dead to me

I have used 1and1.com as my web service provider for a good long time now..  They have treated me well  enough and I am pretty happy with them with regards to their hardware.. Their servers are rock solid, you get exactly what you pay for and they don’t price gouge you..  I have had one of their linux root boxes now for going on 3 years and have always been fairly happy with it..

Recently I have wanted to do some stuff that required a windows server, and now what with the closure of the Fan Films Forum I no longer have to worry about 100% up time.. So I’m decided to go ahead and take this opportunity to convert my server over from the fedoracore 6 linux box to a windows 2008 server box..  Yay..  Good times..

The other nice thing is that by making this change I’ll be reducing my monthly cost by about $40.. Yay for money saving..

I’ll let you know how this goes.. There may be some down time but likely not very much..

Update #1:

Okay I have the windows server up and running..  I’m using IIS instead of Apache (cause its windows) and it’s a little slower, BUT I think its likely due to the machines network infrastructure and not the difference between IIS and Apache.  This website loads in 1.5 seconds under my new server as opposed to 0.8 seconds under the old one.    Pings to this server hit at 50ms were as pings to the old one hit at 30ms.   Frankly, it’s a minor difference and I’m not worried about it..  If it becomes an issue I’ll complain to my host..

I’m still in the process of moving things over.. so for the time being everything lives in two places..

With this change I think I’m going to be focusing on “randomstringofwords.com” again.. Meaning, that will be the primary URL not “rsow.com”.. Both will work of course, but no one but me knows what RSOW stands for so it sorta loses something..

I’m also going to ditch the INFO part.. Previously I had planned to have all manner of different URLS.

Update #2:

So I have to admit I’m extremely disappointed with 1and1..  I have had some questions about the windows server package they sold me that they basically told me they wouldn’t answer.. “It’s not our job” was the response I got more often than not..

This sort of thing exemplified the issues I have always had with 1and1.. if you had a support issue you were boned..  Their hardware was good but I can get iron anywhere.. its the support of that iron that should be what they are selling..

It took me a long time to sort out my issues and get everything working, only to find out the machine they gave me only had 1 gig of memory..  (not enough for what ANYONE would need)..   I asked for another stick of memory to be put in the box and the answer was “No.” ..  Not “We’re sorry but.. “,  Not “So sorry for the inconvenience but.. “.. but NO..

I asked them to help me open SSH to the box and they were boggled.  They couldn’t understand why I would want SSH open to a windows box, but once I explained it and got htem to realize i twas worth doing they explained that it wasn’t their place to help me administer my box.   Wow..  really?   He also told me that SSH was insecure and that’s the reason it wasn’t open by default after I pointed out that FTP and Telnet by default was open..

Wait.. what?!  SSH isn’t secure?  It stands for “Secure Shell”..  Hell passwords are sent in the clear in FTP and Telnet..  Unreal..

I also pointed out that the windows box was twice as slow as my linux box and that the subnet really seemed flooded as my ping to the box was twice as high as it was to my linux box..  No comment from them on that.. in fact he kind of ignored that comment..

Ultimately I had to just cancel the new windows box.  It just couldn’t perform anywhere near where I would have needed it or where i tshould have considering the price..

Here’s the best part;

I was trying to cancel my account while heading to lunch with some coworkers..  I called them up and had a conversation with the billing department that amazed everyone in the car, and caused them to burst out laughing at a couple points.

I gave them my user ID, and then my contract ID after which he asked for my admin password.  Uh.. you want the password I type in?  That’s an automatically generated password that yall gave me.. I can’t change it.. You should know it..  But fine.. I gave it to him 3 or 4 times and it just wasnt going through..   He said well I can send it to you again..  wait. .what?  You are going to email me the password and then I’m to read it back to you?  What the fuck is the point of that?

I told him that hey why don’t we just go by the credit card you have on file.. since that’s in my pocket and all..  He said, no no that’s not secure..  That could be phished for.. What the fuck dude.. I have given you my customer ID a unique 10 digit number, my contract ID a unique 12 digit number, my name and what not.. etc.. and you’re going to email me the password I have to give you to continue..

It stands to reason that if I have the two ID’s I got them from the email account in the first damn place.. how is that more secure?!   unreal..

So yeah.. I eventually go that one closed and started looking for a new host..

My co-worker chad suggested hostgator.com as a replacement host..  So far I’m extremely impressed.. I got the reseller account so I could have control over giving friends and family accounts and websites too..  So far everything is great..  The best part is the speed.. it’s easily more than double the speed of my linux box..

At the very bottom of this page you should see something that says ## of queries in ### seconds.   Well on my old linux box it was usually 0.8 seconds, on my windows box it was 1.6 seconds..   That’s just the time it took to generate the data.. The actual load time from my linux box could be as much as 7 seconds..

Look at it now.. what is it?   That’s how much faster it is..  For me it says 0.38 seconds which translates to roughly 2.3 seconds of load time..  For the exact same page..

That’s nice.. speed is good.. I dunno what their hardware or pipe is but hostgator has good stuff..  Far better than 1and1..   Also hostgator uses Cpanel which in my mind beats the hell out of Plesk..

