New on LowEndTalk? Please Register and read our Community Rules.
Process names
TinyTunnel_Tom
Member
Hello,
I'm looking the for the process names for the following pieces of software
TOR
Torrents
Nested Virtualization
@home software
IRC (bouncers)
IRC (servers)
Hipleap & alternatives
bitcoin miners
Regards,
Tom
Different.
This discussion has been closed.
LowEndBox & LowEndTalk.
Comments
They can be changed thus rendering your method useless. Still, you'll catch many abusers.
vrtz.net Cheap VPS Servers Offers - now with EXCLUSIVE offers! (all links are aff links)
$12/year HostUS Deal (768MB RAM+768MB vSwap) • $11.29/year GestionDBI Deal (768MB RAM)
Just caught 1 TOR & 2 torrents
Different.
vrtz.net Cheap VPS Servers Offers - now with EXCLUSIVE offers! (all links are aff links)
$12/year HostUS Deal (768MB RAM+768MB vSwap) • $11.29/year GestionDBI Deal (768MB RAM)
Out of my head:
Bitcoin miners:
vrtz.net Cheap VPS Servers Offers - now with EXCLUSIVE offers! (all links are aff links)
$12/year HostUS Deal (768MB RAM+768MB vSwap) • $11.29/year GestionDBI Deal (768MB RAM)
I hope no ones going to help you block legitimate software, find it out yourself....
IP6.IM
Not always the case.... and like William said, not going to help you find reasons to suspend people's VPS....
Been mining on a very well known major host for 18 months now, pay my bill on time every month, host is aware, no complaints...
Some people on this forum spent way too much time trying to "catch" people, so they can suspend their VPS. It makes your company look unprofessional. Focus more on your infrastructure.
You made a point. Updated my post to show common sense in those who can be something else.
Also, @TinyTunnel_Tom : I can get any app and name it
tor- make sure you are really sure of what it is before blocking it.vrtz.net Cheap VPS Servers Offers - now with EXCLUSIVE offers! (all links are aff links)
$12/year HostUS Deal (768MB RAM+768MB vSwap) • $11.29/year GestionDBI Deal (768MB RAM)
@funyuns_are_awesome
@William
@Traffic
90% of this is not for suspensions. We have torrent clients running on our network, we just actively monitor them more often. Both of them are seeding Linux ISOs which we are fully aware of however we have made a few adjustments to their plans accordingly. Regarding TOR we have a strict TOR policy and do not instantley ban but inquire with the VPS user. We even monitor a few game servers just to ensure they do not go overkill on any resources. I intend to make a nodewatch (watch) style system to just monitor what software is running our on network.
Different.
You should as ISP NEVER look what a process does or monitor it - In the EU this is even already illegal as it is not your data.
IP6.IM
So why is nodewatch allowed? It runs I think ps then emails it to the admin upon outbound DoS?
Different.
I'm sure that's an exception because your only using that information to stop further breaking of the computer misuse act. As soon as the info in no longer needed it should be deleted.
Well, for one thing, a host is obviously obligated to look at the node performance and should not be restricted from using commands like "ps" and "top" to identify problems. Willingly tying one's hands behind one's back so that you are incapable of basic system administration tasks does not benefit customers. On OpenVZ, this does mean seeing process names. People here don't like that, so it's better not to talk about doing it.
However, process names won't get you very far. Focus on what is causing problems at what time, and not on who is running what. The worst problems will be caused by processes with unpredictable names.
https://mxroute.blackfriday/
Thats exactly all mine does the same as nodewatch so where is the difference.
Thank you Jar. We are aware of this. We also monitor CPU (sort of OVZ Kernel is quite bad at reporting this) this allows us to view CPU intesvive items (miners). We also monitor I/O which is good for I/O intense programs. And Conntrack + packets, this process name is mainly used just to catch out the odd few items as the more we abuse can prevent the better the performance.
I'm not saying all these processes are banned. Most are not, just some can cause abuse to we like to be helpful in everyway
Different.
Because it gets data by the packet counter - Not by inspecting the traffic. Second would be illegal, first isn't.
Looking at the process name itself is also not illegal (unless you have to enter the VM for it) - Analyzing it (i.e. look if Tor middle or exit node, Traffic and alike) is.
IP6.IM
yes I am aware I dont monitor data other than conntrack (when high packet counter) same as nodewatch. To get process names we do not enter container. We just question anytime TOR appears
Different.
Run a miner as httpd, process watching thwarted
How to clean up a questionable reputation: throw the kids some BF/CM offers.
