MY SCRIPTS



Drop DDOS attack
20 04 2009

1. Find.. to which IP address in the server is targeted by the ddos attack

netstat -plan  | grep  :80 | awk ‘{print $4}’ | cut -d: -f1 |sort |uniq -c

2. Find… from which IPs, the attack is coming

netstat -plan  | grep  :80 | awk '{print $5}' | cut -d: -f1 |sort |uniq -c
netstat -plan |grep :25 | awk '{print $5}' |cut -d: -f1 |sort |uniq -c |sort -n



                  rsync
give thie command in destination server.

rsync --progress --stats -avzxl --rsh='ssh -p22' [source]52825@rsync1.cloudkeeper.net:/usr/home/52825/server.scalateam.inf/home/ekozasti/ [destination]/home/ekozasti/

rsync --progress --stats -avzxl --rsh='ssh -p22' 52825@rsync1.cloudkeeper.net:/usr/home/52825/server.scalateam.inf/home/ekozasti/ /home/ekozasti/

rsync -avz -e  /var/named/cpanelphp.txt root@

scp -P 2255 villaaqu_hotel.sql root@173.192.73.130:/root/

                          rewrite rule
 Options +FollowSymLinks RewriteEngine On RewriteRule ^.*$ index.html
                       iptables

iptables -vnL --line // show the iptable rule with line //

iptables -D INPUT line no.  // to delete the rule //

                   to find mail script

grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n

less /var/log/exim_mainlog | grep /home or /tmp

less /var/log/exim_mainlog | grep cwd | grep /home/<username>

grep "cwd=" /var/log/exim_mainlog|awk '{for(i=1;i<=10;i++){print $i}}'|sort|uniq -c|grep cwd|sort -n

                       plesk

mailq

postcat -q 7ECB9C36BF4 | more
grep POST */statistics/logs/access_log
  grep POST */statistics/logs/access_log | grep wp-cont
 grep POST */statistics/logs/access_log | grep wp-cont | grep the
 grep POST */statistics/logs/access_log | grep wp-cont | grep themes

To remove frozen mails
exim -bpu | grep frozen | awk {'print $3'} | xargs exim -Mrm

                 database backup

   grep -i '`website`' mydbbkp2013.sql > website.sql


 mysqladmin variable | grep -i innodb [to find innodb run or not]         


   Perl script to find injection files.

   http://cbl.abuseat.org/findbot.pl

  add spf for all domains

for user in `ls /var/cpanel/users`; do /usr/local/cpanel/bin/spf_installer $user; done

for user in `ls /var/cpanel/users`; do /usr/local/cpanel/bin/dkim_keys_install $user; done

to see perl module
#instmodsh


To find the userid ownership and changed to another.

find . -gid 1011 -uid 1009 -exec chown www-data.www-data {} \;

To view the imap connection for domain
ps ax | grep "animecrave.com"


smtp port
25
ssl=465
tls=587


     Mysql

The roundcube database uses InnoDB tables in its database:

mysql -e "show table status" roundcube |grep -i innodb |awk '{print $1,$2}'

-> The DB has been re-rysnc from old server to new server with the command
"mysqldump --compatible" so that all version are supported.

Reinstalled the spamassasin in cpanel:

/scripts/realperlinstaller --force Mail::SpamAssassin

Grep command

grep -rw xxxx .
grep -irl xxxx .
grep xxxx *

0 11 * * * /usr/local/sbin/maldet --scan-all /home?/?/public_html > /dev/null 2>&1
11 1 * * * /usr/local/bin/clamscan -ir /home -l /var/log/clamscan.log --move=/root/results

ffmpeg tool.
check video conversion,
ffmpeg -i 500.mp4 -ar 22050 -acodec libmp3lame -ab 32K -r 25 -s 320x240 -vcodec flv testvideo1.flv

clear memory cache in ram

echo 1 > /proc/sys/vm/drop_caches

/usr/local/cpanel/bin/tailwatchd --disable=Cpanel::TailWatch::ChkServd
/usr/local/cpanel/bin/tailwatchd --enable=Cpanel::TailWatch::ChkServd



MYSCRIPT AREA

my script[change NS]under named dir--->bcoz sed command find this in all files under which dir you are currently present.[if you want change two NS] use this,

Sed provides -e option to run multiple sed commands in a single sed command. The above output can be achieved in a single sed command as shown below.

