Installing HAProxy For Anonymous Attacks And Load Balancing


HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for web sites crawling under very high loads while needing persistence or Layer7 processing. Supporting tens of thousands of connections is clearly realistic with today’s hardware. Its mode of operation makes its integration into existing architectures very easy and risk less, while still offering the possibility not to expose fragile web servers to the Net

You can read more here:- http://haproxy.1wt.eu/#desc

Installing HAProxy:-

You can check for the latest version here:- http://haproxy.1wt.eu/#down
At present 1.5 is in development phase 7 and we are going to use that

Note: The configuration file we have used is for single server Protection not for multiple server and made by its owner Willy Tarreau

First:-

wget http://haproxy.1wt.eu/download/1.5/src/devel/haproxy-1.5-dev7.tar.gz
tar xvfz haproxy-1.5-dev7.tar.gz
$ cd haproxy-1.5-dev7

Second:-
Now we have to compile the installation file, we are taking example of centost OS

make install

Third:-
Now make a new directory and copy haproxy configuration file there

mkdir /etc/haproxy
cd /etc/haproxy
vi haproxy.cfg

change the ip address below and copy it to haproxy.cfg
—————————————————————–

global
daemon
maxconn 20000 # count about 1 GB per 20000 connections
pidfile /var/run/haproxy.pid
stats socket /var/run/haproxy.stat mode 600

defaults
mode http
maxconn 19500 # Should be slightly smaller than global.maxconn.
timeout client 60s # Client and server timeout must match the longest
timeout server 60s # time we may wait for a response from the server.
timeout queue 60s # Don’t queue requests too long if saturated.
timeout connect 4s # There’s no reason to change this one.
timeout http-request 5s # A complete request may never take that long.
# Uncomment the following one to protect against nkiller2. But warning!
# some slow clients might sometimes receive truncated data if last
# segment is lost and never retransmitted :
# option nolinger
option http-server-close
option abortonclose
balance roundrobin
option forwardfor # set the client’s IP in X-Forwarded-For.
option tcp-smart-accept
option tcp-smart-connect
retries 2

frontend public
bind 192.168.1.1:80
bind 192.168.1.2:80
bind 192.168.1.3:80
bind 192.168.1.4:80

# table used to store behaviour of source IPs
stick-table type ip size 200k expire 5m store gpc0,conn_rate(10s)

# IPs that have gpc0 > 0 are blocked until the go away for at least 5 minutes
acl source_is_abuser src_get_gpc0 gt 0
tcp-request connection reject if source_is_abuser

# connection rate abuses get blocked
acl conn_rate_abuse sc1_conn_rate gt 30
acl mark_as_abuser sc1_inc_gpc0 gt 0
tcp-request connection track-sc1 src
tcp-request connection reject if conn_rate_abuse mark_as_abuser

default_backend apache

backend apache
# set the maxconn parameter below to match Apache’s MaxClients minus
# one or two connections so that you can still directly connect to it.
stats uri /haproxy?stats
server srv 0.0.0.0:8181 maxconn 254

# Enable the stats page on a dedicated port (8888). Monitoring request errors
# on the frontend will tell us how many potential attacks were blocked.
listen stats
# Uncomment “disabled” below to disable the stats page :
# disabled
bind :8811
stats uri /

——————————————————————

In the above file replace 192.168.1.1 to 192.168.1.4 with your server ip address.

Fourth:
Change your Apache port to 8181 as in configuration file we are using that server srv 0.0.0.0:8181 maxconn 254.In WHM goto Tweak Settings and find Apache non-SSL IP/port and change it to 8181.

Fifth:
Restart apache

/etc/init.d/apache2 restart

Last:
Start haproxy

haproxy -f /etc/haproxy/haproxy.cfg

Now we have to check if its working. Go to your stats page to see
serverip:8811

Replace serverip with your server ip used in configuration file and you will see full result generated by haproxy

If you are facing any issue then feel free to contact us

Read More

How to find the right web hosting company?

There are millions of websites and everyday some or the other website gets online to mark a niche for them. There are all sorts of websites ranging from personal to business related and each of them has one motive – get as many as visitors possible and become popular. To achieve this, they use various marketing initiatives and spend thousands or even millions of dollars! They may do the right thing, but the foremost concern should be the availability i.e. accessibility of their website.

Imagine a scenario when there are thousands of daily visitors to your website but your site is down for some or the other reason! Will it leave a good impression in the minds of your visitors? Will they come back? What if you had made some important change or announcement on your website but people can’t access it?Imagine all the efforts you put in to develop the website  and due to a minor mistake in decision making your work attracts a negative impression.

