This might not be for all of you but for those Linuxers out there, here’s an example of how to setup your mirror:

(Mirror is a way of replicating one server to another btw if you didn’t know.)

To download the mirrors I use this script:
<script sync_mirror.sh>

#!/bin/bash
OPTIONS="--nosource --progress --postcleanup --ignore-release-gpg --ignore-small-errors --pdiff=none";
MIRROR=`basename ${0} | cut -f2 -d "_"`
DEST="/home/debian-mirror"
case "${MIRROR}" in
        "debian" )
                METHOD="--method=http"
                HOST="--host=ftp.de.debian.org"
                ROOT="--root=debian"
                DIST="--dist=etch,etch-proposed-updates"
                ARCH="--arch=i386"
                SECTION="--section=main,contrib,non-free"
                DEST="${DEST}/debian/"
                ;;
       "security" )
               METHOD="--method=ftp"
               HOST="--host=security.debian.org"
               ROOT="--root=/debian-security/"
               DIST="--dist=etch/updates"
               ARCH="--arch=i386"
               SECTION="--section=main,contrib,non-free"
               DEST="${DEST}/debian-security/"
               ;;
        "volatile" )
                METHOD="--method=http"
                HOST="--host=volatile.debian.org"
                ROOT="--root=debian-volatile"
                DIST="--dist=etch/volatile"
                ARCH="--arch=i386"
                SECTION="--section=main,contrib,non-free"
                DEST="${DEST}/debian-volatile/"
                ;;
        "multimedia" )
                METHOD="--method=http"
                HOST="--host=www.debian-multimedia.org"
                ROOT="--root=/"
                DIST="--dist=etch"
                ARCH="--arch=i386"
                SECTION="--section=main"
                DEST="${DEST}/debian-multimedia/"
                ;;
        "backports" )
                METHOD="--method=http"
                HOST="--host=www.backports.org"
                ROOT="--root=debian"
                DIST="--dist=etch-backports"
                ARCH="--arch=i386"
                SECTION="--section=main,contrib,non-free"
                DEST="${DEST}/debian-backports/"
                ;;
        * )
                echo "${0} called incorrectly"
                exit
                ;;
esac
debmirror ${OPTIONS} ${METHOD} ${HOST} ${ROOT} ${DIST} ${ARCH} ${SECTION} ${DEST}

</script sync_mirror.sh>

To setup the permissions I use this script:
<script permissions.sh>

#!/bin/bash
MIRROR=`basename ${0} | cut -f2 -d "_"`
DEST="/home/debian-mirror"
case "${MIRROR}" in
        "debian" )
                DEST="${DEST}/debian/"
                ;;
        "security" )
                DEST="${DEST}/debian-security/"
                ;;
        "volatile" )
                DEST="${DEST}/debian-volatile/"
                ;;
        "multimedia" )
                DEST="${DEST}/debian-multimedia/"
                ;;
        "backports" )
                DEST="${DEST}/debian-backports/"
                ;;
        * )
                echo "${0} called incorrectly"
                exit
                ;;
esac
echo "Setting Ownership"
chown -R www-data:www-data ${DEST}
echo "Setting File Permissions"
chmod -R 660 ${DEST}
echo "Setting Folder Permissions"
find ${DEST} -type d -exec chmod 770 {} \;

</script permissions.sh>

And then to pull it all together I have thefollowing directory structure (mirrors left out as it’s a ling list of files)

/home/debian-mirror/
|-- debian
|-- debian-backports
|-- debian-multimedia
|-- debian-security
|-- debian-volatile
|-- scripts
|   |-- permissions.sh
|   `-- sync_mirror.sh
`-- scripts.d
    |-- mirror_backports -> ../scripts/sync_mirror.sh
    |-- mirror_debian -> ../scripts/sync_mirror.sh
    |-- mirror_multimedia -> ../scripts/sync_mirror.sh
    |-- mirror_security -> ../scripts/sync_mirror.sh
    |-- mirror_volatile -> ../scripts/sync_mirror.sh
    |-- permissions_backports -> ../scripts/permissions.sh
    |-- permissions_debian -> ../scripts/permissions.sh
    |-- permissions_multimedia -> ../scripts/permissions.sh
    |-- permissions_security -> ../scripts/permissions.sh
    `-- permissions_volatile -> ../scripts/permissions.sh

And then I just setup a cronjob:

0 0     * * 0   root    /bin/run-parts --verbose /home/debian-mirror/scripts.d | /usr/bin/mailx -s "`uname -n` - Debian mirror sync completed" root

This was to disable the mirroring of one of the repositories I just need to remove the symlink from the scripts.d folder

via nighthawk

I have been reading the following book called, Linux Server Hacks, which shows you many ways you can hack your Linux server so your server doesn’t die.

This actually works since we just had a DoS attack about 5 minutes ago. (It seems like we are getting more and more DoS attacks these days. You can refer to the DDOS Deflate script also)

Here’s HACK #47 I read about last week in my bath room from the book and I just used it to prevent DoS attackers from bringing my precious Quad-CPU dedicated server down.

Enter the following commands and you will limit number of TCP connections to your server to 12 connections per second after 24 connections have been seen. (It means that no matter what, your server will not try to serve more than 12 visitors during one second of period when your server gets digged, farked, stumbled, or whatever)
iptables -t nat -N syn-flood

iptables -t nat -A syn-flood -m limit —limit 12/s —limit-burst 24 -j RETURN

iptables -t nat -A syn-flood -j DROP

iptables -t nat -A PREROUTING -i $EXT_IFACE -d $DEST_IP -p tcp –syn -j syn-flood
I think you can increase the values steadily if your server can handle more. But it seems to have brought our server load from 33.00 somethin’ to under 1.0. Yey!

If you are a hacker, sorry dude. You are gonna have to try a little harder hacking Zedomax since we are hackers too.

P.S. You know what I try to do when I find out where the hackers are coming from, I do a DoS attack back on them. This usually pisses them off enough to DoS me more but I kinda enjoy the battle so bring it on! :p