Disable Recursion for DNS

Recursion allows your DNS server to contact other DNS servers to assist in resolving domain names when it cannot resolve the domain itself. While recursion can prove to be useful tool when it is necessary, it also opens the DNS server open to attack, which could take down the DNS server altogether. Recursion is generally only necessary when there is a known need for it. If recursion is not a known need for your DNS server, it is best to disable recursion. Follow the steps below based on your operating system or control panel to disable DNS recursion.

Disable Recursion in Plesk

Log into the Plesk Admin Panel.
Select Tools and Settings.
Click DNS Template Settings from the section.
Select Localnets from the DNS Recursion section.
Click the OK button.

Disable Recursion in Windows Server 2003 and 2008

Go to DNS Manager from the Start menu:

Click the Start button.
Select Administrative Tools.
Select DNS.

Now Right click on the desired DNS Server in the Console Tree.
Select the Proprerties tab.
Click the Advanced button in the Server Options section.
Select the Disable Recursion checkbox.
Click the OK button.

Disable Recursion in Linux

Locate the named.conf file within the operating system.Open the named.conf file in your preferred editor.

Add the following details to the Options section:

opttions{
.............
allow-transfer {"none";};
allow-recursion {"none";};
recursion no;
............
};

Save and exit the file. The restart the named service. 

# /etc/init.d/named restart

Error: You need to install the missing perl modules and then install csf in DirectAdmin

If you end up with the error "Error: You need to install the missing perl modules and then install csf in DirectAdmin"

Running the following commands should fix the issue. 

# yum install perl-Time-HiRes
OR
# yum install perl-libwww-perl

vzquota : (error) Quota on syscall for id XXX: Device or resource busy

If you get this error, it means that some file from VE private area was in use. Here XXX is the vps id.

#vzctl restart XXX
Restarting container
Starting container...
vzquota : (error) Quota on syscall for id XXX: Device or resource busy
vzquota : (error) Possible reasons:
vzquota : (error) - Container's root is already mounted
vzquota : (error) - there are opened files inside Container's private area
vzquota : (error) - your current working directory is inside Container's
vzquota : (error) private area
vzquota : (error) Currently used file(s):

To fix this, run the following command and find out if any process using the files in VE private area.

# lsof 2> /dev/null | egrep '/vz/root/XXX | /vz/private/XXX'

If any process lists,  kill those process and try start the VPS again.

And you should now able to start the vps without any issue...!!

Error in Kloxo: Could not open database connection

If you get the below error while trying to access Kloxo Control Panel

Could not open database connection

You can fix it by excecuting below commands from the server.

#mysql -u root -p
mysql> grant all on kloxo.* to kloxo@localhost identified by '{new password}';
mysql> flush privileges;
mysql> quit

Then do,

#cat "{new password}" > usr/local/lxlabs/kloxo/etc/conf/kloxo.pass
#sh /script/restart

Replace "new password " with your password in above commands.

This will fix the issue !!!

Weird charecters on site

If you find weird characters in your site instead of the original content as shown below, you can try the fix given below.

 K511����� �Ϸ��Ϸ�ر� ��ȥ���� 917������Ϸ��

For fixing this issue, open your " http.conf " file with your favorite editor

# vi http.conf

And find the line,

AddDefaultCharset UTF-8 

 And comment it.

#AddDefaultCharset UTF-8

Now restart apache.

# /etc/init.d/httpd restart 

Now you should be able to view the site without any weird characters.!!


  

directive requires additional arguments

If you get the following error while trying to start apache in a kloxo server 

#/etc/init.d/http start
Starting httpd: Syntax error on line 2 of /home/apache/conf/defaults/_default.conf:
<VirtualHost> directive requires additional arguments
[FAILED]

Run the following command

# sh /script/fixweb

This should fix the issue..

Starting nginx: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)

While trying to start / restart nginx, if get the following error

# /etc/init.d/nginx restart
Stopping nginx: [FAILED]
Starting nginx: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] still could not bind()

Run the following command to fix the issue. 

# fuser -k 80/tcp

 Where:  fuser - identify processes using files or sockets
               -k     Kill  processes accessing the file.

Now you can start / restart nginx successfully.

# /etc/init.d/nginx restart
Stopping nginx: [ OK ]
Starting nginx: [ OK ]

!!!!!!!!!!!!!!!!................

