Nobody Prevention Script

A big problem today is the abundance of Spammers listing as "Nobody".

This tutorial will outline how to properly set it up on Cpanel based systems.

root@yourserver [~]# mv /usr/sbin/sendmail /usr/sbin/sendmail.real
// backup your existing sendmail in the event of an error.

root@yourserver [~]# pico /usr/sbin/sendmail
// Open this badboy up, now paste the code below into it.

Code:

#!/usr/local/bin/perl

# use strict;
 use Env;
 my $date = `date`;
 chomp $date;
 open (INFO, ">>/var/log/formmail.log") || die "Failed to open file ::$!";
 my $uid = $>;
 my @info = getpwuid($uid);
 if($REMOTE_ADDR) {
         print INFO "$date - $REMOTE_ADDR ran $SCRIPT_NAME at $SERVER_NAME \n";
 }
 else {

        print INFO "$date - $PWD -  @info\n";

 }
 my $mailprog = '/usr/sbin/sendmail.real';
 foreach  (@ARGV) {
         $arg="$arg" . " $_";
 }

 open (MAIL,"|$mailprog $arg") || die "cannot open $mailprog: $!\n";
 while ( ) {
         print MAIL;
 }
 close (INFO);
close (MAIL);

Now save the work above...

root@yourserver [~]# chmod +x /usr/sbin/sendmail
// make sendmail executable

root@yourserver [~]# echo > /var/log/formmail.log

root@yourserver [~]# chmod 755 /var/log/formmail.log (If no work change to chmod 777)

root@yourserver [~]# pico /var/log/formmail.log
// above is where all the data is stored, it may take up to a couple hours for it to begin filling with data. However if you notice an extreme amount of instances of a user sending mail, it may be spam. In the past without this script it would list them as "Nobody". With the script in place it lists the user and where the mail is being setn from.
--------------------------------------------------------------------------
As always it's a good idea to routinely check who and how many perl processes are running as this is also another large gateway for outgoing spam.

root@yourserver [~]# ps aux | grep perl
// if you see a user with one to many perl processes running, and nothing much going on at his site, in most cases that i've seen this is the source of spam.
__________________

I am not able to use WGET ?

cp /usr/bin/wget /usr/bin/mywget

chmod 751 /usr/bin/mywget

How to remove the blocked ip using iptables

1. First check that ip is blocked or not
2. iptables –L –n | grep

DROP all -- 125.99.10.123 216.240.157.91

3. to unblock the ip give the command

iptables -D INPUT -s 125.99.10.123 -d 216.240.157.91 -j DROP

Now the ip is unblocked.

- How to block the IP using iptables

=>

/sbin/iptables -A INPUT -s 81.91.64.167 -j DROP

Awstats just disappeared from the cpanel

1. Login to the WHM of the server for that domain.
2. Go to Server configuration->Tweak setting
3. Just click on the “Awstats stats” option in Stats program.
4. It will take 1-2 hours to reflect the changes.

Now login to the cpanel of the user and you can see the awstats option in Web FTP/stats.

How to make empty file?

echo –n >filename

OR

cat > filename (then press Ctl+d. The file will be be empty)

How directly run webstat through IE ( i.e domainname.com/webstat)

cd /home/username/public_html

ln -s ../tmp/webalizer webstat

cd ..

chmod 755 tmp

cd tmp

chmod 755 webalizer

Client only wants horde to work for the mail and not neomail or roundcube or squirrelmail. The soution is as follows:

1)create subdomain name

2)add these in .htaccess

RewriteEngine on

RewriteCond %{HTTP_HOST} ^email.cedenar.com.co$ [OR]

RewriteCond %{HTTP_HOST} ^www.email.cedenar.com.co$

RewriteRule ^(.*)$ http://email.cedenar.com.co:2095/horde/login.php [R=301,L]

3)create a test email account and check it.

How to check the mail queuefor the particular account on the server

exim –bp | exiqsumm > spamm.txt

After executing this a command you will get the result in spamm.txt file. This command takes time for execussion. Execute this command when the load of the server is below 5.

How to enable port 26 for SMTP on the server

Please refer the following steps :

1. Login to server WHM. Go to Main >> Service Configuration >> Service Manager
2. At the botom add the number 26 at "exim on another port"
3. In /etc/apf/conf.apf add the port 26 at this line "EG_TCP_CPORTS"
4. apf –r

How to set limit to remove the Frozen Maiils Automatically ?

vi /etc/exim.conf

timeout_frozen_after = 8d ( 8 Days )

/scripts/restartsrv_exim

How to install squirrelmail lanuage package

cd /usr/local/cpanel/base/3rdparty/squirrelmail
wget http://switch.dl.sourceforge.net/sourceforge/squirrelmail/all_locales-1.4.5-20050904.tar.gz
tar -xvzf all_locales-1.4.5-20050904.tar.gz

OR

wget http://easynews.dl.sourceforge.net/sourceforge/squirrelmail/all_locales-1.4.5-20050904.tar.gz

tar -xvzf all_locales-1.4.5-20050904.tar.gz

How to detect spam

tail -f /var/log/exim_mainlog|grep /tmp

tail –f /var/logs/exim_mainlog |grep public_html

tail –f /var/logs/exim_mainlog |grep sendmail

check mail queue

How to configure Logwatch on the server?

vi /etc/log.d/logwatch.conf

Scroll to MailTo =

Replace the lines with

MailTo = root

to

MailTo = support@udsquare.net,wlu@gazzin.com

also change the line

details=Low

to

details=High

How to set _globals off/on?

Just create a .htaccess file in the folder where the script is, and write only this

"php_flag register_globals off"

1

It works for me.

OR

You can also do it this way:

php_value register_globals 0 --------------- for Off

php_value register_globals 1 --------------- for On

This too works.

OR

In general what ever function you want to enable or disable, this is the general format:

php_value function 0 or 1 ---------------for disable or enable respectively.

How to increase ftp upload limit?

a) first check the ftp running ie pure-ftp or pro-ftp.

b) likewise edit the file proftpd.conf or pure-ftpd.conf .

c) edit pure-ftpd.conf

d) search for word “quota”

1. uncomment it and it is in the format 1000:10

The first number is the max number of files. The second number is the max size of megabytes. So 1000:10 limits every user to 1000 files and 10 Mb.

How to trace the DDOS attack on the server ?

1. Your should have following setting at the time of DDOS attack in httpd.conf:

TimeOut = 20

KeepAlive Off

MaxClients 384

MinSpareServers 20

MaxSpareServers 25

2. in /usr/local/ddos/ddos.conf

NO_OF_CONNECTIONS=20

3. You should have 7 SSH session and 1 WHM at the time of DDOS.

4. Check the domlogs to trace out a particular website for the DDOS. Use the following command to check the latest updated domlog file for the website.

ll -lt |less

5. You should keep the following command to check the DDOS.

top, access_logs, error_logs,

ps aux | grep php

check the apache status in the WHM

cd /root/nobody_check

./apachetrace

cd /tmp

ls and check suspected scripts.

6. If necessary reboot the server. This will kill the http process which is causing the DOS. When the server is up, that process will start again and at that time you can trace it and kill it.

7. You can change the permission of the suspected domain. Make the DNS changes to 127.0.0.1 . please use TTL 20 for fast dns propagation. Don't set the redirectio for the website in httpd.conf.

8. After the DDOS attacker is trace down, don't forget to revert back the changes make to https.conf.

9. Suspend the suspected domain and mail the client about this.

check queue by whm

if queue is high I will check queue by whm

I will scroll bottom I will see which domain is most of time or aol

If I find any I will click on id I will see his email headers so we ill get spammer.

I know all mails are not spamer in such case we will delete mails. Only

Tail –f /var/log/exim_mainlog |grep sendmail

Tail –f /var/log/exim_mainlog |grep tmp

Tail –f /var/log/exim_mainlog |grep public_html

Tail –f /var/log/exim_mainlog |grep hostname

Or

Cd /var/spool/cron

Check if someone is sending mail or bulk list.

2)check aol mails

if we find continuously mails from AOL

logged at server

check mail queue who is sending mail to AOL id check header and suspend the account.

