Archive for the ‘Server’ Category
Prevent DOS attacks on apache webserver for DEBIAN linux with mod_evasive
The following guide explains the installation of the apache module “mod_evasive”. Mod_evasive tracks the number of requests of files at the apache webserver and blocks the delivery in case that a certain limit has been reached.
Installation
apt-get install libapache2-mod-evasive
Create the log directory for mod_evasive
mkdir -p /var/log/apache2/evasive
chown -R www-data:root /var/log/apache2/evasive
Now we add the configuration for the module at the end of the file /etc/apache2/mods-available/mod-evasive.load
vi /etc/apache2/mods-available/mod-evasive.load
so that it looks like this:
LoadModule evasive20_module /usr/lib/apache2/modules/mod_evasive20.so
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 5
DOSSiteInterval 1
DOSBlockingPeriod 10
DOSLogDir “/var/log/apache2/evasive”
and restart apache:
/etc/init.d/apache2 restart
How to change the language of AWStats statistics on Debian Linux (ISPConfig 3)
To change the language of the website statistics generated by AWStats on a Debian Linux server to e.g. german (de), edit the /etc/awstats/awstats.conf file:
nano /etc/awstats/awstats.conf
and change the value of the “Lang” variable. To change the languge to e.g. German, cahnge:
Lang=”auto”
to
Lang=”de”
The website statistics are generated nightly on a ISPConfig 3 server, so it may take up to 24 hours until the statistics will show up in German language.
Thanks to PlaNet Fox for this FAQ.
Change PostgreSQL Locale
wrote by Rafael Marangoni, from Suporte Linux team.
This article explains how to change the default PostgreSQL Locale. Be careful, because we’re considering that you do not have data on postgresql instance.
First, we need to stop the postgres service (if was not already stopped):
/etc/init.d/postgresql stop
Then we need to remove all data files from postgresql data dir. On RedHat based, that’s the dir:
rm -rf /var/lib/pgsql/data/*
Now we change to postgres user:
su postgres
Creating the initial data, selecting the Locale:
initdb –locale=C /var/lib/pgsql/data
or
initdb –locale=pt_BR.UTF-8 /var/lib/pgsql/data
or your locale
/etc/init.d/postgresql stop
Then, we start postgres service:
/etc/init.d/postgresql start
Configure PostgreSQL to accept connections from network
wrote by Rafael Marangoni, from Consultoria Linux team.
By default, on some distros, PostgreSQL will only accept connections from localhost. When you have only access from localhost (from localhost Apache, by example) everything is ok, but when you need that postgresql accepts connections for other hosts, you need to make some configs.
First of all, edit the postgresql.conf file (on CentOS the default location is /var/lib/pgsql/data/postgresql.conf).
vi /var/lib/pgsql/data/postgresql.conf
Search the following line:
listen_addresses = ‘localhost’
Change it to:
listen_addresses = ‘*’
Secondly, you need to change the permissions inside pg_hba.conf file (on CentOS, the default location is /var/lib/pgsql/data/pg_hba.conf)
vi /var/lib/pgsql/data/pg_hba.conf
Include the following line (at the end of the file):
host username all 192.168.0.10/32 md5
Where:
username: it’s the name of the postgres user
all: the database name (here we enabled all of them)
192.168.0.10/32: is the IP address/subnet to accept connections
md5: is the method of authentication (md5 requests password)
Solve the warning: connect to mysql server 127.0.0.1: Too many connections
If you get the error message “connect to mysql server 127.0.0.1: Too many connections” in a log file, e.g. the mail.log file, then the max. number of mysql database connections on your server is reached. To increase the max. number of simultanious connections, edit the MySQL my.cnf file:
vi /etc/mysql/my.cnf
and add or change the lines for mysql max_connections and max_user_connections in the [mysqld] section of the my.cnf file:
[mysqld]
……
max_connections = 500
max_user_connections = 500
…….
