Saturday, August 13, 2011

How to tackle ddos and script to block the ips

You can check whether the attack is coming from a single ip using the following commands.
For normal server :
tcpdump -l -n -i eth0
If it is a vps:
tcpdump -l -n -i venet0:0
If the attack is from many ips and its nature is synflood you can know the ips and the no.of connections to them using the following command.
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
Block the ips that are having more connections.


If you want you can use the following script to block the ips causing ddos.




#!/bin/bash

netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n > test.out
for i in `cat test.out | awk '{print $2}' `
do
 {
 if [ "$i" != "127.0.0.1" ] && [ `cat test.out | grep $i | awk '{print$1}'` -gt 35 ] && [  "$i" != "0.0.0.0" ]
 then
 iptables -A INPUT -s $i -j DROP
 echo "Writing the rule :iptables -A INPUT -s $i -j DROP"
 fi
 }
done
The script is tested on centos system and it will work in other distros also.

How to enable tun tap and iptables nat on a openvz vps

When we are using vps with vpn softwares such as openvpn, we need to enable tun tap and nat modules for them. Here we discuss how to enabled tun tap modules in openvz contailers.

Checking whether the module is enabled or not :
#lsmod | grep tun
If it is not there:-
#modprobe tun

Now Enabling Tun/Tap :
#vzctl set [VEID] --devices c:10:200:rw --save
#vzctl stop [VEID]
#vzctl set [VEID] --capability net_admin:on --save
#vzctl start [VEID]

Now enabling NAT for iptables :
#vzctl stop [VEID]
#vzctl set [VEID] --iptables ipt_REJECT --iptables ipt_tos --iptables ipt_TOS --iptables ipt_LOG --iptables ip_conntrack --iptables ipt_limit --iptables ipt_multiport --iptables iptable_filter --iptables iptable_mangle --iptables ipt_TCPMSS --iptables ipt_tcpmss --iptables ipt_ttl --iptables ipt_length --iptables ipt_state --iptables iptable_nat --iptables ip_nat_ftp --save
#vzctl start [VEID]

Thats it Enjoy :)

Thursday, August 11, 2011

error SoftException Mismatch between target UID (99) and UID (32008) of file /usr/local/nagios/share/index.php


[error] [client x.x.x.x] SoftException in Application.cpp:422: Mismatch between target UID (99) and UID (32008) of file "/usr/local/nagios/share/index.php"

You may get this error while installing nagios on a cpanel server. It is because of the suphp.
Solution:
Disable suphp using the script /scripts/easyapache

Error logs can be found at :
tail -f /usr/local/apache/logs/suphp_log
tail -f  /usr/local/apache/logs/error_log