SSL down email ?? what is this?

9 posts / 0 new
Topic locked
Last post
#1 Sat, 11/01/2008 - 21:25
max

SSL down email ?? what is this?

I keep getting an email alert every so often:

Monitor on ns1.mydomain.com for 'Website www.mydomain.com (SSL)' has detected that the service has gone down at 01/Nov/2008 00:20

How can SSL go down and still work?

Anyone know why this is happening?

Thanks, max

EDIT: Just checked the log and it looks like a SSH dictionary attack. Can that shut down SSL?<br><br>Post edited by: max, at: 2008/11/01 21:47

Sun, 11/02/2008 - 08:33
andreychek

Howdy,

Well, what's likely happening is that at certain times throughout the day, while SSL is working fine, it might be taking long enough to respond that the process testing it thinks it's down.

For some thoughts on that and ideas on how to correct it, take a look at this thread:

http://www.virtualmin.com/forums/help-home-for-newbies/website-service-k...

It may be as simple as bumping up the timeout though.

Regarding the SSH attack -- those are unfortunate, and seem to happen a lot these days. However, that wouldn't effect the Apache/SSL stuff.
-Eric

Sun, 11/02/2008 - 14:12 (Reply to #2)
ronald
ronald's picture

there is something like c2ban (not sure how it is called though)
However if the attacker is using dynamic IP then the next guy getting the IP is banned from your server and this goes on and on.

Personally I think it is better to use some firewall rules which can be found in this forum.

For memory issues, it is described in the manual.. part of <a href='http://www.virtualmin.com/documentation/id,virtualmin_on_low_memory_' target='_blank'>&quot;low memory systems&quot;</a>
You can also limit the resources given to domains through VM (but I wouldn't know what to fill in exactly)

Sun, 11/02/2008 - 14:13 (Reply to #3)
ronald
ronald's picture

link not working :( still cant edit posts :(
http://www.virtualmin.com/documentation/id,virtualmin_on_low_memory_syst...

Sun, 11/02/2008 - 11:13
max

Good to know SSL is not freaking out.

But now that I'v looked at my logs (should be doing this more I know) I am wondering if there is an easy way to ban IP's that I see doing brute force attacks? I am definitely not into the linux FW, it is way to complicated.

Is there an easy/simple way to:

&quot;block all ports if from this IP&quot;
OR
&quot;just totally reject the IP&quot;

Like using a hatchet, not a scalpel, and no I am not voting for McCane.

It just sucks to see attacks going on as I write this and not be able to shut them off.

Thanks,
Max

Mon, 11/03/2008 - 11:02 (Reply to #5)
Joe
Joe's picture

Some folks use fail2ban and others use denyhosts. I don't use any of them...just really strong passwords. There was some discussion of some pretty clever stateful firewall rules which I think I stickied. It seems slightly more elegant than log-based solutions.

--

Check out the forum guidelines!

Sun, 11/02/2008 - 11:15
max

<i>Could not edit the post above....</i>

Also is there a guide to tuning Virtualmin to run less heavy in memory/processes?

Tue, 11/04/2008 - 10:06
max

Thanks for all of the replys. I like the simple stock solution of relying on strong passwords. Maybe my best bet is a password audit.

Those attacks just are eating up my resources and its irritating, but I guess its just accepted these days that brute force just happens.

Peace on earth, and may the best candOdate win....

Thu, 11/27/2008 - 10:33
KevinP

Hey,

You wanna contact SSL providers on Live chat? They do offer live chat support for installation and many more. recently I purchased Rapid SSL $14 from rapidsslonline.com. They do offer best product and support. I had deal of 25 SSL cert with rapidsslonline.com. I believe they might help you.. wanna try dude?

Kevin,

Cheap domain hosting provider......

Topic locked