Category: Uncategorized

Rootkit help

RootKit — Spyware and Junkware detection and removal tool Go to Rootkit Hunter homepage, and download the latest release. http://www.rootkit.nl/projects/rootkit_hunter.html ## Get the latest source and untar # cd /usr/src/utils # wget http://downloads.rootkit.nl/rkhunter-<version>.tar.gz # tar xfz rkhunter-*.gz # cd rkhunter # ./installer.sh ## run rkhunter # rkhunter -c Setup automatic protection on System Reboot ##… Continue reading Rootkit help

URL injections information

URL Injection attacks typically mean the server for which the IP address of the attacker is bound is a compromised server. Please check the server behind the IP address above for suspicious files in /tmp, /var/tmp, /dev/shm, along with checking the process tree (ps -efl or ps -auwx). You may also want to check out http://www.chkrootkit.org/… Continue reading URL injections information

Securing the TMP Partition and Tracking Hacks

Are your temp partitions putting out behind your back? Anyone who’s ever administered a Linux server would know the risk of leaving the /tmp directory unsecured, moreso on a webserver that is shared among multiple websites. The tmp directory is world-writeable and used by a majority of services on a machine — including the storage… Continue reading Securing the TMP Partition and Tracking Hacks

Installing IonCube loader with Zend Optimizer – cPanel

This is a common request we get for Ioncube to be installed. It’s generally not an issue, but when you factor in other optimization plugins like Zend and eAccelerator, a common misconception is that the three don’t get along. It’s very easy to install Ioncube into a PHP installation that already has Zend and eAccelerator.… Continue reading Installing IonCube loader with Zend Optimizer – cPanel

Preventing DDOS Attacks with Mod_Evasive

Denial of Service attacks are among the oldest yet most common form of attacking a server. Most system administrators have had to deal with DOS attacks taking down a server, router, or other networking device and know how difficult they can be to prevent. Mod_evasive is an Apache module that limits the number of Apache… Continue reading Preventing DDOS Attacks with Mod_Evasive

Changing the SSH Port

Sometimes you don’t want SSH running on standard port 22. Here are the steps to change it: It’s VERY important that you leave port 22 open while you are testing the new port, otherwise you may lock yourself out of the server! SSH into the server normally… cp /etc/ssh/sshd_config /etc/ssh/sshd_config.root In the /etc/ssh/sshd_config.root file that… Continue reading Changing the SSH Port

Closing Open Nameservers – DNS recursion

Open nameservers allow anyone in the world to perform queries on them, which can often lead to DOS attacks and slower performance. Some system administrators prefer to have their nameservers restricted to only trust parties. To do this kind of setup, you will need to configure your named configuration: On command line: pico /etc/named.conf Look… Continue reading Closing Open Nameservers – DNS recursion

Useful MySQL Commands

These command assume you are running a cPanel MySQL installation and logged into the server as a root user where you can do a mysql -u root without having to specify a password. Import a database: mysql -u root db_name < file.sql Dump a Database (with special characters): mysqldump -Q –add-drop-table db_name > file.sql Dump… Continue reading Useful MySQL Commands

MySQL Root Login Failure

When trying to log into the MySQL shell as root you get an access denied error. To fix: Add this line to /etc/my.cnf and restart MySQL: skip-grant-tables Follow these steps to reset the MySQL root password: mysql -u root mysql> FLUSH PRIVILEGES; mysql> GRANT ALL PRIVILEGES ON *.* TO root@localhost IDENTIFIED BY ‘password’ WITH GRANT… Continue reading MySQL Root Login Failure