer, by default [12:46] RoyK, right, when I disable the default, then everything works [12:46] Aison: bingo... [12:46] never had an issue with it myself [12:47] patdk-wk: I have [12:49] hmm, I need to figure out how to deal with the apache 2.2 -> 2.4 change [12:49] RoyK, and how did you solve it finally? [12:54] Aison: removed default config :P [12:54] oh wait, you mean just remove 00-default right? [12:54] ya, I always do that [12:55] and make my own [12:55] yes [12:56] perhaps there's something in the catch-all logic there that catches too much? [12:57] think it depends on what you do [12:57] I found one server I have the default enabled [12:57] on it, I use ip specific vhosts, virtualhost fullip:80 style [12:57] Ok, I have about 4-5 ubuntu servers mainly serving files/nfs. I wan't to start monitoring their performance numbers, something straight forward. Thinking of just installing Munin on each. Recommendations? [12:57] so the ip overrides the default vhost [12:58] but if you make another *:80 vhost, you will have to specify servername and/or serveralias for it [12:59] patdk-wk: and when that doesn't work either, and it returns to the default, even if the new config is correct? [12:59] that, I haven't seen :) [12:59] that's what Aison is seeing ;) [13:00] the funny thing is, I did not change anything in the configs [13:00] this config worked now for over 2 years [13:00] suddenly it stopped working... [13:02] Aison: a glitch in the matrix? ;) [13:02] all what I did is a reboot of the server.... [13:02] so something happened [13:04] do anybody know a good web file manager (maybe with ldap support) === Ursinha is now known as Ursinha-afk [13:12] damn, building my raid array takes hours..... [13:12] already waiting 24h === Ursinha-afk is now known as Ursinha [13:29] hi does all the debian files located in the directory /var/cache/apt/archives are installed on my system? [13:30] rostam: Not per se. It is a temporary place to store .deb files. [13:31] rostam: Apt places them there when they are downloaded. [13:32] lordievader, oh I see thanks [13:45] has anyone here successfully used the text debconf_ui frontend for oem-config on 14.04? [13:52] jamespage, I have an odd problem. The charm-tools in trusty is out of date [13:52] but the new one, in the PPA, depends on a new package, charmworldlib [13:52] which is not in trusty [13:53] is there any option at all for getting a new package in -updates or is it pretty much we're doomed? [14:06] Hey guys, what package provides ubuntu's sweet stats on login? [14:07] thebwt1: Seems to be 'update-notifier-common'. [14:08] thanks lordievader [14:08] anyone using preseed with the interfaces ? [14:08] It's overwriting my /etc/network/interfaces file everytime [14:11] lordievader: actually it's landscape-client [14:13] can someone help me on how a curl command should look like if the client_id and api_key of oauth are weird? [14:13] thebwt1: The scripts that provide the data are all over the place though: apt-file search /etc/update-motd.d [14:13] curl -X POST -d "grant_type=password&username=Christian&password=secret" 'http://WpDs.u9yrWD3js;fYq?cog;MvTiq0Bj02r8LTL_v:c1W2:PzVsccsIt_G_uxnwE_TC08z14IKqYYKy0DJAok;_B?RvuVashIsARqhGwF=ChoBJveA7LvB;C?IeXyp?0ZiyBtg9;tSwTjVdC.K_f@n=;@V;2:VoX@IhPyiHzC@localhost:8000/o/token/' [14:13] ends with curl: (6) Couldn't resolve host 'WpDs.u9yrWD3js;fYq\' [14:13] I understand why that is, but i don’t know how to male it work. [14:40] Does anyone have any expertise troubleshooting Upstart scripts? [15:00] why do one of my ubuntu server have got p9p1 as name for the network device [15:01] and the other one eth0 [15:01] where are these settings to change that behavoir? [15:02] Aison: check https://bugs.launchpad.net/ubuntu/+source/biosdevname/+bug/1284043 [15:02] Launchpad bug 1284043 in biosdevname "udev renaming the same hardware network i/f to different name, breaks networking and firewall (dup-of: 1324558)" [High,Confirmed] [15:02] Launchpad bug 1324558 in biosdevname "[SRU] biosdevname returns identical names for two different devices." [Undecided,Fix committed] [15:09] What is the "right" way to connect to generic ssl service ( https, imap, whatever ) and check that the certificate is signed by an authority in /etc/ssl/certs ? [15:09] I can't use my browser because it won't work for anything other than https [15:18] Sorry, I got disconnected. [15:25] hi guys, just installed ubuntu server 14.04. On first boot, after installation, the booting process seems to hang, with the harddrive led blinking every second or so. Last line is Adding 4GB swap on /dev/sda2 [16:00] * genii makes more coffee and wanders over to #ubuntu-meeting [16:10] utlemming, https://bugs.launchpad.net/ubuntu/+source/walinuxagent/+bug/1360471 [16:10] Launchpad bug 1360471 in walinuxagent "update walinuxagent to 2.0.7" [Medium,Confirmed] [16:10] and, fyi, ubuntu ServerTeam meeting going on irght now in #ubuntu-meeting === matsubara is now known as matsubara-lunch === matsubara-lunch is now known as matsubara [17:38] hallyn: ill get to libvirt tomorrow [17:39] zul: ok [18:52] Hey does anyone run a speedtouch 330 modem on debian, or has done in the past ( i know its an old modem ), http://codepad.org/SFzY5kZL <-- anyone know how to get this working i can't see to get it to grab device like ttyS0? [18:56] zoidberg-: https://lkml.org/lkml/2002/11/7/186 ... is there still a 'speedtouch' kernel module to load? :) [19:02] For someone that has never worked with cronjobs before, is it possible to create one that'll run this every 30 or so minutes? sudo service apache2 restart & sudo service mysql restart [19:02] It's a temporary fix to an issue a server I'm working on is having, but it'll hopefully help a bit while I workon the main issue [19:04] Sierra: add "0,30 * * * * root /usr/sbin/service apache2 restart ; /usr/sbin/service mysql restart" to /etc/crontab [19:12] sarnold, Sierra: is it really wise to restart apache and mysql to fix an issue? [19:12] RoyK: no :) [19:12] Sierra: check the logs - they should see what's wrong [19:12] RoyK: but Sierra promised it's a short-term workaround [19:12] s/see/show/ [19:12] sarnold: obviously, yes [19:12] Royk: There seems to be a memory leak somewhere thats causing the server to completely die after ~45 minutes, this is just temporary while I get this fixed [19:13] Sierra: what's leaking? [19:13] Not certain yet [19:13] Sierra: have top running or monitor the problematic processes with munin or something to show their memory use [19:14] All its running right now is a set of wordpress sites, but I've watched the memory usage slowly climb until it hits a point where it stops responding, using htop [19:14] Process wise, it seems to be heavy CPU usage from apache, and growing memory usage from mysq [19:14] Sierra: the apache processes or mysql? [19:14] ah [19:14] that's rather bad... [19:14] Yeah.. Just suddenly started up yesterday, no warning. Nothing was updated or changed beforehand that I'm aware of [19:14] too bad wordpress can't use postgresql :P [19:15] Sierra: any wordpress or php upgrade happened recently? [19:15] erm... if mysql is eating the memory... [19:15] just forget that question [19:15] I do know there was a wordpress update released, but as far as I know it hasnt actually been updated yet due to the resource issues [19:16] Sierra: can you isolate the process(es) leaking? [19:16] I'm wondering if there's just a suddenly massive amount of people trying to access the websites or something (Which is odd.. It's nowhere near tax season) [19:17] http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-5265.html [19:17] sarnold: The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. (http://cve.mitre.org/cgi-bin/cv [19:17] http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-5266.html [19:17] sarnold: The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5266) [19:17] RoyK: By the looks of it, a bunch of mysql processes using ~2.5% of memory each, and the number of those processes is stadily growing [19:18] Sierra: how is the I/O load? [19:18] given by "wio" by "sar" (from sysstat) or "wi" from "top" [19:19] Sierra: install sysstat (or munin) if you want to monitor the system over time. using just top doesn't give you history [19:19] RoyK: htop, sorted by memory usage: http://i.imgur.com/JSGHNrL.png [19:20] It was just rebooted about 2, 3 minutes ago [19:20] Sierra: htop doesn't seem to say much about the I/O load [19:20] The IO monitors for htop seem to not work.. Everything's at 0 [19:21] use top [19:21] or just install munin+sysstat [19:21] btw, there doesn't seem to be any global wio stats from htop [19:25] RoyK: Ok, I've got sysstat installed. Did a small google search, should I follow these instructions? http://www.leonardoborda.com/blog/how-to-configure-sysstatsar-on-ubuntudebian/ [19:26] Sierra: looks ok, although I'm not sure if you need 2min samples - up to you [19:26] For now, might as well, in case the server decides to implode after 5 minutes of running instead of 30 xD [19:27] Sierra: also - try munin - it makes nice graphs to help visualising things [19:27] hehe [19:28] Ubuntu manual pages for munin are showing instructions for two different servers; Not sure what that's about >.