How to Prevent DDoS Attack
All web servers been connected to the Internet subjected to DoS (Denial of Service) or DDoS (Distrubuted Denial of Service) attacks in some kind or another, where hackers or attackers launch large amount connections consistently and persistently to the server, and in advanced stage, distributed from multiple IP addresses or sources, in the hope to bring down the server or use up all network bandwidth and system resources to deny web pages serving or website not responding to legitimate visitors.
You can detect the ddos using the following command
netstat -anp|grep tcp|awk '{print $5}'| cut -d : -f1|sort|uniq -c|sort -n
It will shows the number of connections from all IPs to the server.
There are plenty of ways to prevent, stop, fight and kill off DDoS attack, such as using firewall. A low cost, and probably free method is by using software based firewall or filtering service. (D)DoS-Deflate is a free open source Unix/Linux script by MediaLayer that automatically mitigate (D)DoS attacks. It claims to be the best, free, open source solution to protect servers against some of the most excruciating DDoS attacks.
(D)DoS-Deflate script basically monitors and tracks the IP addresses are sending and establishing large amount of TCP network connections such as mass emailing, DoS pings, HTTP requests) by using netstat command, which is the symptom of a denial of service attack. When it detects number of connections from a single node that exceeds certain preset limit, the script will automatically uses APF or IPTABLES to ban and block the IPs. Depending on the configuration, the banned IP addresses would be unbanned using APF or IPTABLES (only works on APF v 0.96 or better).
Installation and setup of (D)DOS-Deflate on the server is extremely easy. Simply login as root by open SSH secure shell access to the server, and run the the following commands one by one:
wget http://www.inetbase.com/scripts/ddos/install.sh
chmod 0700 install.sh
./install.sh
To uninstall the (D)DOS-Deflate, run the following commands one by one instead:
wget http://www.inetbase.com/scripts/ddos/uninstall.ddos
chmod 0700 uninstall.ddos
./uninstall.ddos
The configuration file for (D)DOS-Deflate is ddos.conf, and by default it will have the following values:
Code:
FREQ=1
NO_OF_CONNECTIONS=50
APF_BAN=1
KILL=1
EMAIL_TO=”root”
BAN_PERIOD=600
Users can change any of these settings to suit the different need or usage pattern of different servers. It’s also possible to whitelist and permanently unblock (never ban) IP addresses by listing them in /usr/local/ddos/ignore.ip.list file. If you plan to execute and run the script interactively, users can set KILL=0 so that any bad IPs detected are not banned.
November 23, 2011
How to increase the memory limit of php
How to increase the memory limit of php
If you have seen an error like “Fatal Error: PHP Allowed Memory Size Exhausted” in apache logs or in your browser, this means that PHP has exhausted the maximum memory limit. This post will show 3 different ways on how you can increase the php memory limit and also explain when you should use them.
First, let’s see where is this limit coming from. Normally you will see from the error message what is the actual limit, as this will look like:
"PHP Fatal error: Allowed memory size of X bytes exhausted (tried to allocate Y) in whatever.php"
The default value might differ depending on what php version and linux distribution you are running, but normally this will be set to either 8M or 16M. For example on my debian etch, running on php 5.2 this is set by default at 16M.
In order to identify the current value on your system, look inside your php.ini and search for memory_limit:
memory_limit = 16M ; Maximum amount of memory a script may consume (16MB)
There are three ways to change this value, the obvious way - changing the global value from php.ini, but also an individual method to change it just for a script, or folder.
1. Changing memory_limit globally from php.ini
This is the simplest and most obvious method. You just edit your php.ini and change the memory_limit to whatever you need. For ex:
memory_limit = 32M
You will require access to make changes to php.ini on the system. This change is global and will be used by all php scripts running on the system. Once you change this value, you will need to restart the web server in order for it to become active.
Keep in mind that this limit has its logic and don’t increase it artificially, as poorly written php scripts might overkill your system without proper limits.
Note: if you know what you are doing and want to remove the memory limit, you would set this value to -1.
2. Changing memory_limit using .htaccess for a single folder/vhost
Changing the global memory_limit might not be a good idea, and you might be better changing this only inside one folder (normally one application or virtual host) that needs this value changed for its functionality. To do this you have to add to the respective location .htaccess something like:
php_value memory_limit 64M
This change will be local only, and can be useful for webmasters that don’t have control on the system php.ini. This change would not require a reload and will become active immediately.
3. Changing memory_limit inside a single php script.
For even more control you can set this directive inside a single php script. To do so you would use in your code:
ini_set('memory_limit', '64M');
The advantage of this method is that you have more control and set this value just where you know it is really needed. Also it can be done without having access to the system php.ini, and will become active immediately.
