nixRacks

After running “John the Ripper”, a password cracker, I was amazed at what I saw. Can you imagine a password of “church” or “password” or “john”? An expensive firewall and log watching security software is *not* going to protect you from a basic dictionary attack and possibly lead to a compromised dedicated linux server.

A dictionary attack is a technique widely employed in the hacking world. A hacker loads up the dictionary onto his server and then begins to try to login using every word in the dictionary as the password. Ensure that your dedicated linux server has a strong password. Here are some guidelines I recommend you follow to ensure adequate passwords:

1) Update your control panel and FTP passwords with a strong password
Use at least 10 characters.
Mix numbers and letters and even lower and upper case characters.
Example: JumpGarg39 (don’t use this one! it’s just an example)

2) Never give out your password to any unauthorized personnel

3) Always encrypt passwords.
If you have your passwords stored on your PC, they could be stolen by a cyber thief.
It is a bad practice to write your passwords down on paper. Store them electronically & encrypted.

4) Remove all programs and web pages that are not needed for the proper functioning of your website.
Superfluous programs and web pages could be an invitation for a hacker to attempt a break in.

5) Any programs / applications that you install should be kept up-to-date.
Download and install newer programs as they are released by the author.
Authors release new applications that many times address security weaknesses.

Virtualization is racing ahead, taking the world by storm. Even though market penetration of virtualized servers is small, it is growing very quickly. Especially in the world of dedicated and managed linux servers. The leader in virtualization is VMware; they are way ahead. And their “literal clock” is way ahead as well.

When installing vmware guests, you may have noticed that the system clock of the guest OS stays ahead of the host OS. And in some cases the clock runs so fast that it will get out of sync by a large margin. How can this problem be solved? By the way, most applications require an accurate clock in order to keep accurate data.

This is a known condition that isn’t trivial to fix. Here I will explain the fix that worked in my particular situation running both a CentosOS 5 (32bit) host and guests. Also refer to the whitepaper published by vmware that addresses the clock speed. In any case, following the instructions of the whitepaper did not lead to satisfactory results in my particular case, but did provide some solid hints on how to keep the guest clock in sink.

As a side note, you should use this setting on the host machine to prevent it from going into sleep mode; this is especially important on servers where there are critical applications that are running:

host: acpi=off

On the guest OS use these parameters:

aci=noacpi divider=200 clocksource=acpi_pm nosmp noapic nolapic

Even though the whitepaper advices against using NTP, I installed the NTP deamon anyway to ensure the clock stays at the right time. Keeping the clock speed on the guest can be tricky business. You may have to play with the divider settings to get the clock speed just right. To understand what each parameter does refer to this doc that describes the kernel parameters in detail.

There are many websites that can describe in detail how to set up cakePHP; however there is one gotcha that you need to know about when installing cakePHP in a shared hosting environment or even a dedicated linux server that is utilizing a control panel application. And what is cakePHP? It’s a great framework for php that makes coding, debugging, and code maintenance manageable. Without a framework php becomes a tangled ball of spaghetti since there is HTML, MySQL, PHP and JavaScript interspersed throughout a single page!

Normally you just unpack cake using subversion like so:

svn co https://svn.cakephp.org/repo/trunk /data/cake

Or you download and untar it if you prefer. Then you need to chmod 0700 -R the ./app/tmp directory to avoid getting a bunch of cryptic errors.

On a shared host, you need to move or copy the files AND subdirectories of ./app/webroot/js to the web accessible directory. If you don’t do this, then you will get the infamous and cryptic DOCTYPE syntax errors. I spent five hours one day trying to figure out why my cakePHP page was throwing a syntax error on line one! Naturally, this applies only if you are using javascript (ajax) together with cake. If you are not, then you read all this for nothing

ESCONDIDO, Calif. - March 24, 2008 Nixracks is a new organization launched to serve the needs of the Linux dedicated server community. CEO Gil Vidals, founder of Truepath, plans on capitalizing on the need for offering dedicated servers with the same responsiveness that is credited for Truepath’s longevity. He says, “It’s alarming to me how many web hosting customers are motivated to leave their existing providers to move to Truepath because they simply got tired of trying in vain to reach someone in customer support with the adequate knowledge to resolve their problems efficiently. We’re going to offer the same responsive customer support at Nixracks, which made Truepath successful”.

Nixracks is offering only Linux dedicated servers in the beginning, but will expand it’s offering to managed servers as well. The dedicated servers include a lower-end pricing close to $110 and higher-end servers for over $250 per month. In the future Nixracks will offer a range of managed services with higher and more sustainable profit margins.

To find out more about Nixracks dedicated server options, contact them today at (760) 480-4942 or visit their web site at www.nixracks.com.

As the first post for nixRack, I thought it is appropriate to discuss what is the focus of the blog.

nixRacks is focused on linux dedicated servers and as such my posts will deal with linux hardware, admin issues, & software applications that are typically used on a linux server.

I look forward to hearing feedback. Oh yea, If I do turn on the ability to leave comments, it will have to be moderated as there are so many nonsensical comments coming in daily from backlink spammers.