Check active connections to web server – DDOS solution

Here are few commands to check the active connection to apache or to any other web server, you can block IPs having too many connections :

Login to SSH and execute following commands with root access:

1.To see what IPs are connecting to server and how many connections exist from each IP:

netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

2.To see how many connections each IP on the server is receiving:

netstat -plan |grep :80 | awk '{print $4}' | cut -d: -f1 | sort | uniq -c | sort -n

3.Get total current active connections to Apache:

netstat -apn | grep :80 | wc -l

Get Apache status update from command line to see which domain is receiving maximum hits (cPanel/WHM server):

lynx http://localhost/whm-server-status

Read More

Unable to install yum-rhn-plugin, please contact CloudLinux (Fix)

cloudlinuxFew days back i got error Unable to install yum-rhn-plugin, please contact CloudLinux support at https://helpdesk.cloudlinux.com  on one of our shared web hosting server while installing CloudLinux, I googled it but not able to found any proper solution, i have re-installed cPanel/WHM from scratch but no luck. This issue mostly appears on OVH Servers as they use their own cPanel/WHM and CentOS kernels which got few bugs in the repositories. I contacted cloudlinux support they provided me single command that fixed this issue immediately.

You can also run this command in SSH to fix out the repositories issue:

# rpm -e --nodeps libxml2-devel

Running up above command will fix this issue for sure as tested.

Read More

Enabling second level quotas on openVZ/virtuozzo/VPS

Many VPS hosting providers have quota issue with their VPS provided to customers, they always get complaints regarding the quotas especially on cPanel/WHM based servers. As cPanel/WHM based servers require File system quotas must be enabled to calculate Disk space usage for the hosted accounts and this very important to get this issue fixed in order to limit the disk space usage for any hosted account.installing cpanel/WHM

Following below instructions enables you to get this issue sorted if you have OpenVZ/Virtuozzo VPS you should follow these instructions to enable 2nd level-quotas support to get disk space usage issue sorted.

Lets start fixing this:

Login to your main node’s SSH with root access where you have hosted VPS’.

Just find out the exact ID of your VPS for which you want to enable the second level-quotas by executing below stated command:

# vzlist

It will list all the online Virtual Private Servers, remember the one you want to enable second level quotas for.

Now execute following below command on the required VPS ID.

# vzctl set VPS_ID --quotaugidlimit NUMBER --save

Read More

libkeyutils.so.1: cannot open shared object file: no such file or directory on centos 6 x64 – Resolution

Today one of my VPS customer got following error : libkeyutils.so.1: cannot open shared object file: no such file or directory on centos 6

He was not able to login to SSH, SSHD server kept on denying with the message : connection to ssh refused.

While inspecting his VPS from node panel i came to know the server is hacked and hacker removed/changed libkeyutils.so.1 and libkeyutils.so.1.3 both are not present in lib64 directory, hacker just deleted them.
Please note these files are necessary files and are responsible for any connections inbound/outbound, so if they are not present or corrupted your server cannot connect to other computers.

Following is the solution to this issue :

Login to your main node (SSH), or your VPS by SSH console provided by your VPS provider.

Now go to /lib64 directory to check if libkeyutils.so.1 and libkeyutils.so.1.3 files are there or not. If files are there just delete them, the file libkeyutils.so.1 is symbolic link to libkeyutils.so.1.3 file. You should delete both of them by :

rm -f /lib64/libkeyutils.so.1 /lib64/libkeyutils.so.1.3

Now you would need to download RPM for libkeyutils.so.1 from centos web site:

wget ftp://ftp.muug.mb.ca/mirror/centos/6.4/os/x86_64/Packages/keyutils-libs-1.4-4.el6.x86_64.rpm

Please note, this is the step you might need assistance from your VPS provider, just ask them to place this RPM in your /lib64 directory as you cannot download it. Wget also does not work without libkeyutils.so.1 file.

Once the RPM package is downloaded, you would need to execute following command in lib64 directory:

rpm -ivh --replacefiles --replacepkgs keyutils-libs-1.4-4.el6.x86_64.rpm

This will replace package library files as well as other files, and now restart SSH by:

service sshd restart

and reboot your server:

reboot

Suggestion: Install config server firewall immediately once you get back the SSH access, your VPS will not get hack again, it takes only 2 minutes:

http://configserver.com/free/csf/install.txt