Hack The Sec-Leading Resource Of Linux Tutorial: Apache

How to install WordPress + Apache, MariaDB, and HHVM in Ubuntu 16.04

<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: center;">
Install WordPress + Apache, MariaDB, and HHVM</div>
<div style="text-align: center;">
 </div>
HHVM is an open-source virtual machine designed for executing programs written in Hack and PHP. HHVM uses a just-in-time (JIT) compilation approach to achieve superior performance while maintaining the development flexibility that PHP provides.<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitNgLJYg2iWU3g4-YgY8YJrBJP_X07_UM07SmfUOfOzuj7x0yFPnU2ys4F2kv5vwUjylPvxW6f2jTaipCANjL0IuNJfvOWhMTy7aG1chK8UuO33UG9EUFHavWdk2oLM6CI_4pbbctjG_kK/s1600/WikipediaHHVM650.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitNgLJYg2iWU3g4-YgY8YJrBJP_X07_UM07SmfUOfOzuj7x0yFPnU2ys4F2kv5vwUjylPvxW6f2jTaipCANjL0IuNJfvOWhMTy7aG1chK8UuO33UG9EUFHavWdk2oLM6CI_4pbbctjG_kK/s1600/WikipediaHHVM650.jpg" /></a> 
 
HHVM supports Hack, PHP 5 and the major features of PHP 7. We are aware of minor incompatibilities, so please open issues when you find them. HHVM also supports many extensions as well. 
 
Installation Steps : - 
 
*Install Apache Web Server 
*Install and Configure MariaDB 
*Install and Configure HHVM 
*Setup WordPress 
 
*Configure WordPress 
 
Install Apache: 
 
Apache package is available from Ubuntu repository, so you can easily install it with apt command. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">sudo apt-get update
sudo apt-get install -y apache2 unzip</pre>
Once the installation is complete, start the Apache service. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">sudo systemctl start apache2</pre>
Verify whether Apache service is running. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">sudo systemctl status apache2

● apache2.service - LSB: Apache2 web server
   Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled)
  Drop-In: /lib/systemd/system/apache2.service.d
           └─apache2-systemd.conf
   Active: active (running) since Sun 2016-10-09 23:14:39 IST; 34s ago
     Docs: man:systemd-sysv-generator(8)
   CGroup: /system.slice/apache2.service
           ├─2429 /usr/sbin/apache2 -k start
           ├─2432 /usr/sbin/apache2 -k start
           └─2433 /usr/sbin/apache2 -k start

Oct 09 23:14:37 server systemd[1]: Starting LSB: Apache2 web server...
Oct 09 23:14:37 server apache2[2405]: * Starting Apache httpd web server apache2
Oct 09 23:14:39 server apache2[2405]: *
Oct 09 23:14:39 server systemd[1]: Started LSB: Apache2 web server.
Oct 09 23:15:12 server systemd[1]: Started LSB: Apache2 web server.</pre>
Now test the Apache with your web browser. 
<div style="clear: both; margin: 10px 0;">
<center>
<script async="" src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>

<ins class="adsbygoogle" data-ad-client="ca-pub-5744890361111211" data-ad-slot="1658755283" style="display: inline-block; height: 15px; width: 728px;"></ins></center>
</div>
http://your-ip-add-ress/ 
 
 
You should get the following "Apache2 Ubuntu Default Page" page confirms the Apache is up and ready to serve web pages. 
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJfb9Rt1jnDEoehcl0_m0PO-WmiYRXNHNbyzJ8R-3b8y8s0RHYpebHz5uO9luvuOvXQHZiK6wBR_uVG1VqguC0CkXmJ3ZyeyfNhGeCno6qVznm1O75YO7LZQepdwXJrY8wE_oUPfgvTXCX/s1600/Install-Wordpress-Apache-MariaDB-and-HHVM-in-Ubuntu-16.04-Apache-Default-Page.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJfb9Rt1jnDEoehcl0_m0PO-WmiYRXNHNbyzJ8R-3b8y8s0RHYpebHz5uO9luvuOvXQHZiK6wBR_uVG1VqguC0CkXmJ3ZyeyfNhGeCno6qVznm1O75YO7LZQepdwXJrY8wE_oUPfgvTXCX/s1600/Install-Wordpress-Apache-MariaDB-and-HHVM-in-Ubuntu-16.04-Apache-Default-Page.png" /></a></div>
 
Install and Configure MariaDB: 
 
We will use MariaDB instead of MySQL database. MariaDB is a fork of MySQL developed by MariaDB Foundation, led by Michael "Monty"Widenius. 
<div style="clear: both; margin: 10px 0;">
<center>
<script async="" src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>

<ins class="adsbygoogle" data-ad-client="ca-pub-5744890361111211" data-ad-slot="1658755283" style="display: inline-block; height: 15px; width: 728px;"></ins></center>
</div>
MariaDB is available in Ubuntu base repository. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">sudo apt-get install -y mariadb-client mariadb-server</pre>
Start MariaDB service. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">sudo systemctl start mysql</pre>
 
Verify MariaDB is running as expected. 
<div>
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); clear: none !important; color: white; font-size: 13px; margin-bottom: 10px !important; margin-top: 10px !important; outline: 0px; overflow: auto; padding: 10px !important; vertical-align: baseline; width: auto !important; word-break: break-all;">sudo systemctl status mysql

● mysql.service - LSB: Start and stop the mysql database server daemon
   Loaded: loaded (/etc/init.d/mysql; bad; vendor preset: enabled)
   Active: active (running) since Sun 2016-10-09 23:22:23 IST; 43s ago
     Docs: man:systemd-sysv-generator(8)
   CGroup: /system.slice/mysql.service
           ├─4428 /bin/bash /usr/bin/mysqld_safe
           ├─4429 logger -p daemon err -t /etc/init.d/mysql -i
           ├─4573 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --user=mysql --skip-log-error --pid-file=/var/run/mysqld/m
           └─4574 logger -t mysqld -p daemon error

