make_sock: httpd error

If we get following error of while try to restart httpd:httpd not running, trying to start

(98)Address already in use: make_sock: could not bind to address 0.0.0.0:443
no listening sockets available, shutting down
Unable to open logs

Simply log in as root and fire the command which is given below:

netstat -lpn | grep '0.0.0.0:80'

It will show the result something like:

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 14829/httpd

Then kill the PID and kill all the processes of the service and try to restart it.

root@server [~]# kill -9 14829
root@server [~]# killall -9 httpd

root@server [~]# /etc/init.d/httpd restart

Enjoy:)

Outlook Express

Outlook Setting:

1. Open Out Look Express [if you don’t have outlook express software in your PC, consult

with your Hardware Engineer for support]

2. Click On ‘Tools’ [on top header]


3. Select ‘Accounts


4. Click on ADD>>


5. Select Mail


6. Give - Display Name: Your Company Name’ [>next>]


7. Email Address: Your Mail address (for ex: info@YourDomainName.Com) [>next>]


8. Incoming Mail Server: mail.YourDomainName.Com Or Your doamain name


9. Outgoing Mail Server: mail.YourDomainName.Com [ or your Local ISP Server/IP address]

[>next>]

10. Account Name: Your complete Mail address [info@YourDomainName.Com ]


11. Password: **** your mail password [>next>]


12. and Click Finish


13. Again from main screen >> Tools >> Accounts >> Select your respective email account

>> Click on Properties >> Go to Servers Tab >> Keep a TICK to “My Server Requires
Authentication”. Then Go to Advance tab >> Outgoing Mail [25], Incoming Mail [110]

14. Make sure by this time you would have already connected to Internet.

15. Now check for the new Mails through clicking on Send / Recv button on the home page

of Out Look Express.

Outlook Express not downloading new mails automatically

Once an account is set up in a mail client, the new mails will be automatically downloaded whenever we open the email client program. If the mail client does not download the new mails then do the following :

1. In Outlook Express, click on Tools --> Options
2. Select "General" tab.
3. Make sure the option "Send and receive messages at startup" is set in "Send / Receive Messages".
4. If not select that option and save the settings.

Outlook Express not showing sent mails in sent items folder


By default, the mails sent will be stored in Sent Items in outlook express. If the mail client is not at all showing those mails in that folder, please do the following.

1. In outlook express, click on Tools -> Options
2. Select Send tab
3. Make sure the option "Save a copy of sent messages in the Sent Items folder" is selected.
4. If it was not selected, select that option and save the settings.

Enjoy:)
5. Also, make sure the option "Send messages immediately" is checked.

How to Block Email From a Specific Address by using Exim ?

While working on a client project that had a mass member email function, I needed a way to test the system exactly as it would run in production. This meant, when it ran, it would send emails to all of the members in the directory instead of a test email address. The only problem was I didn’t want to send test emails out to the thousands of members in the directory.

So I wanted a way have PHP still send the email out as it normally would but have the mail server (EXIM) kill it before it left the server.

Luckily this is very easy to do. With EXIM, you can setup filters that can perform a large number of tasks, like blocking message, or blind copying messages to other email addresses. In this case, I’m going to create a filter to cause an email coming from a specific sender to fail (the email address I use to send the email in PHP).

What you’ll want to do is find your System Filter File for EXIM. In WHM, you can find this file listed in your EXIM Configuration Editor about half way down the page.

Once you’ve located the file, log into SSH and edit the file.

pico /path/to/your/file

Then enter the following filter into the file and save it:

if first_delivery
and ( ("$h_from:" contains "emailtoblock@mydomain.com")
)
then fail
endif

If you’d like a copy of the email sent to you after the message fails
so you can make sure it is correctly formatted, just add one line:

if first_delivery

and ( ("$h_from:" contains "emailtoblock@mydomain.com")
)
then
unseen deliver "youremail@yourdomain.com"
fail
endif

I suggest you read up more about EXIM filtering for more advanced functions.

Where I Learned This: I found the solution the Imthiaz Blog and the Exim Documentation.

Enjoy:)

DOS attack

This will also help you

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

Above command will show the list of IP addresses with their connections on our server

route add xxx.xx.xx.xxx reject

netstat -n | grep :80 | wc -l;uptime ; netstat -n | wc -l

Above command will show total number of connections

* Also do this to lower down the server load


steps to lower the load. If you want stats to continue to run even with a high load; Edit
/var/cpanel/cpanel.config and change extracpus to a number larger then 0 (run
/usr/local/cpanel/startup afterwards to pickup the changes).

I'll update it if I get more info on it

Enjoy:)

How to clear cpanel logs ?

echo > /var/log/exim_mainlog
echo > /var/log/exim_rejectlog
echo > /var/log/maillog
echo > /var/log/messages
echo > /var/log/messages.1
echo > /var/log/messages.2
echo > /var/log/messages.3
echo > /var/log/messages.4
echo > /var/log/lastlog
echo > /var/log/maillog
echo > /var/log/maillog.1
echo > /var/log/maillog.2
echo > /var/log/maillog.3
echo > /var/log/secure
echo > /var/log/secure.1
echo > /var/log/secure.2
echo > /var/log/secure.3
echo > /var/log/secure.4
echo > /usr/local/apache/logs/access_log
echo > /usr/local/apache/logs/suexec_log
echo > /usr/local/apache/logs/error_log
echo > /usr/local/cpanel/logs/access_log
echo > /usr/local/cpanel/logs/error_log
echo > /var/log/exim_mainlog.1
echo > /usr/local/cpanel/3rdparty/mailman/logs/locks
echo > /var/log/cron.2
echo > /var/log/secure.2
echo > /var/log/secure.3
echo > /var/log/secure.4
echo > /usr/local/apache/logs/access_log
echo > /usr/local/apache/logs/suexec_log
echo > /usr/local/apache/logs/error_log
echo > /usr/local/cpanel/logs/access_log
echo > /usr/local/cpanel/logs/error_log
echo > /var/log/exim_mainlog.1
echo > /usr/local/cpanel/3rdparty/mailman/logs/locks
echo > /var/log/cron.2
echo > /var/log

Simply fire above command from shell prompt

Enjoy:)

I can't login to DirectAdmin on port 2222

If you are unable to access your server via http://1.2.3.4:2222, then 1 of 3 things is likely happening:

1. DirectAdmin might not be running or
2. You have a firewall blocking port 2222.

Number 2. is easy to check by simply running (only on redhat systems):

/sbin/service iptables stop
/sbin/chkconfig iptables off

Then test directadmin again.

