My Experiments for Truth.

Following is the instructions to upgrade your Dedicated Server’s PHP from version 5.3 to 5.5 on DirectAdmin platform: Step 1: ssh to the server Step 2: Enter following commands: #cd /usr/local/DirectAdmin/custombuild #./build set php5_ver 5.5 #./build update #./build php n #services httpd restart Once it’s done, confirm the upgrade by: #php -v

This script will check the last 10 highest number of IP connections and will give the location of the IP address with connections more than 50. root@xxxx [~]# cat checkddos #!/bin/bash ################################################### # Script Name :checkddos # Created By : Jino Joseph # Created Date : 01-Jul-2013 # Last Modified : 01-Jul-2013 # Purpose : Finds the IPs with connections higher than 50 show the ip location ################################################### netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr | head -10 | sed -e 's/^[ \t]*//' | sed -e 's/ /#/g' > result.txt for i in `cat result.txt`; do echo $i > temp.txt; No=$(cat temp.txt | gawk -F '#' '{print $1}'); IP=$(cat temp.txt | gawk -F '#' '{print $2}'); Num=${No/\.*} if [ $Num -gt 50 ] && [ $IP != '127.0.0.1' ] then echo -e " $IP : $Num \n " url="http://www.ipaddressloc

We are all at least generally familiar with the software development cycles, and different software developers use different release schedules according to the testing phase the software is in at the time. For example, some developers use an alpha, beta, release candidate (RC) type of release schedule, and each of these may have varying levels of releases. The cPanel release schedule is very similar to the manner in which Linux distributions are released. cPanel updates in a variety of release tiers. Server administrators may then choose which release version is applicable to their system requirements. The following are cPanel’s current release tiers: ########################################### Stable Release Current Edge Long-term support Each of the above cPanel release tiers represents various stages of the software development cycle. While the final decision to which release version to deploy is entirely up to the organizational decision-makers, i

#!/bin/bash LoadFloat=$(uptime | gawk -F 'load average:' '{print $2}' | awk '{print $1}' | sed -e 's/,//g') Load=${LoadFloat/\.*} LoadLimit=6 # This is the Load threshold that is to be set by your server requirements. if [ $Load -lt $LoadLimit ] then exit 1 else echo "Load is High " $Load # email subject SUBJECT="LOAD is $LoadFloat in CP6!!!" # Email To ? EMAIL="9207421@way2sms.com" # Email text/message EMAILMESSAGE="/tmp/emailmessage.txt" echo "Hi Team, " > $EMAILMESSAGE echo " " >> $EMAILMESSAGE echo " " >> $EMAILMESSAGE echo "The Load in CP6 is $LoadFloat">> $EMAILMESSAGE echo "Please Login and Have a check Immediately!!!!" >>$EMAILMESSAGE echo " " >> $EMAILMESSAGE echo " " >> $EMAILMESSAGE echo "Regards," >> $EMAILMESSAGE echo "System Ad

In Wordpress : ############## phpmyadmin >> take the database >> take the wp_users table >> Edit the "siteurl" and "home" fields to http://ipaddress/~username Now login to wp-admin and go to Settings >> permalink >> change to default >> click save >> then change to post >> Then save again. In Joomla : ########### Edit the "$mosConfig_live_site" field in the configuration file to http://ipaddress/~username

On a mysql server there are a lot of queries to optimize and a lot of load generated by them. I’ll try to present the most usual optimization issues and how to identify them. First you’ll have to check mysql service settings . You can check them manually by following commands in mysql command line: mysql>show variables; or mysql>show variables like ‘%cache%’; and mysql> show status; you can check the counters and increase or decrease them according to their usage and limits. The more easy way is to use some scripts to check mysql settings like : MySQL performance tuning primer script (tuning-primer.sh). First and most important optimization is to activate and set query_cache and query_cache_size to lower disk IO usage. After that you will have to check the running queries . For that you’ll need to enable first : log-slow-queries= /var/lib/mysql/mysql-slow.log long-query-time=3 in my.cnf then touch /var/lib/mysql/mysql-slow.log and set owner as

You can put the below code in a memory.php file and then view the result from browser by http://yourdomain.com/memory.php echo 'Current Memory Usage: '.number_format(memory_get_usage()/1024/1024,"2",".",",").' MB'."\r\n"; echo 'Current Memory Allocted: '.number_format(memory_get_usage(true)/1024/1024,"2",".",",").' MB'."\r\n"; echo 'Peak Memory Usage: '.number_format((memory_get_peak_usage()/1024/1024),"2",".",",").' MB'."\r\n"; echo 'Peak Memory Allocated: '.number_format((memory_get_peak_usage(true)/1024/1024),"2",".",",").' MB';

CURLOPT_RETURNTRANSFER is a simple way of copying a file from a remote server onto your own. However, if you’re downloading a large file you may hit memory limits because the entire contents of the download have to be read to memory before being saved. Note: Even if your memory limit is set extremely high, you would be putting unnecessary strain on your server by reading in a large file straight to memory. Instead you can write the download straight to a file stream using CURLOPT_FILE. Download file with cURL & PHP $url = 'http://www.example.com/a-large-file.zip'; $path = '/path/to/a-large-file.zip'; $fp = fopen($path, 'w'); $ch = curl_init($url); curl_setopt($ch, CURLOPT_FILE, $fp); $data = curl_exec($ch); curl_close($ch); fclose($fp);

