Check active connections to web server – DDOS solution

Here are few commands to check the active connection to apache or to any other web server, you can block IPs having too many connections :

Login to SSH and execute following commands with root access:

1.To see what IPs are connecting to server and how many connections exist from each IP:

netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

2.To see how many connections each IP on the server is receiving:

netstat -plan |grep :80 | awk '{print $4}' | cut -d: -f1 | sort | uniq -c | sort -n

3.Get total current active connections to Apache:

netstat -apn | grep :80 | wc -l

Get Apache status update from command line to see which domain is receiving maximum hits (cPanel/WHM server):

lynx http://localhost/whm-server-status

Read More

DDOS attacks on XMLRPC.php (Fixed)

wordpressXMLRPC.php is php file included with wordpress installation, it allows posting of content remotely through supported web blogs to wordpress blog, it provide many other features as well having many pros and cons. As far as web site security is concerned XMLRPC.php file is famous among hackers and attackers.

Most of the wordpress blogs get hits by attackers on XMLRPC.php usually called DDOS attacks. During the attack XMLRPC.php gets many requests and that makes web site goes down with excessive usage of allocated resources. Some web hosting providers suspend those accounts for high resource usage issues. Read More

WordFence a must have plugin for wordpress

Now a days hackers are just focusing on wordpress web sites as they are lack of security measurements. I was also a victim of those hackers then i saw my friend named “Aaqil” who runs his own wordpress blog (http://eye44.com) has got a plugin named “Wordfence” his blog has also got hack and he recovered it by wordfence, however i have gone through all the manual work to restore my blog. It was really a pain to restore it manually and then i came to know all the operations i have done manually could also be done by wordfence within few clicks.

Then i installed wordfence plugin which enabled me to secure my wordpress blog to 90% it includes :

  • Firewall
  • Virus scanning
  • Realtime Traffic Monitoring
  • and much more

As a web hosting provider and a blog owner i would like to recommend this plugin as “A must have plugin“.

You can install it from the web plugin section of wordpress admin area, however if you wish to install it manually here is the URL :Ā http://wordpress.org/plugins/wordfence/

Feedback are welcome šŸ™‚

How to deal with hackers for web server? Sym links solution

Nowadays hacking becomes more ordinary, and most web hosting companies are being targeted and there is no proper solution to prevent or to make your server 100% secure.

As a web hosting provider, we do always try to secure our servers from the hackers sometime it works but sometimes we failed.

Today i want to describe some commands forĀ Linux WHM/cPanelĀ based servers commands to make your server secure not 100% but it works out of the box. As i am using these commands to not prevent server from hacking but these commands are very useful and does not allow hackers to do anything on the server with other accounts.

I assume, you already familiar with theĀ sym links those are auto-created on the linux based servers, they allow hackers to create link directory/files with the other accounts, so they can access other accounts those are related to other cPanel accounts on the server.

If you disableĀ sym links on the server, hackers cannot hack into your server or if they are able to hack one account, other accounts will remain safe and will not get affected.

Well, disablingĀ sym links is not the proper solution and also disturbs functionality of some scripts on the server like joomla and wordpress.

Here i would like to describe some linux commands those are used to prevent creation of new symlinks in the root directory of an account, on cPanel it isĀ public_html.

Follow the following steps to:

  • Login to your server via ssh with root access.
  • Now make a check if there areĀ sym linksĀ  already created on the server.
  • Execute following command for cPanel:
  • Ā # find /home*/*/public_html -type l
  • Above command will display all theĀ sym links for all cPanel accounts created in public_html and sub directoriesĀ if any.
  • Now, add a cron job to check forĀ sym linksĀ  and remove them if found, you can set any interval, in the below command i set it to everyĀ 5Ā minutes.
  • So the command checks and removes allĀ sym linksĀ inside theĀ public_htmlĀ directory and their sub directories.
  • Execute the following commands to add cron job:
  • # crontab -e
  • A crontab file will be opened in default text-editor.
  • Go to last line and add below command:
  • */5 * * * * find /home*/*/public_html -type l -exec rm -rfv {} \;
  • Now, save your crontab file to make it functional.
  • And you’re done, this will check forĀ sym linksĀ insideĀ public_htmlĀ directory and will remove them if found.
  • TIP: you can also change the location of your directory for other control panels, by replacing /home*/*/public_html
  • Note: Do not execute command on system directories, your server will be destroyed and will become unstable.

That is all, comments are welcome : ) if it works for you.

3 Best Templates for WordPress Blog

There areĀ numerousĀ templates available on the world wide web whether they are designed for wordpress or joomla, while searching on the web i have found some best looking and features rich templates for wordpress powered blogs that i would like to share:

1.Daily – Best template for photo gallery

A very good looking attractive template for wordpress photo blog contains three types of view, it provides the full customization of whole blog whether it is for photo gallery or for classic word press blog.

Live PreivewĀ | Buy

2.PokeRoost – Simple but stylish wordpress template

Another very simple but stylish template for wordpress blog released under themeforest online store enabling you to choose from different colors, menus and sidebars that suites your blog best.

Live PreviewĀ | Buy

3. Carbon – Sharp features responsive template

An attractive wordpress blog template especially if you like dark colors with round corners, it is very flexible and can be customized according to any blog type such as video gallery or photo gallery.

Live PreviewĀ | Buy

That is the list for today, which template do you like to have ?

Importing blogger blog to custom wordpress blog

You can import your current blogger blog into custom wordpress installation along with all posts,comments and other data.

There are two methods to import the blogger blog:

  • First method is to import from directly blogger account but you would need to have an active blog in your blogger account otherwise it may fail saying no blog to import. Follow the below steps to copy your blog to custom wordpress:
    • Login to your wordpress custom installation’s admin panel, usually from http://yoursite.com/wp-admin
    • Navigate through the left panel menu bar and go toĀ ToolsĀ menu and click on import
    • On next page, click on first linkĀ Blogger,Ā a new pop-under appears containing plugin information.
    • Click onĀ Install NowĀ located on the right site of pop-under window.
    • This will install the import plugin, on very next page activate the plugin.
    • You will be sent to next page which contains AuthorizeĀ button, just click on them.
    • A new page appears here asking for your permission to access your blogger account.
    • Please note you must be logged in with google account that contains your blog, Otherwise it may say no blog found. See the snapshot below:

    • Now at this point, click onĀ Grant AccessĀ button.
    • On this page, you would need to follow the instructions given on the page.
    • And you’re done.

I will discuss the 2nd method in my next post.

Let me know if you have any question regarding this post.