First check the redhat release and os architecture.
cat /etc/redhat-release
architecture check
uname -i
As per you system requirement download the rpm package and install it on the server.
http://dag.wieers.com/rpm/FAQ.php#B
Once done, then run
yum install clamv clamd clamv-devel
Go to the below path.
cd /usr/local/src
Download the below file.
wget http://www.configserver.com/free/cmc.tgz
Extract that file.
tar -xzf cmc.tgz
Go into that folder.
cd cmc
Run the file using the below command.
sh install.sh
Once done, then access the mod security using WHM.
Run the below commands to uninstall mod security plugin from WHM server.
rm -fv /usr/local/cpanel/whostmgr/docroot/cgi/addon_cmc.cgi
rm -fv /usr/local/cpanel/whostmgr/docroot/cgi/cmcversion.txt
rm -Rfv /usr/local/cpanel/whostmgr/docroot/cgi/cmc/
Run the following commands from ssh as root
cd /usr/src; curl http://www.litespeedtech.com/packages/cpanel/lsws_whm_plugin_install.sh | sh
Once done than login to the WHM
Search litespeed and click on it.
Complete all the process and enable suexec.
Compile PHP with server PHP "Build matching PHP Binary"
Then swith to litespeed by starting litespeed service.
Login to WHM.
Search litespeed in WHM and click on admin console of litespeed.
Then go to Configuration >> General >> Index Files >> Edit. Insert the below lines and made the changes and click on save.
Index Files: index.html, index.php, index.php5, index.htm
Auto Index: Yes
Auto Index URI => /_autoindex/default.php
Then go to the server via SSH and run the below command on server.
ln -sf /usr/local/lib/php/autoindex /usr/local/lsws/share/autoindex
At the end go to below path and set
Configuration >> Log >> Server Log >> Edit
Log Level: Info
Debug Level: None
Once done, Now click on Actions and Graceful Restart light speed to make these changes permanent.
/usr/local/cpanel/whostmgr/docroot/cgi/lsws/lsws_whm_plugin_uninstall.sh
Go to the below path.
cd /usr/local/src
Download the setup file using the below command.
wget http://www.directadmin.com/setup.sh
If permission is incorrect then provide 755 permission to that file.
chmod 755 setup.sh
Run the setup using the below command.
./setup.sh
Brute Force Detection is a Free tool that can be used of avoiding brute force attacks over your web hosting UK servers. The main intention of this attack is to gain SSH/Root access to the server by making use of an algorithm which is capable of running different permutations and combinations to guess the password.
The Brute Force detection is capable of detecting such attempts and hence avoiding the attacker from growing into brute force attack.
Before proceeding with the installation of BFD, you are required to install an APF Firewall on the server. This is because, BFD operates in affiliation with the APF firewall, hence offering an enhanced server security. Having done that, you must follow the below steps for installing BFD over the server :
SSH into your hosting server as root
Go to the below folder
cd /usr/local/src
Using the below command, you can download BFD:
wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz
Extract the files onto the server and make changes to the new directory:
tar -xvzf bfd-current.tar.gz
cd bfd-1.4
Using the below command you must run the installation file:
./install.sh
You should be able to see a similar message as shown below :
: BFD installed
Install path: /usr/local/bfd
Config path: /usr/local/bfd/conf.bfd
Executable path: /usr/local/sbin/bfd
You can configure it as per your requirement and then fire the below command.
/usr/local/sbin/bfd -s
(D)DoS Deflate is a lightweight bash shell script designed to assist in the process of blocking a denial of service attack. It utilizes the command below to create a list of IP addresses connected to the server, along with their total number of connections. It is one of the simplest and easiest to install solutions at the software level.
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
Go to below path.
cd /usr/local/src/
Create directory
mkdir ddos
Go to that directory
cd ddos
Get the latest source file using the below link:
wget http://www.inetbase.com/scripts/ddos/install.sh
Install DDOS Deflate
sh install.sh
Edit the configuration file,
/usr/local/ddos/ddos.conf
Start the ddos
/usr/local/ddos/ddos.sh -c
Download the below file
wget http://www.inetbase.com/scripts/ddos/uninstall.ddos
Check the permission of uninstall.ddos, If it is not 700 then make it using below command.
chmod 0700 uninstall.ddos
Run the below command to uninstall it. ./uninstall.ddos
- It is possible to whitelist IP addresses, via /usr/local/ddos/ignore.ip.list.
- Simple configuration file: /usr/local/ddos/ddos.conf
- IP addresses are automatically unblocked after a preconfigured time limit (default: 600 seconds)
- The script can run at a chosen frequency via the configuration file (default: 1 minute)
- You can receive email alerts when IP addresses are blocked.
