Admins eHow

July 23, 2014

How to block ongoing DDOS attack on Linux Server

Filed under: General — admin @ 10:44 am

DDOS attacks are one of hardest types of network attacks to encounter and stop. Usually the attacker uses many different IPs to request legitimate resources from your network to the point of exhaustion of your system resources and takes it down.
If you can somehow filter the IP addresses of the attacker on your system, then it is possible to block them in iptables easily and stop the attack.
In my case the attacker was attacking a website hosted on a dedicated IP address, so I was easily able to filter the attacker IP addresses by following command :

netstat -n | grep a.b.c.d | awk '{print $5}' | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' | sort | uniq

a.b.c.d : IP address of my server which the victim website was hosted on
You may do all kinds of filtering using grep and awk.
After I identified attacker IP addresses, blocking them was easy. first create a file named block and put it in /usr/bin with following contents :

iptables -I INPUT -s $1/32 -j DROP

make it executable :

chmod +x /usr/bin/block

then run the following command :

netstat -n | grep a.b.c.d | awk '{print $5}' | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' | sort | uniq | xargs -n1 block

It will automatically block all attacker IPs in server firewall.
You may run the command every 5-10 minutes until the attack stops completely.
The problem of this approach is that you may end up blocking some legitimate users mixed with attacker IPs, but it is still better than having your whole server down indefinitely.
Also after the attack stops, you can remove all firewall rules or simply reboot your server and everything will be good :)

Edit :
In fact you can turn this into a real one liner without creating block file :D, here it is :

netstat -n | grep a.b.c.d | awk '{print $5}' | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' | sort | uniq | xargs -n1 -I {} iptables -I INPUT -s {}/32 -j DROP

July 20, 2014

Send email alerts when HP Proliant RAID fails in Linux

Filed under: linux — Tags: , , , , , , , — admin @ 7:51 pm

As a minimalist person, I am not a fan of running heavy monitoring tools of HP on my server. so I have written a very small bash script to monitor my server RAID status and send me email alerts if it fails.
For this script to work, first you need to install hpacucli (HP Array Configuration Utility) on your server. you can download it from HP website for your Linux distribution.
The script is very easy to understand but you may need to tweak it a little bit to fit your server.
The heart is this line :

hpacucli ctrl slot=1 pd all show

which returns following on my server :

Smart Array P222 in Slot 1

   array A

      physicaldrive 2I:1:1 (port 2I:box 1:bay 1, SATA, 3 TB, OK)
      physicaldrive 2I:1:2 (port 2I:box 1:bay 2, SATA, 3 TB, OK)
      physicaldrive 2I:1:3 (port 2I:box 1:bay 3, SATA, 3 TB, OK)
      physicaldrive 2I:1:4 (port 2I:box 1:bay 4, SATA, 3 TB, OK)

but we only need lines 6-9 which are showing the drives status. It is where you may need to tweak it as you may have more or less drives.
So it may not be 6-9 for you and you may need to change 6,9 in sed command.
Here is the final script :

RESULT=`hpacucli ctrl slot=1 pd all show | sed -n '6,9 p' | grep -v OK`
if [ -n "$RESULT" ]; then
	echo "$RESULT" | mail -s 'Raid Error' "$MAIL"
	else echo "Raid is OK"

Dont forget to change MAIL variable to your own email address.
You may test the script once to make sure your server is able to send emails and you actually receive them.
Finally save the script in a file and put it in cronjob. I have chosen to run it every 12 hours :

0 */12 * * * /usr/bin/raidcheck

May 12, 2014

SPF Policy Tester & Syntax Validator

Filed under: dns — Tags: , , , , — admin @ 1:54 pm

This website is super useful for verifying and testing SPF records :

SPF Syntax Validator :
SPF Policy Tester :

May 11, 2014

How to enable mod_deflate on Apache 2.4

Filed under: Apache — Tags: , , , — admin @ 7:02 am

Well, I am writing this guide because enabling mod_deflate on Apache 2.4 has become more complex than enabling a single module like it was on Apache 2.2
Now you have to enable 3 modules in httpd.conf for mod_deflate to work properly :

LoadModule deflate_module modules/
LoadModule headers_module modules/
LoadModule filter_module modules/

Also you have to enable compression by this config :

AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
DeflateCompressionLevel 9

May 9, 2014

Auto update Atomicorp mod_security rules script

Filed under: cPanel,linux — Tags: , , , , — admin @ 6:31 pm

Here is a very simple script, I have written for my own use to auto update mod_security rules from Atomicorp server. You can use cronjobs to automate the process.
Dont forget to put your Atomicorp subscription username and password in the script.



