ABHIONLINUX
Site useful for linux administration and web hosting

2009/09/28

How to disble root logins in the cpanel server

Following steps will show you how to disable direct root login. If you are using cPanel server make sure you add your admin user to the ‘wheel’ group so that you will be able to ‘su -‘ to root, otherwise you may lock yourself out of root.

1. SSH into your server as ‘admin’ and gain root access by su

2. Copy and paste this line to edit the file for SSH logins
vi /etc/ssh/sshd_config

3. Find the line
Protocol 2, 1

4. Uncomment it and change it to look like
Protocol 2

5. Next, find the line
PermitRootLogin yes

6. Uncomment it and make it look like PermitRootLogin no

7. Save the file

8. Now you can restart SSH
/etc/rc.d/init.d/sshd restart

Now, no one will be able to login to root with out first loggin in as admin and ‘su -‘ to root, and you will be forcing the use of a more secure protocol. Just make sure you remember both passwords

How to block an IP range using firewall

You can block an IP range using the following command.
/sbin/iptables -I INPUT -s 42.0.0.0/8 -j DROP

2009/09/26

How to change bash3.2# to user@hostname#

To change bash3.2# to user@hostname# permenently you hav to add the following lines to .bash_profile.

PS1="[\u@\h:#] "
case `id -u`
in
0) PS1="${PS1}# ";;
*) PS1="${PS1}$ ";;
esac

------------------------
sample .bash_profile
# .bash_profile

# Get the aliases and functions
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi

# User specific environment and startup programs

PATH=$PATH:$HOME/bin

export PATH
unset USERNAME

PS1="[\u@\h:\w] "
case `id -u`
in
0) PS1="${PS1}# ";;
*) PS1="${PS1}$ ";;
esac
---------------------------

2009/09/24

How to Limit Connections per IP using mod_limitipconn on cPanel

How to limit connections per IP in a cPanel hosting server :
there is an Apache module named mod_limitipconn which will take care of it for us.
first download the latest version of mod_limitipconn from this site : http://dominia.org/djao/limitipconn2.html
decompress and install it.
at current time the latest version is 0.23.

1.wget http://dominia.org/djao/limit/mod_limitipconn-0.23.tar.bz2
2.tar jxvf mod_limitipconn-0.23.tar.bz2
3.cd mod_limitipconn-0.23
4.usr/local/apache/bin/apxs -cia mod_limitipconn.c

next step is to add the required configuration to the Apache config file , we can add this directly to the end of httpd.conf file but the problem is that if we do this , the httpd.conf will be overwritten by easyapache so we will use include files to add our config.
login into your WHM panel , and follow the following menu items :
Main >> Service Configuration >> Apache Configuration >> Include Editor
on the Post VirtualHost Include section , choose All Versions from drop down menu and add the following config into it :

1.
2.
3.MaxConnPerIP 10
4.NoIPLimit images/*
5.

6.


then click on update and restart Apache server.

How to install Mod_security in the server

Requirements:
Apache Web Server 1.3x or 2.x

Note: We have confirmed this security addon works with Cpanel based servers.

UPDATE: Sept. 15, 2004:
Changed # Prevent path traversal (..) attacks rules to fix a typo in tutorial.

How to install?
1. Login to your server through SSH and su to the root user.

2. First your going to start out by grabbing the latest version of mod_security
wget http://www.modsecurity.org/download/mod_security-1.7.4.tar.gz

3. Next we untar the archive and cd into the directory:
tar zxvf mod_security-1.7.4.tar.gz
cd mod_security-1.7.4/

4. Now you need to determine which version of apache you use:
APACHE 1.3.x users
cd apache1/
APACHE 2.x users
cd apache2/

5. Lets Compile the module now:
/usr/local/apache/bin/apxs -cia mod_security.c

6. Ok, now its time to edit the httpd conf file. First we will make a backup just incase something goes wrong:
cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.backup

7. Now that we have backed it all up, we can edit the httpd.conf. Replace pico with nano depending on what you have
pico /usr/local/apache/conf/httpd.conf

8. Lets look for something in the config, do this by holding control and pressing W and you are going to search for

(altho any of the IfModules would work fine)

9. Now add this


# Turn the filtering engine On or Off
SecFilterEngine On

# Change Server: string
SecServerSignature " "

# Make sure that URL encoding is valid
SecFilterCheckURLEncoding On

# This setting should be set to On only if the Web site is
# using the Unicode encoding. Otherwise it may interfere with
# the normal Web site operation.
SecFilterCheckUnicodeEncoding Off

# Only allow bytes from this range
SecFilterForceByteRange 1 255

# The audit engine works independently and
# can be turned On of Off on the per-server or
# on the per-directory basis. "On" will log everything,
# "DynamicOrRelevant" will log dynamic requests or violations,
# and "RelevantOnly" will only log policy violations
SecAuditEngine RelevantOnly

