If you under remote desktop service LOG ON accounts reset from “Network Service” to “Local System”. Reset the RDS service back to “Network Service” (just put any valid password into the box) and its all working again.
Category Archives: Uncategorized
monitor IP connections per IP
#!/bin/bash
# IP BAN v. 1.0.0
WORK_DIR='/root/ddos'
IGNORE_IP_LIST="$WORK_DIR/ignoreip"
BLOCKED_IP_LIST="$WORK_DIR/blockedip"
LOG_FILE="$WORK_DIR/ban.log"
NO_OF_CONNECTIONS=20
APF_BAN=0
KILL=1
add__cron()
{
set="$(readlink -f "$0")"
if [ ! -f $WORK_DIR/ddos.sh ]; then
# mkdir /root/ddos >/dev/null 2>&1
cp $set $WORK_DIR/ddos.sh
chmod +x $WORK_DIR/ddos.sh
fi
if [ ! -f /etc/cron.d/check_ddos ]; then
echo "* * * * * root $WORK_DIR/ddos.sh >/dev/null 2>&1" > /etc/cron.d/check_ddos
fi
}
mk_ignore()
{
if [ ! -d "$WORK_DIR" ]; then
mkdir $WORK_DIR
fi
if [ ! -f $WORK_DIR/systemip ]; then
ip addr show | grep -w inet | awk '{ print $2 }' | cut -d"/" -f1 > $WORK_DIR/systemip
echo "0.0.0.0" >> $WORK_DIR/systemip
fi
}
prog_check()
{
if ! which netstat >/dev/null; then
apt-get install net-tools
fi
}
prog_check
mk_ignore
add__cron
TMP_PREFIX='/tmp/ddos'
TMP_FILE=`mktemp $TMP_PREFIX.XXXXXXXX`
SYSIP="$WORK_DIR/systemip"
BAD_IP_LIST="$TMP_FILE"
netstat -an | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | sort | uniq -c | sort -nr > $BAD_IP_LIST
if [ $KILL -eq 1 ]; then
IP_BAN_NOW=0
while read line; do
CURR_LINE_CONN=$(echo $line | cut -d" " -f1)
CURR_LINE_IP=$(echo $line | cut -d" " -f2)
if [ $CURR_LINE_CONN -lt $NO_OF_CONNECTIONS ]; then
break
fi
IGNORE_BAN=`grep -c $CURR_LINE_IP $IGNORE_IP_LIST`
IGNORE_BAN2=`grep -c $CURR_LINE_IP $SYSIP`
IGNORE_BAN3=`grep -c $CURR_LINE_IP $BLOCKED_IP_LIST`
if [[ $IGNORE_BAN -ge 1 || $IGNORE_BAN2 -ge 1 || $IGNORE_BAN3 -ge 1 ]] ; then
continue
fi
IP_BAN_NOW=1
dt=$(date '+%Y/%m/%d %H:%M:%S');
echo "$CURR_LINE_IP was blocked at $dt" >> $LOG_FILE
echo $CURR_LINE_IP >> $BLOCKED_IP_LIST
if [ $APF_BAN -eq 1 ]; then
$APF -d $CURR_LINE_IP
else
echo $CURR_LINE_IP
/sbin/iptables -I INPUT 1 -s $CURR_LINE_IP -j DROP
/sbin/iptables -I OUTPUT 1 -d $CURR_LINE_IP -j DROP
fi
done < $BAD_IP_LIST
fi
rm -f $TMP_PREFIX.*
php apc cache magento
extension = apc.so
[APC]
apc.enabled = 1
apc.optimization = 0
apc.shm_segments = 1
apc.shm_size = 128
apc.ttl = 7200
apc.user_ttl = 7200
apc.num_files_hint = 1024
apc.mmap_file_mask = /tmp/apc.XXXXXX
apc.enable_cli = 1
apc.cache_by_default = 1
apc.max_file_size = 10M
apc.stat = 1
;apc.include_once_override = 1
curl download file
curl -O https://raw.githubusercontent.com/some_file.py
linux check disk aligment
fdisk -l /dev/sda | grep -E sda[0-9]+ | sed s/*// | awk '{printf ("%s %f ",$1,$2/512); if($2%512){ print "BAD" }else {print "Good"} }' | column -t
coovachilli
CoovaChilli is a feature rich software access controller that provides a captive portal / walled-garden environment and uses RADIUS or a HTTP protocol for access provisioning and accounting. CoovaChilli is an integral part of the CoovaAP OpenWRT-based firmware which is specialized for hotspots. For more information on how Coova’s Chilli differs from the standard ChilliSpot.
homer simpson
track wiki
Trac is an enhanced wiki and issue tracking system for software development projects. Trac uses a minimalistic approach to web-based software project management. Our mission is to help developers write great software while staying out of the way. Trac should impose as little as possible on a team’s established development process and policies.
