[App_rpt-users] ASL Deployed on a VPS in under 1 hour as HUB

Wed May 16 14:57:48 UTC 2018

Bottom line, Vultr sucks. I had a hub deployment there supporting 5
repeaters and it was nothing but constant issues and finally scrapped it
alltogether. They are one of the few providers however that will allow
custom ISO's and do BGP announcements so I left that portion in place until
I can find another.

Their support is about useless, they were quick to blame anything I had
running vs. their oversold and saturated infrastructure.

73
Stephen
K1LNX

On Wed, May 16, 2018 at 10:12 AM, Mike <mm at midnighteng.com> wrote:

> As a follow-up...
>
> The host at Vultr has blocked the ports on this instance thereby rendering
> it useless.
>
> In trying to remedy this, they claim I am over using the CPU on a other
> instance running a full version of asterisk on a server with 3x the
> resources, which has been under constant hack attack. But what I did not
> know is that they had started blocking ports back then (months ago) and in
> a effort to fix what I thought was corruption, did a lot of re-loading of
> software, intensifying the cpu usage. SO, it may be advisable if you think
> you want to reload and reconfig a instance such as I outlined here, to
> start a new instance, copy the files needed from your old one and destroy
> the old instance. You will have a new IP address with the new.
>
> Same on yet one other instance for a web server only intended for email.
> But I have to say, if not for the blocking of the email ports in the first
> place and without warning, I might have been inform by the scripts I have
> on those servers of the hacking attempts to the first server.
>
> Kinda a catch 22 I guess. But I thought the advantage of VPS is that you
> can not and do not 'SHARE RESOURCES"
>
> You are suppose to get just what you pay for nothing more or less.....
> Go Figure !
>
> Anyway, I will give you guys 1 more follow-up as I redeploy this "ON SOME
> OTHER HOST" because they seem reluctant to open ports 25,465,4569 & 5060 in
> one direction or the other.
>
> Here is a nice online tool for checking your inbound udp/tcp ports...
>
> https://www.yougetsignal.com/tools/open-ports/
>
> While I do not wish to slight vultr, it does not seem they handle issues
> very well. And the hack activity there is high. Do not run a instance there
> without configserver (CSF) or some statefull firewall, but I guess that
> goes for anywhere. But for whatever reason, if you don't get it deployed
> and locked down there in the 1st few hours, you may have plenty of issues.
> The IP's there are high on the hacker hit list. And I have seen plenty of
> 'reflections' attacks there.
>
> But, if many should start to deploy these hubs on VPS, I would say we do
> need some separate communication between us as to hack activity and ip
> address sharing of those attacks. Perhaps a email list of the output of CSF
> & LFD from each instance. Then you can start-up with the knowledge of
> previous attacks addresses the moment you deploy. Just a thought.
>
> Follow-up to come...
>
> ...mike/kb8jnm
>
>
>
>
> On 5/15/2018 2:36 AM, Mike wrote:
>
>>
>> Just wanted to let those know that have had a wish-list of a deployment
>> of a hub on a VPS, and  know that it was quite easy.
>>
>> On the down side for me is that I am a CentOS guy. I run over a dozen
>> centos64 servers now. Started with centos in v3 I think.
>>
>> Debian is new for me.
>>
>> Struggled a little. And on the plus side for time, I had a old config for
>> the same from ACID .
>>
>> Here is the quick what/where... (I am not endorsing anyone)
>>
>> I used a 1 core 500mb / 25gb VPS from Vultr.com
>>
>> ...you may need to 'change server locations' to find that small cheap one
>> @ $2.50/month
>>
>> Once you have a server picked-out and deployed (5min) and it's loaded and
>> ready,
>>
>> You will need to load a custom ISO of the ASL from the http-link address
>> at allstarlink.org of the 'ISO' image.
>>
>> After it has loaded in the tray (few min) reboot the server
>> loading/booting custom iso.
>>
>> Watch the top right hand side of the screen for the local/console monitor
>> button to see what you are doing.
>>
>> For me it loaded up in less than 15min but that's a guess. It was pretty
>> darn quick.
>>
>> But while you are waiting, you can ready your ssh shell with new ip if
>> you want or do your set-up at allstarlink etc.
>>
>> But do not alter the server setting at Vultr while the process is
>> ongoing. Before or after would be in order here.
>>
>> You will need to unload that iso from the tray and reboot at the end to
>> continue from the vultr server setup page.
>>
>>
>> I will say for me... I had to set myself up as root ssh right away or it
>> would have taken me twice as long or more to edit the files and 'stuff'
>> since I'm not use to debian linux. but it does not seem all so different.
>> But I rarely run as sudo.
>>
>> When I'm done, I revert back to locking up root. But I am sure it will
>> take most a little bit longer to deploy as i am use to the menu at vultr
>> since a load a experimental server there all the time and destroy it after
>> my tests.
>>
>> Anyway, hope that gets some folks thinking of new possibilities and
>> trying some new things out.
>>
>> For me... this node number is 29999 and I had ask for it in advance of
>> hitting the 30000 mark and was intended to be just what I am doing with it
>> now. But I do intend to build many repeater toys in this central spot to be
>> used by other repeater/nodes I have. Perhaps then I can slim down my
>> computer boards driving the repeaters.
>>
>> But I would like to see a bunch of activity on this 29999/hub over the
>> next week to examine how much activity will load it down so I have some
>> idea in real terms what it will handle. So if you all can help me out with
>> that great ! Connect up and shoot some round tables for a bit.
>>
>> I may in the future sponsor some tech nets/how 2's on this hub. But I do
>> have in mind a experiment with a http html5 webtransiever when I have time.
>> It would be for emergency use only. Think of all the possibilities for
>> yours and go for it !
>>
>> One other note I am playing with...
>>
>> I have pointed a FQDN domain at the server for now and it is 29999.link
>> (port  80 not opened yet, not till I get csf config'd) and I just wanted
>> those that might have that in mind in the future to perhaps think of using
>> the '.LINK' extension for these things. They are cheap and available for
>> most 5number names. Unlike .com/.net/.org since 5number names are well
>> taken as zipcodes in the us. (node#.LINK)
>>
>> But all in all... Guys/Gals Thanks for all the hard work from those on
>> the new ASL Debian versions. Thank You !
>>
>> A Very smooth and accurate deployment.
>>
>> ...mike/kb8jnm
>>
>> _______________________________________________
>> App_rpt-users mailing list
>> App_rpt-users at lists.allstarlink.org
>> http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users
>>
>> To unsubscribe from this list please visit http://lists.allstarlink.org/c
>> gi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of
>> the page. Enter your email address and press the "Unsubscribe or edit
>> options button"
>> You do not need a password to unsubscribe, you can do it via email
>> confirmation. If you have trouble unsubscribing, please send a message to
>> the list detailing the problem.
>>
>
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at lists.allstarlink.org
> http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users
>
> To unsubscribe from this list please visit http://lists.allstarlink.org/c
> gi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of
> the page. Enter your email address and press the "Unsubscribe or edit
> options button"
> You do not need a password to unsubscribe, you can do it via email
> confirmation. If you have trouble unsubscribing, please send a message to
> the list detailing the problem.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.keekles.org/pipermail/app_rpt-users/attachments/20180516/6f85223b/attachment.html>