>sed -e 's/unix/linux/' -e 's/os/system/' file.txt
linux is great system. unix is opensource. unix is free os.

for i in `cat test.txt` ; do sed -e 's/find/replace/g' -e 's/find/replace/g' $i ; done[PLEASE USE -i INSTEAD OF -e]

 for x in `cat testtangeran_zonefiles.txt`; do sed -i 's/ns2.cirebonhosting.com./ri2.tangeranghosting.com./g' $x; done;
for x in `cat testtangeran_zonefiles.txt`; do sed -i "s/ns1.cirebonhosting.com./ri1.tangeranghosting.com./g" $x ; done;


find /home/*/public_html -name php.ini -maxdepth 1 > testaz.txt
for i in `cat testaz.txt` ; do mv $i $i"_moved" ; done
for i in `cat testaz.txt` ; do chown root.root $i"_moved" ; done


mail issue in plesk[recreate mail handlers]
http://kb.parallels.com/en/115162
/usr/local/psa/admin/sbin/mailmng --stop-service
/usr/local/psa/admin/sbin/mchk --with-spam
/usr/local/psa/admin/sbin/mailmng --start-service


key_buffer_size = 1024MB + (read_buffer_size = 1MB + sort_buffer_size = 4MB) * 200 ~= 2GB[myaql optimization]

Comments

Post a Comment

Popular posts from this blog

Using a Linux server to route packets between two private networks

Image
Reference: http://www.tecmint.com/setup-linux-as-router/ We want to route icmp (ping) packets from dev2 to dev4 and the other way around as well (note that both client machines are on different networks). The name of each NIC, along with its corresponding IPv4 address, is given inside square brackets. Our test environment is as follows: Client 1 : CentOS 7 [enp0s3: 192.168.0.17/24] - dev1 Router : Debian Wheezy 7.7 [eth0: 192.168.0.15/24, eth1: 10.0.0.15/24] - dev2 Client 2 : openSUSE 13.2 [enp0s3: 10.0.0.18/24] - dev4 Let’s view the routing table in dev1 (CentOS box): # ip route show and then modify it in order to use its enp0s3 NIC and the connection to 192.168.0.15 to access hosts in the 10.0.0.0/24 network: # ip route add 10.0.0.0/24 via 192.168.0.15 dev enp0s3 Which essentially reads, “Add a route to the 10.0.0.0/24 network through the enp0s3 network interface using 192.168.0.15 as gateway”. Route Network in Linux Likewise in dev4 (openSUSE box) to ping h
Read more

PHP Fatal error: Class 'JFactory' not found

I have faced this issue in Joomla site and searched the forums but none of the forums including joomla did not give solution for me. They simply suggest to check joomla version, php version compatibility and php extensions. Finally I have fixed the issue. Issue:- ---------  [26-Sep-2014 18:11:29 Europe/Berlin] PHP Fatal error: Class 'JFactory' not found in /home/test/public_html/index.php on line 31 Cause & Solution:- ----------------------- In my case, it seems file which gives the class JFactory was missed. /home/test/public_html/libraries/joomla/factory.php --->Core file for Joomla. Simply restore that file under proper path to fix the issue.
Read more

KVM & Qemu

QEMU is a powerful emulator, which means that it can emulate a variety of processor types. Xen uses QEMU for HVM guests, more specifically for the HVM guest's device model. The Xen-specific QEMU is called qemu-dm (short for QEMU device model) QEMU uses emulation; KVM uses processor extensions (intel-VT) for virtualization. Both Xen and KVM merge their various functionality to upstream QEMU, that way upstream QEMU can be used directly to accomplish Xen device model emulation, etc. Xen is unique in that it has paravirtualized guests that don't require hardware virtualization. Both Xen and KVM have paravirtualized device drivers that can run on top of the HVM guests. The QEMU hypervisor is very similar to the KVM hypervisor. Both are controlled through libvirt, both support the same feature set, and all virtual machine images that are compatible with KVM are also compatible with QEMU. The main difference is that QEMU does not support native virtualization. Consequently, QEMU has
Read more