Google +
Skype
Rss Feed
Facebook
Twitter
YouTube
Flickr
Linked In
WinStart Webbhotell
obs. om du söker winstart
Optimize MySQL database for speed and cpu
Download free tool for checking MySQL optimization: wget http://mysqltuner.pl/ chmod 700 mysqltuner.pl ./mysqltuner.pl ...
+Linux Streamin Server beta page
Streaming bandwidth and storage A broadband speed of 2.5 Mbit/s or more example to an Apple TV, Google TV or a Sony TV Blu-ray Disc Player, 1...
+Photoshop cs5 text effects
high-quality metal 3D text in PhotoshopThis tutorial shows you how to create 3D text and give it a high-quality metal look using only Photoshop....
+Free Favicon Software
Create favicon for your homepage I am creating favicon for my homepage. The best way is to create transparent png 24 bit picture in Photoshop. Click...
+Where to find free images
Here You will find link to sites with nice image…Work started 2012-11-30 03:10 Swedish time… http://all-free-download.com...
+Edit WHMSC invoice
in templates
invoicepdf.tpl
open_basedir eaccelerator
PG(open_basedir) does not exist in eaccelerator.c in 0.9.6.1
So now, you have to do :
Edit this file /usr/local/updatescript/eaccelerator-0.9.6/eaccelerator.c
nano /usr/local/updatescript/eaccelerator-0.9.6.1/eaccelerator.c
Find
Code:
if (php_check_open_basedir(realname TSRMLS_CC)) {
Replace with
Code:
if (php_check_open_basedir(file_handle->filename TSRMLS_CC)) {
And now, I can recompile without error.
Now it works with or without open base dir
witch program on server are using witch port
[root@srv2 bin]# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 2699/./hpiod ///what is that!!!
tcp 0 0 0.0.0.0:xxxx 0.0.0.0:* LISTEN xxxx /lfd Cluster S /// sorry firewall cluster secret
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 2714/dovecot // standard email port
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 2714/dovecot // standard email port
tcp 0 0 0.0.0.0:xxxx0.0.0.0:* LISTEN 2761/sshd // sorry my putty port
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 19263/mysqld // standard
tcp 0 0 94.103.206.58:xxxxx0.0.0.0:* LISTEN 30486/proftpd: weat /// sorry but passive ftp need some ports to be open
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 3999/exim // standard
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 2714/dovecot // standard
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 2714/dovecot // standard
tcp 0 0 127.0.0.1:5xx21 0.0.0.0:* LISTEN 3957/avgtcpd /// check if updated AVG antivirus
tcp 0 0 0.0.0.0:4×5 0.0.0.0:* LISTEN 3999/exim // must this be open
tcp 0 0 127.0.0.1:5xx22 0.0.0.0:* LISTEN 3957/avgtcpd
tcp 0 0 94.103.206.58:53 0.0.0.0:* LISTEN 4907/named // why 4 named processes?
tcp 0 0 192.168.1.22:53 0.0.0.0:* LISTEN 4907/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 4907/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 4907/named
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 3999/exim
tcp 0 0 0.0.0.0:6009 0.0.0.0:* LISTEN 1674/Xorg /// this I do not use any longer!
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 2704/python // must this be on
tcp 0 0 :::xxxxxxx:::* LISTEN 2761/sshd // my secure live line
tcp 0 0 :::587 :::* LISTEN 3999/exim // standard
tcp 0 0 :::2222 :::* LISTEN 12982/directadmin // standard
tcp 0 0 :::80 :::* LISTEN 11744/httpd // standard
tcp 0 0 :::465 :::* LISTEN 3999/exim
tcp 0 0 :::21 :::* LISTEN 4607/proftpd
tcp 0 0 :::25 :::* LISTEN 3999/exim
tcp 0 0 :::6009 :::* LISTEN 1674/Xorg to remove
tcp 0 0 :::443 :::* LISTEN 11744/httpd //standard
udp 0 0 0.0.0.0:xxx0.0.0.0:* 26442/syslogd // sorry system log
udp 0 0 94.103.206.58:53 0.0.0.0:* 4907/named
udp 0 0 192.168.1.22:53 0.0.0.0:* 4907/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 4907/named
today 2013-02-28 23:19 have to sleep writing on tomorrow.. maybe …
security report 2013-02-28
Security hosting report for 2013-02-28
conclusion and advice
- Dovecot Invalid User Login Attempt is mostly brute force attack. But many time users have wrong email setting in mobile phone or computer. I used to block after 10 invalid login (still have on some servers with old users), but the job to explain is taking time and user is frustrated and nobody like to pay for my extra job.
