Latest Server related questions

Score: 12
How dangerous might it be - and what performance gains may be had - by turning vulnerability mitigations off on non-Internet facing servers?
in flag

When a virtual machine Linux host server is non-Internet facing and is used exclusively on a LAN and is using a relatively well tested distribution like Proxmox, how dangerous would it be to turn off all vulnerability mitigations via the kernel arg mitigations=off?

Additionally, has anyone tested what kinds of performance gains might be seen by turning off all such mitigations?

This recently came ...

Score: 0
Can a bots scanning my server change its source ip? Why do I keep getting attacks even after blocking the IP?
vn flag

I have a PBX (VOIP server) where phones connect in order to make phone calls. The pbx I am using is Asterisk. That server is not being used and it's only purpose is to analyze attacks.

The PBX service is not important if I wuold have a different service such as a mongodb I am sure bots on the internet will search for vulnerabilities to attack that database.

Anyways I am analysing all the packets t ...

Score: 0
Jonathan Wood avatar
Allow access to FileZilla SFTP server through FTP subdomain and no other domains
ug flag

I've installed FileZilla Pro Server on a VPS server, and have it working with SFTP.

At first, I just used the IP address to access the server, but I've since added an ftp.domain.com subdomain to my VPS. This is also working fine.

However, if instead of ftp.domain.com, I use any other domain or subdomain hosted on my server, that also works!

Is there any way to restrict SFTP access to only use ftp.dom ...

Score: 0
xzmaster avatar
iis - Redirect URL by numeral in order
kg flag

Good afternoon people.

The issue is that I was testing redirecting pages and I ended up having to repeat the code 11 times. But I believe there is a way to automate this. If anyone can help me.

What I want to do is access an address dominio.com/projeto/01/ and he rewrite to dominio.com/projeto/modulo/01 , but I wanted to automate the final part of the url to receive any number and apply that number  ...

Score: 0
wtfowned avatar
Delay between multiple Supervisor processes executions
mx flag

I have multiple PHP workers and I need to set delay between startup each of them. How to handle it?

Start 1 process / Wait 20 secs / Start 2nd process / Wait 20 secs ... Keep 50 proccesses alive at same time.

[program:get_comments]
directory=/var/www/
command=/usr/bin/php post_request.php
user=root
autostart=true
autorestart=true
process_name=%(program_name)s_%(process_num)02d
numprocs=50
stdout_logfil ...
Score: 0
Vladyslav Melnychenko avatar
Can't persist default ip route on Ubuntu 20 (Hetzner cloud)
ck flag

I am using Hetzner cloud where I created 2 servers in a subnet (10.1.0.0/24) - one only with local ip, another one has public IP and is used as a NAT gateway for the first server.

On private server I configured an ip route

ip route add default via 10.1.0.1 dev enp7s0 onlink

Here is a resulting list of routes

root:~# ip route show

default via 10.1.0.1 dev enp7s0 onlink 
10.1.0.0/16 via 10.1.0.1 dev  ...
Score: 0
blankip avatar
How to tell which versions of TLS MYSQL (windows) is using?
pe flag

I have another question about a pair of servers that I cannot turn off TLS 1.0/1.1. Even though IISCrypto showing them off and made right reg entries.

The servers run an IIS10/PHP7.4/MySQL8 stack. (I am not the person who set up the server builds - just trying to update it)

Anyway normally for mysql on apache I would add the following to make sure it wasn't using older TLS versions:

MinProtocol = TL ...
Score: -1
d9ngle avatar
Forward UDP packets to VM on another IP
cn flag

I'm connected to internet via a router and want to route UDP packets on a port, let's say 3000 to a VM inside KVM.

┌──────────────────┐    
│ router           │
│ 54.0.0.1 (public)│
│ 192.168.0.1      │
└────────┬─────────┘
         │
         │
  ┌──────▼──────┐
  │ pc    ...
Score: 0
Marwi avatar
Insufficient suitable allocatable extents error when performing RAID takeover
fr flag

To improve performance while still keeping redundancy, I am trying to convert the root file system of a NAS from a RAID 5 logical volume to a RAID 10 logical volume, while keeping the same number of disks used.

In this section of the lvmraid man page, it suggests converting RAID 10 and RAID 5 is possible with an indirect conversion.

The following takeover conversions are currently possible:

...

     ...
Score: -1
cifer avatar
how EBS and EFS achieve micro second-level latency
cn flag

I once monitored the read/write iowait in my EC2 instance which is attached an EBS volume, the iowait column ouput of iostats is only 200 ~ 500us, as I known EBS is actually a network volume and I think local network latency should be at ~10ms level, how EBS achieve this <1ms latency?

The same question for EFS as well, I haven't tested EFS but in the performance page it shows the read latency can be  ...

