Nowadays, web hosting has introduced many kind of internet traffic, which we can classified into 3 categories: Clean/good traffic Bot/crawler traffic Threat/bad traffic Threat or bad traffic can harm the website and also can bring serious effect to the server, if you not have security in mind. Following example explained how bad traffic can bring consequences to your website: You receive so many spam comments in your blog post with different IPs Your website is being targeted by DOS or DDOS attack Your website being injected with malicious code. This will usually happened if you have Javascript embedded in your HTML code. Your website being tagged as ‘The site may harm your computer’ by Google Safe Browsing You being accused by the web browser to be hosting malware What we really want is to accept only clean traffic to our website. The most easiest way to achieve this objective is to use Cloudflare service. Cloudflare will convert your ‘naked’ and ‘exposed’ website into a protected website. The concept is they will route every single web traffic into their cloud network to filter out bad and good traffic, then just forward the good traffic to your website. This service is FREE for life! What you need to do is: Go to cloudflare.com and register Follow the installation wizard online Change your domain name server to their name server at the domain registrar Wait for the propagation complete Done. You are protected! Since the connections is routed to their network (because we will using their name server), they can log almost full information of our website traffic, not like Google Analytics or Quantcast, where they do tracking using Javascript which embedded into your website. Their reporting is also informative and we can see daily report on what is going on to our web traffic. Example as below: From the screenshot above, you can see that I have report on how many good, bot and bad traffic to my website, how many bandwidth has been saved, how many processed request can be saved (by eliminating bad request) and so on. I am not doing this for their behalf as promotion or what. It is worth to try. I just want to share with you on how to achieve best result with simplest and most effective way!
Archive for October, 2011
In this tutorial, we will use pptp as protocol to connect to VPN server using a username and password, with 128 bit MPPE encryption. Variable as below: OS: CentOS 6 64bit VPN server: 209.85.227.89 VPN client IP: 209.85.227.90 - 209.85.227.100 VPN username: vpnuser Password: ourVPN#99 1. Install ppp via yum: $ yum install ppp -y 2. Download and install pptpd (the daemon for point-to-point tunneling). You can find the correct package at this websitehttp://poptop.sourceforge.net/yum/stable/packages/ : $ cd /usr/local/src $ wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.el6.x86_64.rpm $ rpm -Uhv pptpd-1.3.4-2.el6.x86_64.rpm 3. Once installed, open /etc/pptpd.conf using text editor and add following line: localip 209.85.227.89 remoteip 209.85.227.90-100 4. Open /etc/ppp/options.pptpd and add DNS resolver value: ms-dns 8.8.8.8 5. Lets create user to access the VPN server. Open /etc/ppp/chap-secretsand add the user as below: vpnuser pptpd ourVPN#99 * The format is: [username] [space] [server] [space] [password] [space][IP addresses] 6. We need to allow IP packet forwarding for this server. Open/etc/sysctl.conf via text editor and change line below: net.ipv4.ip_forward = 1 7. Run following command to take effect on the changes: $ sysctl -p 8. Allow IP masquerading in IPtables: $ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 9. Turn on the pptpd service at startup and reboot the server: $ chkconfig pptpd on $ init 6