Relatively new to APF is the new AntiDOS feature which can be found in: /etc/apf/ad
The log file will be located at /var/log/apfados_log so you might want to make note of it and watch it!
vi /etc/apf/ad/conf.antidos
LP_KLOG=”1″
IPT_BL=”1″USR_ALERT=”1″
USER = “root”
ARIN_ALERT=”1″
There are various things you might want to fiddle with but I’ll get the ones that will alert you by email.
# [E-Mail Alerts]
Under this heading we have the following:# Organization name to display on outgoing alert emails
CONAME=”Your Company”
Enter your company information name or server name..# Send out user defined attack alerts [0=off,1=on]
USR_ALERT=”0″
Change this to 1 to get email alerts# User for alerts to be mailed to
USR=”[email protected]”
Enter your email address to receive the alerts
Save your changes and quit the file
Restart the firewall:
/usr/local/sbin/apf -r
To set per IP connections limit on server we are using mod_limitipconn. This can be a very useful tool, as it could help in lowering the load on your server due to someone connecting too many times from the same IP.
To set the IP limit on the server using mod_security.
Check apache version first on server.
httpd -v
Go to the below path
cd /usr/local/src/
Download the mod_limitpconn using the below link. I am having apache version 2.2.22. As per your apache version download the file.
wget http://dominia.org/djao/limit/mod_limitipconn-0.24.tar.bz2
Untar the file
tar -xvf mod_limitipconn-0.24.tar.bz2
Go to that folder
cd mod_limitipconn-0.24
Compile it with apache
make
make install
Check the apache syntax and restart the apache service if it is Ok
httpd -t
/etc/init.d/httpd restart
Add the below lines in httpd.conf
vi /usr/local/apache/conf/httpd.conf
# This command is always needed
ExtendedStatus On# Only needed if the module is compiled as a DSO
LoadModule limitipconn_module lib/apache/mod_limitipconn.so<IfModule mod_limitipconn.c>
# Set a server-wide limit of 10 simultaneous downloads per IP,
# no matter what.
MaxConnPerIP 10
<Location /somewhere>
# This section affects all files under http://your.server/somewhere
MaxConnPerIP 3
# exempting images from the connection limit is often a good
# idea if your web page has lots of inline images, since these
# pages often generate a flurry of concurrent image requests
NoIPLimit image/*
</Location><Directory /home/*/public_html>
# This section affects all files under /home/*/public_html
MaxConnPerIP 1
# In this case, all MIME types other than audio/mpeg and video*
# are exempt from the limit check
OnlyIPLimit audio/mpeg video
</Directory>
</IfModule>
Check the syntax if everything is ok then restart the apache.
httpd -t
/etc/init.d/httpd restart
/etc/init.d/httpd status
Confirm that domains are working on the server. You can select the domain from the below file and try randomly accessing it.
cat /etc/userdomains.
Notes:
This module will not function unless mod_status is loaded and the “ExtendedStatus On” directive is set.
Make sure mod security is already installed on the server using easyapache.
[email protected] [/]# who -b
system boot 2012-04-24 09:04
[email protected] [/]# last reboot | head -1
reboot system boot 2.6.18-308.1.1.e Tue Apr 24 09:04 (9+22:24)
[email protected] [/]#[email protected] [/]# last -x|grep shutdown | head -1
shutdown system down 2.6.18-308.1.1.e Tue Apr 24 09:04 – 07:30 (9+22:25)
[email protected] [/]#
Run the below command to check Perl modules installed.
[email protected] [~]# instmodsh
It will show below output.