If that didn't fix it, then you'd need to check your /var/log/directadmin/error.log to check for any errors as to why it isn't starting:

tail /var/log/directadmin/error.log

Common problems are:
1. Incorrect ethernet_dev set in the /usr/local/directadmin/conf/directadmin.conf file. guide
2. Invalid license, either due to wrong uid/lid, IP, or date. Try: Updating your DirectAdmin License manually
3. Binaries for a different operating system.

You can always try running DirectAdmin by hand (if it's not already running) to see what the problem is.

cd /usr/local/directadmin
./directadmin b200

to start it in the terminal with debug level 200. Use Ctrl-C to stop.

If you cannot login because of incorrect password simply login as root and reset it

root@server [~]# passwd admin
new password:

Enjoy:)

find command:

find - search for files in a directory hierarchy

Some useful syntax for find commands

find -perm 777 - to find files and folders which have 777 permission
find -user nobody - to find files and folders which have nobody ownership
find -name "test" - to find files or folders which have the name "test"

You can use special caracters like *, ?, \ etc with find command as per your requirment.

For exa- How to find all directories and files from /home which have the name contents like "fishingbank" with the nobody ownership ?

root@server [~]# find /home/ -name "*fishingbank*" -user nobody

Please read man page for more info

Enjoy:)

Cpanel hardning from shell

From Shell prompt

Applicable : Centos/RedhatEnterprise/FedoraCore


check the hardware

cat /proc/cpuinfo
cat /etc/redhat-release
uname -a
cat /proc/meminfo
==========================

SSH Server Hardening

nano -w /etc/ssh/sshd_config

Uncomment #Protocol 2, 1

Change to Protocol 2

Append these lines to the bottom:

LoginGraceTime 120
IgnoreRhosts yes
X11Forwarding no

/etc/rc.d/init.d/sshd restart

============================

cd /etc

mv /etc/host.conf /etc/host.conf.bak

wget http://www.indiageeks.net/myscripts//host.conf

============================

mv /etc/sysctl.conf /etc/sysctl.conf.bak

cd /etc

wget http://www.indiageeks.net/myscripts/sysctl.conf

/sbin/sysctl -p

sysctl -w net.ipv4.route.flush=1

/sbin/ifconfig eth0 txqueuelen 1000

echo /dev/null > /proc/sys/kernel/core_pattern

=============================

cp /etc/fstab /etc/fstab.bak

First check to see that no /tmp partition is present.

df

If no /tmp partition is present, use this guide:

cd /usr

dd if=/dev/zero of=/usr/tmpMnt bs=1024 count=1000000

mke2fs -j /usr/tmpMnt
cd /

cp -R /tmp /tmp_backup

mount -o loop,noexec,nosuid,rw /usr/tmpMnt /tmp

chmod 0777 /tmp

/bin/cp -R /tmp_backup/* /tmp/

rm -rf /tmp_backup

nano -w /etc/fstab

At the bottom add

/usr/tmpMnt /tmp ext3 loop,noexec,nosuid,rw 0 0

If “df” shows a /usr/tmpDSK partition,

Then leave it!

If a standard /tmp partition is already present,

nano -w /etc/fstab

change “defaults” to loop,noexec,nosuid,rw

mount /tmp

/tmp should always have this: loop,noexec,nosuid,rw

/tmp and /var/tmp should be symlinked on EVERY server.

rm -rf /var/tmp

ln -s /tmp /var/tmp

/dev/shm

nano -w /etc/fstab

in /dev/shm line, change 'defaults' to noexec,nosuid

umount /dev/shm

mount /dev/shm

rm -rf /etc/httpd/proxy

rm -rf /var/spool/vbox

mount -o remount,noexec,nosuid /proc

Modify /etc/fstab, add options “noexec,nosuid” to the /proc line:
none /proc proc defaults,noexec,nosuid 0 0

=====================================

php -i | grep php.ini



disable_functions = dl,passthru,proc_open,proc_close,shell_exec,system

/etc/rc.d/init.d/httpd restart

=========================================

Logwatch

cd /root/

wget http://www.indiageeks.net/myscripts//logwatch-7.3.1-1.noarch.rpm

rpm -Uvh logwatch-7.3.1-1.noarch.rpm

rm -rf /etc/logwatch/conf/logwatch.conf

cd /etc/logwatch/conf

wget http://www.indiageeks.net/myscripts//logwatch.conf

=====================

chmod 750 /usr/bin/GET
chmod 750 /usr/bin/wget
chmod 750 /usr/bin/gcc
chmod 750 /usr/bin/rcp
chmod 750 /usr/bin/lynx
chmod 750 /usr/bin/links
chmod 750 /usr/bin/scp

history -c

=====================

From WHM:

Tweak Settings (Check all these options)

--------------

Allow Creation of Parked/Addon Domains that are not registered

Prevent users from parking/adding on common internet domains

E-mail users when they have reached 80% of bandwidth

Each domain can send out per hour: 500

Pop 3 in hour: 180

Allow Sharing Nameserver IPs

Use Jailshell as default

Set Default catch-all to FAIL

Delete each domain's access logs after stats run

Things to Uncheck

Boxtrapper

** When adding a new domain, if the domain is already registered, ignore the configured nameservers, and set the NS line to the authoritative (registered) ones.

** FormMail-clone cgi

Change:

The load average above the number of cpus at which logs file processing should be suspended (default 0):

To 10

** Number of minutes between mail server queue runs (default is 60).:

To 180

=================================================================================================

Tweak Security

--------------

open_basedir: Enable php open_basedir

Compilers disable

==========================

System Health - Background Process Killer

Check all of them

==========================

Please read carefully and make sure that you are aware of all the commands & settings and their effect.