As per apache load.

Ps auw |grep nobody

We check is there any old or bad process kill it

We check apache status.

We check access_logs

We check domlogs of domain

For control

1)cap domain name for ip limit

2)if ddos 127.0.0.1 update client

3)if accessing only one file redirect it

4)if ~access ban by mod_sec

in ddos we used following method

In DDOS ON mode usually the best setting is

/usr/local/ddos/ddos.conf

NO_OF_CONNECTIONS=100

/etc/httpd/conf/httpd.conf

Timeout =10

KeepAlive = OFF

mod_evasive = uncomment

===========================================================

In DDOS OFF mode

/usr/local/ddos/ddos.conf

NO_OF_CONNECTIONS=650

/etc/httpd/conf/httpd.conf

Timeout =50

KeepAlive = On

mod_evasive = comment

Ddos mode should be off when attack stop.

We check proc/pid too

mysqladmin processlist

if one database again and again we suspend him.

Cpanel default page

When you dive domain name on the browser, it give you cpanel’s default page.

1. login to the shell.

2. killall nobody.

3. /scripts/restartsrv_httpd

4. then the error is solved.

If you are still getting the error please you have to check the error_logs for the apache.

Unable to Publish web using http:// but can publish using ftp://

Unable to Publish web using http:// but can publish using ftp://

/scripts/initfpsuexec

How to suspend anyone using .htaccess

RedirectMatch .* http://caglewebcreations.com/suspended.page/

Options -Includes -Indexes –ExecCGI

Turning safe mode on or off for a single account

In their www directory add / edit the .htaccess with following lines

php_value safe_mod 0

0=off

1=on

How to disable directory or file listing for particular website?

a)vi .htaccess

Options All -Indexes

save the changes.

OR

a)vi .htaccess

add this to the file

IndexIgnore *

Find help on this link for most of the general soultions regarding directory listing:

http://www.clockwatchers.com/htaccess_dir.html

How to allow visitors to view the files in website? (directory or file listing)?

To get a folder views please follow these instructions:

a) Create a file named. htaccess if not created. This can be done in any text editor.

Make sure you save the file as .htaccess (a period at the beginning of file name)

b) In the first line of this file type in

Options +Indexes

c) Save the file

d) Now, upload the file to your web space, specifically the directory in which you

want visitors to see the file listing.

How to access mysql database remotely or third party tools.

Please refer the following steps :

1)login into cpanel

2)click on mysql database option

3)add % in access text box

4)click on add access host

DEBUG MODE

Mysql error

DEBUG MODE

SQL Error: 1016 can’t open file: 'phpbb_config. MYI’. (errno: 144)

SELECT * FROM phpbb_config

Line: 235

File: /home/speedjun/public_html/forum/common.php

=>

go to cd /var/lib/mysql/speedjun_phpbb2

Miasmic -o phpbb_config. MYI

Fantastico missing from Rvskin

Please follow the given steps :

cd /home/rvadmin
mv .fantasticodata/ /backup/oldcpanel/
mv .rvnewfantastico /backup/oldcpanel/

How to fix quota issue?

Error:- run fixquota problem is still there.

=>

a)run fixquota on the server please run following command

b)if fixquota will not solve the problem

c) find / -user username > 1.txt

d)less 1.txt and find the backup files which is using the space delete the file.

( Please run fixquota at the time when many user or domain name have the problem )

How to change reseller username?

Please refer the following given steps :

• 1) login on whm
• 2) click on reseller center.
• 3) select user and remove reseller privileges (please copy or note down reseller info for
• example disk space bandwidth and other user).
• 4) modify username..
• 5) add reseller privileges.
• 6) change ownership of other user and set with same reseller.

Fantastico not working?

Fantastico not working?

eg: 404 "not found" error at this url:

Solutions :

run script

#/root/fantfix

WebHost Manager that aren't showing Domain

The client is saying, “I've added accounts in WebHost Manager that aren't showing up.

What's wrong ? “

=> Your domain database has not been updated, you need to run:

#/scripts/updateuserdomains

Insallation of Shoutcast

What is shoutcast?

SHOUTcast is Nullsoft's Free Winamp-based distributed streaming audio system. Thousands of broadcasters around the world are waiting for you to tune in and listen. You can start your own radio station and stream music and live shows. See an example of hundreds of world-wide stations at shoutcast.com

-------------------------------

How do we install shoutcast?

Generally you dont want to run shoutcast as root as that can be really bad and a security issue, instead we'll create a shoutcast user:

1.) Login to root through SSH on the server.
2.) adduser shoutcast
3.) passwd shoutcast

Now it will ask for a new password set this and remember it.

Installing shoutcast

Lets grab shoutcast from nullsoft:

1) wget http://www.shoutcast.com/downloads/sc1-9-2/shoutcast-1-9-2-linux-glibc6.tar.gz

Lets extract shoutcast:
2) tar -zxvf shoutcast-1-9-2-linux-glibc6.tar.gz

Lets tidy up the directory:
3) rm -rf shoutcast-1-9-2-linux-glibc6.tar.gz
mv shoutcast-1-9-2-linux-glibc6 shoutcast
cd shoutcast

Shoutcast has now been installed!


How to configure shoutcast?

Now we need to edit the configuration file.

pico sc_serv.conf
or you can use vi which I prefer, a bit more advanced to use.
vi sc_serv.conf

Ok lets set some important configureation options. Change these settings in the file:
MaxUser
Password
PortBase

uncomment AdminPassword and set an admin password.

Now at this point you can go threw the settings and change them to what you want or you can save and start shoutcast and it will work perfectly.

to save crtl+x (if using pico) or :wq if using vi

How do i start shoutcast?

./sc_serv sc_serv.conf

--------------------------------------------

Script to catch malicious perl scipts uploaded to /tmp

Following script can help you to catch malicious perl scipts uploaded to /tmp.

#!/bin/bash
#Script designed for http://dantechie.blogspot.com/. Its GNU,FREE,DISTRIBUTABLE

ROOTBADSCRIPTS=/root/badperlscripts
EMAILLOG=/root/emailperlscriptlog
LOAD=`cat /proc/loadavg | awk ‘{print $1, $2, $3}’`
HOST=`hostname`
TIME=`date`
ADMINEMAILS=”,admin@admin.com”
if [ ! -e $ROOTBADSCRIPTS ]; then
mkdir $ROOTBADSCRIPTS
chmod 700 $ROOTBADSCRIPTS
fi
rm -f $EMAILLOG
touch $EMAILLOG
for FILES in /tmp/*
do
if [ ! -d $FILES ]; then
if [ -w $FILES ]; then
#grep perl $FILES > /dev/null 2>&1
head -1 $FILES | grep perl > /dev/null 2>&1
if [ $? -eq 0 ];
then
echo “$TIME $HOST $FILES — perl script found Load : $LOAD ” >> $EMAILLOG
mv -f $FILES $ROOTBADSCRIPTS
killall -9 perl > /dev/null 2>&1
killall -9 perl > /dev/null 2>&1
killall -9 perl > /dev/null 2>&1
#//chown root.root $FILES
#//chmod 000 $FILES
#//chattr +i $FILES
fi
fi
fi
done
for FILES in /dev/shm/*
do
if [ ! -d $FILES ]; then
if [ -w $FILES ]; then
#grep perl $FILES > /dev/null 2>&1
head -1 $FILES | grep perl > /dev/null 2>&1
if [ $? -eq 0 ];
then
echo “$HOST $FILES — perl script found Load : $LOAD ” >> $EMAILLOG
mv -f $FILES $ROOTBADSCRIPTS
killall -9 perl > /dev/null 2>&1
killall -9 perl > /dev/null 2>&1
killall -9 perl > /dev/null 2>&1
#//chown root.root $FILES
#//chmod 000 $FILES
#//chattr +i $FILES
fi
fi
fi
done
if [ -s $EMAILLOG ]; then
cat $EMAILLOG | mail -s “Perl Script report on $HOST” $ADMINEMAILS
fi
exit

How to disable telnet access on server

Telnet should be disabled on all web servers, and you should use SSH. Telnet sends password in plain text passwords and usernames through logins, and ‘crackers/hackers’ can obtain these passwords easily as compared to SSH. TELNET server listens for incoming messages on port 23, and sends outgoing messages to port 23.

