Redirect from non-www to www, and from http to https

In your .htaccess file insert the below lines:

 

r1soft connection refused

The issue (Connection refused and can’t take backup) has been resolved after two steps:

1. enable telnet on windows (In windows, you need to go to control panel, programs, turn windows features on/off and enable the telnet client)

https://stackoverflow.com/questions/38155583/can-not-use-command-telnet-in-git-bash

If telnet is not installed on your server, run this yum install telnet

2. login with ssh and type:

http://wiki.r1soft.com/display/kb3/Activating+License+Keys+-+Access+to+Licensing+Server+from+CDP+Server+%28Ports+And+Firewalls%29

3. If you have issues with the firewall read this:

– You can test the connection now. If you encounter an error as
“connection timed out” or failed to properly communicate with
the agent then you have to change the firewalls settings
( This is the case for a linux box )

– Open the port 1167 or whatever specified :

iptables -I INPUT -p tcp --dport 1167 -j ACCEPT

– After opening the port,connection test is done and if the error
“could not authenticate the agent x.x.x.x” shows up, then the
agent must add the key to authenticate with the server.

To add the backup-server key from the client server,
follow this :

r1soft-setup --get-key :port

You will get the message : Key ‘URL’ successfully installed.

– Add the port number ( from client-server ) to the firewall-allow
list :
# iptables -I INPUT -p tcp --dport -j ACCEPT
# service iptables save
# service iptables restart

Installing/configuring an R1soft backup server !

.htaccess Rule – Redirect all pages to one specific page except an IP address

[ΛΥΣΗ] Το cloudflare δεν ανανεώνει άμεσα τα images, αν έχουν το ίδιο όνομα π.χ. banner.jpg

Είχα ένα Πελάτη ο οποίος έχει ενεργοποιημένο το Cloudflare στην σελίδα του.

Ο συγκεκριμένος έχει φτιάξει ένα joomla html module για τους διαφημιζόμενούς του. Το είχε δημοσιεύσει στην θέση  “BANNER” του template του. Στον html editor του module, είχε γράψει την παρακάτω html γραμμή:

Όταν λήγει ο διαφημιζόμενος Α, και θέλει να βάλει τον διαφημιζόμενο Β,Γ,Δ κτλ., αυτό που κάνει είναι να ανοίξει το Filezilla και να πάει να αντικαταστήσει την εικόνα “/images/banners/diafimisi.jpg”. Αυτό τον βολεύει καλύτερα, αν και είναι μπακάλικος τρόπος. Στη συνέχεια έκανε refresh τον browser του, αλλά δεν έβλεπε την εικόνα.

Κάθε φορά που ανέβαζε νέο banner μέσω FTP, χτυπούσε το τηλέφωνο. “Γιάννη, ανεβάζω νέο banner αλλά δεν το βλέπω στο site”.

ΛΥΣΗ:

Αν θέλετε να αποφύγετε το clean cache του Cloudflare για να βλέπει ο Πελάτης άμεσα το banner, μετατρέψτε την html line στο Joomla! έτσι:

How to block access to a server by IP address on Linux

List blocked IP’s:

List blocked IP’s:

Remove blocked IP:

Resource: http://www.faqforge.com/linux/how-to-block-access-to-a-server-by-ip-address-on-linux/

Linux Malware Detect (maldet)

Current Release:
http://www.rfxn.com/downloads/maldetect-current.tar.gz 
http://www.rfxn.com/appdocs/README.maldetect
http://www.rfxn.com/appdocs/CHANGELOG.maldetect

Description
Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. In addition, threat data is also derived from user submissions with the LMD checkout feature and from malware community resources. The signatures that LMD uses are MD5 file hashes and HEX pattern matches, they are also easily exported to any number of detection tools such as ClamAV.

The driving force behind LMD is that there is currently limited availability of open source/restriction free tools for Linux systems that focus on malware detection and more important that get it right. Many of the AV products that perform malware detection on Linux have a very poor track record of detecting threats, especially those targeted at shared hosted environments.

The threat landscape in shared hosted environments is unique from that of the standard AV products detection suite in that they are detecting primarily OS level trojans, rootkits and traditional file-infecting viruses but missing the ever increasing variety of malware on the user account level which serves as an attack platform.

Using the CYMRU malware hash registry, which provides malware detection data for 30 major AV packages, we can demonstrate this short coming in current threat detection. The following is an analysis of the core MD5 hashes (5,393) in LMD 1.4.0 and the percentage of major AV products that currently detect the hashes.

