Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
31
iptables / How can I config IPTABLES for DDOS aatacks?
« on: July 26, 2018, 10:29:37 AM »
Hello
Here
https://javapipe.com/ddos/blog/iptables-ddos-protection/
it says to put this code :
in your /etc/sysctl.conf file and apply the settings with sysctl -p.
I go to /etc/sysctl.conf it says:
"Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5)."
What can I do?
Can I add the code to /etc/sysctl.conf directly or have to breate a new file ?
What does " apply the settings with sysctl -p" mean?
Thanks
Here
https://javapipe.com/ddos/blog/iptables-ddos-protection/
it says to put this code :
Code: [Select]
kernel.printk = 4 4 1 7
kernel.panic = 10
kernel.sysrq = 0
kernel.shmmax = 4294967296
kernel.shmall = 4194304
kernel.core_uses_pid = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
vm.swappiness = 20
vm.dirty_ratio = 80
vm.dirty_background_ratio = 5
fs.file-max = 2097152
net.core.netdev_max_backlog = 262144
net.core.rmem_default = 31457280
net.core.rmem_max = 67108864
net.core.wmem_default = 31457280
net.core.wmem_max = 67108864
net.core.somaxconn = 65535
net.core.optmem_max = 25165824
net.ipv4.neigh.default.gc_thresh1 = 4096
net.ipv4.neigh.default.gc_thresh2 = 8192
net.ipv4.neigh.default.gc_thresh3 = 16384
net.ipv4.neigh.default.gc_interval = 5
net.ipv4.neigh.default.gc_stale_time = 120
net.netfilter.nf_conntrack_max = 10000000
net.netfilter.nf_conntrack_tcp_loose = 0
net.netfilter.nf_conntrack_tcp_timeout_established = 1800
net.netfilter.nf_conntrack_tcp_timeout_close = 10
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 10
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 20
net.netfilter.nf_conntrack_tcp_timeout_last_ack = 20
net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 20
net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 20
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 10
net.ipv4.tcp_slow_start_after_idle = 0
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.ip_no_pmtu_disc = 1
net.ipv4.route.flush = 1
net.ipv4.route.max_size = 8048576
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.tcp_congestion_control = htcp
net.ipv4.tcp_mem = 65536 131072 262144
net.ipv4.udp_mem = 65536 131072 262144
net.ipv4.tcp_rmem = 4096 87380 33554432
net.ipv4.udp_rmem_min = 16384
net.ipv4.tcp_wmem = 4096 87380 33554432
net.ipv4.udp_wmem_min = 16384
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 400000
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rfc1337 = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_fack = 1
net.ipv4.tcp_ecn = 2
net.ipv4.tcp_fin_timeout = 10
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_intvl = 60
net.ipv4.tcp_keepalive_probes = 10
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.ip_forward = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.rp_filter = 1in your /etc/sysctl.conf file and apply the settings with sysctl -p.
I go to /etc/sysctl.conf it says:
"Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5)."
What can I do?
Can I add the code to /etc/sysctl.conf directly or have to breate a new file ?
What does " apply the settings with sysctl -p" mean?
Thanks
32
CentOS-WebPanel Bugs / Why SSH port doesnot change?
« on: July 24, 2018, 03:53:28 PM »Hi
I changed SSH port 2 days ago in config file /etc/ssh/sshd_config and in CSF firewall and restartd SSH and CSF Firewall many times but I receive a warning about it always:
"WARNING: Security vulnerability! Your server is using default SSH Port 22, to make your server more secure change SSH port in config file /etc/ssh/sshd_config and in CSF firewall !
After changes are done don't forget to restart SSH and CSF Firewall. "
Thanks for your help
33
SSL / What should I do to have SSL on Wordpress with Nginx+ Apache+Varnish webserver?
« on: July 23, 2018, 05:59:25 PM »
Hello
My server is nginx+Varnish+Apache. If I want to have SSL on my wordpress site do I have to use this code:
in .httaccess file?
I do that and get "500 Internal Server Error"
Thanks
My server is nginx+Varnish+Apache. If I want to have SSL on my wordpress site do I have to use this code:
Code: [Select]
server {
listen 80;
server_name example.com www.example.com;
return 301 https://plugin.salamzaban.com$request_uri;
}in .httaccess file?
I do that and get "500 Internal Server Error"
Thanks
34
Nginx / Wich webserver is the best?
