If you’re on an Ubuntu Server with multiple IP addresses and you want to bind networking software like sshd or Squid to a dediated network interface (unlike 0.0.0.0) you
might eventually end up with error messages like:

error: Bind to port 22 on 123.234.456.789 failed: Cannot assign requested address.

Which is bad, since you may lock yourself out of the server.

The same may also happen to Squid:

commBind: Cannot bind socket FD 19 to 123.234.456.789:3128: (99) Cannot assign requested address

Both, Squid and sshd, have in common, that they’re upstart-ed from /etc/init. What happens in 10.04 is that ssh or squid are started too early, at least if you configured multiple network interfaces on the server.
And another weird thing is that for every network interface in /etc/network/interfaces the scripts in /etc/network/if-up.d/* are being re-executed when the network is brought up at boot time.
That’s pretty lame if you ask me because if the server has 10 network interfaces, sshd is being started and stopped 10 times during boot.

Anyway, the trick is to tell upstart not to start certain processes until the last network interface on a server is up.
In my case, the last network interface is venet0:8 so the start command in /etc/init/ssh.conf and/or /etc/init/squid.conf has to be modified to:

start on filesystem and net-device-up IFACE=venet0:8

This also prevents the useless restarting of sshd when the network is being started. And again, this only happens if the server has multiple IP addresses and you’re not using the standard bind-’em-all address 0.0.0.0 for processes that are started from /etc/init.

TorrentFlux is a web-based PHP front-end for the BitTorrent client BitTornado. It’s a great software to download torrents on Linux servers that have no desktop manager installed.

BitTornado uses the server’s default IP address for it’s peer-to-peer connections by default. If your server has multiple IP addresses, you may want to assign a different IP address for the torrent traffic. All you have to do is to specify a bind parameter in the TorrentFlux settings. On Debian-based servers however, downloading stops instantly if the bind parameter is specified. After doing some debugging I found out that is has to do with how the parameters are passed from TorrentFlux to BitTornado. A small modification to the index.php file will fix this problem. Here’s how to do it. Read more »

When I compiled the how-to about using Duply to backup a Linux server to a FTP account I mentioned the possibility to backup all data to an IMAP account. So, all we need for our encrypted backup is a reliable IMAP account provider with a few GB of email space. In this post I’m using Gmail which provides up to 7 GB for emails for free, but instead of saving emails Duply will store encrypted backup files on that Gmail account. Read more »

My Linux root server’s hosting price plan includes a 50 GB backup storage option. The backup server can only be reached using FTP, unsecured. Even though the backup server is only visible from within my server provider’s local network, I still don’t want to expose all my server settings, accounts and databases in clear text to a man in the middle. Or, I don’t want an untrustworthy subject with access to the backup server’s file system to be able to read my backup. Also, I don’t want to send my entire site to the backup storage every day as this would eat up my 50 GB within days.

This is where Duply (formerly known as FTPlicity) comes in handy. Duply claims to make your incremental encrypted backups on non-trusted spaces a child’s play. It manages backup job settings in profiles and allows to batch execute commands. It supports symmetric and asymmetric encryption using GPG.

Duply is not limited to FTP, you can also send your backups to a IMAP, WebDAV or ssh destination (and even more!). I haven’t tried the IMAP method but in theory you could send your encrypted backup to a free Google mail account as long as you don’t exceed the 7 GB provided by Gmail. However, in this sample, I’m using a FTP scenario with asymmetric encryption.

Read more »

It’s not a secret that these days most server hacking attempts originate from chinese IP addresses. A lot of attempts originate from other countries like South Korea and Indonesia as well. It seems that in those countries (cyber-)law-enforcement and technological advancement don’t correlate. I agree that a server has to be able to sustain non-flooding attacks just by using a proper and secure server configuration. But what if almost all traffic from those countries are automated vulnerability scans? Read more »

While the installation of the Linux binary for the Unreal Tournament 3 Server is dead simple, some very brave game server administrators apparently chose to run the server with root permissions because there’s no useful server start script. This usually is an exceptionally bad idea for everything that opens ports on an Internet server.

Here’s a very simple start script that starts the UT3 server with a different account which you have to create using the groupadd/useradd command. In my case I’m using user game in group game. The script will sudo to this less powerful account and then start a botless deathmatch UT3 server. The server will continue to run after you close your shell. Well, at least until the server crashes, which it does frequently. In its current form the script has to be put into the ut3-dedicated/Binaries directory. Read more »