dah85.com

Just another blog

Reviewing WISHOSTING VPS

- Posted in VPS by with comments

I will be looking at a couple of VPS services from a company called WISHOSTING.

The first package I'll be looking at is the "KVM Storage CA" which offers the following specs:

  • KVM virtualization
  • 1 vCPU core Xeon D-1520
  • Unlimited CPU core 2.4GHz
  • 1GB RAM
  • 1800GB HDD RAID-5
  • Linux/Windows OS
  • Bandwidth 500Mbps
  • Unmetered Traffic
  • 1 IPv4
  • DDoS protection
  • Location - Canada
  • Setup time up to 24 hours
  • $8.99/month

WOW! That's my first impression. 1.8TB of space, unmetered traffic and a single core that can be maxed at 100% without issues.

I made an order and within an hour I had an email from them with my login details!

This is currently my nextCloud, Plex and backup server.

Here's the output of vpsbench:

CPU model:  Intel Core Processor (Skylake)
Number of cores: 1
CPU frequency:  2399.998 MHz
Total amount of RAM: 990 MB
Total amount of swap:  MB
System uptime:   2 days, 15:14,       
I/O speed:  64.8 MB/s
Bzip 25MB: 12.17s
Download 100MB file: 96.9MB/s

As you can see, this runs quite well considering the price and the single CPU core.

I am able to transcode with Plex with no skipping or any issues at all.

The 1.8TB storage is an amazing amount of space for a VPS and it's perfect for what I'm using it for! In fact, this has to be the cheapest storage KVM VPS on the market!

The support team are very professional and my request to mount a custom ISO (Ubuntu Server 17.04) was quickly answered and even provided instructions on what to do.

After no time I was using the VNC viewer to install the OS and set it up.

I am extremely impressed with this service and would highly recommend it to anyone who has a similar requirement.

They also have virtual dedicated servers which I will probably end up using, including one that is $17.99/month for a 4 core i5 with 15GB of RAM and a 1.8TB HDD also, for twice the price of the current VPS for 3 extra cores and 14GB RAM extra it's extremely tempting!

They also have this cheap little OpenVZ NAT VPS which I really wanted to play with, as I've never used a NAT VPS before. Here's the offer:

  • 1 vCPU core
  • 256MB RAM
  • 256MB Swap
  • 40GB HDD
  • Unmetered bandwidth 250Mbps
  • IPv4 NAT
  • 1 VM per account
  • Blocked by China GFW
  • DDoS protection
  • Location - France
  • Setup time up to 24 hours
  • $2.99/year

That's right, $2.99 per year! For 40GB storage that's incredible! It's an OpenVZ VPS and you are provided with 20 forwarded ports including SSH.

Here's a vpsbench:

CPU model:  Intel(R) Xeon(R) CPU E5-1620 v2 @ 3.70GHz
Number of cores: 1
CPU frequency:  3700.245 MHz
Total amount of RAM: 256 MB
Total amount of swap:  MB
System uptime:   9:16,       
I/O speed:  392 MB/s
Bzip 25MB: 3.64s
Download 100MB file: 78.7MB/s

3.7GHZ! that's impressive, check out the I/O and Bzip time! This is an extremely good deal for $2.99 per year!

Again, this one was set up in less than an hour, with a lot of instructions provided to setting it up and using it.

I honestly believe that WISHOSTING provide some very good services, and their customer support is extremely helpful and they know their stuff!

I couldn't recommend these guys enough!

I have an affiliate account with these guys, and the links to them have the aff codes in them. If you found this review helpful, please order through that link. If not, feel free to google them or use the link at the bottom of the page :)

Today, I will be setting up an Iodine DNS Tunnel to bypass captive portals in order to gain access to the internet. This works on mobile phones as well as Linux computers.

This tutorial will focus on using a mobile phone to gain free internet by tunnelling data through a DNS server. The main point here to note is that this is not a fast connection, it's somewhere between 56kbits to 128kbits depending on latency to your server. I have about 30ms to my server and the speed is around 64kbits solid. It's great for accessing websites, SSH, etc without any internet data.

First, we need a subdomain from http://freedns.afraid.org - my example here is dah85.mooo.com

Second thing we need is a server or VPS with a public IP, and with TUN/TAP enabled. If you don't have that enabled, you'll get an error to remind you. Chances are it is, if not, enable it in your VPS control panel.

On your subdomain, add the NS record to be the same as your subdomain, in my case NS dah85.mooo.com. Also, add an A record to point to the IP of your server.

Once that's done, install Iodine on your VPS:

apt install iodine

Now, we need to set up networking.