Oct 09 23:22:24 server /etc/mysql/debian-start[4625]: Phase 1/6: Checking and upgrading mysql database
Oct 09 23:22:24 server /etc/mysql/debian-start[4625]: Processing databases
Oct 09 23:22:24 server /etc/mysql/debian-start[4625]: mysql
Oct 09 23:22:24 server /etc/mysql/debian-start[4625]: mysql.column_stats OK
Oct 09 23:22:24 server /etc/mysql/debian-start[4625]: mysql.columns_priv OK
Oct 09 23:22:24 server /etc/mysql/debian-start[4625]: mysql.db OK
Oct 09 23:22:24 server /etc/mysql/debian-start[4625]: mysql.event OK
Oct 09 23:22:24 server /etc/mysql/debian-start[4625]: mysql.func OK
Oct 09 23:22:24 server /etc/mysql/debian-start[4625]: mysql.gtid_slave_pos OK
Oct 09 23:22:24 server /etc/mysql/debian-start[4664]: Triggering myisam-recover for all MyISAM tables and aria-recover for all Aria tables</pre>
</div>
Login with the root and create a database for our WordPress installation. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); clear: none !important; margin-bottom: 10px !important; margin-top: 10px !important; outline: 0px; overflow: auto; padding: 10px !important; vertical-align: baseline; width: auto !important; word-break: break-all;">sudo mysql -u root -p
create database testdb;
grant all privileges on testdb.* to wpdbuser@localhost identified by 'wp@123';
flush privileges;
quit
</pre>
Install and Configure HHVM: 
 
Let’s add HHVM repository to your system. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); clear: none !important; margin-bottom: 10px !important; margin-top: 10px !important; outline: 0px; overflow: auto; padding: 10px !important; vertical-align: baseline; width: auto !important; word-break: break-all;">sudo apt-get install -y software-properties-common
sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0x5a16e7281be7a449 
sudo add-apt-repository "deb http://dl.hhvm.com/ubuntu $(lsb_release -sc) main"</pre>
Update the Ubuntu repositories and Install HHVM 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); clear: none !important; margin-bottom: 10px !important; margin-top: 10px !important; outline: 0px; overflow: auto; padding: 10px !important; vertical-align: baseline; width: auto !important; word-break: break-all;">sudo apt-get update
sudo apt-get install -y hhvm
</pre>
Once the installation is complete, configure Apache web server to use HHVM. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); clear: none !important; margin-bottom: 10px !important; margin-top: 10px !important; outline: 0px; overflow: auto; padding: 10px !important; vertical-align: baseline; width: auto !important; word-break: break-all;">sudo /usr/share/hhvm/install_fastcgi.sh</pre>
Run below command to start HHVM automatically on system boot up. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); clear: none !important; margin-bottom: 10px !important; margin-top: 10px !important; outline: 0px; overflow: auto; padding: 10px !important; vertical-align: baseline; width: auto !important; word-break: break-all;">sudo update-rc.d hhvm defaults</pre>
Here, We’ll use HHVM as a PHP alternative. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); clear: none !important; margin-bottom: 10px !important; margin-top: 10px !important; outline: 0px; overflow: auto; padding: 10px !important; vertical-align: baseline; width: auto !important; word-break: break-all;">sudo /usr/bin/update-alternatives --install /usr/bin/php php /usr/bin/hhvm 60</pre>
Now start HHVM service. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); clear: none !important; margin-bottom: 10px !important; margin-top: 10px !important; outline: 0px; overflow: auto; padding: 10px !important; vertical-align: baseline; width: auto !important; word-break: break-all;">sudo systemctl start hhvm</pre>
Verify the php version. You should get the similar output like below. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); clear: none !important; margin-bottom: 10px !important; margin-top: 10px !important; outline: 0px; overflow: auto; padding: 10px !important; vertical-align: baseline; width: auto !important; word-break: break-all;">$ php -v

HipHop VM 3.15.1 (rel)
Compiler: tags/HHVM-3.15.1-0-g87901df9ba74204dda149af0cfbbb016d85df67e
Repo schema: 426da75d3ec1fb57c98ed95ba8f0ca26a3605b82</pre>
Setup WordPress: 
<div style="clear: both; margin: 10px 0;">
<center>
<script async="" src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>

<ins class="adsbygoogle" data-ad-client="ca-pub-5744890361111211" data-ad-slot="1658755283" style="display: inline-block; height: 15px; width: 728px;"></ins></center>
</div>
Download WordPress archive and extract it. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); clear: none !important; margin-bottom: 10px !important; margin-top: 10px !important; outline: 0px; overflow: auto; padding: 10px !important; vertical-align: baseline; width: auto !important; word-break: break-all;">cd /tmp
wget https://wordpress.org/latest.zip
unzip latest.zip
sudo mv wordpress/* /var/www/html/
sudo chown -R www-data:www-data /var/www/html/
</pre>
Configure Apache to take any file that ends in .hh or .php and sent it to HHVM via FasrCGI 
 
Edit the following file to enable the said feature. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); clear: none !important; margin-bottom: 10px !important; margin-top: 10px !important; outline: 0px; overflow: auto; padding: 10px !important; vertical-align: baseline; width: auto !important; word-break: break-all;">sudo vi /etc/apache2/mods-enabled/hhvm_proxy_fcgi.conf
ProxyPassMatch ^/(.+\.(hh|php)(/.*)?)$ fcgi://127.0.0.1:9000/var/www/html/$1
sudo systemctl restart apache2
sudo systemctl restart hhvm
</pre>
Configure WordPress: 
 
Now try to access the WordPress installation through a web browser. 
 
http://your-ip-add-ress/ 
 
 
You should now see the WordPress installation wizard. 
 
 
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgji9-_GNjHuSgyYSC6tEQYFvF4PRinxKk3rfqV1VfJz8y66Ilc0ORStVU0ZU4zwhnYnDar1ovr5RWqT37dWw28NxePmd130qjpn90P79H9hOatsxBAjti5bs-OB5Su4egrKFV5g8wBF21_/s1600/Install-WordPress-with-Nginx-MariaDB-and-HHVM-in-Ubuntu-16.04-WordPress-Setup.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgji9-_GNjHuSgyYSC6tEQYFvF4PRinxKk3rfqV1VfJz8y66Ilc0ORStVU0ZU4zwhnYnDar1ovr5RWqT37dWw28NxePmd130qjpn90P79H9hOatsxBAjti5bs-OB5Su4egrKFV5g8wBF21_/s1600/Install-WordPress-with-Nginx-MariaDB-and-HHVM-in-Ubuntu-16.04-WordPress-Setup.png" /></a></div>
Follow the wizard and set up the WordPress. 
 