# The name of the audit log file
SecAuditLog /var/log/httpd/audit_log

# Should mod_security inspect POST payloads
SecFilterScanPOST On

# Action to take by default
SecFilterDefaultAction "deny,log,status:500"

# Require HTTP_USER_AGENT and HTTP_HOST in all requests
SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"

# Prevent path traversal (..) attacks
SecFilter "../"

# Weaker XSS protection but allows common HTML tags
SecFilter "<[[:space:]]*script" # Prevent XSS atacks (HTML/Javascript injection) SecFilter "<(.|n)+>"

# Very crude filters to prevent SQL injection attacks
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"
SecFilter "select.+from"

# Protecting from XSS attacks through the PHP session cookie
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"


10. Save the file Ctrl + X then Y

11. Restart Apache

/etc/rc.d/init.d/httpd stop
/etc/rc.d/init.d/httpd start

You've successfully installed mod_security!

How to disabe Mod_Security2 for a domain

SecFilterEngine Off cannot be used in .htaccess, for Mod_Security 2 instead SecRuleEngine should be used.

If you get an error in apache error logs that this entry cannot be used here, use the following method instead.

Open either modsec2.conf or the modsec2/whitelist.conf in /etc/httpd/conf/ directory and put the following entry

SecRule SERVER_NAME "Domain_name" phase:1,nolog,allow,ctl:ruleEngine=off

2009/09/23

Exim

Print a count of the messages in the queue:

root@localhost# exim -bpc

Print a listing of the messages in the queue (time queued, size, message-id, sender, recipient):

root@localhost# exim -bp

Print a summary of messages in the queue (count, volume, oldest, newest, domain, and totals):

Delete emails for an email account

exim -bp | grep username@domain.com | awk ‘{print $3}’ | xargs exim -Mrm ;

root@localhost# exim -bp | exiqsumm


Print what Exim is doing right now:

root@localhost# exiwhat

Test how exim will route a given address:

root@localhost# exim -bt alias@localdomain.com
user@thishost.com
<-- alias@localdomain.com router = localuser, transport = local_delivery root@localhost# exim -bt user@thishost.com user@thishost.com router = localuser, transport = local_delivery root@localhost# exim -bt user@remotehost.com router = lookuphost, transport = remote_smtp host mail.remotehost.com [1.2.3.4] MX=0 Run a pretend SMTP transaction from the command line, as if it were coming from the given IP address. This will display Exim's checks, ACLs, and filters as they are applied. The message will NOT actually be delivered. root@localhost# exim -bh 192.168.11.22 Display all of Exim's configuration settings: root@localhost# exim -bP Searching the queue with exiqgrep Exim includes a utility that is quite nice for grepping through the queue, called exiqgrep. Learn it. Know it. Live it. If you're not using this, and if you're not familiar with the various flags it uses, you're probably doing things the hard way, like piping `exim -bp` into awk, grep, cut, or `wc -l`. Don't make life harder than it already is. First, various flags that control what messages are matched. These can be combined to come up with a very particular search. Use -f to search the queue for messages from a specific sender: root@localhost# exiqgrep -f [luser]@domain Use -r to search the queue for messages for a specific recipient/domain: root@localhost# exiqgrep -r [luser]@domain Use -o to print messages older than the specified number of seconds. For example, messages older than 1 day: root@localhost# exiqgrep -o 86400 [...] Use -y to print messages that are younger than the specified number of seconds. For example, messages less than an hour old: root@localhost# exiqgrep -y 3600 [...] Use -s to match the size of a message with a regex. For example, 700-799 bytes: root@localhost# exiqgrep -s '^7..$' [...] Use -z to match only frozen messages, or -x to match only unfrozen messages. There are also a few flags that control the display of the output. Use -i to print just the message-id as a result of one of the above two searches: root@localhost# exiqgrep -i [ -r | -f ] ... Use -c to print a count of messages matching one of the above searches: root@localhost# exiqgrep -c ... Print just the message-id of the entire queue: root@localhost# exiqgrep -i Managing the queue The main exim binary (/usr/sbin/exim) is used with various flags to make things happen to messages in the queue. Most of these require one or more message-IDs to be specified in the command line, which is where `exiqgrep -i` as described above really comes in handy. Start a queue run: root@localhost# exim -q -v Start a queue run for just local deliveries: root@localhost# exim -ql -v Remove a message from the queue: root@localhost# exim -Mrm [ ... ]


Freeze a message:

root@localhost# exim -Mf [ ... ]

Thaw a message:

root@localhost# exim -Mt [ ... ]

Deliver a message:

root@localhost# exim -M [ ... ]

Force a message to fail and bounce as "cancelled by administrator":

root@localhost# exim -Mg [ ... ]

