Sunday, September 26, 2010

Easy access to your VPS

An easy but useful tip is to add the hostname of your VPS to your system hosts files. Often, a VPS is referred by its IP address or by its hostname given by the vps company, e.g. vps211.vpscompany.com.

An easy way to access your VPS is to give the VPS a friendly name in your hosts file. Edit the hosts file which is located at:
Windows: C:\Windows\System32\drivers\etc\hosts
Linux  : /etc/hosts
The structure of the file is mostly the same on both operatings systems. Add a line to host file, replace 123.123.123.123 with the IP address of your VPS and replace vps1 with the name you want to access the VPS.
123.123.123.123 vps1

Fire up your browser, remote desktop or SSH and simply connect to vps1. The system will connect to the IP address specified in the hosts file!

Thursday, September 23, 2010

Prevent SSH bots

Before completing the LAMP tutorial I will show some important considerations if you start working on a new VPS.

If you have been running a Linux server for a while you have probably noticed SSH bots trying to access your server. These bots try to break your server passwords and compromise your system. If you have strong passwords this is not a real big threat but it's annoying to see /var/log/auth.log grow with lines like this:

Sep 21 17:24:19 localhost sshd[2638]: Failed password for invalid user root from 113.6.252.48 port 42782 ssh2
Sep 21 17:24:24 localhost sshd[2640]: User root from 113.6.252.48 not allowed because not listed in AllowUsers
Sep 21 17:24:24 localhost sshd[2640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.6.252.48  user=root


The problems is most of these boxes are already hacked boxes. So it's not easy to find the originating IP. Luckily these attacks are easy to stop, there are two easy solutions:

Option 1: change the SSH port
This option simply changes the port you connect to. It's a simple solution but it works really well. Attacks went down from a lot to zero on one of my VPSes. To change the port edit /etc/ssh/sshd_config and change Port 22 to Port 1234 for example. Restart the ssh server and you are done. Remember to test the connection to your VPS on the new port first before exiting your current SSH session.
vim /etc/ssh/sshd_config
/etc/init.d/ssh restart
Option 2: block attackers
The other option to stop these attackers is to block SSH attacks after a few failed attempts. There is a tool especially designed to stop all kinds of unwanted service access. It is called denyhosts. Installation is very simple on an Ubuntu or Debian system:
apt-get install denyhosts
And you're done! Well almost, you probably want to add your home/work IP to /etc/hosts.allow. This prevents denyhosts from blocking your home IP. This can happen when you had too many failed login attempts, even in the past (denyhosts thoroughly checks your login history).

You can tweak some values if you like in /etc/denyhosts.conf . I always change the setting DENY_THRESHOLD_VALID to 5. This determines the amount of failed attempts you can make on an existing and allowed user, before you are blocked. You don't have to change this value but it is a bit risky because the threshold for invalid accounts is 10. Using this knowledge an attacker can determine what system accounts exist. If you have edited the config file restart denyhosts for the changes to take effect.
/etc/init.d/denyhosts restart

Tuesday, September 21, 2010

Setting up a LAMP VPS - Part 1

A popular activity is installing LAMP software on an (unmanaged) VPS. LAMP stands for Linux, Apache, MySql and PHP. With a LAMP server you have a professional working environment used by thousands of businesses around the world. With a VPS LAMP you have an extremely powerful system for only a few dollars a month.

In part 1 we will setup the L and the A and end with a fully functional webserver allowing static content. For this tutorial, I assume your VPS allows you to install/restore a Linux distro and provides you with a SSH login after installing. Most VPSes have this functionality and most offer it for free.

L - Linux
Skip this step if you already have a VPS with Linux on it!

You need to install or restore an image from your control panel. After installation of the image you will receive a (root) password and you are ready to login. When installing a new operating system be advised to make a good backup because everything will be wiped clean of your server!