- Dovecot Authentication Success that is ok login.
- Dovecot Aborted Login may bee attempt to compromise but afraid of firewall.
- Dovecot Authentication Failed is brute force attack when email is known, but many time user with wrong password. Sometime user have two email account one is working the other one is with wrong login setting, then the connection and getting email is slow and the user may be temporary block by active response from server.
Security conclusion and advice
Information I have been with computer since Commodore 64, on Internet since 1993 and have hosting company since 1998, have Military Academy behind me and security is my passion 
The crime on Internet is raising in hyperbolic scale. When doing attack on other sites and email account real IP are NEVER used! Now-days bad patched WordPress, Joomla or other widely used scripts are used as proxy for attack. There are 100 000 and more old installation that can be used for massive attack initiated from very good hidden place (IP) – many time hijacked WiFi wireless connection.
What is brute force attack?
I take example for email but that can bee used on other thing to. If someone know you email address it is no problem to find your mail server! Just ask Google or put your email here http://mxtoolbox.com/blacklists.aspx the site is deserving credit because they are giving many good tools for free.
The bad patched widely used CMS scripts are used as bridge for automatic brute force scripts. The access to old CMS installation, compromised plugin or extension is easy to get “just search Google with that version”. So called nulled scripts and free template and themes do often have hi-tech crime control panels included and users are uploading them to their server and giving full access whiteout knowing! the script is then sending email or whatever about its url location!
Ok then from this places scripts are working day and night with trying to login to your email account! Your user name is “name” or “name@yourdomain” and most email server response with “user unknown” . There most used password is very known I think “password” is the most used password . You know how to find Just ask big brother how know everyting .
So scripts are trying with common used password and some sensitiv script can even know when they are partial right. I think it take about 1000 try to get in to email with ordinary password and ordinary web hosting server protection, and that is usually done in less then 24 hour!
This kind off attack when massive password tryout is used is called brute force attack
So what can person do with your email account?
Well person are not doing still automatic scripts are doing. Your email are scanned for bank account letters. Usually banks do not send password by mail (guess why . Most user do have all email online with imap so the can access from all devices and webmail (and that is not wrong to do). By knowing your domain or visiting your site your time zone is known! About 3 to 5 in the morning procedure for creating new password is activated on your bank site. By the morning you have no money or even worse your in maximum dept on all your credits, and have new credits, it is so easy to get now days 
Error Crime is about money and is there easy and secure way to do that. It just take some time to educate “right” people for the job. Now they are developing new knowledge and having own education institution with master degree and developing new products. That is the reason why it started and still is very slowly but the growth is exponential … well I will do diagram on it
How to protect your mail account and some website advice in importance order!
- Use strong password with at least 9 characters and strange characters like 75%U8#6fn.
- Update your operating system and email client (always up to date).
- Use good updated antivirus. Even if you are using Mac computer! Because treats are coming but like the diagram up there.
- Ask your hosting company if they have some protection against brute force attack! It can be temporary blocking for 3 min that is enough (but that will impact on user friendliness and support request to hosting company).
- Use secure connection when ever you can (there are not many attack today, but ones they find easy way).
- Do not save password for email or ftp account in simple text file, use some program for that.
- Do not save username with password.
- Do not use illegal software or template, do not use “free” template, themes for your site. Even if you do not have business site it can be used as bridge to brute force bank accounts!
- Update your WordPress or other CMS, and plugin, etc. Most updates are security patches!
There is lot more to add and I can for shore write better, but I am limited by my free time… hope this will help someone.
Optimize MySQL database for speed and cpu
Server
Download free tool for checking MySQL optimization:
|
1 2 3 |
wget http://mysqltuner.pl/ chmod 700 mysqltuner.pl ./mysqltuner.pl |
UFW – Uncomplicated Firewall
hosts.allow and hosts.deny
Hosting
hosts.allow, hosts.deny
These two files in /etc are a common place for storing rules about who you want to allow to connect
to the services on your server. +
