Icinga/Nagios plugin for http brute force detection

When dealing with web servers where there are a lot of web sites, especially WordPresses, Joomlas etc., it is very common problem to dealing with flood/brute force attacks. One of most common for example, is generating massive requests on wp-login.php, or xmlrpc.php. With brute force, attackers goal is usually gaining access to administration. This is the simplest kind of method to gain access. Idea is very simple, attacker tries with a lot of different passwords and usernames, until it gets it right. Those operations of course, are automated by bots, scripts.

This can be very damaging for your server as it consumes a lot of memory. Every request means that someone just visited your website. When there is a script with bad intentions visiting your site, that means a lot of requests. Most modern web pages, every request like this, also makes database query. In most cases, server will become unresponsive, system will run out of memory, swap will fill up, mysql will stop responding.. This also means, that all websites on your server will stop working. In many cases, you’ll have to reboot your server to make it responsive again. Of course, there are systems that don’t allow this, like Cloud Linux with its LVE. One of great practices is to lock your administration to some static IP. There different ways.

Continue Reading

Directadmin – install cloudflare module (mod_cloudflare) on apache 2.4

Be careful that you’ll download proper package from cloudflare repository. In my case, I’m using Apache 2.4 on Directadmin installation. At first, I downloaded wrong version of mod_cloudflare.c and was constantly getting errors while trying to build module.

Download mod_cloudflare

wget https://www.cloudflare.com/static/misc/mod_cloudflare/mod_cloudflare.c

Install mod_cloudflare using apxs

apxs -a -i -c mod_cloudflare.c

Check if module was installed into Apache

[root@server ~]# httpd -M | grep cloud
cloudflare_module (shared)

Archive/backup your server with Mega and megatools / CentOS 7

I am Mega user for quite some time now. I have VPS on which I run my blog. Idea was: can I upload my blog/website/database backups to my Mega account daily? So I wish to use Mega as some sort of backup service. It is possible as there is Linux tool that allows operations through your Linux machine to your Mega account. It is called megatools. Mega offers 50G of capacity for free! In most cases, this should be more than enough to backup your websites. You can backup your server to your Mega account! Downside is, that megatools currently don’t offer function such as is rsync – for archive purposes.

Continue Reading

Scan your cPanel/Directadmin for excessive files

When dealing with cPanel/Directadmin that contains a lot of users, you need some control of what those users are uploading. Web hosting accounts should be used just for that, hosting websites, and not as data storage – in most cases. Sometimes you even offer packets with unlimited disk capacity but you don’t want that users are storing movies and all kind of other unnecessary files that don’t belong on web hosting account. From web hosting perspective, in most cases, any single file that exceeds 100M is usually not part of website and is just laying there, wasting your precious disk space. In cases like this, account is used as backup service. You’ll be able to find all kind of files. Movies, music, applications, archives …

So you may want to have some reports on regular basis that gives you list of all files that exceed some maximum allowed file size limit – defined by you. Personaly, I scan on interval of 7 days for all files that exceed size of 300M. I created a simple script that will do just that. It will check your /home directory for all files that exceed size that you defined. At the end, report will be sent to your email. You can also scan other directory beside /home if you wish.

Continue Reading

Restore MSSQL database with new name

Restoring old MSSQL database to a new database with different name can be a little bit tricky on Windows. This was done on Windows Server 2008 with SQL Server 2008 Management Studio installed.

Here is how:

  1. Login to your SQL Server Management Studio.
  2. Create new database with name that you wish. In this case, we will create database name “new_database”. Just right click on “Databases” and then “New database”.

  3. Select newly created database and right click on it, then select “Tasks -> Restore -> Database …” In “Destination for restore”, select database that we created in second step – new_database. Select it from drop down menu “To database”. In “Source for restore”, select  “From device” and then navigate to your database backup file from which you want to restore database.

    Also click on “Options” on left side of the window (Select a page). Then check “Overwrite the existing database”. Make sure that you pointed to right database files (Restore the database files as -> Restore As field). When done, click OK. Restore process will start.

  4. Your database should now be restored from your old database backup file to your newly created database new_database.

cPanel Webmail: internal server error 500 user is over quota cpanel

This user cpanel account reached disk quota limit and mail stopped working. User deleted about 4G of emails and released some disk space. Problem was that he still wasn’t able to login to webmail. This error was shown:

internal server error 500 user is over quota cpanel

It didn’t make sense since he released his disk space. Cpanels quota was showing new value, but login to webmail was still impossible.

What you have to do is remove cpanels overquota file manually. Let’s say that user user4 is having issue described above.

root@cpanel [~]# cd /var/cpanel/overquota/
root@cpanel [/var/cpanel/overquota]# ls
./  ../  user1  user2  user3  user4 
root@cpanel [/var/cpanel/overquota]# rm user4

After I deleted /var/cpanel/overquota/user4, webmail was started to working again.