In this tutorial we will be installing Debian Lenny as the operating system. This OS has the advantage that is stable, secure and I have never encountered an update that breaks the system. The disadvantage is that it is always one step behind the most current stable software packages.
This is not necessarily a bad thing, a good example is the PHP package. PHP is currently at version 5.3, but Debian ships with 5.2. The PHP developers released 5.3.3 which can break earlier 5.3.x code using namespaces. With Debian you are still using PHP 5.2 so you are in no way impacted by this problem.
For this tutorial, Debian is the easiest choice. You can also choose another distro but then you have to change the commands for installing the software.

Installation steps
  1. Access your VPS control panel and restore an OS image to your VPS
  2. You will be given a (root) password to login to your freshly installed server.
  3. If you are connecting from Windows, download Putty and connect to your VPS via SSH. http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

A - Apache
Apache serves the webpages to your visitors and it is the mostly used webserver in the world. To install Apache we login to the VPS and enter a single command as root, it's as simple as that.
apt-get install apache2
Test the installation by navigating to the domainname or IP address of your VPS. The apache webserver is automatically started after installation and also after a reboot (on Debian Lenny at least). If you don't see a test page check if your server is running a firewall that blocks access. Run this command on your VPS (install links first using apt-get install links):
links http://localhost
If this command works on the VPS but your website does not work remotely you probably have a firewall blocking access from outside. Search with Google for iptables on tips how to change this. It is not advised to disable your firewall completely if there is one running.

Installation is as simple as that. Once complete, you are greeted with a welcome screen, which is simply: It works!

Configuration is not necessary but it is good practice to have the web directory owned by the www-data group and make all web files writable by the www-data group. This means the webserver (and PHP) can also change the files on your VPS, this can be both and advantage and disadvantage!
chgrp www-data /var/www/ -R
chmod g+w /var/www/ -R
If you want to give a user named wilco access to change the webfiles enter this command as root:

gpasswd -a wilco www-data
The system will respond with something like: Adding user wilco to group www-data. Now login as wilco and edit /var/www/index.html!

Spotting a good VPS deal

A friend of mine asked me if he had found a good VPS offer. This made me think if there are any indicators on which you can quickly decide to take or discard a VPS offer. Choosing a VPS is not as difficult as choosing a real (dedicated or colocated) server because a VPS is often cheaper per month and has a cheaper setup cost. This means that a bad VPS is not very expensive to replace. When I checked my own VPS servers and reviewed the offer of my friend I managed to compile the following VPS checklist. These VPS tips can help you decide on an offer:

  • Amount of resources available. Of course, there is a correlation between the price of a VPS and the performance. The following guideline should be sufficient in deciding if a VPS offer is a good deal:
    • 15 dollar/euro VPS: at least 256 MB ram and 15GB disk space.
    • 30 dollar/euro VPS: at least 1GB RAM, 50GB harddisk and 500GB bandwidth.
  • Price of a VPS. Most virtual private servers are available ranging from 5-150 dollars/euro. When you consider renting a 100+ dollar VPS it is often cheaper to hire a dedicated server. On a dedicated server you have no other people claiming your resources so you can get a better performance.
  • Setup fees. A high setup fee can prevent you from switching to another VPS. A good VPS offer means the setup fee is between zero and 15 dollars.
  • Available extras. Are there automatic and free backups? Is there a limit of VPS machines on a physical server (too many impact your own performance)? Can you easily reinstall or reset the VPS without extra costs?
  • Company reputation or lifetime. I find this is not very important because I have found some startup companies with little reputation providing excellent service. Other providers manage to improve their performance quickly by adding another physical server or by switching to another datacenter.

Check your VPS performance

So you have your brand new shining VPS delivered? Or is your VPS not as fast as it should be? How do you know you get what you're paying for?
Well, there are a few simple tips you can use. Most VPS companies compete on memory, processors, diskspace and bandwidth.

If you have a Linux VPS you can easily check your VPS using the following commands.