< [19:30] Sierra: apt-get install munin munin-node # that should do for most [19:30] munin is pretty good at configuring plugins available for the system [19:32] Sierra: by default, it'll setup a /munin place on the webserver - see /etc/munin/apache.conf for the configuration of the web access [19:32] RoyK: Well, this just suddenly happened in a split second: http://i.imgur.com/S4fW2sP.png [19:32] i.imgur.com/8K5199J.png [19:33] Sierra: run top - check i/o statistics [19:33] So maybe its not a memory leak, somethings causing a ton of threads to suddenly start up from apache and mysql.. [19:33] And the server's not responding again [19:33] Sierra: your load is very high, so the problem is probably due to I/O load [19:33] Sierra: use top next time - not htop [19:34] Is there a way to get the SSH session to have a higher priority or something so the server will still respond to ssh? [19:34] It seems that it is responding, just incredibly slowly.. [19:35] usual I/O issue [19:36] probably swapping the best it can [19:36] Gonna have to call the guys at the datacenter and have em reboot the box again [19:37] Ok so it finally responded to a service apache2 stop after ~5, 6 minutes, and everythings running fine again [19:37] Although the webserver's offline now [19:37] RoyK: How do I have top display the i/O stats? [19:38] Sierra: echo b > /proc/sysrq-trigger [19:38] that'll reboot it [19:38] it won't sync the disks or anything, but hopefully, ext4 will sort that out [19:38] RoyK: Not sure if the reboots necessary atm as its load dropped down after it finally stopped apache2 [19:38] Sierra: echo s > /proc/sysrq-trigger; echo u > /proc/sysrq-trigger ; echo b > /proc/sysrq-trigger [19:38] that'll be safer [19:39] ok [19:40] Sierra: top will report i/o stats by default [19:41] Unless its not labelled as io, I'm not seeing it :/ [19:42] wi [19:42] time spent waiting for i/o [19:42] erm [19:42] wa [19:42] %Cpu(s): 0,2 us, 0,2 sy, 0,0 ni, 99,7 id, 0,0 wa, 0,0 hi, 0,0 si, 0,0 st [19:42] the wa thing there [19:43] http://i.imgur.com/HwmcNCi.png [19:43] Oh there it is [19:43] press 1 [19:44] so you get the output of all CPUs [19:47] I'm seeing it hitting 60-80%wa on both cores [19:48] And now 90% [19:50] http://i.imgur.com/2ERj1KB.png is what its showing right now [19:51] Sierra: lots and lots of swap used - that's the cause [19:51] Any idea whats causing the massive spike in resource usage that wasn't occuring before? It happened at the end of tax season (When lots of people were using the site) but nowhere near this bad [19:51] The server still responded back then, at least [19:52] Sierra: I'd try with reducing the maximum processes forked by apache [19:53] Sierra: 2GB isn't a lot if a webserver is under stress [19:54] Royk: Not certain how to do that. Google search came up with things that seem irrelevant [19:54] Sierra: set MaxClients to 50 or something - perhaps less - under [19:54] in /etc/apache2/apache2.conf [19:56] Sierra: it certainly looks like a truckload of connections to your webserver that's killing it [19:57] Sierra: change that - stop apache and start it again - don't just do a reload [19:58] Would help if the router wouldnt keep disconnecting my laptop [20:01] Sierra: are you under constant ddos attack or something? [20:02] I have no idea, sure as hell hope not >.< [20:02] Just randomly started up yesterday or the day before [20:02] Sierra: netstat -tun might be useful to determine what's going on.. [20:03] Well the server didnt even last 2 minutes before I lost access again.. -headdesks- [20:04] Sierra: after changing the apache conf? [20:04] Sierra: looks like a DDoS to me [20:04] I didn't even get so far as to restart apache to load the new config [20:04] So how do I explain what a DDoS attack is to a boss that knows nothing about networking and will probably think its an excuse? [20:05] XD [20:05] Sierra: what sort of content is on this website? Have you offended some people? ;) [20:05] contact your ISP asking them to route the ddos to /dev/null? ;) [20:06] Sierra: if it is a DDOS, your ISP can help immensely. give them a call. [20:06] Sierra: they'll probably be happy to help even if you haven't yet figured out what exactly is going on, they'll probably be able to tell in a few seconds if it is network related or not :) [20:06] RoyK: It's a series of front end wordpress websites for a united states tax efiling company [20:06] Sierra: .. in the middle of august. heh. [20:06] Yeah. [20:07] Thats whats got me wondering. Plus, when tax season hit, it was nowhere near this bad [20:10] * Sierra is just the programmer that writes the web code :( [20:10] And manages the server [20:11] heh, that's pretty painful position to be in. [20:11] I'm now trying to train some of my webdevs in the old work to manage servers, and it's not going well :( [20:12] Welp, gonna have