VER=`wget -q --user=$USER --password=$PASS -O - | grep MODSEC_VERSION | sed -r 's/^.{15}//'`
wget -q --user=$USER --password=$PASS$FILE_NAME -O - | tar jxf - -C $DIR
/etc/init.d/httpd -k graceful

In this case, the script will install the rules in /var/cpanel/modsec directory and reload the server gracefully.
Apparently you should have the following in your modsec2.user.conf

Include "/var/cpanel/modsec/000000_asl_modreqtimeout.conf"
Include "/var/cpanel/modsec/00_asl_0_global.conf"
Include "/var/cpanel/modsec/00_asl_rbl.conf"
Include "/var/cpanel/modsec/00_asl_z_antievasion.conf"
Include "/var/cpanel/modsec/00_asl_zz_strict.conf"
Include "/var/cpanel/modsec/01_asl_content.conf"
Include "/var/cpanel/modsec/01_asl_rules_special.conf"
Include "/var/cpanel/modsec/03_asl_dos.conf"
Include "/var/cpanel/modsec/05_asl_exclude.conf"
Include "/var/cpanel/modsec/05_asl_scanner.conf"
Include "/var/cpanel/modsec/09_asl_rules.conf"
Include "/var/cpanel/modsec/09_asl_rules_antievasion.conf"
Include "/var/cpanel/modsec/10_asl_antimalware.conf"
Include "/var/cpanel/modsec/10_asl_antimalware_output.conf"
Include "/var/cpanel/modsec/10_asl_rules.conf"
Include "/var/cpanel/modsec/11_asl_adv_rules.conf"
Include "/var/cpanel/modsec/11_asl_data_loss.conf"
Include "/var/cpanel/modsec/11_asl_rules.conf"
Include "/var/cpanel/modsec/12_asl_brute.conf"
Include "/var/cpanel/modsec/20_asl_useragents.conf"
Include "/var/cpanel/modsec/30_asl_antimalware.conf"
Include "/var/cpanel/modsec/30_asl_antispam.conf"
Include "/var/cpanel/modsec/30_asl_antispam_referrer.conf"
Include "/var/cpanel/modsec/31_asl_urispam.conf"
Include "/var/cpanel/modsec/40_asl_apache2-rules.conf"
Include "/var/cpanel/modsec/50_asl_rootkits.conf"
Include "/var/cpanel/modsec/51_asl_rootkits.conf"
Include "/var/cpanel/modsec/60_asl_recons.conf"
Include "/var/cpanel/modsec/61_asl_recons_dlp.conf"
Include "/var/cpanel/modsec/98_asl_adv_redactor.conf"
Include "/var/cpanel/modsec/98_asl_jitp.conf"
Include "/var/cpanel/modsec/99_asl_a_redactor.conf"
Include "/var/cpanel/modsec/99_asl_exclude.conf"
Include "/var/cpanel/modsec/99_asl_jitp.conf"
Include "/var/cpanel/modsec/99_asl_redactor.conf"
Include "/var/cpanel/modsec/99_asl_redactor_post.conf"

March 29, 2014

How to return your Google Play Edition HTC One to stock Sense

Filed under: Android — Tags: , , , , , , , , — admin @ 10:41 am

I have a HTC One (m7u) which originally came with HTC Sense OS, As I am a fan of stock android, I had it converted to a Google Play Edition HTC One when it was released.
Recently I noticed a purple tint in low light pictures taken by my HTC One, I did some research and I found out it is a hardware issue and camera should be replaced by HTC. I still had warranty but as I had done extensive modifications to my phone, it was possible that HTC refuses to repair it under warranty. so I decided to revert it back to stock sense and it took me around 12 hours to figure out how to do this properly. so I am writing this guide to help others who may have the same issues.
HTC One is one of the most complex devices I’ve ever worked with when you want to tweak it. It comes with a locked boot-loader which you need to unlock with a cryptographic key obtained from HTC. other than that , it has a security lock which you can turn on or off (known by s-on & s-off). I will not go into great details of these features as there are a lot of resources about them on Internet.
Lets get to reverting back your HTC One to stock ROM. My assumption is that you have a phone with unlocked bootloader and s-off and a non-stock ROM on it (Google Play Edition in my case).
Before we get to flashing things into your phone, you should check your current phone mid (model id) and cid (custom id). there is a chance that the custom ROM which you have flashed into your phone has changed your phone mid and cid and stock ROM will not install on your phone unless you revert them back into original values.
In order to check your phone mid and cid, reboot your phone into boot-loader mode by adb with following command (I assume you know how to work with adb and fastboot, if you dont just google for it and learn it) :