Remove all frozen messages:

root@localhost# exiqgrep -z -i | xargs exim -Mrm


Remove all messages older than five days (86400 * 5 = 432000 seconds):

root@localhost# exiqgrep -o 432000 -i | xargs exim -Mrm

Freeze all queued mail from a given sender:

root@localhost# exiqgrep -i -f luser@example.tld | xargs exim -Mf


View a message's headers:

root@localhost# exim -Mvh

View a message's body:

root@localhost# exim -Mvb

View a message's logs:

root@localhost# exim -Mvl

Add a recipient to a message:

root@localhost# exim -Mar

[
... ]

Edit the sender of a message:

root@localhost# exim -Mes

Access control

Exim allows you to apply access control lists at various points of the SMTP transaction by specifying an ACL to use and defining its conditions in exim.conf. You could start with the HELO string.

# Specify the ACL to use after HELO
acl_smtp_helo = check_helo

# Conditions for the check_helo ACL:
check_helo:

deny message = Gave HELO/EHLO as "friend"
log_message = HELO/EHLO friend
condition = ${if eq {$sender_helo_name} }

deny message = Gave HELO/EHLO as our IP address
log_message = HELO/EHLO our IP address
condition = ${if eq {$sender_helo_name}{$interface_address} }

accept

NOTE: Pursue HELO checking at your own peril. The HELO is fairly unimportant in the grand scheme of SMTP these days, so don't put too much faith in whatever it contains. Some spam might seem to use a telltale HELO string, but you might be surprised at how many legitimate messages start off with a questionable HELO as well. Anyway, it's just as easy for a spammer to send a proper HELO than it is to send HELO im.a.spammer, so consider yourself lucky if you're able to stop much spam this way.

Next, you can perform a check on the sender address or remote host. This shows how to do that after the RCPT TO command; if you reject here, as opposed to rejecting after the MAIL FROM, you'll have better data to log, such as who the message was intended for.

# Specify the ACL to use after RCPT TO
acl_smtp_rcpt = check_recipient

# Conditions for the check_recipient ACL
check_recipient:

# [...]

drop hosts = /etc/exim_reject_hosts
drop senders = /etc/exim_reject_senders

# [ Probably a whole lot more... ]

This example uses two plain text files as blacklists. Add appropriate entries to these files - hostnames/IP addresses to /etc/exim_reject_hosts, addresses to /etc/exim_reject_senders, one entry per line.

It is also possible to perform content scanning using a regex against the body of a message, though obviously this can cause Exim to use more CPU than it otherwise would need to, especially on large messages.

# Specify the ACL to use after DATA
acl_smtp_data = check_message

# Conditions for the check_messages ACL
check_message:

deny message = "Sorry, Charlie: $regex_match_string"
regex = ^Subject:: .*Lower your self-esteem by becoming a sysadmin

accept

Fix SMTP-Auth for Pine

If pine can't use SMTP authentication on an Exim host and just returns an "unable to authenticate" message without even asking for a password, add the following line to exim.conf:

begin authenticators

fixed_plain:
driver = plaintext
public_name = PLAIN
server_condition = "${perl{$1}{$2}{$3}}"
server_set_id = $2
> server_prompts = :

This was a problem on CPanel Exim builds awhile ago, but they seem to have added this line to their current stock configuration.
Log the subject line

This is one of the most useful configuration tweaks I've ever found for Exim. Add this to exim.conf, and you can log the subject lines of messages that pass through your server. This is great for troubleshooting, and for getting a very rough idea of what messages may be spam.

log_selector = +subject

Reducing or increasing what is logged.
Disable identd lookups

Frankly, I don't think identd has been useful for a long time, if ever. Identd relies on the connecting host to confirm the identity (system UID) of the remote user who owns the process that is making the network connection. This may be of some use in the world of shell accounts and IRC users, but it really has no place on a high-volume SMTP server, where the UID is often simply "mail" or whatever the remote MTA runs as, which is useless to know. It's overhead, and results in nothing but delays while the identd query is refused or times out. You can stop your Exim server from making these queries by setting the timeout to zero seconds in exim.conf:

rfc1413_query_timeout = 0s

Disable Attachment Blocking

To disable the executable-attachment blocking that many Cpanel servers do by default but don't provide any controls for on a per-domain basis, add the following block to the beginning of the /etc/antivirus.exim file:

if $header_to: matches "example\.com|example2\.com"
then
finish
endif

It is probably possible to use a separate file to list these domains, but I haven't had to do this enough times to warrant setting such a thing up.
Searching the logs with exigrep

The exigrep utility (not to be confused with exiqgrep) is used to search an exim log for a string or pattern. It will print all log entries with the same internal message-id as those that matched the pattern, which is very handy since any message will take up at least three lines in the log. exigrep will search the entire content of a log entry, not just particular fields.