Memory

The command "free -m" shows you how much memory you have available and used. The two most important fields for now are total and used, the yellow fields in the picture. Total gives you the memory available on your server. In this case, 1024 MB. The used memory -/+ cache is the memory your server is currently using: 99 MB. The field above has 358 MB, this is including all the temporary cached data and is not relevant for now.
VPS servers often have a certain amount of guaranteed memory and cache or burst memory. Guaranteed memory is 1024, this memory is for this VPS only. This server has no burst memory available, although some VPS companies regard swap space as burst memory, so this server can be sold as a server with 1GB guaranteed RAM and 1GB burst RAM.

Free -m shows the memory on your VPS






Processor

Some VPS servers give you access to one or more CPUs. To check how many you have available use a virtual file in the /proc filesystem called cpuinfo:


wilco@~/$ cat /proc/cpuinfo
processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 44
model name      : Intel(R) Xeon(R) CPU           L5630  @ 2.13GHz
stepping        : 2
cpu MHz         : 2133.472
cache size      : 12288 KB
fdiv_bug        : no
hlt_bug         : no
f00f_bug        : no
coma_bug        : no
fpu             : yes
fpu_exception   : yes
cpuid level     : 11
wp              : yes
flags           : fpu de tsc msr pae cx8 apic sep cmov pat clflush acpi mmx fxsr sse sse2 ss ht nx constant_tsc pni ssse3 sse4_1 sse4_2 popcnt ida
bogomips        : 4270.89
clflush size    : 64
power management:

processor       : 1
vendor_id       : GenuineIntel
cpu family      : 6
model           : 44
model name      : Intel(R) Xeon(R) CPU           L5630  @ 2.13GHz
stepping        : 2
cpu MHz         : 2133.472
cache size      : 12288 KB
fdiv_bug        : no
hlt_bug         : no
f00f_bug        : no
coma_bug        : no
fpu             : yes
fpu_exception   : yes
cpuid level     : 11
wp              : yes
flags           : fpu de tsc msr pae cx8 apic sep cmov pat clflush acpi mmx fxsr sse sse2 ss ht nx constant_tsc pni ssse3 sse4_1 sse4_2 popcnt ida
bogomips        : 4270.89
clflush size    : 64
power management:
Output shows this VPS has two CPUs available, processor 0 and processor 1.

Disk space
Use the command df -h to find the available disk space. The disk space that is allocated to you is in the picture below, output of this command is different on each server. The largest partition is often the disk space allocated to your VPS. On this VPS it is 99 GB, which is sold as 100 GB.

Available disk space is 99G on this VPS








Bandwidth
Data traffic is not free. Most VPS companies sell you a set amount of bandwidth for a fixed price. This is often something like 100GB or a 1000GB. The best and most reliable way to check your bandwidth is to use the control panel of your VPS. If this is unavailable you can get a good indication by using the command /sbin/ifconfig

There is a lot of output and at the end is something like:

RX bytes:1878459788 (1.7 GiB)  TX bytes:64280680 (61.3 MiB)

This means we have sent 1.7 GB and received 61 MB. This figure is not very reliable as you can reset your network interface and also reset the data sent and received.

Choosing a suitable VPS

VPS stands for Virtual Private Server. This means you rent a virtual server, which is a server running inside another server. A VPS is often a lot cheaper compared to a real server, VPS servers start at 5 dollars/euro each month.

Virtual servers have some advantages over real servers:
- Cheap servers compared to real servers.
- No costs for replacing hardware
- Backups are often automated
- Setup is often very quick and easy

Just like with a real server you have an option to hire a managed or unmanaged dedicated server. Unmanaged servers are meant to be used by people that have some experience in setting up a server, you have to install and setup everything yourself.
A managed server means you get help from the company you are hiring the server from. Often, you can get a control panel or have the company install software for you. Another important consideration is the use of a premium VPS. A premium VPS service should give better performance compared to a standard VPS. A premium VPS is more expensive but it has more resources available and thus gives you a faster server.

To help you make a decision use the following steps:

RequirementsBest option
Easy setup, beginnerManaged VPS
Easy setup, advancedUnmanaged VPS
High performancePremium VPS
Maximum performancePremium VPS or dedicated
Specialized serverDedicated