R6Host.com: January 2012

Tuesday 31 January 2012

HOW TO STOP PHP NOBODY SPAMMERS

PHP and Apache has a history of not being able to track which users are sending out mail through the PHP mail function from the nobody user causing leaks in form mail scripts and malicious users to spam from your server without you knowing who or where.

Here I am going to tell you some easy step to trace nobody spammer.

Step 1: Login to your server and su - to root.
Step 2: Turn off exim while we do this so it doesn't freak out./etc/init.d/exim stop
Step 3: Backup your original /usr/sbin/sendmail file. On systems using Exim MTA, the sendmail file is just basically a pointer to Exim itself.

mv /usr/sbin/sendmail /usr/sbin/sendmail.hidden

Step 4: Create the spam monitoring script for the new sendmail. pico /usr/sbin/sendmail Paste in the following:#!/usr/local/bin/perl
# use strict;
use Env;
my $date = `date`;
chomp $date;
open (INFO, ">>/var/log/spam_log") || die "Failed to open file ::$!";
my $uid = $>;
my @info = getpwuid($uid);
if($REMOTE_ADDR) {
print INFO "$date - $REMOTE_ADDR ran $SCRIPT_NAME at $SERVER_NAME n";
}
else {
print INFO "$date - $PWD - @infon";
}
my $mailprog = '/usr/sbin/sendmail.hidden';
foreach (@ARGV) {
$arg="$arg" . " $_";
}
open (MAIL,"|$mailprog $arg") || die "cannot open $mailprog: $!n";
while ( ) {
print MAIL;
}
close (INFO);
close (MAIL);
Step 5: Change the new sendmail permissions

chmod +x /usr/sbin/sendmail

Step 6: Create a new log file to keep a history of all mail going out of the server using web scripts

touch /var/log/spam_log chmod 0777 /var/log/spam_log

Step 7: Start Exim up again.

/etc/init.d/exim start

Step 8: Monitor your spam_log file for spam, try using any formmail or script that uses a mail function - a message board, a contact script.

tail - f /var/log/spam_log

Sample Log Output

/home/username/public_html/directory/subdirectory - nobody x 99 99Nobody / /sbin/nologin

Now here you can see in above sample log that ” NOBODY IS SOMEBODY”.

Monday 30 January 2012

HTTP Compression

Overview

The <httpCompression> element specifies the HTTP compression settings for Internet Information Services (IIS) 7. HTTP compression can provide faster transmission times between IIS and client browsers that can accept compressed files.

Note: An HTTP client must initiate communication for compressed content by sending the appropriate HTTP Accept-encoding header. If a client is not capable of HTTP compression, it will not pass that header and IIS 7 will always return uncompressed content.

There are two different types of compression that IIS 7 uses:

Static Compression:IIS 7 caches compressed static content in the path that is specified by the directory attribute, which increases compression performance by eliminating the need to recompress content that has already been compressed. After IIS 7 has compressed a file, subsequent requests are given the compressed copy of the file from the cache directory.

The staticCompressionEnableCpuUsage andstaticCompressionDisableCpuUsage attributes specify when IIS 7 will compress static files based on CPU usage.

You should use static compression with files that do not typically change, such as HTML files (*.html, *.htm), text files (*.txt), Microsoft Office documents (*.doc, *.xls, *.ppt), etc. The size of these files can be reduced through compression, which reduces download times for client requests and reduces bandwidth on the server.

Note: Image files such as *.png and *.png files are also static files, but typically they do not benefit from HTTP compression because these image files are already compressed.

Dynamic Compression:Unlike static compression, IIS 7 performs dynamic compression each time a client requests the content, but the compressed version is not cached to disk. This change is made because of the primary difference between static and dynamic content. Static content does not change. However, dynamic content is typically content that is created by an application and therefore changes often, such as Active Server Pages (ASP) or ASP.NET content. Since dynamic content should change often, IIS 7 does not cache it.

The dynamicCompressionEnableCpuUsage anddynamicCompressionDisableCpuUsage attributes specify when IIS 7 will compress dynamic files based on CPU usage.

