DZone Snippets: servers code http://snippets.dzone.com/posts Fri, 29 Aug 2008 02:46:45 GMT DZone Snippets: servers code Search for terms in Domlogs http://snippets.dzone.com/posts/show/1258 How to search for certain terms in your Domlogs, using SSH. <br /> <br /><code>for files in /usr/local/apache/domlogs/*; do grep "wget" $files; done; <br /></code> <br /> <br />-OR- <br /> <br /><code>cd /usr/local/apache/domlogs <br />grep wget * <br />grep lynx * <br />grep curl * <br /></code> <br /> <br />Replace wget with other file names/terms you might want to search for. <br /> <br />If that takes too long, try doing it one by one: <br /> <br /><code>grep wget a* <br />grep wget b* <br />grep wget c* <br />grep wget d* <br />grep wget e* <br />grep wget f* <br />grep wget g* <br />grep wget h* <br />grep wget i* <br />grep wget j* <br />grep wget k* <br />grep wget l* <br />grep wget m* <br />grep wget n* <br />grep wget o* <br />grep wget p* <br />grep wget q* <br />grep wget r* <br />grep wget s* <br />grep wget t* <br />grep wget v* <br />grep wget w* <br />grep wget x* <br />grep wget y* <br />grep wget z* <br /></code> <br /> <br />Alternatively, if you get an error like "Argument list too long": <br /> <br /><code>for i in `ls /usr/local/apache/domlogs|grep -v 'bytes_log'`; do echo "checking on $i" && grep wget /usr/local/apache/domlogs/$i && grep lynx /usr/local/apache/domlogs/$i && grep curl /usr/local/apache/domlogs/$i; done > /root/grep-domlogs-results.txt</code> <br />Then simply take a look at this file /root/grep-domlogs-results.txt <br /> Sat, 21 Jan 2006 21:42:18 GMT http://snippets.dzone.com/posts/show/1258 nothingless (Sasha) Looking up recent dictionary attacks http://snippets.dzone.com/posts/show/1254 Use the code below to look up what words were used in recent dictionary attacks using SSH. <br /> <br /><code> <br />grep "dictionary attack" /var/log/exim_mainlog <br /></code> Sat, 21 Jan 2006 21:40:04 GMT http://snippets.dzone.com/posts/show/1254 nothingless (Sasha) Looking into DOS and DDOS Attacks http://snippets.dzone.com/posts/show/1253 <a href="http://etechsupport.net/forum/showthread.php?t=434">A good guide to what to do when your server is attacked</a>. <br /> <br /><code>top -d2 <br />netstat -nap | grep SYN | wc -l <br />netstat -nap | less <br /></code> <br /> <br />If there are many httpd processes showing up after step 1, you might be under attack. If you get high numbers for the second one, you are almost definitely under attack. Use the third one to see the IP addresses, and then ban them from the server: <br /> <br /><code>iptables -A INPUT -s ip.address -j DROP <br /></code> <br /> <br />Also try the following for fixing stuff: <br /><code>cd /dev/shm <br />ls <br /></code> <br /> <br />And delete anything that's not supposed to be there. <br /> <br /><code>locate bindz <br />locate botnet.txt <br />locate dc <br />locate ex0.pl <br />locate kaiten <br />locate r0nin <br />locate udp.pl <br />locate ... <br />lsof | grep ., <br />locate mybot <br /></code> Sat, 21 Jan 2006 21:39:44 GMT http://snippets.dzone.com/posts/show/1253 nothingless (Sasha) Ban IPs from a server http://snippets.dzone.com/posts/show/1252 Use the code below to permanently ban an IP address from accessing your server. <br /> <br /><code> <br />iptables -A INPUT -s ip.address -j DROP <br /></code> Sat, 21 Jan 2006 21:38:45 GMT http://snippets.dzone.com/posts/show/1252 nothingless (Sasha) How to tail logs http://snippets.dzone.com/posts/show/1251 <code> <br />tail -200 /var/log/exim_mainlog <br />tail -200 /usr/local/apache/logs/error_log <br /></code> <br /> <br />To watch the log get updated in real time: <br /> <br /><code>tail -f /var/log/messages </code> Sat, 21 Jan 2006 21:38:25 GMT http://snippets.dzone.com/posts/show/1251 nothingless (Sasha) How To Manually Update Cpanel http://snippets.dzone.com/posts/show/1228 <code> <br />/scripts/upcp <br /> <br />/scripts/upcp --force <br /></code> Sat, 21 Jan 2006 21:27:20 GMT http://snippets.dzone.com/posts/show/1228 nothingless (Sasha) How To Restart Services http://snippets.dzone.com/posts/show/1227 Restart Apache: <br /><code>service httpd restart <br /></code> <br /> <br />Restart Services: <br /><code>service chkservd restart <br /></code> <br /> <br />Restart Cpanel: <br /><code>/etc/init.d/cpanel restart <br /></code> <br /> <br />Restart Bind: <br /><code>service named start <br /></code> <br /> <br />Run anything in /scripts: <br /><code>./scriptname <br /></code> Sat, 21 Jan 2006 21:26:58 GMT http://snippets.dzone.com/posts/show/1227 nothingless (Sasha) How To Locate Files http://snippets.dzone.com/posts/show/1226 <code> <br />lsof | grep searchterm <br /></code> Sat, 21 Jan 2006 21:26:07 GMT http://snippets.dzone.com/posts/show/1226 nothingless (Sasha) How To Fix Bandwidth Updating http://snippets.dzone.com/posts/show/1225 If bandwidth stats aren't updating: <br /> <br /><code> <br />/scripts/runweblogs username <br />/scripts/runlogsnow <br /></code> Sat, 21 Jan 2006 21:25:49 GMT http://snippets.dzone.com/posts/show/1225 nothingless (Sasha) How To Fix 403 Errors for public_html http://snippets.dzone.com/posts/show/1224 If all the public_html folders got their permissions wrong: <br /><code> <br />chmod 755 /home/*/public_html <br /></code> Sat, 21 Jan 2006 21:25:28 GMT http://snippets.dzone.com/posts/show/1224 nothingless (Sasha)