If you need any assistance, We can provide you for a small fee. please email us mayur.c24@gmail.com

Server to server Migration

How to backup / download or restore a client site from old host to new host via cpanel to cpanel ?

Login to clients old cpanel via IP and username password

http://00.00.00.00:2082 or http://00.00.00.00/cpanel
username - clients username
password- clients password

Go to Backups --> click on "Download or Generate a Full Backup"

under Generate a Full Backup --> Backup Destination: select Home Directory

Enter Email Address: test@test.com
Click on generate backup.

Once the backup is completed you will get an alert on the email address, however you can view the backup tar.gz file under "Download or Generate a Full Backup" as backup-5.17.2008_09-21-35_username.tar.gz

Then go to file manager -->Home Directory--> /home/username you will find "backup-5.17.2008_09-21-35_username.tar.gz"

Select the backup file and move the backup file to public_html

Then click on public_html. You will find the backup under it.

Select the backup file and click on change permission. change the permission to 644.

Once this has been done. Logon to our server and go to the path where the backup needs to be downloaded.

and wget the backup file on the server

wget http://00.00.00.00/~username/backup-5.17.2008_09-47-54_username.tar.gz

Then untar the following backup folder.

From shell to shell

SCP - secure copy (remote file copy program)

Syntax from source server:

scp [sourcepath] serverIP:/Destination Path


Exa: scp testscp 198.168.1.1:/home

Syntax from destination server:

scp [sourceserverip:/path of the files or folders] [destination path]

scp testscp 198.168.1.1:/home /home/test

How to download data from another server through "wget +ftp" ?

Fire this command from destination:

wget ftp://username:password@domainname.com * -r

Username - Domain ftp username
Password - ftp password
domainname.com - Domain name

How to Change MYSQL Root password ?

Hello,

1. Log on to your dedicated server via SSH with your root username

2. Stop the MySQL process with the following command:


/etc/init.d/mysqld stop


3. Restart it without the user information:


/usr/bin/safe_mysqld --skip-grant-tables &


Now you should be able to log in without the root password:


4. mysql -u root


5. While you are at the mysql> prompt enter:


UPDATE mysql.user SET Password=PASSWORD('newpwd') WHERE User='admin'; (remember to include the ';' and that newpwd should be the admin password)

and then

6. FLUSH PRIVILEGES;

How to install Ioncube Loader ?

Refer the following steps

1) Login into shell through root

2) cd /usr/local/ Download the tar.gz file which is compatible with your server from http://downloads.ioncube.com/wget http://downloads.ioncube.com/loader_…lin_x86.tar.gz

3) Untar the file.tar -zxf ioncube_loaders_lin_x86.tar.gz

4) chown -R root:root /usr/local/ioncube/

5) vi /usr/local/Zend/etc/php.ini (or whatever your path is)

Add the following line before zend_extension

zend_extension=/usr/local/ioncube/ioncube_loader_lin_4.4.so

It would go between these two entries

zend_optimizer.version=2.5.10a

zend_extension=/usr/local/Zend/lib/ZendExtensionManager.so

Save changes, then:

6) /etc/init.d/httpd restart

How to create a Test Mail Script?

Login to SSH with root user

cd /home//public_html

Create test phpmail fine

pico phpmail.php

Insert following code in that file


$to = "recipient@example.com";
$subject = "Hi!";
$body = "Hi,\n\nHow are you?";
if (mail($to, $subject, $body)) {
echo("

Message successfully sent!

");
} else {
echo("

Message delivery failed...

");
}
?>


Then cange the ownership of that file :

chown user.user phpmail.php

Then test the script in browser or in SSH, you will get follwing result, which means php mail function working fine

-------------------------------------
-bash-2.05b# php phpmail.php

X-Powered-By: PHP/4.4.2
Content-type: text/html

Message successfully sent!


-------------------------------------

Server load monitoring

Q:- How to trace the server load? (Inludes with all application.)


The steps are according to services :-

----------------------------------------------------------------

1. Apache :-

+ top command >> check for many httpd processes

+ Login to WHM >> Check for "Apache ststus",if find anyone downloading mp3,rar,exe,zip files then suspen that account
+ also used to check "cpu/memory/Mysql Usage" option from WHM >> Here we can find actual CPU and Memory usage for particular domain.

----------------------------------------------------------------

2. Mysql :-

+ top command >> check for many httpd processes
+ mysqladmin process / mysqladmin status
+ also used to check "cpu/memory/Mysql Usage" option from WHM >> Here we can find actual CPU and Memory usage for particular domain.

----------------------------------------------------------------

3. Ftp :-

+ ps -aux | grep ftp >> used for checking ftp action taken by user like uploading /downloading files
+ tail -f /var/log/secure

----------------------------------------------------------------

4. SMTP / POP3 /IMAP :-

+ tail -f /var/log/exim_mainlog >> checking for logs and check which email addresses is continuesly scrolling and confirm is it doing spaming,if confirmed then suspend account
+ tail -f /var/log/exim_mainlog | grep public_html >> check for spamming if anybody is using php script for sending mail
+ Login to whm and select "Manage Mailqueue" to find the email address which is doing spamming.


===========================================================================================================================


First of all check the load and if its above safe limits, we have to settle it down. run deep scripts untill you get the messages "no processes found" for mysql, exim and http. check the load again. restart the services by proper restart scripts
s-http, s-mysql, s-exim. Then proceed for investigation.

