fayax.info

If you’re an amateur to the web world specially web hosting then there are many decisions you have to make. Hosting provides the concrete base on which every E-business works as well as blooms. There are numerous choices available in the market but it’s the Linux and Windows hosting which heads the list. Everyone has their own knowledge bag according to which they govern their business but which is profitable to you may not be profitable for someone else. That’s why majority of the people are in trouble waters while choosing the hosting server for their business. Let’s delve into each hosting and get the clear picture. The usual cost involved in running a server generally doesn’t affect the cost of complete web hosting package. Windows Hosting is owned and developed by Microsoft whereas Linux is an open source and free too. The crux is that using Windows Hosting can be more expensive at times but it has its own benefits too.

According to the common myth people assume that because their computer runs Windows they too have to buy Windows hosting package. But this myth is absolutely wrong. You can normally access your web account through FTP or a control panel and both the servers support these methods. But the major difference lies in the FTP commands that are somewhat different in Linux and Windows. In short, occasionally when you try to get your FTP program to do something it returns an error message. Still, this won’t happen very often. Linux and Windows Hosting provide same features that include PHP, mySQL, POP3 and many more. The major difference arises when you want to create your site using Access, Windows Streaming Media, ASP, .NET environment, FrontPage or any other Microsoft technologies. Then you’re bound to use a Windows as your hosting server. However, in Linux there is a limited support for these technologies and what all are available are very expensive. That’s why it’s wise to think twice before selecting a hosting server as shifting from one server to another can be very hard.

The next points to argue are the reliability and stability of the servers. Windows is far more insecure in comparison to Linux. Windows is widely used operating system for home PC’s but not Linux. However, Linux is equally insecure as whooping number of successful hack attempts have been made on it till now. Thus, in the end we can say that the security of both the servers usually depends upon the competency of the system administrators. Herein, if you’re security minded then you’ll choose the best and secured hosting company irrespective of the chosen server. Now discussing the performance there isn’t much difference between the two. Linux is faster than Windows as Linux is loaded with extendable implementation. Whereas Windows tries to provide “’all in one” package which isn’t fruitful at times. There isn’t much difference between both the servers but in terms of performance Linux outshines Windows.

Thus, if you’re hunting for the server for your E-business then think before you jump on any conclusion and don’t leave any stone unturned.

A quick and useful command for checking if a server is under ddos is:netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

That will list the IPs taking the most amounts of connections to a server. It is important to remember that the ddos is becoming more sophisticated and they are using fewer connections with more attacking ips. If this is the case you will still get low number of connections even while you are under a DDOS.

Another very important thing to look at is how many active connections your server is currently processing.

netstat -n | grep :80 |wc -l

netstat -n | grep :80 | grep SYN |wc -l

The first command will show the number of active connections that are open to your server. Many of the attacks typically seen work by starting a connection to the server and then not sending any reply making the server wait for it to time out. The number of active connections from the first command is going to vary widely but if you are much above 500 you are probably having problems. If the second command is over 100 you are having trouble with a syn attack.

To Block a certain IP address that on server .Please use following commands

—————–command——————————

route add ipaddress reject

for example route add 192.168.0.168 reject

You can check whether given IP is blocked on server by using following command

route -n |grep IPaddress

—————–command——————————

OR

use follwoing command to block a ip with iptables on server
—————–command——————————
iptables -A INPUT 1 -s IPADRESS -j DROP/REJECT

service iptables restart

service iptables save

—————–command——————————

Then KILL all httpd connection and restarted httpd service by using following command

killall -KILL httpd

service httpd start

Main benefit of setting transparent proxy is you do not have to setup individual browsers to work with proxies.

Install the Squid proxy server. I use Debian as my Linux distro. So I will be using APT to install.