Error: Kernel image does not exist: /boot/solus-vmlinuz

If you come across the error " Error: Kernel image does not exist: /boot/solus-vmlinuz " while trying to start a xen vps using the below comand

# xm create -c /home/xen/vmID/vmID.cfg
Using config file "/home/xen/vmID/vmID.cfg".
Error: Kernel image does not exist: /boot/solus-vmlinuz

To fix this, just run the following php script.

# php /usr/local/solusvm/includes/xenkernel.php
Making SolusVM initrd...
Setting kernel links...
Kernel setup completed.

Now, you could start the vps without any issue.... 

# xm create -c /home/xen/vmID/vmID.cfg

Getting " 403: Forbidden " error while trying to access Transmission (BitTorrent client) Web Interface

If you get the following error while trying to access Transmission (BitTorrent client) Web Interface.

403: Forbidden
Unauthorized IP Address.
Either disable the IP address whitelist or add your address to it.
If you're editing settings.json, see the 'rpc-whitelist' and 'rpc-whitelist-enabled' entries.
If you're still using ACLs, use a whitelist instead. See the transmission-daemon manpage for details.

To fix this issue, login to the server and stop the transmission-daemon.

# /etc/init.d/transmission-daemon stop

Now edit settings.json file,

# vi /var/lib/transmission/.config/transmission-daemon/settings.json

And find the line rpc-whitelist-enabled and edit as following,

rpc-whitelist-enabled : false

Now start the transmission-daemon

# /etc/init.d/transmission-daemon start

The issue should be fixed now. And you would able to access the web interface now.

ERROR! MySQL manager or server PID file could not be found!

Some times you may get mysql error on the page. And on checking the status of the mysql, if you are getting following error 

# /etc/init.d/mysqld status
ERROR! MySQL manager or server PID file could not be found!

Then the Fix is below.

Check the file /etc/my.conf and see any thing mentioned as " basedir= ". If nothing mentioned in the file, by default it would be /var/lib. Then, check the permission for /var/lib/mysql and make sure all are having user and group " mysql ". If not do

#chown -R mysql.mysql /var/lib/mysql

Then, restart mysql

#/etc/init.d/mysql restart

This should fix the issue.

Install suPHP on debian

Before starting the installation install the prerequisites needed to build mod_suphp with the command below.

#apt-get install php5-cgi apache2-prefork-dev

Now move to the directory where you would like to download the installation file

#cd /usr/local/src

The download it with the command below.

#wget http://www.suphp.org/download/suphp-0.6.2.tar.gz

Now unpack the file

#tar xvfz suphp-0.6.2.tar.gz

and,

#cd suphp-0.6.2

Now you can install with the following commands.

#./configure

Now if you end up with following error while running ./configure

APXS was not found, so mod_suphp will not be built!

Run the command again with the following option. ( where path to apxs may differ )

#./configure --with-apxs=/usr/bin/apxs2

 Now you can proceed with the commands below.

#make
#make install

Now add the module to apache.

#vi /etc/apache2/httpd.conf

And add the following line.

LoadModule suphp_module /usr/lib/apache2/modules/mod_suphp.so

Then restart apache.

#/etc/init.d/apache2 restart

DONE!!

Enable Iptables Modules for a VPS

Before enabling the modules to the VPS , make sure that its enabled in the root node of the VPS. You can check it using the command below.

#lsmod | grep -i module_name

If its not enabled, then enable it by using the modprobe command 

#modprobe iptables_module
#modprobe ipt_helper
#modprobe ipt_REDIRECT
#modprobe ipt_TCPMSS
#modprobe ipt_LOG
#modprobe ipt_TOS
#modprobe iptable_nat
#modprobe ipt_length
#modprobe ipt_tcpmss
#modprobe iptable_mangle
#modprobe ipt_tos
#modprobe iptable_filter
#modprobe ipt_helper
#modprobe ipt_tos
#modprobe ipt_ttl
#modprobe ipt_SAME
#modprobe ipt_REJECT
#modprobe ipt_helper
#modprobe ipt_owner
#modprobe ip_tables
#modprobe ipt_MASQUERADE
#modprobe ipt_multiport/xt_multiport
#modprobe ipt_state/xt_state
#modprobe ipt_limit/xt_limit
#modprobe ipt_recent
#modprobe xt_connlimit
#modprobe ipt_owner/xt_owner
#modprobe iptable_nat/ipt_DNAT
#modprobe iptable_nat/ipt_REDIRECT

Now to enable the module to the container, first stop the container which one you want to enable the module . Assuming the vps id as 101 here.  