Enter the database connection details. 
Enter the blog information including admin user and password. 
 
 
After the successful completion of setting up, you could be able to access the WordPress blog home page. 
 
 
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkwZzFNqPnXPTCMN5tMpedkHAUIXNNzGWP6yQixCzsupaYAULPu8IAFbnoyKukN3e5z9t-FMa0hzC4dxjjNAtpN_x_ZucHkcogEuvk5A0gyNiT_bEZaOgb8JZEflZ3n0oFEYFfV6KdG6b3/s1600/WordPress-with-Nginx-MariaDB-and-HHVM-in-Ubuntu-16.04-WordPress.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkwZzFNqPnXPTCMN5tMpedkHAUIXNNzGWP6yQixCzsupaYAULPu8IAFbnoyKukN3e5z9t-FMa0hzC4dxjjNAtpN_x_ZucHkcogEuvk5A0gyNiT_bEZaOgb8JZEflZ3n0oFEYFfV6KdG6b3/s1600/WordPress-with-Nginx-MariaDB-and-HHVM-in-Ubuntu-16.04-WordPress.png" /></a></div>
That's all thanks for watching ....</div>

How to install WordPress + Apache, MariaDB, and HHVM in Ubuntu 16.04

Install WordPress + Apache, MariaDB, and HHVM HHVM is an open-source virtual machine designed for executing programs written in Hack and PHP. HHVM uses a just-in-time (JIT) compilation approach to ac…

28 Nov 2016

How to install Centos Web Panel(CWP)

<div dir="ltr" style="text-align: left;" trbidi="on">
Install Centos Web Panel(CWP) 
 
<a href="http://www.hackthesec.co.in/search/label/Centos">CentOS</a> Web Panel – a Free Web Hosting control panel designed for quick and easy management of (Dedicated & VPS) servers minus the chore and effort to use ssh console for every time you want to do something, offers a huge number of options and features for server management in its control panel package. 
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8p7vt6DmQ-Xjn6bu3wt_SITsKjoA8fjzTQEqIbJ-6LO1963pmWpQBZAMYmqPgu0IRiLaZlR-dSscr76avLic-Q81y9wm_FXWRqWAXGT5RdHUoV1Bwzvplwgoftde1D1kiHa1Q0voIGTol/s1600/cwp_logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8p7vt6DmQ-Xjn6bu3wt_SITsKjoA8fjzTQEqIbJ-6LO1963pmWpQBZAMYmqPgu0IRiLaZlR-dSscr76avLic-Q81y9wm_FXWRqWAXGT5RdHUoV1Bwzvplwgoftde1D1kiHa1Q0voIGTol/s1600/cwp_logo.png" /></a></div>
 
System Requirements 
 
Make sure that you complete the following tasks before you start the installation process: 
 
1. Setup Hostname 
This hostname cannot be the same as any domain that is on your server (for example, if example.com is a domain on your server, use hostname.example.com as your fully qualified hostname). 
 
You can use the following command for hostname setup eg. srv1.hackthesec.co.in 
 
hostname srv1.example.com 
2. Setup Server IP addresses 
Define additional IP address, subnet address, and default gateway IP address for your server — your service provider can provide you with this information. 
 
3. Software Requirements 
You must have a clean/fresh installation of supported operating systems: 
CentOS 6, RedHat 6 or CloudLinux 6, MINIMAL installation and English version only! 
CentOS 7 is NOT supported. 
 
4. Hardware Requirements 
32 bit operating systems require a minimum of 512 MB RAM 
64 bit operating systems require a minimum of 1024 MB RAM (recommended) 
 
Recommended System: 4 GB+ RAM so you would have the full functionality such as Anti-virus scan of emails. 
 
FEATURES 
Here are our features and services at CentOS Web Panel: 
***currently including Admin and Client panel*** 
 
CWP automatically installs full <a href="http://www.hackthesec.co.in/search/label/LAMP">LAMP </a>on your desired server featuring: 
(apache,<a href="http://www.hackthesec.co.in/search/label/PHP">php</a>, phpmyadmin, webmail, mailserver…) 
 
 
What are the Installation and Configuration characteristics during Installation of CWP? 
- <a href="http://www.hackthesec.co.in/search/label/Apache">Apache </a>Web Server (Mod Security + OWASP rules optional) 
- PHP 5.4 (suPHP, SuExec + PHP version switcher) 
- <a href="http://www.hackthesec.co.in/search/label/Mysql">MySQL</a>/MariaDB + phpMyAdmin 
- Postfix + Dovecot + roundcube webmail (Antivirus, Spamassassin optional) 
- CSF Firewall 
- File System Lock (no more website hacking, all your files are locked from changes) 
- Backups (optional) 
- AutoFixer for server configuration 
 
3rd Party Aplications 
- CloudLinux + CageFS + PHP Selector 
- Softaculous – Script Installer (Free and Premium) 
 
CentOS Web Panel (CWP) 
- Setups Server for Web Hosting (websites like WordPress…) 
- API for easier account management, and whmcs billing api 
- NAT-ed version, support for NAT-ed IPs 
- Free Hosting Module, account activation provisioning for sites that have a free hosting 
 
Web Server 
- Varnish Cache server (improve your server performances up to three times) 
- Nginx Reverse Proxy (get you static files delivered in the fastest way) 
- Compiles Apache from source (improves performance up to 15%) 
- Apache reCompiler + Additional modules installation with one click 
- Apache server status, configuration 
- Apache Redirects Manager 
- Edit apache vhosts, vhosts templates, include configuration 
- Rebuild all apache Virtual hosts with one click 
- suPHP & suExec (improved security) 
- Mod Security + OWASP rules (one click install, easy management) 
- Tomcat 8 server management & install in one click 
- DoS protection from the Slow-Loris attacks 
- Apache with spamhaus RBL protection (Protecting http PUT,POST,CONNECT) 
- Perl cgi script support 
 
PHP 
- Compiles PHP from source (improves up to 20% on performances) 
- PHP Switcher (switch between PHP versions like: 5.2, 5.3, 5.4, 5.5, 5.6, 7.x) 
- PHP Selector select PHP version per user or per folder (PHP 4.4, 5.2, 5.3, 5.4, 5.5, 5.6, 7.x) 
- Simple php editor 
- Simple php.ini generator in the users panel 
- PHP addons with one click 
- PHP.ini editor & PHP info & List modules 
- php.ini per user account (you can add changes in /home/USER/php.ini) 
- FFMPEG, For Video streaming websites) 
- CloudLinux + PHP Selector 
- ioncube, php-imap … 
 