One can search for messages sent from a particular IP address:

root@localhost# exigrep '<= .* \[12.34.56.78\] ' /path/to/exim_log Search for messages sent to a particular IP address: root@localhost# exigrep '=> .* \[12.34.56.78\]' /path/to/exim_log

This example searches for outgoing messages, which have the "=>" symbol, sent to "user@domain.tld". The pipe to grep for the "<=" symbol will match only the lines with information on the sender - the From address, the sender's IP address, the message size, the message ID, and the subject line if you have enabled logging the subject. The purpose of doing such a search is that the desired information is not on the same log line as the string being searched for. root@localhost# exigrep '=> .*user@domain.tld' /path/to/exim_log | fgrep '<=' Generate and display Exim stats from a logfile: root@localhost# eximstats /path/to/exim_mainlog Same as above, with less verbose output: root@localhost# eximstats -ne -nr -nt /path/to/exim_mainlog Same as above, for one particular day: root@localhost# fgrep YYYY-MM-DD /path/to/exim_mainlog | eximstats Bonus! To delete all queued messages containing a certain string in the body: root@localhost# grep -lr 'a certain string' /var/spool/exim/input/ | \ sed -e 's/^.*\/\([a-zA-Z0-9-]*\)-[DH]$/\1/g' | xargs exim -Mrm Note that the above only delves into /var/spool/exim in order to grep for queue files with the given string, and that's just because exiqgrep doesn't have a feature to grep the actual bodies of messages. If you are deleting these files directly, YOU ARE DOING IT WRONG! Use the appropriate exim command to properly deal with the queue. If you have to feed many, many message-ids (such as the output of an `exiqgrep -i` command that returns a lot of matches) to an exim command, you may exhaust the limit of your shell's command line arguments. In that case, pipe the listing of message-ids into xargs to run only a limited number of them at once. For example, to remove thousands of messages sent from test@example.com: root@localhost# exiqgrep -i -f '' | xargs exim -Mrm
 
 
exim -bpru |awk '{print $3}' | xargs -n 1 -P 40 exim -v -M

How to reinstall spamassasin in cpanel server

Reinstalling Spamassasin

killall -9 spamd
rm /etc/mail/rulesdujour/ -rf
rm /etc/mail/spamassassin/ -rf
rm /usr/share/spamassassin/ -rf
rm -rf /var/lib/spamassassin/3.00*/saupdates_openprotect_com
rm -f /var/lib/spamassassin/3.00*/saupdates_openprotect_com.cf
rm -f /var/lib/spamassassin/3.00*/saupdates_openprotect_com.pre
/scripts/perlinstaller --force Digest::SHA1
/scripts/realperlinstaller --force IO::Zlib
/scripts/perlinstaller --force Mail::SpamAssassin
/scripts/fixspamassassinfailedupdate
/scripts/perlinstaller --force Mail::SPF Mail::DomainKeys
/scripts/perlinstaller --force Mail::DKIM Encode::Detec Tie::Cache

Also run a cpanel update after all these steps are over.

/scripts/upcp --force
/scripts/upcp

2009/09/16

Plesk passwords in Linux and Windows

Linux:

root@localhost#cat /etc/psa/.psa.shadow
“Password”

Windows:

Check the Plesk installation path:
Via command prompt:
C:\SWSoft\Plesk\admin\bin\>”plesksrvclient.exe” -get
Password will be displayed in a dialog box

SSL

Generating a Certificate Signing Request (CSR)
To generate the keys for the Certificate Signing Request (CSR) run the following command from a terminal prompt:

$ openssl genrsa -des3 -out server.key 1024

To create the CSR:-

run the following command at a terminal prompt:
$ openssl req -new -key server.key -out server.csr



Creating a Self-Signed Certificate:-

To create the self-signed certificate, run the following command at a terminal prompt:

$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Installing the Certificate:-

You can install the key file server.key and certificate file server.crt, or the certificate file issued by your CA, by running following commands at a terminal prompt:

$ sudo cp server.crt /etc/ssl/certs
$ sudo cp server.key /etc/ssl/private


Now simply configure any applications, with the ability to use public-key cryptography, to use the certificate and key files. For example, Apache can provide HTTPS.

