DDOS attacks from amazon servers

Well today one of our client server had worst ddos attack against server main IP. While analyzing i found it is coming from amazon hacked servers. As amazon is offering free ec2 servers for 1 year so some of people don’t care about it after getting it as free. They do not use it and forget it after getting it. These servers are easy to get hacked and then can be used to attack other servers by hackers.

Here is the quick solution for linux centos 7 to deal with these attacks:

1. Access your server from ssh, you can use putty

2. Once you logged in with root access you have to install network monitoring tool, i found Trafshow tool very help full to see what IPs are attacking.

3. Install it with :

yum install trafshow -y

if you get nothing found error, just install epel-release repo by executing following command:

yum install epel-release -y

4. Once you install Trafshow, now you are ready to check incoming requests from IPs. Run following below command:

trafshow -i eth0 tcp

where eth0 is network card, you need to change it with your network interface. if you’re not sure about network interface, run following command:

ifconfig

It will return all the interfaces.

5. Once you run command trafshow -i eht0 tcp it will display all the connections with IPs. Here you can block them by various techniques. One is to add these IPs in config Server Firewall.

6. Here is the list of amazon IPs:

https://ip-ranges.amazonaws.com/ip-ranges.json

Read More

How to call SOAP api from PHP

This tutorial explains calling of SOAP API with PHP code, there is also work around for the problems while accessing host URL.

This code is tested with PHP 5.6.x version and is working without any issue.

 
Create PHP file and paste following below code in it, save and you’re done.
In below code we are calling SMS SOAP API to send SMS’.
Read More

Redirect old domain to new domain with 301

Here are the few lines of code you can add into your .htaccess to redirect your old domain to new domain with 301 (permanent redirect) code.

Open .htaccess file in any editor and add following below lines, please replace websterz.info with your own domain.

RewriteEngine On
RewriteCond %{HTTP_HOST} ^websterz.info [NC,OR]
RewriteCond %{HTTP_HOST} ^www.websterz.info [NC]
RewriteRule ^(.*)$ http://websterz.info/$1 [L,R=301,NC]

 

That’s all 🙂

DDOS attacks on XMLRPC.php (Fixed)

wordpressXMLRPC.php is php file included with wordpress installation, it allows posting of content remotely through supported web blogs to wordpress blog, it provide many other features as well having many pros and cons. As far as web site security is concerned XMLRPC.php file is famous among hackers and attackers.

Most of the wordpress blogs get hits by attackers on XMLRPC.php usually called DDOS attacks. During the attack XMLRPC.php gets many requests and that makes web site goes down with excessive usage of allocated resources. Some web hosting providers suspend those accounts for high resource usage issues. Read More

WHMCS integration of domain check for PKNIC domains

PKNICPakistan’s largest domains (cTLDs) provider PKNIC has no WHMCS modules or domain checking mechanism for 3rd party tools.

You can add these domains checker functionality to your WHMCS by doing below simple steps:

  • Login to your FTP and edit file “WHMCS installation folder/includes/whoisservers.php” in any text editor or Dreamweaver
  • Now paste following below code at the end of the file and save that file to your server.

Read More

Enable GeoIP on LiteSpeed web server

This tutorial explains how to install/configure/enable GeoIP location feature on litespeed web server.
Note: You can only use this feature with enterprise license of litespeed web server.

Follow these steps to get it enabled:

First of all download GeoIP location database from official web site (maxmind):

Login to your server via SSH with root access, and execute following commands:
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
gunzip GeoLiteCity.dat.gz
cp GeoLiteCity.dat /usr/local/share/GeoIP/

Now you have downloaded GeoIP location database, next is to enable it from LiteSpeed control panel.

Follow these steps:

liteSpeed admin console->Server->General
->Enable IP GeoLocation: Yes

liteSpeed admin console->Server->General
->IP to GeoLocation DB: Add
DB File Path: /usr/local/share/GeoIP/GeoIPCity.dat
DB Cache Type: MemoryCache

Last step is to add a line in .htaccess file of your hosting account directory (public_html in cPanel)

GeoIPEnable On

Well you have configured/enabled GeoIP location system.

Now just make a test on it:
Create a php file on your hosting account, and paste below code in it:

<?
$countryName = $_SERVER["GEOIP_COUNTRY_NAME"];
$countryCode = $_SERVER["GEOIP_COUNTRY_CODE"];

echo $countryName.'<br/ >'.$countryCode;
?>

Now run this file from browser it should return your country name and country code.