to see if the datacenter can help with this. That's the only contact I have (That will recognize me as authorized to discuss such issues) [20:13] My supervisor's on a week long vacation. So this is fun XD [20:13] yeah, definitely give them a call if you think it's network related [20:14] Already done, they're going to have another guy call me back [20:17] Sierra: better give that VM another few gigs of memory, for a start, and move the database to a dedicated server === arosales_ is now known as arosales [20:17] RoyK: It's not a VM, it's running on a physical server that my supervisor provided [20:18] Sitting on a rack at a datacenter [20:18] Sierra: a physical server with 2GB of memory?!? [20:18] Yeah. [20:18] I brought that up, was told to just do it [20:18] 'This server ran perfectly fine before' [20:18] Sierra: my home server has 16GB :P [20:19] My personal VM has 512MB XD [20:19] And runs better than that damn thing does. [20:19] Even when its not having this issue [20:19] Sierra: again - start out with decreasing the number of apache processes [20:20] Sierra: if you get access to that thing :P [20:20] I did manage to get the change made to the file [20:20] The server just kinda.. Died before I could get the apache2 restart out [20:21] Sierra: do you have some remote control? [20:21] Sierra: remote console? [20:21] SSH terminal is my normal method, but that immediately responds with 'Server closed the connection unexpectedly' now [20:22] Sierra: most servers have iDRAC or something like that in them, which works well if it's configured correctly [20:22] There was /supposed/ to be a newer server with better hardware setup, but that never actually happened [20:22] IMHO psycial servers should only be used for special purposes :P [20:22] (such as VM hosts) [20:23] we even run our database servers virtualized - it works [20:23] The issue there is getting my boss (Not the same person as my supervisor) to actually pay for the hardware [20:23] heh [20:23] Whenhe's convinced that what we have has been working so if it stops working I can fix it [20:23] then let the system die and tell your boss why it died [20:24] Yeah, I've had servers lock up from improperly tuned apache maxclients, that's probably the situation [20:25] Fortunately mine were all VMs, connect to hypervisor, hit ctrl+alt+del or reset [20:25] qman__: wrong answer - servers like these should be virtulised [20:25] RoyK: Sadly, that may result in loss of a job [20:26] Retune apache, hope for the best [20:26] Sierra: not if you play your cards correctly - you can't maintain a server with too little resources [20:26] And yes, they should all be virtualized, no reason not to [20:26] Tbh, if I was actually paid enough, I'd have probably just upgraded the hardware myself [20:26] But I'm not paid enough for that. :< [20:27] Running hardware incapable of virt in prod is inexcusable today [20:28] To be fair... I dont think running everything on VMs is a good idea anyway. Head honchos get confused enough with this older stuff as it is [20:28] And they insist everything I do be something they can understand how to us [20:28] >.< [20:28] There's so many things that could be done better if I just had free reign to get it done right [20:28] Its easier to ask forgiveness than permission [20:29] If you do it right and prove it works, that normally solves the problem [20:29] Tried that once. They had me go and redo it the way they wanted [20:29] Otherwise, its time to job hunt [20:29] Ohhh I've been tempted [20:30] If my dad's livelihood didn't depend on this business staying alive, I'd probably be working toward IT at MAcy's. Family friend works there, and has said I'd be great with them (I've even gone with him a couple times as an intern of sorts) [20:31] Sierra: I've talked to people running large-scale Oracle databases virtualised - they work [20:32] Sierra: running a webserver on physical stuff isn't good [20:32] What I really want to do is make a living building custom PCs. I enjoy that, it's like super fancy legos [20:32] Sierra: also - separate the webserver from the database server [20:33] Sierra: a database server have different needs than an apache server - apache+php may need some RAM, but rarely I/O, unless access takes off and it starts swapping [20:33] Yep [20:35] Well, got this from the datacenter [20:35] I have verified with one of our network engineers and we cannot see any indication from your current network usage that would indicate a DDoS from a networking standpoint. Network activity has spiked, but within norms of the historical data. [20:36] Yeah, an improperly tuned server can choke on just normal heavy load, or even a security scanner or web