A blog about server hosting

Over the past month we have been implementing the Dell OpenManage system on our Dell Windows dedicated servers.

http://www.dell.com/openmanage

This SNMP-based monitoring system gives us a very comprehensive diagnostic readout of the server’s health and notifies us of any impending issues.

Since we started rolling it out, some of these very issues have indeed come to light; some trivial, some more urgent.

In many cases, however, we have seen the need for the RAID card’s driver and/or firmware to be updated.

Replacing the driver is an easy matter, as it is directly available through the optional Hardware section of Windows Update. The required driver is marked version 1.29.03.00, and it requires a server reboot for it to take effect.

The firmware update is more difficult as it requires at least 10-15 minutes of server downtime to allow the PC to boot to a floppy disk containing the updated firmware (version 00.10.51.00.06.12.05.00). It also requires an actual human being to do this at the server itself…

Once these updates have been applied, OpenManage functions correctly.

The firmware update is even more pressing than the driver, as the older firmware, unbelievably, does not allow you to replace a failed hard drive with a new one and then rebuild an existing array; it asks you to start from scratch and delete all data.

The newer firmware allows the addition of a replacement drive as a “hot spare” which is then added to the existing array and rebuilt automatically.

More details of this firmware update is available as a PDF here:

http://www.dell.com/downloads/global/power/ps4q08-20090105-Bernal.pdf

If you’re wanting to test connectivity to your server by traceroute or ping, this site is very handy; allowing you to do traceroutes from 4 locations simultaneously and pings from tens of locations.

Really handy to check connectivity from multiple locations if you’re not sure if something is really down or not

With increased bandwidth charges and other associated overheads incurred with high data flow, HTTP compression may help you out a bit, especially if you have a powerful server which has plenty CPU cycles to spare.

Check if YOUR website is using compression or not, and see how much you could save if you enable it.

http://www.port80software.com/support/p80tools

You can expect anything between a 50% – 80% cut in HTTP traffic if you enable HTTP conpression… and here’s how.

1. Select the “Web Sites” node in your IIS admin MMC, right click and select Properties.

2. Select the Service tab and tick both the “Compress application files” and “Compress static files” tick boxes. You must have both boxes ticked in order for application files to be compressed, although you will not be prompted with this information.

3. Once the Compress static files box is ticked the “Temporary directory field” should become active.
Enter the directory in which you would like IIS to store your temporary compressed static files. The default value is %windir%\IIS Temporary Compressed Files, but you can set it to whatever you like.

If management of hard drive space is an issue for you, you can set the “Maximum temporary directory size” value by selecting the Limited to (in megabytes) radio button and then setting your specified value in the text field provided. If you have this option set then once the limit is reached older cached files are purged to allow new ones to be created.

4. Select the “Web service extensions” node, right click and select the “Add a new web service extension…” item from the menu. You should now be presented with a “New web service extension” dialogue box.

Place the name you wish to call the extension (this name will appear in the web service extensions list) in the Extension name text field.

In the Required files section click on the Add button and you should be presented with an Add file box. Browse to the gzip.dll file which should be located in X:\Windows\system32\inetsrv (where X is your system drive). Once you have found the file, select it and then click the OK. You should now see the full path to the gzip.dll file listed. Tick the box “Set extension status” to allowed so that this extension is allowed. Without setting this the extension will not work and compression will not be enabled. Click the OK button to apply the settings

5. Select the SERVER node at the top of the tree in your IIS Admin MMC (where SERVER is the name of your computer), right click it and then select the Properties menu item. Tick the “Enable direct metabase edit” tick box, and then click OK to apply the changes. What this does is allow you to edit and save your metabase.xml file, as otherwise it is locked when IIS is running. Be sure that you have backed up your IIS6 metabase.xml file.

Open your favourite text editor, and then open your metabase.xml which is located in X:\Windows\system32\inetsrv (where X is your system drive). Do a search for;

<IIsCompressionScheme>

This should bring up two results. One for deflate and one for gzip
Search for the following tag in both the deflate and gzip sections;

HcScriptFileExtensions

Add the php extension under these tags taking careful note to follow the correct syntax. Use the existing syntax for an example if unsure. You might also like to add extensions for any other script extensions while you are here such as aspx and asmx. Dynamic content is never cached by IIS like static content is, and is compressed each time that dynamic content is requested. This means compression of dynamic will consume significantly higher memory and CPU resources which you will need to take into consideration

Search for the following tag in both the deflate and gzip sections;

HcDynamicCompressionLevel

This is set to 0 by default, which isn’t going to give us much compression. 0 is the lowest value with 10 being the highest. However, from what I have read 9 seems to be the sweet spot as setting it to 10 consumes a lot more CPU resources without delivering much more compression. I would recommend setting this value to 9.

