Category Archives: Uncategorized

monitor IP connections per IP

#!/bin/bash
# IP BAN v. 1.0.0

WORK_DIR='/root/ddos'
IGNORE_IP_LIST="$WORK_DIR/ignoreip"
BLOCKED_IP_LIST="$WORK_DIR/blockedip"
LOG_FILE="$WORK_DIR/ban.log"

NO_OF_CONNECTIONS=20
APF_BAN=0
KILL=1

add__cron()
{
set="$(readlink -f "$0")"

if [ ! -f $WORK_DIR/ddos.sh ]; then
# mkdir /root/ddos >/dev/null 2>&1
cp $set $WORK_DIR/ddos.sh
chmod +x $WORK_DIR/ddos.sh
fi
if [ ! -f /etc/cron.d/check_ddos ]; then
echo "* * * * * root $WORK_DIR/ddos.sh >/dev/null 2>&1" > /etc/cron.d/check_ddos
fi

}
mk_ignore()
{
if [ ! -d "$WORK_DIR" ]; then
mkdir $WORK_DIR
fi
if [ ! -f $WORK_DIR/systemip ]; then
ip addr show | grep -w inet | awk '{ print $2 }' | cut -d"/" -f1 > $WORK_DIR/systemip
echo "0.0.0.0" >> $WORK_DIR/systemip
fi

}

prog_check()
{
if ! which netstat >/dev/null; then
apt-get install net-tools
fi
}

prog_check
mk_ignore
add__cron
TMP_PREFIX='/tmp/ddos'
TMP_FILE=`mktemp $TMP_PREFIX.XXXXXXXX`
SYSIP="$WORK_DIR/systemip"

BAD_IP_LIST="$TMP_FILE"
netstat -an | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | sort | uniq -c | sort -nr > $BAD_IP_LIST
if [ $KILL -eq 1 ]; then
IP_BAN_NOW=0
while read line; do
CURR_LINE_CONN=$(echo $line | cut -d" " -f1)
CURR_LINE_IP=$(echo $line | cut -d" " -f2)
if [ $CURR_LINE_CONN -lt $NO_OF_CONNECTIONS ]; then
break
fi
IGNORE_BAN=`grep -c $CURR_LINE_IP $IGNORE_IP_LIST`
IGNORE_BAN2=`grep -c $CURR_LINE_IP $SYSIP`
IGNORE_BAN3=`grep -c $CURR_LINE_IP $BLOCKED_IP_LIST`

if [[ $IGNORE_BAN -ge 1 || $IGNORE_BAN2 -ge 1 || $IGNORE_BAN3 -ge 1 ]] ; then
continue
fi
IP_BAN_NOW=1
dt=$(date '+%Y/%m/%d %H:%M:%S');
echo "$CURR_LINE_IP was blocked at $dt" >> $LOG_FILE
echo $CURR_LINE_IP >> $BLOCKED_IP_LIST
if [ $APF_BAN -eq 1 ]; then
$APF -d $CURR_LINE_IP
else
echo $CURR_LINE_IP
/sbin/iptables -I INPUT 1 -s $CURR_LINE_IP -j DROP
/sbin/iptables -I OUTPUT 1 -d $CURR_LINE_IP -j DROP
fi
done < $BAD_IP_LIST fi rm -f $TMP_PREFIX.*

php apc cache magento

extension = apc.so

[APC]
apc.enabled = 1
apc.optimization = 0
apc.shm_segments = 1
apc.shm_size = 128
apc.ttl = 7200
apc.user_ttl = 7200
apc.num_files_hint = 1024
apc.mmap_file_mask = /tmp/apc.XXXXXX
apc.enable_cli = 1
apc.cache_by_default = 1
apc.max_file_size = 10M
apc.stat = 1
;apc.include_once_override = 1

coovachilli

CoovaChilli is a feature rich software access controller that provides a captive portal / walled-garden environment and uses RADIUS or a HTTP protocol for access provisioning and accounting. CoovaChilli is an integral part of the CoovaAP OpenWRT-based firmware which is specialized for hotspots. For more information on how Coova’s Chilli differs from the standard ChilliSpot.

track wiki

Trac is an enhanced wiki and issue tracking system for software development projects. Trac uses a minimalistic approach to web-based software project management. Our mission is to help developers write great software while staying out of the way. Trac should impose as little as possible on a team’s established development process and policies.
Trac allows wiki markup in issue descriptions and commit messages, creating links and seamless references between bugs, tasks, changesets, files and wiki pages

vim: It requires “if_lua” enabled Vim(7.3.885 or above).

