Wednesday, 31 July 2013

view external: query (cache) denied

I have registered my nameserver  at registrar. I have properly updated the zone file in the server. But for some reason while checking the dig result the new name-server details were not showing correctly. I have checked the logs and got the following error.
view external: query (cache) denied
Reason : in the view external section in named.conf, the entry for my domain was commented. Once I un-comment, everything was correct.
If you got similar type of error, check your named.conf and also check whether named.conf and the zone file is ok using the following commands
named-checkzone /var/named/

Sunday, 28 July 2013


Drop DDOS attack
20 04 2009

1. Find.. to which IP address in the server is targeted by the ddos attack

netstat -plan  | grep  :80 | awk ‘{print $4}’ | cut -d: -f1 |sort |uniq -c

2. Find… from which IPs, the attack is coming

netstat -plan  | grep  :80 | awk '{print $5}' | cut -d: -f1 |sort |uniq -c
netstat -plan |grep :25 | awk '{print $5}' |cut -d: -f1 |sort |uniq -c |sort -n

give thie command in destination server.

rsync --progress --stats -avzxl --rsh='ssh -p22' [source] [destination]/home/ekozasti/

rsync --progress --stats -avzxl --rsh='ssh -p22' /home/ekozasti/

rsync -avz -e  /var/named/cpanelphp.txt root@

scp -P 2255 villaaqu_hotel.sql root@

                          rewrite rule
 Options +FollowSymLinks RewriteEngine On RewriteRule ^.*$ index.html

iptables -vnL --line // show the iptable rule with line //

iptables -D INPUT line no.  // to delete the rule //

                   to find mail script

grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n

less /var/log/exim_mainlog | grep /home or /tmp

less /var/log/exim_mainlog | grep cwd | grep /home/<username>

grep "cwd=" /var/log/exim_mainlog|awk '{for(i=1;i<=10;i++){print $i}}'|sort|uniq -c|grep cwd|sort -n



postcat -q 7ECB9C36BF4 | more
grep POST */statistics/logs/access_log
  grep POST */statistics/logs/access_log | grep wp-cont
 grep POST */statistics/logs/access_log | grep wp-cont | grep the
 grep POST */statistics/logs/access_log | grep wp-cont | grep themes

To remove frozen mails
exim -bpu | grep frozen | awk {'print $3'} | xargs exim -Mrm

                 database backup

   grep -i '`website`' mydbbkp2013.sql > website.sql

 mysqladmin variable | grep -i innodb [to find innodb run or not]         

   Perl script to find injection files.

  add spf for all domains

for user in `ls /var/cpanel/users`; do /usr/local/cpanel/bin/spf_installer $user; done

for user in `ls /var/cpanel/users`; do /usr/local/cpanel/bin/dkim_keys_install $user; done

to see perl module

To find the userid ownership and changed to another.

find . -gid 1011 -uid 1009 -exec chown www-data.www-data {} \;

To view the imap connection for domain
ps ax | grep ""

smtp port


The roundcube database uses InnoDB tables in its database:

mysql -e "show table status" roundcube |grep -i innodb |awk '{print $1,$2}'

-> The DB has been re-rysnc from old server to new server with the command
"mysqldump --compatible" so that all version are supported.

Reinstalled the spamassasin in cpanel:

/scripts/realperlinstaller --force Mail::SpamAssassin

Grep command

grep -rw xxxx .
grep -irl xxxx .
grep xxxx *

0 11 * * * /usr/local/sbin/maldet --scan-all /home?/?/public_html > /dev/null 2>&1
11 1 * * * /usr/local/bin/clamscan -ir /home -l /var/log/clamscan.log --move=/root/results

ffmpeg tool.
check video conversion,
ffmpeg -i 500.mp4 -ar 22050 -acodec libmp3lame -ab 32K -r 25 -s 320x240 -vcodec flv testvideo1.flv

clear memory cache in ram

echo 1 > /proc/sys/vm/drop_caches

/usr/local/cpanel/bin/tailwatchd --disable=Cpanel::TailWatch::ChkServd
/usr/local/cpanel/bin/tailwatchd --enable=Cpanel::TailWatch::ChkServd


my script[change NS]under named dir--->bcoz sed command find this in all files under which dir you are currently present.[if you want change two NS] use this,

Sed provides -e option to run multiple sed commands in a single sed command. The above output can be achieved in a single sed command as shown below.

>sed -e 's/unix/linux/' -e 's/os/system/' file.txt
linux is great system. unix is opensource. unix is free os.

for i in `cat test.txt` ; do sed -e 's/find/replace/g' -e 's/find/replace/g' $i ; done[PLEASE USE -i INSTEAD OF -e]

 for x in `cat testtangeran_zonefiles.txt`; do sed -i 's/' $x; done;
for x in `cat testtangeran_zonefiles.txt`; do sed -i "s/" $x ; done;

find /home/*/public_html -name php.ini -maxdepth 1 > testaz.txt
for i in `cat testaz.txt` ; do mv $i $i"_moved" ; done
for i in `cat testaz.txt` ; do chown root.root $i"_moved" ; done

mail issue in plesk[recreate mail handlers]
/usr/local/psa/admin/sbin/mailmng --stop-service
/usr/local/psa/admin/sbin/mchk --with-spam
/usr/local/psa/admin/sbin/mailmng --start-service

key_buffer_size = 1024MB + (read_buffer_size = 1MB + sort_buffer_size = 4MB) * 200 ~= 2GB[myaql optimization]

