Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4
206 posts

Master Geek
+1 received by user: 32


  Reply # 1464796 7-Jan-2016 00:25
One person supports this post
Send private message

what os are you using
are you just hosting wordpress, forums, etc ?

is your firewall config right ?

 

I use a number of things

keep os up to date
all software up to date eg wordpress etc 

cloudflare
https://www.cloudflare.com/

fail2ban

http://www.fail2ban.org

a script to block known pest bot spam etc
https://github.com/trick77/ipset-blacklist

zbblock, a script to use with php pages  wordpress forums etc

http://www.spambotsecurity.com/zbblock.php


noting is 100% proof
so manually check server logs

dont just block ips block user agents too




457 posts

Ultimate Geek
+1 received by user: 83


  Reply # 1464891 7-Jan-2016 09:27
One person supports this post
Send private message

Another vote for putting Cloudflare in front of your server. It's very little work and gives you DDoS protection, ipv6, SSL, DNSSEC, HTTP/2 and you block ips by network range or by country.

 
 
 
 


6844 posts

Uber Geek
+1 received by user: 3159

Moderator
Trusted
Subscriber

  Reply # 1464894 7-Jan-2016 09:30
Send private message

As stated - if you have direct DNS control over the domains being hosted off the server then Cloudflare them. For extra security block everything but Cloudflare. I made a blog post about this: https://murfy.nz/2015/12/cloudflare-site-security/





Michael Murphy | https://murfy.nz
Want to be with an epic ISP? Want $20 to join them too? Well, use this link to sign up to BigPipe!
The Router GuideCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial


13332 posts

Uber Geek
+1 received by user: 2242

Trusted
Subscriber

  Reply # 1464900 7-Jan-2016 09:36
Send private message

michaelmurfy: As stated - if you have direct DNS control over the domains being hosted off the server then Cloudflare them. For extra security block everything but Cloudflare. I made a blog post about this: https://murfy.nz/2015/12/cloudflare-site-security/


I use CloudFlare but I don't currently block direct access. I've read that if you have subdomains like ftp.example.com or mail.example.com that often leaks your IP, and though you can block the traffic at the IP it's still known. If your DNS records were ever public they can be found, so I've read it's best to request a new IP when you do this - very easy on AWS.




AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer


6844 posts

Uber Geek
+1 received by user: 3159

Moderator
Trusted
Subscriber

  Reply # 1464901 7-Jan-2016 09:39
Send private message

timmmay:
michaelmurfy: As stated - if you have direct DNS control over the domains being hosted off the server then Cloudflare them. For extra security block everything but Cloudflare. I made a blog post about this: https://murfy.nz/2015/12/cloudflare-site-security/


I use CloudFlare but I don't currently block direct access. I've read that if you have subdomains like ftp.example.com or mail.example.com that often leaks your IP, and though you can block the traffic at the IP it's still known. If your DNS records were ever public they can be found, so I've read it's best to request a new IP when you do this - very easy on AWS.


The idea in my case (which worked wonders) was to block traffic outside of Cloudflare. FTP + SSH can still be accessed but only via NZ with Google Authenticator on all logins + fail2ban.




Michael Murphy | https://murfy.nz
Want to be with an epic ISP? Want $20 to join them too? Well, use this link to sign up to BigPipe!
The Router GuideCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial




24 posts

Geek
+1 received by user: 2


  Reply # 1464922 7-Jan-2016 10:04
Send private message

Thanks, all, I have a lot to read up on and think about./

I had asked our server folks about Cloudflare and what they said didn't give me a lot of confidence:

"We've seen mixed success with cloudflare. In a lot of cases, it works just fine. But we had one guy who used it, and instead of bots and whatnot going all over his site, it was cloudflare itself apparently scraping down humongous chunks of his site, and actually making it worse - much worse - than it was just dealing with the occasional spiky stuff that came through. It really defeated the entire purpose of having the thing in place. We had another guy with a very active political blog (and if you've seen any coverage of our politics here in the US, you know what a freak show that is) who used MaxCDN, which worked better than cloudflare for him, which he had also tried first."

13332 posts

Uber Geek
+1 received by user: 2242

Trusted
Subscriber

  Reply # 1464935 7-Jan-2016 10:08
Send private message

CloudFlare free doesn't give you as much direct control as the paid plans. It relies on you having your caching related headers correct. Since you have your own server it's relatively easy to rewrite any headers, especially with nginx which I find easier than apache.

I've used CloudFlare free for a couple of years with no issues. Nothing much to lose trying it, just monitor your server for 48 hours after implementation.




AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer


BDFL - Memuneh
59160 posts

Uber Geek
+1 received by user: 10396

Administrator
Trusted
Geekzone
Subscriber

  Reply # 1464945 7-Jan-2016 10:20
One person supports this post
Send private message

RobinmNZ: Thanks, all, I have a lot to read up on and think about./

I had asked our server folks about Cloudflare and what they said didn't give me a lot of confidence:

"We've seen mixed success with cloudflare. In a lot of cases, it works just fine. But we had one guy who used it, and instead of bots and whatnot going all over his site, it was cloudflare itself apparently scraping down humongous chunks of his site, and actually making it worse - much worse - than it was just dealing with the occasional spiky stuff that came through. It really defeated the entire purpose of having the thing in place. We had another guy with a very active political blog (and if you've seen any coverage of our politics here in the US, you know what a freak show that is) who used MaxCDN, which worked better than cloudflare for him, which he had also tried first."


