Protecting from DDOS Attacks

If you want to protect your apache webserver against DOS,DDOS or brute force attacks use mod_evasive module.mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently reports abuses via email and syslog facilities.

Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from any of the following:

* Requesting the same page more than a few times per second

* Making more than 50 concurrent requests on the same child per second

* Making any requests while temporarily blacklisted (on a blocking list)

This method has worked well in both single-server script attacks as well as distributed attacks, but just like other evasive tools, is only as useful to the point of bandwidth and processor consumption (e.g. the amount of bandwidth and processor required to receive/process/respond to invalid requests), which is why it's a good idea to integrate this with your firewalls and routers for maximum protection.

This module instantiates for each listener individually, and therefore has a built-in cleanup mechanism and scaling capabilities. Because of this per-child design, legitimate requests are never compromised (even from proxies and NAT addresses) but only scripted attacks. Even a user repeatedly clicking on 'reload' should not be affected unless they do it maliciously. mod_evasive is fully tweakable through the Apache configuration file, easy to incorporate into your web server, and easy to use.

Install mod_evasive in Debian:

#apt-get install libapache2-mod-evasive

This will complete the installation

Test mod_evasive Module

open any browser,open your apache server home page, and click the reload button as fast as you can.

by: http://bigmyx.blogspot.com.br/2011/06/protecting-from-ddos-attacks.html

tags: ddos, protecting ddos, ddos protection, ddos mitigation

Block backup in cPanel, during business hours

Block backup in cPanel, during business hours

This example will release the full backup in cPanel from 23:00 PM to 06:00 AM everyday including Sunday:


In the shell type the following command:

env EDITOR=nano crontab -e

At the end of the file enter:

00 23 * * 1,2,3,4,5,6,7 chmod 755 /scripts/pkgacct 

00 06 * * 1,2,3,4,5,6,7 chmod 000 /scripts/pkgacct

Type CTRL + X (to exit), then Y (To tell you want to save changes) and ENTER (To confirm you want to save the file).

Now restart CRON service, your server:

/etc/init.d/crond restart

How to enable Xcache in cPanel to speed up website?

Xcache can be enabled in cPanel by using Easy Apache.

1. Log into your cPanel server
2. After you login, search for "EasyApache" in left column and click on the link
3. Select "Previously Saved Config" and click on "start customizing"
4. For both Apache and PHP, click on "next step" button
5. Look for "xcache for php" and check the box
6. Click on "save and build"
7. Allow the build process to finish
8. To enable xcache, you will need to make changes to php.ini before it can be used by your scripts.
   1. Login into your server using SSH
   2. After you login, enter "pico  /usr/local/lib/php.ini"
   3. Hold ctrl+W and search for "xcache"
   4. Make necessary changes and to enter ctrl+O to save the file
   5. Aftererwards you will need to restart Apache in WHM for changes to take affect

Here is recommended settings for xcache in cPanel ---  

xcache.admin.pass=""xcache.admin.user="mOo"xcache.cacher="On"xcache.coredump_directory=""xcache.count="1"xcache.coveragedump_directory="/tmp/pcov/"xcache.coverager="Off"xcache.gc_interval="300"xcache.mmap_path="/dev/zero"xcache.optimizer="On"xcache.readonly_protection="Off"xcache.size="50M"xcache.slots="8K"xcache.test="Off"xcache.ttl="3600"xcache.var_count="2"xcache.var_gc_interval="300"xcache.var_maxttl="7200"xcache.var_size="16M"xcache.var_slots="8K"xcache.var_ttl="3600" 

How to Install CSF firewall in cPanel?

CSF firewall is fairly easy to install and require only few steps through SSH.  Please follow the steps at the following url -http://configserver.com/free/csf/install.txt

If you still need assistance, please contact our support team.

rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

 

Django on cpanel server for shared web hosting

Took me some time to get it going, mostly because of easyapache not willing to play nice.
Other then that, Jimmy’s blog entry here provides excellent instructions on how to configure it, the only difference being that his cpanel server already had mod_fcgid installed.

