BestDesigns.Co.in

How to remove blocked  ip address from the Brute Force Protection by using SSH  ?

When WHM locks out an user account, especially “root”, the best way is to wait for 10 minutes to see if the account will be unlocked. If the locks persists, webmaster and administrator who still can remote login via SSH to the server as root can manually remove the lockouts via following steps:

mysql> use cphulkd;

mysql> BACKUP TABLE `brutes` TO ‘/var/lib/mysql/cphulkd-bak’;

mysql> BACKUP TABLE `logins` TO ‘/var/lib/mysql/cphulkd-bak’;

Above command will backup the brutes table, the main table used by cPHulk to record locked accounts and denied IP addresses.

mysql> DELETE FROM `brutes`;
mysql> DELETE FROM `logins`;

Above commands will remove all blocked IP addresses and locked accounts from the system, enabling full access again

mysql> quit;

Here is how to Zip and Unzip files in UNIX

• unzip myFile.zip - This command will uncompress compressed files with the .zip extension.
• tar xvf myFile.tar - This command will uncompress compressed files with the .tar extension.
• gunzip myFile.gz           - This command will uncompress compressed files with the .gz extension.

The SYN (TCP connection request) attack is a common denial of service (DoS) technique.

A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target’s system

When a client attempts to start a TCP connection to a server, the client and server exchange a series of messages which normally runs like this:

1. The client requests a connection by sending a SYN (synchronize) message to the server.
2. The server acknowledges this request by sending SYN-ACK back to the client.
3. The client responds with an ACK, and the connection is established.

How to check the SYN attack on  the server.

A quick and useful command for checking if a server is under ddos:
netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

That will list the IPs taking the most amounts of connections to a server. It is important to remember that ddos is becoming more sophisticated and they are using fewer connections with more attacking ips. If this is the case you will still get low number of connections even while you are under a DDOS.

Another very important thing to look at is how many active connections your server is currently processing.

netstat -n | grep :80 |wc -l

netstat -n | grep :80 | grep SYN |wc -l

The first command will show the number of active connections that are open to your server. Many of the attacks typically seen work by starting a connection to the server and then not sending any reply making the server wait for it to time out. The number of active connections from the first command is going to vary widely but if you are much above 500 you are probably having problems. If the second command is over 100 you are having trouble with a syn attack.

Solution:

First go with

echo 1 > /proc/sys/net/ipv4/tcp_syncookies

and then

Try with all these IPtables rule , there may other attacks too.

iptables -A INPUT -p tcp –tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp –tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A INPUT -p tcp –tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -p tcp –tcp-flags FIN,RST FIN,RST -j DROP
iptables -A INPUT -p tcp –tcp-flags ACK,FIN FIN -j DROP
iptables -A INPUT -p tcp –tcp-flags ACK,PSH PSH -j DROP
iptables -A INPUT -p tcp –tcp-flags ACK,URG URG -j DROP

then,

service iptables save
service iptables restart

it should resolve your issue.

Command for to Delete php.ini file from all directories

find -name php.ini -exec rm -f {} \;

How to find How many accounts are hosted on server

#ll /var/cpanel/users | wc -l

1234

How to check  spamming on server..

exim -bpc
If this  is change very fast then it seems spamming is on server also you can check using

tail -f /var/log/exim_mainlog

some times client can spam using scripting that time above using above you can’t find error log so you can use

tail -f /var/log/message or ps -aux  | grep dm.cgi

How to check insecure permission for files and folders on the server ?

#For Directories

find -type d -perm 777

#For Files

find -type f -perm 777

How to check server is suexec or not?

make 777 permission for index.php file for a clients domain and then access it, if it gives an error as Internal server then sure it is suexec server this time copy servers php.ini file and make necessary changes for client.

or

root@rushi []# /usr/local/cpanel/bin/rebuild_phpconf - -current
Available handlers: suphp dso cgi none
DEFAULT PHP: 5
PHP4 SAPI: suphp
PHP5 SAPI: suphp
SUEXEC: enabled
If PHP5 SAPI or PHP4 SAPI it shows the suphp then the server is suexec server

What is RAID ?

RAID stands for Redundant Array of Independent Disks and it basically involves combining two or more drives together to improve the performance and the fault tolerance.
When a system administrator is first asked to provide a reliable, redundant means of protecting critical data on a server, RAID is usually the first term that comes to mind
With RAID enabled on a storage system you can connect two or more drives in the system so that they act like one big fast drive or set them up so that
one drive in the system is used to automatically and instantaneously duplicate (or mirror) your data for real-time backup.

RAID-systems can be based with an number of interfaces, including SCSI, IDE, SATA or FC (fibre channel.) There are systems that use SATA disks internally but that have a FireWire or SCSI-interface for the host system.

There are total 10 types of RAID levels:

RAID 0,1,3,4,and 5 are common, as well as combinations of these levels.
RAID-0 (striping), 1(mirroring), 4 and 5(parity) support.