# vzctl stop 101

Now you can enable the module to the vps either by executing the following command

# vzctl set 101 --iptables ipt_REJECT --iptables ipt_tos --iptables ipt_TOS --iptables ipt_LOG --iptables ip_conntrack --iptables ipt_limit --iptables ipt_multiport --iptables iptable_filter --iptables iptable_mangle --iptables ipt_TCPMSS --iptables ipt_tcpmss --iptables ipt_ttl --iptables ipt_length --iptables ipt_state --iptables iptable_nat --iptables ip_nat_ftp --save

                                                 OR

By adding manually to the configuration file /etc/vz/conf/veid.conf 

#vi /etc/vz/conf/101.conf

and then paste following at the end of the file.

 

IPTABLES="iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc"

Now restart the container.

# vzctl restart 101

This will enable the modules to the vps.

Install Ioncube loader in Debian

For installing Ioncube loader in debian follow the steps below.

Get into the server and change the directory where you would like to download the package to. 

#cd /usr/local/src

Now download IonCube loader using the command below ( chose according to which architecture you have )

#wget http://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86.tar.gz
                                                        OR
#wget http://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.gz

Now extract the downloaded file

#tar zxvf ioncube_loaders_lin_*.tar.gz

 Now move the directory ioncube to a permanent location

#mv ioncube /usr/local/

Now edit the php.ini file and add the following ( You can choose the version of ioncube loader the one that suites your needs )

#vi /etc/php5/apache2/php.ini
zend_extension = /usr/local/ioncube/ioncube_loader_lin_5.2.so

Now restart apache

#/etc/init.d/apache2 restart

Done !!

CSF Blocking EVERYTHING

If you have csf installed on a OpenVZ container, suddenly you may end up with  csf blocking all ips and even ssh, email and all services will not be accesible, even though server is working, but firewall puts a block on everyone, and appears offline to others.

I got this fixed by doing the following steps:

Login to the host node and edit /etc/vz/conf/vpsid.conf. For example I'm using 101 as vpsid.

[root@node ~]# vi /etc/vz/conf/101.conf

Then add the following line to the end of the file. 

IPTABLES="iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc"

Now restart the container.

[root@node ~]# vzctl restart  101

The problem should be resolved now!!

umount: /***: device is busy.

Sometimes when you try to umount a device you end up with error " umount: /***: device is busy ", 

e.g.

# umount /***

umount: /***: device is busy.
(In some cases useful info about processes that use
the device is found by lsof(8) or fuser(1))

Fix 1: It means that some process has a working directory or an open file handle underneath the mount point. The best thing to do is to end the offending process, change its working directory or close the file handle before unmounting.

Fix 2: There is an alternative on Linux though. Using umount -l calls a "lazy" unmount. The filesystem will still be mounted but you won't be able to see or use it, except for processes that are already using it. When the offending program exits (through whatever means) the system will "finish" unmounting the filesystem.

# umount -l /***

 This wil FIX it........

ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)

If you end-up with the error ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2), it means 2 things.

1. You don't have permissions to access the directory /var/lib/mysql/. Check the permission there and change the ownership mysql if it is not. For that do the following

#chown -R mysql.mysql /var/lib/mysql

Then, restart mysql

#/etc/init.d/mysql restart

2. If the permissions are correct, the /tmp/mysql.sock may not be existing. If so do the following.

#/etc/init.d/mysql stop

Then touch a file mysql.sock

#touch /tmp/mysql.sock

Then start the mysql server.

#/etc/init.d/mysql start

 This should fix the issue.....

Install nginx server

Ton install nginx server login to the server as root. Then navigate to the directory whre you would like to download the source file. I usually use /usr/local/src.

#cd /usr/local/src

You can now donload the installation file as shown below.

#wget http://nginxcp.com/latest/nginxadmin.tar

Once the download is finished, extract the tar file that you have downloaded.

#tar xf nginxadmin.tar

Now get into publicnginx

#cd publicnginx

And run the command below to install. 

