Archive

Archive for the ‘DirectAdmin’ Category

Block wp-login and xmlrpc brute force attacks with CSF / DirectAdmin

August 17th, 2022 No comments

xmlrpc wp-login are common attacks for WordPress installations, with CSF firewall
we can block them.

First we define in CUSTOMx_LOG the log directory from which CSF will be able to search for wp-login.php and xmlrpc.php requests.
Edit your /etc/csf/csf.conf like bellow:
CUSTOM1_LOG = "/var/log/httpd/domains/*.log"
If you have use CUSTOM1_LOG use the others

After we have to create custom functions for CSF so it will be able to block those attacks.

We add the following rules to /usr/local/csf/bin/regex.custom.pm file. If it’s not there, create one.

Then we add bellow code :

# XMLRPC
if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] "\w*(?:GET|POST) \/xmlrpc\.php.*" /)) {
return ("WP XMLPRC Attack",$1,"XMLRPC","5","80,443","1");
}

# WP-LOGINS
if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] "\w*(?:GET|POST) \/wp-login\.php.*" /)) {
return ("WP Login Attack",$1,"WPLOGIN","5","80,443","1");
}

Finally we restart CSF and check if LFD is doing his new job :

csf -r.

Categories: DirectAdmin Tags:

How to set max_open_files in MariaDB / MySQL in CentOS 7

July 25th, 2022 Comments off

Set the system wide open file limit:

vi /etc/security/limits.conf

Change/Add the following:

* soft nofile 1024000
* hard nofile 1024000
* soft nproc 10240
* hard nproc 10240

Now do this for /etc/sysctl

vi /etc/sysctl

Add the following

fs.file-max = 1024000

Set the changes

sysctl -w fs.file-max=1024000
sysctl -p
# check changes
cat /proc/sys/fs/file-max

Set the mysqld.service limit (as settings here will override *.cnf ones)

Set both /etc/systemd/system.conf and /etc/systemd/user.conf

vi /etc/systemd/system.conf
vi /etc/systemd/user.conf

Add the following under [Manager] for both:

DefaultLimitNOFILE=1024000

ALSO, you may need to look in /etc/systemd/system to see if anything is overriding stuff.

/etc/systemd/system
grep -Rl LimitNOFILE

Then change all instances of “LimitNOFILE” with:

systemctl edit [name of service].service

Or do this via “vi”

LimitNOFILE=infinity
LimitMEMLOCK=infinity

You may even need to use the following:

LimitAS=infinity
LimitRSS=infinity
LimitCORE=infinity
LimitNOFILE=infinity

START METHOD1

Find out which .conf files are being used:

systemctl status mysqld
# You'll get something like the following
Drop-In: /etc/systemd/system/mariadb.service.d
           ??override.conf

So now that we see Drop-In: /etc/systemd/system/mariadb.service.d, we’ll do the following:

cd /etc/systemd/system/mariadb.service.d
# If you're using regular mysql, then the above path will likely be different
vi /etc/systemd/system/mariadb.service.d/override.conf

Add the following:

[Service]
LimitNOFILE=infinity
LimitMEMLOCK=infinity

If that doesn’t work, then “infinity” variable was set to mean a specific number, like “65536”… If that’s the case, set the same number as you did in “/etc/my.cnf.d/server.cnf”
or set a really high number like “2048000”

[Service]
LimitNOFILE=2048000
LimitMEMLOCK=2048000

END METHOD 1

START METHOD 2

Find the location of all potential *.service files

cd /
find -iname maria*.service
# or
find -iname mysql*.service

Then edit each one, as in example below:

vi /usr/local/directadmin/custombuild/configure/systemd/mysqld57.service
vi /usr/local/directadmin/custombuild/configure/systemd/mysql.service
vi /usr/local/directadmin/custombuild/configure/systemd/mysqld.service
vi /etc/systemd/system/mysqld.service

vi /etc/systemd/system/mariadb.service
vi /usr/share/mysql/systemd/mariadb.service
vi /usr/local/directadmin/custombuild/configure/systemd/mariadb.servicevi 

Change/Add the following, under “[Service]”:

LimitNOFILE=infinity
LimitMEMLOCK=infinity

If that doesn’t work, then “infinity” variable was set to mean a specific number, like “65536”… If that’s the case, set the same number as you did in “/etc/my.cnf.d/server.cnf”
or set a really high number like “2048000”

LimitNOFILE=2048000
LimitMEMLOCK=2048000

END METHOD 2

Set the *.cnf settings:

vi /etc/my.cnf.d/server.cnf
# or where ever your .cnf may be

Change/Add the following:

open_files_limit               = 1024000

Now reload/restart what’s necessary:

systemctl daemon-reload
systemctl restart mysqld; systemctl status mysqld

How to easily encrypt/decrypt a file in Linux with gpg

June 29th, 2022 Comments off

No matter what you’re doing on your computer, you need to do so with an eye to security — that means using strong passwords, storing files in safe locations, and in some cases encrypting files. Fortunately, for nearly every usage, there are tools to enable you to encrypt your data…from transferring data online to storing data on a locally attached storage, even encrypting your entire drive.

