Using your web server as a proxy

Using your web server as a proxy

Tunnel!At Geekdom I’m stuck using a shared wifi connection. This exposes me to a slew of security issues. Eek! An easy way to resolve the security problems is to send all your traffic, encrypted, through another server. I already have a web server with plenty of processing and bandwidth capacity to handle my web browsing, so I decided to use it.

Getting things set up is extremely easy. I followed the instructions from a TechRepublic article to configure PuTTY (the “first” through “third” instructions) to make a secure tunnel to my server. Next, I used Proxy Switcher Lite (free) to make it easy to tell Windows (and any software you are running) to use the tunnel or connect directly to the internet without having to go into the Windows settings.

That’s it! I used my IP website, IP, to make sure my server’s IP was showing up instead of Geekdom’s IP, so I can be confident that my traffic is making its way through the secure tunnel.

If you want to give this a shot but don’t have a server, you could always use a VPS. I’ve got several at Linode that I am very satisfied with. Super fast, super cheap, super reliable. You could also try using a commercial VPN service, but personally I feel this setup provides superior security and is easier to use.

Read More

Forwarding traffic from one server to another

Yesterday I spent a good deal of time configuring a VPS to host my new German temporary email site, Wegwerf-eMail-Adresse. I really enjoy playing with servers so I had fun doing it, but I was still quite frustrated when my VPS host emailed me this morning letting me know that the server would be down for several hours next week for maintenance. Egh.

So I decided to move to a new host that is, hopefully, more reliable. But how to move the server without downtime?

Well the first step was to configure a new server. I have the process fine-tuned, so I was good to go with a fully updated server with all my required software, files, and databases within an hour.

The next step was to update my IP address for my domains. Again, fast and easy. Within a day or two everyone in the world should be getting directed to the new server from the existing domains.

The last step was to forward traffic from the old server to the new server. This part was vital. This site is data heavy and handles receiving mail. All that mail needed to go to the new server, and all that data needed saved in the new database. Waiting a day or two for that to happen would have caused lots of issues for my users. Luckily, a quick Google search gave the solution:

echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp –-dport 80 -j DNAT –-to-destination
iptables -t nat -A POSTROUTING -p tcp -d –-dport 80 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp –-dport 25 -j DNAT –-to-destination
iptables -t nat -A POSTROUTING -p tcp -d –-dport 25 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp –-dport 6969 -j DNAT –-to-destination
iptables -t nat -A POSTROUTING -p tcp -d –-dport 6969 -j MASQUERADE

The first line enables forwarding for ipv4, and the next lines turns it on for ports 80, 25, and 6969 (the ports I care about) to IP (my new server).

Voila! Seamless transition with virtually no downtime.

Read More

How iptables earned me an extra $500 per year

A few weeks ago I started taking a more active role in monitoring the traffic going to my server. I discovered that lots of people were scraping my sites, or in other words, they were writing programs to extract the data off of my sites without actually browsing them in something like Chrome or Firefox. Very rude.

So I started using iptables, a Linux program that lets you configure the kernel firewall, to block IP addresses that were obviously abusing my services.

One of these scrapers was very persistent. They were scraping my ABA Number Lookup site instead of using the very inexpensive API that I provided. As soon as I blocked an IP, a new one started up. I probably would have let them get away with it but their programming was atrocious. Within the space of a few minutes they were looking up the same routing numbers dozens of times instead of looking up unique routing numbers. So I kept blocking their IPs until apparently they ran out, and the scraping stopped.

A few days later I was hanging out with my family when my cell phone starting ringing on my business line. I answered the phone and was greeted by an individual that needed help signing up for the API. I gave him the information he needed, and then he bashfully asked if I could unblock their IP addresses. Ah hah! This was the man that was hammering my server! Turns out he works for a finance-related company on Wall Street and instead of paying the measly $1 per thousand look-ups he was scraping my site.

So now they are using the API like they should have been the whole time, and I’m making an extra $500 per year. Yay!

Moral of the story: Sometimes it pays to check your logs.

Read More

SoftLayer hardware firewall is awful

I’ve been having a problem lately with people hitting my server more than I’d like. I’ve been using iptables to drop requests from these IPs, but I wanted something that took the load completely off of my server, and could be bypassed in case I put in a bad rule that locked me out. So I decided to try the SoftLayer hardware firewall.

This feature is expensive: $49 per month for a 10Mbps hardware firewall. That is a lot, but I figured it would be worth it to have the added protection for my server. Sadly, I was wrong. The interface to manage the firewall is garbage.

