A good security tutorial is at : http://www.toplayer.com/content/resource/faq.jsp One more link http://www.google.com/search?q=How+to+stop+SYN+attack+on+server&hl=en&lr=&ie=UTF-8&oe=UTF-8
Archive for December 6th, 2011
Stop PHP nobody Spammers
PHP and Apache has a history of not being able to track which users are sending out mail through the PHP mail function from the nobody user causing leaks in formmail scripts and malicious users to spam from your server without you knowing who or where. Watching your exim_mainlog doesn’t exactly help, you see th […]
ddos command
ddos command : netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n route add 12.219.178.143 reject route add 202.173.147.138 reject =============== netstat -a | grep SYN | wc -l iptables -A INPUT -s 124.177.148.139 -j DROP netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut […]
How can I check which ports are open when the firewall is activated?
Use “netsh routing ip show filter” and “netsh routing ip show filter ” to see open ports.
Finding Spam Scripts on cPanel
Finding Spam Scripts On cPanel If a server is sending lots of spam, and no one knows why, there is a chance that the cause is a malicious script somewhere on the server. It can be a little tricky to locate such a script, but here’s a trick that should help. Log into WHM with […]
Frozen messages with Exim
What are frozen messages? Frozen messages are messages that Exim will no longer attempt to deliver. You can thaw the message with: exim -Mt [ … ] To remove all frozen messages: exiqgrep -z -i | xargs exim -Mrm To show frozen messages: exim -bp | grep frozen Freeze all queued messages from local user: exiqgrep -i […]
Tracking Down Spam Scripts in cPanel
Tracking Down Spam Scripts in cPanel If you’re receiving complaints that your cPanel server is sending out spam, there is a fair chance that there is a malicious script somewhere on the server. It can be a little tricky to locate such a script, but here is a trick that may help: Log into your […]
How to find all IPs bound to a machine that are not hosting sites
How to find all IPs bound to a machine that are not hosting sites This command can be used to find free IPs on a non-panel Linux server. echo System has $(ifconfig | grep “inet addr:” | grep -v 127.0.0.1 | awk ‘{print $2}’ | sed s/”addr:”// | sort -n > /tmp/boundips && cat /usr/local/apache/conf/httpd.conf […]
How to block an IP/netblock using iptables
To block IPs in Linux you use a program called iptables that should already be installed on your server. To issue the neccessary commands you will need to login to your server via SSH as the root user. Adding Temporary Rules: To make only temporary rules that will not survive a reboot you can do […]
Kill nobody /user process
Kill nobody process ps aux grep nobody awk ‘{print $2}’ xargs kill -9 Kill user process ps aux grep apache awk ‘{print $2}’ xargs kill -9