User Management 
- Add, List, Edit and Remove Users 
- User Monitoring (list users open files, listening sockets…) 
- Shell access management 
- User Limit Managment (Quota and Inodes) 
- Limit Processes: The maximum available number of processes per account. 
- Limit Open Files: The maximum available number of open files per account. 
- User FTP & File Manager 
- CloudLinux + CageFS 
- Dedicated IP per account 
 
DNS 
- FreeDNS (Free DNS Server, no need for additional IPs) 
- Add, Edit, List and Remove DNS zones 
- Edit nameserver IPs 
- DNS zone template editor 
- New Easy DNS Zone Manager (with ajax) 
- New DNS Zone list with Additional resolving information using google (also checking rDNS, nameservers….) 
 
Email 
- postfix & dovecot 
- MailBoxes, Alias 
- Roundcube webmail 
- Postfix Mail queue manager 
- rDNS Checker Module (check you rDNS records) 
- AntiSPAM (Spamhaus cronjob) 
- SpamAssassin, RBL checking, AmaViS, ClamAV, OpenDKIM 
- SPF & DKIM Integration 
- Many More.... 
 
System 
- Hardware Information (CPU core and clock info) 
- Memory Information (Memory usage info) 
- Disk Info (Detailed Disk status) 
- Software Info (kernel version, uptime…) 
- Services Status (Quick services restart eg. Apache, FTP,Mail…) 
- Many More... 
 
Monitoring 
- Live Monitoring (Monitor services eg. top, apache stats, mysql…) 
- Use Java SSH Terminal/Console within panel 
- Services Configuration (eg. Apache, PHP, MySQL…) 
- Run shell commands in screen/background 
 
Security 
- CSF Firewall (Best Linux Firewall) 
- SSL generator 
- SSL Certificate Manager (quick and easy installation of SSL Certs) 
- Letsencrypt, Free SSL certificates for all your domains 
- CloudLinux + CageFS 
- CSF/LFD BruteForce protection 
- IP access control 
- Mod Security + OWASP rules (one click install, easy management) 
- DoS protection from the Slow-Loris attacks (for Apache) 
- File System Lock (no more website hacking, all your files are locked from changes) 
- PHP now shows the script name and path in top or process lists 
- Apache is limiting number of php processes per user 
- Automated Backups 
- Hide system and other user processes 
- SFTP Security 
 
SQL 
 
Additional options 
- TeamSpeak 3 Manager (Voice servers) 
- Shoutcast Manager (Shoutcast streaming servers) 
- Auto-update 
- Backup manager 
- File Manager 
- Scripts folder “/scripts” over 15+ scripts 
- Virtual FTP users per domain 
- cPanel Account Migration (restores files, databases and database users) 
- Torrent SeedBox (one click install with Deluge WebGU) 
- SSH key generator 
 
and many many other options… 
 
 
 
to do List  
We plan to improve & add following soon 
- Server monitoring scripts (Load, Memory, Mail Queue, Security) 
- Live notifications (get notification in CWP about issues on the server) 
 
…and many others  
 
HOW TO INSTALL CWP 
 
 
Follow steps below to setup CentOS Web Panel on your server: 
 
Step 1 – Login to your server as root or as user with sudo privilege: 
 
Step 2 – Go to /usr/local/src directory and download CWP installer package there: 
<pre style="background: rgb(68, 68, 68); border-radius: 3px; border: 1px solid rgb(221, 221, 221); color: white; font-family: "Courier 10 Pitch", Courier, monospace; font-size: 15px; font-stretch: inherit; line-height: 19px; margin-bottom: 30px; margin-top: 30px; max-width: 100%; overflow-x: auto; overflow-y: hidden; padding: 18px 20px; vertical-align: baseline; word-wrap: normal;">cd /usr/local/src
wget http://centos-webpanel.com/cwp-latest</pre>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHCumkp8N-EKNmJ431ei3V3clDBLB5dOiXGEkVukFp8AuA1DkTgPzgkXZu0eo02G_UWvJW2IqvQxdpaWEB_WC9xIoE6NbIIA8-Zk4Vxi1o0pZrdbG3Y3W9hzsvhmTQ_7cyN-eodwOzKZax/s1600/cwp_download.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHCumkp8N-EKNmJ431ei3V3clDBLB5dOiXGEkVukFp8AuA1DkTgPzgkXZu0eo02G_UWvJW2IqvQxdpaWEB_WC9xIoE6NbIIA8-Zk4Vxi1o0pZrdbG3Y3W9hzsvhmTQ_7cyN-eodwOzKZax/s1600/cwp_download.png" /></a></div>
 
Step 3 – Once downloaded, issue one simple command below to start the installer: 
<pre style="background: rgb(68, 68, 68); border-radius: 3px; border: 1px solid rgb(221, 221, 221); color: white; font-family: "Courier 10 Pitch", Courier, monospace; font-size: 15px; font-stretch: inherit; line-height: 19px; margin-bottom: 30px; margin-top: 30px; max-width: 100%; overflow-x: auto; overflow-y: hidden; padding: 18px 20px; vertical-align: baseline; word-wrap: normal;">sh cwp-latest</pre>
The whole process is fully automatic. 
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSopw4SkzWe3Riuuzsz4sTRkinxzg3T2tQJHOss3rsWUG3oT5LWdHnoBx1yCMmgmt9eruHb3iFQ7nbCgv_j8iVsv1vTy0KbZfEg82frn6Rbs6sekewbh_4CQgOxRPaJRDr5LaIYF9p_-Ct/s1600/cwp-install-process.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSopw4SkzWe3Riuuzsz4sTRkinxzg3T2tQJHOss3rsWUG3oT5LWdHnoBx1yCMmgmt9eruHb3iFQ7nbCgv_j8iVsv1vTy0KbZfEg82frn6Rbs6sekewbh_4CQgOxRPaJRDr5LaIYF9p_-Ct/s1600/cwp-install-process.jpg" /></a></div>
The CWP installation progress will take some times because several software will be compiled from source (especially PHP) for improved performance, security and flexibility. In my case it is almost like installing WHM/cPanel.Once the process is done, you’ll see something like this: 
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkppCekvY8ZZ1HJ79of1ohnaCKjLCcLOlyg0DvBBYrku-jq5nDkiw2HerQBKt4yWKg3FsdeQfdVztT3_DhfQLcF1vgZlGQS1zTYyrgiFSWtkZl9RkUA_kTbH5IkuWpuJcCDuhTCcZiC-nA/s1600/cwp-installed.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkppCekvY8ZZ1HJ79of1ohnaCKjLCcLOlyg0DvBBYrku-jq5nDkiw2HerQBKt4yWKg3FsdeQfdVztT3_DhfQLcF1vgZlGQS1zTYyrgiFSWtkZl9RkUA_kTbH5IkuWpuJcCDuhTCcZiC-nA/s1600/cwp-installed.jpg" /></a></div>
 
