Brute Force Attack Prevention

July 22nd, 2008 by cvladan

I just got tired of looking at lot of these messages in my Apache log (or similar ones in ssh log)

[error] [client xx.121.146.224] File does not exist: /var/www/sharedip/ads
[error] [client xx.121.146.224] File does not exist: /var/www/sharedip/thisdoesnotexistahaha.php
[error] [client xx.121.146.224] File does not exist: /var/www/sharedip/drupal
[error] [client xx.121.146.224] File does not exist: /var/www/sharedip/adserver
[error] [client xx.121.146.224] File does not exist: /var/www/sharedip/adxmlrpc.php
[error] [client xx.121.146.224] File does not exist: /var/www/sharedip/xmlrpc.php

These robots are constantly trying to exploit vunerabilities. I want to stop them.

There are couple of solutions, but after researching, I concluded that for me the best one is Fail2Ban (compared to DenyHosts or BlockHosts), specially because it can analyze log files for Apache, SSH, FTP and Postfix (and I have it in repository). BTW, there was some vulnerabilities with it, in the past.

All the configuration is done in /etc/fail2ban/jail.conf.

Posted in Linux | No Comments »

From which IP address your site is accessed the most

July 22nd, 2008 by cvladan

To find out what IP addresses are most active in accessing your webistes, just execute this line against Apache access log.

awk '{print $1}' access_log | sort | uniq -c | sort -n | tail -20 | awk '{print $2,$2,$1}' | logresolve | awk '{printf "%6d %s (%s)\n",$3,$1,$2}'

where access_log is filename for Apache  access log file, and -20 means that I want to see a first 20 addresses. Great resource of information can be found at the-art-of-web.com.

Posted in Linux | No Comments »

ISPConfig, AWStats & Postfix: Email statistics

July 21st, 2008 by cvladan

Very good source that I did not use: http://www.howtoforge.com/mail_statistics_mailgraph_pflogsumm

I setup AWStats package on my server using instructions on this DjTremors site.

And everything worked, besides the fact that I must disable suexec in ISPConfig (Management / Server – Settings / Web / suexec Checkbox).

At first, I tried adding this statistics inside a ISPConfig’s http server. Just to remember, whenever I need something to be an option in ISPConfig, under the Tools menu. This is done by creating a subdirectory in  /home/admispconfig/ispconfig/web/tools/tools, and creating a nav.inc.php file there

But the problem arises because Perl can not be enabled without larger modifications in a /root/ispconfig/httpd/conf/httpd.conf. I always got an error

mod_perl.so: undefined symbol: apr_bucket_shared_split

So I made a Tools link, but pointing to a main Apache server (where I have Perl enabled).

File: nav.inc.php
<? if($go_api->auth->check_admin(0,1)) {
/*
   Only Admin can see this
   Copyright (c) 2008, cvladan.com, Vladan Colovic - All rights reserved.
*/
?>
<!-- Mail AWStats for all domains //-->

menuDaten.neu(new LinkEintrag('root','<? echo $go_api->lng("Mail Server Statistics")?>','http://www.duplonucleo.com/ispcstats/awstats.pl?config=mail','_blank','email.gif','Ma
il Server Stats','n',''));

<? } ?>

Let me explain important files in AWStats for ISPConfig. There is /root/ispconfig/scripts/shell/awstats.php file that periodically recreates .conf files in /etc/awstats, based on virtual domains created in web home /var/www. There is no need to change this file. Another important file is/home/admispconfig/ispconfig/web/ispc.awstats/awstats_updateall.pl which is executed periodically too. This file launches update process for all AWStats config files, except awstats.model.conf found in a particular directory (in our case /etc/awstats), so you can easily setup.

As we see, there is no need to change anything. It will automaticly update our mail statistics. So, lets go there…

First, I needed to add a script  maillogconvert.pl  where it sould be in a first place – in: /home/admispconfig/ispconfig/web/ispc.awstats

Then edit the /etc/awstats/awstats.mail.conf and … Not so good link, and much better (original).

And do not be shooked with the amount of mails recieved by admispconfig@. Thats ok. The admispconfig mailbox is a script that generates your mail statistics. The emails that go to admispconfig contain the size of the original email sent to one of your users in bytes.