So, what I’ll do is just quick recap:
Things to do as root

1. Make sure your apache had mod_fcgid compiled, if not – run easyapache script from SSH or from WHM web page and make sure mod_fcgid option checked
2. Install easy_install script –
    # 
   cd /usr/src/
     # 
   wget http://pypi.python.org/packages/2.4/s/setuptools/setuptools-0.6c11-py2.4.egg#md5=bd639f9b0eac4c42497034dec2ec0c2b
   # 
   sh setuptools-0.6c11-py2.4.egg
3. Use easy_install to install a couple Python packages -
   #
   cd /usr/src
   #
    ./easy_install flup
   #
    ./easy_install django
4. Restart apache, make sure mod_fcgid is loaded

This is it – you can notify customer that he can do his django magic – all prerequisites are in place.

By: http://server-support.co/blog/sysadmin/django-on-cpanel-server-for-shared-web-hosting/

How to copy a cPanel/WHM account to your server using its to login info

How to copy a cPanel/WHM account to your server using its to login info

How to install cPanel/WHM on a fresh installation of Linux - WHM Setup Tutorials

How to install cPanel/WHM on a fresh installation of Linux

How to enable PHP Mssql support in cPanel server

Please see the procedure below,

wget -c http://ibiblio.org/pub/Linux/ALPHA/freetds/stable/freetds-stable.tgz
tar -xzf freetds-stable.tgz
cd freetds-0.82/
./configure --prefix=/opt/freetds --enable-msdblib --with-openssl 
make 
make install

If it it is a 64 bit server then make the following softlink

ln -s /opt/freetds/lib/ /opt/freetds/lib64

Now add the following line to /var/cpanel/easy/apache/rawopts/all_php5

--with-mssql=/opt/freetds

Now compile php using /scripts/easyapache

After the compilation create a phpinfo page and test it.

By: http://syslint.com/syslint/how-to-enable-php-mssql-support-in-cpanel-server/

How to configure gzip compression in cPanel server via mod_deflate and Apache

This small tutorial will help you to enable mod_deflate gzip compression in your cPanel server. You may need to do the following procedure.

1) Do easyapache and enable mod_deflate in your apache. After finishing it create a file named /usr/local/apache/conf/deflate.conf with the following content
#———————-
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
</IfModule>
DeflateCompressionLevel 9
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/atom_xml
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/x-httpd-php
AddOutputFilterByType DEFLATE application/x-httpd-fastphp
AddOutputFilterByType DEFLATE application/x-httpd-eruby
AddOutputFilterByType DEFLATE image/svg+xml
#——————————
2) Include the file  /usr/local/apache/conf/deflate.conf   inside   /usr/local/apache/conf/includes/pre_main_global.conf   , as follows

Include “/usr/local/apache/conf/deflate.conf”

3) Now restart  your apache as follows,

/scripts/restartsrv httpd

4) Test the compressed speed of your website from  http://www.whatsmyip.org/http_compression/

by: http://syslint.com/syslint/how-to-configure-gzip-compression-in-cpanel-server-via-mod_deflate-and-apache/

Installing mod_limitipconn in cPanel server

This apache module will limit number of IP connections from a particular IP to a specific domain or files. You can see the project home page from  http://dominia.org/djao/limitipconn2.html . This module have apache 1.3 , 2.x and 2.2.x packages.

wget http://dominia.org/djao/limit/mod_limitipconn-0.23.tar.bz2

tar -xjf mod_limitipconn-0.23.tar.bz2

cd mod_limitipconn-0.23/

/usr/local/apache/bin/apxs -cia mod_limitipconn.c

/scripts/rebuildhttpdconf

cat >> /usr/local/apache/conf/mod_limitipconn.conf << EOF

LoadModule limitipconn_module modules/mod_limitipconn.so

ExtendedStatus On

<IfModule mod_limitipconn.c>

# Set a server-wide limit of 10 simultaneous downloads per IP,

# no matter what.

MaxConnPerIP 10

<Location /somewhere>

# This section affects all files under http://your.server/somewhere

MaxConnPerIP 3

# exempting images from the connection limit is often a good

# idea if your web page has lots of inline images, since these

# pages often generate a flurry of concurrent image requests

NoIPLimit image/*

</Location>

<Directory /home/*/public_html>

# This section affects all files under /home/*/public_html

MaxConnPerIP 1

# In this case, all MIME types other than audio/mpeg and video*

# are exempt from the limit check

OnlyIPLimit audio/mpeg video

</Directory>

</IfModule>

EOF
Now edit the file  /usr/local/apache/conf/includes/pre_main_global.conf  and add the following lines

Include “/usr/local/apache/conf/mod_limitipconn.conf”

Now restart apache
You can check whether the module loaded or not using the following command.
/usr/local/apache/bin/httpd -M | grep limitipconn_module

By: http://syslint.com/syslint/installing-mod_limitipconn-in-cpanel-server/

csf + lfd firewall configuration in vps (virtuozzo /openvz)

Introduction:

In general csf is giving good compatibility with cpanel servers . But in a vps (openvz or Virtuzzo) the csf configuration is something different.