Generate NGINX virtual hosts script

I created simple script for creating NGINX virtual hosts so that you don’t have to do it manualy for every new website. Script was created for Linux – CentOS 7 – operating system but it should work on other distributions too. It is written in bash. You will also need wget and tar installed for script to work – wordpress install option.

What it does is pretty straightforward. On input side it will ask you for domain name, SSL option and WordPress installation. You can choose between http and https virtual host definition. By default it will create document root for your domain and NGINX configuration file for that domain. If you choose option for WordPress installation, then it will also download latest wordpress version and unpack files to your newly created document root. You’ll still need to create database manually and finish WordPress installation. This script is suitable for basic NGINX website configurations

Just download script here and template files. Put script createsite to your /usr/sbin/ directory and make it executable. Of corse you can change virtual host templates according to your needs too.

Continue Reading

Replacing string from variable with sed: unknown option to `s’

Sed is great command to use. I was writing some bash script and I needed to replace some strings in file with string saved in variable.

sed “s/string1/$string2/g; s/string3/$string4/g”  $CFGFILE

When executed, script was returning this error:

[root@vincentvega]# ./myscript
sed: -e expression #1, char 14: unknown option to `s'

After googling around for a while I figured out that / was causing the problem. So I replaced / with | and now works fine. I think that you can also use some other char than | if you want.

sed “s|string1|$string2|g; s|string3|$string4|g”  $CFGFILE

Exim – remove messages from mail queue sorted by email address

Ok, title is a little confusing, I admit :). Let me try to explain. When you have stuffed exim mail queue and you want to remove all messages from specific domain only, sometimes email address that you want to use as key for your parsing is in second line. So, classic exim -bp | grep <searchstring> | awk {‘print $3’} | xargs exim -Mrm is not very useful in this case because it won’t return message ID. Grep with -B flag is what you need in this case. -B will show line before your “key” string also – message ID in this case. You can check how to on example below.

  • Check exim mail queue
[root@mailserver ~]# exim -bp

46h   58K 1b59PU-000J6d-1U <something@domain.com>

44h   11K 1b5Bj4-000MJC-GF <johndoe@iasoiasd.in>

44h   16K 1b5BjQ-000MNC-0M <jimi.hendrix@guitar.com>

43h  9.0K 1b5Bvp-000P1c-6s <purchase@domainname.net>

43h   11K 1b5BzX-000PmA-S5 <GallowayIla96@asgasfasgas.com>

41h   59K 1b5Dhb-000I5h-8E <bloop@auhuiejnapob.net>

27h   17K 1b5RNl-000OFW-Tn <sasa@bjkoapojfoaubopaw.si>

22h   78K 1b5W42-000Nna-Jn <johndoe@gmail.com>

22h   11K 1b5W8b-000Oes-Fb <ramones@band.com>

22h  250K 1b5WHr-0000Om-Oa <fuckface@guilttrip.com>

20h   12K 1b5YEZ-000MF7-Jq <mrinsignificant@mobile.cn>

19h  9.1K 1b5YK6-000NPV-1m <fetasir@cheese.com>

19h   12K 1b5YXM-000Ppg-Qd <asfaeaw@asdasa.com.br>

19h   11K 1b5Yeq-0001JN-9a <geaafwawfaef@gesawad.vn>
  • We want to delete all messages that contains string info@mydomain.si and are in second line.
[root@mailserver ~]# exim -bp | awk {'print $1,$3'} | grep -B1 mydomain | awk {'print $2'} | xargs exim -Mrm

Message 1b59PU-000J6d-1U has been removed
Message 1b5Bj4-000MJC-GF has been removed
Message 1b5Bvp-000P1c-6s has been removed
Message 1b5BzX-000PmA-S5 has been removed
Message 1b5Dhb-000I5h-8E has been removed
Message 1b5RNl-000OFW-Tn has been removed
Message 1b5W8b-000Oes-Fb has been removed
Message 1b5W42-000Nna-Jn has been removed
Message 1b5W8b-000Oes-Fb has been removed
Message 1b5YK6-000NPV-1m has been removed
Message 1b5YEZ-000MF7-Jq has been removed
Message 1b5YK6-000NPV-1m has been removed

How to save mysql query output into a file

Sometimes you may want to save output of some mysql query to a text file. Maybe even to Excel’s spreadsheet file so that you have more control with editing, sorting … MySQL offers many useful options there.

Below is an example on how to save some mysql query output to csv file. You can terminate fields with some key character which is super useful. This example has fields terminated with ; and lines with \n.

mysql> select firstname, lastname, email, phone from clients INTO OUTFILE '/tmp/outputfile.csv' FIELDS TERMINATED BY ';' LINES TERMINATED BY '\n';

Just make sure that mysql has suitable permissions so that it will be able to write to a file – chmod 777.

© 2016 geegkytuts.net
Hosted by Hosterdam

About author