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o venet0 -j MASQUERADE
iptables -t filter -A FORWARD -i venet0 -o dns0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A FORWARD -i dns0 -o venet0 -j ACCEPT
iptables-save > /etc/iptables.rules

You may need to replace venet0 with eth0, depending on your setup. If you're not sure, check with ifconfig.

Now, we need to start the Iodine server:

iodined -f -c -m 1280 -DDDDD -P topsecret 10.0.1.1 dah85.mooo.com &

Replace topsecret with a password you'd like to use, and replace dah85.mooo.com with your subdomain you're using.

Now that's done, we need to install andiodine client on your Android phone. You can get it from https://f-droid.org/packages/org.xapek.andiodine/

Once that's done, we can set it up like this:

Name: dah85.mooo.com Tunnel Topdomain: dah85.mooo.com Password: topsecret

Leave the rest as the default.

Now, connect to it and you should have a DNS tunnel working. All traffic on your phone is going through the tunnel :)

I have tested this, and confirmed that it works on the following: Telstra, Vodafone and Optus mobile phone networks in Australia. I found the SIM card doesn't even need to be registered or activated, which is a bit concerning. Basically, if you're able to access the carrier's website without credit, this will work.

Let me know in the comments how you go and if you need clarification :) I actually typed up a much longer and more in depth post but HTMLy doesn't autosave and I accidentally lost the lot and had to start again! I will go back and fill in more details later.

I have recently aquired a NAT VPS, which I will talk more about in a future post, but for now, I need to change the port that apache listens on from the default port 80.

Here's how I did it.

nano /etc/apache2/ports.conf

And change the "Listen" value from 80 to, in my case, 50781

Save the file, and we'll move on to the next part.

nano /etc/apache2/sites-enabled/000-default.conf

And then change the first line, which will be to (Change the port to what you'll be using)

After that's done, we need to restart Apache

systemctl restart apache2

And you should be able to access the website on your new port!

Finding text in all files

- Posted in Quick Tip by with comments

I recently had to find a particular word in a bunch of files, and instead of manually going into each one to find it, I found a simple way!

Let's say I want to find the word "Proudly" (case sensitive) I would type this:

grep -r 'Proudly'

This will search all files in the current directory, plus all subdirectories and will output the location of the files.

Then, I will open the file in nano and Control - W to search for the word.

I hope that helps someone!

Comments

- Posted in Uncategorized by with comments

I have now added a comments section to this site using Disqus.

I'd love to see if, and how well it works, so please let me know what you like or don't like about this site!

Setting up Fail2Ban

- Posted in Quick Tip by with comments

If you have a look in your server logs, you will most likely see an intrusion attempt every couple of seconds. This is anti-social behaviour which seems to stem from Chinese "hackers".

Here's how to make it a lot harder for them to actually gain access.

sudo apt update && sudo apt install fail2ban

Check that all is good and that it's running

systemctl status fail2ban

And we can watch it work by looking at the log file, which in my case is at

nano /var/log/fail2ban.log

You can see that it's finding patterns that match abuse, and will ban these bastards for 5 mins at a time. It won't stop them, but it will make it harder for them to brute force a password that way.

This is an excerpt from my log:

2017-10-12 13:59:42,654 fail2ban.filter [15200]: INFO [sshd] Found 221.194.47.236 2017-10-12 13:59:43,158 fail2ban.actions [15200]: NOTICE [sshd] Ban 221.194.47.236
2017-10-12 13:59:44,836 fail2ban.filter [15200]: INFO [sshd] Found 221.194.47.236 2017-10-12 13:59:56,473 fail2ban.filter [15200]: INFO [sshd] Found 59.45.175.95
2017-10-12 13:59:58,575 fail2ban.filter [15200]: INFO [sshd] Found 59.45.175.95
2017-10-12 14:00:01,356 fail2ban.filter [15200]: INFO [sshd] Found 59.45.175.95
2017-10-12 14:00:03,747 fail2ban.filter [15200]: INFO [sshd] Found 59.45.175.95
2017-10-12 14:00:06,404 fail2ban.filter [15200]: INFO [sshd] Found 59.45.175.95
2017-10-12 14:00:07,399 fail2ban.actions [15200]: NOTICE [sshd] Ban 59.45.175.95
2017-10-12 14:00:08,511 fail2ban.filter [15200]: INFO [sshd] Found 59.45.175.95
2017-10-12 14:00:57,705 fail2ban.filter [15200]: INFO [sshd] Found 59.45.175.11
2017-10-12 14:00:59,516 fail2ban.filter [15200]: INFO [sshd] Found 59.45.175.11
2017-10-12 14:01:05,281 fail2ban.filter [15200]: INFO [sshd] Found 59.45.175.11
2017-10-12 14:01:07,856 fail2ban.filter [15200]: INFO [sshd] Found 59.45.175.11
2017-10-12 14:01:13,863 fail2ban.filter [15200]: INFO [sshd] Found 59.45.175.11
2017-10-12 14:01:14,693 fail2ban.actions [15200]: NOTICE [sshd] Ban 59.45.175.11 2017-10-12 14:01:15,203 fail2ban.filter [15200]: INFO [sshd] Found 59.45.175.11