adb reboot bootloader

after phone is in bootloader mode, issue the following command :

fastboot getvar all

here is the output for me :

(bootloader) version: 0.5
(bootloader) version-bootloader: 1.54.0000
(bootloader) version-baseband: 4T.21.3218.21
(bootloader) version-cpld: None
(bootloader) version-microp: None
(bootloader) version-main: 3.62.1700.1
(bootloader) version-misc: PVT SHIP S-OFF
(bootloader) serialno: XXXX
(bootloader) imei: XXXX
(bootloader) meid: 00000000000000
(bootloader) product: m7_u
(bootloader) platform: HBOOT-8064
(bootloader) modelid: PN0712000
(bootloader) cidnum: GOOGL001
(bootloader) battery-status: good
(bootloader) battery-voltage: 4338mV
(bootloader) partition-layout: Generic
(bootloader) security: off
(bootloader) build-mode: SHIP
(bootloader) boot-mode: FASTBOOT
(bootloader) commitno-bootloader: dirty-0e82187e
(bootloader) hbootpreupdate: 11
(bootloader) gencheckpt: 0

These are important information :

(bootloader) version-bootloader: 1.54.0000 : bootloader is 1.54 , so it will not work with revone tool to lock the bootloader again. we need bootloader 1.44 to Lock it completely.
(bootloader) product: m7_u : the phone variation is m7u (GSM Only) and not m7ul (GSM & LTE). it is important when you want to choose the stock ROM.
(bootloader) modelid: PN0712000 : PN0712000 is Google Play Edition model which is different from my phone stock. I need to revert it back to original before I can flash the stock ROM.
(bootloader) cidnum: GOOGL001 : GOOGL001 is Google Play Edition custom id which is different from my phone stock. I need to revert it back to original before I can flash the stock ROM.
(bootloader) security: off : my phone is in s-off state. I need to make it s-on.

Now we have to change modelid and cid to original values. you can find your phone modelid on the back of your phone. it starts with PN so it is easy to find and there are only a few possible values based on the region of the phone.
There are 3 ways to change modelid of your phone :
1.Flashing an Engineering bootloader on your phone and changing modelid through fastboot commands (NOT RECOMMENDED)
2.Change modelid through adb, explained here :
3.Change modelid through TWRP/CWM recovery, explained here :

After changing the modelid reboot into bootloader and confirm it has been changed properly.
Fortunately changing cid is much easier and can be done through a single command in boot-loader mode (change YOURCID to your stock cid value) :

fastboot oem writecid YOURCID

Note : CID is also dependent on the region and your phone carrier, if you dont know your stock cid, your best bet is to search on forums like xda-developers where many users around the world have shared their modelid and cid and carrier names.
After changing the cid reboot into bootloader and confirm it has been changed properly.
Now that we have proper mid and cid, we can relock bootloader and flash stock ROM. in order to relock bootloader issue the following command while you are in bootloader mode :

fastboot oem lock

Note : Please note your boot-loader has changed into RELOCKED state which shows you had voided your warranty ! we will fix it later using revone tool.
You can find the proper ROM for your htc one on this website :
the ruu zip is pretty large and is approximately 1GB. download the ruu zip for your device and place it inside your adb folder and rename it to
reboot into HTC RUU mode (Rom Update Utility) while you are in boot-loader mode :

fastboot oem rebootRUU

You can recognize the RUU mode by a black screen and a silver htc logo in center.
After you are in RUU mode issue the following command TWICE :

fastboot flash zip

It is important to issue the command twice because first time it updates the bootloader and reboots into RUU mode again ready for ROM to be flashed.
If you have done every step correctly , your stock ROM should be flashed into your device now and you can see the progress on screen.
When flashing is over and you get a success message , it is time to reboot the device :