hg clone https://vim.googlecode.com/hg/ vim
cd vim
./lua.sh

vi lua.sh:
#!/bin/bash
# on centos minimal

yum install -y gcc
yum install -y make
yum install -y ncurses-devel
yum install -y lua lua-devel
yum install -y ruby ruby-devel
yum install -y python python-devel
yum install -y perl perl-devel

# vim7.3
./configure --disable-selinux \
--enable-luainterp \
--enable-perlinterp \
--enable-pythoninterp \
--enable-python3interp \
--enable-tclinterp \
--enable-rubyinterp \
--enable-multibyte \
--disable-gui \
--with-features=huge \
[email protected]

make
make install

nginx as reverse proxy for apache

yum install httpd httpd-devel -y

vi /etc/httpd/conf/httpd.conf
Listen 81
NameVirtualHost 127.0.0.1:81

# Define Server document root
DocumentRoot /var/www/html/

# Define the virtual host

ServerName www.yourwebsite.com
ServerAlias yourwebsite.com
DocumentRoot /var/www/yourwebsite.com

Options FollowSymLinks -Includes
AllowOverride All
Order allow,deny
Allow from all

RewriteEngine on

service httpd restart

vi /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

yum install nginx -y
vi /etc/nginx/nginx.conf

user nobody;
worker_processes 4;
error_log logs/error.log crit;

worker_rlimit_nofile 8192;

events {
worker_connections 1024; # you might need to increase this setting for busy servers
use epoll; # Linux kernels 2.6.x change to epoll
}

http {
server_names_hash_max_size 2048;
server_names_hash_bucket_size 512;

server_tokens off;

include mime.types;
default_type application/octet-stream;

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 10;

# Gzip on
gzip on;
gzip_min_length 1100;
gzip_buffers 4 32k;
gzip_types text/plain application/x-javascript text/xml text/css;

# Other configurations
ignore_invalid_headers on;
client_max_body_size 8m;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 4k;
large_client_header_buffers 4 32k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;

# Cache most accessed static files
open_file_cache max=10000 inactive=10m;
open_file_cache_valid 2m;
open_file_cache_min_uses 1;
open_file_cache_errors on;

# virtual hosts includes
include “/etc/nginx/conf.d/*.conf”;

}

Then lets create some virtuals hosts:

vi /etc/nginx/conf.d/yourwebsite.com.conf

server {
listen 80;
server_name yourwebsite.com yourwebsite.com;
access_log off;
error_log logs/yourwebsite.com-error_log crit;

location ~* .(gif|jpg|jpeg|png|ico|wmv|3gp|avi|mpg|mpeg|mp4|flv|mp3|mid|js|css|html|htm|wml)$ {
root /var/www/yourwebsite.com;
expires 365d;
}

location / {
client_max_body_size 10m;
client_body_buffer_size 128k;

proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_connect_timeout 30s;

proxy_redirect http://www.yourwebsite.com:81 http://www.yourwebsite.com;
proxy_redirect http://yourwebsite.com:81 http://yourwebsite.com;

proxy_pass http://127.0.0.1:81/;

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

Also you need mod_rpaf, if you want to see client real IP after proxy.

cd /tmp
wget https://github.com/y-ken/mod_rpaf/archive/master.zip
unzip master.zip
cd mod_rpaf-master/
apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c

vi /etc/httpd/conf.d/rpaf.conf

LoadModule rpaf_module modules/mod_rpaf-2.0.so

RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1 YOUR.SERVER.IP

service httpd restart

simple tcp server

#!/usr/bin/env perl
use strict;
use warnings;
use utf8;

use IO::Socket::INET;
use AnyEvent;
use AnyEvent::Util;
$AnyEvent::Util::MAX_FORKS = 15;

my $handled = 0;
$|++;

my $server = IO::Socket::INET->new(
‘Proto’ => ‘tcp’,
‘LocalAddr’ => ‘localhost’,
‘LocalPort’ => 1234,
‘Listen’ => SOMAXCONN,
‘Reuse’ => 1,
) or die “can’t setup server: $!\n”;
print “Listening on localhost:1234\n”;

my $cv = AnyEvent->condvar;
my $w; $w = AnyEvent->io(
fh => \*{ $server },
poll => ‘r’,
cb => sub {
$handled++;
$cv->begin;
fork_call \&handle_connections,
$server->accept,
sub {
my ($client) = @_ ;
print ” – Client $client closed\n”
}
}
);
$cv->recv;

#
# Subroutines
#
sub handle_connections {
my ($client) = @_;

my $host = $client->peerhost;
print “[Accepted connection from $host]\n”;

print $client “Hi, you’re client #$handled\n”;
chomp ( my $input = <$client> );
my $output = reverse $input;
print $client $output, “\n”;
print $client “Bye, bye.\n”;

$cv->end;
return $host;
}