Since gpg is built into almost every Linux system, you won’t have to install anything to get this working from the command line. I’ll also show how to gain this functionality within the Nautilus (GNOME Files) file manager tool.

From the command line

Let’s say you have a file, /home/user/test.txt, that you want to password protect. Using gpg, you would do the following.

  1. Open a terminal window.
  2. Change to the /home/user/ directory with the command cd /home/user/
  3. Encrypt the file with the command gpg -c test.txt.
  4. Enter a unique password for the file and hit Enter.
  5. Verify the newly typed password by typing it again and hitting Enter.

You should now see the file test.txt.gpg in the /home/user folder. To decrypt that file, do the following.

  1. Open a terminal window.
  2. Change to the /home/user directory with the command cd /home/user.
  3. Decrypt the file with the command gpg important.dox.gpg.
  4. When prompted, enter the decryption password you created when encrypting the file.

You could send that file to a recipient and, as long as they have gpg installed, they can decrypt the file with the password you used for encryption. If they are a Windows user, they can always install Gpg4win.

The GUI way

If you happen to be a GNOME 3 user (or any Linux desktop that makes use of either Nautilus or GNOME Files), you can add a contextual menu entry to the file manager for encryption. Here’s how (I’ll demonstrate it on Ubuntu GNOME 16.04).

  1. Open a terminal window.
  2. Issue the command sudo apt-get install seahorse-nautilus.
  3. Type your sudo password and hit Enter.
  4. If prompted, type y and hit Enter.
  5. Allow the installation to complete.

Open the file manager and navigate to the /home/user directory. Right-click the test.text file and then click the Encrypt… entry. You will be prompted to enter and then verify an encryption password. Once you’ve verified the password, the test.txt.gpg file will appear in

The decryption process is the same.

  1. Open the file manager.
  2. Navigate to the encrypted file.
  3. Right-click the encrypted file.
  4. Click Open with Decrypt File.
  5. When prompted, give the new file a name and click Enter.
  6. When prompted, enter the decryption password and click Enter.

The encrypted file will now be decrypted and ready to use.

acme.sh SSL using manual DNS method?

April 9th, 2022 Comments off

To provision SSL certificate using acme.sh with manual DNS verification method, run

acme.sh --issue -d DOMAIN_NAME --dns -d www.DOMAIN_NAME --yes-I-know-dns-manual-mode-enough-go-ahead-please

When you run this command, you will get DNS TXT entry that needed to be added to your DNS server. Login to your DNS provider, add the DNS entry, then run the following command to confirm the SSL creation.

acme.sh --renew -d DOMAIN_NAME -d www.DOMAIN_NAME --yes-I-know-dns-manual-mode-enough-go-ahead-please --debug

How to recover directadmin server from crash drive.

August 24th, 2013 Comments off

How to recover direct admin server from crash drive.

First of all mount the crash disk. In my case I am mounting it in /mnt

Now, you have to copy the data from old disk to new disk using below commands

cp -avprf /mnt/etc/passwd /etc/
cp -avprf /mnt/etc/group /etc/
cp -avprf /mnt/etc/shadow /etc/
cp -avprf /mnt/etc/gshadow /etc/
cp -avprf /mnt/etc/my.cnf /etc/
cp -avprf /mnt/etc/exim* /etc/
cp -avprf /mnt/etc/hosts /etc/
cp -avprf /mnt/etc/httpd/conf/* /etc/httpd/conf/
cp -avprf /mnt/etc/named.conf /etc/
cp -avprf /mnt/etc/proftpd.conf /etc/
cp -avprf /mnt/etc/proftpd.passwd /etc/
cp -avprf /mnt/etc/proftpd.vhosts.conf /etc/
cp -avprf /mnt/etc/resolv.conf /etc/
cp -avprf /mnt/etc/system_filter.exim /etc/
cp -avprf /mnt/usr/local/directadmin/conf /usr/local/directadmin/
cp -avprf /mnt/usr/local/directadmin/plugins /usr/local/directadmin/
cp -avprf /mnt/etc/mail /etc/
cp -avprf /mnt/etc/virtual /etc/
cp -avprf /mnt/var/named /var/
cp -avprf /mnt/var/spool/cron /var/spool/
cp -avprf /mnt/var/spool/virtual /var/spool/
cp -avprf /mnt/var/www /var/
cp -avprf /mnt/usr/local/directadmin/data /usr/local/directadmin/
cp -avprf /mnt/var/lib/mysql /var/lib/
cp -avprf /mnt/home/* /home/

 

Once data has been copied from old disk to new disk you have to compile apache and php using direct admin custom script. After successful compilation sites will start working fine.

 

 

Categories: DirectAdmin Tags:
%d bloggers like this: