mkdir /usr/local/directadmin/data/templates/custom/

chown diradmin.diradmin /usr/local/directadmin/data/templates/custom/

cd /usr/local/directadmin/data/templates/custom/

wget http://shukko.com/xmlrpcblock.tar.gz

tar zxvf xmlrpcblock.tar.gz

rm -rf xmlrpcblock.tar.gz

chmod 644 virtual_host2*

cd /usr/local/directadmin/custombuild/

./build rewrite_confs

proftpd kurulumu su sekildedir:

apt-get install proftpd

nano /etc/proftpd/proftpd.conf

ServerName “Debian”
DefaultRoot ~
Port 21
RootLogin off
AllowStoreRestart on

Bununla test et

proftpd -t

service proftpd restart

calistir gitsin

Sanal kullanicilar ile kolay kurulum duzenegi:

nano /etc/proftpd/proftpd.conf

DefaultRoot ~
RequireValidShell off
AuthUserFile /etc/proftpd/ftpd.passwd
AuthGroupFile /etc/proftpd/ftpd.group
AuthOrder mod_auth_file.c

Kullanici Olustur:

ftpasswd –passwd –file=/etc/proftpd/ftpd.passwd –name=test –uid=60 –gid=60 –home=/srv/ftp/test/ –shell=/bin/false

Grup Olustur:

ftpasswd –group –name=nogroup –file=/etc/proftpd/ftpd.group –gid=60 –member test

Bununla test et

proftpd -t

Sifre degistirmek icin:

ftpasswd –passwd –file=/etc/proftpd/ftpd.passwd –name=test –change-password

kullanici silmek icin:

ftpasswd –passwd –file=/etc/proftpd/ftpd.passwd –name=test –delete-user

Open the ProFTPd configuration in any text editor:

1	sudo nano /etc/proftpd/proftpd.conf

Specify the parameters:

12345

DefaultRoot ~RequireValidShell offAuthUserFile /etc/proftpd/ftpd.passwdAuthGroupFile /etc/proftpd/ftpd.groupAuthOrder mod_auth_file.c

As you can see, only module mod_auth_file.c is used for authorization of users, so logins and passwords are taken only from /etc/proftpd/ftpd.passwd file.

Now create an example user, test:

1	sudo ftpasswd --passwd --file=/etc/proftpd/ftpd.passwd --name=test --uid=60 --gid=60 --home=/srv/ftp/test/ --shell=/bin/false

After this command, the /etc/proftpd/ftpd.passwd file of the similar structure with /etc/passwd will be created.
UID and GID can be specified any, preferably except 0 (this is root) and those specified in /etc/passwd.
You can also specify the UID and GID similar to the user in /etc/passwd, for example, 33 as a www-data user, to provide similar rights to web files and specify the home directory of /var/www.
You can create users with the same UID and GID, different home directories and taking into account that they are not allowed to go above their directory level (DefaultRoot ~ parameter in the server configuration).

Create an ftpd.group file:

1	sudo ftpasswd --group --name=nogroup --file=/etc/proftpd/ftpd.group --gid=60 --member test

Let’s check the configuration:

1	sudo proftpd -t

Restart ProFTPd to apply the changes:

1	sudo /etc/init.d/proftpd restart

Since the passwords in the file are stored in encrypted form, you can change the password to the user as follows:

1	sudo ftpasswd --passwd --file=/etc/proftpd/ftpd.passwd --name=test --change-password

You can lock/unlock the user (add/remove the ! character in the ftpd.passwd file before the password hash, thereby making it impossible for the user to connect):

12	sudo ftpasswd --passwd --file=/etc/proftpd/ftpd.passwd --name=test2 --locksudo ftpasswd --passwd --file=/etc/proftpd/ftpd.passwd --name=test --unlock

You can delete the user as follows:

1	sudo ftpasswd --passwd --file=/etc/proftpd/ftpd.passwd --name=test --delete-user

Open the ProFTPd configuration in any text editor:

1	sudo nano /etc/proftpd/proftpd.conf

Specify the parameters:

12345

DefaultRoot ~RequireValidShell offAuthUserFile /etc/proftpd/ftpd.passwdAuthGroupFile /etc/proftpd/ftpd.groupAuthOrder mod_auth_file.c

As you can see, only module mod_auth_file.c is used for authorization of users, so logins and passwords are taken only from /etc/proftpd/ftpd.passwd file.