What this information means, is that of the of the 5,393 hashes, 81% or 4,364 malware items are not detected / known by the top 30 major AV packages. The 1,029 malware items that are known / detected have an average of a 48% detection rate among major AV packages with a low / high margin of detection at 58 and 80 percent respective. This clearly demonstrates the lacking capability in currently available tools and why it is important that something fill the void, especially in the Linux shared hosted environment.

Features:
– MD5 file hash detection for quick threat identification
– HEX based pattern matching for identifying threat variants
– statistical analysis component for detection of obfuscated threats (e.g: base64)
– integrated detection of ClamAV to use as scanner engine for improved performance
– integrated signature update feature with -u|–update
– integrated version update feature with -d|–update-ver
– scan-recent option to scan only files that have been added/changed in X days
– scan-all option for full path based scanning
– checkout option to upload suspected malware to rfxn.com for review / hashing
– full reporting system to view current and previous scan results
– quarantine queue that stores threats in a safe fashion with no permissions
– quarantine batching option to quarantine the results of a current or past scans
– quarantine restore option to restore files to original path, owner and perms
– quarantine suspend account option to Cpanel suspend or shell revoke users
– cleaner rules to attempt removal of malware injected strings
– cleaner batching option to attempt cleaning of previous scan reports
– cleaner rules to remove base64 and gzinflate(base64 injected malware
– daily cron based scanning of all changes in last 24h in user homedirs
– daily cron script compatible with stock RH style systems, Cpanel & Ensim
– kernel based inotify real time file scanning of created/modified/moved files
– kernel inotify monitor that can take path data from STDIN or FILE
– kernel inotify monitor convenience feature to monitor system users
– kernel inotify monitor can be restricted to a configurable user html root
– kernel inotify monitor with dynamic sysctl limits for optimal performance
– kernel inotify alerting through daily and/or optional weekly reports
– e-mail alert reporting after every scan execution (manual & daily)
– path, extension and signature based ignore options
– background scanner option for unattended scan operations
– verbose logging & output of all actions

More details: https://www.rfxn.com/projects/linux-malware-detect/

My Useful SSH commands

VIEW LOGS

email:

error:

access:

CLEAN LOGS

for CPANEL:

for PLESK:

REMOVE FILES/DIRECTORIES

How to delete an entire directory via SSH | Posted on March 31, 2008 by Dusty Reagan
I know this is probably common knowledge to Linux and Unix geeks. But every time I need to remove a directory with files in my NearlyFreeSpeech.Net SSH terminal I end up having to google for the command. So here it is for anyone else who’s out there googling!

rm -r -f YourDirectoryPathGoesHere
rm = remove / delete
-r = recursively deletes the directory and all files in it, including subdirectories
-f = will not ask for confirmation before deleting

My suggestion:

SEARCH/FIND

Search anywhere in the server.

MALWARE DETECT

Scan all domains:

Scan one domain:

Get the logs.

RESOURCES

(Plesk) Logs and configuration files.

http://kb.parallels.com/en/111283

Common SSH Commands

http://kb.mediatemple.net/questions/247/Common+SSH+Commands#gs

How to upgrade from PHP 3.x to PHP 5.4.x on CentOS 6

1. Install epel and remi repositories:

2. Enable remi repository:

3. In the [remi] section of the file “/etc/yum.repos.d/remi.repo”, set the “enabled” option to 1.
4. Upgrade PHP with this command:

That’s all! 🙂

Block Visitors by Country through .htaccess

You can now block them easily with our free blocking service for Apache Web Server. Simply select the countries you want to block from your Website and press the “Download” button.

Instantly, the .htaccess information is generated for you. Copy and paste this generated code into your .htaccess file and it denies the visitors from the selected country to access your Website. You can efficiently block unwanted traffic from non-converting, fraud and spamming countries you do not want to give access.

If you want to block visitors in IIS Web Server, please consider the commercial edition of the IP2Location ISAPI Filter.

It is very easy to use our IP block country generator.

Download your .htaccess file from here: http://www.ip2location.com/free/visitor-blocker

How to delete an entire directory via SSH

I know this is probably common knowledge to Linux and Unix geeks but every time I need to remove a directory in my SSH terminal I search to google for the command. So here it is for anyone else who’s out there and googling!

rm = remove / delete
-r = recursively deletes the directory and all files in it, including subdirectories
-f = will not ask for confirmation before deleting