š§ Building a Hybrid Anomaly Detection Engine for Network Flows 1ļøā£ Background flowenricher already enriched NetFlow/IPFIX data with ASN, GeoIP, DNS, etc., and had an Isolation Forest (iForest)ābased anomaly detector. We wanted to make the anomaly detection more stable, explainable, and sensitive to different attack patterns without constant retuning ā so we added two complementary … Read more
Teaching FlowEnricher to Spot Weirdos: Isolation Forest Joins the Party tl;dr: We added unsupervised anomaly detection to FlowEnricher using an Isolation Forest microservice. It scores per-IP behavior in real time and helps catch stealthy port scans and low-and-slow DoS bursts that signatures miss. Yeap, Machine Learning in netflows. Why Isolation Forest? Rule engines are great … Read more
When CSF (ConfigServer Firewall) announced it was closing, it left a big hole in the Linux hosting world.CSF had been the de-facto standard for years ā a reliable mix of iptables, Perl scripts, and clever wrappers that kept countless servers secure. But for those of us whoāve been running modern systems, one question was already … Read more
It all started, as it often does, with a simple hosting setup on dedicated servers, hosting customers on the usual suspects: Hetzner, OVH, and the like. As things grew, the natural evolution was to dive deeper into infrastructure ā first a few racks in a datacenter (Nova), then IPs and circuits from a provider, and … Read more
server { listen 80; server_name kibana; error_log /var/log/nginx/kibana.error.log; access_log /var/log/nginx/kibana.access.log; location / { rewrite ^/(.*) /$1 break; proxy_ignore_client_abort on; proxy_pass http://localhost:5601; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; } }
No need to rescue / reboot or anything. yum install cloud-utils-growpart growpart /dev/sda 1 resize2fs /dev/sda1 resize2fs 1.46.5 (30-Dec-2021) Filesystem at /dev/sda1 is mounted on /; on-line resizing required old_desc_blocks = 16, new_desc_blocks = 28 The filesystem on /dev/sda1 is now 58719995 (4k) blocks long.
The problem looks like the device ‘disappears’ from the bus, and becomes inaccessible to the driver. If it happens early – the driver will not load, if it happens later – it may fail with sporadic access errors cat /sys/module/pcie_aspm/parameters/policy grubby –update-kernel ALL –args “pcie_aspm.policy=performance pcie_port_pm=off pcie_aspm=off” dracut -f ethtool -K eno1 tso off gso … Read more
Configure Automatic Security Update (Unattended Upgrades) on Ubuntu Server First, install theĀ unattended-upgradesĀ package. sudo apt update sudo apt install unattended-upgrades You need to install theĀ update-notifier-commonĀ package in order to set up automatic reboot. sudo apt install update-notifier-common Then edit theĀ 50unattended-upgradesĀ file. sudo nano /etc/apt/apt.conf.d/50unattended-upgrades In this file, you can configure what packages should be automatically updated. By default, … Read more
AĀ DNSBLĀ is a DNS based [DNS = Domain Name System] blackhole list, which can be used as countermeasure against unwanted mail spam. One of the most efficient ways toĀ block mail spamĀ is to do it on mail server level by denying incoming connects from spam sources, where the contacting remote machine is identified by its IP address … Read more
This article will show you how to replicate most of the functionality of aĀ Barracuda Spam FirewallĀ on you cPanel server. The BSF has 12 layers that messages would be process through as illustrated in the graphic below. Iāll show you how to replicate most of these steps using customizations to the Exim and Spam Assassin. This … Read more