1. Login to your server through SSH as a root user.

2. open file
# vi /etc/xinetd.d/telnet

3. Look for the line: disable = no and replace with disable = yes

4. Now restart the inetd service:
#/etc/rc.d/init.d/xinetd restart

5. Turn off it through chkconfig as well because it can still start through that.
#/sbin/chkconfig telnet off

6. Scan your server to ensure port 23 is closed.
#nmap -sT -O localhost

Also run ps -aux | grep telnet and if you find anything other than “grep telnet” as result kill the process.

Difference between Linux and Windows

Linux is an open-source Operating System. People can change codes and add programs to Linux OS which will help use your computer better. Linux evolved as a reaction to the monopoly position of windows. you can't change any code for windows OS. You can't even see which processes do what and build your onw extension. Linux wants the programmers to extend and redesign it's OS. Linux user's can edit its OS and design new OS.

All flavors of Windows come from Microsoft. Linux come from different companies like LIndows , Lycoris, Red Hat, SuSe, Mandrake, Knopping, Slackware.

Linux is customizable but Windows is not. For example,NASlite is a version of Linux that runs off a single floppy disk and converts an old computer into a file server. This ultra small edition of Linux is capable of networking, file sharing and being a web server.

Linux is freely available for desktop or home use but Windows is expensive. For server use, Linux is cheap compared to Windows. Microsoft allows a single copy of Windows to be used on one computer. You can run Linux on any number of computers.

Linux has hign security. You have to log on to Linux with a userid and password. You can login as root or as normal user. The root has full previlage.

Linux has a reputation for fewer bugs than Windows.

Windows must boot from a primary partition. Linux can boot from either a primary partition or a logical partition inside an extended partition. Windows must boot from the first hard disk. Linux can boot from any hard disk in the computer.

Windows uses a hidden file for its swap file. Typically this file resides in the same partition as the OS (advanced users can opt to put the file in another partition). Linux uses a dedicated partition for its swap file.

Windows separates directories with a back slash while Linux uses a normal forward slash.

Windows file names are not case sensitive. Linux file names are. For example "abc" and "aBC" are different files in Linux, whereas in Windows it would refer to the same file.

Windows and Linux have different concepts for their file hierarchy. Windows uses a volume-based file hierarchy while Linux uses a unified scheme. Windows uses letters of the alphabet to represent different devices and different hard disk partitions. eg: c: , d: , e: etc.. while in linux " / " is the main directory.

Linux and windows support the concept of hidden files. In linux hidden files begin with " . ", eg: .filename

In Linux each user will have a home directory and all his files will be save under it while in windows the user saves his files anywhere in the drive. This makes difficult to have backup for his contents. In Linux its easy to have backup's.

What is Digg?

Digg is a popular social bookmarking and content discovery website. Although site management and maintenance is done the website’s paid staff, everything on digg is submitted by the digg user community. These submissions are subject to peer review and are voted upon by other site visitors. The stories receiving enough diggs is posted on the websites front page, for the millions of digg visitors to see. According to Alexa, Digg is one of the most popular websites on the internet, reaching 1 out of every 100 internet users daily.

How to submit stories?

Submitting stories to digg is very easy. To submit stories you have to be a registered member of the digg, once you have registered and signed in, just click on the option submit story and then enter the URL of the story which you would like to submit. Then enter the title of the story with a short description and select the proper category for the story. You are only allowed to digg only original story and not any duplicate entry.

What can you do as a digg user?

Every digg user can digg (help promote), bury (help remove spam), and comment on stories. You can even digg and bury comments you like or dislike. Digg also allows you to track your friends’ activity throughout the site.

Inatall NoBody Check

Download
Nobody Check is available for download free here: nobody_check.tar.gz


Installation Script: NEW
Install Nobody Check has never been easier.

1) Login to your server as the root user through shell
2) wget http://www.webhostgear.com/projects/nobodycheck/install.sh
3) chmod +x install.sh
4) ./install.sh
Wait for the installer to finish
5) rm -f install.sh
6) Open the /usr/local/nobody_check/nc.conf and put in your email address and select your options

Demo Nobody Check now!
While we can't run an actual demo of the script we can provide you with the output it produces so you get the idea of how it works.

- Email Detection Result
- Shell Scan Result


Documentation
- readme which answers many questions
- changelog


Licensing
Nobody Check is Copyright of Wave Point Media Inc. and WebHostGear. All rights reserved. We express no warranty or liability if you use this tool. This script may not be copied, altered or redistributed unless you have explicit written permission from Wave Point Media Inc.

Also feel free to ask questions in our forums in our official Nobody Check support thread here.

Stay Updated New Releases
Join our mailing list and get details when we make product changes. We're frequently changing this script, adding new features and fixing bugs - we highly suggest joining the mailing list. We will never send you spam or sell your address.

PhpMyAdmin Installation Step by Step

This is a step-by-step tutorial for installation of phpMyAdmin on your shared/reseller/dedicated hosting space using FTP access or shell access.

1.ftp::Download the latest version from http://www.phpmyadmin.net/home_page/downloads.php.

The latest version is at the top. You can download the .zip file.

Shell::wget
http://mesh.dl.sourceforge.net/sourceforge/phpmyadmin/phpMyAdmin-2.9.0-rc1.tar.gz

2. ftp ::Extract the contents of the .zip file using a program like winrar.

shell:: tar -zxvf phpMyAdmin-2.9.0-rc1.tar.gz

3. [Optional] You may want to delete unneeded language files. This saves time while uploading. Go into ‘lang’ folder and delete all files except a) all the .sh files and b) the three .php files having names starting w/ ‘english’.

4. In this tutorial scope, we are going to have phpMyAdmin access and control all the tables in a single database that you are going to create.

a. Create a DB using cPanel

b. Create MySQL username and a password for this user

c. Assign all privileges to this user to access the DB

5. Edit the config.inc.php file.

a. Usually it is ‘localhost’.

$cfg[’Servers’][$i][’host’] = ‘localhost’; // MySQL hostname or IP address

b. Enter MySQL user you created in step 4 b.

$cfg[’Servers’][$i][’controluser’] = ‘MySQL_user’; // MySQL control user

settings

c. Enter MySQL user’s password that you created in step 4 b.

$cfg[’Servers’][$i][’controlpass’] = ‘MySQL_pass’; // access to the

“mysql/user”

d. Save the file and close it.

6. ftp::Log into your web space using a FTP client and create a directory, say phpmyadmin under public_html. Upload all the content into the directory created.

Shell:: For the convient move the phpMyAdmin fodler to phpmyadmin using following command under your public_html folder

mv phpMyAdmin-2.9.0-rc1 phpmyadmin

7. Installation is complete. Simply point your browser to the directory where you installed phpMyAdmin and you should be able to start using it.

8. Important: Password protect the directory where you installed phpMyAdmin or else anyone will be able to access it! You can do that using the admin panel that your host provides.

-- Dhananjay

Install Bandwidth manager on linux server

Install Bandwidth manager on linux server

cd /usr/local/src
[/usr/local/src]#wget http://www.gropp.org/bwm-ng/bwm-ng-0.5.tar.gz
[/usr/local/src]tar -zxf bwm-ng-0.5.tar.gz
[/usr/local/src]#cd bwm-ng-0.5
[/usr/local/src/bwm-ng-0.5]#./configure; make; make install
/usr/local/src/bwm-ng-0.5]# bwm-ng

it will show you following action
bwm-ng v0.5 (probing every 0.500s), press 'h' for help
input: /proc/net/dev type: rate
/ iface Rx Tx Total
===========================================================================
lo: 0.00 KB/s 0.00 KB/s 0.00 KB/s
eth0: 8.24 KB/s 17.83 KB/s 26.07 KB/s
---------------------------------------------------------------------------
total: 8.24 KB/s 17.83 KB/s 26.07 KB/s

How to stop hotlinking using .htaccess

You can stop others from hotlinking your site's files by placing a file called .htaccess in your Apache site root (main) directory. The period before the name means the file is hidden, so you may want to edit your file as htaccess.txt, upload it to your server, then rename the txt file to .htaccess in your directory. Contact your web host on how to access your directories and configure your .htaccess file.


