Ayad knowledge base

DOS Attack (Denial Of Service)

By the name alone, we know what this means: denial of services like httpd, exim, ftp, etc. Mostly we deal with DOS attacks on Apache services, which causes sites to slow down or not load at all.

A DOS attack means high connections from certain an IP address or IPs. We can easily find the high-connection IP using the ‘netstat’ command and block those IP’s using firewalls.

The command for listing IPs and number of connections is:

 netstat -plan |grep :80|awk '{print $5}' |cut -d: -f1 |sort |uniq -c |sort -n

The command for finding the total connections is:

 netstat -plan |grep :80 |wc -l

If you do find any IP address having excessive connections (more than 50), then you have to block it either by using iptables, APF, or CSF.

Using iptables, you can block an IP by issuing the command:

iptables -A  INPUT -s  --dport 80 -p tcp -j DROP

/etc/rc.d/init.d/iptables save

Using APF, this command is used:

apf -d IP

Using CSF:

csf -d IP

DDOS is distributed denial of service, which is an advanced DOS attack. The number of connections from an indvidual IP might be low, but the connections will be from many IPs or range of IPs.

Most of times attack will be concentrated to one domain. In such cases kill the dns of domain to reduce the attack.

Preventive measures for DDOS attacks include:

• Install firewalls like APF or CSF and configure them to block the high connection IPs.
• Install mod_dosevasive module (only during the DOS attack)

Conclusion

As we all know, “prevention is better than cure,” so always take necessary preventive measures and keep auditing and monitoring your servers.

• Install  System Integrity Monitor (SIM) or CSF and configure it to get alerts on load spikes.
• Update your old and vulnerable software.
• Take the necessary preventive measures to avoid load spiking.
• Secure your servers and tweak your software like apache, exim, etc for better performanc

Spamming

Spamming can be either incoming or outgoing.

Incoming spamming might be concentrated to some domain or some email accounts.

Most of any incoming spamming is caused due to the catch-all being set as main account. If the catch-all for your domain is set to main account, set it as fail.

How to set catch-all for new domains in Cpanel server:

WHM >>Main >> Server Configuration >> Tweak Settings: Under Mail section

Default catch-all/default address behavior for new accounts. “fail” is usually the best choice if you are getting mail attacks.

Also, enable RBL and spamassasin options in WHM >> Main >> Exim Configuration

For outgoing spamming, some users may be using (knowingly or otherwise) some PHP scripts to try to send spam mails. You can find the source of PHP scripts using the command ‘ps -C exim -fH ewww |grep home’.

Preventive measures for spam blocking include:

• Limit the emails that can be sent.
• Tweak Mail settings as Follows:  WHM >>Main >> Server Configuration >> Tweak Settings: Under Mail section
• The maximum each domain can send out per hour (0 is unlimited) : 300

Some helpful exim commands include:

exim -bp          (For showing queue)
exim -bpc          (Count of mail queue)
ps -C exim -fH ewww (For finding script sources )
exim -bp |exiqsumm (To get full exim queue summary )
exiqgrep -z -i | xargs exim -Mrm (Remove all frozen messages)

How to setup Basic Cron Jobs.

Ok. Many people are yelling that they cannot configure the crons properly.
Here is a short tutorial which will help you set them. I have tried my best to explain the concept but there can be more advanced configurations.

Basically you will want to run a PHP script file in specific intervals. Suppose you want to execute a php file called maintanence.php every one hour. This is what you do :-

[ This tutorial is for noobs, Dont go into detail. Just do as instructed ]

The CRON Command is in the Following Format

[ Minute - Hour - Day - Month - Weekday ] - Command

The COMMAND, can be broken down in

[PATH OF PHP] [ARGUMENTS] [PATH OF PHP SCRIPT]

So the COMPLETE CRON command can be written as

[ Minute - Hour - Day - Month - Weekday ]  [PATH OF PHP] [ARGUMENTS] [PATH OF PHP SCRIPT]

The timing is spedified using * symbols

* * * * * => Execute every minute
0 * * * * => Execute every Hour
0 0 * * * => Execute every mid-night
0 0 0 * * => Execute every Month
0 0 0 0 * => Execute every Weekday

If you did not understand anything till now.. Good, this means you are a noob.. Read ahead

Since this is a UNIX command, You will have to Mention the PATH of PHP. At Astahost,

PATH TO PHP  : /usr/local/bin/php

( it also same at trap17, if users over there want to use it )

These are the Possible Command line Arguments you can use. This will effect the output. In our case, we will use the -q ( Quiet mode ) argument.

