Check active connections to web server – DDOS solution

Here are few commands to check the active connection to apache or to any other web server, you can block IPs having too many connections :

Login to SSH and execute following commands with root access:

1.To see what IPs are connecting to server and how many connections exist from each IP:

netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

2.To see how many connections each IP on the server is receiving:

netstat -plan |grep :80 | awk '{print $4}' | cut -d: -f1 | sort | uniq -c | sort -n

3.Get total current active connections to Apache:

netstat -apn | grep :80 | wc -l

Get Apache status update from command line to see which domain is receiving maximum hits (cPanel/WHM server):

lynx http://localhost/whm-server-status

Read More

Get real IP address of visitor for Cloudflare nGinx solution

When you have setup your web sites on cloudflare, every visitor who visits your web site passes through cloudflare network so that his real IP gets changed into cloudflare’s IP address, in short cloudflare acts as proxy server for your web server.
For apache web server, cloudflare has already provided a module which can be installed to get real ip address of visitor.

Here it is :

https://support.cloudflare.com/hc/en-us/sections/200038166-How-do-I-restore-original-visitor-IP-to-my-server-logs-

Well they do not provide any module for nGinx, however it is built in function in nGinx server. You can enable it by adding following below code into your nginx.conf

Follow below steps:

Find nginx.conf file if you do not know the exact location from SSH:

# locate nginx.conf

Add below code in nginx.conf under http section:

set_real_ip_from   204.93.240.0/24;
set_real_ip_from   204.93.177.0/24;
set_real_ip_from   199.27.128.0/21;
set_real_ip_from   173.245.48.0/20;
set_real_ip_from   103.22.200.0/22;
set_real_ip_from   141.101.64.0/18;
set_real_ip_from   108.162.192.0/18;
real_ip_header     CF-Connecting-IP;

Now save changes and restart your nginx server

service nginx restart

That is all, now you will be able to get real ip address of the visitor.

Comments are welcome.

Disable Sym links on linux WHM/cPanel

Disabling SYM links is not a tough task on WHM/cPanel based servers, however you might not found proper way to do this, here is the quick code for disabling symlinks.

Why disabling symlinks is necessary for non-root users?

Gaining access to other accounts hosted on cPanel/WHM hosting servers is done by symbolic links, hackers usually create symbolic links on an hacked account to gain access to files hosted on other accounts so other accounts can be accessible through those symbolic links. To deal with this issue system administrator should disable symbolic links creation for non-root users.

  • Login to WHM/cPanel server via SSH with root access.
  • execute following commands:
  • $ wget http://layer1.rack911.com/before_apache_make -O
  • $ /scripts/before_apache_make
  • $ chmod 700 /scripts/before_apache_make
  • And then recompile apache by previous saved profile:
  • $ /scripts/easyapache

That is all, you can also check for any symbolic links already created:

  • $ find /home*/*/public_html -type l

    This will output directories and files those are sym linked.

Have fun!

Installing mod_evasive for apache in cPanel server

What is mod_evasive ?

Mod_evasive helps apache to protect the server from DDOS attacks and bruteforce attacks, if you are getting too many attacks you should consider installing it on cPanel/WHM based servers. Follow the below steps to install/configure it:

  • Login to your server
  • Execute following commands:
  • # cd /usr/local/src/
  • # wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz
  • # tar -xvzf mod_evasive_1.10.1.tar.gz
  • # cd mod_evasive
  • # /usr/local/apache/bin/apxs -cia mod_evasive20.c

Now create new file by executing and add the below code into it:

  • # nano /usr/local/apache/conf/mod_evasive.conf

LoadModule evasive20_module modules/mod_evasive20.so
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 10
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</IfModule>

Now include the above file inside /usr/local/apache/conf/includes/pre_main_global.conf

Include “/usr/local/apache/conf/mod_evasive.conf”

  • Rebuild apache configuration files:
  • # /scripts/rebuildhttpdconf
  • Restart Apache:
  • # service httpd restart

And you’re done!

Let me know if you have any issue while installing/configuring mod_evasive.

EasyApache Error -Timeout on connect..Can’t use an undefined value as an ARRAY reference at /usr/local/cpanel/Cpanel/HttpRequest.pm line 550.

Recently i had following error while re-compiling apache server from cPanel/WHM. I googled the issue and found some good solutions however i did it by my own way, I just followed the following below steps:

  • Login to SSH by root details.
  • open the file /etc/hosts by:
  • $ nano /etc/hosts
  • Change the contents of that file as follow:

::1                        localhost.localdomain localhost
127.0.0.1                        localhost.localdomain localhost
IPaddress of your server                  server.yourdomain.com server

and you ‘re done, now your hosts file seems to be configured correctly.

Install Mod_Evasive on apache

In this tutorial i will describe how to install MOD_EVASIVE on a VPS or Dedicated Server, it offers protection against DDoS attacks on the server and is a apache module.

Installation:

  • Login to your server through SSH with valid root details.
  • Run these commands:
# wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
# tar zxf mode_evasive-1.10.1.tar.gz
# cd mod_evasive
  • Then run following command for apache:
# > /usr/sbin/apxs -cia mod_evasive20.c
  • It will install the mod_evasive on the server.
  • Now you would need to edit httpd.conf file, to do so follow instructions:
  • Open the httpd.conf file in nano text editor
# nano /etc/httpd/conf/httpd.conf
  • And place the following lines into it:
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</IfModule>
And you are done, this will install and activate Mod_Evasive on the server.
Feedback are welcome 🙂