* top, shift p, check processes taking load and are in plenty.
* if apache
* quickly go to whm and check apache status and do the needful. if theres nothing in apache
check netstat -n|less . it can be http attack.
* if mysql-
do mysqladmin process and look for processes and queries.
* if exim-
go to /var/log/exim_maillog and check the logs for spam.
this can be done by grepping the logs as follows:
tail -f /var/log/exim_mainlog|grep /tmp
tail -f /var/logs/exim_mainlog |grep public_html
tail -f /var/logs/exim_mainlog |grep sendmail
check mail queue
check for frozen mails and delete frozen mails.
* check io wait if its more.
there can be some reasons for this.
* any user may be downloading heavy files- this you can see in the apache status.
* you can see the heavy cpu consuming processes on the server by ps auxw|grep mvi,mgp,mp3,pkgacct,backup,gzip and you can get the processes. check it and kill it as necessary.
* last is check out for bad processes by ps auxw|grep nobody and kill the bad processes. to know more about what is happening behind the process you can check at /proc/procid.==============================================================================================

1> ps aux | grep nobody or gzip /backup /fixquota
2> TOP / shift + p / shift + m / k =kill
3> tail -f /var/log/... | grep ... .avi/.mpg/.rar/.jpg all logs
4> cd /proc/pid ls -alh
5> Apache status/ cpu mysql memory usage form whm
6> netstat -n
7> w
8> Event Viewer log / Task manager for windows
9>tail -f /var/log/exim_mainlog|grep tmp /sendmail /public_html


==============================================================================================

1) top.....to see the process list, then accroding kill the process which is taking load
2) ps -aux
ps -aux | grep gzip, backup, pkg
tail -f /var/log/exim_maillog | grep sendmail, public, tmp
3) w to see whois online
4) kill httpd, mysqld, cppop
5) netstat
6) mysqladmin process :- to see the mysql process
7) /scripts/restartsrv_service name:- to restart the service if it goes down
8) tail -f /etc/httpd/logs/access_log
tail -f /etc/httpd/logs/error_log

or you can manage the serverload using WHM

1) under the server status option you can see the
apache status...
CPU/Mysql usages/memory
service status and you can manage the server
2) SQL services under this option you can see the mysqladmin process

3) restart services:- using this option you can restart the services

==============================================================================================



---
top
---
Will display the processes that are using the maximum processor resources
We can use various options to monitor and control process through top like shift + p, shift + m and k which is used to kill processes. r can be used to renice a process and prioritise a process. In case of high i/o wait we need to check the logs for
high resources using processes.

------
uptime
------
It displays the the time since the server has been up and running, number of users logged in and the load average. Similarly we can use 'w'.

---------
ps -auxwf
---------
Will display the process with details like, username, pid, resource usage and child processes. It is very effective in monitoring processes.
We generally use ps -auxwf | grep gzip
ps -auxwf | grep backup
ps -auxwf | grep pkg
For bad processes - ps -auxwf | grep nobody
ps -aufxw |sort -nr |grep -v 0.0 - Shows which CPU consumming proccesses

----------------
kill and killall

Scenario: Want to kill all processes of particular user, fire the following command:

kill -9 $(pgrep -u username)

Ex: kill -9 $(pgrep -u nobody)

OR

kill -9 `ps -u username -o "pid="`

Ex: kill -9 `ps -u nobody -o "pid="`


----------------
used to kill processes or services that are found to be eating up server resources.

--------
Spamming
--------
To check spamming we can watch for the mail logs using :
tail -f /var/log/exim_mainlog | grep sendmail
tail -f /var/log/exim_mainlog | grep tmp
tail -f /var/log/exim_mainlog | grep public_html
as spamming can be done from a user's public_html directory using a script or through sendmail. Another way of spamming is using the tmp directory as it is the 'world writable directory'.

--------------
WebServer logs
--------------
We can check for customized logs in the WHM under the Server Status section.
We can trace the user responsible for high web server resource usage by the folowing command
tail -f /etc/httpd/logs/access_log | grep mp3
tail -f /etc/httpd/logs/access_log | grep rar
tail -f /etc/httpd/logs/access_log | grep wav etc

tail -f /etc/httpd/logs/access_log | grep 408 can be used to check for DDOS attacks on the server.

-----
mysql
-----
Apart from top and ps, 'mysqladmin processlist' can be used to check the mysql processes, users and the type of process/query being run by the user.

Killing a proceess is the first option to control server load, restarting the affected server is another option. Still if the load is high we track down the responsible user and suspend him.(This applies for all servers,i.e,apache, mysql, exim etc.)
==============================================================================================

1. top - check load average, iowait, httpd, mysql, exim etc.
2. P = CPU Usage, M = Memory Usage, K = kill unwanted processes.
3. If load is high, run "deep".
4. Login to WHM of the server and check apache, cpu/memory, mysql status.
5. If any user found downloading gif images, mp3, etc; suspend that particular user.

iowait is high, someone is backing up their files; run
# ps aux | grep pkg
# ps aux | grep gzip
# ps aux | grep backup

Spamming check-
# tail /var/log/exim_mainlog –f | grep public_html
MySQLdump check-
# ps aux | grep mysqldump
# mysqladmin processlist -- mysql status
Bad processes running-
# ps aux | grep nobody

Service restart commands-
#/scripts/restartsrv_mysql
#/scripts/restartsrv_httpd
#/scripts/restartsrv_exim

==============================================================================================



By using a top command you can find out the process which is causing the load on the server. You can use kill or kilall command to kill that process. OR you can run deep command which will kill all the httpd, exim and mysql process. once the server load comes down restart the service which you have killed.

1. Apache :-

Using top command, we will come to know whether httpd service is eating up high resources on server. if so then kill the httpd service and restart it again when load comes to normal.

You can check if any backup is going on, run the following commands:
# ps aux | grep pkg
# ps aux | grep gzip
# ps aux | grep backup
If any backup process is going on, kill that process.

Also Login to WHM and Check for "Apache ststus", if find anyone downloading mp3,rar,exe,zip files then suspend that account.

the other way to check any download is going on is by using
ps auxw | grep nobody | grep mp3 , jpeg, wmv, mpeg, rar and kill that process.


ALso you can used to check "cpu/memory/Mysql Usage" option from WHM. Here we can find actual CPU and Memory usage for particular domain.

2. Exim Mail :-

Check for spamming by checking the logs for exim

tail -f /var/log/exim_mainlog >> checking for logs and check which email addresses is continuesly scrolling and confirm is it doing spaming,if confirmed then suspend account.

tail -f /var/log/exim_mainlog | grep tmp

Login to whm and select "Manage Mailqueue" to find the email address which is doing spamming.

3. MySQL :-

Use the mysqladmin command as mysqladmin process / mysqladmin status

Also used to check "cpu/memory/Mysql Usage" option from WHM. You can get actual CPU and Memory usage for particular domain.