Score: 0
igalsc avatar
Apache2 non-default root directory multiple websites 403 forbidden
cn flag

I have Ubuntu 20.04 servers on AWS in autoscaling group with EFS mounted at /mnt/efs/fs1

I use codedeploy for deployment of a non-default website. The bitbucket pipeline creates a zip file containing the website config and the website content. Codedeploy deployment part is as follows:

#extract content
unzip -o frontend-qa.zip
#copy site config
sudo mv /mnt/efs/fs1/sites-enabled/* /etc/apache2/sites ...
Score: 0
Mikhail Polykovskii avatar
How to place resolvectl commands in ovpn profile?
lv flag

I've got an ovpn config to connect to private network from Ubuntu 20.04 LTS. But every time after starting the vpn I have to run those commands

resolvectl dns tun0 10.0.0.255
resolvectl domain tun0 "~domain1.com"
resolvectl domain tun0 "~domain2.com"

to make dns work with private subdomains. Is it possible to include those commands into ovpn config and execute them automatically, when I connect to thi ...

Score: 0
Kossak avatar
Can't ssh into cloud shell
jp flag

I try to ssh from my local host to GCP cloud shell and get the error:

$ gcloud cloud-shell ssh --authorize-session
sign_and_send_pubkey: signing failed for RSA "/home/kossak/.ssh/google_compute_engine" from agent: agent refused operation
<USER>@<IP>: Permission denied (publickey).
ERROR: (gcloud.cloud-shell.ssh) [/usr/bin/ssh] exited with return code [255].

with debug option:

$ gcloud ...
Score: 0
acgbox avatar
How to show an internal static page to IP addresses list?
ng flag

I have a ubuntu 22.04 server, a list of ip addresses of users on my local network and I want to redirect http/https traffic from this list to a local informative html page. Similar to how a hotspot would. I have tried with apache2, squid, wpad (252 dhcp), iptables, but I have not been able to. https does not redirect.

how do i do it?

Score: 1
peter avatar
How can I set specific directory for different users in proftp?
sa flag

Currently, when user A logs in proftp, he comes at his home directory /home/A, when user B logs in proftp, he comes at his home directory /home/B. I want to let user A come at /dir1 and let user B come at /dir2, how can I do in proftpd's configuration file?

Score: 0
Kismet Agbasi avatar
OpenMediaVault SMB/CIFS Share Failed to Enumerate Objects in the Container. Access Denied
gb flag

Good-day Folks,

I have a small OpenMediaVault (OMV) v6.0.46-5 deployment, running the Proxmox Kernel v5.19.17-1-pve (so I can have a ZFS filesystem) to support Windows 10 clients (primarily) in a Microsoft Active Directory environment. OMV is integrated with Active Directory and my goal is to create a non-public share, expose it to the Windows clients via SMB/CIFS, and then allow members of a certain ...

Score: 0
David Robie avatar
Allocate Total RAM For OGE
va flag

This may end up being related to my other question about hard limits and slots, but is there a way to set the total amount of usable RAM in Open Grid Engine (OGE), regardless of the number of slots?

For example, on one machine, some users want to submit sets of jobs which will at most use X GB, some wants sets of Y GB at most, and some users don't want to use OGE, and run their jobs independently ...

Score: 0
Fritz avatar
Add Partition Table to existing vhdx partition image
br flag

I have images of single paritions (not full disks) in vhdx format. I want to create VMs with Hyper-V with them. Since the images are only partitions the machines do not start.

How can I add the disk header or merge multiple vhdx partitions to a singe vhdx disk with header.

Notes: I have 2 use cases:

  1. vhdx imags from WindowsServerBackup(/WindowsImageBackup)
  2. linux ext4 partition created with dd from  ...
Score: 0
simo avatar
Adding new servers with SSL certificates using HAProxy APIs?
ve flag

Using HAProxy APIs, can we add a new server configuration with a SSL certificate installed so that we can serve the new domains via https ?

Is this possible to achieve using HAProxy APIs only ? or a tool like Lets Encrypt is still needed?

Score: 0
David Robie avatar
Allocate Variable Slots For OGE Based on User Needs
va flag

On one machine, some users want to submit sets of jobs which will at most use X GB each, while other users want sets of up to Y GB each.

Can Open Grid Engine (OGE) create variable amounts of slots based on job load? For example, if Y >> X, and the total RAM on the machine can safely run 5 jobs of Y without overloading, I would want to have 5 slots open. But then let's say all the Y jobs hav ...

Score: 0
carlitobrigante avatar
S3 static website is loading pretty slow on private window mode only
cn flag

I'm not sure is this is an S3 issue or something with my website but would like to ask the community for some help.

Configuration: I have a static website (about 700KB) hosted on S3. My .css and .js is gzipped with the appropriate metadata set up. All objects in the bucket are using a cache-control with max-age equivalent to 7 days.

Issue: When I try to access my website from a private window in firefox,  ...

Score: 0
David Robie avatar
Hard and Soft Limits in OGE
va flag

According to the documentation for Open Grid Engine (OGE), you can configure hard and soft limits for the allocated slots.

Further reading shows that tasks can run above the soft limit for a set consecutive amount of time, after which it is treated as a hard limit.

Now, perhaps I've missed a section, but I haven't come across what happens when you hit a hard limit. Does it kill your job? Is the job suspen ...