Note: in order to be able to use these PHP resource limits, your PHP version must have been compiled with the –enable-memory-limit configure option. Normally most packed versions will have this, but just in case if this doesn't work for you as expected, check on how php was compiled first.
If you have seen an error like “Fatal Error: PHP Allowed Memory Size Exhausted” in apache logs or in your browser, this means that PHP has exhausted the maximum memory limit. This post will show 3 different ways on how you can increase the php memory limit and also explain when you should use them.
First, let’s see where is this limit coming from. Normally you will see from the error message what is the actual limit, as this will look like:
"PHP Fatal error: Allowed memory size of X bytes exhausted (tried to allocate Y) in whatever.php"
The default value might differ depending on what php version and linux distribution you are running, but normally this will be set to either 8M or 16M. For example on my debian etch, running on php 5.2 this is set by default at 16M.
In order to identify the current value on your system, look inside your php.ini and search for memory_limit:
memory_limit = 16M ; Maximum amount of memory a script may consume (16MB)
There are three ways to change this value, the obvious way - changing the global value from php.ini, but also an individual method to change it just for a script, or folder.
1. Changing memory_limit globally from php.ini
This is the simplest and most obvious method. You just edit your php.ini and change the memory_limit to whatever you need. For ex:
memory_limit = 32M
You will require access to make changes to php.ini on the system. This change is global and will be used by all php scripts running on the system. Once you change this value, you will need to restart the web server in order for it to become active.
Keep in mind that this limit has its logic and don’t increase it artificially, as poorly written php scripts might overkill your system without proper limits.
Note: if you know what you are doing and want to remove the memory limit, you would set this value to -1.
2. Changing memory_limit using .htaccess for a single folder/vhost
Changing the global memory_limit might not be a good idea, and you might be better changing this only inside one folder (normally one application or virtual host) that needs this value changed for its functionality. To do this you have to add to the respective location .htaccess something like:
php_value memory_limit 64M
This change will be local only, and can be useful for webmasters that don’t have control on the system php.ini. This change would not require a reload and will become active immediately.
3. Changing memory_limit inside a single php script.
For even more control you can set this directive inside a single php script. To do so you would use in your code:
ini_set('memory_limit', '64M');
The advantage of this method is that you have more control and set this value just where you know it is really needed. Also it can be done without having access to the system php.ini, and will become active immediately.
Note: in order to be able to use these PHP resource limits, your PHP version must have been compiled with the –enable-memory-limit configure option. Normally most packed versions will have this, but just in case if this doesn't work for you as expected, check on how php was compiled first.
Deny users and groups in Openssh
OpenSSH has two directives for allowing and denying ssh user access.
DenyUsers user1 user2 user3
Use to block user login. You can use wild cards as well as user1@somedomain.com (user1 is not allowed to login from somedomain.com host) pattern.
DenyGroups group1 group2
A list of group names, if user is part of primary of supplementary group login access is denied. You can use wildcards.
Please note that you cannot use a numeric group or username ID. If these directives are not used, default is to allow everyone.
AllowUsers user1 user2
This directive is opposite of DenyUsers directive.
AllowGroups group1 group2
This directive is opposite of DenyGroups directive.
You should always block access to root user/group:
Open /etc/ssh/sshd_config file:
# vi /etc/ssh/sshd_config
Append following names (directives):
DenyUsers root finadmin
DenyGroups root finadmin
Make sure at least one user is allowed to use 'su -' command.
Save the file and restart the sshd.
This is a secure setup and you are restricting the users allowed to access the system via SSH with four above directives.
DenyUsers user1 user2 user3
Use to block user login. You can use wild cards as well as user1@somedomain.com (user1 is not allowed to login from somedomain.com host) pattern.
DenyGroups group1 group2
A list of group names, if user is part of primary of supplementary group login access is denied. You can use wildcards.
Please note that you cannot use a numeric group or username ID. If these directives are not used, default is to allow everyone.
AllowUsers user1 user2
This directive is opposite of DenyUsers directive.
AllowGroups group1 group2
This directive is opposite of DenyGroups directive.
You should always block access to root user/group:
Open /etc/ssh/sshd_config file:
# vi /etc/ssh/sshd_config
Append following names (directives):
DenyUsers root finadmin
DenyGroups root finadmin
Make sure at least one user is allowed to use 'su -' command.
Save the file and restart the sshd.
This is a secure setup and you are restricting the users allowed to access the system via SSH with four above directives.
Automatic Login using expect tool and ssh
Automatic Login using expect tool and ssh
In order to save time it is possible to save the login information to a file and then use the expect tool to login to a server.
