25-Jul-2009

FTP attack
The FTP log has increased in size yesterday – about 350 Kb, just by one address thinking this is a Windows box might have been easy to crack – or crash:

%TCPIP-I-FTP_SESCON, FTP SERVER: session connection from 121.124.27.222 at 24-JUL-2009 14:55:16.70
%TCPIP-E-FTP_LOGFAL, remote interactive login failure Administrator
-TCPIP-I-FTP_NODE, client host name: 121.124.27.222
-LOGIN-F-NOSUCHUSER, no such user

and it continues with this username – 2282 times. According the online system performance logs, it has taken about 30 minutes: elevated CPU activity and paging (maibnly soft-paging) and a bit more direct and buffered IO. Nothing hazardous – it’s not a Windows box, though the person trying seems to think so.
I checked tha address – and it’s Korean. The ISP it belongs to, has been notified of this abuse attempt.

Main page to be updated
I also noticed that the main page hasn’t been updated after last boot, following the power outage. Shame on me – but it will be taken care of tomorrow.

And by the way: IssiNoho – the VAMP site – is back inline again – though not yet on OpenVMS but Iain is working on it. So I revived the link 🙂

13-Jul-2009

Off power
Nearby, the power line to our block has been extended – years ago – but as was discovered today, it was badly done, in time, the isolating layers deteriated and this morning, about 11:00, the circuits were shortcut and a neighbouring block was powerless. As a result, our block was switched off power at about 12:30, and it lasted until 18:30 that power was restored.
All equipment in the attic had to be swithed off: if kept on the grid, it’s sudden consumption creates a peak that exceeds the capacity of the fuse so it will blow (Well, we’ve got “automatic” fuses – they simply turn power off that particular line, and it is very easy to re-enable it.). After that, firest the disks were made alive again, then the Alpha. No problem at all, this time. Just that the clock was 5 minutes late.

07-Jul-2009

New switch
The new switch has been ordered, and delivered (actually, I had to drive another way home to collect it 🙂 ) and I just installed it – quite basically to start with. It is a managed one, I can do all kinds of fancy stuff with it, like separating network traffic using VLAN (for keeping cluster communications apart from normal LAN traffic, for instance) but I need to read and understand the manual first.
Second, it allows Gigabit Ethernet – given the cable quality is sufficient: CAT5e at least – and some of the cables are, some are not. And only the newer laptops (the previous company one, that I purchased, and the newest) have that built-in. Iĺl need 1GB Ethernet cards for the Alpha’s – if available AND affordable….
But the improvement is noticeable already: no more hiccups!

01-Jul-2009

Monthly maintenance
Scanned the system logs every day (well, almost) and apart from the usual attempted FTP and HTTP abuse, it all seems rather silent. The spam filter works silently as well:
PMAS statistics for Jun
Total messages    : 4823 = 100.0 o/o
DNS Blacklisted   : 3006 =  62.3 o/o (Files: 30)
Relay attempts    :  119 =   2.4 o/o (Files: 29)
Processed by PMAS : 1698 =  35.2 o/o (Files: 30)
        Discarded :  453 =  26.6 o/o (processed),   9.3 o/o (all)
     Quarantained :  415 =  24.4 o/o (processed),   8.6 o/o (all)
        Delivered :  830 =  48.8 o/o (processed),  17.2 o/o (all)

All operator and all server’s logfiles have been archived (for later analysis).
New switch
A new switch has been ordered to replace the very cheap and now failing one. I found a fine alternative in the CISCO SLM2008: a relatively chep managed switch that allows me to separate traffic in VLAN’s, and fix ports to a particular setting; plus it can handle Gigabit Ethernet – handy for local data transfer. I’ll need a GB NIC in the main server – and I’m not sure it will be that easy to get for Alpha’s basic PCI bus. But the switch will be put into place soon – I hope to install it next weekend – or the one after.
And hopefully, it’ll will prevent Frame Check Errors, that still appear in the operator log – but far less than a few days ago.
I’m thinking of obtaining a new router/firewall as well, with some extra features, like VPN and VoIP. But I’m still looking around. A collegue as recommended Draytec, and it seems to fit. Just ask my provider if they support it.
New software
There is new software I’ll install within a few weeks: the new PHP – and that means, a new PHPWASD to get around a confirmed bug; at least, when the source code is now available; the last time viewed the kit contained the previous version (mind – I’m still running the beta! ). Another new vesrion of WordPress has been around for a few week now (2.8) and I just saw the beta of 2.8.2 just became available. I may wait a few weeks before this version is installed.
A new version of Mark Daniel’s VWCMS – VMS/WASD Content Management System – has become available as well, I’ll still need to setup the main page using that software. And version 10 of WASD – including WebDAV – is available in beta as well. That one will get into action once offficial; or, if the beta is as stable as this version, I may think of running it – in produc tion, although mark does not recommend it (for obvious reasons).