shukko·exim queue için yorumlar kapalı


if the message is frozen

exim -bpru|grep frozen|awk {'print $3'}|xargs exim -Mrm

if the message is <>

exim -bpru|grep '<>'|awk {'print $3'}|xargs exim -Mrm

if all

exim -bpru|awk {'print $3'}|xargs exim -Mrm

shukko·cd romu olmayan servera centos kurmak icin usb flash stick hazirlamak için yorumlar kapalı

cd romu olmayan servera centos kurmak icin usb flash stick hazirlamak

1- http://www.chrysocome.net/dd

adresinden dd.exe nin en son surumu indirilir

2- http://mirror.centos.org/centos/5.1/os/x86_64/images/

adresinden diskboot.img dosyasi indirilir

3- USB disk bilgisayara takilir

4- cmd ile dd.exe nin bulundugu dizine gidilir

dd –list denerek usb diskin nerede mount edilmis oldugu bulunur.

5- asagidaki ornekde usb disk c: de mount edilmis.

buna gore diskboot.img dosyamizi c: de bulunan usb diskimize yazalim.

dd if=diskboot.img of=\\.\C: –progress

shukko·retry time not reached for any host after a long failure period için yorumlar kapalı


This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients.

This is a permanent error.

The following address(es) failed: sdsaddsaasd@tofas.com.tr retry time not reached for any host after a long failure period

------ This is a copy of the message, including all the headers. ------

Return-path: Received: from apache by cokfena.supermailsunucusu.com with local (Exim 4.64)

(envelope-from ) id 1JqSkh-0002yK-K9 for sdsaddsaasd@tofas.com.tr; M

on, 28 Apr 2008 15:46:39 +0300 To: sdsaddsaasd@tofas.com.tr

Subject: sdsdds

X-PHP-Script: www.sahanebirdomain.com/webmail/index.php for 212.167.224.101

MIME-Version: 1.0 Date: Mon, 28 Apr 2008 15:46:39 +0300 From: Message-ID:

<55d2f57c7c883c51f38cb8eeb4e0fb64@localhost> X-Sender: mail@gonderen.com

User-Agent: ULTRA DELI Webmail/0.1-rc2 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit

sdds

EXIM Bir gun birden bire tum domainlere mail atarken 1 tek domaine mail atmamaya baslarsa

ve maili atar atmaz yukaridaki hata mesaji geri geliyorsa

ancak konsoldan patir patir smtp serverina baglanip islem yapilip

dns de en ufak sorun yok olup mx ler cillop gibiyse…

anlaki eximin /var/spool/exim/db altindaki

-rw-r—– 1 mail mail 12288 Apr 28 16:01 retry
-rw-r—– 1 mail mail 0 Apr 28 15:58 retry.lockfile
-rw-r—– 1 mail mail 12288 Apr 28 16:06 wait-remote_smtp
-rw-r—– 1 mail mail 0 Apr 28 15:58 wait-remote_smtp.lockfile

dosyalarina bir haller olmustur.

Emin ol corruption eninde sonunda hepimizin basina bir gun gelicektir.

Anti corrupt olmaya ne gerek var…

ne yapmak gerekir.

1-delete all under exim db folder

2- delete al queued msgs ( fuk them all)

3- delete all msg logs

4- delete yourself ( can you? ) YES I CAN ..

reboot et birde ciksin kokusu …

shukko·basic pfctl control için yorumlar kapalı


# basic pfctl control
# ==
# This document: http://www.rdrs.net/document/
# Related: http://www.OpenBSD.org
# Last update: Tue Dec 28, 2004
# ==
# Note:
# this document is only provided as a basic overview
# for some common pfctl commands and is by no means
# a replacement for the pfctl and pf manual pages.

#### General PFCTL Commands ####
# pfctl -d disable packet-filtering
# pfctl -e enable packet-filtering
# pfctl -q run quiet
# pfctl -v -v run even more verbose

#### Loading PF Rules ####
# pfctl -f /etc/pf.conf load /etc/pf.conf
# pfctl -n -f /etc/pf.conf parse /etc/pf.conf, but dont load it
# pfctl -R -f /etc/pf.conf load only the FILTER rules
# pfctl -N -f /etc/pf.conf load only the NAT rules
# pfctl -O -f /etc/pf.conf load only the OPTION rules

#### Clearing PF Rules & Counters ####
# pfctl -F all flush ALL
# pfctl -F rules flush only the RULES
# pfctl -F queue flush only queue's
# pfctl -F nat flush only NAT
# pfctl -F info flush all stats that are not part of any rule.
# pfctl -z clear all counters
# note: flushing rules do not touch any existing stateful connections