Compatibility

Version	Notes
IIS 7.5	In IIS 7.5, the default value for the `minFileSizeForComp`attribute has been changed, and the`dynamicCompressionBufferLimit` attribute was added.
IIS 7.0	The `<httpCompression>` element was introduced in IIS 7.0.
IIS 6.0	The `<httpCompression>` element replaces the following IIS 6.0 metabase properties: HcCacheControlHeader HcCompressionDirectory HcDoDiskSpaceLimiting HcExpiresHeader HcMaxDiskSpaceUsage HcMinFileSizeForComp HcNoCompressionForHttp10 HcNoCompressionForProxies HcNoCompressionForRange HcSendCacheHeaders

Setup

HTTP compression is usually available on the default installation of IIS 7. However, only static compression is installed by default. To install static or dynamic compression, use the following steps.

Windows Server 2008 or Windows Server 2008 R2

On the taskbar, click Start, point to Administrative Tools, and then click Server Manager.

In the Server Manager hierarchy pane, expand Roles, and then click Web Server (IIS).

In the Web Server (IIS) pane, scroll to the Role Services section, and then click Add Role Services.

On the Select Role Services page of the Add Role Services Wizard, select Dynamic Content Compression if you want to install dynamic compression and Static Content Compression if you want to install static compression, and then click Next.

On the Confirm Installation Selections page, click Install.

On the Results page, click Close.

Windows Vista or Windows 7

On the taskbar, click Start, and then click Control Panel.

In Control Panel, click Programs and Features, and then clickTurn Windows Features on or off.

Expand Internet Information Services, then World Wide Web Services, then Performance Features.

Select Http Compression Dynamic if you want to install dynamic compression and Static Content Compression if you want to install static compression.

Click OK.

How To

How to enable or disable static and dynamic compression for a site or application

Open Internet Information Services (IIS) Manager:
- If you are using Windows Server 2008 or Windows Server 2008 R2:
  - On the taskbar, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
- If you are using Windows Vista or Windows 7:
  - On the taskbar, click Start, and then click Control Panel.
  - Double-click Administrative Tools, and then double-clickInternet Information Services (IIS) Manager.

In the Connections pane, go to the connection, site, application, or directory for which you want to enable compression.

In the Home pane, double-click Compression.

In the Compression pane, check the boxes to enable static or dynamic compression, or remove the check marks to disable static or dynamic compression.

Once you have completed the above steps, click Apply in theActions pane.

How to enable or disable static and dynamic compression for a server

Open Internet Information Services (IIS) Manager:
- If you are using Windows Server 2008 or Windows Server 2008 R2:
  - On the taskbar, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
- If you are using Windows Vista or Windows 7:
  - On the taskbar, click Start, and then click Control Panel.
  - Double-click Administrative Tools, and then double-clickInternet Information Services (IIS) Manager.

In the Connections pane, highlight the name of your server.

In the server's Home pane, double-click Compression.

In the Compression pane, check the boxes to enable static or dynamic compression, or remove the check marks to disable static or dynamic compression.

Once you have completed the above steps, click Apply in theActions pane.

Friday 27 January 2012

Limit Users to only their home directory - VSFTP chroot or Jail Users

If you do not wish FTP users to be able to access any files outside of their own home directory, set up chroot jail.

For consider following example:

Ftp username : servt1

FTP home directory: /home/servt1

$ ftp ftp.domain.com

Output:

Connected to ftp.domain.com.
220 (vsFTPd 2.0.5)
Name (ftp.domain.com:servt1): servt1
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/home/servt1"
ftp> cd /etc
250 Directory successfully changed.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
150 Here comes the directory listing.
-rw-r--r--    1 0        0            7959 Mar 02 22:20 Acbd
drwxr-xr-x    3 0        0            4096 Jul 24 12:20 Wireloop
drwxr-xr-x   16 0        0            4096 Jul 30 22:58 X1X
drwxr-xr-x    4 0        0            4096 Sep 05 2005 Xrint
-rw-r--r--    1 0        0            2188 Sep 05 2005 adduser.conf
-rw-r--r--    1 0        0              47 Aug 16 14:52 adjtime
-rw-------    1 0        0            4330 Aug 18 2005 afick.conf
-rw-r--r--    1 0        0             194 Sep 05 2005 aliases
-rw-r--r--    1 0        0           12288 Jul 19 21:27 aliases.db
drwxr-xr-x    2 0        0            8192 Aug 15 09:33 alternatives
...
.....
..

Now normal user can go to /etc directory (may be to all other directories) and if there is read only permission to sensitive files user can download the file via ftp.

To avoid this security problem you can lock ftp user in a jail.

Open vsftpd configuration file - /etc/vsftpd/vsftpd.conf

# vi /etc/vsftpd/vsftpd.conf

Make sure following line exists (and uncommented):
chroot_local_user=YES

Save and close the file. Restart vsftpd.