./nginxinstaller install

You are done !! 

bash: scp: command not found lost connection

 When you try to scp some thing to a remote server you may endup with the error as shown below.

# scp somefile 10.10.10.10:/home
root@10.10.10.10's password: 
bash: scp: command not found
lost connection

This error occurs because the remote host is missing the openssh-clients package. To fix this issue just login to the remote server, and run the command below.

#yum install openssh-clients

This will fix the issue and you could now scp without any issue.

WHM does not show the nameserver ips

When you check the nameserver ips from WHM, it wont show the ip some times. 

Main >> DNS Functions >> Nameserver IPs

To fix this, login to the server as root. The navigate to /var/cpanel.

#cd /var/cpanel

Then make a backup of the file nameserverips.yaml

#cp nameserverips.yaml nameserverips.yaml.bkp

Now edit the file using any editor.

#vi  nameserverips.yaml

It will look like as shown below:

---
ns1.yourdomain.com:
  "": 0
  count: '2'
  zones: ns1.yourdomain.com,ns2.yourdomain.com
ns2.yourdomain.com:
  "": 0
  count: '2'
  zones: ns1.yourdomain,ns2.yourdomain

Now make the following changes in the file.

---
ns1.yourdomain.com:
  "10.10.10.1": 1
  count: '2'
  zones: ns1.yourdomain.com,ns2.yourdomain.com
ns2.yourdomain.com:
  "10.10.10.2": 1
  count: '2'
  zones: ns1.yourdomain,ns2.yourdomain

Where you should replace the nameservers ns1.yourdomain.com and ns2.yourdomain.com with your nameservers, and  ips 10.10.10.1 and 10.10.10.2 to your name server ips.

How to install Csf

Csf installation is very simple and quite straightforward. Login to the server as root, then navigate to the desired location where you wan't to download the installation file.

#cd /usr/local/src

Then download the installation package:

#wget http://www.configserver.com/free/csf.tgz

Now ontar the package using the blow command

#tar -xzf csf.tgz 

Now get into the directory csf

#cd csf 

Now run the below command to install

#sh install.sh

 Once the installation is done, you can do the configuration in

#/etc/csf/csf.conf

Once this is done  disable TESTING mode, lfd will not start while this is enabled. For this change the value to "0" from "1" in csf.conf file.

TESTING = "0"

Once this is done, restart the csf .

#csf -r 

DONE!!!! 

How to install SSL Certificate in a server running Lighttpd

For installing SSL Certificate for domain running in Lighttpd, follow the steps bellow. 

Login to the server and download / copy the certificate files.

Once this has been done, you need to concatenate the certificate and key file into a single pem file. For this follow the step below.

#cat yourdomain-name.key yourdomain-name.crt > yourdomain-name.pem

Now you need to edit lighttpd.conf file and add the following lines.

# vi /etc/lighttpd/lighttpd.conf

     var.confdir = "/etc/lighttpd"
     $SERVER["socket"] == "10.10.10.10:443" {
     ssl.engine = "enable"
     ssl.pemfile = var.confdir + "/yourdomain-name.pem"
     ssl.ca-file = var.confdir + "/your.crt"
     server.name = "your.domain.com"
     server.document-root = "/your/document/root/" }

Make sure that the var.confdir (/etc/lighttpd) is the location where you saved your certificate files. Also change the IP address (10.10.10.10) to your IP address.

Now restart Lighttpd.

#restart lighttpd

You are done. !!!!

How to avoid " cp: overwrite " while copying

While you copy some directory or files it will prompt " cp: overwrite " as shown below.

# cp -rf /some/file/or/directory/* /another/location
cp: overwrite `./some/files/yyy'?

 If there is lot of files, it will hard to do. So to avoid this, just put "\" before the command cp

# \cp -rf /some/file/or/directory/* /another/location

This will eliminate the interactive mode.

how to change mysql password for an user

Suppose you have got a user " db_user " and you have lost the password for the user. You need to reset it. For this just follow the steps bellow.

Get into the server as root, then get into mysql as root user.

#mysql -u root -p******

Where ***** should be replaced with your password for mysql root user.

