[App_rpt-users] ASL Deployed on a VPS in under 1 hour as HUB
Mike
mm at midnighteng.com
Wed May 16 17:29:51 UTC 2018
Thanks for helping put that in perspective, I too have been fond of them.
but I did say the cause of my issue was related to problems with the one
instance ( normal asterisk on larger instance ) and their reaction was
to stop/block ports on all of my instances. For doing that with no
notification has caused me to waste a lot of time fixing things that
were not broke.(using up cpu cycles since the scripts continue to run
and stack-up creating more of a problem)
I do hold that against them as I'm sure you would also "if it happened
to YOU". I use email to tell me in reports/notifications as to the
instance status, which I will not get when they block ports especially
on instances that had no issues. So I instantly developed issues where I
did not have any because of the universal port blockage, and without
notification.
I pick-up a instance on any OS, run tests and destroy it often within a
week. It was what brought me to them since they charge the instance by
the minute pretty much. $20 can go a long way even with a 4cpu 8gb
instance that I only need for a day. But I have found that server
location determines ip address and so the hacking activity levels change
with some locations.
...mike/kb8jnm
On 5/16/2018 11:24 AM, 2E0SIP wrote:
> For what it's worth, I use Vultr and find their service to be pretty
> solid. I've got one VPS thats averaging 20-50% CPU Utilisation, and
> I've not had any blocked ports or issues.
>
> If your server is under a constant hack attack you should probably put
> in measures to block the attack before it takes place. (iptables,
> fail2ban, etc) or bring up the node on a new IP and see if it persists.
>
> Cheers
>
>
>
> On Wed, May 16, 2018 at 3:57 PM, Stephen - K1LNX <k1lnx at k1lnx.net
> <mailto:k1lnx at k1lnx.net>> wrote:
>
> Bottom line, Vultr sucks. I had a hub deployment there supporting
> 5 repeaters and it was nothing but constant issues and finally
> scrapped it alltogether. They are one of the few providers however
> that will allow custom ISO's and do BGP announcements so I left
> that portion in place until I can find another.
>
> Their support is about useless, they were quick to blame anything
> I had running vs. their oversold and saturated infrastructure.
>
> 73
> Stephen
> K1LNX
>
> On Wed, May 16, 2018 at 10:12 AM, Mike <mm at midnighteng.com
> <mailto:mm at midnighteng.com>> wrote:
>
> As a follow-up...
>
> The host at Vultr has blocked the ports on this instance
> thereby rendering it useless.
>
> In trying to remedy this, they claim I am over using the CPU
> on a other instance running a full version of asterisk on a
> server with 3x the resources, which has been under constant
> hack attack. But what I did not know is that they had started
> blocking ports back then (months ago) and in a effort to fix
> what I thought was corruption, did a lot of re-loading of
> software, intensifying the cpu usage. SO, it may be advisable
> if you think you want to reload and reconfig a instance such
> as I outlined here, to start a new instance, copy the files
> needed from your old one and destroy the old instance. You
> will have a new IP address with the new.
>
> Same on yet one other instance for a web server only intended
> for email. But I have to say, if not for the blocking of the
> email ports in the first place and without warning, I might
> have been inform by the scripts I have on those servers of the
> hacking attempts to the first server.
>
> Kinda a catch 22 I guess. But I thought the advantage of VPS
> is that you can not and do not 'SHARE RESOURCES"
>
> You are suppose to get just what you pay for nothing more or
> less..... Go Figure !
>
> Anyway, I will give you guys 1 more follow-up as I redeploy
> this "ON SOME OTHER HOST" because they seem reluctant to open
> ports 25,465,4569 & 5060 in one direction or the other.
>
> Here is a nice online tool for checking your inbound udp/tcp
> ports...
>
> https://www.yougetsignal.com/tools/open-ports/
> <https://www.yougetsignal.com/tools/open-ports/>
>
> While I do not wish to slight vultr, it does not seem they
> handle issues very well. And the hack activity there is high.
> Do not run a instance there without configserver (CSF) or some
> statefull firewall, but I guess that goes for anywhere. But
> for whatever reason, if you don't get it deployed and locked
> down there in the 1st few hours, you may have plenty of
> issues. The IP's there are high on the hacker hit list. And I
> have seen plenty of 'reflections' attacks there.
>
> But, if many should start to deploy these hubs on VPS, I would
> say we do need some separate communication between us as to
> hack activity and ip address sharing of those attacks. Perhaps
> a email list of the output of CSF & LFD from each instance.
> Then you can start-up with the knowledge of previous attacks
> addresses the moment you deploy. Just a thought.
>
> Follow-up to come...
>
> ...mike/kb8jnm
>
>
>
>
> On 5/15/2018 2:36 AM, Mike wrote:
>
>
> Just wanted to let those know that have had a wish-list of
> a deployment of a hub on a VPS, and know that it was
> quite easy.