To configure Apache for HTTPS add the following three lines to the /etc/apache2/sites-available/subversion file

SSLEngine on
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key

Configure Apache Server (https) the Repository:-

We need to be sure the right modules are enabled

$ a2enmod dav
$ a2enmod dav_svn
We must set up virtual host for subversion server. File that you can put in /etc/apache2/sites-available/default (original file).so we can copy the original file (default) to duplication file (subversion).
$ sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/subversion.
Edit file $ sudo vim /etc/apache2/sites-available/subversion

NameVirtualHost 192.170.50.61:443

ServerAdmin webmaster@localhost
#SSLCertificate
SSLEngine on
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key

DAV svn
SVNPath /home/svn/repos
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /etc/apache2/dav_svn.passwd
#Required authentication
Require valid-user
# Require encryption
SSLRequireSSL

ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On



Symbolic link:-

Be sure to make a symbolic link to that file in /etc/apache2/sites-enabled:

$ ln –s /etc/apache2/sites-available/subversion/ /etc/apache2/sites-enabled


Open Port Number:-

Add "Listen 443" to /etc/apache2/ports.conf:

$ sudo vim /etc/apache2/ports.conf

Listen 443



Subversion main configuration file:-

Edit /etc/apache2/mods-available/dav_svn.conf configuration file and follow the instructions:
$ sudo vim /etc/apache2/mods-available/dav_svn.conf


DAV svn
SVNPath /home/svn/repos
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /etc/apache2/dav_svn.passwd
Require valid-user
SSLRequireSSL


User authentication:-

To add the first user, you can run the following command:

$ sudo htpasswd -c /etc/apache2/dav_svn.passwd suresh



Note: If you have just installed SVN, the passwd file will not yet exist and needs to be created using the "-c" switch. Adding any users after that should be done without the "-c" switch to avoid overwriting the passwd file.

Direct repository you can run the following command:

$ sudo svn co file:///home/svn/repos



You should start apache service
$ sudo /etc/init.d/apache2 start

Email limit for a particular domain in cpanel

To increase the mail limit for the particular domain then you would need to add the domain in your maxemailsperdomain from the below mentioned location:

pico /var/cpanel/maxemailsperdomain/yourdomainhere.com

yourdomainhere.com is the domain for increasing the number of mails. Once you enter the no. in the file. You may save it and REMEMBER to restart exim services by executing the following command :

/scripts/build_maxemails_config

How to find a hacked website?

To finding the website is hacked by someone or badware scripts running on the server. You can find here…

http://unmaskparasites.com/

This site should be healthy report…. If the report shows badware running..

You need to clean the site on the server & restore the old backup..

Then send review to google web tools &b google will unblock from google blacklist.

Email me for further doubts..

Thanks…

How to disabe mod security using htaccess

Inorder to disable mod_security add the following code into the .htaccess file


# Turn off mod_security filtering.
SecFilterEngine Off

# The below probably isn't needed, but better safe than sorry.
SecFilterScanPOST Off



/// If it is apache 2 then mod_security will be version2 so in that case use
SecRuleEngine Instead of SecFilterEngine

How to install PHP on Linux

PHP 5 installation

We will set up PHP as a shared module, being loaded into Apache2 dynamically during the server startup. These instructions are known to work for PHP versions: 5.0.4 through 5.2.1 .
prerequisites

At this point Apache web server must be installed. If you want MySQL support in PHP, MySQL server also must have been installed prior to the next steps.
download source

Get the source from http://www.php.net/downloads.php . At the time of writing this tutorial the best available version was 5.1.5 ( php-5.1.5.tar.gz ).
unpack, configure, compile

Go to the directory whith the downloaded file and enter:
tar -xzf php-5.2.1.tar.gz
cd php-5.2.1
./configure --prefix=/usr/local/php --with-apxs2=/usr/local/apache2/bin/apxs --with-mysql=/usr/local/mysql

The configuration options ought to be self-explaining; --prefix specifies the location where PHP is to be installed, --with-apxs2 with correct path pointing to bin/apxs in the Apache installation directory is mandatory for the installator to work. Since PHP 5, you need to explicitly bundle PHP with MySQL by --with-mysql directive (make sure you specified path to where MySQL is installed on your system).

There are many other options which turn on additional features. For all available configuration options and their default values type ./configure --help.

Tip: If you are performing an upgrade, you may want to copy config.nice from the old PHP installation directory (if available) to where you unpacked the new PHP tarball file. Run ./config.nice instead of ./configure. This way all the previous configure options will be applied to the new installation effortlessly.

Once you entered ./configure with all the options you need, compile and install the software:
make
make install
edit httpd.conf

All necessary changes to httpd.conf (Apache configuration file) should have already been made automatically during the installation, so usually you need not do anything. Anyways, check that following lines were added to your httpd.conf file:
LoadModule php5_module modules/libphp5.so
AddType application/x-httpd-php .php

If not, add them manually.
create php.ini file

Importanly, you have to create php.ini configuration file. Choose one of the pre-made files (preferably php.ini-recommended) residing inside the php-5.2.1/ directory (it's the folder to which the downloaded archive was extracted). Copy the file to the lib/ directory in the PHP installation directory.
cp php-5.2.1/php.ini-recommended /usr/local/php/lib/php.ini