# /etc/init.d/vsftpd restart

Now all users of VSFTPD/FTP will be limited to accessing only files in their own home directory. They will not able to see /, /etc, /root and /tmp and all other directories. This is an essential security feature.

Sunday 15 January 2012

cPanel and the paths

Im new to the cPanel and I like to know backend file location of all the services.

Sol: These are the cPanel path hosted in LINUX OS. All the path configuration and files are pasted here.

/etc/httpd/conf/httpd.conf - apache configuration file

/etc/exim.conf - mail server configuration file

/etc/named.conf - name server (named) configuration file

/etc/proftpd.conf - proftpd server configuration file

/etc/pure-ftpd.conf - pure-ftpd server configuration file

/etc/valiases/domainname - catchall and forwarders are set here

/etc/vfilters/domainname - email filters are set here

/etc/userdomains - all domains are listed here - addons, parked,subdomains along with their usernames

/etc/localdomains - exim related file all domains should be listed here to be able to send mails

/var/cpanel/users/username - cpanel user file

/var/cpanel/cpanel.config - cpanel configuration file ( Tweak Settings )*

/etc/cpbackup-userskip.conf -

/etc/sysconfig/network - Networking Setup*

/etc/hosts -

/var/spool/exim -

/var/spool/cron -

/etc/resolv.conf - Networking Setup--> Resolver Configuration

/etc/nameserverips - Networking Setup --> Nameserver IPs ( FOr resellers to

give their nameservers )

/var/cpanel/resellers - For addpkg, etc permissions for resellers.

/etc/chkserv.d - Main >> Service Configuration >> Service Manager *

/var/run/chkservd - Main >> Server Status >> Service Status *

/var/log/dcpumon - top log process

/root/cpanel3-skel - skel directory.

Eg: public_ftp, public_html. (Account Functions-->Skeleton Directory )*

/etc/wwwacct.conf - account creation defaults file in WHM (Basic cPanel/WHM

Setup)*

/etc/cpupdate.conf - Update Config *

/etc/cpbackup.conf - Configure Backup*

/etc/clamav.conf - clamav (antivirus configuration file )

/etc/my.cnf - mysql configuration file

/usr/local/Zend/etc/php.ini OR /usr/local/lib/php.ini - php configuration file

/etc/ips - ip addresses on the server (except the shared ip) (IP Functions--

>Show IP Address Usage )*

/etc/ipaddrpool - ip addresses which are free

/etc/ips.dnsmaster - name server ips

/var/cpanel/Counters - To get the counter of each users.

/var/cpanel/bandwidth - To get bandwith usage of domain

cPanel Log files

These are the important cPanel log files

cPanel enabled Server's Log file location

cPanel: /usr/local/cpanel/logs directory

access_log - cPanel access log for both cPanel and WHM
error_log - cPanel error log
license_log - cPanel license log
login_log - cPanel user login log
melange.log - cPanel chat server log
melange_msg.log - cPanel chat server message log
stats_log - cPanel web stats log

System: /var/log/ directory.

bandwidth - cPanel total bandwidth logs for the entire server
chkservd.log - chkservd service log
clamav - clamav log directory
cpupdate.log - cPanel update log
exim_mainlog - Exim email transaction log
exim_paniclog - Exim error log
exim_rejectlog - Exim rejected email log
maillog - Transaction and login log for all mail services
messages - Transaction and login log for FTP services

cPanel individual domain logs: /usr/local/apache/domlogs

The log file will show the access log for each domain.

how to disable Mod Security for a specific domain

If Apache is compiled with SuPhp and Mod Security, do the following:

Create a directory for that domain:

mkdir -p /usr/local/apache/conf/userdata/std/2/USERNAME/DOMAIN.TLD
Then create a mod_security conf file:

touch /usr/local/apache/conf/userdata/std/2/USERNAME/DOMAIN.TLD/mod_security.conf
Using your favorite Linux Text editor such as pico or vi, add the following directive(s) in that file:

<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
Save the file and then run:

/scripts/ensure_vhost_includes –user=USERNAME
If Apache is NOT compiled with SuPhp and Mod Security, do the following:

You can implement one of the following two options:

1. Add the following directive in .htaccess file:

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
If that didn’t work on your server ,

2. SSH to the server and add the following directive to /etc/httpd/conf/httpd.conf file:

<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>

R6Host.com