Before you proceed with this,make sure that expect tool is installed.
else install expect tool
#yum install expect
Now save the login information to a file. Take a look at the below example.
vi server1
#!/usr/bin/expect -f
spawn ssh root@192.168.0.254
expect "password:"
send "password\r"
expect "#"
interact
save the file and exit. Make sure you replace the password in send "password\r" with the real password leaving \r alone. Else you will have to press enter to login to the server
Now use the command to login to the server 192.168.0.254
expect server1
Thats it you have logged in. No password nothing.
In order to save time it is possible to save the login information to a file and then use the expect tool to login to a server.
Before you proceed with this,make sure that expect tool is installed.
else install expect tool
#yum install expect
Now save the login information to a file. Take a look at the below example.
vi server1
#!/usr/bin/expect -f
spawn ssh root@192.168.0.254
expect "password:"
send "password\r"
expect "#"
interact
save the file and exit. Make sure you replace the password in send "password\r" with the real password leaving \r alone. Else you will have to press enter to login to the server
Now use the command to login to the server 192.168.0.254
expect server1
Thats it you have logged in. No password nothing.
SSO of Alfresco with CAS
Notes for
Installation and configuration of Alfresco
Installation of CAS
Integration of Alfresco Explorer and Share with CAS
SSO
You can mail me on pcgeopc@gmail.com
Installation and configuration of Alfresco
Installation of CAS
Integration of Alfresco Explorer and Share with CAS
SSO
You can mail me on pcgeopc@gmail.com
November 22, 2011
Drush
“drush” is a command line shell and scripting interface for Drupal, a veritable Swiss Army knife designed to make life easier for those of us who spend some of our working hours hacking away at the command prompt. In general
• drush is a command line shell and scripting interface for Drupal.
• drush is not a module
• It is valid to use the latest '7.x' (or master) no matter what your version of Drupal is. Drush is independent of Drupal version
Installation:
1. Untar the tarball into a folder outside of your web site (/path/to/drush)
2. Make the 'drush' command executable:
$ chmod u+x /path/to/drush/drush
3. (Optional, but recommended:) To ease the use of drush,
- create a link to drush in a directory that is in your PATH, e.g.:
$ ln -s /path/to/drush/drush /usr/local/bin/drush
NOTE ON PHP.INI FILES
Usually, php is configured to use separate php.ini files for the web server and the command line. To see which php.ini file drush is using, run:
$ drush status
Compare the php.ini that drush is using with the php.ini that the webserver is using. Make sure that drush's php.ini is given as much memory to work with asthe web server is; otherwise, Drupal might run out of memory when drush bootstraps it.
Drush requires a fairly unrestricted php environment to run in. In particular, you should insure that safe_mode, open_basedir, disable_functions and disable_classes are empty.
If drush is using the same php.ini file as the web server, you can create a php.ini file exclusively for drush by copying your web server's php.ini file to the folder $HOME/.drush or the folder /etc/drush. Then you may edit this file and change the settings described above without affecting the php enviornment of your web server.
4. Start using drush by running "drush" from your Drupal root directory.
Drush Commands:
You can find the drush commands from the url: http://drush.ws/
• drush is a command line shell and scripting interface for Drupal.
• drush is not a module
• It is valid to use the latest '7.x' (or master) no matter what your version of Drupal is. Drush is independent of Drupal version
Installation:
1. Untar the tarball into a folder outside of your web site (/path/to/drush)
2. Make the 'drush' command executable:
$ chmod u+x /path/to/drush/drush
3. (Optional, but recommended:) To ease the use of drush,
- create a link to drush in a directory that is in your PATH, e.g.:
$ ln -s /path/to/drush/drush /usr/local/bin/drush
NOTE ON PHP.INI FILES
Usually, php is configured to use separate php.ini files for the web server and the command line. To see which php.ini file drush is using, run:
$ drush status
Compare the php.ini that drush is using with the php.ini that the webserver is using. Make sure that drush's php.ini is given as much memory to work with asthe web server is; otherwise, Drupal might run out of memory when drush bootstraps it.
Drush requires a fairly unrestricted php environment to run in. In particular, you should insure that safe_mode, open_basedir, disable_functions and disable_classes are empty.
If drush is using the same php.ini file as the web server, you can create a php.ini file exclusively for drush by copying your web server's php.ini file to the folder $HOME/.drush or the folder /etc/drush. Then you may edit this file and change the settings described above without affecting the php enviornment of your web server.
4. Start using drush by running "drush" from your Drupal root directory.
Drush Commands:
You can find the drush commands from the url: http://drush.ws/
September 12, 2011
Puppet script for installing Apache, Mysql & PHP (LAMP) for all Linux operating systems.
Click here for the link to have a generalized puppet script for installing Apache, Mysql and PHP on any Linux Operating Systems.
For git hub url click here or git@github.com:geopcgeo/LAMP.git
For git hub url click here or git@github.com:geopcgeo/LAMP.git
Subscribe to:
Posts (Atom)