4. Ftp :-
ps -aux | grep ftp >> used for checking ftp action taken by user like uploading /downloading files
tail -f /var/log/secure

5. ps command :-

Use ps -auxw command ALWAYS to check if there is bad processes running by doing ps aux|grep nobody. You'll sometimes see bad scripts running as nobody. Normally only httpd, merlange chat, and sometimes proftpd are run as user nobody. so if you find any other process is running as user nobody kill that process.

kill -9 pidofproc

==============================================================================================

Some basic commands to see load average and process running on the server,
1]top :: This command is very useful for system administartion. Basically it gives you summary view of system, including number of users, memory usage, CPU usage and active processes.
Shift+p =>list all processes accourding to maximum CPU usage.
Shift+m=>list all processes accourding to maximum memory usage.

2]w :: This commands gives us information regarding who is logged into server and what processes they are running
w -s , gives you shorter process listing.

3]uptime:: It will also gives us information regarding the number of user logged into server, Current time, time since server is up, load average.

4]ps :: list the current running processes.
ps -aux , gives us information of users, PID, resoure usages like CPU and memory, processes running.

Reasons for increase of load on the server::

Load on server will get increase due to sevral reasons sated below,

1.many httpd processes
2.any user is downloading mp3, exe, zip files
3.email spamming
4.uploading/downloading files via FTP
5.mysql processes and queries run by user

Troubleshooting::

1.If many load increased suddenly, fire "deep" command, which kills httpd, mysql and exim processes.
2. Also Login to WHM and Check for "Apache ststus", if find anyone downloading mp3,rar,exe,zip files then suspend that account.
3.For spamming, you need to fire following commands,
tail -f /var/log/exim_mainlog | grep public_html


==============================================================================================

1)top
2)w
3)shift+m
4)shift+p
5)tail -f /usr/local/apache/logs/access_log
6)tail -f /usr/local/apache/logs/error_log
7)tail -f /var/log/exim_mainlog

==============================================================================================


1. Check for server load using top command with following options:
Shift p CPU Usage,
Shift m Memory Usage
& check which process is taking load with the help of above two options.
Kill the responsible process using k option.
2. Check for the downloads using
# ps auxw | grep nobody | grep mp3 , jpeg, wmv, mpeg, rar
# ps auxw | grep gzip, backup, fixquota
Suspend the perticular account who is repeatedly downloading the above mentioned files.
3. Check for access & error logs for following options
# tail -f /etc/httpd/logs/access_log | grep 408, zip
# tail -f /etc/httpd/logs/error_log | grep 203
4. Check mail spamming with following commands.
#tail -f /var/log/exim_mainlog | grep sendmail, public_html, tmp
5. Login to WHM of the server and check apache, cpu/memory, mysql status & check for frozen mails in mail queue manager.
6. Check Mysql errors with
# mysqladmin processlist
check the users, command, time & information fields.
7. If you are making changes to httpd.conf then first run # httpd -configtest before restarting httpd to reduce the downtime.
8. Restart the perticular service causing load tomgo hihg with # /scripts/restartsrv_httpd, exim, mysql
============================================

Debian / Ubuntu: Apache2 Change Default Port / IP Binding

Question: How do I change Apache 2 default port under Debian / Ubuntu Linux? I've couple of public IPv4 address assigned by my ISP, how do I force Apache2 to listen to a specific IP address? How do I change Apache2 IP address binding?

Answer: You can easily change the port and other settings using following directives:

Apache Listen Directive

The Listen directive instructs Apache to listen to more than one IP address or port; by default it responds to requests on all IP interfaces, but only on the port given by the Port directive. You can use this directive multiple times.

Task: Change Apache port

Open /etc/apache2/ports.conf file, enter:

# vi /etc/apache2/ports.conf

OR

$ sudo vi /etc/apache2/ports.conf

To make the server accept connections on both port 8010, enter:

Listen 8010

To make the server accept connections on both port 80 and port 8010, use:

Listen 80
Listen 8010

Task: Accept connections on specific IP / interface port

You need to use network interfaces IP address. For example, to make the server accept connections on IP 202.54.1.2 and port 80, enter:

Listen 202.54.1.2:80

To make the server accept connections on two specified interfaces and port numbers, enter:

Listen 202.54.2.1:80
Listen 202.54.2.5:8010

Save and close the file. Restart Apache 2 webserver:

# /etc/init.d/apache2 restart

OR

$ sudo /etc/init.d/apache2 restart

How do I verify port and IP binding working ?
Use netstat command to find out if Apache is listening on a specific port or not, use:

# netstat -tulpn
# netstat -tulpn | grep :80
# netstat -tulpn | grep :8010
# netstat -tulpn| grep 202.54.1.2:80

Sample output:
tcp 0 0 202.54.1.2:80 0.0.0.0:* LISTEN 19306/apache2

How to set date from linux shell

For instance, to set the date/time for May 19th, 2007, 6:00pm (and 0 seconds), you would type:

[root@srv ~]# date 051918002007.00

05 - March [Month]
19 - [Date]
1800 - [Time] 6.00 PM
2007 - [Year]
.00 - [Seconds]

OR use following syntax which is very easy and I always prefer it Smile

[root@srv ~]# date -s "31 JULY 1998 23:16:00'"

this will set date and time as July 31, 11:16pm , 1998

Please read man page of date for more info.

Enjoy:)

openVZ commands

Important commands on a Hardware Node.

1) vzlist -a : Shows list of all the VPS’s hosted on the Node.
2) vzctl start VPS_ID: To start the VPS.
3) vzctl stop VPS_ID : To stop (Shut Down) the VPS.
4) vzctl status VPS_ID : To view the status of the particular VPS.
5) vzctl stop VPS_ID –fast : to stop the VPS quickly and forcefully
6) vzctl enter VPS_ID : To enter in a particular VPS

Configuration Commands

1) vzctl set VPS_ID –hostname vps.domain.com –save: To set the Hostname of a VPS.

2) vzctl set VPS_ID –ipadd 1.2.3.4 –save : To add a new IP to the hosting VPS

3) vzctl set VPS_ID –ipdel 1.2.3.4 –save : To delete the IP from VPS.

4) vzctl set VPS_ID –userpasswd root:new_password –save : to reset root password of a VPS.

5) vzctl set VPS_ID –nameserver 1.2.3.4 –save : To add the nameserver IP’s to the VPS

6) vzctl exec VPS_ID command : To run any command on a VPS from Node.

6) vzyum VPS_ID install package_name : To install any package/Software on a VPS from Node.

VPS_ID refers to the ID of the Particular VPS.

Additional SMTP Port Plesk Linux

Additional SMTP Port Plesk Linux

Choose any unused port and add it to the /etc/services file, for example:

smtp2 26/udp mail
smtp2 26/tcp mail

Copy /etc/xinetd.d/smtp_psa to smtp2_psa

In the new file, REPLACE 'service smtp' WITH 'service smtp2'

Then restart xinetd
/etc/init.d/xinetd restart

Check that the new port is now listening
# netstat -plunt |grep :26

That should return something similar to

tcp 0 0 0.0.0.0:26 0.0.0.0:* LISTEN 2345/xinetd

Test connection by telnetting from an outside box to port 26 on the server:
telnet 123.123.123.123 26

How to Delete Exim Email For A Particular User From Mail Server Queue

To delete email for a particular user use shell pipes. By default the exim mail queue is located at /var/spool/exim/input directory. To delete email for a particular user called mayur@test.com, enter:

# exiqgrep -ir email@domain.com | xargs exim -Mrm
# exiqgrep -ir mayur@test.com | xargs exim -Mrm

To delete frozen mails from amil queue.

exim -bpr | grep frozen | awk {'print $3'} | xargs exim -Mrm

Exim Remove All messages From the Mail Queue

Question: I'm using Exim mail server under CentOS Linux. How do I remove all messages from the Exim mail queue using a shell prompt?


Answer: Exim is a mail transfer agent (MTA) used on Unix-like operating systems. It aims to be a general and flexible mailer with extensive facilities for checking incoming e-mail.

Enter

# exim -bp


To remove a message from the queue, enter:

# exim -Mrm {message-id}

To remove all messages from the queue, enter:

# exim -bp | awk '/^ *[0-9]+[mhd]/{print "exim -Mrm " $3}' | bash

suggested following clean command:

# exim -bp | exiqgrep -i | xargs exim -Mrm

Cronjobs

cron is a time-based scheduling service in Linux / Unix-like computer operating systems.

$ crontab -u (username) -e

=======================

# +---------------- minute (0 - 59)
# | +------------- hour (0 - 23)
# | | +---------- day of month (1 - 31)
# | | | +------- month (1 - 12)
# | | | | +---- day of week (0 - 6) (Sunday=0 or 7)
# | | | | |

* * * * * command to be executed
=============================
Minute :

* = every minute

*/5 = after every five minutes

15 = After 15 minutes



Hour :

0 = midnight

4 = 4 AM

23 = 11 PM



Day :

1 = 1st day of the month

5 = 5th day of the month

31 = 31st day of the month



Month :



1 = Month of the year (January = 1 , February = 2 and so on ... )



Weekday :



0 = Day of the week (Sunday = 0, Monday = 1, Tuesday = 2 and so on ...)

Cron Job examples :



If you want a cron job to run at 5:00 and 10:00 A.M then you can set it like:



Code:
* 5,10 * * *  /usr/local/bin/php -q /home/cpanelusername/public_html/path of your cron file
If you want to set the cron job every day at midnight then it would be like:

Code:
0 0 * * * /usr/local/bin/php -q /home/cpanelusername/public_html/path of your cron file
Similarly ,

If you want to set the cron job from Monday to Friday at midnight then it would be like:

Code:
0 0 * * 1,2,3,4,5 /usr/local/bin/php -q /home/cpanelusername/public_html/path of your cron file

Now you can easily setup your own cron jobs.Cheers .....

EnjoyWink




Ubuntu Linux Configure Gateway / Default Routing IP Address

Open /etc/network/interfaces file:

$ sudo vi /etc/network/interfaces


Set gateway using following syntax:

gateway {router-ip}

For example, set gateway to 192.168.1.254, enter:

gateway 192.168.1.254


At the end it should look like as follows:

iface eth0 inet static
address 192.168.1.1
netmask 255.255.255.0
gateway 192.168.1.254


Save and close the file. Restart networking:

$ sudo /etc/init.d/networking restart


Verify new routing is working, enter:

$ ping 192.168.1.254
$ route -n
$ host google.com

Source - http://www.cyberciti.biz/faq/ubuntu-linux-configure-gateway-ip/

If you need any assistance, We can provide you for a small fee. please email us mayur.c24@gmail.com

How to install mod_security for Apache

Requirements:
Apache Web Server 1.3x or 2.x

How to install?
1.
Login to your server through SSH and su to the root user.

2. First your going to start out by grabbing the latest version of mod_security
wget http://www.modsecurity.org/download/mod_security-1.7.4.tar.gz

3. Next we untar the archive and cd into the directory:
tar zxvf mod_security-1.7.4.tar.gz
cd mod_security-1.7.4/

4. Now you need to determine which version of apache you use:
APACHE 1.3.x users
cd apache1/
APACHE 2.x users
cd apache2/

5. Lets Compile the module now:
/usr/local/apache/bin/apxs -cia mod_security.c

6. Ok, now its time to edit the httpd conf file. First we will make a backup just incase something goes wrong:
cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.backup

7. Now that we have backed it all up, we can edit the httpd.conf. Replace pico with nano depending on what you have
pico /usr/local/apache/conf/httpd.conf

8. Lets look for something in the config, do this by holding control and pressing W and you are going to search for

(altho any of the IfModules would work fine)

9. Now add this


# Turn the filtering engine On or Off
SecFilterEngine On

# Change Server: string
SecServerSignature " "

# Make sure that URL encoding is valid
SecFilterCheckURLEncoding On

# This setting should be set to On only if the Web site is
# using the Unicode encoding. Otherwise it may interfere with
# the normal Web site operation.
SecFilterCheckUnicodeEncoding Off