« on: July 23, 2018, 05:31:00 PM »Hello
For a newbie what's the best web server to use and can set SSL, mitigate DDOS attacks and cluster it with another servers?
Hproxy+Apache
Varnish+Nginx+Apache
or?
Thanks
35
SSL / SSL depends on Wenserver?
« on: July 23, 2018, 04:07:25 PM »
Hello
Thanks for your attention
When we change our webserver we have to change the SSL settings?
I want to have SSL on Wordpress. It's OK with Apache but when I install Apache+Nginx+Varnish it does not work correctly.
Thanks for your attention
When we change our webserver we have to change the SSL settings?
I want to have SSL on Wordpress. It's OK with Apache but when I install Apache+Nginx+Varnish it does not work correctly.
36
Updates / What does "yum reinstall cwpsrv cwpphp" do?
« on: July 23, 2018, 09:29:02 AM »
Hello
Thanks for your attention
I culdn't enter my CWP panel and used this command:
After that the capacity of my hard increased about 2 Gigs.
What does this command do exactly?
When can I use it?
Can it be dangerous?
Why I have about 2 gig files now?
Thanks
Thanks for your attention
I culdn't enter my CWP panel and used this command:
Code: [Select]
yum reinstall cwpsrv cwpphpAfter that the capacity of my hard increased about 2 Gigs.
What does this command do exactly?
When can I use it?
Can it be dangerous?
Why I have about 2 gig files now?
Thanks
37
CSF Firewall / (Unknown) blocked with too many connections
« on: July 21, 2018, 02:56:56 PM »
Hello
Sometimes I recive an email with this subject and my own IPv6 that shows
Connections: 209
Blocked: Temporary Block for 43200 seconds [CT_LIMIT]
And a long list of Connections like this:
tcp6: 0:0:0:0:My own IPv6 :45334 -> 0:0:0:0:0My own IPv6 :8181 (TIME_WAIT)
What's the reason?
Thanks
Sometimes I recive an email with this subject and my own IPv6 that shows
Connections: 209
Blocked: Temporary Block for 43200 seconds [CT_LIMIT]
And a long list of Connections like this:
tcp6: 0:0:0:0:My own IPv6 :45334 -> 0:0:0:0:0My own IPv6 :8181 (TIME_WAIT)
What's the reason?
Thanks
38
Installation / In a fresh installation of the CWP I see /dev/sda1 is 3.7G .
« on: July 21, 2018, 02:16:04 PM »
Hello
In a fresh installation of the CWP I see /dev/sda1 is 3.7G .
Can I remove it safely?
Thanks
In a fresh installation of the CWP I see /dev/sda1 is 3.7G .
Can I remove it safely?
Thanks
39
Mod_Security / Is this a dos attack?
« on: July 20, 2018, 11:31:14 AM »
Hello
Can you please take a look at this access log?
They request some pages that doesn't exist on my site at the same time with my own IP (54.36.158.33) and the site get database error.
What's the problem?
How can I prevent it?
Thanks
Can you please take a look at this access log?
They request some pages that doesn't exist on my site at the same time with my own IP (54.36.158.33) and the site get database error.
What's the problem?
How can I prevent it?
Thanks
40
Migration from other control panels / CWP to CWP account migration doesnot transfer anything.
« on: July 20, 2018, 05:12:34 AM »
Hello
I have installed a new CWP. Do I have to do anything more from what was said on this link?:
http://wiki.centos-webpanel.com/cwp-to-cwp-account-migration
(Because the destination CWP is a fresh installation and I just did the things that was told in above link for CWP to CWP account migration)
When on the source server I go to "Account Transfer Server (CWP -> CWP)" and check the connnection it shows everything is correct and I start to transfer and wait for some hours each time and it shows "Transfer in progress ...!" but nothing is added to destination server.
Here is the log of /var/log/cwp/account_transfer.log
http://wiki.centos-webpanel.com/cwp-to-cwp-account-migration
2018-07-19 21:28:06 Verifying...!
2018-07-19 21:28:06 Initial process my accounts
2018-07-20 04:23:05 Verifying...!
2018-07-20 04:23:05 Initial process my accounts
2018-07-20 04:28:42 Verifying...!
2018-07-20 04:28:42 Initial process my accounts
2018-07-20 04:34:48 Verifying...!