Sometimes you may get an error as follow after the csf installation in vps

————–

Error: iptables command [/sbin/iptables -v -A LOGDROPIN -p tcp -m limit --limit 30/m --limit-burst 5 -j LOG --log-prefix 'Firewall: *TCP_IN Blocked* '] failed, at line 196

—————

So how to resolve this issue. Let us do it as follows,

There are two steps to configure the csf in vps

i)Main vps server ( The host server ,in which the vps nodes are running) configuration

ii) Vps node configuration.

Main vps serverconfiguration

Before starting the csf installation in a node login to the main server (host server) and check whether the following modules are inserted in to the kernel

———
ipt_conntrack
ipt_LOG
ipt_owner
ipt_state
ip_conntrack_ftp
———

You can check it as follows

—————
# lsmod |grep -i <module-name>
—————

If not please insert these modules into the kernel.

————
#modprob <module-name>
eg: modprob ipt_conntrack
————-

Now add these modules to iptable configuration as follows.

———–
# vi /etc/sysconfig/iptables-config
Add the following in this file
IPTABLES_MODULES=”ipt_conntrack ipt_LOG ipt_owner ipt_state ip_conntrack_ftp”
———–

Now edit the vps configuration file from /etc/sysconfig/vz-scripts/ Let 101 is the VEID, add the above inserted modules in to the IPTABLE section in this configuration file.

———-
# vi /etc/sysconfig/vz-scripts/101.conf
IPTABLES=”iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ipt_state
iptable_nat ip_nat_ftp ipt_owner ip_conntrack_ftp”
————-

Here we completed the main vps server configuration . So now reboot the child node (not main server) as follows

—————

# vzctl restart <veid>

eg: vzctl restart 101

——————-

ii) Vps node configuration.

Now ssh /enter your child vps node

Now download and install the csf . You can download the csf fromhere

Before restarting the csf let us do some configurations as follows , Edit the file /etc/csf/csf.conf .Then set the following variables

——–
ETH_DEVICE = “venet0″ #from ifconfig you can see the n/w device
MONOLITHIC_KERNEL = “1″
VERBOSE = “0″ # will disable the verbose output during start
———
Now start the csf and lfd .

———–

/etc/init.d/csf start

/etc/init.d/lfd start

———–

Note: If it is cpanel server go to whm and configure the firewall settings

By: http://syslint.com/syslint/csf-lfd-firewall-configuration-in-vps-virtuozzo-openvz/

Red5 Flash media server development: How to install and configure ?

Red5 Flash media server development: How to install and configure ?

What is red5 server ?

Red5 is an Open Source Flash Server written in Java that supports:

* Streaming Audio/Video (FLV and MP3)
* Recording Client Streams (FLV only)
* Shared Objects
* Live Stream Publishing
* Remoting (AMF)

This is an amazing application for developing flash. even though its installation is not in a straight way. So this document will help you to setup a red5 server with a cool startup script to start and stop installations.

IMP: This procedure istested in RHEL , Fedora , Centos5 cpanel servers with red5 version 0.7.0. So I hope it will work in most distributions. But the startup script will not work in debian flavors. I don’t have so much time to buy a server and install debian for testing. May be in near future I can do that.

Packages required for installation.

1) Jdk 1.5 , J2ee.jar
2) Apache-ant
3) svn client ( for downloading the svn packages of red5 )
4) Lates red5 svn trunc distribution ( Please don’t use the tar distribution of red5, because some jar mirror are missing during make )

1) Installing Jdk and J2ee.jar

Please download and install the jdk and j2ee.jar from a java mirror. Or just copy paste the following links.
# cd /usr/local/src
# wget http://downloads.sherin.co.in/java/jdk-1_5_0-linux-i586.bin
# chmod 755 jdk-1_5_0-linux-i586.bin
#./jdk-1_5_0-linux-i586.bin
# mv jdk1.5.0/ /usr/local/
# ln -s /usr/local/jdk1.5.0/ /usr/local/jdk
#wget http://downloads.sherin.co.in/java/j2ee.jar
# mv j2ee.jar /usr/local/jdk/lib/

Now the installation of java components finished.