[email protected] [~]# instmodsh
Available commands are:
l – List all installed modules
m <module> – Select a module
q – Quit the program
cmd? l
Installed modules are:
Acme::Spork
AppConfig
Archive::Tar
Archive::Tar::Streamed
Archive::Zip
Attribute::Handlers
Authen::Libwrap
BSD::Resource
Bundle::Interchange
Business::OnlinePayment
Business::OnlinePayment::AuthorizeNet
Business::UPS
CDB_File
CGI
CPAN
CPAN::DistnameInfo
CPAN::SQLite
Carp
Class::Accessor
Class::Load
Class::Singleton
Class::Std
Class::Std::Utils
Clone
Compress::Bzip2
Compress::Raw::Bzip2
Compress::Raw::Zlib
Convert::ASN1
Cpanel::Class
Cpanel::Cleanup
Cpanel::FastMath
Cpanel::POSIX::Tiny
Cpanel::TaskQueue
Crypt::GPG
Crypt::OpenSSL::RSA
Crypt::OpenSSL::Random
Crypt::Passwd::XS
Crypt::RC4
Crypt::SSLeay
Curses
Curses::UI
Cwd
DBD::SQLite
DBD::SQLite2
DBD::mysql
DBI
DBIx::MyParsePP
DB_File
Data::Dump
Data::Dumper
Data::OptList
DateTime
DateTime::Locale
DateTime::TimeZone
Devel::PPPort
Digest::HMAC
Digest::MD5
Digest::MD5::File
Digest::Perl::MD5
Digest::SHA
Digest::SHA1
Dist::CheckConflicts
Email::Date::Format
Email::Valid
Encode
Encode::Detect
Encode::Locale
Error
Expect
ExtUtils::CBuilder
ExtUtils::Constant
ExtUtils::Install
ExtUtils::MakeMaker
ExtUtils::ParseXS
FCGI
File::Find::Rule
File::Find::Rule::Filesys::Virtual
File::HomeDir
File::Listing
File::MMagic::XS
File::Path
File::ReadBackwards
File::Scan::ClamAV
File::Slurp
File::Tail
File::Touch
File::Which
Filesys::Df
Filesys::Statvfs
Filesys::Virtual
Filesys::Virtual::Plain
Filter
GD
GD::Graph
GD::Text
Geo::IPfree
Geography::Countries
Getopt::Long
Getopt::Param::Tiny
Graph::Easy
Graph::Flowchart
HTML::Parser
HTML::Tagset
HTTP::Cookies
HTTP::Daemon
HTTP::Daemon::App
HTTP::Daemon::SSL
HTTP::Date
HTTP::Message
HTTP::Negotiate
HTTP::Tiny
IO::Compress
IO::Interactive::Tiny
IO::Socket::ByteCounter
IO::Socket::INET6
IO::Socket::SSL
IO::Stringy
IO::Stty
IO::Tty
IO::Zlib
IP::Country
IPC::Cmd
IPC::Run
IPC::Run3
Image::Size
LWP
LWP::MediaTypes
Lchown
Linux::Inotify2
List::Cycle
List::MoreUtils
List::Util
Locale::Maketext::Simple
Locales
MD5
MIME::Base64
MIME::Lite
MLDBM
Mail::DKIM
Mail::DomainKeys
Mail::SPF
Mail::SPF::Query
Mail::SRS
Mail::SpamAssassin
Math::Fibonacci
Math::Fibonacci::Phi
Math::Round
Memoize
Module::Build
Module::CoreList
Module::Implementation
Module::Load
Module::Load::Conditional
Module::Metadata
Module::Runtime
Net
Net::CIDR::Lite
Net::DAV::Server
Net::DNS
Net::DNS::Resolver::Programmable
Net::Daemon
Net::Daemon::SSL
Net::FTPSSL
Net::HTTP
Net::HTTPS::Any
Net::IP::Match::Regexp
Net::LDAP
Net::LDAP::Server
Net::LibIDN
Net::OSCAR
Net::SOCKS
Net::SSLeay
NetAddr::IP
Number::Compare
OLE::Storage_Lite
Package::Constants
Package::DeprecationManager
Package::Stash
Package::Stash::XS
Params::Check
Params::Util
Params::Validate
Parse::RecDescent
Perl
Perl::OSType
Pod
Pod::Escapes
Pod::Perldoc
Pod::Simple
Probe::Perl
Proc::Daemon
Quota
SQL::Statement
SVG::TT::Graph
Safe::Hole
Set::Crontab
Socket6
Spreadsheet::ParseExcel
Spreadsheet::WriteExcel
Storable
String::CRC32
Sub::Exporter
Sub::Install
Sub::Uplevel
Sys::Hostname::Long
Sys::Syslog
Template
Term::ReadKey
Term::ReadLine
Test::Carp
Test::Exception
Test::Fatal
Test::Harness
Test::Output
Test::Requires
Test::Script
Test::Simple
Test::Tester
Test::Warn
Text::CSV
Text::CSV_XS
Text::Glob
Tie::DBI
Tie::IxHash
Tie::ShadowHash
Time::HiRes
TimeDate
Tree::DAG_Node
Tree::MultiNode
Try::Tiny
URI
Unix::PID
Unix::PID::Tiny
WWW::RobotRules
XML::LibXML
XML::NamespaceSupport
XML::Parser
XML::SAX
XML::SAX::Base
XML::SAX::Expat
XML::Simple
XML::Writer
XSLoader
YAML::Syck
cPanel::MemTest
common::sense
lib::restrict
local::lib
parent
version
cmd ?
Recent Comments