You can find using this command as which user Apache is running # echo $(ps axho user,comm|grep -E "httpd|apache"|uniq|grep -v "root"|awk 'END {if ($1) print $1}')

It will be very difficult to delete all the files of the result of Clamscan. In some cases the infected files will be more than 2000. The command for clamscan is # clamscan -r -i /home/username/public_html/ -l clamscan_username.txt # cat clamscan_username.txt Will show the content as : /home/username/public_html/.guestbook/baru.txt: Exploit.E107-1 FOUND /home/username/public_html/newlog/hideme: Hacktool.Fakeproc FOUND /home/username/public_html/newlog/.log/hideme: Hacktool.Fakeproc FOUND /home/username/public_html/newlog/.log/t3394: Linux.RST.B FOUND /home/username/public_html/newlog/.log/guard: Linux.RST.B FOUND You can delete all the files listed there by using the below command in a split of second. # for i in `cat /root/clamscan_username.txt | gawk -F ': ' '{print $1}'`; do rm -rf $i; done Make sure that you have got confirmation from the customer before deleting all his infected files. :-)

#!/bin/bash for i in `cat domains.lst`; do FileName=$i.db; FileBack=$FileName"_bk"; if [ -f $FileName ]; then find . -maxdepth 1 -type f -name $FileName | xargs sed 's/.*MX.*/'"$i."' 14400 IN MX 10 mx.spamexperts.com.\n'"$i."' 14400 IN MX 20 fallbackmx.spamexperts.eu.\n'"$i."' 14400 IN MX 30 lastmx.spamexperts.net./g' > $FileBack; mv -f $FileBack $FileName else echo $FileName " Doesnt Exists...................!!!!! "; fi done Note: Where domains.lst contains the domain names that needs to be replaced the MX entries with SpamExperts MX entries.

#!/bin/bash grep -rl 'pdhcentral.com' . > recordsa_pdhcentral.txt for i in `cat recordsa_pdhcentral.txt`; do FileName=$i; FileBack=$FileName"_bk"; if [ -f $FileName ]; then sed 's/.*pdhcentral.*//g' $FileName > $FileBack; mv -f $FileBack $FileName else echo $FileName " Doesnt Exists...................!!!!! "; fi done

Step 1 - Check requirements The first step to upgrading Redmine is to check that you meet the requirements for the version you're about to install. Ruby Version: ruby -v Rails Version : rails -v Rubygems Version : gem -v * Ruby should be 1.8.7 or higher. * Rails should be 3.2.13 * Gems should be 1.8 or higher. If rails are not uptodate, you can install the rails with version specific, using the below command: # gem install rails -v=3.2.13 --no-ri --no-rdoc Step 2 - Backup It is recommended that you backup your database and file uploads. Most upgrades are safe but it never hurts to have a backup just in case. A. Backup the files. All file uploads are stored to the files/ directory. You can copy the contents of this directory to another location to easily back it up. B. Backup the database. mysqldump -u redmine_user -predmine123# redmine | gzip > /var/www/redmine_`date +%y_%m_%d`.gz Step 3 - Download the 2.3 stable version # cd /var/www/ # mv rai

#!/bin/bash ################################################### # Script Name : StopDdosAttack # Created By : Jino Joseph # Created Date : 20-Mar-2013 # Last Modified : 21-Mar-2013 # Purpose : Finds the IPs with connections higher than 80 and block in firewall & # Also send notification mails with the blocked IP(s). ################################################### netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr | head -5 | sed -e 's/^[ \t]*//' | sed -e 's/ /#/g' > result.txt CSF=/usr/sbin/csf FIREWALL=0 IPCOUNT=`cat result.txt | wc -l` ITERATION=0 # Key to check if the loop is finished for restarting the firewall for i in `cat result.txt`; do echo $i > temp.txt; No=$(cat temp.txt | gawk -F '#' '{print $1}'); IP=$(cat temp.txt | gawk -F '#' '{print $2}'); Num=${No/\.*} if [ $Num -gt 80 ] && [ $IP != '127.0.0.1' ] then $CSF

First install expect in your local machine. For ubuntu : apt-get install expect. For Centos : yum install expect. Create a file sshlogin chmod +x sshlogin #!/usr/bin/expect set timeout 10 log_user 0 spawn ssh -p 1707 sshadmin@ipaddress expect "*?assword:*" send -- "sshadminPassword\r" expect "*sshadmin@*" send "su -\n" expect "*?assword:*" send -- "rootPassword\r" send "uptime\n" interact 1. Where 1707 is the ssh port, 2. ipaddress is the IP address of your server to which you need to login. 3. Replace "sshadminPassword" with your sshadmin password. 4. Replace "rootPassword" with your root password. 5. uptime is the command to execute after login to the server. You can give any command here. You can also try ( MTputty ) in Windows machine for this purpose. After installing the Mtputty Go to Server Menu >> Add Server >> Script Tab Enter the