Either way.. Gonna keep working with it and will let you know how much better it is as I figure it out..  Right now I’m happier and will be moving all my old stuff off 1and1 completely in short order..

Not Malygos, but cool

So we have been playing a LOT of World of Warcraft of late.  I must admit I’m very much enjoying it for the most part.  But we have gotten to the point where we are farming the end game content because by and large, it’s way too easy.

All that is except Malygos.   We have beaten Malygos before but for whatever reason our guild can’t seem to pull it’s collective head out 9 times out of 10.  Things just go wrong.

That’s fine and acceptable except they all seem to think we are going to one shot him and move on. Over confidence is our down fall, but not our only one.  The real issue isn’t our guild or our game play, but rather the fucking lag!

We have the same issue in 25man Nax killing Thadius..  The server always lags out on us at exactly the same time, every time.  It’s almost like this is blizzards cunning plan to make the content more difficult..

Pretty hard core burning hatred from me when we get in there and the game lags out.  Malygos is probably the easiest boss in the T7 content, but the lag during phase 2 screws us every time.. (Or just about — it took us like 8 tries tonight to kill him due to lag.)

Blizzard needs to fix this.  I can’t tell you how many times we have failed at Thaddius too for the exact same reason.. just lag.  It’s pretty darn hard to fight a boss when the timer keeps counting down but the game stops for everyone..

My old server was FedoraCore2.. *shudder* I wasn’t given a choice there.. it was core2 or nothing. And since it was out of date pretty much the day I was given it, it was doomed to be hacked at some point. I knew that going into it.. Eh what can ya do.

Well, it happened. Sometime last week someone rooted the box. They did a pretty thorough job of it too, though the more I looked at it the more I thought it was a script kiddie instead of someone that’s actually clever..

They went through and added a program that listened on port 50030 for some sort of command before it went out and did it’s misdeeds.. Then went through the trouble of replacing every tool that you would normally use to detect these things with their own custom version which hid the running process..

That’s not even the sneaky part.. they also went through and set the attrib of those files to make them undeletable even by root. Annoying.

So instead of trying to save the box, and undo the fuckery that they had installed. I just wiped it. I installed a much later version of the OS and all new stuff.. restored the database, and all things are now happy.

It was a good learning experience and interesting for the most part. It really went a long way to point out that I’m a software engineer, not a server admin. And it really seems like the more you are one, the less you are the other.. I’m trying to learn this stuff, but its a lot of magic to me at this point. I mean there is so much to know, I don’t see how anyone could know it all.

Add to the fact that the internet is by it very nature a warzone and this server/hacker thing is an eternal arms race and I begin to think, why the hell bother? I want a server is the obvious answer..

As always I don’t blame the hacker .. its a game really.. I wish I knew how they got in, not so I could hack other boxes but so I could make it safe on mine — this is something I’ll likely never learn.

So this is what I did once I got a fresh install on the box — I put this here for me so I can do it quickly and easily next time;

less /etc/inittab — make sure we are in rc level 3, if not change it and reboot

chkconfig –list | grep 3:on — Shows run level of services managed through init.d make sure everything is on you want on, and off that you don’t want.

Only do this if you want sendmail off, which you likely wont want because PHP needs it.

chkconfig –level 3 sendmail off — turn off sendmail so it doesn’t start on boot and annoy me constantly
service sendmail stop — turn off sendmail (smtp port 25 is now closed)

cd /etc/cron.daily — turn off the annoying logwatch email spam which is again an annoyance.

netstat -pan | grep LIST — Show a list of all open ports/listeners
nmap localhost — does the same thing, make sure they don’t conflict

useradd [newuser]
passwd [newuser]

visudo — Add [newuser] to the sudoers list
log out as root and relog in as [newuser]

sudo yum install vim — install VIM because I prefer it as my remote editor
sudo vim /etc/ssh/sshd_config — set PermitRootLogin to no so that root can’t SSH into the box

sudo yum list all > ~/rpm-avail.txt — get a list of everything installable, its easier to get a grep on the file

sudo yum -y install httpd php mysql mysql-server php-mysql — Install traditional LAMP setup

sudo /sbin/service mysqld start — Start up mysqld
sudo /sbin/service httpd start — Start up apache

sudo /sbin/chkconfig –level 3 mysqld on — Make sure mysqld starts on reboot
sudo /sbin/chkconfig –level 3 httpd on — Make sure apache starts on reboot

We don’t want people hitting our MySQL from out side so we need to make sure its only listening to the internal port.. Not sure why this isn’t the default setting.

sudo vim /etc/my.cnf — Add “bind-address=127.0.0.1″ to the [mysqld] block
mysqladmin -u root password ‘new-password’

We want to keep people from using our apache as a proxy, so;
sudo vim /etc/httpd/conf/httpd.conf
Comment out LoadModule proxy_{anything} and restart apache
Change the AllowOverride None to AllowOverride ALL in the root directory (this lets .htaccess changes work)

Now create the various databases and restore those bad boys using the database user/passwords appropriate for those.

Restore the files to their correct places and make sure the virtual host information is correct in httpd.conf

Also, change the logrotate.conf to rotate the httpd logs daily instead of weekly.. otherwise they get biggish..

aaaannd.. GO!