Step 4 – Now hit Enter on your keyboard and your server should reboot automatically. Next time you try to login to your server via SSH, the display will be different. You will now see CWP welcome message. 
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjasChe2omZRknNfe_J0yitTgF1TyuoL4Qu90yMEXGfUh1Sj76zAOeh9TKNBkibQymExrUNUXraoajGTKC6lMSqHnH_6UTiBzVrbXm3mAGZYBTfCisNy2p7vY6XgLZPHMSQHeYx69jOTiB5/s1600/cwp-ssh.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjasChe2omZRknNfe_J0yitTgF1TyuoL4Qu90yMEXGfUh1Sj76zAOeh9TKNBkibQymExrUNUXraoajGTKC6lMSqHnH_6UTiBzVrbXm3mAGZYBTfCisNy2p7vY6XgLZPHMSQHeYx69jOTiB5/s1600/cwp-ssh.jpg" /></a></div>
Step 5 – Open up your favorite web browser (Firefox, Chrome, etc) and open your newly installed CWP admin GUI at one of these URLs: 
 
Log in to your CWP server using the link provided by the installer on your server 
CentOS WebPanel Admin GUI at http://SERVER-IP:2030/ 
Username: root 
Password: your root password 
 
- Setup nameservers 
- Setup shared ip (must be your public IP address) 
- Setup at least one hosting package (or edit default package) 
- Setup root email 
& now you are ready to host domains… 
 
For additional configuration instruction, please check our wiki/documentation site. 
<a href="http://wiki.centos-webpanel.com/">http://wiki.centos-webpanel.com/</a> 
 
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyICwqS6FGNGMP9zqscuFGwh9yMFlQtUXWqs89yFShw_zEKV0tyvvqxnUVKFdWgLrl0YwgTu3Zcy8e7YZ1ZJTcUL9jQewDkQrfnq66pkgsytgTku7FCS7CBnQaJMgGMjydhTcJSbGw1ri-/s1600/cwp-login-page.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyICwqS6FGNGMP9zqscuFGwh9yMFlQtUXWqs89yFShw_zEKV0tyvvqxnUVKFdWgLrl0YwgTu3Zcy8e7YZ1ZJTcUL9jQewDkQrfnq66pkgsytgTku7FCS7CBnQaJMgGMjydhTcJSbGw1ri-/s1600/cwp-login-page.jpg" /></a></div>
 
<a href="http://www.hackthesec.co.in/">www.hackthesec.co.in</a> 
<a class="g-profile" href="https://plus.google.com/113492055880844042777" target="_blank">+Linux Tutorial</a> 
@<a href="https://www.twitter.com/Hackthesecurity">hackthesec</a> 
 </div>

How to install Centos Web Panel(CWP)

Install Centos Web Panel(CWP) CentOS Web Panel – a Free Web Hosting control panel designed for quick and easy management of (Dedicated & VPS) servers minus the chore and effort to use ssh console for…

24 Nov 2016

How to install Kloxo-Mr on CentOS 6.x

<div dir="ltr" style="text-align: left;" trbidi="on">
Install Kloxo-Mr on Linux 
Kloxo (formerly known as Lxadmin) is a free, opensource web hosting control panel for the <a href="http://www.hackthesec.co.in/search/label/RHEL">Red Hat</a> and <a href="http://www.hackthesec.co.in/search/label/Centos">CentOS </a>Linux distributions. 
 
Kloxo allows the host administrators to run a combination of <a href="http://www.hackthesec.co.in/search/label/lighttpd_web_server">lighttpd </a>or <a href="http://www.hackthesec.co.in/search/label/Apache">Apache</a> with djbdns or BIND, and provides a graphical interface to switch between these programs without losing data. Kloxo Enterprise can transparently move web/mail/dns from one server running Apache to another running lighttpd. It is also known as a good free alternative to cPanel hosting control panel. 
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9MbUuJAuogwnY-nMj_fymDUXw637EaO5eopPScijQnzTOauHz4l4eXHd_7sKXkjcGNXMpGHmHawLNjlQ9ktukT5kke0k23Zdeg8q4c-3yEO8zYq1c7XTULO66cKbb1rivzxHvGyWK40Bq/s1600/kloxo-mr_hackthesec.co.in.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9MbUuJAuogwnY-nMj_fymDUXw637EaO5eopPScijQnzTOauHz4l4eXHd_7sKXkjcGNXMpGHmHawLNjlQ9ktukT5kke0k23Zdeg8q4c-3yEO8zYq1c7XTULO66cKbb1rivzxHvGyWK40Bq/s1600/kloxo-mr_hackthesec.co.in.png" /></a></div>
 
 
Kloxo comes integrated with Install app, which is a bundle of approximately 130 web applications that can be installed to the hosted websites. It is supported by Installation - a third party application installer (similar to Fantastico) as a plugin. 
Features 
It comes with with lots of Server/web applications. 
 