crawler hitting everything [20:36] Hm... On a random note [20:36] The server's not getting massive resource hits [20:39] Someone recommended a command earlier to check network usages, but I've forgotten what it was.. netstats something or other? [20:41] Found it, netstat -tun [20:42] Is there a way to have a certain command run when memory usage hits a certain number, say, 1024MB? [20:42] Hm... [20:43] I'm seeing a lot of conenctions from a single IP address with random ports [20:44] Hey guys, I would like to install intel graphics drivers to my NUC running ubuntu server. I am not sure which package in the repos I should use. any suggestions? [20:45] Sierra: just block that - iptables -I -J DROP [20:45] RoyK: Not sure if that's normal or not for a webserver, though [20:46] Sierra, setup fail2ban [20:46] that way you don't need to do this manually [20:46] Ok looks like what I was seeing might be norma... Loaded up the website, clicked a couple pages, and now my ip address shows up with the same thing [20:47] Isnt fail2ban for failed logins? [20:47] Yes [20:47] Sierra: you can use it for all sorts of things [20:48] Sierra, I use it to block IPs all the time [20:48] Sierra, what RoyK said [20:48] I have it looking at the syslog for a certain output and then it blocks the IP it finds in that output [20:49] The out of the box config only does SSH logins IIRC but it is very configurable [20:49] I have it set up on an asterisk box [20:50] * RoyK uses astersk or wind whenever someone points guns at him [20:50] * RoyK uses astersk or windows whenever someone points guns at him [20:51] That's basically the situation here, inherited a mess, made it work [20:51] qman__, I believe you are correct. I have it setup to block a specific type of entry. was noticing a bunch of easter european IPs trying to do stuff [20:51] so I stopped them [20:51] first I blocked entire IP ranges for those regions...and then some sites stopped working lol [20:51] had to scale back [20:55] This asterisk server is completely integrated into the ticketing system and email system, so any change is going to be very involved [20:57] Email system is an unmaintainable disaster, too [20:57] qman__: is asterisk so full of (some word not allowed on this channel) as earlier? [20:59] Yeah, asterisk is...appropiately named [21:00] :P [21:03] One of the email servers is running debian etch, and someone decided it'd be a good idea to install random lenny packages, so now its totally non-upgradeable, can't install or remove software [21:04] It sits in the middle of the relay path with a custom LDAP+postfix integration that doesn't work in newer versions [21:06] RoyK: I find that wind was more apt, since they are a fairly crappy cell provider company [21:12] is it possible to configure BIND9, when it acts as a caching/forwarder server, to NOT go hunting for authoritative nameservers to go get data from? It appears to do this in all cases... [21:13] (this is all bind9 on Ubuntu Server boxes, hence me asking here) [21:14] teward: DNS is pretty straight-forward - you configure the SOA and it says how long things can be cached [21:14] RoyK, i have it only configured as a forwarder, i.e. it forwards all requests to 8.8.8.8 and 8.8.4.4 (google DNS). [21:15] BUT, it also is reaching to the root nameservers, then the ccTLD/gTLD nameservers, etc. until it hits one for an authoritative answer [21:15] trying to figure out if there's a way to disable that [21:15] Remove the root hints [21:16] It can't ask root servers if it doesn't know what they are [21:17] qman__: haha [21:17] teward: look around for a setting that might be "forward only" or "don't recurse" or similar [21:30] I have finally discovered what's wrong with my brain; On the left side, there's nothing right, on the right side, there's nothing left! [21:52] Ok so ufw is proving to just not work. I've blocked an ip address, and netstat -tun is still showing that ip addresses all over the place... Is there a better option for blocking specific IP addresses [22:02] Sierra: probably ufw block rules won't affect already established connections; you can either kill the process that has those sockets open (netstat -tunp can help) or you can nullroute the address, ip route add blackhole [22:06] ufw uses conntrack [22:06] conntrack will keep existing open :) [22:06] use conntrack tool to fix it [22:07] "conntract tool"? [22:07] ah you can see how my fingers work.. [22:18] are there some good preseed guys in here ? === ideopathic_ is now known as ideopathic === TDog_ is now known as TDog === Tzunamii_ is now known as Tzunamii === s is now known as Guest96153 === Zoey is now known as Zoey142 === Lcawte is now known as Lcawte|Away