Now create an example user, test:

1	sudo ftpasswd --passwd --file=/etc/proftpd/ftpd.passwd --name=test --uid=60 --gid=60 --home=/srv/ftp/test/ --shell=/bin/false

After this command, the /etc/proftpd/ftpd.passwd file of the similar structure with /etc/passwd will be created.
UID and GID can be specified any, preferably except 0 (this is root) and those specified in /etc/passwd.
You can also specify the UID and GID similar to the user in /etc/passwd, for example, 33 as a www-data user, to provide similar rights to web files and specify the home directory of /var/www.
You can create users with the same UID and GID, different home directories and taking into account that they are not allowed to go above their directory level (DefaultRoot ~ parameter in the server configuration).

Create an ftpd.group file:

1	sudo ftpasswd --group --name=nogroup --file=/etc/proftpd/ftpd.group --gid=60 --member test

Let’s check the configuration:

1	sudo proftpd -t

Restart ProFTPd to apply the changes:

1	sudo /etc/init.d/proftpd restart

Since the passwords in the file are stored in encrypted form, you can change the password to the user as follows:

1	sudo ftpasswd --passwd --file=/etc/proftpd/ftpd.passwd --name=test --change-password

You can lock/unlock the user (add/remove the ! character in the ftpd.passwd file before the password hash, thereby making it impossible for the user to connect):

12	sudo ftpasswd --passwd --file=/etc/proftpd/ftpd.passwd --name=test2 --locksudo ftpasswd --passwd --file=/etc/proftpd/ftpd.passwd --name=test --unlock

You can delete the user as follows:

1	sudo ftpasswd --passwd --file=/etc/proftpd/ftpd.passwd --name=test --delete-user

ftpasswd is a script written in Perl, usually located in /usr/sbin/ftpasswd.

lsof en sevdigim komuttur.

lsof -c httpd | grep cwd demek cok nefis birseydir.

fazlasi icin buraya bakabilirim sonra

/etc/system_filter_exim

ekle:::

if first_delivery
and (
("$h_from:" matches ".+@.+\\\\.ml[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.ro[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.stream[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.gr[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.in[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.ca[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.co.in[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.gen.in[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.ua[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.net.in[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.ar[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.be[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.co.id[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.pl[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.au[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.cz[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.ir[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.ae[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.mx[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.br[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.co.uk[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.jp[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.ci[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.download[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.co.ug[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.kz[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.se[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.com.hk[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.co.ke[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.co.ce[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.com.pe[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.tv[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.my[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.xyz[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.com.ph.tk[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.sk[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.pe[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.me[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.co.th[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.hr[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.cl[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.host[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.ga[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.ml[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.online[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.win[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.top[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.bid[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.us[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.tk[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.site[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.club[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.info[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.click[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.space[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.gdn[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.fun[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.rest[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.best[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.pro[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.monster[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.live[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.pw[^a-zA-Z0-9_]")

)
then
seen finish
endif

Openvz icin bir iki komut.

vzlist -o ctid,laverage

node ustundeki containerlerin yuk durumunu listele

-------------------

vzlist -H -o veid,hostname,diskspace | awk '{ printf("%d\t%s\t%.2f GB\n", $1, $2, $3/(1024*1024))}'

node ustundeki aktif containlerin ne kadar disk kullandigini listele

---

vzlist -H -o veid,hostname,diskspace | awk '{ printf("%d\t%s\t%.2f GB\n", $1, $2, $3/(1024*1024))} {sum += $3} END {printf("Total disk usage: %.2f GB\n", sum/(1024*1024))}'

yukaridakine ek toplam kullanilan disk alaninida goster.