And, after everything, I just updated AWStats from 6.5 to version 6.8 (latest one)

Posted in ISPConfig, Linux | No Comments »

How to check if load balancing on multiple WAN ports is working

July 2nd, 2008 by cvladan

The easiest way to check if WAN load balancing is working to go to the different sites that show IP, and check that all IP addresses are different. In my case, I had to get 3 different IP’s. So, use these sites: whatismyip.net, whatismyip.org, whatismyip.com, ipnow.org

Posted in Mikrotik | No Comments »

In response to “Facial hair as a measure of coding progress”

June 27th, 2008 by cvladan

I just stumbled on a post that I just had to contribute mine photos. Here they are…

After lots of codingWithout the cigaretteNormal at that timeTwo years later, with less coding and more fun

Posted in Miscellaneous | No Comments »

intoDNS: At last I found very good alternative for now-not-free dnsstuff.com’s DNSReport

June 21st, 2008 by cvladan

Great tool – everything that I wanted. So check out the http://www.intodns.com/

One month after, the server is out of reach. Just in case – I found another comparable one: http://dnssy.com/

Posted in Miscellaneous | No Comments »

Putty SSH and Linux terminal line drawing / Midnight Commander (mc)

June 10th, 2008 by cvladan

I am using PuTTY to *remotely* access my server via ssh. Recently, I started using a Norton Commander clone called Midnight Commander, wich is incredibly usefull. But, decorative elements (line drawings) are displayed wrongwith some wierd characters. The solution in PuTTY is to change the folowing options:

Window > Translation >  Received data assumed to be in which character set: UTF-8
Window > Translation >  Handling of line drawing characters: Use Unicode line drawing code points
Connection > Data > Terminal details > Terminal-type string: linux
Terminal > Keyboard > The Function keys and keypad: Linux

The commander is now working as it was supposed to. Source of information.

Besides this, when we are already in PuTTY, to mention couple of configuration settings:

Connection > SSH > Enable compression: on
Connection > SSH > Preffered SSH protocol version: 2 only

If you want PuTTY to open some session when you start it, just create a shortcut and add a suffix

-load "Session-Name"

For example: C:\Program Files\Putty\putty.exe -load "MySession"

Posted in Linux | 1 Comment »

Incredible Linux shell tricks

June 10th, 2008 by cvladan

Find in history

Don’t search history by grepping ~/.bash_history, or repeatedly hitting the up arrow, instead use CTRL+r (or ‘/’ in vi-mode) for search-as-you type. You can immediately run the command by pressing Enter.

Changing file extensions

Rename replaces string X in a set of file names with string Y.

rename 's/.html$/.php/' *.html

This will change the extension of every .html file in your CWD to .php.Selected Keystrokes:
Ctrl-U – Cuts everything to the left
Ctrl-W – Cuts the word to the left
Ctrl-Y – Pastes what’s in the buffer
Ctrl-A – Go to beginning of line
Ctrl-E – Go to end of line

Use && to run a second command if and only if a first command succeeds:

cd tmp/a/b/c && tar xvf ~/archive.tar

Use || to run a second command if and only if a first command fails:
cd /tmp/a/b || mkdir -p /tmp/a/b

See your favorite commands

Use the following to see the commands you use most often based on your shell history:

history | awk '{print $2}' | sort | uniq -c | sort -rn | head


Sum up your HDD space


Longish oneliner (I actually wrote it in one line first) for giving you somewhat (mount list is never good enough) accurate sum of your file systems’ totals.


df | egrep -v “(Filesystem|\/dev$|shm$|dvd|cdrom)” | awk ‘{totalu += $2 ; totalf += $4} END {print “Total space in devices: ” (totalu/1024/1024) ” GB\nFree space total: ” (totalf/1024/1024) ” GB”}’


Argument list too long


ls | xargs rm


Sometime there are so many files in a directory than the rm command doesn’t work


[root@server logs]# rm *
bash: /bin/rm: Argument list too long


On this case the best option is to use ls in conjuntion with xargs


[root@server logs]# ls | xargs rm


http://en.wikipedia.org/wiki/Xargs


Get your IP address


lynx -dump http://whatismyip.com | awk '/^Your/ {print $5}'




Run commands on logout


If a file named $HOME/.logout (a file named .logout in your home directory) exists, and the following trap statement is in your .profile, .logout is executed when you logout.


Add this to .profile:


trap "$HOME/.logout" 0




Remove comments and blank lines


sed ‘/ *#/d; /^ *$/d’ file

Remove comments and blank lines from file


Remove empty directories


To remove empty directories (even if filenames or dirnames contain spaces or weird characters) from a tree you can do:


find . -type d -empty -print0 | xargs -0 rmdir






Duplicate directory tree


The following command creates in the /usr/project directory, a copy of the current working directory structure:


find . -type d -print|sed ‘s@^\.\{0,1\}@/usr/project@’ | sed ‘s/ /\\ /’ | xargs mkdir -p















				


				
 Posted in Linux |   No Comments »

			


		
			

				
Fedora 8: Desktop Setup

				June 9th, 2008  by cvladan

				

					
YUM Repositories


Fedora has 2 repositories named ‘fedora’ and ‘updates’. To use them and not get errors about unsigned packages you must import their GPG keys.