Example: Your site url is www.mysite.com. To stop hotlinking of your images from other sites and display a replacement image called nohotlink.jpe placed in your images directory, place this code in your .htaccess file:


RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpe [L]

The first line of the above code begins the rewrite. The second line matches any requests from your own mysite.com url. The [NC] code means "No Case", meaning match the url regardless of being in upper or lower case letters. The third line means allow empty referrals. The last line matches any files ending with the extension jpeg, jpg, gif, bmp, or png. This is then replaced by the nohotlink.jpe file in your images directory. This JPEG image is using the extension jpe instead of jpg to prevent blocking your own replacement image.


To stop hotlinking from specific outside domains only, such as myspace.com, blogspot.com and livejournal.com, but allow any other web site to hotlink images:


RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?myspace\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?blogspot\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?livejournal\.com/ [NC]
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpe [L]

You can add as many different domains as needed. Each RewriteCond line should end with the [NC,OR] code. NC means to ignore upper and lower case. OR means "Or Next", as in, match this domain or the next line that follows. The last domain listed omits the OR code since you want to stop matching domains after the last RewriteCond line.


You can display a 403 Forbidden error code instead of an image. Replace the last line of the previous examples with this line:


RewriteRule .*\.(jpe?g|gif|bmp|png)$ - [F]


Warning: Do not use .htaccess to redirect image hotlinks to another HTML page or server that isn't your own (such as this web page). Hotlinked images can only be replaced by other images, not with an HTML page.

As with any htaccess rewrites, you may block some legitimate traffic (such as users behind proxies or firewalls) using these techniques.

Cpanel Server and all domains seem to not resolve

It seems that named.conf is getting blown away on some builds...may be only particular to ones on CentOS.

here is what you can do:

/scripts/rebuildnamedconf
/etc/init.d/named restart

That should get things going again.

Here is the thread cpanel forums has open on it:

http://forums.cpanel.net/showthread.php?p=191301

Spamd failed

Here is possible way to fix this problem. It appears to happen because of some bad CPAN links setup through cpanel. This should clear it out and hopefully restart spamd.

Logged in as root via ssh do the following:

rm -rf /home/.cpan
rm -rf /root/.cpan
rm -rf /root/.cpcpan
/scripts/updatenow
/scripts/perlinstaller
/scripts/exim4

/Var FULL

Please impliment the following commands when your /var goes full :

Mentanance Policy
echo > /var/log/exim_mainlogecho > /var/log/exim_rejectlogecho > /var/log/maillogecho > /var/log/messagesecho > /var/log/messages.1echo > /var/log/messages.2echo > /var/log/messages.3echo > /var/log/messages.4echo > /var/log/lastlogecho > /var/log/maillogecho > /var/log/maillog.1echo > /var/log/maillog.2echo > /var/log/maillog.3echo> /var/log/secureecho> /var/log/secure.1echo> /var/log/secure.2echo> /var/log/secure.3echo> /var/log/secure.4echo > /usr/local/apache/logs/access_logecho > /usr/local/apache/logs/suexec_logecho > /usr/local/apache/logs/error_logecho > /usr/local/cpanel/logs/access_logecho > /usr/local/cpanel/logs/error_logecho > /var/log/exim_mainlog.1echo > /usr/local/cpanel/3rdparty/mailman/logs/locksecho > /var/log/cron.2echo > /var/log/chkservd.logecho > /var/log/cron.4echo > /var/log/exim_paniclog.1echo > /var/log/exim_rejectlog.1echo > /var/log/exim_paniclog

Also please check the email queue with the command exim -bpc

Further also try to delete the directory /scan which is under /var/spool/exim

Install Chkrootkit

cd /root

wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

tar xvzf chkrootkit.tar.gz

mv chkrootkit-* chkrootkit

cd chkrootkit

make sense

SIM (System Integrity Monitor)

How to Install SIM

Login to your server via SSH as root.

wget http://www.r-fx.org/downloads/sim-current.tar.gz

tar xvfz sim-3*.gz

cd sim-3.0

./install.sh -i

Type

sim -j

If ifconfig is not eth0 (eg eth1, or venet0)

nano -w /etc/conf.sim

Installation of APF

cd /usr/local/src
wget http://rfxnetworks.com/downloads/apf-current.tar.gz
tar -zxf apf-current.tar.gz
cd apf-0.*
./install.sh

Now edit config file
vi /etc/apf/conf.apf
Scroll down to the “Common ingress (inbound) TCP ports section. At this point you need to find the correct configuration for your control panel.

IG_TCP_CPORTS=”20,21,22,25,26,53,80,110,143,443,465,993,995,2082,2083,2086,2087,2095,2096″
IG_UDP_CPORTS=”21,53,873″

EGF=”1″
EG_TCP_CPORTS=”21,22,25,26,27,37,43,53,80,110,113,443,465,873,2089″
EG_UDP_CPORTS=”20,21,37,53,873″

save the file
start apf
apf -s
If everything still works then edit the config file and turn dev mode off. Make sure you can start a new ssh session before changing dev mode off. If you are kicked out you need to go back and look at what caused the problem!
DEVEL_MODE=”0″

restart APF
apf -r

Open DNS Servers

vi /etc/named.conf

Before the line that says “directory /var/named”; (it could be /var, /var/named, etc)
Put:
recursion no;

service named restart

Make sure you can ping yahoo.com and google.com afterwards.

Lame Server Resolve

service named stop

vi /etc/named.conf

add the three lines at the top

logging {

category lame-servers { null; };

};

service named restart

Installation of Eaccelerator

cd /usr/local/src
mkdir ea
cd ea
wget http://kent.dl.sourceforge.net/sourc…r-0.9.5.tar.gz

tar zxvf eaccelerator-0.9.5.tar

cd eaccelerator-0.9.5

export PHP_PREFIX=”/usr”
$PHP_PREFIX/bin/phpize
./configure –enable-eaccelerator=shared –with-php-config=$PHP_PREFIX/bin/php-config
make
make install

For PLESK: vi /etc/php.ini

For CPANEL: vi /usr/local/lib/php.ini

If Zend is already installed, vi /usr/local/Zend/etc/php.ini

Find this:

;Windows Extensions

Above this, comment out the PHPA or ZEND lines if you have them. Replace them with this:

zend_extension=”/usr/local/src/ea/eaccelerator-0.9.5/modules/eaccelerator.so”
eaccelerator.shm_size=”16″
eaccelerator.cache_dir=”/tmp/eaccelerator”
eaccelerator.enable=”1″
eaccelerator.optimizer=”1″
eaccelerator.check_mtime=”1″
eaccelerator.debug=”0″
eaccelerator.filter=”"
eaccelerator.shm_max=”0″
eaccelerator.shm_ttl=”0″
eaccelerator.shm_prune_period=”0″
eaccelerator.shm_only=”0″
eaccelerator.compress=”1″
eaccelerator.compress_level=”9″

mkdir /tmp/eaccelerator

chmod 0777 /tmp/eaccelerator

service httpd restart

How to install Zend Optimizer

For i386

wget http://downloads.zend.com/optimizer/3.0.2/ZendOptimizer-3.0.2-linux-glibc21-i386.tar.gz
tar xvfz ZendOptimizer-3.0.2-linux-glibc21-i386.tar.gz
cd ZendOptimizer-3.0.2-linux-glibc21-i386
./install.sh

For x86_64
wget http://downloads.zend.com/optimizer/3.0.1/ZendOptimizer-3.0.1-linux-glibc23-x86_64.tar.gz
tar xvfz ZendOptimizer-3.0.1-linux-glibc23-x86_64.tar.gz
cd ZendOptimizer-3.0.1-linux-glibc23-x86_64
./install.sh

To view Stats without login to cpanel

You can view webalizer stats without login to your cpanel.