Save the file and then exit your editor

Restart IIS

The final step needed to be taken is for the IIS services to be restarted so that your changes are put into effect.

Select the SERVER node at the top of the tree in your IIS Admin MMC (where SERVER is the name of your computer), right click it, select the All tasks menu and then select the Restart IIS menu item.

In the Stop/start/restart window, select the Restart Internet services on SERVER (where SERVER is the name of your computer) option as shown below in figure 9

Congratulation! You should now have IIS compression… check to make sure it’s working by going back to
the online compression checking tool at http://www.port80software.com/support/p80tools

It has come to our attention via various security-related online publications, that there is a new local exploit in the wild for Linux kernel 2.6.17 and above.  This threat is quite serious and can quite quickly turn any regular user account into a privileged superuser account within a couple of seconds.  When it fails on unpatched kernels, it causes a kernel panic and renders the machine useless until rebooted.  More information can be found at the following URLs:

http://secunia.com/advisories/28835/

An excerpt from the above URL is pasted below:

“Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, and gain escalated privileges.

The vulnerabilities are caused due to the missing verification of parameters within the “vmsplice_to_user()”, “copy_from_user_mmap_sem()”, and “get_iovec_page_array()” functions in fs/splice.c before using them to perform certain memory operations. This can be exploited to e.g. read or write to arbitrary kernel memory via a specially crafted “vmsplice()” system call.

Successful exploitation allows attackers to e.g. gain “root” privileges.”

Issue
—–

In the past we have had several customers create test accounts with usernames and passwords such as test/test and username/password.  Having accounts such as these present is a severe security risk.  Having experianced this sort of occurance on more than a few occasions before, we consider threats such as these to be high.  Below is an example of how easily exploits such as this one can be used to gain superuser access to your machine:

[user@test tmp]$ uname -a
Linux testbox 2.6.24.1 #1 Mon Feb 11 17:22:31 EST 2008 i686 unknown
[user@test tmp]$ ./vms

———————————–
Linux vmsplice Local Root Exploit
By qaaz
———————————–
[+] mmap: 0×0 .. 0×1000
[+] page: 0×0
[+] page: 0×20
[+] mmap: 0×4000 .. 0×5000
[+] page: 0×4000
[+] page: 0×4020
[+] mmap: 0×1000 .. 0×2000
[+] page: 0×1000
[+] mmap: 0xb7f56000 .. 0xb7f88000
[+] root
[root@test tmp]#
[root@test tmp]# id
uid=0(root) gid=0(root) groups=2011(user)
[root@test tmp]# uname -a
Linux testbox 2.6.24.1 #1 Mon Feb 11 17:23:00 EST 2008 i686 unknown

Fix
—

Please upgrade the systems kernel to the latest available using your package manager.  For Debian/Ubuntu machines, use the apt package management tool.  For RedHat/Fedora/CentOS systems, use the yum package management system.  All vendors are now reporting that they have deployed fixed kernels onto their repositories.  It also is sensible to carry out a password audit using a tool such as John The Ripper.  This will test the security of all user account passwords on the the machine, and flag any weak passwords that the software can guess easily.

Over the last weekend, we’ve had several calls from customers thinking their servers are down over the weekend. Upon investigation in every case this has been due to Host Europe (123-reg, pipex etc) having issues with their nameservers, which is rendering websites or email unavailable.

As a courtesy service, we offer a free, but unmanaged DNS service to dedicated server and colocation customers.

If you wish to use this facility, please log into our support centre. You will then be able to go in and add zone files to our nameservers for your domain names, and then you can point your domain names to our nameservers which are:

ns1.melbourne.uk.net 87.237.57.1
ns2.melbourne.uk.net 195.10.254.129

This is a free, but un-managed, service that we offer to all customers.

A question we get asked quite a lot by customers is about reverse DNS for their servers. Basically reverse DNS is what converts an IP back into a hostname.

The main reason you’d need to amend your reverse DNS is that it is used a lot these days in anti-spam filtering on mail servers. Basically if you don’t have reverse DNS set for your IP addresses, you will find that email goes missing to certain providers (most noticeably AOL).

The solution is to get your hosting provider to set reverse DNS for the IP address(es) that your server sits on. This should match the forward DNS for your site, i.e. the reverse DNS entry should then resolve back to the same IP.

i.e. our main mail server at mail.melbourne.co.uk’s forward dns points to 87.237.57.7. Doing a reverse DNS lookup on 87.237.57.7 points back to mail.melbourne.co.uk. This means other mail servers don’t get confused and reject your email.

Customers of Melbourne simply need to go to our support centre to edit rDNS.

If you need to do DNS lookups, try DNS Stuff, which is great for doing deeper DNS lookups and traceroutes.