Linux Webhosting blog

How to recover direct admin server from crash drive.

First of all mount the crash disk. In my case I am mounting it in /mnt

Now, you have to copy the data from old disk to new disk using below commands

cp -avprf /mnt/etc/passwd /etc/
cp -avprf /mnt/etc/group /etc/
cp -avprf /mnt/etc/shadow /etc/
cp -avprf /mnt/etc/gshadow /etc/
cp -avprf /mnt/etc/my.cnf /etc/
cp -avprf /mnt/etc/exim* /etc/
cp -avprf /mnt/etc/hosts /etc/
cp -avprf /mnt/etc/httpd/conf/* /etc/httpd/conf/
cp -avprf /mnt/etc/named.conf /etc/
cp -avprf /mnt/etc/proftpd.conf /etc/
cp -avprf /mnt/etc/proftpd.passwd /etc/
cp -avprf /mnt/etc/proftpd.vhosts.conf /etc/
cp -avprf /mnt/etc/resolv.conf /etc/
cp -avprf /mnt/etc/system_filter.exim /etc/
cp -avprf /mnt/usr/local/directadmin/conf /usr/local/directadmin/
cp -avprf /mnt/usr/local/directadmin/plugins /usr/local/directadmin/
cp -avprf /mnt/etc/mail /etc/
cp -avprf /mnt/etc/virtual /etc/
cp -avprf /mnt/var/named /var/
cp -avprf /mnt/var/spool/cron /var/spool/
cp -avprf /mnt/var/spool/virtual /var/spool/
cp -avprf /mnt/var/www /var/
cp -avprf /mnt/usr/local/directadmin/data /usr/local/directadmin/
cp -avprf /mnt/var/lib/mysql /var/lib/
cp -avprf /mnt/home/* /home/

Once data has been copied from old disk to new disk you have to compile apache and php using direct admin custom script. After successful compilation sites will start working fine.

Tune your hard disk for high performance Using hdparm

First of all you have to install hdparm in linux.

apt-get install hdparm

#hdparm /dev/sda

/dev/sda:
readonly = 0 (off)
readahead = 120 (on)
geometry = 8850/255/63, sectors = 142182912, start = 0

Hard disk Performance Information

# hdparm -tT /dev/hda

/dev/hdd:
Timing cached reads: 496 MB in 2.00 seconds = 247.42 MB/sec
Timing buffered disk reads: 60 MB in 3.03 seconds = 19.81 MB/sec

Hard drive set to low, slow settings

# hdparm -cuda /dev/hda

/dev/hda:
IO_support = 0 (default 16-bit)
unmaskirq = 0 (off)
using_dma = 0 (off)
readahead = 256 (on)

Use below tweaks to increase disk read write performance.

For sda drive

~]# hdparm -a 2048 /dev/sda

/dev/sda:
setting fs readahead to 2048
readahead = 2048 (on)

For sdb drive

[root@439298a ~]# hdparm -a 2048 /dev/sdb

/dev/sdb:
setting fs readahead to 2048
readahead = 2048 (on)

]# echo “anticipatory” > /sys/block/sdb/queue/scheduler

]# echo “anticipatory” > /sys/block/sda/queue/scheduler

DDOS attack

Whenever the load in the server increases due to a particular user in the server. Check the following:

You can check the user in top.

Find the domain owned by the user:

grep username /etc/userdomains

use the following command after you get the domain name:

less /usr/local/apache/domlogs/domain.com | awk ‘{print $1}’ | sort | uniq -c | sort -n

This will give the ip and number of connections in the descending order. For example:

13832 65.51.111.143
19112 66.250.68.289
208262 157.55.16.77

In the above case we can see too many connections from those ips. This is surely abnormal. Immediately block such ips in the server using csf or block that ips in hosts.deny.