Score: 0
Luis Carrillo avatar
nginx rewrite for mobile site, except some extensions
gb flag

We got an IIS server with two sites: www.example.com and m.example.com (for mobile). The www site has this code in the web.config to redirect to mobile site:

<rule name="ignore png" stopProcessing="true">
      <match url="(.*)\.png" />
      <action type="None" />
</rule>
<rule name="ignore jpg" stopProcessing="true">
      <match url="(.*)\.jpg" />
      <act ...
Score: 0
mcry avatar
Why not nuke an machine after malware cleanup?
is flag

So this is a noob question.

Why do we perform a clean up on a machine that has been infected with malware and not nuke it directly instead? I understand that in some situations this would not be possible(like large DB servers or when we don't have a backup). But many instruction videos and tools are designed for workstations and not large scale servers.

I think my workflow would probably be somethin ...

Score: 2
Ronny Forberger avatar
Dovecot IMAP Server with Horde Groupware ActiveSync - IMAP Server not reporting changed state
sb flag

I have a Horde Groupware with a Dovecot IMAP Server on Debian Linux running.

Using the Web UI of Horde works well, but I have a problem using ActiveSync.

When using a client app like BlueMail on Android, I do not see the most recent e-mail messages in INBOX.

The activesync log says the following:

[163168][2022-11-11T15:08:44+00:00] >>>: INBOX IMAP PREVIOUS MODSEQ: 190086

This line shows that the  ...

Score: 0
Frederik Hoeft avatar
Bind9 forwarding with client-side query evaluation
ru flag

We have a bind9 (version 9.18.4-2) DNS server called ns1.home.arpa at 10.100.200.1 running on Debian which acts as our primary DNS server for multiple local subnets (10.100.0.0/16 and 10.200.0.0/16) and manages different *.home.arpa zones.

We now also have a different (legacy :P) NS at 10.0.0.210 (which I do not have access to) that manages some other *.our-company.lan zones. Due to routing and firewalls  ...

Score: 0
RAGHU.K.J Ram avatar
Errors while starting Nginx server after the successfull compilation of Lua modules
na flag

I have compiled my Nginx package using lua module. Though the compilation was successful but I am getting the below error while starting the nginx server :

nginx: [warn] lua_load_resty_core is deprecated (the lua-resty-core library is required since ngx_lua v0.10.16) in /app/middleware/nginx/conf/nginx.conf:24
nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations wil ...
Score: 2
Robert Munteanu avatar
podman: map container user to host user for shared volume permissions
in flag

I am trying to set up gitea using podman. I would like to have

  • the data volume mapped to a host directory, because it allows me to easily inspect and backup the data
  • the container process executed by a specific host user

Podman is executed by the root user, mostly because of the problems I had with podman generate systemd --new and rootless containers ( see systemd User= directive not supported, ...

Score: 0
Alex Lum avatar
PHP8 ldap_bind : Error -1 Can't contact LDAP server
us flag

I m on almalinux 8.7 with PHP8. Test ldapsearch with TLS is ok

ldapsearch -H ldap://xxxx -x -ZZ /etc/pki/tls/certs/xxxx.pem -D 'xxxxx' -w 'xxxx' -b 'cn=xxx,cn=users,dc=xxx,dc=xxxx'

But ldap_bind won't find ldap server. Error -1. Without ldap_start_tls($ldap_con);, it is ok.

- EDIT error message :

  • enter image description here

What am i missing?

if(empty(!$_POST["password"]))
        {
        // Configuration pour interface PHP de ...
Score: 2
SpiceTortilla avatar
Are HTTP Headers configured by the CDN or by the application?
tz flag

This is kind of a theoretical question, and I guess it may be too broad or unclear.

Foobar is an application serving users across the internet. It relies on a CDN to improve its resiliency, speed, etc to serve people wherever they are.

  • Are the HTTP headers (received by the client) defined by the CDN, or by the Foobar application (implying the CDN will forward them)?

  • If both are possible, what are the pr ...

The Stunning Power of Questions

Much of an executive’s workday is spent asking others for information—requesting status updates from a team leader, for example, or questioning a counterpart in a tense negotiation. Yet unlike professionals such as litigators, journalists, and doctors, who are taught how to ask questions as an essential part of their training, few executives think of questioning as a skill that can be honed—or consider how their own answers to questions could make conversations more productive.

That’s a missed opportunity. Questioning is a uniquely powerful tool for unlocking value in organizations: It spurs learning and the exchange of ideas, it fuels innovation and performance improvement, it builds rapport and trust among team members. And it can mitigate business risk by uncovering unforeseen pitfalls and hazards.

For some people, questioning comes easily. Their natural inquisitiveness, emotional intelligence, and ability to read people put the ideal question on the tip of their tongue. But most of us don’t ask enough questions, nor do we pose our inquiries in an optimal way.

The good news is that by asking questions, we naturally improve our emotional intelligence, which in turn makes us better questioners—a virtuous cycle. In this article, we draw on insights from behavioral science research to explore how the way we frame questions and choose to answer our counterparts can influence the outcome of conversations. We offer guidance for choosing the best type, tone, sequence, and framing of questions and for deciding what and how much information to share to reap the most benefit from our interactions, not just for ourselves but for our organizations.