If you are running BIND on your server, here’s a tip I discovered the hard way for reducing the probability of your server being abused. A few days ago, I started seeing major explosions in the amount of bandwidth running through my server. I scoured my Apache and email logs, looked at what processes were […]

I was recomiling Apache today to update a few modules to their latest versions, and ran into a problem I hadn’t seen before: the configure script complained that it couldn’t find libpng.(a|so) (meaning libpng.a or libpng.so). I did a bunch of searching online looking for solutions, and after trying a number of things that didn’t […]

The top three priorities of an internet server administrator are:
1. Security
2. Security
3. Security
When I was a newbie, I naively installed Red Hat Linux 5.something and if I thought about security at all, I probably figured that I was using a popular distro, so it should be safe. Wrong! That server got cracked many times before […]

I had my first publicly-visible internet server in 1998, and have learned a few lessons the hard way about what it takes to set up and administer one’s own server while maintaining one’s sanity. This weblog will chronicle some of the problems and challenges I ran into, and offer some advice and solutions for anyone […]

Here’s a message I’ve attempted twice to post to Bugtraq, but it appears to have been lost both times. Traffic on Bugtraq has been spotty lately. It talks about a security problem with Blogger’s handling of comments:
Having notified Blogger of this twice over the course of a number of months, and not seeing them take […]

Well, I managed yesterday to get in contact with the people who were sliming my server with referrer spam. I asked them to stop, and they removed me from their database! Amazing! My referrer logs look better today.
How did I manage to contact them? Their domain names were registered to someone with an email address […]

I’ve been updating my referrer spam blocks every few days, but the **** who’s spamming me keeps registering new domain names to do their spamming from. It keeps my server logs a little cleaner, but it feels like more work than I should have to be doing…sort of like email spam. Blocking based on the […]

The following, excepted from Yahoo!’s FAQ about DomainKeys, their proposal for authenticated email, points to a possible implementation of SSL (a.k.a. HTTPS or secure HTTP) which wouldn’t require a CA, which would make setting up a secure server free, rather than requiring anywhere form $50 to hundreds of dollars per year:
Does DomainKeys require signing of […]

Potential problems with bandwidth consumption are a frequent theme on Info Bite. I haven’t run into a problem with it myself, and today, I took steps to postpone any problems even further by moving to a faster server on a faster connection. Does this mean I’ll finally stop harping on the issue? Nope. I still […]