* RAID-0: This technique has striping but no redundancy of data. It offers the best performance but no fault-tolerance.
* RAID-1: This type is also known as disk mirroring and consists of at least two drives that duplicate the storage of data. There is no striping. Read performance is improved since either disk can be read at the same time. Write performance is the same as for single disk storage. RAID-1 provides the best performance and the best fault-tolerance in a multi-user system.
* RAID-2: This type uses striping across disks with some disks storing error checking and correcting (ECC) information. It has no advantage over RAID-3.
* RAID-3: This type uses striping and dedicates one drive to storing parity information. The embedded error checking (ECC) information is used to detect errors. Data recovery is accomplished by calculating the exclusive OR (XOR) of the information recorded on the other drives. Since an I/O operation addresses all drives at the same time, RAID-3 cannot overlap I/O. For this reason, RAID-3 is best for single-user systems with long record applications.
* RAID-4: This type uses large stripes, which means you can read records from any single drive. This allows you to take advantage of overlapped I/O for read operations. Since all write operations have to update the parity drive, no I/O overlapping is possible. RAID-4 offers no advantage over RAID-5.
* RAID-5: This type includes a rotating parity array, thus addressing the write limitation in RAID-4. Thus, all read and write operations can be overlapped. RAID-5 stores parity information but not redundant data (but parity information can be used to reconstruct data). RAID-5 requires at least three and usually five disks for the array. It’s best for multi-user systems in which performance is not critical or which do few write operations.
* RAID-6: This type is similar to RAID-5 but includes a second parity scheme that is distributed across different drives and thus offers extremely high fault- and drive-failure tolerance.
* RAID-7: This type includes a real-time embedded operating system as a controller, caching via a high-speed bus, and other characteristics of a stand-alone computer. One vendor offers this system.
* RAID-10: Combining RAID-0 and RAID-1 is often referred to as RAID-10, which offers higher performance than RAID-1 but at much higher cost. There are two subtypes: In RAID-0+1, data is organized as stripes across multiple disks, and then the striped disk sets are mirrored. In RAID-1+0, the data is mirrored and the mirrors are striped.
* RAID-50 (or RAID-5+0): This type consists of a series of RAID-5 groups and striped in RAID-0 fashion to improve RAID-5 performance without reducing data protection.
* RAID-53 (or RAID-5+3): This type uses striping (in RAID-0 style) for RAID-3’s virtual disk blocks. This offers higher performance than RAID-3 but at much higher cost.
* RAID-S (also known as Parity RAID): This is an alternate, proprietary method for striped parity RAID from EMC Symmetrix that is no longer in use on current equipment. It appears to be similar to RAID-5 with some performance enhancements as well as the enhancements that come from having a high-speed disk cache on the disk array.

RAID 0: striping

In a RAID 0 system, data are split up in blocks that get written across all the drives in the array. By using multiple disks (at least 2) at the same time, RAID 0 offers superior I/O performance. This performance can be enhanced further by using multiple controllers, ideally one controller per disk.

Advantages

• RAID 0 offers great performance, both in read and write operations. There is no overhead caused by parity controls.
• All storage capacity can be used, there is no disk overhead.
• The technology is easy to implement.

Disadvantages

RAID 0 is not fault-tolerant. If one disk fails, all data in the RAID 0 array are lost. It should not be used on mission-critical systems.

Ideal use

RAID 0 is ideal for non-critical storage of data that have to be read/written at a high speed, e.g. on a Photoshop image retouching station.

RAID 1: mirroring

Data are stored twice by writing them to both the data disk (or set of data disks) and a mirror disk (or set of disks) . If a disk fails, the controller uses either the data drive or the mirror drive for data recovery and continues operation. You need at least 2 disks for a RAID 1 array.

RAID 1 systems are often combined with RAID 0 to improve performance. Such a system is sometimes referred to by the combined number: a RAID 10 system.

Advantages

• RAID 1 offers excellent read speed and a write-speed that is comparable to that of a single disk.
• In case a disk fails, data do not have to be rebuild, they just have to be copied to the replacement disk.
• RAID 1 is a very simple technology.

Disadvantages

• The main disadvantage is that the effective storage capacity is only half of the total disk capacity because all data get written twice.
• Software RAID 1 solutions do not always allow a hot swap of a failed disk (meaning it cannot be replaced while the server keeps running). Ideally a hardware controller is used.

Ideal use

RAID-1 is ideal for mission critical storage, for instance for accounting systems. It is also suitable for small servers in which only two disks will be used.

RAID 3

On RAID 3 systems, datablocks are subdivided (striped) and written in parallel on two or more drives. An additional drive stores parity information. You need at least 3 disks for a RAID 3 array.

Since parity is used, a RAID 3 stripe set can withstand a single disk failure without losing data or access to data.

Advantages

• RAID-3 provides high throughput (both read and write) for large data transfers.
• Disk failures do not significantly slow down throughput.

Disadvantages

• This technology is fairly complex and too resource intensive to be done in software.
• Performance is slower for random, small I/O operations.

Ideal use

RAID 3 is not that common in prepress.

RAID 5

RAID 5 is the most common secure RAID level. It is similar to RAID-3 except that data are transferred to disks by independent read and write operations (not in parallel). The data chunks that are written are also larger. Instead of a dedicated parity disk, parity information is spread across all the drives. You need at least 3 disks for a RAID 5 array.
A RAID 5 array can withstand a single disk failure without losing data or access to data. Although RAID 5 can be achieved in software, a hardware controller is recommended. Often extra cache memory is used on these controllers to improve the write performance.

Advantages

Read data transactions are very fast while write data transaction are somewhat slower (due to the parity that has to be calculated).

Disadvantages

• Disk failures have an effect on throughput, although this is still acceptable.
• Like RAID 3, this is complex technology.

Ideal use

RAID 5 is a good all-round system that combines efficient storage with excellent security and decent performance. It is ideal for file and application servers.

RAID 10: a mix of RAID 0 & RAID 1

RAID 10 combines the advantages (and disadvantages) of RAID 0 and RAID 1 in a single system. It provides security by mirroring all data on a secondary set of disks (disk 3 and 4 in the drawing below) while using striping across each set of disks to speed up datatransfers.

Advantages of RAID

There are three reasons you might want a RAID system of drives.

1. You need tons of storage space and you need it to be fast. (RAID 0)
2. You want to instantaneously and automatically backup your data. (RAID 1)
3. You want both. (RAID 5)