Ensure root login in /etc/ssh/sshd_config is not possible, (set up your unprivileged account with pubkey auth and without password auth,) ensure fail2ban watches SSH (which it should do by default), add your own IP address or range to the /etc/fail2ban/jail.conf "ignore" variable, restart fail2ban and it take care of the rest.

Okay should I go along and run the IP tables script? ( I need instructions how to make a script and run it still ) and I installed Atop but, I'm not sure what to use it for or how to run it.

btw so far so good on high CPU issue.

I don't see pubkey auth on the cfg I'm a bit confused on what to do. I want only my IP and toord to be able to access the server but, I woudl like to add IPs every now and than to give other people access for various things and new business partners and so on.

- Check your /etc/hosts.deny. If it has just one rule reading "ALL: ALL" that is OK. Check your /etc/hosts.allow. Add a line "sshd: n.n.n." where "n.n.n." (don't forget the trailing dot!) is the first three octets of your IP address. So if yours would be "1.2.3.4" you would make it read "sshd: 1.2.3.".
- Open your /etc/ssh/sshd_config and look for the line "PermitRootLogin" and ensure it says "no". Look for lines "AllowUsers" and "AllowGroups" if there are none add them: "AllowUsers toord" and "AllowGroups toord".
- (Later on you can add users and groups to the AllowUsers and AllowGroups directives.)
- (Later on, when we have dealt with pubkey auth, you will set PasswordAuthentication to read "no".)


Most commands you run will have one or more manual pages and often documentation in /usr/share/doc/{applicationname-version}. Get accustomed to reading them to get a clue. Atop starts on boot with /etc/rc.d/init.d/atop, gets restarted daily with /etc/cron.d/atop (/etc/atop/atop.daily) and runs as daemon with a default 10 second interval for taking samples which get logged to /var/log/atop/. The file can be read back and stepped through with 'atop -r /var/log/atop/{file name}'.


Copy the contents of the script to a file, let's call it "/tmp/iptables.sh", and before the "# End
exit 0" line add a line "sleep 5m && service iptables stop" (w/o quotes) so it reads "# End
sleep 5m && service iptables stop
exit 0". This ensures the script runs and after 5 minutes the firewall is reset, giving you the opportunity to check the log and make adjustments. Now run as 'sudo /bin/bash /tmp/iptables.sh'. Suggestion: if you have a local Linux workstation, or use virtualization (VMware, Qemu, Virtual Box) to install a Linux distribution, you can test things out without harming your server. Highly recommended.

Quick question:

# Set a 128kbyte/sec rate for authenticated users
local_max_rate=128000

Why did you set it so low? I'm finding uploading my 20 mb gamemode file for my server to be tediously slow and I have a 30 MB upload so I'm used to high speeds.

Well I basically was setting it up and something happened and now I and no one else can access FTP when I updated some files. What can I do? Also my web server is disconnected with my dedi now.

I added All:All to the host denied and I think I just... fuck I'm in deep shit I need to get this fixed before I hit the sack.

I'm sorry to hear that but it is unclear to me what steps you took, in what order and what the result was or of there where any error messages. If there is no way to access the machine and if you do not have access to some web-based systems management panel then the only course of action I could think of is to ask your hosting provider to help you out by reversing what changes you made.

Moved: This thread is more suitable in Linux-Server and has been moved accordingly to help your question get the exposure it deserves.

Okay I got that situation sorted but, Can you addresses this unSpawn?

Quick question:

# Set a 128kbyte/sec rate for authenticated users
local_max_rate=128000

Why did you set it so low? I'm finding uploading my 20 mb gamemode file for my server to be tediously slow and I have a 30 MB upload so I'm used to high speeds.

Let's get things straight and put them in the "right" perspective.
You're operating a server with (hopefully paying) customers.
We're trying to help you deal with the most important performance issues.

So. If I were to prioritize things this issue you're addressing right now would be just a minor nit.
I mean it's not like you can't decide to change the value on your own, right?

Yeah I have everything setup now and its working great no VSFTPD crashes for 2 days but maillog continues to use 30% of CPU and kdjournal is fairly high and the maillog is just massive its like 80X bigger than all the previous logs from December. I posted a older version of the maillog above but its still doing the same thing for the most part. Its quite a strain and keeping peak times to hit around 80% when they shouldn't get that high. Raised VSFTPS bandwith limit to 3mb/s a sec I hope that alright.

My SQL also tends to raise to like 80% - 100% and now go down without a restart of the service. Sendmail usually shoots back up after a restart though.My SQL takes a tad bit longer

Please reread post #15, my reply to your "Would there be anyway to pinpoint the process?" question, install software as necessary and reply in 24 hours with requested data and system logs attached as plain text file or email me the URI if you make a tarball out of it if it's too large?

I had to reinstall the dedi for unrelated issues and I noticed

iptables -A INPUT -m state --state NEW -m tcp -p udp --dport 7777 -j ACCEPT

is returning

iptables: Unknown error 4294967295

Just saw thing and an earlier comment to collectl. When it comes to process issues, run collectl as a daemon and then play back the log like this:

collectl -p logfilename --top

and it will show the top 10 processes every minutes, sorted by cpu load. You can also change the number of processes displayed or the frequency with which collectl logs the data. You can also change the sort, so if you want to see the top page faulters, or memory users or even i/o users (assuming your kernel is reported i/o stats), you can do that too.

for more help on looking at process stats see "collectl --showsubopts" and look at the process monitoring options.

-mark