When I see CPU @ 100% im going to be suspicious
Different.
Maybe the, uh, "home videos" they have saved on their server is just really good and in high demand :P
Personal consultant to OP's Mom™
Block the following process:
'xinetd'
Will solve problems...
Kwicero LTD
Company no. 09475165
KwiBill Billing Automation Software: Click here
Still violating fair share policy.
Different.
Some will even try to throttle mining. I deal with node abuse on a pretty consistent basis and have seen everything. Some have even tried using "xhide", an old process hider.
How to clean up a questionable reputation: throw the kids some BF/CM offers.
Because, you know, legit software and such requires xhide to hide processes
How to clean up a questionable reputation: throw the kids some BF/CM offers.
Not your f*ing problem how your customers runs software. You should not even know that - it implies you looked into this VPS and violated customer privacy.
IP6.IM
So THAT's how you found out I was running virtualstripperd???
ETA: You run a VPS company?
Personal consultant to OP's Mom™
So what abuse do you hope to stop by killing irc bouncers? They use almost no bandwidth or CPU...
none. Just mainly want to distinguish between servers and bouncers to stop false positives.
Different.
You can do that easily by looking at the traffic and not snooping on you customer's processes. Servers typically listen on tcp/6667 and will have a ton of connections while bouncers won't.
Good idea. Thank you
Different.
If you monitor for torrent clients, either let the user know you don't allow clients (which I think you said you did in another thread, on behalf of MyServerPlanet) or let them know you'll adjust their plan. Don't snoop through their account looking at what they're torrenting. If you admit to doing that, what else are you looking at?
If you allow torrents, but limit accounts to XX% CPU usage, and XXmbps upload, then make sure it's clear to users before limiting their account.
Favourite host in general: Ramnode (affiliate link)
Favourite host for hourly billing/custom ISOs: Vultr ($50 free credit for new accounts, affiliate link)
We don't snoop within the containers purely if torrent is running from ps. If they are using lots of BW we will work with them to keep both sides happy. As for CPU its fair share. basically just dont max it 24/7 which is kinder than matts 2.5%
We had one person trigger the packet warning earlier, turned out nodewatch ran ps and found torrent running we now have adjusted both sides and he happily is seeding Linux ISOs he showed.
Different.
Anyway @mikho @Spirit @mpkossen got my process names from a friend on skype.
Different.
So note for everyone, don't trust your ISP (and especially not @TinyTunnel_Tom ) and rename your procs.
10/10, useful thread.
IP6.IM
Reminds me of renaming some programs 'eggdrop'.
Mojeek - Privacy Orientated Search Engine with its own Index
Funny, CloudAtCost was stopping TOR relay server, so after some troubleshooting, I decided to re-name the process to apache2.
It worked brilliantly. 200+ days uptime.
True wisdom comes to each of us when we realize how little we understand about life, ourselves, and the world around us.
So...?
I recommend Prometeus, the best provider ever!
Just re-name apache2 to 'cpuminer' and enjoy.
Free $10 DigitalOcean Credit
Why not just go with the tried and true: 'sysadminsmomd'? (YouseewhatIdidthere?)
Personal consultant to OP's Mom™
The point of this thread was for process names. Everyone trolled him instead of providing process names. He posted and tagged every staff member on LET saying he found his process names from a friend on skype.
I think he just wants this thread closed and the drama to blow over.
Trouble is, now people are concerned about what the OP is doing, quite possibly because the OP works for providers here who they previously trusted.
Here lies Nekki. He loved massive amounts of storage, K-Pop and calling people cunts.
As I have stated I am doing nothing more than nodewatch. I know nanovz and others that use it. Can we define the issue?
Different.
You've stated it, but do people believe you?
Here lies Nekki. He loved massive amounts of storage, K-Pop and calling people cunts.
That's up to them not me. I am actually building a full nodewatch alternative I will make it public one day so everyone can see for themself
Different.
Just because you're making an alternative to something, doesn't mean you're not a peeping Tom and looking in peoples containers.
@TinyTunnel_Tom Which providers do you actually work for these days? I'm assuming you still do work for somr and I may be wrong.
Here lies Nekki. He loved massive amounts of storage, K-Pop and calling people cunts.
I completely avoid vzctl enter without customers permission
Different.
Of course.
Free $10 DigitalOcean Credit
Shit like this is why you just never ever buy OpenVZ, certainly not from nosy wannabe hosts like... MyServerPlanet now?
Hilarious 10/10
@TinyTunnel_Tom please do not highlight complete forum staff. Use flag option next time.