cd /usr/local/src
wget http://www.python.org/ftp/python/3.1.1/Python-3.1.1.tar.bz2
tar -jxvf Python-3.1.1.tar.bz2
cd Python-3.1.1
./configure
make
make install
Now move /usr/bin/python /usr/bin/python.bk
then create symlink :
ln -s /usr/local/bin/python3 /usr/bin/python
check python -V
1. Find.. to which IP address in the server is targeted by the ddos attack
netstat -plan | grep :80 | awk ‘{print $4}’ | cut -d: -f1 |sort |uniq -c
2. Find… from which IPs, the attack is coming
netstat -plan | grep :80 | awk ‘{print $5}’ | cut -d: -f1 |sort |uniq -c
In csf:
vi /etc/csf/csf.conf
SYNFLOOD
SYNFLOOD is disabled by default. If you are not receiving any sort of attack, there is no need to enable it. If you are expecting an attack, enable it and set the rules a bit strict, like
SYNFLOOD = “1″
SYNFLOOD_RATE = “30/s”
SYNFLOOD_BURST = “10″
i.e. if 30 connections are received from an IP/sec for 10 times, block it. Make sure don’t keep it too strict if you are not receiving an attack else it will generate false positives and will block legit connections.
PORTFLOOD
PORTFLOOD = 80;tcp;100;5,22;tcp;5;300
ie, If an IP makes 100 connections in 5 sec to port 80 (tcp), then it will be blocked from the server and if 5 connections in 300 sec to 22 port.
In /etc/sysctl.conf
Paste the following into the file, you can overwrite the current information.
#Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Disables packet forwarding
net.ipv4.ip_forward=0
# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.lo.log_martians = 0
net.ipv4.conf.eth0.log_martians = 0
# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
# Disables the magic-sysrq key
kernel.sysrq = 0
# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 15
# Decrease the time default value for tcp_keepalive_time connection
net.ipv4.tcp_keepalive_time = 1800
# Turn off the tcp_window_scaling
net.ipv4.tcp_window_scaling = 0
# Turn off the tcp_sack
net.ipv4.tcp_sack = 0
# Turn off the tcp_timestamps
net.ipv4.tcp_timestamps = 0
# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1
# Enable ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts = 1
# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1
# Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1
# Increases the size of the socket queue (effectively, q0).
net.ipv4.tcp_max_syn_backlog = 1024
# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 1440000
# Allowed local port range
net.ipv4.ip_local_port_range = 16384 65536
Run /sbin/sysctl -p and sysctl -w net.ipv4.route.flush=1 to enable the changes without a reboot.
TCP Syncookies
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
Some IPTABLES Rules:
iptables -A INPUT -p tcp –syn -m limit –limit 1/s –limit-burst 3 -j RETURN
for y in `ls | grep .html`;
do sed “s/abc/xyz/g” $y > temp; mv -f temp $y;
done
Reference : http://www.linux-noob.com/forums/index.php?/topic/2928-grub-single-boot-and-kernel-panic-reboot/
If for example your grub.conf looks like the one i have below. This boots into the 2.6.20-1.2944 by default.
default=0 timeout=5 splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu title Fedora Core (2.6.20-1.2944.fc6) root (hd0,0) kernel /vmlinuz-2.6.20-1.2944.fc6 ro root=LABEL=/ acpi=off initrd /initrd-2.6.20-1.2944.fc6.img title Fedora Core root (hd0,0) kernel /vmlinuz-2.6.20 ro root=LABEL=/ acpi=off initrd /initrd-2.6.20.img
If you want to have it so that 2.6.20 boots on next boot, run the following command from the console before rebooting.
echo “savedefault –default=1 –once” | grub –batch
then
reboot
Now, if you have a kernel that panics and need it to reboot if it panics. change your config and add the panic=# (# being seconds before auto reboot) to the kernel line. Example file below
default=0 timeout=5 splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu title Fedora Core (2.6.20-1.2944.fc6) root (hd0,0) kernel /vmlinuz-2.6.20-1.2944.fc6 ro root=LABEL=/ acpi=off panic=5 initrd /initrd-2.6.20-1.2944.fc6.img title Fedora Core (2.6.20) root (hd0,0) kernel /vmlinuz-2.6.20 ro root=LABEL=/ acpi=off panic=5 initrd /initrd-2.6.20.img
so the order of operations on this are as follows.
1.) Add new kernel to grub.conf
2.) set default=# in grub.conf to the failsafe kernel (the one you want it to try if the other fails)
3.) run the following:
echo “savedefault –default=1 –once” | grub –batch
4.) reboot
Copied from : http://www.linux-noob.com/forums/index.php?/topic/2928-grub-single-boot-and-kernel-panic-reboot/
I just found a great article that discussed about the difference between xen and open vz. Here is the link.
Login to WHM >> Main >> Service Configuration >> Exim Configuration Editor .
Uncheck the option:
Sender Verification
If it doesn’t help, reset ALL EXIM configuration to default and try again.
cd /usr/local/src
check latest zendoptimizer
wget http://www.eth0.us/files/ZendOptimizer-3.0.1-linux-glibc21-i386.tar.gz
tar -zxf ZendOptimizer-3.0.1-linux-glibc21-i386.tar.gz
cd ZendOptimizer-3.0.1-linux-glibc21-i386
./install
If u still receiving “Zend Optimizer Not Installed” error page, then
SELinux is interfering with Apache’s attempt to access the .so file.
So do this commands
#chcon -t texrel_shlib_t path_of_ZendOptimizer.so (/usr/local/Zend/ZendOptimizer.so)
#execstack -c path_of_ZendOptimizer.so (/usr/local/Zend/ZendOptimizer.so)
#setenforce 0
#getenforce
then restart httpd and check.
If the issue still persist,
vi /etc/selinux/config
SELINUX=disabled
then reboot the server
Round robin DNS is a technique in which load balancing is performed by a DNS server instead of a strictly dedicated machine. A DNS record has more than one value IP address.
When a request is made to the DNS server which serves this record, the answer it gives alternates for each request. For instance, if you had a three webserver that you wished to distribute requests between, you could setup your DNS zone as follows:
# vi /var/named/domain.com.db
Append/modfiy www entry:
www IN A 1.2.3.4
IN A 2.3.4.5 IN A 3.4.5.6
IN A 4.5.6.7 # /etc/init.d/named restart
To disable ping
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
To enable ping
echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all
Sometimes your server’s IP address may get black listed by most of RBLs. In such situation a quick solution is to route the emails through a secondary IP address on the same server which is not black listed. There are two options to switch the mail server IP.
1. In Cpanel:
Login to WHM
Click Exim Configuration Editor
Check the box next to:
“Send outgoing mail from the ip that matches the domain name in /etc/mailips (*: IP can be added to the file to change the main outgoing interface)”
Save Changes
Then edit the file /etc/mailips
vi /etc/mailips
and add:
*: newIP
Restart exim
or
2. Through Shell
vi /etc/exim.conf
Locate remote_smtp
Change as per below:
remote_smtp:
driver = smtp
#interface = ${if exists {/etc/mailips}{${lookup{$sender_address_domain}lsearch{/etc/mailips}{$value}{}}}{}}
#helo_data = ${if exists {/etc/mailhelo}{${lookup{$sender_address_domain}lsearch{/etc/mailhelo}{$value}{$primary_hostname}}}{$primary_ho stname}}
interface = 111.222.333.444 # Change to your server IP address.
Save changes and exit.
Restart Exim
Recent Comments