In order to avoid such circumstances, it is imperative to first have the best web hosting service because without it, no website can reach its audience. There are number of hosting solution providers all over the world and this domain is so competitive that with some research and proper information you too can avail the best service. Some of the features that you should definitely check are:

  • Website Availability – No matter what, the website should be accessible to people all over the world 24×7, 365 days. Every provider highlights this feature that they are always available and their server never goes down. Don’t go by their words. Do check the websites hosted on their servers and if possible, interact with their customers to get the real picture.
  • Communication – it is very necessary that the service provider is within reach and that too always. Check out the communication tool they use to interact with their customers and the turn around time. Also, make sure they provide best-in-class communication options to you as well like web mail, multiple accounts, auto-responders and so on.
  • Protection Against Hacking –Hacking is the biggest threat to any and every web property. Make sure that the hosting provider is well equipped with tools and security options to deal with hacking, virus and Trojan attacks. Further, do check to see if they are hosting some porn, gambling or illegal sites. These are the hub of Trojans and may affect you as well.
  • Web Software – What if you plan to extend your business offering by utilizing the benefits of e-commerce? It requires additional support of software and is the responsibility of hosting provider to make it available. Some providers offer it within the package while some charge extra. Do check the package options.
  • Website Building – Nowadays creating a website within no time and making it online is a rage. Almost every hosting solution provider gives this feature (either free of cost or for extra charge). Usually it is for the assistance of webmaster to create customized websites and making it online in no time. If your hosting provider is not equipped with this feature, time to look for someone else.

There are thousands of web hosting companies in this domain but all of them are not equal. Number of factors governs the quality of their service but most importantly is the knowledge level of the person managing the server. If a person is doing it just for the sake of earning money then he may be the wrong choice. Make sure to check the expertise of the person by firing volley of questions and observe if he is guiding you in the right path or not.

Read More

SSL Certificates Will Be Available Soon

Hello All,

Bullten Web Hosting Solutions will start selling SSL certification as its new service right from 30th November. As per the management team the starting price for the SSL certificate will start from 20$/yr.

There will be four type of license Domain , Wildcard, Business and Extended and will be sold at varying cost.

For more information please send us your inquiry at sales@bullten.com

Read More

Installing BDF To protect Your Linux Server From Brutefore Attack


BFD is a modular shell script for parsing application logs and checking for authentication failures. It does this using a rules system where application specific options are stored including regular expressions for each unique auth format. The regular expressions are parsed against logs using the ‘sed’ tool (stream editor) which allows for excellent performance in all environments. In addition to the benefits of parsing logs in a single stream with sed, BFD also uses a log tracking system so logs are only parsed from the point which they were last read. This greatly assists in extending the performance of BFD even further as we are not constantly reading the same log data. The log tracking system is compatible with syslog/logrotate style log rotations which allows it to detect when rotations have happened and grab log tails from both the new log file and the rotated log file.

You can leverage BFD to block attackers using any number of tools such as APF, Shorewall, raw iptables, ip route or execute any custom command. There is also a fully customizable e-mail alerting system with an e-mail template that is well suited for every day use or you can open it up and modify it. The attacker tracking in BFD is handled using simple flat text files that are size-controlled to prevent space constraints over time, ideal for diskless devices. There is also an attack pool where trending data is stored on all hosts that have been blocked including which rule the block was triggered by.

In the execution process, there is simply a cron job that executes BFD once every 3 minutes by default. The cronjob can be run more frequently for those that desire it and doing so will not cause any performance issues (no less than once a minute). Although cron execution does not permit BFD to act in real time, the log tracking system ensures it never misses a beat in authentication failures. Further, using cron provides a reliable frame work for consistent execution of BFD in a very simplified fashion across all *nix platforms.

Installation:-

wget http://www.rfxn.com/downloads/bfd-current.tar.gz
tar zxvf bfd-current.tar.gz
cd bfd-1.4
sh install.sh

The included install.sh will install bfd to the ‘/usr/local/bfd’ path and place a 3-minute cronjob in ‘/etc/cron.d/bfd’. The setup script will also execute an included ‘importconf’ script if you have a
previous version of bfd installed, which will import your previous settings.

Configuration:-
The configuration file for BFD is located at ‘/usr/local/bfd/conf.bfd’. The most important option is the TRIG=”” value in conf.bfd as this check number of failed logins before an address is blocked.

Read More