The department server at botany.natur.cuni.cz runs on a single-processor IBM x3200 M3 server with Intel Xenon 2.53 GHz (4 cores, 8 threads), disk arrays are mirrored on 2 x 2 TB HDD and 2 x 500 GB SSD disks giving a total capacity of 2.5TB. The operating system is openSUSE GNU/Linux (version Leap 15.1). The web server is Apache 2.4. Also available are PHP 7, MariaDB (binary compatibility with MySQL) and PostgreSQL. More information about databases. To access data it is possible to use SFTP, see connection instructions. To easily access databases, users can use phpMyAdmin and phpPgAdmin.
If you are interested in a user account, contact the administrator. The basic disk space capacity is 4 GB (notification threshold) and after exceeding 4.3 GB your access will be blocked. If you need more space, you can get more upon request. You can use standard SFTP for access (port 22, server botany.natur.cuni.cz, encoding UTF-8). Consult the connection instructions. Interested parties can also get access using SSH. To do so, you must have a strong, non-trivial password and basic knowledge of the Linux command line.
If you want to change your SFTP password, go to https://botany.natur.cuni.cz:20000/ (Usermin). After clicking on System information you will then see how you are doing for available space. Also available in Usermin is a simple file manager enabling you to transfer files if, for some reason, SFTP is not running (in certain networks port 22 may be closed, in others higher ports...).
Linux treats files and directories beginning with a dot as system files, so they are hidden. If you are not using an SFTP client compatible with UNIX permissions, it may happen that you won’t see such files. SFTP does not allow writing directly into the top level of the home directory, files must therefore be saved in existing sub-directories (documents, public_html etc.). In this case, in the client settings it is necessary to enable viewing of hidden files. Total Commander needs an additional module, Altap Salamander (the faculty has a license) and works well with this from the get go. For this specific purpose the best choice for Windows is probably WinSCP (but it’s a fully standard protocol, so the choice of programs is practically unlimited). Also be aware that Linux distinguishes character size. So if you have a link on the page to the file "page.html", but the file is really called "Page.HTML", it’s not going to work (error 404, not found). We also recommend naming files WITHOUT diacritics and WITHOUT spaces, because when moving through the network these characters get coded into standard ASCII, a process which often generates errors.
Every user generally has the following directories in his/her basic home directory:
- public_ftp, which functions as a link to a shared FTP account (anyone at any time can upload and delete, don’t rely on something you uploaded some time ago to be there forever)
- public_html, where you can place your website (whatever you place there will be accessible to anyone at the address http://botany.natur.cuni.cz/uzivatel/). If for any reason you want to prevent access, it is possible to explicitly disable the page in the server settings so that even if something is in the folder, outside visitors will not be able to see it.
Every morning (roughly between five and six) all data is backed up on the NAS Synology DS409 server and during the day on CESNET data storage. Backup is always synced with the current files. On NAS a copy is made every week and every month. You can thus access files that are a day, week or month old, but not other dates. If by accident you delete or mess something up, you have one working day and evening to contact the administrator to restore your deleted data. :-)
Website owners will also find a file called webove-chyby.txt, where every 14 days there will be a list of web server errors related to your website. It is recommended to monitor this.
Blocking after repeated failures to log in
To increase security, the server now uses the Fail2ban and denyhosts programs, which track unsuccessful login attempts on SSH, SFTP and for web services, and if there are five unsuccessful attempts in one minute, the IP address of the given computer will be blocked. This means that if someone tries to get on FTP after it has been blocked by Fail2ban, then they will not be looking at the Department website (which is generally fine). The blocking period has been set for one entire month. Of course, it may happen that an authorized user just can’t remember their password. In such case, they might consider blocking to be just punishment for a bad memory, or they can contact the administrator and ask for their account to be unblocked. To unblock an account, it is absolutely necessary for the innocent victim to know the IP address that they want unblocked (cannot be done without this)! You can find out your IP address in Windows by entering ipconfig /all in the command line. For Linux (or another UNIX) you will enter the command ifconfig -a or ip a s. Be careful, because these commands (in laptops) display information about both the wired and wireless card – you must select the one you were using when the blocking occurred. You can also use services like What Is My IP, but sometimes the result is not exact.
More information about IT (on the Department of Botany)