Category Archives: Uncategorized

monitor IP connections per IP

Leave a reply

#!/bin/bash
# IP BAN v. 1.0.0

WORK_DIR='/root/ddos'
IGNORE_IP_LIST="$WORK_DIR/ignoreip"
BLOCKED_IP_LIST="$WORK_DIR/blockedip"
LOG_FILE="$WORK_DIR/ban.log"

NO_OF_CONNECTIONS=20
APF_BAN=0
KILL=1

add__cron()
{
set="$(readlink -f "$0")"

if [ ! -f $WORK_DIR/ddos.sh ]; then
# mkdir /root/ddos >/dev/null 2>&1
cp $set $WORK_DIR/ddos.sh
chmod +x $WORK_DIR/ddos.sh
fi
if [ ! -f /etc/cron.d/check_ddos ]; then
echo "* * * * * root $WORK_DIR/ddos.sh >/dev/null 2>&1" > /etc/cron.d/check_ddos
fi

}
mk_ignore()
{
if [ ! -d "$WORK_DIR" ]; then
mkdir $WORK_DIR
fi
if [ ! -f $WORK_DIR/systemip ]; then
ip addr show | grep -w inet | awk '{ print $2 }' | cut -d"/" -f1 > $WORK_DIR/systemip
echo "0.0.0.0" >> $WORK_DIR/systemip
fi

}

prog_check()
{
if ! which netstat >/dev/null; then
apt-get install net-tools
fi
}

prog_check
mk_ignore
add__cron
TMP_PREFIX='/tmp/ddos'
TMP_FILE=`mktemp $TMP_PREFIX.XXXXXXXX`
SYSIP="$WORK_DIR/systemip"

BAD_IP_LIST="$TMP_FILE"
netstat -an | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | sort | uniq -c | sort -nr > $BAD_IP_LIST
if [ $KILL -eq 1 ]; then
IP_BAN_NOW=0
while read line; do
CURR_LINE_CONN=$(echo $line | cut -d" " -f1)
CURR_LINE_IP=$(echo $line | cut -d" " -f2)
if [ $CURR_LINE_CONN -lt $NO_OF_CONNECTIONS ]; then
break
fi
IGNORE_BAN=`grep -c $CURR_LINE_IP $IGNORE_IP_LIST`
IGNORE_BAN2=`grep -c $CURR_LINE_IP $SYSIP`
IGNORE_BAN3=`grep -c $CURR_LINE_IP $BLOCKED_IP_LIST`

if [[ $IGNORE_BAN -ge 1 || $IGNORE_BAN2 -ge 1 || $IGNORE_BAN3 -ge 1 ]] ; then
continue
fi
IP_BAN_NOW=1
dt=$(date '+%Y/%m/%d %H:%M:%S');
echo "$CURR_LINE_IP was blocked at $dt" >> $LOG_FILE
echo $CURR_LINE_IP >> $BLOCKED_IP_LIST
if [ $APF_BAN -eq 1 ]; then
$APF -d $CURR_LINE_IP
else
echo $CURR_LINE_IP
/sbin/iptables -I INPUT 1 -s $CURR_LINE_IP -j DROP
/sbin/iptables -I OUTPUT 1 -d $CURR_LINE_IP -j DROP
fi
done < $BAD_IP_LIST fi rm -f $TMP_PREFIX.*

php apc cache magento

Leave a reply

extension = apc.so

[APC]
apc.enabled = 1
apc.optimization = 0
apc.shm_segments = 1
apc.shm_size = 128
apc.ttl = 7200
apc.user_ttl = 7200
apc.num_files_hint = 1024
apc.mmap_file_mask = /tmp/apc.XXXXXX
apc.enable_cli = 1
apc.cache_by_default = 1
apc.max_file_size = 10M
apc.stat = 1
;apc.include_once_override = 1

coovachilli

Leave a reply

CoovaChilli is a feature rich software access controller that provides a captive portal / walled-garden environment and uses RADIUS or a HTTP protocol for access provisioning and accounting. CoovaChilli is an integral part of the CoovaAP OpenWRT-based firmware which is specialized for hotspots. For more information on how Coova’s Chilli differs from the standard ChilliSpot.

track wiki

Leave a reply

Trac is an enhanced wiki and issue tracking system for software development projects. Trac uses a minimalistic approach to web-based software project management. Our mission is to help developers write great software while staying out of the way. Trac should impose as little as possible on a team’s established development process and policies.
Trac allows wiki markup in issue descriptions and commit messages, creating links and seamless references between bugs, tasks, changesets, files and wiki pages

vim: It requires “if_lua” enabled Vim(7.3.885 or above).

