Sunday, 28 July 2013


Drop DDOS attack
20 04 2009

1. Find.. to which IP address in the server is targeted by the ddos attack

netstat -plan  | grep  :80 | awk ‘{print $4}’ | cut -d: -f1 |sort |uniq -c

2. Find… from which IPs, the attack is coming

netstat -plan  | grep  :80 | awk '{print $5}' | cut -d: -f1 |sort |uniq -c
netstat -plan |grep :25 | awk '{print $5}' |cut -d: -f1 |sort |uniq -c |sort -n

give thie command in destination server.

rsync --progress --stats -avzxl --rsh='ssh -p22' [source] [destination]/home/ekozasti/

rsync --progress --stats -avzxl --rsh='ssh -p22' /home/ekozasti/

rsync -avz -e  /var/named/cpanelphp.txt root@

scp -P 2255 villaaqu_hotel.sql root@

                          rewrite rule
 Options +FollowSymLinks RewriteEngine On RewriteRule ^.*$ index.html

iptables -vnL --line // show the iptable rule with line //

iptables -D INPUT line no.  // to delete the rule //

                   to find mail script

grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n

less /var/log/exim_mainlog | grep /home or /tmp

less /var/log/exim_mainlog | grep cwd | grep /home/<username>

grep "cwd=" /var/log/exim_mainlog|awk '{for(i=1;i<=10;i++){print $i}}'|sort|uniq -c|grep cwd|sort -n



postcat -q 7ECB9C36BF4 | more
grep POST */statistics/logs/access_log
  grep POST */statistics/logs/access_log | grep wp-cont
 grep POST */statistics/logs/access_log | grep wp-cont | grep the
 grep POST */statistics/logs/access_log | grep wp-cont | grep themes

To remove frozen mails
exim -bpu | grep frozen | awk {'print $3'} | xargs exim -Mrm

                 database backup

   grep -i '`website`' mydbbkp2013.sql > website.sql

 mysqladmin variable | grep -i innodb [to find innodb run or not]         

   Perl script to find injection files.

  add spf for all domains

for user in `ls /var/cpanel/users`; do /usr/local/cpanel/bin/spf_installer $user; done

for user in `ls /var/cpanel/users`; do /usr/local/cpanel/bin/dkim_keys_install $user; done

to see perl module

To find the userid ownership and changed to another.

find . -gid 1011 -uid 1009 -exec chown www-data.www-data {} \;

To view the imap connection for domain
ps ax | grep ""

smtp port


The roundcube database uses InnoDB tables in its database:

mysql -e "show table status" roundcube |grep -i innodb |awk '{print $1,$2}'

-> The DB has been re-rysnc from old server to new server with the command
"mysqldump --compatible" so that all version are supported.

Reinstalled the spamassasin in cpanel:

/scripts/realperlinstaller --force Mail::SpamAssassin

Grep command

grep -rw xxxx .
grep -irl xxxx .
grep xxxx *

0 11 * * * /usr/local/sbin/maldet --scan-all /home?/?/public_html > /dev/null 2>&1
11 1 * * * /usr/local/bin/clamscan -ir /home -l /var/log/clamscan.log --move=/root/results

ffmpeg tool.
check video conversion,
ffmpeg -i 500.mp4 -ar 22050 -acodec libmp3lame -ab 32K -r 25 -s 320x240 -vcodec flv testvideo1.flv

clear memory cache in ram

echo 1 > /proc/sys/vm/drop_caches

/usr/local/cpanel/bin/tailwatchd --disable=Cpanel::TailWatch::ChkServd
/usr/local/cpanel/bin/tailwatchd --enable=Cpanel::TailWatch::ChkServd


my script[change NS]under named dir--->bcoz sed command find this in all files under which dir you are currently present.[if you want change two NS] use this,

Sed provides -e option to run multiple sed commands in a single sed command. The above output can be achieved in a single sed command as shown below.

>sed -e 's/unix/linux/' -e 's/os/system/' file.txt
linux is great system. unix is opensource. unix is free os.

for i in `cat test.txt` ; do sed -e 's/find/replace/g' -e 's/find/replace/g' $i ; done[PLEASE USE -i INSTEAD OF -e]

 for x in `cat testtangeran_zonefiles.txt`; do sed -i 's/' $x; done;
for x in `cat testtangeran_zonefiles.txt`; do sed -i "s/" $x ; done;

find /home/*/public_html -name php.ini -maxdepth 1 > testaz.txt
for i in `cat testaz.txt` ; do mv $i $i"_moved" ; done
for i in `cat testaz.txt` ; do chown root.root $i"_moved" ; done

mail issue in plesk[recreate mail handlers]
/usr/local/psa/admin/sbin/mailmng --stop-service
/usr/local/psa/admin/sbin/mchk --with-spam
/usr/local/psa/admin/sbin/mailmng --start-service

key_buffer_size = 1024MB + (read_buffer_size = 1MB + sort_buffer_size = 4MB) * 200 ~= 2GB[myaql optimization]

No comments:

Post a Comment