Monitoring Network Activity
As you know there is many cases that hosting accounts can generate network traffic which is not coming from web server,
For example a Perl or PHP script which download files from other servers and so on.
Even there's many abusive cases which hacked hosting account begin used for DDoS, therefore I believe monitoring or having stat from hosting accounts network activity like total traffic generated by every user ( except incoming web traffic ) every day would help hosting companies to trouble shoot these cases much easier.
Currently we found such cases by iptables features but I guess you can gather related statistics much easier by kernel capabilities and implementing this feature will be much easier that IO monitoring which you have already in Cloud Linux Kernel.
Any update on this?
Dion adi commented
hi igor, ImunifySensor is dead.
i dont want to buy Imunify360 it over of my budget. if Imunify360 price is include Cloudlinux and kernelcare, we can consider it.
i hope you have win win solution for this.
if not, please implement this idea to cloudlinux.
I would like this built into cloudlinux, for example, I want to limit the user from accessing other network interfaces/networks on the server, and just only be able to access the default gateway IP on the internet network interface (no need for a bad actor to sign up/compromised password or app to start port scanning/brute forcing the rest of the local network).
I would like to have this ASAP. Also isn't ImunifySensor being discontinued ?
AdminIgor Seletskiy (CEO, Cloud Linux) commented
We are planning to handle it is as part of Imunify360/ImunifySensor software.
ImunifySensor will be included for free with CloudLinux
Joe B commented
Any update on this it's been under review for over a year?
it is great,i think many hosting package host company sites mainly,it should take care only from cpu,ram,..etc usage,but also needing from networking.
I recommend to monitor or control both bandwidth and PPS ( packet per second ) of outgoing network traffic, these days attackers are using more and more PPS based DDoS Technics.
+2 votes, Monitoring netwerk activity is important, but I also think they could include a limiting of netwerk resources.
Dominick Labrie commented
I also support this feature, as it would be useful to limit the outgoing traffic per user. It would prevent hacked accounts or simply hackers to send out big DDoS attacks..
Pawel Panek commented
I believe there should be a way to put network limits on users. A 'network' is also a resource that LVE should have control over. In virtualized enviroment this can be with virtual interfaces. Virtual networking gives more control than just per user monitoring and limits. You can for eg. assign dedicated IP to customer and make him to use only that IP for outbound connections. See this forum thread for more: http://cloudlinux.com/solutions/forum/forum18/topic563/