Script to optimize apache webserver

# Credits Gus Maskowitz, Rob Wilderspin, Dan Farmer, Mark Hyde
# ===================================== DO SECTION =====================================
if [ "$ME" != "root" ]; then
echo “You’ll need to be root to run this”
  exit 1
/sbin/service httpd status 2>&1 >/dev/null
if [ $? -ne 0 ]; then
exit 0
apachetuner_version=”Apachetuner v1.0″
if [ -f /etc/redhat-release ]; then
system=$(cat /etc/redhat-release)
echo “This does not appear to be Red-Hat and is unfortunately not yet supported”
  exit 0
# This was written specifically for a Rackspace environment
if [ -f /root/.rackspace/server_number ]; then
server_number=$(cat /root/.rackspace/server_number)
server_name=$(uname -n)
server_httpd_rpm=$(rpm -qf $(which httpd))
memtotal_mb=$(awk ‘/MemTotal/ {printf “%d”, $2/1024}’ /proc/meminfo)
# mem_alert_level=$(echo $memtotal_mb | awk ‘{printf “%d”, $0 * 0.9}’)
#### The following cointributed by Mark Hyde
apache_architecture=$(awk -F’: +’ ‘$1~/^Architecture/{print $2}’ ${HTTPD_V_TMPFILE} )
apache_mpm=$(awk -F’: +’ ‘$1~/^Server MPM/{print $2}’ ${HTTPD_V_TMPFILE} )
apache_server_version=$(awk -F’: +’ ‘$1~/^Server version/{print $2}’ ${HTTPD_V_TMPFILE} )
# Thank you to Rob Wilderspin for this magic…
eval $(awk ‘/\<IfModule prefork.c\>/,/<\/IfModule/ \
{/^ServerLimit/ && s=$2; /^MaxClients/ && m=$2} \
END {printf “serverlimit=%d maxclients=%d”, s, m}’ $config_file)
httpd_root=$(awk -F\” ‘/HTTPD_ROOT/ {print $2}’ $HTTPD_V_TMPFILE)
httpd_server_config_file=$(awk -F\” ‘/SERVER_CONFIG_FILE/ {print $2}’ $HTTPD_V_TMPFILE)
httpd_default_errorlog=$(awk -F\” ‘/DEFAULT_ERRORLOG/ {print $2}’ $HTTPD_V_TMPFILE)
# Dan Farmer created this logic to find the size of each additional apache in memory.
apacheuser=$(ps -ef|awk ‘/httpd/ && !/root/ {print $1}’ | uniq)
num_of_apache_children=$(ps -u $apacheuser -o pid= | wc -l)
apache_in_ram=$(ps -u $apacheuser -o pid= | xargs pmap -d | awk ‘/private/ {c+=1; sum+=$4} END {printf “%.2f”, sum/c/1024}’)
apache_footprint=$(echo $apache_in_ram*$num_of_apache_children | bc -l)
ram_at_maxc=$(echo $maxclients*$apache_in_ram|bc -l)
mem_percentage_at_max=$(echo $ram_at_maxc/$memtotal_mb*100 | bc -l)
# echo $mem_percentage_at_max
if [ -f /etc/php.ini ]; then
php_meml=$(awk ‘/^memory_limit/ {print $3}’ /etc/php.ini);
echo “Checking for /etc/php.ini Not found”;
http_binary=$(netstat -plnt |grep :80|awk -F/ ‘{print $2′})
# =================================== DISPLAY SECTION ===================================
echo “
echo “$system
# This was written specifically for a Rackspace environment
if [ -f /root/.rackspace/server_number ]; then
echo “Server Number: $server_number
echo “Server Name: $server_name
Total Physical Memory: $memtotal_mb MB
echo “Version: $apache_server_version
RPM: $server_httpd_rpm
httpd binary: $(which $http_binary)
Whats running on port 80 $(netstat -plnt |grep :80|awk ‘{print $7}’)
Apache Architecture: $apache_architecture”
echo “Serverlimit is: $serverlimit
MaxClients is: $maxclients”
echo “httpd root $httpd_root
httpd server config file $httpd_root/$httpd_server_config_file
httpd default errorlog $httpd_root/$httpd_default_errorlog”
echo “
/etc/php.ini memory_limit is: $php_meml
=====================APACHE RUNTIME=====================
Apache user: $apacheuser
Average Memory use: $apache_in_ram MB per child
Number of children: $num_of_apache_children
Current memory footprint $apache_footprint MB
Maximum memory footprint $ram_at_maxc MB ($(printf %0.f $mem_percentage_at_max)% of installed RAM)
System memory divided by MaxClients $(printf %0.00f $(echo $memtotal_mb/$maxclients |bc -l))
System memory divided by Apache child size $(printf %0.f $(echo $memtotal_mb/$apache_in_ram | bc -l))