Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - yeknafar

Pages: 1 2 3 [4] 5 6 7
46
Apache / How can I install mod_cloudflare?
« on: July 29, 2018, 11:00:32 PM »
Hello

 I used this code for it but my apache went down. (I fixed it)/ What's the correct way? Thanks
Code: [Select]
Option 3: Manual Installation: RedHat / CentOS / CloudLinux

mod_cloudflare has a few software dependencies that need to be installed first:

# yum install libtool httpd-devel
Next, you should download the mod_cloudflare source to your server:

# wget https://raw.githubusercontent.com/cloudflare/mod_cloudflare/master/mod_cloudflare.c
Finally, install the module. Depending on your system, the command to run might be apxs or apxs2. So, run one of the below two commands. If you get a 'Command not found' when running one, try the other:

# apxs -a -i -c mod_cloudflare.c
# apxs2 -a -i -c mod_cloudflare.c

47
Suggestions / Logging Real Visitor IP Addresses of the Cloudflare
« on: July 29, 2018, 10:04:31 PM »
Hello


-Please add this feature to the next version of the CWP.
- Another suggestion is to make the address of the folders in file manager to be copyable. for example when I go to home/ bla/ bla

I can not copy the address and I have to type it.  :)

Thanks

48
Apache / I did not find them in /usr/local/apache/conf/httpd.conf
« on: July 28, 2018, 06:22:04 AM »
Hello

How can I change these fields in apache?


Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 150
MaxRequestsPerChild 0


I did not find them in /usr/local/apache/conf/httpd.conf



49
Hi

I used the rules from this link

https://javapipe.com/ddos/blog/iptables-ddos-protection/

 for Iptables but now I do not have acces to SSH, CWP and my site is down. What can I do?


50

Hello

I wanted to config IPtable.
I set the rule in /etc/sysctl.conf
I added this rule too iptables -t mangle -A PREROUTING -m conntrack --ctstate INVALID -j DROP


As was said in :
https://javapipe.com/ddos/blog/iptables-ddos-protection/


I did this too:


iptables -P INPUT DROP
iptables -P FORWARD DROP

but now when I want to login to CWP it takes a about 3 minutes to let me in/
I think the problem is with the rule:
I want to detelet it but it says :

Another app is currently holding the xtables lock. Perhaps you want to use the -w option?

I think it doesnot stop.
When I use #service iptables stop
The output is:
Redirecting to /bin/systemctl stop iptables.service

Does it means Iptables has stoped?
After that I can not enter the CWP quicker.
I think Iptables was not installed. I used yum and installed it. maybe it caused the problem..


How can I solve it

Thanks

51
iptables / I do not have /etc/sysconfig/iptables file.
« on: July 26, 2018, 03:04:21 PM »
Hello

I want to config /etc/sysconfig/iptables filebut it doesnot exist. Does it mean IPtable is not active?


Thanks

52
iptables / Re: How can I config IPTABLES for DDOS aatacks?
« on: July 26, 2018, 10:58:16 AM »
How can find the type?
They hammer index,php of the Wordpress or visit the pages that are not available.
I am using Cloudflare too.
As it seems it's kind of Vrute Force Attack.


53
Updates / Re: What does "yum reinstall cwpsrv cwpphp" do?
« on: July 26, 2018, 10:52:11 AM »
You are rith. It was not loaded for me before.

Now it says:

 /
   
11G
   
   
.channels
   
36K
   
   
.well-known
   
16K
   
   
backup
   
3.7G
   
   
boot
   
202M
   
   
etc
   
40M
   
   
home
   
2.3G
   
   
lost+found
   
16K
   
   
media
   
4.0K
   
   
mnt
   
4.0K
   
   
opt
   
4.0K
   
   
root
   
1.7M
   
   
share
   
84K
   
   
srv
   
4.0K
   
   
tmp
   
11M
   
   
usr
   
2.9G
   
   
var
   
1.5G


What should I remove in Var and usr?


Thanks

54
Updates / Re: What does "yum reinstall cwpsrv cwpphp" do?
« on: July 26, 2018, 10:43:55 AM »
Thanks
As it seems it's not the log.
I do not know how can I list files and find it.

