Disable Recursion for DNS

Recursion allows your DNS server to contact other DNS servers to assist in resolving domain names when it cannot resolve the domain itself. While recursion can prove to be useful tool when it is necessary, it also opens the DNS server open to attack, which could take down the DNS server altogether. Recursion is generally only necessary when there is a known need for it. If recursion is not a known need for your DNS server, it is best to disable recursion. Follow the steps below based on your operating system or control panel to disable DNS recursion.

Disable Recursion in Plesk

Log into the Plesk Admin Panel.
Select Tools and Settings.
Click DNS Template Settings from the section.
Select Localnets from the DNS Recursion section.
Click the OK button.

Disable Recursion in Windows Server 2003 and 2008

Go to DNS Manager from the Start menu:

Click the Start button.
Select Administrative Tools.
Select DNS.

Now Right click on the desired DNS Server in the Console Tree.
Select the Proprerties tab.
Click the Advanced button in the Server Options section.
Select the Disable Recursion checkbox.
Click the OK button.

Disable Recursion in Linux

Locate the named.conf file within the operating system.Open the named.conf file in your preferred editor.

Add the following details to the Options section:

opttions{
.............
allow-transfer {"none";};
allow-recursion {"none";};
recursion no;
............
};

Save and exit the file. The restart the named service. 

# /etc/init.d/named restart

Install suPHP on debian

Before starting the installation install the prerequisites needed to build mod_suphp with the command below.

#apt-get install php5-cgi apache2-prefork-dev

Now move to the directory where you would like to download the installation file

#cd /usr/local/src

The download it with the command below.

#wget http://www.suphp.org/download/suphp-0.6.2.tar.gz

Now unpack the file

#tar xvfz suphp-0.6.2.tar.gz

and,

#cd suphp-0.6.2

Now you can install with the following commands.

#./configure

Now if you end up with following error while running ./configure

APXS was not found, so mod_suphp will not be built!

Run the command again with the following option. ( where path to apxs may differ )

#./configure --with-apxs=/usr/bin/apxs2

 Now you can proceed with the commands below.

#make
#make install

Now add the module to apache.

#vi /etc/apache2/httpd.conf

And add the following line.

LoadModule suphp_module /usr/lib/apache2/modules/mod_suphp.so

Then restart apache.

#/etc/init.d/apache2 restart

DONE!!

Enable Iptables Modules for a VPS

Before enabling the modules to the VPS , make sure that its enabled in the root node of the VPS. You can check it using the command below.

#lsmod | grep -i module_name

If its not enabled, then enable it by using the modprobe command 

#modprobe iptables_module
#modprobe ipt_helper
#modprobe ipt_REDIRECT
#modprobe ipt_TCPMSS
#modprobe ipt_LOG
#modprobe ipt_TOS
#modprobe iptable_nat
#modprobe ipt_length
#modprobe ipt_tcpmss
#modprobe iptable_mangle
#modprobe ipt_tos
#modprobe iptable_filter
#modprobe ipt_helper
#modprobe ipt_tos
#modprobe ipt_ttl
#modprobe ipt_SAME
#modprobe ipt_REJECT
#modprobe ipt_helper
#modprobe ipt_owner
#modprobe ip_tables
#modprobe ipt_MASQUERADE
#modprobe ipt_multiport/xt_multiport
#modprobe ipt_state/xt_state
#modprobe ipt_limit/xt_limit
#modprobe ipt_recent
#modprobe xt_connlimit
#modprobe ipt_owner/xt_owner
#modprobe iptable_nat/ipt_DNAT
#modprobe iptable_nat/ipt_REDIRECT

Now to enable the module to the container, first stop the container which one you want to enable the module . Assuming the vps id as 101 here.  

# vzctl stop 101

Now you can enable the module to the vps either by executing the following command

# vzctl set 101 --iptables ipt_REJECT --iptables ipt_tos --iptables ipt_TOS --iptables ipt_LOG --iptables ip_conntrack --iptables ipt_limit --iptables ipt_multiport --iptables iptable_filter --iptables iptable_mangle --iptables ipt_TCPMSS --iptables ipt_tcpmss --iptables ipt_ttl --iptables ipt_length --iptables ipt_state --iptables iptable_nat --iptables ip_nat_ftp --save

                                                 OR

By adding manually to the configuration file /etc/vz/conf/veid.conf 

#vi /etc/vz/conf/101.conf

and then paste following at the end of the file.

 

IPTABLES="iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc"

Now restart the container.

# vzctl restart 101

This will enable the modules to the vps.

Install Ioncube loader in Debian

For installing Ioncube loader in debian follow the steps below.

Get into the server and change the directory where you would like to download the package to. 

#cd /usr/local/src

Now download IonCube loader using the command below ( chose according to which architecture you have )

#wget http://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86.tar.gz
                                                        OR
#wget http://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.gz

Now extract the downloaded file

#tar zxvf ioncube_loaders_lin_*.tar.gz

 Now move the directory ioncube to a permanent location

#mv ioncube /usr/local/

Now edit the php.ini file and add the following ( You can choose the version of ioncube loader the one that suites your needs )

#vi /etc/php5/apache2/php.ini
zend_extension = /usr/local/ioncube/ioncube_loader_lin_5.2.so

Now restart apache

#/etc/init.d/apache2 restart

Done !!