# apt-get install squid squid-common 

Now let’s edit the config file squid.conf

# vi /etc/squid/squid.conf

Modify or add the following squid directive to squid.conf

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
acl lan src 192.168.1.1 192.168.2.0/24
http_access allow localhost
http_access allow lan

Where,

•  httpd_accel_host virtual: Squid as an httpd accelerator

• httpd_accel_port 80: 80 is port you want to act as a proxy
• httpd_accel_with_proxy on: Squid act as both a local httpd accelerator and as a proxy.
• httpd_accel_uses_host_header on: Header is turned on which is the hostname from the URL.
• acl lan src 192.168.1.1 192.168.2.0/24: Access control list, only allow LAN computers to use squid
• http_access allow localhost: Squid access to LAN and localhost ACL only
• http_access allow lan: — same as above –

Here is the complete listing of squid.conf for your reference (grep will remove all comments and sed will remove all empty lines)

# grep -v “^#” /etc/squid/squid.conf | sed -e ‘/^$/d’

Or try out sed

# cat /etc/squid/squid.conf | sed ‘/ *#/d; /^ *$/d

Output:
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
hosts_file /etc/hosts
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl purge method PURGE
acl CONNECT method CONNECT
cache_mem 1024 MB
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl lan src 192.168.1.1 192.168.2.0/24
http_access allow localhost
http_access allow lan
http_access deny all
http_reply_access allow all
icp_access allow all
visible_hostname myclient.hostname.com
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
coredump_dir /var/spool/squid

Iptables configuration

Next, I had added following rules to forward all http requests (coming to port 80) to the Squid server port 3128:

iptables -t nat -A PREROUTING -i eth1 -p tcp -dport 80 -j DNAT -to 192.168.1.1:3128

iptables -t nat -A PREROUTING -i eth0 -p tcp -dport 80 -j REDIRECT -to-port 3128 

Where eth0 is the WAN interface and eth1 is LAN interface

Here is complete shell script. Script first configure Linux system as router and forwards all http requests to port 3128

#!/bin/sh
# squid server IP
SQUID_SERVER=“192.168.1.1″
# Interface connected to Internet
INTERNET=“eth0″
# Interface connected to LAN
LAN_IN=“eth1″
# Squid port
SQUID_PORT=“3128″
# DO NOT MODIFY BELOW
# Clean old firewall
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
# Load IPTABLES modules for NAT and IP conntrack support
modprobe ip_conntrack
modprobe ip_conntrack_ftp
# For win xp ftp client
#modprobe ip_nat_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
# Unlimited access to loop back
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow UDP, DNS and Passive FTP
iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT
# set this system as a router for Rest of LAN
iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE
iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT
# unlimited access to LAN
iptables -A INPUT -i $LAN_IN -j ACCEPT
iptables -A OUTPUT -o $LAN_IN -j ACCEPT
# DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy
iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT
# if it is same system
iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT
# DROP everything and Log it
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP
Save shell script. Execute the script so that system will act as a router and forward the ports:

# chmod +x /etc/firewall.sh
# /etc/firewall.sh
# service iptables save
# chkconfig iptables on

Start or restart the Squid:

# /etc/init.d/squid restart
# chkconfig squid on

There are many factors which affect Website availability and performance from end user perspective, namely ISP Internet connection, server location, server parameters, programming language, application architecture and implementation. One of the critical parameters is a selected Operational System (OS). Most users often need to select between Linux and Windows, two popular choices for web servers. By providing free monitoring service, mon.itor.us collected large amount of data to perform a unique analytical research examining OS correlation with uptime and performance.

By performing heuristic OS detection procedures, they come up with statistics which may be interesting for the community. “We could detect OS platform for around 13,000 websites (while the monitoring base is much higher we either could not detect the OS or the detection likelihood was bellow a reasonable threshold). After removing less frequent OS-es we got 12,089 sites by Week 16. The OS allocation is the following:”

The data illustrates obvious leadership of Linux (60%), with Windows being the next (17%). Almost 2/3 of our
community use Linux as an OS platform. Read more »