fastboot reboot

Your phone should boot into stock ROM now. it may take a while as this is like the first boot of the phone. but there is still two steps to be done :
1. Locking bootloader (it is in Relocked state now)
2. Turning Security ON (S-ON)
In order to Lock the bootloader like original we will use a tool called revone.
Please read this guide on how to use revone to Lock your bootloader :
Note 1 : Revone will not work on hboot 1.54 or above, if by any chance you have boot-loader 1.54 or higher, you need to downgrade your hboot to version 1.44.
Note 2 : You may need to run revone more than once to work. for me personally it took two tries to get a success message.
After you got a success massage from revone , reboot back into bootloader and make sure your bootloader is in Locked state.
The last step is to turn the security on, it is very easy, just run the following command in bootloader :

fastboot oem writesecureflag 3

Now your device is 100% back to stock and you can return it for warranty :) just reboot the phone and install all the official OTA updates.

November 6, 2013

Installing rtorrent+rutorrent on Debian 7 Wheezy

Filed under: General — admin @ 4:00 am

Here is a simple guide on how to install rtorrent/rutorrent on Debian 7 Wheezy , It may also work on Ubuntu and other Debian based Linux distros.

Install prerequisite packages :

apt-get install gcc pkg-config libssl-dev g++ make libncurses5-dev libsigc++-2.0-dev libcurl4-openssl-dev subversion screen nano

Install XMLRPC-C , it is required for rutorrent communication with rtorrent :

svn co xmlrpc-c
cd xmlrpc-c
make install

Install LibTorrent required by rtorrent :

tar zxvf libtorrent-0.13.3.tar.gz
cd libtorrent-0.13.3
make install

Install rtorrent client :

tar zxvf rtorrent-0.9.3.tar.gz
cd rtorrent-0.9.3
./configure --with-xmlrpc-c
make install

Now, we have to make a user for rtorrent and configure it :

useradd user1
mkdir -p /home/user1/rtorrent
mkdir -p /home/user1/rtorrent/.session
mkdir -p /home/user1/rtorrent/download
chown -R user1:user1 /home/user1

Copy rtorrent sample config from rtorrent source directory to user1 home directory :

cp rtorrent-0.9.3/doc/rtorrent.rc /home/user1/.rtorrent.rc

Now you can customize the configuration :

nano /home/user1/.rtorrent.rc

But what you need to customize are following options :

directory = /home/user1/rtorrent/download
session = /home/user1/rtorrent/.session
scgi_port = localhost:5000

It is time to run rtorrent, This command runs rtorrent as user1 :

su - user1 -c 'screen -fa -d -m rtorrent'

Now we can install Apache + php5 which is required by rutorrent :

apt-get install libapache2-mod-php5

Enable auth_digest module which is required for rutorrent authentication :

a2enmod auth_digest

Install rutorrent+pluins :

tar zxvf rutorrent-3.6.tar.gz
mv rutorrent /var/www

tar zxvf plugins-3.6.tar.gz
mv plugins /var/www/rutorrent/

Tip : The only plugin which you need is httprpc. you can disable or delete all the rest.

Configure user1 on rutorrent :

mkdir -p /var/www/rutorrent/conf/users/user1
cp /var/www/rutorrent/conf/config.php /var/www/rutorrent/conf/users/user1
nano /var/www/rutorrent/conf/users/user1/config.php

Make sure $scgi_port in config.php matches scgi_port in rtorrent config file :

$scgi_port = 5000;

For rutorrent web authentication create .htaccess file in rutorrent directory :

nano /var/www/rutorrent/.htaccess

Copy and paste the following inside .htaccess :

AuthName "Restricted Area"
AuthType Basic
AuthUserFile /etc/.htpasswd
AuthGroupFile /dev/null
require valid-user

Create password file for Apache :

htdigest -c /etc/.htpasswd "Restricted Area" user1

Now we need to configure Apache to allow .htaccess override :

nano /etc/apache2/sites-enabled/000-default

Change :

<Directory /var/www/>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Order allow,deny
    allow from all

To :

<Directory /var/www/>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    Order allow,deny
    allow from all

And finally restart apache :

/etc/init.d/apache2 restart

Now you should be able to access your rtorrent/rutorrent on this address : http://IP_SERVER/rutorrent

