What kernel/distro are you running? Show us the md5sum of sshd,
What kernel/distro are you running? Show us the md5sum of sshd,
# vi /etc/modprobe.confadd to the bottom of file:
alias ipv6 off alias net-pf-10 off
or before you reboot, also check out:
Current mails in queue:
Rest of the funny commands you can find @
# vi /etc/sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux # # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and # sysctl.conf(5) for more details. # Disables packet forwarding net.ipv4.ip_forward=0 # Disables IP source routing net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.lo.accept_source_route = 0 net.ipv4.conf.eth0.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0 # Enable IP spoofing protection, turn on source route verification net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.lo.rp_filter = 1 net.ipv4.conf.eth0.rp_filter = 1 net.ipv4.conf.default.rp_filter = 1 # Disable ICMP Redirect Acceptance net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.lo.accept_redirects = 0 net.ipv4.conf.eth0.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 # Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets net.ipv4.conf.all.log_martians = 0 net.ipv4.conf.lo.log_martians = 0 net.ipv4.conf.eth0.log_martians = 0 # Disables IP source routing net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.lo.accept_source_route = 0 net.ipv4.conf.eth0.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0 # Enable IP spoofing protection, turn on source route verification net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.lo.rp_filter = 1 net.ipv4.conf.eth0.rp_filter = 1 net.ipv4.conf.default.rp_filter = 1 # Disable ICMP Redirect Acceptance net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.lo.accept_redirects = 0 net.ipv4.conf.eth0.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 # Disables the magic-sysrq key kernel.sysrq = 0 # Decrease the time default value for tcp_fin_timeout connection net.ipv4.tcp_fin_timeout = 15 # Decrease the time default value for tcp_keepalive_time connection net.ipv4.tcp_keepalive_time = 1800 # Turn off the tcp_window_scaling net.ipv4.tcp_window_scaling = 0 # Turn off the tcp_sack net.ipv4.tcp_sack = 0 # Turn off the tcp_timestamps net.ipv4.tcp_timestamps = 0 # Enable TCP SYN Cookie Protection net.ipv4.tcp_syncookies = 1 # Enable ignoring broadcasts request net.ipv4.icmp_echo_ignore_broadcasts = 1 # Enable bad error message Protection net.ipv4.icmp_ignore_bogus_error_responses = 1 # Log Spoofed Packets, Source Routed Packets, Redirect Packets net.ipv4.conf.all.log_martians = 1 # Increases the size of the socket queue (effectively, q0). net.ipv4.tcp_max_syn_backlog = 1024 # Increase the tcp-time-wait buckets pool size net.ipv4.tcp_max_tw_buckets = 1440000 # Allowed local port range net.ipv4.ip_local_port_range = 16384 65536
For changes to take affect right away
# vi /etc/my.cnf
#opteron 852 4GB RAM [mysqld] safe-show-database max_connections = 500 key_buffer = 150M myisam_sort_buffer_size = 64M join_buffer_size = 1M read_buffer_size = 1M sort_buffer_size = 1M table_cache = 1024 thread_cache_size = 100 wait_timeout = 300 connect_timeout = 10 max_allowed_packet = 16M max_connect_errors = 10 query_cache_limit = 1M query_cache_size = 32M query_cache_type = 1 skip-innodb thread_concurrency=4 [mysqld_safe] open_files_limit = 8192 [mysqldump] quick max_allowed_packet = 16M [myisamchk] key_buffer = 64M sort_buffer = 64M read_buffer = 16M write_buffer = 16M[mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock skip-locking #skip-networking safe-show-database query_cache_limit=1M query_cache_size=128M ## 32MB for every 1GB of RAM query_cache_type=1 max_user_connections=200 max_connections=500 interactive_timeout=10 wait_timeout=20 connect_timeout=20 thread_cache_size=128 key_buffer=256M ## 64MB for every 1GB of RAM join_buffer=1M max_connect_errors=20 max_allowed_packet=16M table_cache=1024 record_buffer=1M sort_buffer_size=4M ## 1MB for every 1GB of RAM read_buffer_size=4M ## 1MB for every 1GB of RAM read_rnd_buffer_size=4M ## 1MB for every 1GB of RAM thread_concurrency=4 ## Number of CPUs x 2 myisam_sort_buffer_size=64M server-id=1 log_slow_queries=/var/log/mysql-slow-queries.log long_query_time=2 collation-server=latin1_general_ci old-passwords [mysql.server] user=mysql basedir=/var/lib [safe_mysqld] err-log=/var/log/mysqld.log pid-file=/var/lib/mysql/mysql.pid open_files_limit=8192 [mysqldump] quick max_allowed_packet=16M [mysql] no-auto-rehash #safe-updates [isamchk] key_buffer=32M sort_buffer=32M read_buffer=16M write_buffer=16M [myisamchk] key_buffer=32M sort_buffer=32M read_buffer=16M write_buffer=16M [mysqlhotcopy] interactive-timeout
If email is not being received, but you're able to log in, it may be a permission's problem
(This may occur when restoring backup accounts)
# /usr/local/directadmin/scripts/set_permissions.sh email
If you're unable to su to root, even if inputing the correct password
SSH to the old server and go to /usr/share/ssl/certs/, here you find the www.domain.com.crt (SSL Certificate) and the www.domain.com.cabundle (Cabundle), You will find the key www.domain.com.key at /usr/share/ssl/private/ path.