<ul style="text-align: left;">
<li>MAIL SERVER: Qmail toaster.</li>
<li>Database: <a href="http://www.hackthesec.co.in/search/label/Mysql">Mysql</a>, <a href="http://www.hackthesec.co.in/search/label/MaraiDB">MariaDB</a>.</li>
<li>Database Manager: <a href="http://www.hackthesec.co.in/search/label/phpmyadmin">PHPMYAdmin</a>, Adminer, Mywebsql.</li>
<li>DNS: BIND, djbdns.</li>
<li>FTP: Pure-ftpd.</li>
<li>ADDON: Clamav, Spamassassin,<a href="http://www.hackthesec.co.in/search/label/RkHunter">RKhunter</a>.</li>
<li>WEBMAIL: Squirrelmail, Roundcube, horald.</li>
<li>BILLING: Host Bill, the hosting bill, Blesta, AccountLAB Plus.</li>
</ul>
<div>
INSTALLATION</div>
 
 
First, let's update all your system software to the latest version available using the yum package manager. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; line-height: 19.2px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">yum update</pre>
Once the update of your system is completed, you can proceed with the installation of the required packages. The required packages can be installed with the command below: 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; line-height: 19.2px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">yum install yum-utils yum-priorities vim-minimal subversion curl zip unzip yum install yum-utils yum-priorities vim-minimal subversion curl zip unzip -y</pre>
Now, lets install Kloxo-MR 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; line-height: 19.2px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;"># cd /tmp
# wget https://github.com/mustafaramadhan/kloxo/raw/rpms/release/neutral/noarch/mratwork-release-0.0.1-1.noarch.rpm --no-check-certificate
# yum install mratwork-release-0.0.1-1.noarch.rpm -y
# cd / 
# yum install mratwork-release-0.0.1-1.noarch.rpm -y</pre>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSW43GjEynwTKDLyjKEBvMYSQb3MnKhsmreUDWXuoe4gQQ798sg17zt8gyNJMCSWUtdM_Z6eqiR9hSvsLuD9hHWoRN7IeLwEwSv4VBLjgxQmzUUXEZMrGtd5xnJQYqUjRm1PiWlaq1YQ82/s1600/Install-Kloxo-MR-web-panel_hackthesec.co.in.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSW43GjEynwTKDLyjKEBvMYSQb3MnKhsmreUDWXuoe4gQQ798sg17zt8gyNJMCSWUtdM_Z6eqiR9hSvsLuD9hHWoRN7IeLwEwSv4VBLjgxQmzUUXEZMrGtd5xnJQYqUjRm1PiWlaq1YQ82/s1600/Install-Kloxo-MR-web-panel_hackthesec.co.in.jpg" /></a></div>
 
Run following script after above step get complete 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; line-height: 19.2px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;"># sh /script/upcp</pre>
Once the installation is completed, you can open the web browser you prefer and enter one of the following web addresses: 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; line-height: 19.2px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">https://IP-ADDRESS:7777
http://IP-ADDRESS:7778</pre>
Default username and password is: admin admin 
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAvIPdpiuIuEpt6AlRHy5yXid03x_TxCnD8igVEZgi4YphcdtILt0CwthnRuMJoB6FPbprlU9OavGGrmRtX2lfI9Cz1PW-l4hKB98vT1PVYeKNykS0m-glFA4NF4ntobTooBPKfo1S75Uo/s1600/Kloxo-MR-7-login-page_hackthesec.co.in.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAvIPdpiuIuEpt6AlRHy5yXid03x_TxCnD8igVEZgi4YphcdtILt0CwthnRuMJoB6FPbprlU9OavGGrmRtX2lfI9Cz1PW-l4hKB98vT1PVYeKNykS0m-glFA4NF4ntobTooBPKfo1S75Uo/s1600/Kloxo-MR-7-login-page_hackthesec.co.in.png" /></a></div>
After Login default panel will appear. 
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXFEaJFHfRV1mN7r9j6QVZGs6BXzfPQCFshkuMgxvE1EOzedlC-1hPdtjIXDntOeoqGgllkhvZjMlqFRXSkI8wCYR-idOVUvw8ZFkSJ5XNjpRnTZUj7BdYIVF_j3KTtzbgiDcQSb9dSwbQ/s1600/Kloxo_Afterlogin_hackthesec.co.in.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXFEaJFHfRV1mN7r9j6QVZGs6BXzfPQCFshkuMgxvE1EOzedlC-1hPdtjIXDntOeoqGgllkhvZjMlqFRXSkI8wCYR-idOVUvw8ZFkSJ5XNjpRnTZUj7BdYIVF_j3KTtzbgiDcQSb9dSwbQ/s1600/Kloxo_Afterlogin_hackthesec.co.in.jpg" /></a></div>
<div style="text-align: center;">
<a href="http://www.hackthesec.co.in/">www.hackthesec.co.in</a></div>
<div style="text-align: center;">
 </div>
</div>

How to install Kloxo-Mr on CentOS 6.x

Install Kloxo-Mr on Linux Kloxo (formerly known as Lxadmin) is a free, opensource web hosting control panel for the Red Hat and CentOS Linux distributions. Kloxo allows the host administrators to run…

22 Jun 2016

Installing HAProxy For Load Blancing And Protecting Apache From DDos

<div dir="ltr" style="text-align: left;" trbidi="on">
HAProxy For Load Blancing And Protecting Apache 
HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Over the years it has become the de-facto standard opensource load balancer, is now shipped with most mainstream Linux distributions, and is often deployed by default in cloud platforms.  
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgPa7Usd4c8YIVUD4JNC30RhJVlkhu9vYhOMa1pF6q2-pKyCbDfhAB_kSKelVuBM10VGpjA3DR0A3F7scFBYZUjAwEe-I1s3UE9n_3Ia-V7fFmwaF2ttWFsjAKi3lCEdkY0TPWvAFBx6L7/s1600/HAProxy-hackthesec.co.in.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgPa7Usd4c8YIVUD4JNC30RhJVlkhu9vYhOMa1pF6q2-pKyCbDfhAB_kSKelVuBM10VGpjA3DR0A3F7scFBYZUjAwEe-I1s3UE9n_3Ia-V7fFmwaF2ttWFsjAKi3lCEdkY0TPWvAFBx6L7/s1600/HAProxy-hackthesec.co.in.jpg" /></a></div>
 
