New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Process names
TinyTunnel_Tom
Member
Hello,
I'm looking the for the process names for the following pieces of software
TOR
Torrents
Nested Virtualization
@home software
IRC (bouncers)
IRC (servers)
Hipleap & alternatives
bitcoin miners
Regards,
Tom
This discussion has been closed.
Comments
They can be changed thus rendering your method useless. Still, you'll catch many abusers.
Just caught 1 TOR & 2 torrents
Out of my head:
Bitcoin miners:
I hope no ones going to help you block legitimate software, find it out yourself....
Not always the case.... and like William said, not going to help you find reasons to suspend people's VPS....
Been mining on a very well known major host for 18 months now, pay my bill on time every month, host is aware, no complaints...
Some people on this forum spent way too much time trying to "catch" people, so they can suspend their VPS. It makes your company look unprofessional. Focus more on your infrastructure.
You made a point. Updated my post to show common sense in those who can be something else.
Also, @TinyTunnel_Tom : I can get any app and name it
tor
- make sure you are really sure of what it is before blocking it.@funyuns_are_awesome
@William
@Traffic
90% of this is not for suspensions. We have torrent clients running on our network, we just actively monitor them more often. Both of them are seeding Linux ISOs which we are fully aware of however we have made a few adjustments to their plans accordingly. Regarding TOR we have a strict TOR policy and do not instantley ban but inquire with the VPS user. We even monitor a few game servers just to ensure they do not go overkill on any resources. I intend to make a nodewatch (watch) style system to just monitor what software is running our on network.
You should as ISP NEVER look what a process does or monitor it - In the EU this is even already illegal as it is not your data.
So why is nodewatch allowed? It runs I think ps then emails it to the admin upon outbound DoS?
I'm sure that's an exception because your only using that information to stop further breaking of the computer misuse act. As soon as the info in no longer needed it should be deleted.
Well, for one thing, a host is obviously obligated to look at the node performance and should not be restricted from using commands like "ps" and "top" to identify problems. Willingly tying one's hands behind one's back so that you are incapable of basic system administration tasks does not benefit customers. On OpenVZ, this does mean seeing process names. People here don't like that, so it's better not to talk about doing it.
However, process names won't get you very far. Focus on what is causing problems at what time, and not on who is running what. The worst problems will be caused by processes with unpredictable names.
Thats exactly all mine does the same as nodewatch so where is the difference.
Thank you Jar. We are aware of this. We also monitor CPU (sort of OVZ Kernel is quite bad at reporting this) this allows us to view CPU intesvive items (miners). We also monitor I/O which is good for I/O intense programs. And Conntrack + packets, this process name is mainly used just to catch out the odd few items as the more we abuse can prevent the better the performance.
I'm not saying all these processes are banned. Most are not, just some can cause abuse to we like to be helpful in everyway
Because it gets data by the packet counter - Not by inspecting the traffic. Second would be illegal, first isn't.
Looking at the process name itself is also not illegal (unless you have to enter the VM for it) - Analyzing it (i.e. look if Tor middle or exit node, Traffic and alike) is.
yes I am aware I dont monitor data other than conntrack (when high packet counter) same as nodewatch. To get process names we do not enter container. We just question anytime TOR appears
Run a miner as httpd, process watching thwarted
When I see CPU @ 100% im going to be suspicious
Maybe the, uh, "home videos" they have saved on their server is just really good and in high demand :P
Block the following process:
'xinetd'
Will solve problems...
Still violating fair share policy.
Some will even try to throttle mining. I deal with node abuse on a pretty consistent basis and have seen everything. Some have even tried using "xhide", an old process hider.
Because, you know, legit software and such requires xhide to hide processes
Not your f*ing problem how your customers runs software. You should not even know that - it implies you looked into this VPS and violated customer privacy.
So THAT's how you found out I was running virtualstripperd???
ETA: You run a VPS company?
So what abuse do you hope to stop by killing irc bouncers? They use almost no bandwidth or CPU...
none. Just mainly want to distinguish between servers and bouncers to stop false positives.
You can do that easily by looking at the traffic and not snooping on you customer's processes. Servers typically listen on tcp/6667 and will have a ton of connections while bouncers won't.
Good idea. Thank you
If you monitor for torrent clients, either let the user know you don't allow clients (which I think you said you did in another thread, on behalf of MyServerPlanet) or let them know you'll adjust their plan. Don't snoop through their account looking at what they're torrenting. If you admit to doing that, what else are you looking at?
If you allow torrents, but limit accounts to XX% CPU usage, and XXmbps upload, then make sure it's clear to users before limiting their account.
We don't snoop within the containers purely if torrent is running from ps. If they are using lots of BW we will work with them to keep both sides happy. As for CPU its fair share. basically just dont max it 24/7 which is kinder than matts 2.5%
We had one person trigger the packet warning earlier, turned out nodewatch ran ps and found torrent running we now have adjusted both sides and he happily is seeding Linux ISOs he showed.