2) Installing Apache Ant

Please go to http://ant.apache.org/bindownload.cgi and download latest apache-ant distribution, or copy paste the following lines.

# cd /usr/local/src/
# wget http://downloads.sherin.co.in/red5/apache-ant-1.7.1-bin.tar.gz
# tar -xzf apache-ant-1.7.1-bin.tar.gz
# mv apache-ant-1.7.1 /opt/
# ln -s /opt/apache-ant-1.7.1 /opt/ant

3) Set the PATHS

This is very important. If you are skipping this step then you are breaking the installation. So very important to set the paths .

Do the following commands,

# export JAVA_HOME=/usr/local/jdk
# export PATH=$JAVA_HOME/bin:$PATH
# export CLASSPATH=.:$JAVA_HOME/lib/classes.zip
# export PATH=”$PATH:/usr/local/bin:/usr/X11R6/bin:/opt/ant/bin”
# export ANT_HOME=/opt/ant

Now open the file /etc/bashrc and insert the above lines ( without # ) at the bottom of the script, because for the future working you need these environment variables. Otherwise you may need to set the above variables again and again during every login time. So It is very important to set the above lines in /etc/bashrc , got it !

4) Installing svn

In general all distributions have its own subversion packages. In Centos/RHEL/Fedora you can use “yum” to install svn client.
# yum install subversion 
Or download the source of svn and install it.

5) Installing red5

Now proceed with following steps to install red5 FMS. Please use only SVN TRUNC distributions.

# cd /opt/
# svn co http://svn1.cvsdude.com/osflash/red5/java/server/trunk red5
# cd red5/
# make

Now we have build the red5 server. So the next step is configuring start up scripts. This script is very use full to start/stop red5 server. unfortunately red5 distributions not providing it. So I wrote this small script. This script is using the normal start/stop scripts from the folder /opt/red5/dist/.

6) Creating init start-up script /etc/init.d/red5

Now create a file with name /etc/init.d/red5 . Please copy paste the following code to /etc/init.d/red5.

#==========Start init script ==========

#!/bin/sh # red5 # chkconfig: 2345 95 55 # description: red5 server startup script

# Source function library. if [ -f /etc/init.d/functions ]; then . /etc/init.d/functions elif [ -f /etc/rc.d/init.d/functions ]; then . /etc/rc.d/init.d/functions else echo "Could not find functions file, your system may be broken" exit 1 fi

# Source networking configuration. if [ -f "/etc/sysconfig/network" ] ; then . /etc/sysconfig/network fi

# Check that networking is up. [ ${NETWORKING} = "no" ] && exit 0

# See how we were called. case "$1" in start) # Start daemons. echo -n "Starting red5: " cd /opt/red5/dist/; sh red5.sh 2 >/dev/null & echo_success echo touch /var/lock/subsys/red5 ;; stop) # Stop daemons. echo -n "Shutting down red5: " cd /opt/red5/dist/; sh red5-shutdown.sh 2 >/dev/null echo_success echo rm -f /var/lock/subsys/red5 ;; *) echo "Usage: red5 {start|stop}" exit 1 esac

exit 0 

#=============End of init==============

PS : You can download it from http://script.sherin.in/red5.sh . if so move red5.sh to /etc/init.d/red5 .

Now we have created the init sript. chmod this script for getting execute permission .
# chmod 755 /etc/init.d/red5

Now start/stop the red5 server as follows

# /etc/init.d/red5 start
# /etc/init.d/red5 stop

7) Testing the installation

First you need to start your red5 installation using he following command,
# /etc/init.d/red5 start 
Now open your web browser and type the following url

http://<server ip adress : 5080/

where , “server ip address” is the IP of your server.

TIP: if you need to automatically start the service during system start up, please add “” /etc/init.d/red5 start” line to /etc/rc.local

So this is all about red5 server installations.

