Ayad knowledge base

The SYN (TCP connection request) attack is a common denial of service (DoS) technique.

A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target’s system

When a client attempts to start a TCP connection to a server, the client and server exchange a series of messages which normally runs like this:

The client requests a connection by sending a SYN (synchronize) message to the server.
The server acknowledges this request by sending SYN-ACK back to the client.
The client responds with an ACK, and the connection is established.

How to check the SYN attack on the server.

A quick and useful command for checking if a server is under ddos:
netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

That will list the IPs taking the most amounts of connections to a server. It is important to remember that ddos is becoming more sophisticated and they are using fewer connections with more attacking ips. If this is the case you will still get low number of connections even while you are under a DDOS.

Another very important thing to look at is how many active connections your server is currently processing.

netstat -n | grep :80 |wc -l

netstat -n | grep :80 | grep SYN |wc -l

The first command will show the number of active connections that are open to your server. Many of the attacks typically seen work by starting a connection to the server and then not sending any reply making the server wait for it to time out. The number of active connections from the first command is going to vary widely but if you are much above 500 you are probably having problems. If the second command is over 100 you are having trouble with a syn attack.

Solution:

First go with

echo 1 > /proc/sys/net/ipv4/tcp_syncookies

and then

Try with all these IPtables rule , there may other attacks too.

iptables -A INPUT -p tcp –tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp –tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A INPUT -p tcp –tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -p tcp –tcp-flags FIN,RST FIN,RST -j DROP
iptables -A INPUT -p tcp –tcp-flags ACK,FIN FIN -j DROP
iptables -A INPUT -p tcp –tcp-flags ACK,PSH PSH -j DROP
iptables -A INPUT -p tcp –tcp-flags ACK,URG URG -j DROP

then,

service iptables save
service iptables restart

it should resolve your issue.

The issue is because of the corrupted exim db files.

Goto /var/spool/exim/db and delete files: retry , retry.lockfile , wait-remote_smtp, wait-remote_smtp.lockfile

/etc/init.d/exim restart

How to Install LiteSpeed on a WHM/cPanel Server

– Go buy a license from LiteSpeed and note down the license key. (They also do a free 14 day trial).

– Login to SSH as ‘root’ on the server running cPanel.

– Copy/paste the following command and hit enter:

cd /usr/src; wget http://www.litespeedtech.com/packages/cpanel/lsws_whm_plugin_install.sh; chmod 700 lsws_whm_plugin_install.sh; ./lsws_whm_plugin_install.sh; rm -f lsws_whm_plugin_install.sh

– Login to WHM and click the ‘LiteSpeed Web Server’ button.

– Click ‘Install LiteSpeed’ and let it run through the installation procedure, this is completely automated.

– Enter your license information & assign an administrator password (Don’t tick the box to start LiteSpeed immediately!)

– Click ‘Build matching PHP Binary’ – this will take 10-20mins (Apache will stay running)

– Click ‘Switch to LiteSpeed’

– Click ‘Admin Web Console’ and login with the details you setup in step 5.

Final stages of setup (Most of which is in LiteSpeed admin)

– Configuration > General > Index Files > Edit

Set the following:

Index Files: index.html, index.php, index.php5, index.htm

Auto Index: Yes

Auto Index URI => /_autoindex/default.php

Hit ‘Save’

In SSH Type:

ln -sf /usr/local/lib/php/autoindex /usr/local/lsws/share/autoindex

Now back to LiteSpeed Admin:

– Configuration > Log > Server Log > Edit

Set the following:

Log Level: Info

Debug Level: None

Hit ‘Save’

Now click ‘Actions > Graceful Restart’ to make these changes permanent.

Optional LiteSpeed Installation Procedures

Want your users to be able to have their own PHP.INI file?

In LiteSpeed Admin:

– Configuration > External App – then hit ‘Edit’ next to ‘LSAPI App / lsphp5 / uds://tmp/lshttpd/lsphp5.sock’ if you’re running PHP5 (or the one for lsphp4 if running PHP4)

In ‘Environment’ add the following line:

PHPRC=$VH_ROOT/

Then hit ‘Save’

Now click ‘Actions > Graceful Restart’ to make these changes permanent.

