Cron Backup Database
mysqldump -uroot -p MyDatabase >/home/users/backup_MyDB/$(date +%F)_full_myDB.sql
Categories
Author: David Raleche
Twitter : https://twitter.com/DavidRaleche
Newsletter : Subscribe here
Store : https://david.raleche.com/shop
Syntax to block an IP address under Linux
iptables -A INPUT -s IP-ADDRESS -j DROP service iptables save
Categories
Command to find out Symfony version
composer show
symfony/symfony v3.3.2 The Symfony PHP framework
Categories
Php documentor
What is phpDocumentor?
phpDocumentor 2 is a tool that makes it possible to generate documentation directly from your PHP source code. With this you can provide your consumers with more information regarding the functionality embedded within your source and not just what is usable to them from your user interface.
Documentation generated by phpDocumentor 2 does not aim to be a replacement for conventional documentation but is rather supplemental, or reference, documentation.This proves to be useful in the following example situations:
- Sets of libraries or applications providing an API, such as phpDocumentor 2 itself
- Frameworks, such as Zend Framework or Symfony
- Pluggable architectures, such as WordPress or PyroCMS
- Long-running, complex projects, to help you find the right function or method for the job
Categories
PHP send email with GMAIL
STEP 1 – GMAIL
https://myaccount.google.com/lesssecureapps
STEP 2 – install PHP PEAR MAIL
PEAR LIBRARY – MAIL FUNCTION
– INSTALL process –
yum install php-pear.noarch
yum install php-pear-Mail.noarch
yum install php-pear-Mail-Mime.noarch
#STEP 3 – Amazon AWS Unblock ports
- 465
- 587
Categories
DDOS Attack
SOURCE : https://securityintelligence.com/defending-against-apache-web-server-ddos-attacks/
Service Protection for Apache
For one of the most popular Web servers, Apache, there are a few mitigation solutions available.
About ModSecurity
ModSecurity is an open-source Web application firewall. It allows real-time application security monitoring and access control. The different sets of protection rules allow you to inspect the HTTP traffic and reliably block unwanted traffic. It allows you to fix session management issues and block SQL injection attempts. Most importantly, it’s an open architecture, so you can enable only the features that you consider necessary.
One of the biggest strengths of ModSecurity is virtual patching. You are protected against application vulnerabilities for which you are not yet able to patch.
With ModSecurity, you can protect and harden your website against unwanted malicious traffic and reduce the size of the possible attack vector.
About mod_evasive
Another item that you can add to your protection arsenal is mod_evasive. It is a module for Apache that provides evasive action in the event of an HTTP DoS or DDoS attack or brute-force attack.
The module tracks HTTP connections and verifies how many requests for a page are done within a given time frame. If the number of concurrent requests exceeds a specified threshold then the request is blocked. This blocking is done on an application level. The requester gets a forbidden answer to the request.
The configuration and setup (on Ubuntu) is fairly easy. The module is available as a package:
sudo apt-get install libapache2-mod-evasive
You then have to create the log directory. (Note: Make sure the directory is owned by the Web user; in most cases, this is www-data.)
sudo mkdir /var/log/mod_evasive
Then enable the module for the Apache Web server.
sudo a2enmod evasive
The default configuration file /etc/apache2/mods-available/evasive.conf will get you very far. You might want to add your management and proxy networks to the DOSWhitelist setting so that you do not block your own network. Also make sure you change DOSEmailNotify to a working email address, otherwise you won’t get notifications from mod_evasive.
If you’re not sure about the correct configuration options, test your setup with a Perl script that’s part of the installed package. The script performs a number of concurrent HTTP queries, which should trigger the module.
perl /usr/share/doc/libapache2-mod-evasive/examples/test.pl
About Fail2ban
The third method for protecting your Web server is Fail2ban. Fail2ban scans log files and bans IPs that show malicious signs. It is most often used to block SSH knock attempts, but you can also use it to block repeated requests to your Web resources.
Fail2ban uses a list of regular expressions and checks these expressions against a set of log files. If there are matches that go beyond a certain threshold, then the source IP of the request is blocked. The IP is blocked on a network level.
Similar to mod_evasive, the installation on Ubuntu is easy.
sudo apt-get install fail2ban
After installing the package, you have to copy the default configuration file to a working configuration file.