Then execute the following commands.

mysql> use mysql;

mysql> SET PASSWORD FOR 'db_user'@'localhost' = PASSWORD('new-password'); 

Query OK, 0 rows affected (0.00 sec)

mysql> FLUSH PRIVILEGES;

           Query OK, 0 rows affected (0.00 sec)

mysql>quit

Now the password will be reset to  new-password for the user db_user.

Assign dedicated ip to a domain in Cpanel

Assigning dedicated ip to an account is simple. You just need to follow the steps below.


Home » IP Functions

Home » IP Functions » Change a Site’s IP Address

From here select the account for which the ip has to be changed. Once selected click "Change" button at the bottom.

Now select the ip from the list that you click on the drop down button, and click " Change ".

This will change the ip of the account. 

Enable TUN/TAP in OpenVZ

For installing TUN/TAP for a OpenVZ vps, you should first make sure that the module is enabled in the node.

For this you need to run the command bellow.

# lsmod | grep tun

 If the module is not installed, just install it by running

# modprobe tun

Now to enable the module to the vps, run the following commands. Replace Veid with your vps id

# vzctl set Veid --devnodes net/tun:rw --save

# vzctl set Veid --devices c:10:200:rw --save

# vzctl stop Veid 

# vzctl set Veid --capability net_admin:on --save

# vzctl start Veid

# vzctl exec Veid mkdir -p /dev/net

# vzctl exec Veid chmod 600 /dev/net/tun

Now TUN/TAP is enabled for the vps. To check this get into the vps.

# vzctl enter Veid

Now run the following command in the vps.

# cat /dev/net/tun

 The result of the above command should be

cat: /dev/net/tun: File descriptor in bad state

!! 'httpd' is disabled via '/etc/apachedisable', please re-enable to continue. !!

You may end up with the following error while running /scripts/easyapache

!! 'httpd' is disabled via '/etc/apachedisable', please re-enable to continue. !!

To resolve this, Login to your WHM

Home » Service Configuration » Service Manager

The boxes for http would be unchecked, Just check it

Then Click the " Save " button at the bottom of the page.

Now you can run easyapache without any issue.

Error: Device 768 (vbd) could not be connected. Hotplug scripts not working

When you try to start a Xen vps from solusVM, It wont get started. If you try to start from the backend, you may end up with following error.

# xm create /home/xen/vm123/vm123.cfg

          Using config file "/home/xen/vm123/vm123.cfg".          Error: Device 768 (vbd) could not be connected. Hotplug scripts not working.

Check the hotplug error log :

# tail /var/log/xen/xen-hotplug.log

If you get the following output :

         stat: cannot stat `/dev/xensan/vm123_img': No such file or directory
         Nothing to flush.

Activating the corresponding logical volumes for the vps will fix the issue.

# lvchange -ay /dev/xen**/vm123_img

Missing Perl Libraries error while installing CSF on CentOs 5/6

While installing CSF you may end up with the following error. 

Checking Perl modules...
Can't locate LWP/UserAgent.pm in @INC (@INC contains: /etc/csf /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at (eval 22) line 2.
BEGIN failed--compilation aborted at (eval 22) line 2.

Can't locate Time/HiRes.pm in @INC (@INC contains: /etc/csf /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at (eval 27) line 2.
BEGIN failed--compilation aborted at (eval 27) line 2.

This have got a simple one line fix. Just do the following. 

root@amaziah [~]# yum install -y perl-libwww-perl perl-Time-HiRes

Download speed issue in Xen VPS

For fixing download speed issue in Xen VPS. Make following changes in the vps.

Edit the /etc/sysctl.conf file.

root@amaziah [~]# vi /etc/sysctl.conf

And then add the following lines to the end of the file.

net.core.rmem_max=16777216

net.core.wmem_max=16777216

net.ipv4.tcp_rmem=4096 87380 16777216

net.ipv4.tcp_wmem=4096 65536 16777216

 Now for the changes to take effect, either reboot the vps or issue the following command.

root@amaziah [~]# sysctl -p

Change timezone in Xen VPS

The file /etc/localtime is the one which holds information of server’s timezone.

For changing the timezone you should point it to the correct zone file by creating a soft link.

From following commands below we are changing the current timezone to IST:

Firstly move the current localtime file as backup.