cd /home/user/www
mkdir stats
cd stats
ln -s /home/user/tmp/webalizer webalizer
cd ../
chown -R user:user stats
cd ../
chmod -R 0775 tmp

You can access it as http://domain/stats/

How to Install Mod_evasive

cd /root

wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz

tar xvfz mod_ev*

cd mod_evasive*

CPANEL & Apache 1

/usr/local/apache/bin/apxs -i -a -c mod_evasive.c

/etc/init.d/httpd restart

CPANEL & Apache 2

/usr/local/apache/bin/apxs -i -a -c mod_evasive20.c

/etc/init.d/httpd restart

PLESK & Apache 1

/usr/sbin/apxs -i -a -c mod_evasive.c

/etc/init.d/httpd restart

PLESK & Apache 2

/usr/sbin/apxs -i -a -c mod_evasive20.c

/etc/rc.d/init.d/httpd restart

Using RPM

Installing software (rpm -i)
rpm -ivh package.rpm

Uninstalling software (rpm -e)
rpm -e software name

Updating packages (rpm -U)

Note :: This will uninstall and install the new package avoiding this annoying messages. It is also usual to install packages with –U flag in this way:

rpm -Uvh software.rpm

How do you password protect your pages?

Using a password protected folder. With this method, you create the passwords ans usernames, and let users (members) have them. This method is used when a limited number of users will use the site.

Go the cpanel >> Password protection >> Select the name of the directory that you wish to protect >> Check the folder requires a password to access via http:// give a name such as Members now go back and create a user and password. Now when visitors will create this directory they will be prompted for username and password.

Lost Mysql root password ?

Few Simple steps to change your mysql root password.

service mysql stop

wait until MySQL shuts down. Then run

mysqld_safe –skip-grant-tables &

then you will be able to login as root with no password.

mysql -uroot mysql

In MySQL command line prompt issue the following command:

UPDATE user SET password=PASSWORD(”abcd”) WHERE user=”root”;
FLUSH PRIVILEGES;

At this time your root password is reset to “abcd” and MySQL will now
know the privileges and you’ll be able to login with your new password:

mysql -uroot -pabcd mysql

Steps for Kernel Upgrade

Following are steps to upgrade kernel on live servers.

1. Check current version of kernel on server using command uname -a, if
its 2.4 then download latest release for 2.4 please do not download 2.6
kernel.
You can download kernel from
http://www.kernel.org/pub/linux/kernel/v2.6/
if its 2.4 then http://www.kernel.org/pub/linux/kernel/v2.4/, you can
check latest stable release from http://www.kernel.org

2. wget kernel in /usr/local/src
3. untar it using tar -zxvf linux-2.x-xxxx
4. cd linux-2.x-x
5. make clean
6. make mrproper
7. If kernel is 2.4 then copy current version of config file from
/boot/config-’uname-r’ as .config in /usr/local/src/linux-2.x-xx, if
kernel is 2.6 then you do not need to make .config in current directory
8. make menuconfig, select and check if all required modules are
selected,
also make sure that your kernel supports multiple cpu
you can check it and select from processor type, if it displays support
for more then 2 kernel then you do not need to modify anything there.
9. save configuration and exit
10. make modules if kernel is 2.4 then need to run make dep before
running
make modules
11. make modules_install
12. make
13. if 2.4 kernel then need to run make bzImage and then make install,
you can directly run make install if kernel is 2.6
15. now make sure bootloader and modify default kernel accordingly
grubby –bootloader-probe if it displays grub then edit /etc/grub.conf
and
if its lilo then edit lilo.conf and make compiled kernel as default
kernel
16. If your boot loader is lilo then you need to run one more command
/sbin/lilo which will update lilo
17. now its time to reboot server

How to enable/disable PING

To Enable PING on the server

echo “0″ >> /proc/sys/net/ipv4/icmp_echo_ignore_all

To Disable PING on the server

echo “1″ >> /proc/sys/net/ipv4/icmp_echo_ignore_all

How to Install RvSkin

Installation

Create a account from whm called rvskin.com

1. SSH as root to server that was registered while purchasing the license and run:

mkdir /root/rvadmin

cd /root/rvadmin

wget http://download.rvglobalsoft.com/download.php/download/rvskin-auto/saveto/rvauto.tar.bz2; bunzip2 -d rvauto.tar.bz2; tar -xvf rvauto.tar; perl /root/rvadmin/auto_rvskin.pl

Answer a couple of questions on your shell, and wait until it finishes. First installation will take 2- 5 minutes to install. Installer will create a new hosting account ‘rvadmin’. Don’t terminate it. It will be used for internal RVSkin configuration management.

2. Log in to RVSkin Manager. Both root and reseller are able to access RVSkin Manager in WHM / Add-ons (at the bottom left menu). If you cannot find the RVSkin Manager menu, please close WHM and open it again.

If there is no messages display on the skin, please run this command on your SSH.

rm -f /usr/local/cpanel/Cpanel/rvversion
perl /root/rvadmin/auto_rvskin.pl

3. In RVSkin Manager:

* Set global configuration
* Set default language
* Create defaul feature list for user and for reseller
* Set tweak setting, reseller feature control, body links, top links, help, tutorial links, and etc.
* Test configuration setting in 2 hosting accounts.
* rvadmin: this account can consider to be account belong to root
*reseller’s client: this account will reflect setting from reseller skin manager. If it is not configued, it will remain anonymous.

4. Change user cPanel to RVSkin themes
5. Change cPanel language to the new language

How to Update stats on Plesk server

Run the following command to update stats on plesk server.

/usr/local/psa/admin/sbin/statistics

How to disable mod_security for an individual account ?

If you are receiving the error for mod_security, access denied with error code 403 when you check the error logs for any account. You can disable the mod_security for that account by adding a simple code in his .htaccess

==================

SecFilterEngine Off
SecFilterScanPOST Off

==================

Synchronize time on Cpanel servers

Command to Synchronize time on Cpanel servers

rdate -s rdate.cpanel.net

Enabling FP extensions for an addon domain

HowTo enable FP extensions for an addon domain
——————————————————————-
A) We won’t be able to install FP extensions on addon domain basically for
two reasons.

1) There won’t be a ServerName entry for the addon domain in the Apache config file and hence the install program will show an error like
the “domain” is not a valid virtual server.

2) FrontPage extension install program won’t install extensions in a directory which comes under another domains web root having FP extensions already installed.

To overcome these hurdles you can do the following.

1) Comment out the existing ServerName entry for the subdomain.

2) Create a new ServerName entry for in the corresponding subdomain’s VirtualHost entry.

3) Create a temporary folder in the document root of main domain and MOVE all .htaccess* and _* files from public_html in to the new directory.

4) Remove the _* and .htaccess files(created by FP) from the addon domain’s folder.

5) Verify the access.conf file in apache config directory and ensure that the AllowOverride directive is set to ‘All’. Some times this will not be enough for us to continue, hence, you have to make sure that the AllowOverride is set to ‘All’(by default it will
be ‘None’) in Apache config file.
Change only the directive inside entry.

6) Restart Apache and run the install program from back end.

#/usr/local/frontpage/version5.0/bin/owsadm.exe -o install -u $USERNAME -xuser $USERNAME -xgroup $USERNAME -p 80 -m $DOMAIN -pw $PASSWORD -s /usr/local/apache/conf/httpd.conf
where
$USERNAME give control panel login name
$DOMAIN give addon domain use www.addon.com
$PASSWORD choose a password

7) Restore the changes you made in the Apache config file.

Cool Move the .htaccess* and _* files from the backup directory (main domain web root).

If you are still having problems with connecting to the server using
FrontPage please make sure that the server name is http://www.addondomainname and you may also want to close the FP program and
start again to clear cache.

Not able to view JSP pages

If you are getting code instead of JSP page then you need to install servlets.

To install servlet go to the WHM >> Account Functions >> Install Servlets. Select domain and install.

After doing this you need to restart tomcat.

Now you will be able to view JSP pages.

Accounts missing from WHM

There are a lot of causes if the accounts in the server are missing from WHM-->list accounts.

