Archive for the ‘Server Monitoring’ Category

How to stop SYN-ACK attack

A good security tutorial is at : http://www.toplayer.com/content/resource/faq.jsp One more link http://www.google.com/search?q=How+to+stop+SYN+attack+on+server&hl=en&lr=&ie=UTF-8&oe=UTF-8  

Stop PHP nobody Spammers

PHP and Apache has a history of not being able to track which users are sending out mail through the PHP mail function from the nobody user causing leaks in formmail scripts and malicious users to spam from your server without you knowing who or where. Watching your exim_mainlog doesn’t exactly help, you see th […]

ddos command

ddos command :  netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n route add 12.219.178.143 reject route add 202.173.147.138 reject =============== netstat -a | grep SYN | wc -l iptables -A INPUT -s 124.177.148.139 -j DROP netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut […]

How can I check which ports are open when the firewall is activated?

Use “netsh routing ip show filter” and “netsh routing ip show filter ” to see open ports.    

Finding Spam Scripts on cPanel

Finding Spam Scripts On cPanel If a server is sending lots of spam, and no one knows why, there is a chance that the cause is a malicious script somewhere on the server. It can be a little tricky to locate such a script, but here’s a trick that should help. Log into WHM with […]

Frozen messages with Exim

What are frozen messages? Frozen messages are messages that Exim will no longer attempt to deliver. You can thaw the message with: exim -Mt [ … ] To remove all frozen messages: exiqgrep -z -i | xargs exim -Mrm To show frozen messages: exim -bp | grep frozen Freeze all queued messages from local user: exiqgrep -i […]

Tracking Down Spam Scripts in cPanel

Tracking Down Spam Scripts in cPanel If you’re receiving complaints that your cPanel server is sending out spam, there is a fair chance that there is a malicious script somewhere on the server. It can be a little tricky to locate such a script, but here is a trick that may help: Log into your […]

How to find all IPs bound to a machine that are not hosting sites

How to find all IPs bound to a machine that are not hosting sites This command can be used to find free IPs on a non-panel Linux server. echo System has $(ifconfig | grep “inet addr:” | grep -v 127.0.0.1 | awk ‘{print $2}’ | sed s/”addr:”// | sort -n > /tmp/boundips && cat /usr/local/apache/conf/httpd.conf […]

How to block an IP/netblock using iptables

To block IPs in Linux you use a program called iptables that should already be installed on your server. To issue the neccessary commands you will need to login to your server via SSH as the root user. Adding Temporary Rules: To make only temporary rules that will not survive a reboot you can do […]

Kill nobody /user process

Kill nobody process ps aux grep nobody awk ‘{print $2}’ xargs kill -9 Kill user process ps aux grep apache awk ‘{print $2}’ xargs kill -9