  -a               Run interactively
  -b <address:port>|<port> Bind Path for external FASTCGI Server mode
  -C               Do not chdir to the script's directory
  -c <path>|<file> Look for php.ini file in this directory
  -n               No php.ini file will be used
  -d foo[=bar]     Define INI entry foo with value 'bar'
  -e               Generate extended information for debugger/profiler
  -f <file>        Parse <file>.  Implies `-q'
  -h               This help
  -i               PHP information
  -l               Syntax check only (lint)
  -m               Show compiled in modules
  -q               Quiet-mode.  Suppress HTTP Header output.
  -s               Display colour syntax highlighted source.
  -v               Version number
  -w               Display source with stripped comments and whitespace.
  -z <file>        Load Zend extension <file>.

The Path of the PHP file Must be Complete absolute path.
If you have an Account at TRAP, And your USERNAME is “tom”, Your path will be
“/home/tom/public_html/”

I assume you are familier with the PUBLIC_HTML directory. That is the Root folder where you store your html files.

So lets say that Tom wants to execute my script “maintenance.php” every hour. And it is stored in “public_html/cron/maintenance.php”;

So the Complete CRON command would be,

0 * * * * /usr/local/bin/php -q /home/tom/public_html/cron/maintenance.php

If tom wants to execute it every minute, he would use.

* * * * * /usr/local/bin/php -q /home/tom/public_html/cron/maintenance.php

If tom wants to execute it every Month, he would use.

0 0 0 * * /usr/local/bin/php -q /home/tom/public_html/cron/maintenance.php

There are more Complex forms of Assigning the TIMINGS for these scripts. You can go to CPANEL => Cron Jobs => Standard and set exact time when the script will be executed.

Also, this method used php, you can also use Curl .

refer to the URL below

http://www.knowledgesutra.com/forums/topic/6321-cron-jobs-cron-jobs-in-cpanel/

When I logged to my cPanel >> Databases >> MySQL databases I see that the size all of my DB is show”n by 0 Mb
It”s wrong and I have found a fix for that.

1) Edit /var/cpanel/cpanel.config

Change:

disk_usage_include_sqldbs=0

to

disk_usage_include_sqldbs=1

Then run the following:

/scripts/update_db_cache

This may take a few minutes if you have a ton of users with databases, but after this, you should see the database disk usage show up accurately in cPanel.

if you got  this error , that mean /tmp directory is full , in order to see full or not, just run this cummand   df

if you want to fix the problem just restart mysql database then /tmp automatic will be clear

service mysql restart

that is all

thank you.

to fix the problem you need to add this in index.php or login.php or any page that got the error,,  you need to put the code below

Up on top of your script, before includes etc. put this:

ob_start("ob_gzhandler");

reference
http://forums.digitalpoint.com/showthread.php?t=475425

There are two methods to install FFmpeg and FFmpeg-Php, their libraries, and modules:

1. Using Yum on systems including Red Hat, CentOS, and Fedora Core.
2. Manually, from source archives/packages

to fix the problem , go to the xoops directory then find mainfile.php and edit it as below

change this vale define(‘XOOPS_CHECK_PATH’, ‘1’); to define(‘XOOPS_CHECK_PATH’, ‘o’);

then sure will be fixed,, i have tried this and fixed my issue prevously

Thank you.

error,

To solve this issue, you need to change the SMTP outgoing ip.

Thank you.