syamsul's domain

Thanks to the excellent tutorials over at Slicehost, I got an idea of some the things you need to do to secure your brand new virtual private server (VPS) straight away.  To me, the main takeaways with regard to security would be:

1. create a privileged user with Sudo access

2. disable the root account login

3. use strong passwords e.g. a combination of letters in upper and lower case, numbers and other characters

4. setup iptables firewalls

I had no idea how well these steps were working though in preventing unauthorised access and I don’t really have the time to access the the system logs every day. Wouldn’t it be great if there were a way you could just receive a daily email summarising significant security-related server activities?

Well there is! You just need to setup Logwatch by following the steps in this tutorial

You won’t get any emails set to you however if your VPS hasn’t already been configured properly to send email. This excellent tutorial explains how to setup Exim4 to send emails from your VPS.

One thing I noticed about this method though is that you may not receive emails sent to your email account; apparently some email providers automatically discard emails sent from servers without proper reverse DNS records. So if you find yourself not getting emails from logwatch, you will need to set up reverse DNS on your VPS (which you usually can do in your VPS control panel – or ask your provider to help you). Alternatively, you can set your VPS to send emails via the Gmail SMTP server – which practically guarantees that sent emails reach your inbox.

The first times I received my Logwatch reports via email, I have to admit to being shocked at just how many intrusion attempts my VPS receives on a daily basis! Several thousand a day (why do so many people have so much free time?) I found out that you can tweak your iptables to limit the number of intrusion attempts. In my example below, any IP address that has more than 3 SSH login attempts over 10 minutes gets blocked for 10 minutes.

-N SSH_CHECK
-A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_CHECK
-A SSH_CHECK -m recent --set --name SSH
-A SSH_CHECK -m recent --update --seconds 600 --hitcount 4 --name SSH -j DROP
-A SSH_CHECK -j ACCEPT

Note that this isn’t the most comprehensive guide to security on a VPS, but it’s a start!

A couple of months ago I wrote about how I’d migrated this blog to a Virtual Private Server (VPS)  from a shared hosting provider. Well, since then I’ve moved back to a shared hosting provider.

Why the switch back? At the time, I was learning how to manage a VPS for work-related purposes so it was exciting to apply what I’d learnt to my own personal blog. But it only took a few months for a few things to sink in:

1. Managing a VPS takes quite a bit more time than a shared hosting account – not just the setup, but also the maintenance of security patches etc
2. A VPS with enough resources to take the same traffic as shared hosting service costs more than the latter
3. A VPS with managed services (so that you don’t have to deal with the maintenance) costs US$30 upwards
4. My blog doesn’t really get so much traffic that it needs the resources of a VPS (a little ego-shattering but true)
5. I run a standard install of WordPress (plus a few plugins) which are well supported by just about every shared hosting service

Ultimately, a VPS gives you a great deal of flexibility and power – but if you’re only going to be hosting a simple low-traffic blog on it, then it’s overkill in terms of cost and effort (i.e time). Perhaps some day when I have more need for the resources will I switch back to a VPS.

Right now I’m on a US-based shared hosting provider by the name of powerMonster.

Don’t be put off by the odd sounding name – the cost is low, speeds are fast (I’m on their Litespeed/DirectAdmin server in Los Angeles) and they have excellent technical support – responding to my support tickets in 15 minutes or less! I’d greatly recommend anyone looking for a fast webhost with good service to check them out!

I’ve just been with Sparkstation for slightly more than a day on their Linux VPS ( and not, it’s not necessarily the same VPS this blog is presently on!)  I thought I’d share some initial impressions, seeing that there is nary a review of their VPS hosting services to be found anywhere!

I chose their cheapest VPS plan (VPS Value) without any control panel because I’m comfortable with managing my VPS without Cpanel or Plesk etc. Also, I wasn’t sure how this experience would turn out, as I was more familiar with (cheaper) VPS hosting in the United States.

I got my welcome emails for my VPS barely minutes after I made the payment via Paypal- very refreshing indeed! I logged in by SSH and checked that the processor was indeed an Intel(R) Xeon(R) CPU E5420 @ 2.50GHz (8 cores), as claimed.