>
> On the down side for me is that I am a CentOS guy. I run
> over a dozen centos64 servers now. Started with centos in
> v3 I think.
>
> Debian is new for me.
>
> Struggled a little. And on the plus side for time, I had a
> old config for the same from ACID .
>
> Here is the quick what/where... (I am not endorsing anyone)
>
> I used a 1 core 500mb / 25gb VPS from Vultr.com
>
> ...you may need to 'change server locations' to find that
> small cheap one @ $2.50/month
>
> Once you have a server picked-out and deployed (5min) and
> it's loaded and ready,
>
> You will need to load a custom ISO of the ASL from the
> http-link address at allstarlink.org
> <http://allstarlink.org> of the 'ISO' image.
>
> After it has loaded in the tray (few min) reboot the
> server loading/booting custom iso.
>
> Watch the top right hand side of the screen for the
> local/console monitor button to see what you are doing.
>
> For me it loaded up in less than 15min but that's a guess.
> It was pretty darn quick.
>
> But while you are waiting, you can ready your ssh shell
> with new ip if you want or do your set-up at allstarlink etc.
>
> But do not alter the server setting at Vultr while the
> process is ongoing. Before or after would be in order here.
>
> You will need to unload that iso from the tray and reboot
> at the end to continue from the vultr server setup page.
>
>
> I will say for me... I had to set myself up as root ssh
> right away or it would have taken me twice as long or more
> to edit the files and 'stuff' since I'm not use to debian
> linux. but it does not seem all so different. But I rarely
> run as sudo.
>
> When I'm done, I revert back to locking up root. But I am
> sure it will take most a little bit longer to deploy as i
> am use to the menu at vultr since a load a experimental
> server there all the time and destroy it after my tests.
>
> Anyway, hope that gets some folks thinking of new
> possibilities and trying some new things out.
>
> For me... this node number is 29999 and I had ask for it
> in advance of hitting the 30000 mark and was intended to
> be just what I am doing with it now. But I do intend to
> build many repeater toys in this central spot to be used
> by other repeater/nodes I have. Perhaps then I can slim
> down my computer boards driving the repeaters.
>
> But I would like to see a bunch of activity on this
> 29999/hub over the next week to examine how much activity
> will load it down so I have some idea in real terms what
> it will handle. So if you all can help me out with that
> great ! Connect up and shoot some round tables for a bit.
>
> I may in the future sponsor some tech nets/how 2's on this
> hub. But I do have in mind a experiment with a http html5
> webtransiever when I have time. It would be for emergency
> use only. Think of all the possibilities for yours and go
> for it !
>
> One other note I am playing with...
>
> I have pointed a FQDN domain at the server for now and it
> is 29999.link (port 80 not opened yet, not till I get csf
> config'd) and I just wanted those that might have that in
> mind in the future to perhaps think of using the '.LINK'
> extension for these things. They are cheap and available
> for most 5number names. Unlike .com/.net/.org since
> 5number names are well taken as zipcodes in the us.
> (node#.LINK)
>
> But all in all... Guys/Gals Thanks for all the hard work
> from those on the new ASL Debian versions. Thank You !
>
> A Very smooth and accurate deployment.
>
> ...mike/kb8jnm
>
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at lists.allstarlink.org
> <mailto:App_rpt-users at lists.allstarlink.org>
> http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users
> <http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users>
>
> To unsubscribe from this list please visit
> http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users
> <http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users>
> and scroll down to the bottom of the page. Enter your
> email address and press the "Unsubscribe or edit options
> button"
> You do not need a password to unsubscribe, you can do it
> via email confirmation. If you have trouble unsubscribing,
> please send a message to the list detailing the problem.
>
>
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at lists.allstarlink.org
> <mailto:App_rpt-users at lists.allstarlink.org>
> http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users
> <http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users>
>
> To unsubscribe from this list please visit
> http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users
> <http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users>
> and scroll down to the bottom of the page. Enter your email
> address and press the "Unsubscribe or edit options button"
> You do not need a password to unsubscribe, you can do it via
> email confirmation. If you have trouble unsubscribing, please
> send a message to the list detailing the problem.
>
>
>
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at lists.allstarlink.org
> <mailto:App_rpt-users at lists.allstarlink.org>
> http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users
> <http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users>
>
> To unsubscribe from this list please visit
> http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users
> <http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users>
> and scroll down to the bottom of the page. Enter your email
> address and press the "Unsubscribe or edit options button"
> You do not need a password to unsubscribe, you can do it via email
> confirmation. If you have trouble unsubscribing, please send a
> message to the list detailing the problem.
>
>
>
>
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at lists.allstarlink.org
> http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users
>
> To unsubscribe from this list please visit http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"
> You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.keekles.org/pipermail/app_rpt-users/attachments/20180516/a408d528/attachment.html>
More information about the App_rpt-users
mailing list