My Old Server
So, the server for evlan.org (and fateofio.org, theposse.org, etc.) has been hosted on a cheap-ass FreeBSD dedicated server in Montreal for over five years now. I need my own machine because the web server is actually written in Evlan, my programming language. Other than that, there's really no reason the server needs dedicated hosting -- it certainly doesn't get any significant amount of traffic.
Sometime in the last couple months, the machine stopped accepting SSH logins. The web server was chugging along fine; I just couldn't log in. I ignored the problem for awhile because I rarely need to log in to my server... but it is a good idea to make a backup now and then.
Last week, though, my attention was drawn to the server when I noticed that some spammer had registered a few hundred new accounts for the sole purpose of creating spammy profiles for all of them. WTF? Why would a spammer take the time to write a script designed specifically to log into *my* server and create dummy profiles? There are only two servers on the internet running this software. You'd think it wouldn't be worth their time. Especially given that it probably took them far longer to write the script than it took me to simply block all profile pages for user IDs over 500 -- so that profiles of original users are still visible, but all the spam users and any new users are gone.
Idiotic Support
So finally I decide that I should probably get the SSH fixed. The conversation with tech support went something like this...
This was obviously going nowhere.
Luckily, my Evlan server happens to feature the ability for me to log in and interactively execute Evlan code. It doesn't provide any way to execute shell commands, but I was able to read and download all important files from my machine.
In the process, I took a look at /var/log/auth.log, where I saw this:
Abandon Ship
So, having rescued my data, I decided to abandon the silly Quebecois server. Since the thing gets very little traffic anyway, I decided to just move it to my DSL.
One problem: I didn't have a suitable server machine. In fact, my main computer is a laptop that sleeps most of the time. I actually quite like the fact that my electricity bill is $15/mo., not the $50/mo. it was back when I had a big power-hungry alway-on desktop.
So, I headed down to Fry's and picked up:
The best part about this little guy is the power supply. It's 65W. As in, the machine is not capable of using more than 65 watts. That's less than a tenth of a modern gaming rig's power supply. And the machine probably actually uses much less than 65W, given that it doesn't do video, has no peripherals attached, doesn't even have a CD drive, and uses flash storage.
I installed FreeBSD from a USB memory stick prepared using unetbootin, then set up:
UPDATE: Actual Real Ticket History
We begin right after the support people finally figured out how to log in...
Support:
I can't believe I pay these people! (I'm still trying to log in just so that I can wipe the hard drive myself; I obviously don't trust them to do it.)
So, the server for evlan.org (and fateofio.org, theposse.org, etc.) has been hosted on a cheap-ass FreeBSD dedicated server in Montreal for over five years now. I need my own machine because the web server is actually written in Evlan, my programming language. Other than that, there's really no reason the server needs dedicated hosting -- it certainly doesn't get any significant amount of traffic.
Sometime in the last couple months, the machine stopped accepting SSH logins. The web server was chugging along fine; I just couldn't log in. I ignored the problem for awhile because I rarely need to log in to my server... but it is a good idea to make a backup now and then.
Last week, though, my attention was drawn to the server when I noticed that some spammer had registered a few hundred new accounts for the sole purpose of creating spammy profiles for all of them. WTF? Why would a spammer take the time to write a script designed specifically to log into *my* server and create dummy profiles? There are only two servers on the internet running this software. You'd think it wouldn't be worth their time. Especially given that it probably took them far longer to write the script than it took me to simply block all profile pages for user IDs over 500 -- so that profiles of original users are still visible, but all the spam users and any new users are gone.
Idiotic Support
So finally I decide that I should probably get the SSH fixed. The conversation with tech support went something like this...
Me: My server is serving HTTP just fine but won't accept SSH -- it starts the handshake but hangs and then times out before getting to the password prompt. I tried from several different machines on different networks. Rebooting did not help.
Tech support: Did you try rebooting?
Me: ... yeah, that didn't help.
Tech support: What's your root password?
Me: ::grumble:: It's (password1).
Tech support: And the non-root user/password you log in with?
Me: ::sigh:: kentonv/(password2).
Tech support: The login you provided is not working. Is your data backed up? Maybe we should just wipe the machine.
Luckily, my Evlan server happens to feature the ability for me to log in and interactively execute Evlan code. It doesn't provide any way to execute shell commands, but I was able to read and download all important files from my machine.
In the process, I took a look at /var/log/auth.log, where I saw this:
Jul 9 13:20:13 server013 login: 1 LOGIN FAILURE ON ttyv0Obviously, auth.log does NOT normally contain plain-text passwords -- only usernames. The tech guy had actually typed "kentonv/(password2)" as the *username*.
Jul 9 13:20:13 server013 login: 1 LOGIN FAILURE ON ttyv0, kentonv/(password2)
So, having rescued my data, I decided to abandon the silly Quebecois server. Since the thing gets very little traffic anyway, I decided to just move it to my DSL.
One problem: I didn't have a suitable server machine. In fact, my main computer is a laptop that sleeps most of the time. I actually quite like the fact that my electricity bill is $15/mo., not the $50/mo. it was back when I had a big power-hungry alway-on desktop.
So, I headed down to Fry's and picked up:
- Intel Atom CPU/motherboard (D510M0) $79.99
- 2GB PC6400 RAM $42.99
- 30GB SSD $84.99
- Mini-ITX case w/65W PSU $59.90
I installed FreeBSD from a USB memory stick prepared using unetbootin, then set up:
- DJB's daemontools for service management.
- DJB's tinydns for my domains' DNS server.
- stunnel, which takes my HTTPS traffic, decrypts it, and forwards it on to Evlan. I originally tried using the OpenSSL library directly, but its interface was absolutely horrid.
- Evlan, of course.
UPDATE: Actual Real Ticket History
We begin right after the support people finally figured out how to log in...
Support:
hello,Me:
even on root access we get permission denied why if im root?
i think ssh was disabled and need to be re-enable
thanks
What do you mean by this? What did you try to do that was denied?Support:
SSH is not disabled -- it is still accepting connections, it just doesn't complete the handshake.
when i try some commands on root it says permission deniedSupport (again):
now i have enable root access but its still doesn't give me a ssh box
thanks
and also when it reboots it gets stuck atMe:
setting date via ntp?
do you have any idea about this?
thanks
What commands did you try?Support:
Are you really root, or are are you still kentonv?
i was root all the timeMe:
any commande regarding ssh
thanks
Please be specific. What exact command did you type that said "permission denied"?Support:
i don't remember i tried so many did you try to connect with PUTTY?
I can't believe I pay these people! (I'm still trying to log in just so that I can wipe the hard drive myself; I obviously don't trust them to do it.)
No comments:
Post a Comment