# Only allow bytes from this range
SecFilterForceByteRange 1 255

# The audit engine works independently and
# can be turned On of Off on the per-server or
# on the per-directory basis. "On" will log everything,
# "DynamicOrRelevant" will log dynamic requests or violations,
# and "RelevantOnly" will only log policy violations
SecAuditEngine RelevantOnly

# The name of the audit log file
SecAuditLog /var/log/httpd/audit_log

# Should mod_security inspect POST payloads
SecFilterScanPOST On

# Action to take by default
SecFilterDefaultAction "deny,log,status:500"

# Require HTTP_USER_AGENT and HTTP_HOST in all requests
SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"

# Prevent path traversal (..) attacks
SecFilter "../"

# Weaker XSS protection but allows common HTML tags
SecFilter "<[[:space:]]*script"

# Prevent XSS atacks (HTML/Javascript injection)
SecFilter "<(.|n)+>"

# Very crude filters to prevent SQL injection attacks
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"
SecFilter "select.+from"

# Protecting from XSS attacks through the PHP session cookie
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"

10. Save the file Ctrl + X then Y

11. Restart Apache

/etc/rc.d/init.d/httpd stop
/etc/rc.d/init.d/httpd start

If you need any assistance, We can provide you for a small fee. please email us mayur.c24@gmail.com

Catching Spammers on Linux Servers

How to catch Spammers from the server:

Follow the steps given below to catch Spammers sending mails from scripts ( nobody emails ) :-

1. Edit /etc/exim.conf

2. On the second line add :

log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection+queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn

Note - Make sure all that comes on a single line.

3. Save and exit.


4. Restart Exim.
if the spammer is not spamming using formmail scripts then go through following steps

:-

1 > Get the message ID from the header of the spam. It should be in format like

1DWJj4-00042i-74 ( this is the most important step else all thats given below is crap )

2 > grep exim_mainlog with the message ID ( Ex : grep 1DWJj4-00042i-74

/var/log/exim_mainlog )

Also you can install spamlogs on the server to catch nobody spammer:

Step 1)
Login to your server and su - to root.

Step 2)
Turn off exim while we do this so it doesn't freak out.
/etc/init.d/exim stop

Step 3)
Backup your original /usr/sbin/sendmail file. On systems using Exim MTA, the
sendmail file is just basically a pointer to Exim itself.
mv /usr/sbin/sendmail /usr/sbin/sendmail.hidden

Step 4)
Create the spam monitoring script for the new sendmail.
pico /usr/sbin/sendmail

Paste in the following:

#!/usr/local/bin/perl

# use strict;
use Env;
my $date = `date`;
chomp $date;
open (INFO, ">>/var/log/spam_log") || die "Failed to open file ::$!";
my $uid = $>;
my @info = getpwuid($uid);
if($REMOTE_ADDR) {
print INFO "$date - $REMOTE_ADDR ran $SCRIPT_NAME at $SERVER_NAME n";
}
else {

print INFO "$date - $PWD - @infon";

}
my $mailprog = '/usr/sbin/sendmail.hidden';
foreach (@ARGV) {
$arg="$arg" . " $_";
}

open (MAIL,"|$mailprog $arg") || die "cannot open $mailprog: $!n";
while ( ) {
print MAIL;
}
close (INFO);
close (MAIL);

Step 5)
Change the new sendmail permissions
chmod +x /usr/sbin/sendmail

Step 6)
Create a new log file to keep a history of all mail going out of the server
using web scripts
touch /var/log/spam_log

chmod 0777 /var/log/spam_log

Step 7)
Start Exim up again.
/etc/init.d/exim start

Step 8)
Monitor your spam_log file for spam, try using any formmail or script that
uses a mail function - a message board, a contact script.
tail - f /var/log/spam_log

Sample Log Output

Mon Apr 11 07:12:21 EDT 2005
- /home/username/public_html/directory/subdirectory - nobody x 99 99
Nobody / /sbin/nologin

Log Rotation Details
Your spam_log file isn't set to be rotated so it might get to be very large
quickly. Keep an eye on it and consider adding it to your logrotation.

pico /etc/logrotate.conf

FIND:
# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}

ADD BELOW:

# SPAM LOG rotation
/var/log/spam_log {
monthly
create 0777 root root
rotate 1
}

Notes:
You may also want to chattr + i /usr/sbin/sendmail so it doesn't get
overwritten.

Enjoy:)


If you need any assistance, We can provide you for a small fee. please email us mayur.c24@gmail.com

How kill all processes of particular user?

Scenario: Want to kill all processes of particular user, fire the following command:

kill -9 $(pgrep -u username)

Ex: kill -9 $(pgrep -u nobody)

OR

kill -9 `ps -u username -o "pid="`

Ex: kill -9 `ps -u nobody -o "pid="`

How to avoid overwrite option with cp, scp command ?

senario : Copy all files from the folder which contains around 20,000 files to the folder where 10,000 same files are already exist.

Now what ? Dont worry simply fire the following command:

# unalias cp

Reason - because cp has an alias which is (alias cp='cp -i')
-i, --interactive which menas prompt before overwrite

Note: Make sure you will revert the changes once you are done with cp

also You can overwrite files without [ y/n ] prompt by using following syntax.

# /bin/cp -pafrH /home/user/source/* /home/user/destination/

Enjoy:)



To install DBI and DBD:mysql on DirectAdmin Server

wget http://www.cpan.org/modules/by-module/DBD/DBI-1.48.tar.gz
tar xvzf DBI-1.48.tar.gz
cd DBI-1.48
unset LANG;
perl Makefile.PL
make
make install

cd ..
wget http://www.cpan.org/modules/by-module/DBD/DBD-mysql-3.0002.tar.gz
tar xvzf DBD-mysql-3.0002.tar.gz
cd DBD-mysql-3.0002
unset LANG;
perl Makefile.PL
make
make install


If you need any assistance, We can provide you for a small fee. please email us mayur24.c@gmail.com