#### Output PF Information ####
# pfctl -s rules show filter information
# pfctl -v -s rules show filter information for what FILTER rules hit..
# pfctl -vvsr show filter information as above and prepend rule numbers
# pfctl -v -s nat show NAT information, for which NAT rules hit..
# pfctl -s nat -i xl1 show NAT information for interface xl1
# pfctl -s queue show QUEUE information
# pfctl -s label show LABEL information
# pfctl -s state show contents of the STATE table
# pfctl -s info show statistics for state tables and packet normalization
# pfctl -s all show everything

#### Maintaining PF Tables ####
# pfctl -t addvhosts -T show show table addvhosts
# pfctl -vvsTables view global information about all tables
# pfctl -t addvhosts -T add 192.168.1.50 add entry to table addvhosts
# pfctl -t addvhosts -T add 192.168.1.0/16 add a network to table addvhosts
# pfctl -t addvhosts -T delete 192.168.1.0/16 delete nework from table addvhosts
# pfctl -t addvhosts -T flush remove all entries from table addvhosts
# pfctl -t addvhosts -T kill delete table addvhosts entirely
# pfctl -t addvhosts -T replace -f /etc/addvhosts reload table addvhosts on the fly
# pfctl -t addvhosts -T test 192.168.1.40 find ip address 192.168.1.40 in table addvhosts
# pfctl -T load -f /etc/pf.conf load a new table definition
# pfctl -t addvhosts -T show -v output stats for each ip address in table addvhosts
# pfctl -t addvhosts -T zero reset all counters for table addvhosts

shukko·How to create a full backup of all accounts via the command line. için yorumlar kapalı

If your server is on it’s way to being full dead, or your license has expired, you can still create backups via the command line. To do so, run the following command:


echo "action=backup&local%5Fpath=%2Fhome%2Fadmin%2Fadmin%5Fbackups%32&owner=admin&type=admin&value=multiple&when=now&where=local&who=all" >> /usr/local/directadmin/data/task.queue

And make sure that the dataskq is running by checking /var/log/cron. If it isn’t you can run the dataskq manually to create the backups:

/usr/local/directadmin/dataskq d200

This will create all backups in /home/admin/admin_backups, assuming there is enough of a system left to do so.

shukko·Steps for changing server ip and creating images. için yorumlar kapalı


Steps for changing server ip and creating images.**** Change server ip ****
Boot the server with the new server ip. (the new one you want to use)
DirectAdmin will not be running, as the license file will be invalid.
Contact DirectAdmin to obtain a new license file. They will change the ip in the license.
Get the new license file:

cd /usr/local/directadmin/scripts
./getLicense.sh UID LID

Where UID and LID are your client ID and your license id.
Ensure the license downloaded properly by making sure the file contains no error messages.
Start DirectAdmin with the new license:

service directadmin restart

(The taskq may have already started it, thus the restart instead of just "start")

Download the ipswap.sh script from directadmin:

wget http://www.directadmin.com/ipswap.sh
chmod 755 ipswap.sh

Execute that script with the old and and the new ip. Example:

./ipswap.sh 1.2.3.4 4.3.2.1

where 1.2.3.4 is your old ip and 4.3.2.1 is the new ip.
This script can be run on any ip, so if you want to change all ips with new ones, just run this script for each old ip with the new ip. Just ensure that you match the new server ip with the old one.

Restart everything:

service httpd restart
service proftpd restart
service exim restart
service vm-pop3d restart
...

Make sure they are correctly binding to the new ports by testing them.

You'll need to update the users list cache so that you see the new results in the show users lists:

echo "action=cache&value=showallusers" >> /usr/local/directadmin/data/task.queue

That's it :)

**** Creating an Image ****

Install whatever additional services you want on the server (if you need up2date, this would be a good time)

Install a default copy of DirectAdmin on a server.
Be sure to install the customapache script.

Delete the license (doesn't really matter.. just so that nobody else gets a hold of it)

Create the image using whatever method you would like.

*** copy the image to the new server

Run the scripts you would normally run to setup the image properly.
Instead of manually changing the ip through DirectAdmin (as above), you can use the ipswap.sh script as decribed above to swap all instances of the IPs.

When you need to use the server, contact DirectAdmin, order a license using the new server's ip.
Once activated, use the getLicense.sh (see above) to download the license for this system.

Restart DirectAdmin and you should be up and running.

shukko·MIKROTIK ROUTER OS: DDOS: Send an attacked ip to TTNET BGP Blackhole Community… için yorumlar kapalı

Oncelikle en son yazimdan sonra is hayatimda pek cok yeni gelisme oldugunu yazayim.