Its mode of operation makes its integration into existing architectures very easy and riskless, while still offering the possibility not to expose fragile web servers to the net, such as below : 
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.haproxy.org/img/haproxy-pmode.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://www.haproxy.org/img/haproxy-pmode.png" /></a></div>
 
version 1.5 : the most featureful version, supports SSL, IPv6, keep-alive, DDoS protection, etc... 
version 1.4 : the most stable version for people who don't need SSL. Still provides client-side keep-alive 
 
version 1.3 : the old stable version for companies who cannot upgrade for internal policy reasons. <a href="http://www.haproxy.org/#desc" target="_blank">More Info Here</a> 
INSTALLATION 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; line-height: 19.2px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">wget http://haproxy.1wt.eu/download/1.5/src/devel/haproxy-1.5-dev7.tar.gz
tar xvfz haproxy-1.5-dev7.tar.gz
$ cd haproxy-1.5-dev7</pre>
Now we have to compile the installation file, we are taking example of centos. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; line-height: 19.2px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">make install</pre>
Now make a new directory and copy haproxy configuration file there 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; line-height: 19.2px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">mkdir /etc/haproxy
cd /etc/haproxy
vi haproxy.cfg</pre>
change the ip address below and copy it to haproxy.cfg 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">global
daemon
maxconn 20000 # count about 1 GB per 20000 connections
pidfile /var/run/haproxy.pid
stats socket /var/run/haproxy.stat mode 600

defaults
mode http
maxconn 19500        # Should be slightly smaller than global.maxconn.
timeout client 60s   # Client and server timeout must match the longest
timeout server 60s   # time we may wait for a response from the server.
timeout queue  60s   # Don't queue requests too long if saturated.
timeout connect 4s   # There's no reason to change this one.
timeout http-request 5s    # A complete request may never take that long.
# Uncomment the following one to protect against nkiller2. But warning!
# some slow clients might sometimes receive truncated data if last
# segment is lost and never retransmitted :
# option nolinger
option http-server-close
option abortonclose
balance roundrobin
option forwardfor    # set the client's IP in X-Forwarded-For.
option tcp-smart-accept
option tcp-smart-connect
retries 2

frontend public
bind 192.168.1.1:80
bind 192.168.1.2:80
bind 192.168.1.3:80
bind 192.168.1.4:80

# table used to store behaviour of source IPs
stick-table type ip size 200k expire 5m store gpc0,conn_rate(10s)

# IPs that have gpc0 > 0 are blocked until the go away for at least 5 minutes
acl source_is_abuser src_get_gpc0 gt 0
tcp-request connection reject if source_is_abuser

# connection rate abuses get blocked
acl conn_rate_abuse  sc1_conn_rate gt 30
acl mark_as_abuser   sc1_inc_gpc0  gt 0
tcp-request connection track-sc1 src
tcp-request connection reject if conn_rate_abuse mark_as_abuser

default_backend apache

backend apache
# set the maxconn parameter below to match Apache's MaxClients minus
# one or two connections so that you can still directly connect to it.
stats uri /haproxy?stats
server srv 0.0.0.0:8181 maxconn 254

# Enable the stats page on a dedicated port (8811). Monitoring request errors
# on the frontend will tell us how many potential attacks were blocked.
listen stats
# Uncomment "disabled" below to disable the stats page :
# disabled
bind :8811
stats uri /
</pre>
<div>
In the above file replace 192.168.1.1 to 192.168.1.4 with your server ip address.</div>
Change your Apache port to 8181 as in configuration file we are using that server srv 0.0.0.0:8181 maxconn 254. 
In WHM goto Tweak Settings and find Apache non-SSL IP/port and change it to 8181. 
Restart apache 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">/etc/init.d/apache2 restart</pre>
Start haproxy 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">haproxy -f /etc/haproxy/haproxy.cfg</pre>
Now we have to check if its working. Go to your stats page to see 
serverip:8811 
 
 
Replace serverip with your server ip used in configuration file and you will see full result generated by haproxy 
<div style="text-align: center;">
<a href="http://www.hackthesec.co.in/">www.hackthesec.co.in</a></div>
<div style="text-align: center;">
 </div>
</div>

Installing HAProxy For Load Blancing And Protecting Apache From DDos

HAProxy For Load Blancing And Protecting Apache HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is …

21 Jun 2016

How to Protect Apache Server From Denial-of-Service (Dos) Attack

<div dir="ltr" style="text-align: left;" trbidi="on">
Protecting Apache Server From Denial-of-Service (Dos) Attack 
A denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. A distributed denial-of-service (DDoS) is where the attack source is more than one, often thousands of, unique IP addresses. It is analogous to a group of people crowding the entry door or gate to a shop or business, and not letting legitimate parties enter into the shop or business, disrupting normal operations. 
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbvXzbAIVFMdclQaDCSCILQQsJG_oW-jSzbDmSZnd57RAIJ5NuLhrkUjrxXBFx6QNR4K1oia4tvxSmx_7rK5S_50_zR6YwMnhZd7C834Cfq4Z-4-GWZ1HoFotAEJQJeecaIF-G5WN9P3Hx/s1600/ddos_hackthesec.co.in.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbvXzbAIVFMdclQaDCSCILQQsJG_oW-jSzbDmSZnd57RAIJ5NuLhrkUjrxXBFx6QNR4K1oia4tvxSmx_7rK5S_50_zR6YwMnhZd7C834Cfq4Z-4-GWZ1HoFotAEJQJeecaIF-G5WN9P3Hx/s1600/ddos_hackthesec.co.in.png" /></a></div>
 
Criminal perpetrators of DoS attacks often target sites or services hosted on high-profile web servers such as banks, credit card payment gateways; but motives of revenge, blackmail or activism can be behind other attacks. 
 
The scale of DDOS attacks has continued to rise over recent years; web security company, CloudFlare, reported in 2016 they consistently mitigated attacks of 400Gbps. 
What is mod_evasive? 
 
mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently reports abuses via email and syslog facilities. 
Installing mod_evasive 
Server Distro: Debian 8 jessie 
Apache Version: Apache/2.4.10 
 
mod_evasive appears to be in the Debian official repository, we will need to install using apt 
<pre style="background-attachment: scroll; background-clip: initial; background-color: #3c3c3c; background-image: none; background-origin: initial; background-position: 0px 0px; background-repeat: repeat; background-size: initial; border-radius: 4px; border: 1px solid rgb(229, 229, 229); margin-bottom: 20px; outline: 0px; overflow: auto; padding: 20px; vertical-align: baseline;"># apt-get update
# apt-get install libapache2-mod-evasive</pre>
Setting up mod_evasive 
 