To install DBI and DBD:mysql on DirectAdmin Server

wget http://www.cpan.org/modules/by-module/DBD/DBI-1.48.tar.gz
tar xvzf DBI-1.48.tar.gz
cd DBI-1.48
unset LANG;
perl Makefile.PL
make
make install

cd ..
wget http://www.cpan.org/modules/by-module/DBD/DBD-mysql-3.0002.tar.gz
tar xvzf DBD-mysql-3.0002.tar.gz
cd DBD-mysql-3.0002
unset LANG;
perl Makefile.PL
make
make install


If you need any assistance, We can provide you for a small fee. please email us mayur24.c@gmail.com

How do I monitor what my MySQL processes with 'MyTop'

# Download mytop

wget http://jeremy.zawodny.com/mysql/mytop/mytop-1.6.tar.gz

# Extract and change directory

tar -zxvf mytop-1.6.tar.gz
cd mytop-1.6

# Install mytop

perl Makefile.PL
make
make install

How do I use mytop command?

mytop command needs username and password to access MySQL server. For example if your username is admin and password is 123456 then you can start mytop as follows:

$ mytop -u admin -p 123456

database (phpbb) to monitor:

$ mytop -u admin -p 123456 -d phpbb

You can store this information in ~/.mytop file:

vi ~/.mytop

Add config text as follows:

user=admin
pass=123456
host=mysql0.hosting.some.com
db=imail
delay=10
port=3306
socket=
batchmode=0
header=1
color=1
idle=1

mytop is capable of displaying a large amount of information and it supports lots of keyboard shortcut too, so be sure to read the man page and documentation of mtop.

++++++++++
If you need any assistance, We can provide you for a small fee. please email us mayur24.c@gmail.com
++++++++++

How to configure backup on plesk(Linux)

Backing Up the Entire Server

To backup the server configuration settings and all user data you have on your hosting machine:

  1. Log in as root to your server.
  2. Change to the directory, where Plesk is installed:

    cd /plesk_installation_directory/bin

  3. Run the following command:

    ./pleskbackup all

    Where the is a target backup file name with absolute or relative path. The data will be backed up without disruption of hosting services and downtime. The resulting backup archive will be placed in the directory you specified.




To Change the plesk backup directory. please change the location of the directory in the plesk conf file

-------------
nano -w /etc/psa/psa.conf

# Backups directory
DUMP_D /var/lib/psa/dumps

-------------

to run backup

/usr/local/psa/bin/pleskbackup --all .

================

Scheduling Backups

To schedule backup of the server configuration and all user data:

  1. Click the Server shortcut in the navigation pane.
  2. Click the Scheduled Tasks icon in the Services group.
  3. Click Add New Task.
  4. Specify when to run the backup.
    • Minute - enter the value from 0 to 59
    • Hour - enter the value from 0 to 23
    • Day of the Month - enter the value from 1 to 31
    • Month - enter the value from 1 to 12, or select the month from a drop-down box
    • Day of the Week - enter the value from 0 to 6 (0 for Sunday), or select the day of the week from a drop-down box

      You can schedule the time using the UNIX crontab entry format. In this format, you can

    • enter several values separated by commas. Two numbers separated by a hyphen mean an inclusive range. For example, to run a task on the 4th, 5th, 6th, and 20th of a month, type 4-6,20.
    • insert an asterisk to specify all values allowed for this field. For example, to run a task daily, type * in the Day of the Month text box.

      To schedule the task to run every Nth period, enter the combination */N, where N is the legal value for this field (minute, hour, day, month). For example, */15 in the Minute field schedules the task to start every 15 minutes.

      You can type the contracted names of months and days of the week, which are the first three letters: Aug, Jul, Mon, Sat, etc. However, the contracted names cannot be separated with commas or used together with numbers.

  5. Specify the command in the Command input box:

    usr/local/psa/bin/pleskbackup all

    Where the is a target backup file name with absolute or relative path to its location.

  6. Click OK.

    The data will be backed up without disruption of hosting services and downtime. The resulting backup archive will be placed in the directory you specified.

To schedule backup of a user account and user's sites:

  1. Click the Clients shortcut in the navigation pane.
  2. Click the client name you need.
  3. Click the Backup icon in the Tools group.
  4. Click the Schedule Backup icon in the Tools group.
  5. Specify when and how often to perform backup.
  6. To enable recycling of backup files, clear the Unlimited check box and type the maximum allowed number of files in the repository.

    When this limit is reached, the oldest backup files are removed.

  7. Specify the combination of symbols that backup file names should begin with.

    This will help you distinguish between backup files.

  8. Select the repository where you would like to store the backup file.
  9. To create a multivolume backup, select the respective check box and specify volume size in megabytes.
  10. To save the user account settings, select the Back up client's preferences and account details check box.
  11. Select the domains to back up.
    • To back up all domains, select the check box in the upper left corner of the list of domains.
    • To back up individual domains, select the corresponding check boxes in the list of domains.
  12. Click the Enable icon in the Tools group.
  13. Click OK.

To schedule backup of a single domain (web site):

  1. Click the Domains shortcut in the navigation pane.
  2. Click the domain name you need.
  3. Click the Backup icon in the Tools group.
  4. Click the Schedule Backup icon in the Tools group.
  5. Specify when and how often to perform backup.
  6. To enable recycling of backup files, clear the Unlimited check box and type the maximum allowed number of files in the repository.

    When this limit is reached, the oldest backup files are removed.

  7. Specify the combination of symbols that backup file names should begin with.

    This will help you distinguish between backup files.

  8. Select the repository where you would like to store the backup file.
  9. To create a multivolume backup, select the respective check box and specify volume size in megabytes.
  10. Click the Enable icon in the Tools group.
  11. Click OK.


http://download1.swsoft.com/Plesk/Plesk8.0/Doc/plesk-8-backup-restore-users-guide.pdf

Optimizing Server Performance

If you serve numerous web sites, you may want to configure the scheduled backup and restore processes, so that they do not consume much server resources.

To reduce the server load:

  1. Go to Server > Backup Settings.
  2. Specify the number of simultaneous backup processes in the Maximum number of simultaneously running scheduled backup processes box. The default value is 10. Type a lesser value.
  3. Select the Execute scheduled backup processes with low priority check box.
  4. Click OK.


If you need any assistance, We can provide you for a small fee. please email us mayur.c24@gmail.com