If you need to, edit the php.ini file:
vi /usr/local/php/lib/php.ini

However, the default settings should work for everyone in most cases.
restart apache server

After everything is set up, restart Apache:
/usr/local/bin/apachectl stop
/usr/local/bin/apachectl start

Alternatively, simply enter:
/usr/local/bin/apachectl restart

2009/09/13

How to reset mysql password

Login to mysql safe mode

mysqld_safe --skip-grant-tables &

Change the MySQL admin(root) Password using following command

mysql>update user set Password = Password('pass') where User ='root';

Flush the privileges so everything will take (It removes any
privileges set by the server)

mysql>flush privileges;

mysql>quit

Stop MySQL Service


----------
kill -9 pid [to kill a process]
killall -9 mysql

2009/09/12

Hotlink protection for images using htaccess

What is hotlink protection

Bandwidth theft or "hotlinking" is direct linking to a web site's files (images, video, etc.). An example would be using an tag to display a JPEG image you found on someone else's web page so it will appear on your own site, eBay auction listing, weblog, forum message post, etc.
Bandwidth refers to the amount of data transferred from a web site to a user's computer. When you view a web page, you are using that site's bandwidth to display the files. Since web hosts charge based on the amount of data transferred, bandwidth is an issue. If a site is over its monthly bandwidth, it's billed for the extra data or taken offline.

Hotlink protection for images using htaccess

RewriteEngine on
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\\.)?yoursite\\.com [NC]
RewriteRule \\.(gif|jpe?g)$ /images/hotlink.$1 [L]

Breakdown of the code

RewriteEngine on

This turns on the mod_rewrite engine in Apache. A requirement for the rewrite commands.

RewriteCond %{HTTP_REFERER} .

This line allows blank referrers. The period in .htaccess means any character. This means users can manually type in a link to one of your images in their browser, but this is generally not even a problem. If you leave this line out a large percentage of visitors will not see your images. This includes many users behind corporate and ISP firewalls, all AOL users, and many others. Leaving this line in is highly recommended! If a visitor thinks your site is broken, they will most likely not return. If you have any kind of e-commerce site, they probably wont be doing business with you!

RewriteCond %{HTTP_REFERER} !^http://(www\\.)?yoursite\\.com [NC]

Here the server checks to see if the request is coming from your own domain. Just change the text to match your website. It handles hotlink prevention whether or not the www prefix is used. The [NC] flag at the end means 'No Case', so it will handle everything.

Notice that there is a backslash before the periods in the domain name. As stated above, in the .htaccess file a period means any character. Preceeding it with a backslash turns it into a literal period, meaning that there must actually be a period there. When writing .htaccess code it is always best to take all possibilities into consideration.

If you have another site that needs to hotlink from this one, simply duplicate this line and type in the new domain.

RewriteRule \\.(gif|jpe?g)$ /images/hotlink.$1 [L]

This last line blocks all requests for gif, jpg, and jpeg files unless they are from an allowed resource. You will notice the hotlink.$1 file. This code will cause the server to return the proper type of file – which is the format that was requested. A lot of hotlink protection code simply sends one type of file no matter what, but many browsers will not handle this properly, and the above method provides the most flexibility while doing things correctly.

This means that for this example we need to create a hotlink.gif, hotlink.jpg, and hotlink.jpeg. Just create your replacement image, and export it to each of the needed file types. Then just upload them to your server in the location specified by the code (in this case – /images/). You can make the replacement images as large or as small as you want, just keep in mind that if they are too large, you may end up loosing more bandwidth than you would have without protection code!


Proper 403 Forbidden method

This method is my favorite because it is the easiest on the server and no bandwidth is used at all. Once again, there are several methods to just return nothing but generating a 403 Forbidden error for the hotlinker is perhaps the best. It will not cause any errors or confusion on your server, and the hotlinker will be left with a broken image link.

RewriteEngine on
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\\.)?yoursite\\.com [NC]
RewriteRule \\.(gif|jpe?g)$ - [NC,F]

Breakdown of the code

The last line is the only difference in these two examples, and this one just contains a dash where the image file would be. Since we are just bouncing back a 403 Forbidden error message to the hotlinker we do not have to worry about creating any image files.

As mentioned before, if the hotlinkers have simple links to your images (as opposed to images displayed with the tags), clicking on the links will return a ‘403 Forbidden’ error with this method. This is what we want, but there is no reason you cannot create custom error pages which give the user information about your site and links to the main sections. This gives you a much better chance of keeping these visitors

2009/09/07

How to change theme from backend

1) Change directories

cd /var/cpanel/users

2) A look in a users file, list contents of directory
ls for the directory contents then type

pico username (replacing username with an account name)
You should see something like this:

BWLIMIT=524288000
DNS=usersdomain.com
FEATURELIST=default
IP=yourIPhere
LANG=english
MAXADDON=0
MAXFTP=3
MAXLST=0
MAXPARK=0
MAXPOP=2
MAXSQL=2
MAXSUB=0
OWNER=hosting
PLAN=SubWS
RS=x
STARTDATE=1085847520
SUSPENDTIME=1086171449

What we�re interested in changing is the RS value.