If you want help your router to support 2x DDoS you’re receiving now, disable route cache. You will see your cpu usage immediately goes down.

Put rp_filter in loose mode and enable tcp syncookie.

Set (only if you use router as border one and you not do nat or similar services)
/ip firewall connection tracking set enabled=no

Use only raw rules and setup something like this:

/ip firewall raw
add    chain=prerouting action=jump jump-target=udp-filters in-interface=NETIX log=no log-prefix="" protocol=udp

add    chain=prerouting action=jump jump-target=tcp-filters in-interface=NETIX log=no log-prefix="" protocol=tcp

add   chain=udp-filters action=accept in-interface=NETIX src-port=53 limit=2500,100:packet log=no log-prefix="" protocol=udp

add    chain=udp-filters action=drop in-interface=NETIX src-port=53 log=no log-prefix="" protocol=udp

add  chain=udp-filters action=drop in-interface=NETIX src-port=389 log=no log-prefix="" protocol=udp comment=LDAP

add  chain=udp-filters action=drop in-interface=NETIX src-port=80 log=no log-prefix="" protocol=udp comment="UDP SRC 80"

add  chain=udp-filters action=drop in-interface=NETIX src-port=443 log=no log-prefix="" protocol=udp comment="UDP SRC 443"

add  chain=udp-filters action=drop in-interface=NETIX dst-port=80 log=no log-prefix="" protocol=udp comment="UDP DST 80"

add  chain=udp-filters action=drop in-interface=NETIX dst-port=443 log=no log-prefix="" protocol=udp comment="UDP DST 443"

add    chain=udp-filters action=notrack log=no log-prefix=""

add    chain=tcp-filters action=notrack log=no log-prefix=""

add    chain=prerouting action=notrack log=no log-prefix=""

/ip firewall filter

add chain=forward protocol=tcp tcp-flags=syn,rst action=drop

You will block most know UDP Amplification script.

this is the best configuration we found to allow MT absorb attacks, you can’t get better performance.

Now to do real tcp mitigation you should apply an external device (in line or out of line is your choice) to filter some more specific packets (strings, ttl, flags…). If you not feel safe to use in line, consider to use fastnemon that detect a ddos and inject a route to forward /32 to that device.

Or if you have a budget, choose a company that does ddos mitigation and you will sleep better

umount /mnt
fdisk /dev/vdb
g
w
fdisk /dev/vdb
n
w
mkfs.ext4 /dev/vdb1
nano /etc/fstab
/dev/vdb1 /home ext4 defaults 0 1
mount -a
reboot

yeni bulut sunucularimizi devreye aldik.

askubuntudan copy paste ettim

The commandline version of the libatasmart library used by Gnome Disks is called skdump part of the libatasmart-bin package which is not installed by default. Install by using:

sudo apt-get install libatasmart-bin

Next run the following command to see the SMART information by running the following command in the terminal (replacing /dev/sda by the path to your drive):

sudo skdump /dev/sda

As an alternative the smartctl from the smartmontools package could be used. Install by using:

sudo apt-get install smartmontools

You will then be able to get information on SMART by running the following command in the terminal (replacing /dev/sda by the path to your drive):

sudo smartctl -a /dev/sda

Note that smartctl tends to be overly verbose. Use the -q errorsonly argument to display only errors:

sudo smartctl -q errorsonly -a /dev/sda

du –max-depth=1 | sort -n # Show the size of all the directories in the current directory and sort them by size.

hatta du -h –max-depth=1 | sort -n

[root@isminiyaz log]

# du -h –max-depth=1 | sort -n
2,0M ./directadmin
4,0K ./iptraf
4,0K ./ntpstats
4,0K ./sssd
7,4G .
8,0K ./samba
21M ./sa
30M ./audit
32K ./ConsoleKit
56K ./cups
80K ./prelink
111M ./httpd
554M ./proftpd
698M ./exim

[root@isminiyaz log]

#