Any of the following will cause the issue.

1) The account is missing from httpd.conf

2) The account has no cpanel user file.

3) The account is not there in the following files.
/etc/localdomains, /etc/userdomains, /etc/trueuserdomains and /etc/trueuserowners

/etc/trueuserowners file specifies the owner of each accounts in the following manner.

user: owner

4) If the account's DNS conflicts. ie if the domain has 2 DNS entries such as domainname and www.domainname. It may cause the account not listed in WHM-->list accounts.

You can run the following script if the account is missing.

/scripts/updateuserdomains (It won't add the account in httpd.conf, that
you have to add manually)

WHM not updating quotas

The binary /usr/sbin/repquota must be missing onthe server which is used by the Cpanel script /usr/local/cpanel/bin/cachedrepquota to write to the file
/var/cpanel/repquota.cache.

After copying this binary and executing this script and restarting Cpaneld ,
the issue should be resolved.

Missing DNS zone ?

If you are facing issue related to missing DNS zone with cpanel update do the following:

/scripts/perlinstaller Compress::Raw::Zlib
/scripts/perlinstaller –force Scalar::Util

This should fix the issue.

How to Set wildcard DNS

Edit the httpd.conf and add the line in virtual host of domain.

ServerAlias *.domain.com www.*.domain.com

restart httpd/apache service.

Now edit the DNS file or db file of domain and add the line as

*.domain.com. 14400 IN A IP of server
www.*.domain.com. 14400 IN A IP of server

restart named service

To turn off register globals for a particular user

Put the code in .htaccess
php_flag register_globals off

To view the .html first instead of .php

Add the code in .htaceess as DirectoryIndex index.html

Postfix + ClamAV + MailScanner in OpenSuse 10.2

1) Install the anti virus software (Clamav) –> (here) http://rpm.pbone.net/
rpm -ivh clamav-db-0.88.2-1.i386.rpm
rpm -ivh clamav-devel-0.88.2-1.i386.rpm
rpm -ivh clamav-server-0.88.2-1.i386.rpm
rpm -ivh clamav-0.88.2-1.i386.rpm

/etc/init.d/clamd start

2. Once the anti-virus is install then we need to install the MailScanner software the RPM along with the source files can be found at
http://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml

Now get ready to install the mailscanner, this is going to take a long time.

gzip -d MailScanner-4.46.2-2.rpm.tar.gz
tar -xvf MailScanner-4.46.2-2.rpm.tar
cd MailScanner-4.46.2-2
./install.sh

3. In your MailScanner.conf file in /etc/MailScanner, there are 5 settings you need to change. The settings are:

Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix

4. You will need to ensure that the user “postfix” can write to

/var/spool/MailScanner/incoming and /var/spool/MailScanner/quarantine

chown postfix:postfix /var/spool/MailScanner/incoming
chown postfix:postfix /var/spool/MailScanner/quarantine

5. Edit file MailScanner.conf
Virus Scanners = clamav

6. Edit virus.scanners.conf
clamav /usr/lib/MailScanner/clamav-wrapper /var/lib/clamav

7. Now we need to edit the postfix main.cf file, go all the way to the bottom of the file and add the following
header_checks = regexp:/etc/postfix/header_checks

8. In the file /etc/postfix/header_checks add this line:
/^Received:/ HOLD

9. Set the servers to run on startup and then start them

chkconfig MailScanner on
chkconfig postfix on
chkconfig clamd on

/etc/init.d/Mailscanner start
/etc/init.d/postfix start
/etc/init.d/clamd start

How To use Yum

• To seach for a application

Yum will search all your enabled repos and tell you where you can obtain the package from

yum search application_name

• Yum can list all available packages from your enabled repos and tell you where you can obtain the package from:

yum list available

• To find out more info about some package

yum info application_name

• Installing applications

Inastalling is as easy as

yum install application_name

• Listing rpms

yum can list installed rpms for you from the repos you have enabled

yum list extras

• Removing rpms

Yum can remove a application and the dependenciesit installed with tat application. it will not remove depenencies if another application installed needs them.

yum remove application_name

• Updating the system

Yum can update the system for you with out user interact if you want it to.

yum update

• Not sure if you have upates?

yum check-update

• Local install

downloaded a rpm and cannot install it with rpm because of dependencies?

yum localinstall /path/to/the/rpm

How to increase file limit

Get current limit:

ulimit -n

cat /proc/sys/fs/file-nr

The default limit is 1024.

Get current number of open file descriptors:

lsof [-p pid] | wc -l

Increase the limit:

Edit /etc/security/limits.conf:

username hard nofile 32768




Send Email from a PHP Script Using SMTP Authentication

To connect to an outgoing SMTP server from a PHP script using SMTP authentication and send an email:

Adapt the example below for your needs. Make sure you change the following variables at least:
* from: the email address from which you want the message to be sent.
* to: the recipient's email address and name.
* host: your outgoing SMTP server name.
* username: the SMTP user name (typically the same as the user name used to retrieve mail).
* password: the password for SMTP authentication.
------------------------------------------------------------------------------------------------
require_once "Mail.php";

$from = "Bill Sender ";
$to = "Ninad Recipient ";
$subject = "Hi!";
$body = "Hi,\n\nHow are you?";

$host = "mail.example.com";
$username = "smtp_username";
$password = "smtp_password";

$headers = array ('From' => $from,
'To' => $to,
'Subject' => $subject);
$smtp = Mail::factory('smtp',
array ('host' => $host,
'auth' => true,
'username' => $username,
'password' => $password));

$mail = $smtp->send($to, $headers, $body);

if (PEAR::isError($mail)) {
echo("

" . $mail->getMessage() . "

");
} else {
echo("

Message successfully sent!

");
}
?>

-- Dhananjay Sonawane

Cron to delete mails from Inbox

Cron to delete mails from Inbox

Here is the syntax for deleting all email in the inbox of the default email address for a website:

echo -n > /home/youraccount/mail/inbox

-- Dhananjay Sonawane

Installing IonCube Loader

1. Download the program and store it on your server using wget or FTP.

http://www.ioncube.com/loader_download.php

2. Unpack the program
tar -zxvf ioncube_loaders.tar.gz

3. cd ioncube

4. copy ioncube-install-assistant.php to a web directory such as your hosting directory and open it in your browser window.
cp ioncube-install-assistant.php /home/userdirectoryhere/www

5. Now lets move the iconcube directory to a permanent location:

cd ..
mv ioncube /usr/local

6. Now that you know the location of php.ini you need to edit it.
pico /usr/local/lib/php.ini

Now find where other zend extentions are in the file.
ctrl + w: zend_extension

Paste in your new line for ioncube loader
zend_extension = /usr/local/ioncube/ioncube_loader_lin_4.3.so

(NOTE) Check php version if it is 5.2 then entry should be ioncube_loader_lin_5.2.so

7. Save the changes
ctrl + X then Y and enter

8. Restart the web server to take effect.
/etc/init.d/httpd restart

-- Dhananjay Sonawane

Nagios Installation and Configuration

Nagios Installation and Configuration

You can use the following steps to install and configure Nagios.

Create the base directory where you would like to install Nagios.
mkdir /usr/local/nagios

Add a new user (and group) to your system.
adduser nagios

Download Nagois 1.0.
wget http://internap.dl.sourceforge.net/sourceforge/nagios/nagios-1.0.tar.gz
tar -zxvf nagios-1.0.tar.gz
cd nagios-1.0

Run the configure script.
./configure –prefix=/usr/local/nagios –with-cgiurl=/nagios/cgi-bin
–with-htmurl=/nagios/ –with-nagios-user=nagios –with-nagios-grp=nagios

Compile Nagios and the CGIs.
make all

Install the binaries and HTML files (documentation and main web page).
make install

Install the sample init script to /etc/rc.d/init.d/nagios.
make install-init

Installing the Plugins
——————————-

In order for Nagios to be of any use to you, you’re going to have to download
and install some plugins. Plugins are scripts or binaries which perform all
the service and host checks that constitute monitoring

Download and install the Nagios Plugins.
wget
http://aleron.dl.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.3.1-1.9.i386.rpm
rpm -Ivh nagios-plugins-1.3.1-1.9.i386.rpm

Configuring Nagios
—————————

Nagios is compiled and installed. Now we have to configure it or in other
words define objects (hosts, services, etc.) that should be monitored.