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Add your own management and proxy networks to ignoreip and set a proper destemail email address for block notifications. I also advise you to set usedns to no.
Fail2ban uses jails to describe services that have to be protected. By default, Fail2ban enables the SSH jail. If you don’t want this, then disable the SSH jail. You can then add this apache-ddos jail to hold the custom configuration settings for protecting your Web server. Note that you can use pattern matching in the logpath (e.g., /var/log/apache*/*access.log).
This will start a jail with the filter apache-ddos. The filters are defined in /etc/fail2ban/filter.d/. Add the file apache-ddos.conf to this location.
The above code will block IPs that do repeated request for HEAD or IPs that do repeated POST requests to xmlrpc.php. If you are not sure about the exact configuration or regular expressions, then have a look at the provided examples (e.g., apache-badbots, apache-noscript, etc).
The list of blocked IPs can be viewed if you list the active firewall rules (iptables -L -n). You can remove a blocked IP with:
fail2ban-client set apache-ddos unbanip 1.2.3.4
The fail2ban-client command is a useful command-line utility to get the status of the current jails, reload configuration, add individual IPs to the jail or stop and restart the service.
Conclusion
DDoS attacks are very hard to fight, especially if you are facing a volumetric attack. There are a couple of solutions for Apache Web servers that can limit the harm done by excess traffic and application attacks. Some of these, such as ModSecurity, will filter malicious traffic, whereas other solutions will block traffic on a network level (Fail2ban) or application level (mod_evasive).
The key to all this is having multiple lines of defense and adjusting the configuration of the different solutions to work together and provide an integrated solution.
Add to httpd.conf
ExtendedStatus On
<Location /server-status>
SetHandler server-status
</Location>
Linux Malware Detect and ClamAV are two effective tools to easily scan for malware and viruses on a VPS server. In this article, we are going to install both programs on CentOS. These steps will work on both CentOS 6 and 7.
1. Install Linux Malware Detect
Install Linux Malware Detect from the official website. At the time of writing, the current version is maldetect-1.4.2.
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xvf maldetect-current.tar.gz
cd maldetect-1.4.2
./install.sh
Once the installation finishes, Linux Malware Detect will automatically create a daily cronjob task.
2. Configure Linux Malware Detect
All configuration settings of Linux Malware Detect are stored in the file /usr/local/maldetect/conf.maldet. Configure the following subset of options:
email_alert=1
email_addr=youremail@localhost
email_subj="Malware alerts for $HOSTNAME - $(date +%Y-%m-%d)"
quar_hits=1
quar_clean=1
clam_av=1
For the values below, 1=true and 0=false.
email_alert=1: If you want to receive notifications via email.email_addr=youremail@localhost: Enter your email address.email_subj="Malware alerts for $HOSTNAME - $(date +%Y-%m-%d)": Email subject of the notification.quar_hits=1: Move the malware to quarantine.quar_clean=1: Delete any malware detected.clamav_scan=1: Use ClamAV’s malware library to scan.
3. Install ClamAV
Installing ClamAV helps Linux Malware Detect to scan processes faster and more effectively. First, we need to install the EPEL repo:
yum install epel-release
Then, we install ClamAV with the following command:
yum update && yum install clamav
4. How To Use Linux Malware Detect
After finishing the installation process, you are able to use Linux Malware Detect to scan for malware.
To scan a folder, use this command:
maldet --scan-all /home/domain.com/public_html
If you only want to scan some specified file types (.php for example), you can use the following command:
maldet --scan-all /home/domain.com/public_html/*.php
To view a scanning report, use the following command. Replace 14715-1421.3219 with the scan ID.
maldet --report 14715-1421.3219
You can update Linux Malware Detect by running:
maldet -u
To delete all quarantined files:
rm -rf /usr/local/maldetect/quarantine/*
Categories
Mysqldump Unix commands
export all Databases
NOT A ROOT USER
mysqldump -uroot -p --all-databases > database-march24-2021.sql
mysqldump --all-databases -uuser -ppassword> database.sql
mysqldump --all-databases --skip-lock-tables -u user -p > Sept2018database.sql
Categories
Instanciate git new instance
git clone [email protected]/xxxxx.git