Dedicated Server Reviews

Security and protection is very important when it comes to dedicated servers. Firewall basically refers to devices which allow or deny traffic or any incoming or outgoing connections based upon set of rules. It normally operates within a single network or over various networks in large operations. It prevents any network threats. It’s architecture is to block any vulnerable threats to the main server. On a linux server, we can also configure IPtables or csf firewall through cPanel.

It basically filters packets or units of data transfers basically TCP and UDP traffic. Cisco are known for their firewall appliances which ofcourse compete with other appliances such as Juniper. Some of the linux firewall include Cisco ASA, Coyote Linux etc. Windows Operating Systems offer in-built Firewall, famously known as Windows Firewall. However, we can also configure hardware firewall such as Cisco etc.

Security is a very important concept today and it definitely needs implementation on every dedicated server.

MySQL has quite a few cryptic error messages, and this one is one of the best:

mysql> DROP USER 'forums'@'db1.myserver.com';
ERROR 1268 (HY000): Can't drop one or more of the requested users

Naturally, I was quite interested to know why MySQL wasn’t going to allow me to remove this user. There was nothing special about the user, but then again, this wasn’t a server that I personally managed, so I wasn’t sure what kind of configuration was in place.

It’s always a good idea to get your bearings, so I checked the current grants:

mysql> SHOW GRANTS FOR 'forums'@'db1.myserver.com';
+----------------------------------------------------------------------+
| Grants for forums@db1.myserver.com                                   |
+----------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'forums'@'db1.myserver.com' WITH GRANT OPTION  |
+----------------------------------------------------------------------+
1 row in set (0.00 sec)

The GRANT OPTION was causing my grief. It was the only privilege that the user had on the server. I revoked the privilege and attempted to drop the user yet again:

mysql> REVOKE GRANT OPTION ON *.* FROM 'forums'@'db1.myserver.com';
Query OK, 0 rows affected (0.00 sec)

mysql> DROP USER 'forums'@'db1.myserver.com';
Query OK, 0 rows affected (0.00 sec)

It’s key to remember that revoking the GRANT OPTION is a completely separate process. Revoking ALL PRIVILEGES doesn’t include GRANT OPTION, so be sure to specify it separately:

mysql> REVOKE ALL PRIVILEGES, GRANT OPTION ON *.* FROM 'user'@'host';

As has been widely reported, three of the nation’s largest, ISPs have entered into an agreement with New York’s Attorney General Cuomo in which they will begin blocking certain sites alleged to contain child pornography.  While it’s unclear why these ISPs agreed to cooperate (although given A.G. Cuomo’s past law enforcement efforts, it’s certainly easy to assume that a certain amount of arm twisting was involved) the way this agreement will be implemented is quite illuminating. 

The press release issued by the A.G.’s office makes for interesting reading.  It appears that the State of New York will begin building a library of objectionable images and assign these images hash values.  This will allow the State to identify images across multiple networks without having to re-identify them.  The ISPs will also use lists of illegal images compiled by the National Center for Missing and Exploited Children (NCMEC) to administer the program and remove data.  In addition, in the release, we learn that the A.G.’s office “uncovered” a “major source” of the content, “known as news groups.” 

What is missing from the release is how these programs will be administered.  Predictably, this minor issue was not included in the press release, nor in reporting by major news outlets.  However, reporters from “Mashable” did some digging and found that each of the ISPs were going to approach the issue differently:  TimeWarner is blocking all USENET access; Sprint the alt* hierarchy; and Verizon different newsgroups on a case-by-case basis.

So what does this mean in a broad context?  In general, I believe it reflects a dangerous trend of placing law enforcement tools in the hands of private, or quasi-private, entities.  Make no mistake, child pornography is illegal.  As I point out in almost every presentation I make, U.S. child pornography laws are “strict liability:”  you violate the law when you view the content, no matter how noble your intentions.  However law enforcement tools exist to combat this material.  Agreements such as this reflect the thin wedge of private Internet censorship.

When I read this warning flags shot up all around.  Other entities are already trying to implement similar schemes for other types of content.  Indeed, the RIAA, MPAA, NAB, and similar organizations are currently lobbying Congress to rewrite Intellectual Property laws to require certain types of content screening.  Last year former U.S. Attorney General Alberto Gonzales embarked on a campaign to eradicate all pornography on the Internet.  Taken together, these events should alarm hosts and other Internet Infrastructure providers.

Hosts sit at a particularly unique point in the Internet Infrastructure.  Because such a substantial amount of Internet traffic must ping their servers, it is incredibly easy to use this fact to control content.  This fact already results in hosts receiving a significantly higher number of criminal and civil warrants and subpoenas.  Hosts simply have the information. Moving the policing of illegal and objectionable content from law enforcement and requiring private entities to assume this task is likely to sharply increase the cost of doing business and significantly raise the risk profile of hosts.

While we all take great pains to make it clear that child pornography is objectionable, and its content irredeemable, the simple fact is that this agreement results in two major ISPs blocking access to a part of the Internet that is of great utility for other uses.  Similarly the organizations representing copyright holders have argued that P2P networks should be shut down because they can function as conduits for piracy.  It is not a far stretch to speculate about a future in which new methods of content dissemination are studied not for their effectiveness in moving Internet traffic, but for their potential to offend.  A chilling development indeed.

Plenty of first time Plesk (and dedicated hosting) users are often confused when it comes to adding users to a new MySQL database.  They can create the MySQL database with no issues, but adding a user can be a little trickier.

The option to create a MySQL database user should become available after you click on the database name from within Plesk.  As you can see sometimes it is the obvious issues that get in our way the most.

Plesk offers a powerhouse of tools and services to use to manage our dedicated hosting servers, but as with anything it pays to read up on it before you jump in with both feet.  All control panels are pretty much the same, they just have different ways of getting these jobs done.