Trac allows wiki markup in issue descriptions and commit messages, creating links and seamless references between bugs, tasks, changesets, files and wiki pages
ioremap error for 0xdfffff000-0xe000000000, requested 0x10, got 0x00
If you have modified your /etc/fstab, you can face this kind of error after reboot. If you are using something like Centos 7 You need type your root password if you want use emergency mode and access you system to fix fstab.
vim: It requires “if_lua” enabled Vim(7.3.885 or above).
hg clone https://vim.googlecode.com/hg/ vim
cd vim
./lua.sh
vi lua.sh:
#!/bin/bash
# on centos minimal
yum install -y gcc
yum install -y make
yum install -y ncurses-devel
yum install -y lua lua-devel
yum install -y ruby ruby-devel
yum install -y python python-devel
yum install -y perl perl-devel
# vim7.3
./configure --disable-selinux \
--enable-luainterp \
--enable-perlinterp \
--enable-pythoninterp \
--enable-python3interp \
--enable-tclinterp \
--enable-rubyinterp \
--enable-multibyte \
--disable-gui \
--with-features=huge \
[email protected]
make
make install
docker remove all containers
sudo docker rm $(docker ps -a -q)
ERROR: Failed to build gem native extension
yum install fcgi-devel
nginx as reverse proxy for apache
yum install httpd httpd-devel -y
vi /etc/httpd/conf/httpd.conf
Listen 81
NameVirtualHost 127.0.0.1:81
# Define Server document root
DocumentRoot /var/www/html/
# Define the virtual host
ServerName www.yourwebsite.com
ServerAlias yourwebsite.com
DocumentRoot /var/www/yourwebsite.com
Options FollowSymLinks -Includes
AllowOverride All
Order allow,deny
Allow from all
RewriteEngine on
service httpd restart
vi /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1
yum install nginx -y
vi /etc/nginx/nginx.conf
user nobody;
worker_processes 4;
error_log logs/error.log crit;
worker_rlimit_nofile 8192;
events {
worker_connections 1024; # you might need to increase this setting for busy servers
use epoll; # Linux kernels 2.6.x change to epoll
}
http {
server_names_hash_max_size 2048;
server_names_hash_bucket_size 512;
server_tokens off;
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 10;
# Gzip on
gzip on;
gzip_min_length 1100;
gzip_buffers 4 32k;
gzip_types text/plain application/x-javascript text/xml text/css;
# Other configurations
ignore_invalid_headers on;
client_max_body_size 8m;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 4k;
large_client_header_buffers 4 32k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
# Cache most accessed static files
open_file_cache max=10000 inactive=10m;
open_file_cache_valid 2m;
open_file_cache_min_uses 1;
open_file_cache_errors on;
# virtual hosts includes
include “/etc/nginx/conf.d/*.conf”;
}
Then lets create some virtuals hosts:
vi /etc/nginx/conf.d/yourwebsite.com.conf
server {
listen 80;
server_name yourwebsite.com yourwebsite.com;
access_log off;
error_log logs/yourwebsite.com-error_log crit;
location ~* .(gif|jpg|jpeg|png|ico|wmv|3gp|avi|mpg|mpeg|mp4|flv|mp3|mid|js|css|html|htm|wml)$ {
root /var/www/yourwebsite.com;
expires 365d;
}
location / {
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_connect_timeout 30s;
proxy_redirect http://www.yourwebsite.com:81 http://www.yourwebsite.com;
proxy_redirect http://yourwebsite.com:81 http://yourwebsite.com;
proxy_pass http://127.0.0.1:81/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Also you need mod_rpaf, if you want to see client real IP after proxy.
cd /tmp
wget https://github.com/y-ken/mod_rpaf/archive/master.zip
unzip master.zip
cd mod_rpaf-master/
apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c
vi /etc/httpd/conf.d/rpaf.conf
LoadModule rpaf_module modules/mod_rpaf-2.0.so
RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1 YOUR.SERVER.IP
service httpd restart
simple tcp server
#!/usr/bin/env perl
use strict;
use warnings;
use utf8;
use IO::Socket::INET;
use AnyEvent;
use AnyEvent::Util;
$AnyEvent::Util::MAX_FORKS = 15;
my $handled = 0;
$|++;
my $server = IO::Socket::INET->new(
‘Proto’ => ‘tcp’,
‘LocalAddr’ => ‘localhost’,
‘LocalPort’ => 1234,
‘Listen’ => SOMAXCONN,
‘Reuse’ => 1,
) or die “can’t setup server: $!\n”;
print “Listening on localhost:1234\n”;
my $cv = AnyEvent->condvar;
my $w; $w = AnyEvent->io(
fh => \*{ $server },
poll => ‘r’,
cb => sub {
$handled++;
$cv->begin;
fork_call \&handle_connections,
$server->accept,
sub {
my ($client) = @_ ;
print ” – Client $client closed\n”
}
}
);
$cv->recv;
#
# Subroutines
#
sub handle_connections {
my ($client) = @_;
my $host = $client->peerhost;
print “[Accepted connection from $host]\n”;
print $client “Hi, you’re client #$handled\n”;
chomp ( my $input = <$client> );
my $output = reverse $input;
print $client $output, “\n”;
print $client “Bye, bye.\n”;
$cv->end;
return $host;
}
autonomous system IP route info
http://bgp.he.net/AS59642