By: http://syslint.com/syslint/red5-flash-media-server-development-how-to-install-and-configure/

WHM Nameserver IPs Showing Wrong Info

Sometimes you can see wrong information regarding WHM/cPanel nameserver info. You can see it from Main >> DNS Functions >> Nameserver IPs . To fix this issue you need to edit two files /etc/nameserverips and/var/cpanel/nameserverips.yaml

1) Edit the file /etc/nameserverips .See an example below,

# cat /etc/nameserverips
192.168.1.100=ns1.yourdomain.com
192.168.1.101=ns2.yourdomain.com

2) Edit the file /var/cpanel/nameserverips.yaml , See an example below,

root@it [~]# cat /var/cpanel/nameserverips.yaml
--- 
ns1.yourdomain.com: 
  "192.168.1.100": 1
  count: '1'
  zones: yourdomain.com
ns2.yourdomain.com: 
  "192.168.1.101": 1
  count: '1'
  zones: yourdomain.com

How to ext4 Disk quota (journaled ) in cPanel

This article help you to configure journaled disk quota.  It is one of the latest and fast quota format. Please do the following steps to enable quota

1) Enable journaled quota in  /etc/fstab for all data partitions , see an example below

------------
/dev/sda3 / ext4 defaults,noatime,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 0 1
/dev/sda6 /home ext4 defaults,noatime,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 0 1
---------

The exact flags for journaled quota is  usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0

Now  remove or empty the quota files under / and /home

After that reboot your  server  to load the new quota. If you don’t like reboot you can remount all the above partitions

2) After successful reboot do the following

# quotaoff -a
# quotacheck -avugm
# quotaon -avug

This will calculate the quota. If you are in cPanel server please execute the following script.

# /scripts/fixquotas

You can use this method to setup  journaled quota in Any linux server with ext4 file system.

How to install mod_evasive in cPanel server

Please follow the procedure given below to install and configure  mod_evasive in  cPanel server with apache 2.2.

Download the   latest source file from http://www.zdziarski.com

# cd /usr/local/src/
# wget /blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz
# tar -xvzf mod_evasive_1.10.1.tar.gz
# cd mod_evasive/
# /usr/local/apache/bin/apxs -cia mod_evasive20.c

Now create a file named  /usr/local/apache/conf/mod_evasive.conf and add the following lines

# cat /usr/local/apache/conf/mod_evasive.conf
LoadModule evasive20_module   modules/mod_evasive20.so
<IfModule mod_evasive20.c>
DOSHashTableSize    3097
DOSPageCount        2
DOSSiteCount        50
DOSPageInterval     1
DOSSiteInterval     1
DOSBlockingPeriod   10
</IfModule>

Now include the above file inside  /usr/local/apache/conf/includes/pre_main_global.conf

Include "/usr/local/apache/conf/mod_evasive.conf"

Now rebuild httpd.conf

/scripts/rebuildhttpdconf

Now restart apache

/scripts/restartsrv httpd

Install Mhash in php 5.3+ in cPanel Centos Linux servers

The php-mhash installation in php 5.3 is very easy. Please use the following steps to install it
1) Download the latest mhash from   http://mhash.sourceforge.net/ and install it as follows,

# tar -xzf  mhash-0.9.9.9.tar.gz
# ./configure --prefix=/opt/mhash
#  make
#  make install

2) Now add it to the loader configuration in /etc/ld.so.conf.d/mhash.conf

/opt/mhash/lib

3) Now edit the file /var/cpanel/easy/apache/rawopts/all_php5 and add the following line

--with-mhash=/opt/mhash

4) Finally compile the php using the following command

#  /scripts/easyapache --build

You can test the mhash by creating a phpinfo page in your website document root.

Tip by Syslint

How to Configure Multiple shared IPs in WHM?

Ever wondered how to set up multiple shared IPs in WHM? Here is how.

You can’t add multiple shared IPs in WHM GUI, but it’s possible to do so via SSH (login as root).

First, you need to create a /var/cpanel/mainips/ directory, if it doesn’t exist:

mkdir /var/cpanel/mainips/

Then, create a /var/cpanel/mainips/root file, with all the Ips as folllows

10.0.0.10
10.0.0.12

Basically, each line is an additional shared IP in WHM. That’s it!

You can verify from WHM>>Home>>IP Functions>>Show/Edit Reserved IPs

Tip by: Blog Syslint