Blog Archives

Iptables rule to allow access only from one IP

iptables -I INPUT -s (allowip) -p tcp –dport (port) -j ACCEPT iptables -A INPUT -s 0.0.0.0/24 -p tcp –dport (port) -j DROP

Posted in Issues, Server Security

Drop Sync/DDOS Attack

1. Find.. to which IP address in the server is targeted by the ddos attack netstat -plan  | grep  :80 | awk ‘{print $4}’ | cut -d: -f1 |sort |uniq -c 2. Find… from which IPs, the attack is coming

Posted in Issues, linux, Scripts, Server Security

Disable ping to server

To disable ping echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all To enable ping echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all

Posted in Issues, Server Security

Prevent SYN attacks

1. Enable SYN cookies mechanism in the server by the executing command: # echo 1 > /proc/sys/net/ipv4/tcp_syncookies 2. Increase the backlog queue to 2048 by the command: # sysctl -w net.ipv4.tcp_max_syn_backlog=”2048″

Posted in Apache, Issues, Server Security

Script used to correct permission of files after suphp

#!/bin/bash # For some stupid reason, cPanel screws up the directory permissions. chmod 755 /opt/suphp find /opt/suphp -type d -exec chmod 755 {} \; # Ensure that the permissions are sane and won’t cause a 500 error. for user in

Posted in Cpanel, Issues, Scripts, Server Security

Script used to find vulnerable php files

#!/bin/bash shellpattern=’r0nin|m0rtix|upl0ad|r57|c99|shellbot|phpshell|void\.ru|phpremoteview|directmail|bash_history|vulnscan|spymeta|raslan58′ for user in `/bin/ls /var/cpanel/users` do find /home/$user/public_html \( -name ‘*.php’ -o -name ‘*.cgi’ -o -name ‘*.inc’ \) -exec \ egrep -il “$shellpattern” {} \; done

Posted in Issues, Scripts, Server Security

To block an IP range using Iptables

iptables -I INPUT -m iprange –src-range 192.168.1.10-192.168.1.13 -j DROP

Posted in General discussions, Issues, Server Security

How to find PHP injection through logs

URL Injection — attempt to inject / load files onto the server via PHP/CGI vulnerabilities Sample log report including date and time stamp (1st field is “request”, 2nd field is the IP address or the domain name being attacked, and

Posted in Issues, Scripts, Server Security

Drop DDOS attack

1. Find.. to which IP address in the server is targeted by the ddos attack netstat -plan  | grep  :80 | awk ‘{print $4}’ | cut -d: -f1 |sort |uniq -c 2. Find… from which IPs, the attack is coming

Posted in General discussions, Issues, Scripts, Server Security

Preset Cpanel Servers

To preset a server: First login and go to the WHM > Server Configuration > Basic cPanel/WHM Setup: 1) Check that the main ip is the server primary ip 2) Make sure that the primary and secondary ns are set

Posted in Server Security, Server Setup
Blog Stats
  • 111,840 hits
Follow

Get every new post delivered to your Inbox.

Join 209 other followers