#mv /etc/localtime /etc/localtime.bak

Now from /usr/share/zoneinfo/ you can find the preferred timezone. Once you found the timezone file, crate a soft link   to  /etc/localtime. Eg: For IST

#ln -sf /usr/share/zoneinfo/Asia/Calcutta /etc/localtime

You are done!! You can find the timezone changed. But if you reboot the vps the settings will get reverted back. So once finishing the steps above, do the following. 

 Run following command

echo 1 > /proc/sys/xen/independent_wallclock

Now installed ntp in the vps.

# yum install ntp 

# chkconfig ntpd on

 Synchronize the system clock with 0.pool.ntp.org server:

# ntpdate pool.ntp.org

Start NTP

# /etc/init.d/ntpd start

Now edit /etc/rc.local with your favorite editor and put the following lines there.

# vi  /etc/rc.local

service ntpd stop

echo 1 > /proc/sys/xen/independent_wallclock

ntpdate pool.ntp.org

service ntpd start

You would now get correct timezone and correct time every time you reboot your Xen VPS.

Change timezone in Openvz VPS

The file /etc/localtime is the one which holds information of server’s timezone.

For changing the timezone you should point it to the correct zone file by creating a soft link.

From following commands below we are changing the current timezone to IST:

Firstly move the current localtime file as backup.

#mv /etc/localtime /etc/localtime.bak

Now from /usr/share/zoneinfo/ you can find the preferred timezone. Once you found the timezone file, crate a soft link   to  /etc/localtime. Eg: For IST

#ln -sf /usr/share/zoneinfo/Asia/Calcutta /etc/localtime

Once the link is created, reboot the vps. 

#reboot

You are done!! Now you can find your timezone.

How to setup custom nameservers in Kloxo

To setup custom nameservers in Kloxo, you have to register custom nameservers with your server IP address at your domain registrar.

After custom nameservers has been  registered in your domain registrar control panel, you can setup custom nameservers inside your Kloxo panel. For that you can follow the steps below. 

1. Login to Kloxo as " admin ".

2. From the home screen, click on the " DNS Templates " icon.

3. Now click the " Add DNS Template ".

4. Fill in the form.

5. In DNS Template Name field enter your prefered DNS template name (Any name).

6. From the dropdown lists choose your IP address for your Web and Mail services.

7. In "Primary DNS" and "Secondary DNS" enter your custom nameservers hostnames (The same you have registered in your domain registrar control panel).

8. Press " Add " button.

9. Then change DNS for your domain to you custom DNS servers at your domain registrar.

10. If all setup is done correctly, then it may take up to a 24-48 hours for DNS change to take effect.

error: configure: error: APR is needed to build mod_suphp for Apache 2.x but was not found

If you are facing the following error while installing suPhp

error: configure: error: APR is needed to build mod_suphp for Apache 2.x but was not found

Run ./configure as shown below.

# ./configure --with-apr=/usr/bin/apr-1-config

This should fix the issue. Now you can proceed with

# make

# make install

How to Flush DNS

How to Flush DNS cache in Microsoft Windows

For this just to the following steps.

Start => Run => cmd

Now give the following command in the command prompt

c:\> ipconfig /flushdns 

You are Done!!


How to Flush DNS cache in a Linux Server

For this login to the server. And issue the following command.

root@amaziah [~]# /etc/init.d/nscd restart

                          OR

root@amaziah [~]# service nscd restart

                          OR

root@amaziah [~]# service nscd reload

This will flush DNS cache in Linux.

How to restrict the users accessing a directory

Suppose you have a domain example.com. In the document root of example.com you have a directory "confidential". And you don't want all people to access this directory. So to restrict the access to this directory except few ips. For example 192.168.1.1, 192.168.1.2, 192.168.1.3. Then  you need to follow the steps given below.

First create a file .htaccess  in  "confidential" directory.

root@amaziah [~]#cd /document root/confidential 

#touch .htaccess

Now edit .htaccess using your favorite editor

#vi .htaccess

 Order Deny,Allow

Deny from all

Allow from 192.168.1.1

Allow from 192.168.1.2

Allow from 192.168.1.3

 

Now your confidential data are safe. Only users from 192.168.1.1, 192.168.1.2 & 192.168.1.3 can access it. All others will be denied.  :)

How to block Ddos

You can find the ips which have most number of connections with the command below.

netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

The result of above command will look something like that is given below.