2018-07-20 04:34:48 Initial process my accounts
The file size and its backup is 8.4 Gig.
Thanks
I have installed a new CWP. Do I have to do anything more from what was said on this link?:
http://wiki.centos-webpanel.com/cwp-to-cwp-account-migration
(Because the destination CWP is a fresh installation and I just did the things that was told in above link for CWP to CWP account migration)
When on the source server I go to "Account Transfer Server (CWP -> CWP)" and check the connnection it shows everything is correct and I start to transfer and wait for some hours each time and it shows "Transfer in progress ...!" but nothing is added to destination server.
Here is the log of /var/log/cwp/account_transfer.log
http://wiki.centos-webpanel.com/cwp-to-cwp-account-migration
2018-07-19 21:28:06 Verifying...!
2018-07-19 21:28:06 Initial process my accounts
2018-07-20 04:23:05 Verifying...!
2018-07-20 04:23:05 Initial process my accounts
2018-07-20 04:28:42 Verifying...!
2018-07-20 04:28:42 Initial process my accounts
2018-07-20 04:34:48 Verifying...!
2018-07-20 04:34:48 Initial process my accounts
The file size and its backup is 8.4 Gig.
Thanks
41
CentOS-WebPanel Bugs / We can not use @#$%^&*()! signs in the password of CWP?
« on: July 18, 2018, 09:50:34 AM »
Hello
We can not use @#$%^&*()! signs in the password of CWP?
When I use them them password doesn't work.
Thanks
We can not use @#$%^&*()! signs in the password of CWP?
When I use them them password doesn't work.
Thanks
42
SSL / Can I add Auto SSL on subdomain that is pointing to different IP?
« on: July 18, 2018, 09:28:03 AM »
Hello
I have a subdoman that is pointing to different IP (on a differebt cpanel download host) and all of my pictures and sound files are on it. I can not publish auto SSL for it?
When I try it sayas: "DNS of your domain doesn't point to this server or you have htaccess restrictions."
How can I solve this problem?
Thanks
I have a subdoman that is pointing to different IP (on a differebt cpanel download host) and all of my pictures and sound files are on it. I can not publish auto SSL for it?
When I try it sayas: "DNS of your domain doesn't point to this server or you have htaccess restrictions."
How can I solve this problem?
Thanks
43
SSL / SSL doesnot install on Wordpress. Please help me.
« on: July 15, 2018, 08:50:31 PM »
Hello
Thanks for your attention.
I have installed ssl and tested it on https://www.sslshopper.com/ssl-checker too and it doesnot have any problem but when I try to install it on the wordpress the site does not work.
I tried some codes on Config.php and htaccess like this:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
and used different plugins too but no result.
I am using Apache+Nginx+Varnish.
I asked such a question in Wordpress.org forum and one of them told it is the problem of the server and not the Wordpress.
Thanks
Thanks for your attention.
I have installed ssl and tested it on https://www.sslshopper.com/ssl-checker too and it doesnot have any problem but when I try to install it on the wordpress the site does not work.
I tried some codes on Config.php and htaccess like this:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
and used different plugins too but no result.
I am using Apache+Nginx+Varnish.
I asked such a question in Wordpress.org forum and one of them told it is the problem of the server and not the Wordpress.
Thanks
44
MySQL / MySQL Processes (live load) can show a slowris DDOS attack?
« on: July 14, 2018, 11:19:00 PM »
Hello
MySQL Processes (live load) can show a slowris DDOS attack?
What does these features mean?
Threads: 8
Questions: 108152
Slow queries: 0
Opens: 476
Flush tables: 1
Open tables: 200
Queries per second avg: 13.693
Thanks
MySQL Processes (live load) can show a slowris DDOS attack?
What does these features mean?
Threads: 8
Questions: 108152
Slow queries: 0
Opens: 476
Flush tables: 1
Open tables: 200
Queries per second avg: 13.693
Thanks
45
CentOS-WebPanel Bugs / White page error
« on: July 14, 2018, 05:20:27 PM »
Hello
When I reboot the server (CWP) or want to install mod security I see a white page and nothing more and I have to open a new page by going to the address of my panel.
How can I solve it?
Thanks for your attention.
When I reboot the server (CWP) or want to install mod security I see a white page and nothing more and I have to open a new page by going to the address of my panel.
How can I solve it?
Thanks for your attention.