3) Changing the user theme
The first is the theme you want to change from, the latter is the theme you want to change to. In this case we want to change Tree skin to x2 skin on all user themes as some of our resellers are using an older skin.

replace RS=tree RS=x2 -- *

4) Make sure that the changes have taken effect by opening one or two of the user files.

pico username


Then ctrl+w to search: type in RS

You should see the new Cpanel theme.

2009/09/06

PHP Parse error: syntax error, unexpected T_STRING

Error

PHP Parse error: syntax error, unexpected T_STRING

Please add the following line in the php_flag short_open_tag X in the .htaccess file and
short_open_tag = X in the php.ini file under the clients folder on the suexcec server and then check .

2009/09/05

Interview Question Linux (samples)

Part 1:

1. Two Diffrent ways to configure Apache and how ?
2. Name virtual host or IP virtual host is good ? Why?
3. What is SMARTHOST in sendmail ?
4. How can we disable a users login ?
5. Can we change the primary group of a user after creating a user?
6. How you secure a linux box?
7. Situavation in a big company - They have 2mbps leased line and 1mbps line, you have to give the 2mbps line to developers and 1 mpbs line to sales peoples with any controllers? How can you handle this situvation ?
8. Port numbers for telnet and pop3?
9. Diffrence between Hardlink and Softlink?
10.File systems in Linux?
11.What will you do when a file system corrupt. How you handle it?
--------------------------------------------------------------------------

Part 2:
1. How to take apache core dump?
2. Difference between IMAP and POP3?
3. Ext2 and Ext3 ?
4. How to point abc.com to a serverlet page ?
5. How to handle segmentation faults in apache?
6. Tcpdump ?
7. Difference between TCP and UDP ?
8. SSL ? what is its significance?
9. Which service is using UDP protocol ?
10.Which is using TCP protocol ?
11. .htaccess importance ?
12.Which one you opt - changes in apache config or change in .htaccess ?
13. Difference between RAID1 and RAID 5?
14. What is lost+found in linux ?
--------------------------------------------------------------------

Part 3:
1. Why do we need Apache, Does the Tomcat can handle the same ?
2. How can we integrate Apache with Tomcat ?
3. Versions that you are using for Apache,Tomcat,Mysql ?
4. Working of Nagios ?
5. How to add a new server to Nagios for monitorng ?
6. How to create a repository in SVN ?
7. Why we remove the work folder in Tomcat while deploying new war files ?
8. Mysql replication, advantages, which all files need to be edited for replication ?
9. What is a contest ?
10.Difference between Mysql and Sql ?
11.Why and what we do for OUT OF MEMORY error ?
12.Configuration files for Tomcat ?
13.How can we increase the memory in Tomcat ?
14.Is there any diffrence between Tomcat and JBoss ?
15.How can we do Virtual hosting in Tomcat ?
16.Memory Heap ?
--------------------------------------------------------------------------------

Questions in Operating systems:

28. Describe four general strategies for dealing with deadlocks.

29. For single unit resources, we can model resource allocation and requests as a directed graph connecting processes and resources. Given such a graph, what is involved in deadlock detection.

30. Is the following system of four processes with 2 resources deadlocked?

Current allocation matrix

P1 1 3
P2 4 1
P3 1 2
P4 2 0

Current request matrix
P1 1 2
P2 4 3
P3 1 7
P4 5 1

Availability Vector
1 4

If the availability vector is as below, is the system above still deadlocked?
2 3

Is the system deadlocked if the availability is
2 4

31. Assuming the operating system detects the system is deadlocked, what can the operating system do to recover from deadlock?

32. What must the banker's algorithm know a priori in order to prevent deadlock?

33. Describe the general strategy behind dealock prevention, and give an example of a practical deadlock prevention method.

34. Filesystems can support sparse files, what does this mean? Give an example of an application's file organisation that might benefit from a file system's sparse file support.

35. Give an example of a scenario that might benefit from a file system supporting an append-only access write.

36. Give a scenario where choosing a large filesystem block size might be a benefit; give an example where it might be a hinderance.

37. Give an example where contiguous allocation of file blocks on disks can be used in practice.

38. What file access pattern is particularly suited to chained file allocation on disk?

39. What file allocation strategy is most appropriate for random access files?

40. Compare bitmap-based allocation of blocks on disk with a free block list.

41. How can the block count in an inode differ from the (file size / block size) rounded up to the nearest integer. Can the block count be greater, smaller, or both.