71M     /var/log/
83M     /usr/local/apache/logs/
91M     /usr/local/cwpsrv/logs/
11M     /tmp
1.7M    /root
546M    /var/lib/mysql/

55
iptables / How can I config IPTABLES for DDOS aatacks?
« on: July 26, 2018, 10:29:37 AM »
Hello
Here
https://javapipe.com/ddos/blog/iptables-ddos-protection/
it says to put this code :



Code: [Select]
kernel.printk = 4 4 1 7
kernel.panic = 10
kernel.sysrq = 0
kernel.shmmax = 4294967296
kernel.shmall = 4194304
kernel.core_uses_pid = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
vm.swappiness = 20
vm.dirty_ratio = 80
vm.dirty_background_ratio = 5
fs.file-max = 2097152
net.core.netdev_max_backlog = 262144
net.core.rmem_default = 31457280
net.core.rmem_max = 67108864
net.core.wmem_default = 31457280
net.core.wmem_max = 67108864
net.core.somaxconn = 65535
net.core.optmem_max = 25165824
net.ipv4.neigh.default.gc_thresh1 = 4096
net.ipv4.neigh.default.gc_thresh2 = 8192
net.ipv4.neigh.default.gc_thresh3 = 16384
net.ipv4.neigh.default.gc_interval = 5
net.ipv4.neigh.default.gc_stale_time = 120
net.netfilter.nf_conntrack_max = 10000000
net.netfilter.nf_conntrack_tcp_loose = 0
net.netfilter.nf_conntrack_tcp_timeout_established = 1800
net.netfilter.nf_conntrack_tcp_timeout_close = 10
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 10
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 20
net.netfilter.nf_conntrack_tcp_timeout_last_ack = 20
net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 20
net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 20
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 10
net.ipv4.tcp_slow_start_after_idle = 0
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.ip_no_pmtu_disc = 1
net.ipv4.route.flush = 1
net.ipv4.route.max_size = 8048576
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.tcp_congestion_control = htcp
net.ipv4.tcp_mem = 65536 131072 262144
net.ipv4.udp_mem = 65536 131072 262144
net.ipv4.tcp_rmem = 4096 87380 33554432
net.ipv4.udp_rmem_min = 16384
net.ipv4.tcp_wmem = 4096 87380 33554432
net.ipv4.udp_wmem_min = 16384
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 400000
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rfc1337 = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_fack = 1
net.ipv4.tcp_ecn = 2
net.ipv4.tcp_fin_timeout = 10
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_intvl = 60
net.ipv4.tcp_keepalive_probes = 10
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.ip_forward = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.rp_filter = 1









in your /etc/sysctl.conf file and apply the settings with sysctl -p.

I go to /etc/sysctl.conf  it says:
"Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5)."

What can I do?
Can I add the code to /etc/sysctl.conf  directly or have to breate a new file ?
What does " apply the settings with sysctl -p" mean?


Thanks

56
Updates / Re: What does "yum reinstall cwpsrv cwpphp" do?
« on: July 25, 2018, 01:58:00 PM »
The size of all of them are like what you sent here. Not more than 54 M.

57
I did but no result. I could not have force SSL but then I removed the Varnish now I do not have any problem with SSl.

58
CentOS-WebPanel Bugs / Re: Why SSH port doesnot change?
« on: July 24, 2018, 06:17:54 PM »
I  removed the # character from the beginning of the line and now changed.
It shoud look this way:

Code: [Select]
port 2211

59
CentOS-WebPanel Bugs / Why SSH port doesnot change?
« on: July 24, 2018, 03:53:28 PM »


Hi

I changed  SSH port 2 days ago in config file /etc/ssh/sshd_config and in CSF firewall and restartd SSH and CSF Firewall many times but I receive a warning about it always:
 

"WARNING: Security vulnerability! Your server is using default SSH Port 22, to make your server more secure change SSH port in config file /etc/ssh/sshd_config and in CSF firewall !
After changes are done don't forget to restart SSH and CSF Firewall. "


Thanks for your help

60
SSL / Re: SSL depends on Wenserver?
« on: July 24, 2018, 03:22:54 PM »
Thanks for your attention and answer.
Just now I did it.

The problem was the code that I used for htaccess .


I use this now:

# BEGIN WordPress
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{SERVER_PORT} !^443$
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Pages: 1 2 3 [4] 5 6 7