The main configuration file (/usr/local/nagios/etc/nagios.cfg) contains a
number of directives that affect how Nagios operates. This config file is
read by both the Nagios process and the CGIs. This is a sample nagios.cfg

—————————————————————————————————————–
log_file=/usr/local/nagios/var/nagios.log
cfg_file=/usr/local/nagios/etc/checkcommands.cfg
cfg_file=/usr/local/nagios/etc/misccommands.cfg
cfg_file=/usr/local/nagios/etc/contactgroups.cfg
cfg_file=/usr/local/nagios/etc/contacts.cfg
cfg_file=/usr/local/nagios/etc/dependencies.cfg
cfg_file=/usr/local/nagios/etc/escalations.cfg
cfg_file=/usr/local/nagios/etc/hostgroups.cfg
cfg_file=/usr/local/nagios/etc/hosts.cfg
cfg_file=/usr/local/nagios/etc/services.cfg
cfg_file=/usr/local/nagios/etc/timeperiods.cfg
resource_file=/usr/local/nagios/etc/resource.cfg
status_file=/usr/local/nagios/var/status.log
nagios_user=nagios
nagios_group=nagios
check_external_commands=1
command_check_interval=45s
command_file=/usr/local/nagios/rw/nagios.cmd
comment_file=/usr/local/nagios/var/comment.log
downtime_file=/usr/local/nagios/var/downtime.log
lock_file=/usr/local/nagios/var/nagios.lock
temp_file=/usr/local/nagios/var/nagios.tmp
log_rotation_method=d
log_archive_path=/usr/local/nagios/archives
use_syslog=0
log_notifications=1
log_service_retries=1
log_event_handlers=1
log_initial_states=1
log_external_commands=1
log_passive_service_checks=1
inter_check_delay_method=s
service_interleave_factor=s
max_concurrent_checks=0
service_reaper_frequency=1
sleep_time=1
service_check_timeout=30
host_check_timeout=30
event_handler_timeout=30
notification_timeout=30
ocsp_timeout=5
perfdata_timeout=5
retain_state_information=1
state_retention_file=/usr/local/nagios/var/status.sav
retention_update_interval=60
use_retained_program_state=0
interval_length=20
use_agressive_host_checking=0
execute_service_checks=1
accept_passive_service_checks=1
enable_notifications=1
enable_event_handlers=1
process_performance_data=0
obsess_over_services=0
check_for_orphaned_services=0
check_service_freshness=1
freshness_check_interval=60
aggregate_status_updates=1
status_update_interval=15
enable_flap_detection=1
low_service_flap_threshold=5.0
high_service_flap_threshold=20.0
low_host_flap_threshold=5.0
high_host_flap_threshold=20.0
date_format=us
illegal_object_name_chars=`~!$%^&*|’”<>?,()=
illegal_macro_output_chars=`~$&|’”<>
admin_email=you@yourdomain.com
admin_pager=you@yourdomain.com
——————————————————————————————

Add the list of servers that you want to monitor in
/usr/local/nagios/etc/hosts.cfg

——————————————————————————————
# ’server42′ host definition
define host{
use generic-host
host_name (server hostname)
alias (hostname)
address IP Address
check_command check-host-alive
max_check_attempts 10
notification_interval 120
notification_period 24×7
notification_options d,u,r
}
# ’server43…..

——————————————————————————————

Edit /usr/local/nagios/etc/hostgroups.cfg to add all the servers.

——————————————————————————————
define hostgroup{
hostgroup_name tchosting
alias TotalChoice
contact_groups tchosting
members server40,server41,server42
}
—————————————————————————————–

To setup email and pager notifications edit
/usr/local/nagios/etc/contacts.cfg to add your contact info.

—————————————————————————————–
define contact{
contact_name DAN
alias DAN
service_notification_period 24×7
host_notification_period 24×7
service_notification_options n
host_notification_options d,u,r
service_notification_commands notify-by-email
host_notification_commands host-notify-by-email
email dan_sonawane@gmail.com
}
—————————————————————————————–

The contact name must be a member of contact group. Edit
/usr/local/nagios/etc/contactgroups.cfg to add your name.

-- Dhananjay Sonawane

zlib installation

zlib installation

1. wget http://www.zlib.net/zlib-1.2.3.tar.gz
   tar -zxvf zlib-1.2.3.tar.gz
2. cd zlib-1.2.3
3. ./configure
4. make
5. make install

Synchronize time on Cpanel servers

Command to Synchronize time on Cpanel servers
rdate -s rdate.cpanel.net

-- Dhananjay

SERVER LOAD TWEAKS...APACHE/MYSQL/SMTP-POP3/EXIM/IMAP

Q:- How to trace the server load? (Inludes with all application.)

The steps are according to services :-

----------------------------------------------------------------

1. Apache :-

• TOP command >> check for many httpd processes
• Login to WHM >> Check for "Apache ststus",if find anyone downloading mp3,rar,exe,zip files then suspen that account
• Also used to check "cpu/memory/Mysql Usage" option from WHM >> Here we can find actual CPU and Memory usage for particular domain.

----------------------------------------------------------------

2. Mysql :-

• TOP command >> check for many httpd processes
• MySQLadmin process / mysqladmin status
• Also used to check "cpu/memory/Mysql Usage" option from WHM >> Here we can find actual CPU and Memory usage for particular domain.

----------------------------------------------------------------

3. Ftp :-

• ps -aux | grep ftp >> used for checking ftp action taken by user like uploading /downloading files
• tail -f /var/log/secure

----------------------------------------------------------------

4. SMTP / POP3 /IMAP :-

• tail -f /var/log/exim_mainlog >> checking for logs and check which email addresses is continuesly scrolling and confirm is it doing spaming,if confirmed then suspend account
• tail -f /var/log/exim_mainlog | grep public_html >> check for spamming if anybody is using php script for sending mail
• Login to whm and select "Manage Mailqueue" to find the email address which is doing spamming.

----------------------------------------------------------------

First of all check the load and if its above safe limits, we have to settle it down. run deep scripts untill you get the messages "no processes found" for mysql, exim and http. check the load again. restart the services by proper restart scripts
s-http, s-mysql, s-exim. Then proceed for investigation.

* top, shift p, check processes taking load and are in plenty.
* if apache
* quickly go to whm and check apache status and do the needful. if theres nothing in apache
check netstat -n|less . it can be http attack.
* if mysql-
do mysqladmin process and look for processes and queries.
* if exim-
go to /var/log/exim_maillog and check the logs for spam.
this can be done by grepping the logs as follows:
tail -f /var/log/exim_mainlog|grep /tmp
tail -f /var/logs/exim_mainlog |grep public_html
tail -f /var/logs/exim_mainlog |grep sendmail
check mail queue
check for frozen mails and delete frozen mails.
* check io wait if its more.
there can be some reasons for this.
* any user may be downloading heavy files- this you can see in the apache status.
* you can see the heavy cpu consuming processes on the server by ps auxw|grep mvi,mgp,mp3,pkgacct,backup,gzip and you can get the processes. check it and kill it as necessary.
* last is check out for bad processes by ps auxw|grep nobody and kill the bad processes. to know more about what is happening behind the process you can check at /proc/procid.

