Posted by: major in Security
TCP: Treason uncloaked! Peer 203.12.220.221:59131/80 shrinks window
76154906:76154907. Repaired.
TCP: Treason uncloaked! Peer 203.12.220.227:39670/443 shrinks window
280180313:280180314. Repaired.
TCP: Treason uncloaked! Peer 203.12.220.227:39670/443 shrinks window
280180313:280180314. Repaired.
TCP: Treason uncloaked! Peer 203.12.220.227:39670/443 shrinks window
280180313:280180314. Repaired.
TCP: Treason uncloaked! Peer 203.12.220.237:53759/80 shrinks window
283676616:283676617. Repaired.
TCP: Treason uncloaked! Peer 203.12.220.237:36407/80 shrinks window
352393585:352393586. Repaired.
TCP: Treason uncloaked! Peer 203.12.220.237:38616/443 shrinks window
529411143:529411144. Repaired.
TCP: Treason uncloaked! Peer 58.139.248.9:7611/443 shrinks window
2279076446:2279076447. Repaired.
If this is caused by sending strange packets that consume kernel memory, perhaps adding some of these attacker IP addresses to an iptables rule to drop the packets would help. The attacker(s) will probably keep moving to another IP address, so you have get a script to read the logs (”grep Treason”) and add new blocking rules to iptables (maybe your old system uses ‘ipchains’ instead).
No Comments »
Posted by: major in Plesk
If Plesk ever appears to be out of sync with the configuration files, or if there’s a Plesk issue that’s occurring that makes no sense at all, just stand back and wave the Plesk magic wand:
/usr/local/psa/admin/bin/websrvmng -av
Then restart whatever service was acting up, and things should be sorted out.
No Comments »
rsync -avz -e ssh remoteuser@remotehost:/remote/dir /this/dir/
No Comments »
Posted by: major in Database
Need a baseline configuration for MySQL 4.x or 5.x? Look no further:
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
#old_passwords=1
skip-locking
key_buffer = 64M
max_allowed_packet = 16M
table_cache = 2048
sort_buffer_size = 1M
read_buffer_size = 1M
read_rnd_buffer_size = 8M
myisam_sort_buffer_size = 64M
thread_cache_size = 16
query_cache_size = 32M
thread_concurrency = 8
tmp_table_size=64M
back_log = 100
max_connect_errors = 10000
join_buffer_size=1M
[mysql.server]
user=mysql
basedir=/var/lib
[mysqld_safe]
err-log=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
open_files_limit=65536
No Comments »
To make Apache write logs similar to IIS, toss this into your Apache configuration:
LogFormat "%{%Y-%m-%d %H:%M:%S}t %h %u %m %U %q %>s %b %T %H %{Host}i
%{User-Agent}i %{Cookie}i %{Referer}i" iis
No Comments »
Posted by: major in Plesk
If you’re migrating a domain, sometimes their mail will go to the old server for a while after you’ve changed the DNS. You can move their mail to the new server by following these steps:
1) Go to the user’s Maildir directory
cd /var/qmail/mailnames/<domain>/<user>/Maildir
2) Tar their mail directories
tar cvzf <user>.tar.gz cur new tmp
3) Move to a web accessible location
mv <user>.tar.gz /home/httpd/vhosts/<web-accessible-domain>/httpdocs/
4) Log onto the second server and go to the user’s Maildir directory
cd /var/qmail/mailnames/<domain>/<user>/Maildir
5) Retrieve the user’s mail tar file that you created
wget http://<web-accessible-domain>/<user>.tar.gz
6) Un-tar the files to their correct locations
tar xvzf <user>.tar.gz
7) Remove the tar file
rm <user>.tar.gz
Go to the original server and remove the tar file
rm /home/httpd/vhosts/<web-accessible-domain>/httpdocs/<user>.tar.gz
No Comments »
Add this to the Apache configuration:
ScriptAlias /cgi-bin/ "/var/www/html/cgi-bin/"
<Directory "/var/www/html/cgi-bin">
Options +ExecCGI
AddHandler cgi-script .cgi
</Directory>
Reload Apache and throw this in as test.cgi into your cgi-bin directory:
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print "Hello, World.";
Do not omit the content-type on your perl scripts. If you do, Apache will throw a random 500 Internal Server Error and it won’t log anything about it.
No Comments »
Posted by: major in Plesk
Need a username and password from the Plesk DB? Use this one-liner:
select REPLACE(sys_users.home,'/home/httpd/vhosts/','') AS domain,sys_users.login,accounts.password from sys_users LEFT JOIN accounts on sys_users.account_id=accounts.id;
No Comments »
Posted by: major in Database
The default is 100, but sometimes that’s not enough!
For MySQL 3.x:
# vi /etc/my.cnf
set-variable = max_connections = 250
For MySQL 4.x:
# vi /etc/my.cnf
max_connections = 250
Restart MySQL once you’ve made the changes and verify with:
echo “show variable like ‘max_connections’;” | mysql
No Comments »
If you’re looking to get PCI/CISP compliance, or you just like better security, disable SSL version 2. Here’s how to check if it’s enabled on your server:
Testing a web server:
openssl s_client -connect hostname:443 -ssl2
Testing an SMTP server:
openssl s_client -connect hostname:25 -starttls smtp -ssl2
If you get lines like these, SSLv2 is disabled:
419:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428:
420:error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher list:s2_clnt.c:450:
If it shows the actual certificate installed, SSLv2 is enabled!
No Comments »