This will allow them to have their very own php.ini in the root folder of their hosting account which overrides the /usr/local/lib/php.ini file, this is a security risk though so be careful.

Want your users to be able to use Frontpage Extensions?

Run this command from SSH:

sed -rie ‘s/(safe_)?chmod\(( )?0600,( )?(“\$\{myuid\}”,)?( )?”\$(\{)?homedir(\})?\/public_html\$\{subweb\}\/_vti_pvt\/service.pwd”( )?\);/\1chmod(\20644,\3\4\5?$\6homedir\7\/public_html${subweb}\/_vti_pvt\/service.pwd”\8);/’ /scripts/fp-auth /usr/local/frontpage/version5.0/apache-fp/fp-auth /usr/local/cpanel/bin/convertfppassthrough /scripts/fixfrontpageperm

Then run this command from SSH:

/scripts/fixfrontpageperm

Forgot your LiteSpeed admin pass?

Run this within SSH to reset your LiteSpeed Admin Pass: /usr/local/lsws/admin/misc/admpass.sh

References

http://www.evohosting.co.uk/blog/web-development/how-to-install-litespeed-on-a-whm-cpanel-server/

If you’re getting this error when sending out email. Please double check your email setting to use the following

For outlook

Click Tools then E-mail Accounts…
Select “View or change existing e-mail accounts” and click Next
Select the email account and click Change
Click on “More settings”
Select “Outgoing Server” tab
Tick “My outgoing server (SMTP) requires authentication”
Select “Use same settings as my incoming email server”
Click Ok
Press Next
Lastly, press Finish

Once these steps are done, try to send the email again. Contact us if the problem still persist.

use this command for Inodes total
find * | wc -l

use this command to find which folder have max Inodes
for d in *; do echo -n “$d: “; find $d -type f | wc -l; done | sort -nk2 | tail -20

Comprase

tar -zcvf filename.tar.gz filename

Extract

tar -zxvf filename.tar.gz filename

In web hosting account that are using cPanel web hosting control panel, users can create as many email accounts as they like with different aliases, and then forward the mails received to any address, inside or outside of domain. There are two ways to do email forwarding, that’s by Default Email Account which is not recommended as it acts as Catch All email account, where any email messages sent to an non-existence account on domain will automatically forward to this address, including all spam. Another way is by adding forwards for email address.

When a forwarder is added for a domain email address, all email received will be forwarded to the specified email address. However, if users have created an email account first before setting up a forwarder, the forwarder may not function properly and worse, the email account will still receive a copy of the email message, wasting precious storage space on the hosting server. The emails stored won’t be auto deleted or removed.

The workaround to this issue so that the emails as are ‘auto delete’ is to setup a forwarder without creating any email account. For example, if you want to forward all email messages that going to webmaster@domain.com to another email address, do not create an email account for webmaster@domain.com. When a forwarder is setup, it will handle the forwarding process properly, even though no email account for it exists.

How to add an email forwarder:

Click on Forwarders.
Click on Add Forwarder.
Then type the email address with the intended account name in the first column, and the destination forwarding email address that you want the mail forwarded to in the second field. The email address can be any, including external email address such as gmail, hotmail and etc. In the case the emails are been forwarded to another email on domain, care has to be taken so that the forwarding does not accidentally create an indefinite loop that can cause all email accounts to stop working on your domain.
Click on Add Forward button and the new forwarder will be activated immediately, without leaving any emails on the server, which is similar to auto deletion of mails from email accounts.

Hi
below the redirection

RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

thank you.

check the directory size

go the the direcotry that you want to check

then run this command
du > /root/anyname

after that

cat /root/anyname |sort -nr |more

will view the size from the biger to the smaller

If you are using cpanel/WHM you can go to /var/lib/mysql and use “du -sch *” command to find the mysql disk usage of each database accounts.

If the size of your eximstats database is getting large, you will have to do this.

Login as root in to your server using ssh.

Login to mysql
#mysql

#use eximstats

Then from with the query browser run

>delete from sends;
>delete from smtp;
>delete from failures;
>delete from defers;

Now use df to check the free disk space.