Leave a reply

hg clone https://vim.googlecode.com/hg/ vim
cd vim
./lua.sh

vi lua.sh:
#!/bin/bash
# on centos minimal

yum install -y gcc
yum install -y make
yum install -y ncurses-devel
yum install -y lua lua-devel
yum install -y ruby ruby-devel
yum install -y python python-devel
yum install -y perl perl-devel

# vim7.3
./configure --disable-selinux \
--enable-luainterp \
--enable-perlinterp \
--enable-pythoninterp \
--enable-python3interp \
--enable-tclinterp \
--enable-rubyinterp \
--enable-multibyte \
--disable-gui \
--with-features=huge \
[email protected]

make
make install

nginx as reverse proxy for apache

Leave a reply

yum install httpd httpd-devel -y

vi /etc/httpd/conf/httpd.conf
Listen 81
NameVirtualHost 127.0.0.1:81

# Define Server document root
DocumentRoot /var/www/html/

# Define the virtual host

ServerName www.yourwebsite.com
ServerAlias yourwebsite.com
DocumentRoot /var/www/yourwebsite.com

Options FollowSymLinks -Includes
AllowOverride All
Order allow,deny
Allow from all

RewriteEngine on

service httpd restart

vi /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

yum install nginx -y
vi /etc/nginx/nginx.conf

user nobody;
worker_processes 4;
error_log logs/error.log crit;

worker_rlimit_nofile 8192;

events {
worker_connections 1024; # you might need to increase this setting for busy servers
use epoll; # Linux kernels 2.6.x change to epoll
}

http {
server_names_hash_max_size 2048;
server_names_hash_bucket_size 512;

server_tokens off;

include mime.types;
default_type application/octet-stream;

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 10;

# Gzip on
gzip on;
gzip_min_length 1100;
gzip_buffers 4 32k;
gzip_types text/plain application/x-javascript text/xml text/css;

# Other configurations
ignore_invalid_headers on;
client_max_body_size 8m;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 4k;
large_client_header_buffers 4 32k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;

# Cache most accessed static files
open_file_cache max=10000 inactive=10m;
open_file_cache_valid 2m;
open_file_cache_min_uses 1;
open_file_cache_errors on;

# virtual hosts includes
include “/etc/nginx/conf.d/*.conf”;

}

Then lets create some virtuals hosts:

vi /etc/nginx/conf.d/yourwebsite.com.conf

server {
listen 80;
server_name yourwebsite.com yourwebsite.com;
access_log off;
error_log logs/yourwebsite.com-error_log crit;

location ~* .(gif|jpg|jpeg|png|ico|wmv|3gp|avi|mpg|mpeg|mp4|flv|mp3|mid|js|css|html|htm|wml)$ {
root /var/www/yourwebsite.com;
expires 365d;
}

location / {
client_max_body_size 10m;
client_body_buffer_size 128k;

proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_connect_timeout 30s;

proxy_redirect http://www.yourwebsite.com:81 http://www.yourwebsite.com;
proxy_redirect http://yourwebsite.com:81 http://yourwebsite.com;

proxy_pass http://127.0.0.1:81/;

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

Also you need mod_rpaf, if you want to see client real IP after proxy.

cd /tmp
wget https://github.com/y-ken/mod_rpaf/archive/master.zip
unzip master.zip
cd mod_rpaf-master/
apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c

vi /etc/httpd/conf.d/rpaf.conf

LoadModule rpaf_module modules/mod_rpaf-2.0.so

RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1 YOUR.SERVER.IP

service httpd restart

simple tcp server

Leave a reply

#!/usr/bin/env perl
use strict;
use warnings;
use utf8;

use IO::Socket::INET;
use AnyEvent;
use AnyEvent::Util;
$AnyEvent::Util::MAX_FORKS = 15;

my $handled = 0;
$|++;

my $server = IO::Socket::INET->new(
‘Proto’ => ‘tcp’,
‘LocalAddr’ => ‘localhost’,
‘LocalPort’ => 1234,
‘Listen’ => SOMAXCONN,
‘Reuse’ => 1,
) or die “can’t setup server: $!\n”;
print “Listening on localhost:1234\n”;

my $cv = AnyEvent->condvar;
my $w; $w = AnyEvent->io(
fh => \*{ $server },
poll => ‘r’,
cb => sub {
$handled++;
$cv->begin;
fork_call \&handle_connections,
$server->accept,
sub {
my ($client) = @_ ;
print ” – Client $client closed\n”
}
}
);
$cv->recv;

#
# Subroutines
#
sub handle_connections {
my ($client) = @_;

my $host = $client->peerhost;
print “[Accepted connection from $host]\n”;

print $client “Hi, you’re client #$handled\n”;
chomp ( my $input = <$client> );
my $output = reverse $input;
print $client $output, “\n”;
print $client “Bye, bye.\n”;

$cv->end;
return $host;
}