Posts by biologist

Quote from Smallserver

Just start, if it takes time, it will take time
In all the years at Hetzner I never had a broken HDD. Maybe I shouldn't have said that .. nock nock nock.

The problem is just this one hdd-model... it's a mess!
The first hdd broke after one year (sdb). Fortunately, this one was replaced immediately as just one week later sda said goodbye. While sdb was replaced by a new hdd, sda got exchanged by a used one that had - at least as of smartctl-log - "a history". In other words: obvisously, this one was not 100% ok! Just three weeks later, it had to be replaced again - this time by a NEW Toshiba-drive. Works so far...

To be honest: your partition-layout is a load of crap!

1) 1GB /boot? Do you plan to hold 50 kernels available? And in general: what is the purpose of that extra partition?
2) 2,7TB of / - sounds massive but is in fact problematic. Why? You're running raid1 and let's assume your first hdd breaks. Within your raid, every partition that belongs to hdd1, has to be marked as faulty. After then you have to shutdown, the hdd needs to be replaced and after then you have to re-sync the f*cking 2,7TB in-a-row in rescue mode. Takes a while and the services are down, right? Why not using 20GB? Takes about 3mins to resync and after the reboot the services are running, because the raid is still active. The resync of the other partitions can be done hot!
3) Why no /var? Your logs can grow until the hdd is full!
4) Why no /var/www/virtual? Seperating web-spaces from the rest is a good idea!
5) Why no /tmp? Crap in /tmp can grow until the hdd is full!

In my opinion this is a good point to rebuild your system from backup/scratch!

Question: is this a Hetzner-server? Just asking because last year three crappy 3TB-Seagate-hdds broke in my webserver within 4 weeks.

Is there any problem you don't run into?

Quote from Pikeman

Es waren die Abhängigkeiten von Apache2 defekt und somit waren keine Updates möglich.

Das war aber auch schon aus der Fehlermeldung da oben zu erkennen

Oh, c'mon! Don't you guys reflect what you are doing?!

a) Migrate all domains firstline by copying the database and delete those, you don't to have there subsequently.
OR (depends on the number)
b) Migrate only those domains you want to migrate manually.

That's it. 30 Domains is "Kindergeburtstag" :->

Ob imscp das direkt unterstützt weiß ich nicht, ich würde für sowas den MX-Record der Domain entsprechend anpassen. Wird DNS extern delegiert (zB vom Registrar) oder nutzt die den von imscp konfigurierten primary DNS?

Ich schließe mich Haze an: generell ist ein solches Löschen höchst fragwürdig! Aber das soll nicht mein Problem sein. Prinzipiell ist die Sache einfach: schreibst ein Script, welches mittels find rekursiv durch alle Mailkonten geht. Dort speziell jeweils der "NEW"-Folder, da sich hier Mails nur so lange befinden, bis sie abgerufen wurden. Über den Zeitstempel kann man dann ausfiltern, wie alt sie maximal sein dürfen. Die zugehörigen Mailkonten lässt du dir, sofern sie entsprechend alte Mails besitzen, dann eben anzeigen.

In the end, fail2ban doesn't help for such a distributed brute force attack. But in the end this is by far not a massive attack - just 2-3 requests per second. Your server should withstand that without problems.

Was heißt denn "nicht funktionieren"? Welche Fehlermeldung kommt denn?

E.g. powerddns.