At first I felt rather let down when I tested the connection speeds – it felt no more responsive than a VPS in the USA! I submitted a trouble ticket on Sat evening, and that very evening they diagnosed that it was an upstream issue, offered to move me to a different IP and did so shortly after I confirmed that I’d like this to be so. Very professional and quick resolution!

I’d ordered a VPS with Debian 4 thinking I would upgrade it to Debian 5 myself, but doing so proved to be troublesome and also broke the capabilities of Plesk Power Panel. Unlike with most OpenVZ hosting solutions, the user isn’t given the ability to rebuild his VM and switch Linux distributions on the fly (e.g. switch from Debian –> Ubuntu -> Fedora etc). This is probably a limitation of Parallels Virtuozzo? Anyhow, since CentOS 5 is the most updated Linux distro offered, I submitted a ticket to technical support on Sunday morning requesting for a complete rebuilding of my VM to one based on CentOS 5. Before Sunday noon, I got an email saying this was completed

Now, these 2 support incidents showed that Sparkstation support is indeed available over the weekend! They may not have 15 minutes response times, but then again they do not claim to provide it. For both incidents, they responded to my tickets in about 2 hours which I find to be decent.

I was initially worried about 256MB RAM not being enough at all for even small sites because with the OpenVZ VPSes I have been on, I quickly end up creeping into the (unreliable) “burst RAM” with a LAMP stack and a simple Joomla site. But it seemed that I needn’t worry after all – the SLM system that Sparkstation has chosen to implement in its Virtuozzo VPSes are noticeably more efficient in memory utilisation. I also like how this means that should a flood of visitors hit my site, it won’t shut down and require manual “rebooting” (as is wont to be the case on an OpenVZ VPS in my experience).

Finally, I find the pricing to be very reasonable, comparable to say renowned US-based Knownhost’s VPS when ordered without a Control Panel? The comparison doesn’t quite work with a control panel though – it seems like the likes of Knownhost or Media Temple are able to offer steep discounts on control panels, probably due to their sheer size? And they bundle managed services too…. Regardless, Sparkstation does appear to offer the best pricing among Singapore based hosting providers offering unmanaged, control panel-less Virtuozzo-based linux VPS.

Will post an update after I’ve spent some more time with this VPS.

And  I should probably post about the other VPSes I’ve been with too!

It has been 2.5 years now since I changed hosting providers for this blog.

As you (probably don’t) recall, this blog began its life on Blogger. Not satisfied with the limitations of Blogger (which has since joined the Google family), I was excited to discover WordPress which I then found the super affordable Focushub to host on. A year or 2 later, I needed a little more and went on to hosting by Oryon Networks (by the way, Oryon Networks is an EXCELLENT webhosting – the hosting is incredibly speedy and any emails and support tickets I sent to them were responded to in about an hour or less – even on weekends!)

Today, I’ve finally made the next step, from a hosted solution (Blogger) to a shared hosting (Focushub & Oryon Networks), and now a Virtual Private Server (VPS).

Now what is a VPS you ask? Basically it works almost like a dedicated server, only that it’s much cheap since you’re paying for a virtualised instance of a dedicated server, utilising a fraction of its resources (CPU, RAM and hard drive). The advantage of using a VPS is really root access – you can install ANYTHING, compared to a shared hosting environment. You also have more RAM available to you, where in a shared hosting environment this will be shared with all the other websites on the same server (probably up to 150 or so – or even more, if the hosting provider engages in overselling!).

So why isn’t everyone on a VPS? Even though the prices of VPSes have fallen rather dramatically especially recently, you do need to be a little more adept technically as you have to essentially become a system administrator for a (virtualised) server. Asking for easy-to-use control panels like cPanel, or even getting the hosting company to manage the VPS for you will incur additional (and sometimes, substantial) costs.

For me, I’ve come to a stage where I’m willing to learn how to manage my own (virtual) server. Of course, it doesn’t hurt that my hosting provider also offers semi-managed services for free i.e. hand holding for times I mess up bad