It sounds like people who have no idea what a proxy is... Of course Cloudflare will "scrap down humongous chunks of a site" - every request will go through them so all you will see in logs is their IP addresses...

*sigh*







24 posts

Geek
+1 received by user: 2


  Reply # 1464991 7-Jan-2016 10:58
Send private message

See why I am so damned confused??

BDFL - Memuneh
59160 posts

Uber Geek
+1 received by user: 10396

Administrator
Trusted
Geekzone
Subscriber

  Reply # 1465001 7-Jan-2016 11:09
Send private message

Geekzone uses Cloudflare and we serve millions (as in almost 10 million) pages a month. We only see their IP addresses, huge chunks... Which is expected, instead of millions of different IP addresses...






13332 posts

Uber Geek
+1 received by user: 2242

Trusted
Subscriber

  Reply # 1465019 7-Jan-2016 11:21
Send private message

Cloudflare has 100 odd data centers, each will fetch static resources as often as required, as well as proxying every single page request that hits the site. The person who said "don't use cloudflare" may not be very experienced.




AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer


161 posts

Master Geek
+1 received by user: 18


  Reply # 1465556 8-Jan-2016 07:51
Send private message

Another vote for cloud flare, an incredibly cheap (or free!) way to get the use of dozens of servers around the world hosting your site.
I've had really good results with cloud flare and also Varnish cache (although it's harder to configure).

I'd point out to you that by default cloud flare is very conservative, only caching static content like images, css etc. It doesn't cache your html generated by wordpress / other cms on the fly, causing database queries that suck cpu and disk IO. You can customise the settings in cloud flare with page rules to set patterns for what to cache or not.

Also take note of Timmay,s comment about ensuring your cache control headers are set correctly.



24 posts

Geek
+1 received by user: 2


  Reply # 1465702 8-Jan-2016 10:33
Send private message

Thanks, all, another outage right now which really does not help when I am trying to work on sites. I think I will stick the site* into the basic Cloudflare for now, at least for starters until I get sorted.

Timmay et al, what do you guys mean when you say sort out the 'caching related headers' - is that on the website side, or elsewhere?
thanks.

* meant to say, the main site that I think is at the root of all the issues.

Really appreciate all the advice I have received on GZ.

BDFL - Memuneh
59160 posts

Uber Geek
+1 received by user: 10396

Administrator
Trusted
Geekzone
Subscriber

  Reply # 1465707 8-Jan-2016 10:38
Send private message

By default Cloudflare will cache static resources - images, css, scripts. If your site has dynamics pages (created from a script/database) then you are good. If it has static pages only then you might change the settings to cache those pages as well - but don't worry until you start using Cloudflare.





13332 posts

Uber Geek
+1 received by user: 2242

Trusted
Subscriber

  Reply # 1465709 8-Jan-2016 10:38
Send private message

It's on the web server. They're typically generated by your software, but can be changed by your web server (apache/nginx). They're directives that tell the web browser and intermediate caches like Cloudflare what to cache and how long for. Cloudflare can override things though, using page rules.

If you just throw Cloudflare in it may help a little, just by caching images. It can also break things in some cases, usually only if you turn on css/js compression, so test thoroughly once you implement. It's generally pretty safe on conservative settings.

It sounds like you need professional help with this. I do that kind of consulting work as a side thing, PM me if you need help.




AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer


1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

UFB connections pass 460,000
Posted 11-Dec-2017 11:26


The Warehouse Group to adopt IBM Cloud to support digital transformation
Posted 11-Dec-2017 11:22


Dimension Data peeks into digital business 2018
Posted 11-Dec-2017 10:55


2018 Cyber Security Predictions
Posted 7-Dec-2017 14:55


Global Govtech Accelerator to drive public sector innovation in Wellington
Posted 7-Dec-2017 11:21


Stuff Pix media strategy a new direction
Posted 7-Dec-2017 09:37


Digital transformation is dead
Posted 7-Dec-2017 09:31


Fake news and cyber security
Posted 7-Dec-2017 09:27


Dimension Data New Zealand strengthens cybersecurity practice
Posted 5-Dec-2017 20:27


Epson NZ launches new Expression Premium Photo range
Posted 5-Dec-2017 20:26


Eventbrite and Twickets launch integration partnership in Australia and New Zealand
Posted 5-Dec-2017 20:23


New Fujifilm macro lens lands in New Zealand
Posted 5-Dec-2017 20:16


Cyber security not being taken seriously enough
Posted 5-Dec-2017 20:13


Sony commences Android 8.0 Oreo rollout in New Zealand
Posted 5-Dec-2017 20:08


Revera partners with Nyriad to deliver blockchain pilot to NZ Government
Posted 5-Dec-2017 20:01



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.