Install additional repositories with:


rpm --import /etc/pki/rpm-gpg/*

sisa


Livna


rpm -hiv http://rpm.livna.org/livna-release-8.rpm

rpm --import http://rpm.livna.org/RPM-LIVNA-GPG-KEY


Information about the Tigro repository. It is compatible with Livna, but not with Freshrpms repository. Non-free version contains couple of usefull utilities

as VirtualBox (Sun’s open source VMware pandan), Skype (not to go directly and add a repository), etc.


http://tigro.info/blog/index.php?id=483


rpm -hiv ftp://ftp.msiu.ru/pub/fedora/tigro/tigro-release-8-1.i386.rpm

rpm -hiv ftp://ftp.msiu.ru/pub/fedora/tigro/nonfree-release-8-1.i386.rpm


 Tigro repository


rpm -hiv ftp://ftp.msiu.ru/pub/fedora/tigro/tigro-release-8-1.i386.rpm


Install nice and sharper fonts in Gnome


1. Sharp fonts / core fonts


http://www.howtoforge.com/sharp_fonts_gnome


http://txt.binnyva.com/2007/04/installing-ms-core-fonts-on-linuxfedora/ (fali repository, http://www.fedoraforum.org/forum/showthread.php?p=1016903)


yum install freetype-freeworld (if you have livna or tigro repository)


http://corefonts.sourceforge.net/ (This does not have Tahome, so I use the following instead)


http://www.sharpfonts.com/


yum install cabextract


mkdir -p /tmp/fontscd /tmp/fonts

wget --recursive --level=1 --no-parent --no-directories --accept "*32.exe" http://www.sharpfonts.com/fonts/

mkdir -p /usr/share/fonts/truetype/

cabextract -d /usr/share/fonts/truetype *32.exe

wget http://www.sharpfonts.com/fontconfig.tbz

tar xvjpf fontconfig.tbz -C /etc/fonts/


Now, restart X with <Ctrl><Alt><Backspace>


Final tweaks


As user (not root):  echo "gtk-menu-popup-delay=0" >> ~/.gtkrc-2.0

				


				
 Posted in Miscellaneous |   1 Comment »

			


		
			

				
Fedora 8: Multiple Network Fedora Installations

				June 9th, 2008  by cvladan

				

					
I wanted to have an automatic installation of multiple workstations, and automatic updating of them, from local source, via yum. First goal was achieved via Kickstart utility that is included in Fedora. If not installed, you could install it with yum install system-config-kickstart. The second goal is accomplished with utility called reposync that is part of an yum-utils (yum install yum-utils).


Automatic installation options with Kickstart utility


When installed, Kickstart is found in Applications -> System Tools -> Kickstart. With this utility, you create the options file for unattended installation.  Basically, I followed the instructions from this link, but I decided to use a standard CD as a source (not NFS), and just to use a Kickstart as the fastest way to select the applications.


Local repository


You should install all the repositories that you will need.


Create a directory (mine is /home/shared/yum.local.repo). Then, execute yum install yum-utils to surely have a reposync utility.


Then copy the DVD content to the local repository.


mkdir /mnt/cdrom


mount /dev/cdrom /mnt/cdrom


cd /mnt/cdrom/Packages


cp -r . /home/shared/yum.local.repo/fedora/Packages/


cd /

eject cdrom


To synchronize every repository, execute reposync -n --download_path=/home/shared/yum.local.repo. For specific repositories, execute:


reposync -n –download_path=/home/shared/yum.local.repo

–repoid=livna –repoid=remi

–repoid=utterramblings

–repoid=tigro

–repoid=freshrpms

–repoid=updates –repoid=fedora


Then, share that with the world…


chkconfig –list nfs


service nfs status


chkconfig –level 235 nfs on


service nfs start


nano /etc/exports


/home/shared/yum.local.repo 192.168.0.0/255.255.255.0(ro)exportfs -r


Sources of information are:


http://www.howtoforge.com/setting-up-a-local-yum-repository-fedora8,


http://www.howtoforge.com/creating_a_local_yum_repository_centos


http://www.howtoforge.com/nfs-server-and-client-debian-etch

				


				
 Posted in Miscellaneous |   No Comments »

			


		
		

			
« Older Entries

			
Newer Entries »