----------------------------------------------------------------

• 1> ps aux | grep nobody or gzip /backup /fixquota
• 2> TOP / shift + p / shift + m / k =kill
• 3> tail -f /var/log/... | grep ... .avi/.mpg/.rar/.jpg all logs
• 4> cd /proc/pid ls -alh
• 5> Apache status/ cpu mysql memory usage form whm
• 6> netstat -n
• 7> w
• 8> Event Viewer log / Task manager for windows
• 9>tail -f /var/log/exim_mainlog|grep tmp /sendmail /public_html

----------------------------------------------------------------

• 1) top.....to see the process list, then accroding kill the process which is taking load
• 2) ps -aux
• ps -aux | grep gzip, backup, pkg
• tail -f /var/log/exim_maillog | grep sendmail, public, tmp
• 3) w to see whois online
• 4) kill httpd, mysqld, cppop
• 5) netstat
• 6) mysqladmin process :- to see the mysql process
• 7) /scripts/restartsrv_service name:- to restart the service if it goes down
• 8) tail -f /etc/httpd/logs/access_log
• tail -f /etc/httpd/logs/error_log

or you can manage the serverload using WHM

1) under the server status option you can see the
apache status...
CPU/Mysql usages/memory
service status and you can manage the server
2) SQL services under this option you can see the mysqladmin process

3) restart services:- using this option you can restart the services

----------------------------------------------------------------


---
top
---
Will display the processes that are using the maximum processor resources
We can use various options to monitor and control process through top like shift + p, shift + m and k which is used to kill processes. r can be used to renice a process and prioritise a process. In case of high i/o wait we need to check the logs for
high resources using processes.

---------
uptime
---------
It displays the the time since the server has been up and running, number of users logged in and the load average. Similarly we can use 'w'.

------------
ps -auxwf
------------
Will display the process with details like, username, pid, resource usage and child processes. It is very effective in monitoring processes.
We generally use ps -auxwf | grep gzip
ps -auxwf | grep backup
ps -auxwf | grep pkg
For bad processes - ps -auxwf | grep nobody

-------------------
Kill and Kill All
-------------------
used to kill processes or services that are found to be eating up server resources.

--------------
Spamming
--------------
To check spamming we can watch for the mail logs using :
tail -f /var/log/exim_mainlog | grep sendmail
tail -f /var/log/exim_mainlog | grep tmp
tail -f /var/log/exim_mainlog | grep public_html
as spamming can be done from a user's public_html directory using a script or through sendmail. Another way of spamming is using the tmp directory as it is the 'world writable directory'.

--------------
WebServer logs
--------------
We can check for customized logs in the WHM under the Server Status section.
We can trace the user responsible for high web server resource usage by the folowing command
tail -f /etc/httpd/logs/access_log | grep mp3
tail -f /etc/httpd/logs/access_log | grep rar
tail -f /etc/httpd/logs/access_log | grep wav etc

tail -f /etc/httpd/logs/access_log | grep 408 can be used to check for DDOS attacks on the server.

--------
mysql
--------
Apart from top and ps, 'mysqladmin processlist' can be used to check the mysql processes, users and the type of process/query being run by the user.

Killing a proceess is the first option to control server load, restarting the affected server is another option. Still if the load is high we track down the responsible user and suspend him.(This applies for all servers,i.e,apache, mysql, exim etc.)

----------------------------------------------------------------

1. top - check load average, iowait, httpd, mysql, exim etc.
2. P = CPU Usage, M = Memory Usage, K = kill unwanted processes.
3. If load is high, run "deep".
4. Login to WHM of the server and check apache, cpu/memory, mysql status.
5. If any user found downloading gif images, mp3, etc; suspend that particular user.

iowait is high, someone is backing up their files; run
# ps aux | grep pkg
# ps aux | grep gzip
# ps aux | grep backup

Spamming check-
# tail /var/log/exim_mainlog –f | grep public_html
MySQLdump check-
# ps aux | grep mysqldump
# mysqladmin processlist -- mysql status
Bad processes running-
# ps aux | grep nobody

Service restart commands-
#/scripts/restartsrv_mysql
#/scripts/restartsrv_httpd
#/scripts/restartsrv_exim


----------------------------------------------------------------



By using a top command you can find out the process which is causing the load on the server. You can use kill or kilall command to kill that process. OR you can run deep command which will kill all the httpd, exim and mysql process. once the server load comes down restart the service which you have killed.

1. Apache :-

Using top command, we will come to know whether httpd service is eating up high resources on server. if so then kill the httpd service and restart it again when load comes to normal.

You can check if any backup is going on, run the following commands:
# ps aux | grep pkg
# ps aux | grep gzip
# ps aux | grep backup
If any backup process is going on, kill that process.

Also Login to WHM and Check for "Apache ststus", if find anyone downloading mp3,rar,exe,zip files then suspend that account.

the other way to check any download is going on is by using
ps auxw | grep nobody | grep mp3 , jpeg, wmv, mpeg, rar and kill that process.


ALso you can used to check "cpu/memory/Mysql Usage" option from WHM. Here we can find actual CPU and Memory usage for particular domain.

2. Exim Mail :-

Check for spamming by checking the logs for exim

tail -f /var/log/exim_mainlog >> checking for logs and check which email addresses is continuesly scrolling and confirm is it doing spaming,if confirmed then suspend account.

tail -f /var/log/exim_mainlog | grep tmp

Login to whm and select "Manage Mailqueue" to find the email address which is doing spamming.

3. MySQL :-

Use the mysqladmin command as mysqladmin process / mysqladmin status

Also used to check "cpu/memory/Mysql Usage" option from WHM. You can get actual CPU and Memory usage for particular domain.


4. Ftp :-

ps -aux | grep ftp >> used for checking ftp action taken by user like uploading /downloading files
tail -f /var/log/secure

5. ps command :-

Use ps -auxw command ALWAYS to check if there is bad processes running by doing ps aux|grep nobody. You'll sometimes see bad scripts running as nobody. Normally only httpd, merlange chat, and sometimes proftpd are run as user nobody. so if you find any other process is running as user nobody kill that process.

kill -9 pidofproc

----------------------------------------------------------------

Some basic commands to see load average and process running on the server,
1]top :: This command is very useful for system administartion. Basically it gives you summary view of system, including number of users, memory usage, CPU usage and active processes.
Shift+p =>list all processes accourding to maximum CPU usage.
Shift+m=>list all processes accourding to maximum memory usage.

2]w :: This commands gives us information regarding who is logged into server and what processes they are running
w -s , gives you shorter process listing.

3]uptime:: It will also gives us information regarding the number of user logged into server, Current time, time since server is up, load average.

4]ps :: list the current running processes.
ps -aux , gives us information of users, PID, resoure usages like CPU and memory, processes running.

Reasons for increase of load on the server::

Load on server will get increase due to sevral reasons sated below,

1.many httpd processes
2.any user is downloading mp3, exe, zip files
3.email spamming
4.uploading/downloading files via FTP
5.mysql processes and queries run by user

Troubleshooting::

1.If many load increased suddenly, fire "deep" command, which kills httpd, mysql and exim processes.
2. Also Login to WHM and Check for "Apache ststus", if find anyone downloading mp3,rar,exe,zip files then suspend that account.
3.For spamming, you need to fire following commands,
tail -f /var/log/exim_mainlog | grep public_html



----------------------------------------------------------------
1)top
2)w
3)shift+m
4)shift+p
5)tail -f /usr/local/apache/logs/access_log
6)tail -f /usr/local/apache/logs/error_log
7)tail -f /var/log/exim_mainlog


----------------------------------------------------------------


1. Check for server load using top command with following options:
Shift p CPU Usage,
Shift m Memory Usage
& check which process is taking load with the help of above two options.
Kill the responsible process using k option.
2. Check for the downloads using
# ps auxw | grep nobody | grep mp3 , jpeg, wmv, mpeg, rar
# ps auxw | grep gzip, backup, fixquota
Suspend the perticular account who is repeatedly downloading the above mentioned files.
3. Check for access & error logs for following options
# tail -f /etc/httpd/logs/access_log | grep 408, zip
# tail -f /etc/httpd/logs/error_log | grep 203
4. Check mail spamming with following commands.
#tail -f /var/log/exim_mainlog | grep sendmail, public_html, tmp
5. Login to WHM of the server and check apache, cpu/memory, mysql status & check for frozen mails in mail queue manager.
6. Check Mysql errors with
# mysqladmin processlist
check the users, command, time & information fields.
7. If you are making changes to httpd.conf then first run # httpd -configtest before restarting httpd to reduce the downtime.
8. Restart the perticular service causing load tomgo hihg with # /scripts/restartsrv_httpd, exim, mysql

----------------------------------------------------------------