Next project : Home bare metal hypervisor

My next project is to have a home bare metal hyperviser . The main purpose is to have virtual desktop . It look like Citrix xenserver free edition could provide it ,especially combining the xenDesktop togeter as a simple free VDI solution .

I will be using Intel Quad core Q9400 processor , a Gigabyte EP45T-UD3LR motherboard and a 4 GB Kingston DDR3 (if all goes well and DDR3 prices will drop ,I will expend it to 8-16 GB )

keeping track of invalid server requests

I like to know what's going on in my server , who scan me ,and how . But mainly i like to keep nosy inspector out of my servers private parts .That is one of the reasons I'm so fond of the denyhosts script. As so I like keeping track of invalid server requests ( 404 page) , since scanning web server for known vulnerabilities is  a common practice this days as much as port scanning .

To do so I've changed my 404 page to log any request ( in fact it is a redirect  ) to a DB. Visitor that get a 404 error in my servers still see the usual 404 page but behind the scenes it logs the request details to a database table.

To do this you first need to have apache + PHP + MySQL installed.

Then establish a MySQL DB ,for this example lets call it "invalidReqests" ,in MySQL prompt type:

 > create database invalidReqests;

and create a new table in it, lets call it "pagerequests " ,which has the fields: id ( int), servername ( varchar 255 ), requestedUrl  ( varchar 255 ) ,clientIp ( varchar 255 ) ,insdate (datetime)

 >CREATE TABLE pagerequests (

          id INT (16) NOT NULL AUTO_INCREMENT ,

          servername VARCHAR(255),

          requestedUrl VARCHAR(255),

          clientIp VARCHAR(255),

          insdate DATATIME,

        );

Create a mysql user and grant insert and select permissions to invalidReqests DB.( google how to to it)

Create a DB connection/ disconnection php file

dbcon.inc.php

<?  $username = "userA";
$password = "reallyStrongOne";
$hostname = "localhost";
$dbh = mysql_connect($hostname, $username, $password)
        or die("Unable to connect to MySQL");

$selected = mysql_select_db("invalidReqests",$dbh)
        or die("Could not select invalidReqests");
?>

 dbdis.in.php

<?
mysql_close($dbh);

?>

This is useful in case you have several sites and you would like each to have different looking  page but record requests to the same DB .

Now create a php file ( or copy your HTML 404 file and post-fix it as php ) 

add the following code ( prefer at the end of page ,so it could partially load in case of a problem ) 

404.php

       <? include 'dbcon.inc.php';

        $ip = $_SERVER["REMOTE_ADDR"];

        $url = $_SERVER["REQUEST_URI"];

        $srvname= $_SERVER["SERVER_NAME"];

        $query= "INSERT INTO pagerequests (servername,requestedUrl,clientIP,insdate)

        values('".$srvname."','".$url. "','".$ip."','".date( "Y-m-d H:i:s"). "')";

        mysql_query ($query);

        include 'dbdis.inc.php'

?>

make apache use it as 404 error page. in apache2.conf replace the line start with ErrorDocument 404 to the page 

 ErrorDocument 404 /404.php

 I also created a simple page to view the table :

404request.php

<center>
<table border="1"  id="table4">
                        <tr>
                                <td align="center"><b>Server name</b></td>
                                <td align="center"><b>Requsted url</b></td>
                                <td align="center"><b>Client ip</b></td>
                                <td align="center"><b>Date</b></td>
                        </tr>
                        <?

                        include 'dbcon.inc.php';

                        $result = mysql_query("SELECT * FROM pagerequests order by id desc limit 50" );
                        while ($row = mysql_fetch_array($result,MYSQL_ASSOC)) {
                                print "<tr><td><p align='center'>".
                                $row{'servername'}."</td><td><p align='center'>".
                                $row{'requestedUrl'}."</td><td><p align='center'>".
                                $row{'clientIp'}."</td> <td><p align='center'>"
                                .$row{'insdate'}." </td></tr>";
                        }
                        include 'dbdis.inc.php'
                        ?>
                </table>
</center>

One year + ,after

14-15 month after setting the VPS ,i can say it is very stable. some issues i had encountered : 

• I better off without and clamav or av mail checking ,mailscanner is already filtering any dangerous files by extensions.
• My wordpress template led to some site slowness ,after checking it with Yslow , I identified it as the cause and replace it to a much lighter template.
• Had some more RAM added to the total of 384 MB for dealing with the site slowness which turned out to be from the template ,but kept going with it since it does speed up things 
• Yearly averages are :CPU load is 0 % ,free memory 20 MB 

Since i had some distributed spam attack i had block any host that has no reverse DNS record ,does are fall back to my next MX record which is my google apps server that have a very useful spam filtering .