Never been to DZone Snippets before?

Snippets is a public source code repository. Easily build up your personal collection of code snippets, categorize them with tags / keywords, and share them with the world

« Newer Snippets
Older Snippets »
Showing 1-10 of 17 total  RSS 

Search for terms in Domlogs

How to search for certain terms in your Domlogs, using SSH.

for files in /usr/local/apache/domlogs/*; do grep "wget" $files; done;


-OR-

cd /usr/local/apache/domlogs
grep wget *
grep lynx *
grep curl *


Replace wget with other file names/terms you might want to search for.

If that takes too long, try doing it one by one:

grep wget a*
grep wget b*
grep wget c*
grep wget d*
grep wget e*
grep wget f*
grep wget g*
grep wget h*
grep wget i*
grep wget j*
grep wget k*
grep wget l*
grep wget m*
grep wget n*
grep wget o*
grep wget p*
grep wget q*
grep wget r*
grep wget s*
grep wget t*
grep wget v*
grep wget w*
grep wget x*
grep wget y*
grep wget z*


Alternatively, if you get an error like "Argument list too long":

for i in `ls /usr/local/apache/domlogs|grep -v 'bytes_log'`; do echo "checking on $i" && grep wget /usr/local/apache/domlogs/$i && grep lynx /usr/local/apache/domlogs/$i && grep curl /usr/local/apache/domlogs/$i; done > /root/grep-domlogs-results.txt

Then simply take a look at this file /root/grep-domlogs-results.txt
to ssh servers by nothingless on Jan 21, 2006

Looking up recent dictionary attacks

Use the code below to look up what words were used in recent dictionary attacks using SSH.

grep "dictionary attack" /var/log/exim_mainlog
to ssh servers by nothingless on Jan 21, 2006

Looking into DOS and DDOS Attacks

A good guide to what to do when your server is attacked.

top -d2
netstat -nap | grep SYN | wc -l
netstat -nap | less


If there are many httpd processes showing up after step 1, you might be under attack. If you get high numbers for the second one, you are almost definitely under attack. Use the third one to see the IP addresses, and then ban them from the server:

iptables -A INPUT -s ip.address -j DROP


Also try the following for fixing stuff:
cd /dev/shm
ls


And delete anything that's not supposed to be there.

locate bindz
locate botnet.txt
locate dc
locate ex0.pl
locate kaiten
locate r0nin
locate udp.pl
locate ...
lsof | grep .,
locate mybot
to ssh servers by nothingless on Jan 21, 2006

Ban IPs from a server

Use the code below to permanently ban an IP address from accessing your server.

iptables -A INPUT -s ip.address -j DROP
to ssh servers by nothingless on Jan 21, 2006

How to tail logs

tail -200 /var/log/exim_mainlog
tail -200 /usr/local/apache/logs/error_log


To watch the log get updated in real time:

tail -f /var/log/messages
to ssh servers by nothingless on Jan 21, 2006

How To Manually Update Cpanel

/scripts/upcp

/scripts/upcp --force
to ssh servers by nothingless on Jan 21, 2006

How To Restart Services

Restart Apache:
service httpd restart


Restart Services:
service chkservd restart


Restart Cpanel:
/etc/init.d/cpanel restart


Restart Bind:
service named start


Run anything in /scripts:
./scriptname
to ssh servers by nothingless on Jan 21, 2006

How To Locate Files

lsof | grep searchterm
to ssh servers by nothingless on Jan 21, 2006

How To Fix Bandwidth Updating

If bandwidth stats aren't updating:

/scripts/runweblogs username
/scripts/runlogsnow
to ssh servers by nothingless on Jan 21, 2006

How To Fix 403 Errors for public_html

If all the public_html folders got their permissions wrong:
chmod 755 /home/*/public_html
to ssh servers by nothingless on Jan 21, 2006
« Newer Snippets
Older Snippets »
Showing 1-10 of 17 total  RSS