Olan gelismelerden en onemlisi firmamin artik bir RIPE uyesi olmasi. Dolayisi ile kendime ait IP bloklarim ve bir AS numaram var 🙂

Butun bunlarin sebebide networkume yapilan saldirilarda Turk Telekomun sundugu BGP Blackhole Community hizmetinden faydalanabilmek.

Bu hizmetten faydalanabilmek icin kendi BGP anonslarimi kendim yapiyorum. Ve networkumde DDOS Saldirisi yiyen Ip adreslerini TTNET BGP Blackhole Communitye yonlendirerek networkun kalaninin huzur icinde calismaya devam etmesini sagliyorum.

Router olarak BGP anonslari icin Mikrotik Router OS kullandim.

Sistemin calismasi icin yapilan islemler su sekilde: ( Ip bloklari ve #AS numaralarini guvenlik nedeniyle Degistiriyorum)

1- http://wiki.mikrotik.com/wiki/BGP_Case_Studies_1 adresindeki Mikrotike nasil BGP kurulur makalesinden yola cikarak BGP tanimlamami yaptim

Enabling BGP

To enable BGP assuming only one BGP process will be present in the system, it is enough to do the following:

* modify configuration of the default BGP instance. In particular, change instance AS number to the desired ASN:

[admin@rb11] > /routing bgp instance set default as=100 redistribute-static=no
[admin@rb11] > /routing bgp instance print Flags: X - disabled
0 as=100 router-id=0.0.0.0 redistribute-static=no redistribute-connected=no
redistribute-rip=no redistribute-ospf=no redistribute-other-bgp=no
name="default" out-filter=""
[admin@rb11]>

Note, that, unless explicitly specified, BGP router ID is set as the highest IP address on the interface.

* add at least one BGP peer. Refer to the next section for more information on how to configure BGP peers.

BGP Peers

Two BGP routers have to establish TCP connection between each other to be considered as BGP peers. Since BGP requires a reliable transport for routing information, a TCP connection is essential for it to operate properly.

Once TCP connection is up, routers exchange some initial information such as the BGP router ID, the BGP version, the AS number and the Hold Time interval value in the OPEN message. After these values are communicated and agreed upon, the BGP session is established and the routers are ready to exchange routing information via BGP UPDATE messages.

To establish TCP connection to another BGP router, issue the following command:

[eugene@SM_BGP] > /routing bgp peer add remote-address=10.20.1.210 remote-as=65534
[eugene@SM_BGP] > /routing bgp peer print
Flags: X - disabled
0 instance=default remote-address=10.20.1.210 remote-as=65534 tcp-md5-key=""
multihop=no route-reflect=no hold-time=3m ttl=3 in-filter=""
out-filter=""

[eugene@SM_BGP]>

Issue the following command to verify the connection is established:

[eugene@SM_BGP] > /routing bgp peer print status
Flags: X - disabled
0 instance=default remote-address=10.20.1.210 remote-as=65534 tcp-md5-key=""
multihop=no route-reflect=no hold-time=3m ttl=3 in-filter=""
out-filter="" remote-id=10.20.1.210 uptime=1d1h43m16s
prefix-count=180000 remote-hold-time=3m used-hold-time=3m
used-keepalive-time=1m refresh-capability=yes state=established
[eugene@SM_BGP] >

2- BGP calisir hale geldikten sonra asagidaki olaylari gerceklestirdim.

In this scenario 91.99.16.5 and 91.99.16.33 Ips are under attack and needs to be send to ISP blackhole community – 9888:666

1- Add 91.99.16.0/21, 91.99.16.5/32 and 91.99.16.33 into Bgp Networks

[admin@Mikrotik] > /routing bgp network print
Flags: X - disabled, A - active
# NETWORK SYNCHRONIZE
0 A 91.99.16.0/21 no
1 A 91.99.16.5/32 no
2 A 91.99.16.33/32 no

2- After creating routing filters:


[[admin@Mikrotik] > /routing filter print
Flags: X - disabled
0 chain=to_MYISP prefix=91.99.16.5 invert-match=no action=accept set-bgp-communities=9888:666

1 chain=to_MYISP prefix=91.99.16.33 invert-match=no action=accept set-bgp-communities=9888:666

2 chain=to_MYISP prefix=91.99.16.0/21 invert-match=yes action=discard
3- final status of advertisements:

[admin@Mikrotik] > /routing bgp advertisements print
PREFIX NEXTHOP PEER AS-PATH ORIGIN LOCAL-PREF
91.99.16.0/21 212.111.222.130 MYISP igp
91.99.16.5/32 212.111.222.130 MYISP igp
91.99.16.33/32 212.111.222.130 MYISP igp