1 192.168.1.1
1 192.168.1.2
15 192.168.2.26
25 192.168.2.27
30 192.168.1.29
39 192.168.1.32
100 192.168.1.50


You can use the following script to block the ips causing ddos.


#!/bin/bash

netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n > test.out

for i in `cat test.out | awk '{print $2}' `

do

 {

 if [ "$i" != "127.0.0.1" ] && [ `cat test.out | grep $i | awk '{print$1}'` -gt 35 ] && [  "$i" != "0.0.0.0" ]

 then

 iptables -A INPUT -s $i -j DROP

 echo "Writing the rule :iptables -A INPUT -s $i -j DROP"

 fi

 }

done

How to Install maldetect

For installing Maidetect in your server, login to your server.

Download the latest tar file available using wget .

#wget http://www.rfxn.com/downloads/maldetect-current.tar.gz

Extract the file using the the command below.

# tar -xzvf maldetect-current.tar.gz

Get into the directory  maldetect-*

# cd maldetect-1.4.2/

Now issue the following command, which will install maldetect in your server

# sh install.sh

Now for scanning a particular directory "eg: /home"  using maldetect, issue the below command

#maldet -a  /home

Install rkhunter

The following steps explains how to install rkhunter in your server.

Firstly login to your server as root. And navigate to the directory where you would download the file.

# cd /usr/local/src

Now download the source file using wget.

# wget http://nchc.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz

Now extract the file using the following comand.

# tar -zxvf rkhunter-1.4.0.tar.gz

And get into the directory rkhunter-*

# cd rkhunter-1.4.0

Now, the command below will install rkhunter in your server.

# ./installer.sh --install

Now to automate the scan do the following steps below. We are creating the file in /usr/local/

# vi rkhunterscan

Add the following script to the file.

#!/bin/sh

( /usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /usr/bin/mail -s "rkhunter output" admin@yourdomain.com

Now change the permission.

# chmod 750 rkhunterscan

Now edit the cronjob.

# crontab -e

Now add the following line.

0 3 * * * /usr/local/rkhunterscan -c

Email alert on root ssh login

For setting up email alert on root login, firstly login to the server.

Then get into the directory /root

# cd /root

The using your favorite editor, edit the file ".bashrc"

# vi .bashrc

Go to the end of the file. And insert the following line.

echo 'ALERT - Root Shell Access (YourserverName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" you@yourdomain.com

Replace the following in the line with your variables.

YourserverName = Server hostname or Server IP address
you@yourdomain.com = Your mail id where you would like to receive the alert.


You are DONE!! Now if you login to the server, you will be receiving email alert at you@yourdomain.com.

Enable/Disable ping in a server

To disable ping in the server, you can execute the following

root@amaziah [~]# echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all

Now, if you want to re-enable it,

root@amaziah [~]# echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all

Now to disable it permanently, you can edit /etc/sysctl.conf

root@amaziah [~]#vi /etc/sysctl.conf

edit the following line

net.ipv4.icmp_echo_ignore_all = 0

and replace the "0" with "1" ie.

net.ipv4.icmp_echo_ignore_all = 1

 then save and close the file.

Exception printing is disabled by default for security reasons.

Exception printing is disabled by default for security reasons.

Error log record number: ******

Mostly for magento sites you face this error. 

In this case you need to check following steps.

Go to folder /errors/

Change local.xml.sample to local.xml

After this change you can see few more errors.

Then Open magento/lib/Zend/Cache/Backend/File.php  and search

protected $_options = array(
'cache_dir' => 'null',

and Change it to:

protected $_options = array(
'cache_dir' => 'tmp/',

Save the changes.

create tmp folder under root magento folder.

This should fix the issue.

How to install Chkrootkit

Firstly login to the shell and go to the desired location where the installation file has to be downloaded.

root@amaziah [~]# cd /usr/local/src

Now download Chkrootkit

# wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

Unpack the file that you just have downloaded

# tar -xzvf  chkrootkit.tar.gz

Now do the following,

# cd chkrootkit-*

# make sense

We have finished the installation process. You scan the server by

# ./chkrootkit

Now we can set a daily cronjob  to scan the server and send the report to your mail id

# crontab -e

Add the following line

0 1 * * * (cd /usr/local/src/chkrootkit*; ./chkrootkit 2>&1 | mail -s “chkrootkit output” email@domain.com)