For those of you who check your nameservers and other DNS related issues using the popular site dnsreport you're probbaly seeing Fail Open DNS Servers. We'll show you have to fixed named to close open dns servers.
Every system needs temporary folders that any user is able to read and write BUT these directories should not be able to execute programs or scripts. Though this will only protect you from somebody running the script directly it will help with a large portion of the automated rootkits and trojans that script kiddies use. They will still be able to put the files on the system but they will be unable to execute them and create the back door. One of the biggest problems is php injection via apache in which people will have apache download and then run an exploit. Securing the temp directories is probably the single biggest thing you can do towards securing your server.
Published on eth0.us - General info for cPanel, plesk, ensim, and linux! (http://www.eth0.us)
How-to: Determine if a server is hacked
Created 2005-05-09 10:59
How-to: Determine is a server is hacked
OK, Here's the revised edition. Updated to reflect the latest kernel at this time (22.214.171.124) and removed the "make mrproper" command since it was wiping out the old config and causing big issues.
Author: Falko Timme <ft [at] falkotimme [dot] com>
Last edited 07/05/2006
Firewall settings are great for preventing Denial of Service (DoS) attacks, however it may not always be your only solution. The day has finally arrived when I found this excellent module called mod_dosevasive (DoS Evasive) which keeps track of how many requests each client makes to your server within intervals. If a client is being forceful with your server and making too many requests, then it is more than likely not just a web browser but some automated process unleashed on your site to try and take it down.
This handy Apache module we have found takes care of these issues. Let's get started by setting it up.
About this series
The typical UNIX® administrator has a key range of utilities, tricks, and systems he or she uses regularly to aid in the process of administration. There are key utilities, command line chains, and scripts that are used to simplify different processes. Some of these tools come with the operating system, but a majority of the tricks come through years of experience and a desire to ease the system administrator's life. The focus of this series is on getting the most from the available tools across a range of different UNIX environments, including methods of simplifying administration in a heterogeneous environment.
If you are in the danger of getting your main server IP block by SpamCop because you had a few anoying spamers abusing your server then you could simply change your exim mailserver IP to avoid the effect of your main IP beeing blacklisted.
In this article I am trying to explain what DDOS is and how it can be prevented. DDOS happens due to lack of security awareness of the network/server owners. On a daily basis we hear that a particular machine is under DDOS attack or NOC has unplugged the machine due to DDOS attack . So DDOS has become one of the common issues in this electronics world. DDOS is like a disease which doesn't have an anti-viral developed. So we should be carefull while dealing with it . Never take it lightly. In this article i am trying to explain the steps/measures which will help us defend from DDOS attack ,up to a certain extend .
That will stop upcp from touching MySQL.
To upgrade manually
If you upgrade manually you need to remember to create the file:
(Otherwise upcp will simply downgrade it again.)
Spam: If you have an email address I bet you're fed up with the unsolicited mail you receive. The increase in spam has virtually relegated email as an adult only facility. Spam is a waste of our time. Many spam emails are obscene, many are offensive or insulting to one's inteligence e.g. "I have a zillion pounds that I want to put into your bank account, please fax your bank account details to me...This is not a scam, honest!".
tar zxf perl587installer.tar.gz
I was reading through the mails in the php-general mailing list and came across this mail by Rasmus about AJAX
Carrier Server Address
America Online (AOL) smtp.aol.com
Atlantic Broadband smtp.atlanticbb.net
AT&T (Broadband) mail.attbi.com