I have been using the program gtop to show all sorts of nice stats in a neat graph format in the terminal, but on some of the machines it just shows a ? instead of the . or bars.

Here's how I fixed it.

sudo dpkg-reconfigure locales

Then I selected my locale "en_AU UTF-8"

After doing that, and rebooting (I really wish I didn't have to do that!) it works as it should!

Thanks to the guys on ##linux on freenode for pointing me in the right direction.

Hopefully this helps someone else!

Installing gtop to monitor a system

- Posted in Quick Tip by with comments

I recently came across a nifty app called gtop which shows some really cool information and graphs about your system, such as cpu usage, disk, network, etc in real time.

Here's how I installed it:

sudo apt update
sudo apt install npm
npm install -g gtop

Then run it with

gtop

If you get an error saying "/usr/bin/env: ‘node’: No such file or directory" then try this:

ln -s /usr/bin/nodejs /usr/bin/node

This will symlink it and if you re-run the app it should work!

I've recently upgraded to using Ubuntu Server 17.04 and I have noticed that by default you must create a user instead of being able to login as root, which is a great idea for security, but makes things harder for permissions, etc.

Once the Ubuntu 17 server has been set up, all we need to do is modify /etc/ssh/sshd_config and add the line PermitRootLogin yes underneath the Authentication heading.

sudo nano /etc/ssh/sshd_config

sshd_config:

#Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

Once that's done, we just need to restart the ssh server

sudo systemctl restart sshd

Now, we need to make sure the root user has a password, if not, we can set one now.

sudo passwd

Enter the new root password, once that's done, try logging in as root with SSH, it should work now!

Benchmarking Linux with bench.sh

- Posted in Quick Tip by with comments

When I set up a new Linux machine, I always like to run a benchmark to see how it's performing. This is mostly true if I get a new VPS, or if I'd like to check the performance of a computer for the fun of it.

Normally, I use this one-liner benchmark (after installing bzip2 and time):

bash <(wget --no-check-certificate -O - https://raw.github.com/mgutz/vpsbench/master/vpsbench)

The output looks like this:

CPU model:  AMD Phenom(tm) II X4 970 Processor
Number of cores: 4
CPU frequency:  3499.966 MHz
Total amount of RAM: 7986 MB
Total amount of swap:  MB
System uptime:   4:51,       
I/O speed:  229 MB/s
Bzip 25MB: 5.35s
Download 100MB file: 9.48MB/s

Today, I'll be looking at another one called bench.sh

It's another simple one-liner:

wget -qO- bench.sh | bash

The output looks like this:

----------------------------------------------------------------------
CPU model            : AMD Phenom(tm) II X4 970 Processor
Number of cores      : 4
CPU frequency        : 3499.966 MHz
Total size of Disk   : 219.8 GB (107.0 GB Used)
Total amount of Mem  : 7986 MB (2137 MB Used)
Total amount of Swap : 8240 MB (0 MB Used)
System uptime        : 0 days, 4 hour 46 min
Load average         : 0.18, 0.29, 0.39
OS                   : Manjaro Linux 
Arch                 : x86_64 (64 Bit)
Kernel               : 4.13.3-2-MANJARO
----------------------------------------------------------------------
I/O speed(1st run)   : 234 MB/s
I/O speed(2nd run)   : 218 MB/s
I/O speed(3rd run)   : 221 MB/s
Average I/O speed    : 224.3 MB/s
----------------------------------------------------------------------
Node Name                       IPv4 address            Download Speed
CacheFly                        205.234.175.175         9.49MB/s      
Linode, Tokyo, JP               106.187.96.148          5.71MB/s      

It will test more locations, but I snipped them out to make this a bit smaller, plus, to be honest, they took too long to finish.

The tests I have done here are for my desktop with an SSD, connected on the NBN at 100/40 using VDSL with Myrepublic as the ISP.

Maybe I will re-benchmark all the VPS's I currently have (11 at last count!) and post them on here.