We have mod_evasive installed but not configured, mod_evasive config is located at /etc/apache2/mods-available/evasive.conf. We will be editing that which should look similar to this 
<pre style="background-color: whitesmoke; border-radius: 4px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #333333; font-family: Menlo, Monaco, Consolas, 'Courier New', monospace; font-size: 13px; line-height: 1.42857; margin-bottom: 10px; overflow: auto; padding: 9.5px; word-break: break-all; word-wrap: break-word;"><IfModule mod_evasive20.c>
 #DOSHashTableSize 3097
 #DOSPageCount 2
 #DOSSiteCount 50
 #DOSPageInterval 1
 #DOSSiteInterval 1
 #DOSBlockingPeriod 10

#DOSEmailNotify you@yourdomain.com
 #DOSSystemCommand "su - someuser -c '/sbin/... %s ...'"
 #DOSLogDir "/var/log/mod_evasive"
 </IfModule></pre>
mod_evasive Configuration Directives 
 
<ul style="text-align: left;">
<li>DOSHashTableSize</li>
<li>DOSPageCount</li>
<li>DOSSiteCount</li>
<li>DOSPageInterval</li>
<li>DOSSiteInterval</li>
<li>DOSBlockingPeriod</li>
<li>DOSEmailNotify</li>
<li>DOSSystemCommand</li>
<li>DOSLogDir</li>
</ul>
 
 
This configuration is what I’m using which is working well and I recommend it if you don’t know how to go about the configuration 
<pre style="background-color: whitesmoke; border-radius: 4px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #333333; font-family: Menlo, Monaco, Consolas, 'Courier New', monospace; font-size: 13px; line-height: 1.42857; margin-bottom: 10px; overflow: auto; padding: 9.5px; word-break: break-all; word-wrap: break-word;"><IfModule mod_evasive20.c>
 DOSHashTableSize 2048
 DOSPageCount 5
 DOSSiteCount 100
 DOSPageInterval 1
 DOSSiteInterval 2
 DOSBlockingPeriod 10

DOSEmailNotify you@yourdomain.com
 #DOSSystemCommand "su - someuser -c '/sbin/... %s ...'"
 DOSLogDir "/var/log/mod_evasive"
</IfModule></pre>
As you’ll replace you@yourdomain.com with your email. Since mod_evasive doesn’t create the log directory automatically, we are to create it for it: 
<pre style="background-attachment: scroll; background-clip: initial; background-color: #3c3c3c; background-image: none; background-origin: initial; background-position: 0px 0px; background-repeat: repeat; background-size: initial; border-radius: 4px; border: 1px solid rgb(229, 229, 229); margin-bottom: 20px; outline: 0px; overflow: auto; padding: 20px; vertical-align: baseline;"># mkdir /var/log/mod_evasive
# chown :www-data /var/log/mod_evasive
# chmod 771 /var/log/mod_evasive</pre>
Once setup is done, make sure mod_evasive is enabled by typing: 
<pre style="background-attachment: scroll; background-clip: initial; background-color: #3c3c3c; background-image: none; background-origin: initial; background-position: 0px 0px; background-repeat: repeat; background-size: initial; border-radius: 4px; border: 1px solid rgb(229, 229, 229); margin-bottom: 20px; outline: 0px; overflow: auto; padding: 20px; vertical-align: baseline;"># a2enmod evasive</pre>
Restart Apache for changes to take effect 
<pre style="background-attachment: scroll; background-clip: initial; background-color: #3c3c3c; background-image: none; background-origin: initial; background-position: 0px 0px; background-repeat: repeat; background-size: initial; border-radius: 4px; border: 1px solid rgb(229, 229, 229); margin-bottom: 20px; outline: 0px; overflow: auto; padding: 20px; vertical-align: baseline;"># systemctl restart apache2</pre>
Testing mod_evasive Setup 
 
mod_evasive set up correctly,  now we are going to test if our web server has protection again DoS attack using ab (Apache Benchmark). Install ab if you don’t have it by typing: 
<pre style="background-attachment: scroll; background-clip: initial; background-color: #3c3c3c; background-image: none; background-origin: initial; background-position: 0px 0px; background-repeat: repeat; background-size: initial; border-radius: 4px; border: 1px solid rgb(229, 229, 229); margin-bottom: 20px; outline: 0px; overflow: auto; padding: 20px; vertical-align: baseline;"># apt-get install apache2-utils</pre>
Current stat of our /var/log/mod_evasive 
<pre style="background-attachment: scroll; background-clip: initial; background-color: #3c3c3c; background-image: none; background-origin: initial; background-position: 0px 0px; background-repeat: repeat; background-size: initial; border-radius: 4px; border: 1px solid rgb(229, 229, 229); margin-bottom: 20px; outline: 0px; overflow: auto; padding: 20px; vertical-align: baseline;">root@hackthesec:/var/log/mod_evasive# ls -l
 total 0
root@hackthesec:/var/log/mod_evasive#</pre>
We will now send bulk requests to the server, causing a DoS attack  by typing: 
<pre style="background-attachment: scroll; background-clip: initial; background-color: #3c3c3c; background-image: none; background-origin: initial; background-position: 0px 0px; background-repeat: repeat; background-size: initial; border-radius: 4px; border: 1px solid rgb(229, 229, 229); margin-bottom: 20px; outline: 0px; overflow: auto; padding: 20px; vertical-align: baseline;"># ab -n 100 -c 10 http://serverip/</pre>
Sending 100 request on 10 concurrent requests per request, the current stat of my /var/log/mod_evasive directory is now 
<pre style="background-attachment: scroll; background-clip: initial; background-color: #3c3c3c; background-image: none; background-origin: initial; background-position: 0px 0px; background-repeat: repeat; background-size: initial; border-radius: 4px; border: 1px solid rgb(229, 229, 229); margin-bottom: 20px; outline: 0px; overflow: auto; padding: 20px; vertical-align: baseline;">root@hackthesec:/var/log/mod_evasive# ls -l
 total 4
 -rw-r--r-- 1 www-data www-data 18 May 16 22:10 dos-10.42.0.1</pre>
Checking Apache access logs at /var/log/apache2/access.log we can see all connections from ApacheBench/2.3 were dropped to 403: 
<a href="http://www.hackthesec.co.in/">www.hackthesec.co.in</a></div>

How to Protect Apache Server From Denial-of-Service (Dos) Attack

Protecting Apache Server From Denial-of-Service (Dos) Attack A denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users, such as to tempora…

18 May 2016

Load more posts