October 24, 2012

The proper way to benchmark disk write performance in Linux

Filed under: CentOS,Debian,linux — Tags: , , , , — admin @ 7:46 am
dd bs=1M count=512 if=/dev/zero of=test conv=fdatasync

The result is something like this :
512+0 records in
512+0 records out
536870912 bytes (537 MB) copied, 1.43334 s, 375 MB/s

October 14, 2012

How to enable AHCI support for Windows on an iMac, MacBook or etc

Filed under: Apple — Tags: , , , , , , — admin @ 9:18 am

Apple does all the dirty tricks to show the iSheeps that Apple is a superior brand and provides superior performance compared to competition, the last one I found is that it disables AHCI support for Windows on its hardware. By disabling AHCI (which you have already paid for it and Apple hardware has this feature) it forces Windows to use ATA controller disk drivers which is considerably slower than AHCI and has less features. for example you wont have TRIM support on your SSD disk on your Windows.
By doing so, Apple gives you this feeling that Windows is slower than Mac OSX on the same hardware.
Hopefully there is a workaround for this fraud of Apple. You will need to modify the Master Boot Record of your Windows drive.
This workaround only works for Macs with Intel disk controllers. If you have Nvidia chipset, it will not work for you. You may confirm it in device manager of Windows.
First step is to make sure windows tries to load AHCI drivers after AHCI is enabled in boot loader. if you miss this step you will get a BSOD on booting windows and you will need to restore old MBR for windows too boot up.
Open your Windows registry editor and make sure “Start” Value in the following keys are set to 0.


Also we need the modified MBR which you can download from here : patchedcode.bin
Put the patchedcode.bin on a USB stick which we can use later.
OK, We are done in Windows. Now we need to boot using a Linux Live CD or MacOSX Install Disk. both will work.
Put the bootable CD or USB stick into your computer and reboot.
When you hear the boot sound (the white screen appears) hold down the option (alt) key. you should get the option to boot from CD or USB stick.
Boot from CD or USB stick and Open a Terminal Window.
First lets get a backup from current MBR so in case of any problems we can roll back to it.
Also please note I am assuming your windows disk is /dev/disk0. if yours is different you may need to change it.
Put in your USB stick, change directory to it and run the following command :

dd if=/dev/disk0 of=backup.bin bs=512 count=1

it will make a backup from your MBR to backup.bin
now it is time to write the new MBR to disk :

diskutil umountdisk /dev/disk0
dd if=patchedcode.bin of=/dev/disk0 bs=440 count=1

All done ! now reboot into windows :

shutdown -r now

In Windows you should see windows installs the new AHCI drivers. also you may check that by looking into device manager.
Also I recommend you to download and install “Intel Matrix Storage Manager” to update your AHCI drivers to intel’s ones.
If anything goes wrong, you can revert back to old MBR by following commands in Terminal :

diskutil umountdisk /dev/disk0
dd if=backup.bin of=/dev/disk0 bs=440 count=1

October 12, 2012

How to install transmission 2.71 on Debian 6.0 Squeeze

Filed under: General — admin @ 6:41 am

Installing transmission 2.71 on Debian 6 is a little tricky and is not as straight forward as installing by apt-get.
Here is how you can do it.

First you need to manually install libevent 2.0 :

apt-get install make gcc
tar zxvf libevent-2.0.20-stable.tar.gz 
cd libevent-2.0.20-stable
make install

then some prerequisite packages for later installation :

apt-get install libssl-dev pkg-config libcurl4-openssl-dev intltool tar bzip2

now it is time to download and configure transmission :

tar jxvf transmission-2.71.tar.bz2
cd transmission-2.71
./configure --enable-lightweight --enable-daemon

now if you try to compile (make) the package you will get the following error :

tr-utp.c:65: error: conflicting types for ‘UTP_Write’
../third-party/libutp/utp.h:116: note: previous declaration of ‘UTP_Write’ was here
make[1]: *** [tr-utp.o] Error 1
make[1]: Leaving directory `/root/transmission-2.71/libtransmission’
make: *** [all-recursive] Error 1

in order to fix this error open this file in transmission directory :

nano ./third-party/libutp/utypes.h

and comment following lines :

// #ifndef __cplusplus
// typedef uint8 bool;
// #endif

and add following line just after above lines :

#ifndef __cplusplus
#include <stdbool.h>
typedef uint8 bool;

save file and exit. return to transmission root directory and make and install.

make install
Older Posts »

Powered by WordPress