CSF Blocking EVERYTHING

If you have csf installed on a OpenVZ container, suddenly you may end up with  csf blocking all ips and even ssh, email and all services will not be accesible, even though server is working, but firewall puts a block on everyone, and appears offline to others.

I got this fixed by doing the following steps:

Login to the host node and edit /etc/vz/conf/vpsid.conf. For example I'm using 101 as vpsid.

[root@node ~]# vi /etc/vz/conf/101.conf

Then add the following line to the end of the file. 

IPTABLES="iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc"

Now restart the container.

[root@node ~]# vzctl restart  101

The problem should be resolved now!!

Install nginx server

Ton install nginx server login to the server as root. Then navigate to the directory whre you would like to download the source file. I usually use /usr/local/src.

#cd /usr/local/src

You can now donload the installation file as shown below.

#wget http://nginxcp.com/latest/nginxadmin.tar

Once the download is finished, extract the tar file that you have downloaded.

#tar xf nginxadmin.tar

Now get into publicnginx

#cd publicnginx

And run the command below to install. 

./nginxinstaller install

You are done !! 

bash: scp: command not found lost connection

 When you try to scp some thing to a remote server you may endup with the error as shown below.

# scp somefile 10.10.10.10:/home
root@10.10.10.10's password: 
bash: scp: command not found
lost connection

This error occurs because the remote host is missing the openssh-clients package. To fix this issue just login to the remote server, and run the command below.

#yum install openssh-clients

This will fix the issue and you could now scp without any issue.

How to avoid " cp: overwrite " while copying

While you copy some directory or files it will prompt " cp: overwrite " as shown below.

# cp -rf /some/file/or/directory/* /another/location
cp: overwrite `./some/files/yyy'?

 If there is lot of files, it will hard to do. So to avoid this, just put "\" before the command cp

# \cp -rf /some/file/or/directory/* /another/location

This will eliminate the interactive mode.

how to change mysql password for an user

Suppose you have got a user " db_user " and you have lost the password for the user. You need to reset it. For this just follow the steps bellow.

Get into the server as root, then get into mysql as root user.

#mysql -u root -p******

Where ***** should be replaced with your password for mysql root user.

Then execute the following commands.

mysql> use mysql;

mysql> SET PASSWORD FOR 'db_user'@'localhost' = PASSWORD('new-password'); 

Query OK, 0 rows affected (0.00 sec)

mysql> FLUSH PRIVILEGES;

           Query OK, 0 rows affected (0.00 sec)

mysql>quit

Now the password will be reset to  new-password for the user db_user.

Error: Device 768 (vbd) could not be connected. Hotplug scripts not working

When you try to start a Xen vps from solusVM, It wont get started. If you try to start from the backend, you may end up with following error.

# xm create /home/xen/vm123/vm123.cfg

          Using config file "/home/xen/vm123/vm123.cfg".          Error: Device 768 (vbd) could not be connected. Hotplug scripts not working.

Check the hotplug error log :

# tail /var/log/xen/xen-hotplug.log

If you get the following output :

         stat: cannot stat `/dev/xensan/vm123_img': No such file or directory
         Nothing to flush.

Activating the corresponding logical volumes for the vps will fix the issue.

# lvchange -ay /dev/xen**/vm123_img

Unable to start SSH: Restarting Secure Shell server: sshd failed! /dev/null is not a character device!.

root@amaziah [~]# /etc/init.d/sshd restart

Restarting Secure Shell server: sshd failed!
/dev/null is not a character device!.

The /dev/null should be a character device as per the Linux standards. This error occurs when /dev/null turns into a regular file.

To fix this issue, firstly delete /dev/null file.

root@amaziah [~]# rm -f /dev/null

And create the character device

root@amaziah [~]# mknod /dev/null c 1 3

root@amaziah [~]# ls -la /dev/null  , the output should look like

crw-rw-rw- 1 root root 1, 3 Oct  1 11:42 /dev/null

Now restart the sshd service

root@amaziah [~]# /etc/init.d/sshd restart

Stopping sshd:              [  OK  ]

Starting sshd:              [  OK  ]

Fixed.........  :)

Unable to open pty: No such file or directory

When you try to enter the vps from the node, it gives the following error 

root@amaziah [~]# vzctl enter VEID
enter into CT VEID failed
Unable to open pty: No such file or directory

To resolve this,

root@amaziah [~]#vzctl exec VEID /sbin/MAKEDEV pty

root@amaziah [~]#vzctl exec VEID /sbin/MAKEDEV tty

root@amaziah [~]#vzctl enter VEID

Now to fix the issue for permanently, in the VPS edit /etc/rc.sysinit

#vi /etc/rc.sysinit

comment the line /sbin/start_udev  and add the following lines bellow that,

/sbin/MAKEDEV tty
/sbin/MAKEDEV pty

Now save the file. Then reboot the VPS.

root@amaziah [~]# vzctl restart VEID

 :)