42. Why might the direct blocks be stored in the inode itself?

43. Given that the maximum file size of combination of direct, single indirection, double indirection, and triple indirection in an inode-based filesystem is approximately the same as a filesystem soley using triple indirection, why not simply use only triple indirection to locate all file blocks?

44. What is the maximum file size supported by a file system with 16 direct blocks, single, double, and triple indirection? The block size is 512 bytes. Disk block numbers can be stored in 4 bytes.

45. The berkely fast filesystem (and Linux Ext2fs) use the idea of block groups. Describe what this idea is and what improvements block groups have over the simple filesystem layout of the System V file system (s5fs).

46. What is the reference count field in the inode? You should consider its relationship to directory entries in you answer.

47. The filesystem buffer cache does both buffering and caching. Describe why buffering is needed. Describe how buffering can improve performance (potentially to the detriment of file system robustness). Describe how the caching component of the buffer cache improves performance.

48. What does flushd do on a UNIX system?

49. Why might filesystems managing external storage devices do write-through caching (avoid buffering writes) even though there is a detrimental affect on performance.

50. Describe the difference between external and internal fragmentation. Indicate which of the two are most likely to be an issues on a) a simple memory memory mangement machine using base limit registers and static partitioning, and b) a similar machine using dynamic partitioning.

51. List and describe the four memory allocation algorithms covered in lectures. Which two of the four are more commonly used in practice?

52. Base-limit MMUs can support swapping. What is swapping? Can swapping permit an application requiring 16M memory to run on a machine with 8M of RAM?

53. Describe page-based virtual memory. You should consider pages, frames, page tables, and Memory Management Units in your answer.

54. Give some advantages of a system with page-based virtual memory compared to a simply system with base-limit registers that implements swapping.

55. Describe segmentation-based virtual memory. You should consider the components of a memory address, the segment table and its contents, and how the final physical address is formed in your answer.

56. What is a translation look-aside buffer? What is contained in each entry it contains?

57. Some TLBs support address space identifiers (ASIDS), why?

58. Describe a two-level page table? How does it compare to a simple page table array?

59. What is an inverted page table? How does it compare to a two-level page table?

60. What are temporal locality and spatial locality?

61. What is the working set of a process?

62. How does page size of a particular achitecture affect working set size?

63. What is thrashing? How might it be detected? How might one recover from it once detected?

64. Enumerate some pros and cons for increasing the page size.

65. Describe two virtual memory page fetch policies. Which is less common in practice? Why?

66. What operating system event might we observe and use as input to an algorithm that decides how many frames an application receives (i.e. an algorithm that determines the application's resident set size)?

67. Name and describe four page replacement algorithms. Critically compare them with each other.

-------------------------------------------------------------------
GOOGLE - Round 1 & 2
http://google.com

1.Introduction.
2.Current work setup.
3.Most challenging job that done in life.
4.Job that i can't handle in my life.
5.Difference between windows and linux.
6.Why the need for varoius linux distributions live Debian, redhat,fedora etc.
7.Different package management in linux.
8.Purpose of Load balancer
9.How to implement load balancer
10.If a call from a loadbalancer to an application server, then the reply to that call from loadbalancer to the client or directly to the client.
11.Difference between http and https.
12.Steps in SSL.
13.How the browser knows the site is https or not.
14.Kernal compilation.
15.What is GPL license
16.Whats the purpose of master-master db replication.
17.In an organization there are 1000 pupils, they need different levels of access, how we can implement it. If an marketing guy in travel needs to access local network as well as VPN, how we can implement.

GOOGLE - Round 3
http://google.com

1. Ports and Tcp/UDP for the following services
ssh,http,imap,pop3,ldap,imaps
2. You are asked to setup a few hundrends of machine for a conference how you setup?
3. One person can get internet in home, but when he comes in office, internet
not working. What all things will check? He has his ip and able to ping....etc...
4. Working of DHCP?
5. DHCP comes in which layer?
6. You are asked to copy some official and personal files from an old laptop to a new one
will you copy?
7. What is google?
8. What all things we can see in command "ifconfig"

GOOGLE - Round 4
http://google.com

1. mgetty
2. Booting preocess of linux in depth.
3. Kernal --> vmlinux --> authentication process --> initrd
4. Suppose we are copying a file over scp with 2 machines. How they transfer. How the bits
or bytes are getting copyied?
5. PAM
6. Operating System in depth.
7. Why you choose Systems Administration jobs

GOOGLE - Round 5
http://google.com

1. package managment in linux.
2. Working of apt-get full.
3. Working of mail server in depth.
4. DB replication, if 2 persons commiting at same time, which will take in action
5. Working of google search engine.
6. If i get cores of cores of dollars, how i start a company like GOOGLE.






Grid Computing
Round robin DNS
Load balancer



Just search for answers and you can post a reply to this post.