How to solve the PHP XCache error: /dev/zero: No space left on device
If you get the error “/dev/zero: No space left on device” in the apache error.log on a OpenVZ virtual machine, then the shared memory size in the xcache.ini is too high or the xcache.mm_path is set wrong.
Edit the file /etc/php5/conf.d/xcache.ini
vi /etc/php5/conf.d/xcache.ini
and check the mm_path. On a OpenVZ virtual machine it should be set to “/tmp/xcache” as /dev/zero might not work correctly in a virtual machine:
xcache.mmap_path = “/tmp/xcache”
Then restart apache2:
/etc/init.d/apache2 restart
and check if the error has been resolved.
If the roor still occurs after some time, you will have to reduce the xcache.size.
Edite the xcache.ini file:
vi /etc/php5/conf.d/xcache.ini
and set xcache.size to e.g. 8 MB
xcache.size = 8M
Then restart apache2:
/etc/init.d/apache2 restart
Secure /tmp and /dev/shm directories in a OpenVZ enviroment
The /tmp and /dev/shm directories of a OpenVZ virtual machine shall be mounted without suid and exec permissions. To achieve this, create a a shell script on the host server for every virtual machine which contains the commands to remount the directories. This script will be started automatically by openvz when the VM is started.
I will use VPSID as placeholder for the ID of the virtual machine in the commands and the script. Replace VPSID with the id of the virtual machine that you want to create the script for, e.g. replace VPSID with 101.
Create the script:
vi /etc/vz/conf/VPSID.mount
and insert the following lines:
#!/bin/bash
mount -n –bind -onosuid,noexec /vz/vps/VPSID/tmp /vz/root/VPSID/tmp
mount -n –bind -onosuid,noexec /vz/vps/VPSID/shm /vz/root/VPSID/dev/shm
exit ${?}
now make the sscript executable:
chmod 700 /etc/vz/conf/VPSID.mount
How to disable spamfilter- and antivirus functions in ISPConfig 3
If you use a mailserver wil very low ram (< 500 MB) and a slow CPU then it might be nescessary to disable the spam- and antivirus filter functions in ISPConfig 3 as amavisd and clamav might be too heavy for your server hardware. The steps to disable clamav and amavisd are:
Edit postfix main.cf file
vi /etc/postfix/main.cf
and comment out these lines by adding a “#” in front of them:
# content_filter = amavis:[127.0.0.1]:10024
# receive_override_options = no_address_mappings
Then restart postfix:
/etc/init.d/postfix restart
Now stop and disable the services. The following commands are for Debian and Ubuntu, the commands for other Linux distributions may vary
/etc/init.d/clamav-daemon stop
/etc/init.d/clamav-freshclam stop
/etc/init.d/amavis stop
update-rc.d -f clamav-daemon remove
update-rc.d -f clamav-freshclam remove
update-rc.d -f amavis remove
P The normal mail receive and send functions will still work after this modification. But please be aware that disabling amavisd and clamav will disable all spam- and antivirus filtering so that the spamfiltering options that can be configured in the ispconfig interface will have any effect on mail delivery and no spam and viruses will get filtered.
The changes in postfix main.cf will get overwitten by a ispconfig software update when you select to reconfigure services during upadte, so you should comment out the lines again after you install a ispconfig update.
How to block access to a server by IP address on Linux
Sometimes you might want to block connects to your server by IP address. E.g. when someone tries to attack your system. This can be done in several different ways, e.g. with iptables (firewall) rules or by setting up a reject route. Using iptables sometimes causes conflicts with installed firewalls so that I will use the route command here. The command is:
/sbin/route add -host 192.168.0.123 reject
Replace 192.168.0.123 with the IP address that you want to block and execute the command as root user on the shell.
How to enable the new multisite feature in WordPress 3.0
If you recently updated to or installed WordPress 3.0, you might wonder where the menu for Multisite feature is. By default, these new functions are disabled after a WordPress update, to enable them, edit the file wp-config.php and add the line
define(‘WP_ALLOW_MULTISITE’, true);
On your next login, you will see a new menu labeled “Super Admin” which contains the functions to add new sites to wordpress.