It shows a basic form listing all the firewall rules. You select the rule priority by numbering the rules 1 through however many rules you have. There is, however, no way to add a new rule to the top of the list (or the middle of the list) unless you re-number every single rule. If you have 20 rules, this can be tedious. If you have 100 rules, this can be extremely frustrating. Even worse, if you make a mistake and have a duplicate priority number then the page refreshes with all the rules set to a priority of “1”. So now you have to start all over.

Unlike iptables, there is very little help available for the firewall. SoftLayer provides a handful of knowledge base articles, but none of them include screenshots or advanced examples.

Within a few hours of using the service, I realized that it wasn’t going to work out and I’d be better off with iptables. I started a chat with the billing department, and was told they’d create a ticket to review crediting me for the service, and then they gave me instructions on how to cancel. I followed the instructions and the service was promptly removed from my server.

Sadly, I was informed that the terms of service prevented them from giving me a refund, and they said that the billing department only said they’d look into crediting me for the service, not that they actually would. How deceptive! Do they really expect me to believe that their own billing department doesn’t know what they claim is the standard SoftLayer refund policy? I likely still would have canceled the service, but I feel pretty ripped off having used the service for just a few hours, experiencing several issues with it, being told (from my perspective) that I’d get a refund, and then being stuck with the bill for a full month of service. Egh.

Overall, SoftLayer is awesome. Quality servers at great prices. In this situation though, complete fail. The firewall is garbage and they handled the situation very poorly. I’m not disappointed enough to start immediately hunting for a new host, but I’ll definitely be considering other options for my future server needs.

Read More

Zend Server is awesome

As a Zend Certified Engineer, I get a free Zend Server license. This is a $1,695 value, so definitely worth the effort of getting certified.

It has been a few years since I last tried Zend Server, and it didn’t go well. It was buggy, awkward to use, and difficult to install. Since I just ordered a new server, I decided to give it another try. It is awesome.

Installation was incredibly easy. I use CentOS. Zend Server has its own yum repositories so I just had to set them up on my new server and type “yum install zend-server”. Bam. PHP was installed.

Fake Name Generator has lots of special requirements. I normally spend an entire day getting PHP configured and dependencies installed whenever I get a new server. With Zend Server, it took maybe 5 minutes to figure out which pear packages I needed and then I was good to go. Zend Server’s PHP already had almost everything I needed installed.

Updating is also easy. This is normally a frustrating 30-60 minute process that often results in down time when things go wrong. A day after I installed Zend Server a notice was sent out about a critical security update. I ran “yum update” and I was up-to-date in just a few seconds.

Zend Server logs potential issues. I can easily see PHP errors, scripts that are taking too much memory or too long to run, and a pile of other issues.  I can also customize my php.ini from within the web GUI. Not amazing, but a nice little perk.

Finally, Zend Server integrates with Zend Studio (also free for Zend Certified Engineers). When Zend Server logs an issue, I can click a debug button in the web GUI and it sends the issue to my IDE for debugging. It is a bit finicky, but still very awesome. It also lets me easily profile my sites.

So basically Zend Server is pretty awesome. I wish I had started using it earlier. I’m pretty comfortable setting things up on my own, so I don’t think it is worth $1,695 to me, but it is definitely worth using since it is free for me.

Read More

My latest server rebuild

Every year or two I like to order a new dedicated server and migrate all my stuff to it. This gets me newer hardware and software, lets me customize the hardware to my current needs, and gives me a chance to fix any mistakes I made with the configuration of the previous server. Plus I often save some money.

I just placed my order with SoftLayer for my latest server and am so super excited to start working on it. I remembered to check for any specials, and was lucky to grab an awesome one that has saved me some cash while letting me get a way beefier server than I had intended.

The configuration I settled on ended up being $550/month cheaper with the promo code and some luck (sometimes you get better than ordered, because they don’t have what you ordered available). That is a savings of $6,600 for the first year! Even better, it ended up being $10/month cheaper than my existing server, so I’m getting a much more powerful machine for $120/year less.

Specs of the new server:

  • OS: CentOS 6.0 (64-bit)
  • CPU: 2 x Intel Xeon-Westmere 5620-Quadcore [2.4GHz]
  • RAM: 12GB DDR3
  • Hard drive: 2 x 100GB SSD in RAID 1

I better get configuring. I’m only saving money if I quickly migrate to the new server.

Read More