Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - zirvesunucum

Pages: [1]
1
SSL / SSL Problem - CWPSRV Not starting!
« on: July 30, 2017, 07:06:46 PM »
Hello,

Cwp server in a little problem.

Please check this image : http://prntscr.com/g27w4t

The ssl files are automatically deleted by the cwp system.

How to fix this problem.

Thanks for all interest.
Best Regards.

2
SSL / SSL Install After Apache 98 Error
« on: July 23, 2017, 02:52:23 PM »
Hello,

I want the renew my letsencrypt certificates but i met this problem.



How to fix this problem?

Thank you for interest.

Best Regards.

3
CentOS Configuration / How to disable redirecting URL - CWP - Centos Web Panel
« on: May 07, 2017, 02:25:08 PM »
Hello,

How do I disable CWP-directed URL addresses?

Example : And Others
domain.com/whm
domain.com/roundcube
domain.com/webmail
domain.com/cpanel
domain.com/cwp
domain.com/phpmyadmin

I want to block access to all and just redirect it the site.

Regards.

4
FTP / How To Change Default FTP-PORT 21 - Centos Web Panel
« on: April 25, 2017, 10:27:51 PM »
Login your server on ssh.

Step -1 =)  FTP Settings File Edit

nano /etc/pure-ftpd/pure-ftpd.conf

Step -2 =)  Find line : #Bind

Click  CTRL + W - write #Bind and push enter.

Step -3 =)  Adding line new port: http://prntscr.com/f0tvk9

Bind PORT

Example for port 211:
Code: [Select]
Bind 211
Last Step -)

service pure-ftpd restart

Do not forget to open it in the firewall you are using your new port.

5
CSF Firewall / CWP - Only Apache - No Proxy - PROTECT L7 DDOS ATTACKS
« on: April 23, 2017, 09:02:27 PM »
Hello,

Centos Web Panel, protect you server L7 ddos attacks.
Hardening kernel and maximum traffic request limiting on centos.

How to blocking LAYER 7 ddos attacks?

Step by step ;

Activate load modules in apache :

Code: [Select]
LoadModule allowmethods_module modules/mod_allowmethods.so
LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
LoadModule ratelimit_module modules/mod_ratelimit.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule request_module modules/mod_request.so
LoadModule filter_module modules/mod_filter.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule expires_module modules/mod_expires.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_form_module modules/mod_auth_form.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule cache_module modules/mod_cache.so
LoadModule mime_module modules/mod_mime.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule session_module modules/mod_session.so
LoadModule session_cookie_module modules/mod_session_cookie.so
LoadModule session_crypto_module modules/mod_session_crypto.so
LoadModule session_dbd_module modules/mod_session_dbd.so
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule dir_module modules/mod_dir.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
Go to CSF firewall and enable csf firewall

Customise Your Settings :
Opened UDP Ports and Opened TCP Ports , PORT FLOOD Settings , SYN FLOOD Settings.


Last Step :

Login your vps root account.

Back up files.

cd /etc/
cp sysctl.conf sysctl.conf.bak

Backup later open this file

nano /etc/sysctl.conf

Delete all lines and copy paste this lines :

Code: [Select]
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
# sysctl.conf(5) for more details.
#
# Use '/sbin/sysctl -a' to list all possible parameters.

# ICMP BLOCKER
net.ipv4.icmp_echo_ignore_all = 1

# Controls source route verification
net.ipv4.conf.default.rp_filter = 1

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0

# SYN ve DDOS PROTECTION
kernel.printk = 4 4 1 7
kernel.panic = 10
kernel.sysrq = 0
kernel.shmmax = 4294967296
kernel.shmall = 4194304
kernel.core_uses_pid = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
vm.swappiness = 20
vm.dirty_ratio = 80
vm.dirty_background_ratio = 5
fs.file-max = 2097152
net.core.netdev_max_backlog = 262144
net.core.rmem_default = 31457280
net.core.rmem_max = 67108864
net.core.wmem_default = 31457280
net.core.wmem_max = 67108864
net.core.somaxconn = 65535
net.core.optmem_max = 25165824
net.ipv4.neigh.default.gc_thresh1 = 4096
net.ipv4.neigh.default.gc_thresh2 = 8192
net.ipv4.neigh.default.gc_thresh3 = 16384
net.ipv4.neigh.default.gc_interval = 5
net.ipv4.neigh.default.gc_stale_time = 120
net.netfilter.nf_conntrack_max = 10000000
net.netfilter.nf_conntrack_tcp_loose = 0
net.netfilter.nf_conntrack_tcp_timeout_established = 1800
net.netfilter.nf_conntrack_tcp_timeout_close = 10
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 10
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 20
net.netfilter.nf_conntrack_tcp_timeout_last_ack = 20
net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 20
net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 20
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 10
net.ipv4.tcp_slow_start_after_idle = 0
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.ip_no_pmtu_disc = 1
net.ipv4.route.flush = 1
net.ipv4.route.max_size = 8048576
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.tcp_congestion_control = htcp
net.ipv4.tcp_mem = 65536 131072 262144
net.ipv4.udp_mem = 65536 131072 262144
net.ipv4.tcp_rmem = 4096 87380 33554432
net.ipv4.udp_rmem_min = 16384
net.ipv4.tcp_wmem = 4096 87380 33554432
net.ipv4.udp_wmem_min = 16384
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 400000
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rfc1337 = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_fack = 1
net.ipv4.tcp_ecn = 2
net.ipv4.tcp_fin_timeout = 10
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_intvl = 60
net.ipv4.tcp_keepalive_probes = 10
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.ip_forward = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.rp_filter = 1

Congratulations now your server own best ddos protection system L7 GET POST Attacks,HTTP FLOOD Attacks,L4 TCP Floods,SYN Spoofing,IP Spoofing.

Only UDP does not prevent flood attacks, your dns server.

Delete or close the port 53 from the CSF.

You will get protection against udp attacks using companies like yandex and google for free dns hosting service.

Regards. (i hope it works)

# Prepared by: Ahmet BAŞARAN  8)

Pages: [1]