Jump to content


Most Liked Content


#75 (Automatically) block brute force IP's via CSF

Posted by John on 19 June 2014 - 06:22 AM

Here's a quick guide on how to block IP's that are found in the brute force log created by DirectAdmin. The IP's will be blocked via CSF, so make sure CSF is installed. 

 

This guide is intended for CentOS systems. 

 

Install a new iptables startup file from DirectAdmin:

cd /etc/init.d
mv iptables iptables.backup
wget http://files.directadmin.com/services/all/iptables
chmod 755 iptables
service iptables restart

Installing the scripts that take care of the blocking process

cd /usr/local/directadmin/scripts/custom
wget http://www.betweendots.com/uploads/block_ip.sh
wget http://files.directadmin.com/services/all/show_blocked_ips.sh
wget http://www.betweendots.com/uploads/unblock_ip.sh
chmod 700 block_ip.sh show_blocked_ips.sh unblock_ip.sh

Create the empty block list and exempt list files

touch /root/blocked_ips.txt
touch /root/exempt_ips.txt

To automate the process, so all IP's reported by DirectAdmin will be automatically blocked:

cd /usr/local/directadmin/scripts/custom
wget http://files.directadmin.com/services/all/brute_force_notice_ip.sh
chmod 700 brute_force_notice_ip.sh

  • firescanner likes this


#71 Install Varnish Cache on a DirectAdmin box

Posted by John on 05 June 2014 - 07:50 PM

The guide above will change *all* hosts to use Varnish cache. I'm not sure how you are able to use Varnish on one domain, sorry. 


  • firescanner likes this


#56 Install Varnish Cache on a DirectAdmin box

Posted by danitfk on 22 March 2014 - 10:54 AM

Thanks!

 

I'm not that familiar with Varnish yet, so I can't write a guide for it. Maybe somebody else that reads this can write a guide here?

Hmmm... Seems nice idea.

I will research about varnish and get some experience with this AWESOME cache server.


  • John likes this


#54 Install Varnish Cache on a DirectAdmin box

Posted by danitfk on 21 March 2014 - 06:45 AM

It's really good tip for installing Varnish on directadmin , and absolutely worked without any problems or issue.

Can you guide about optimize varnish?


  • John likes this


#45 Install Varnish Cache on a DirectAdmin box

Posted by John on 06 January 2014 - 10:15 AM

Installing Varnish Cache on a DirectAdmin box is not complicated, just follow these steps:

 

Install dependencies: 

yum -y install automake autoconf libtool ncurses-devel libxslt groff pcre-devel pkgconfig

For CentOS 5:

rpm --nosignature -i http://repo.varnish-cache.org/redhat/varnish-3.0/el5/noarch/varnish-release/varnish-release-3.0-1.el5.centos.noarch.rpm

For CentOS 6:

rpm --nosignature -i http://repo.varnish-cache.org/redhat/varnish-3.0/el6/noarch/varnish-release/varnish-release-3.0-1.el6.noarch.rpm

Now install Varnish Cache:

yum install varnish

Now edit /etc/varnish/default.vcl and make the following changes (we assume you are going to use port 8080 for Apache), obviously you need to change 123.123.123.123 to your own public IP address: 

backend default {
        .host = "123.123.123.123";
        .port = "8080";
}

Now edit /etc/httpd/conf/httpd.conf and change the listening port to 8080:

Listen 8080

Edit  /etc/httpd/conf/extra/httpd-vhosts.conf and modify this:

Include /etc/httpd/conf/ips.conf

# -SNIP-
#
<VirtualHost 123.123.123.123:80>

To:

#Include /etc/httpd/conf/ips.conf
LogFormat "%O \"%r\"" homedir
NameVirtualHost 127.0.0.1:8080
NameVirtualHost 123.123.123.123:8080
NameVirtualHost 123.123.123.123:443
# -SNIP-
#
<VirtualHost 127.0.0.1:8080 123.123.123.123:8080>

Copy the DirectAdmin templates to the "custom" directory, so we can safely edit those files:

cp -p /usr/local/directadmin/data/templates/virtual_host2.conf  /usr/local/directadmin/data/templates/custom/virtual_host2.conf
cp -p /usr/local/directadmin/data/templates/virtual_host2_sub.conf  /usr/local/directadmin/data/templates/custom/virtual_host2_sub.conf
cp -p  /usr/local/directadmin/data/templates/redirect_virtual_host.conf  /usr/local/directadmin/data/templates/custom/redirect_virtual_host.conf

Now we need to change the template files, we are going to replace a variable in all files:

cd /usr/local/directadmin/data/templates/custom

sed -i 's/<VirtualHost |IP|:|PORT_80| |MULTI_IP|>/<VirtualHost 127.0.0.1:8080 |IP|:8080 |MULTI_IP|>/g' *

Next is installing the reverse proxy module for Apache:

wget http://www.stderr.net/apache/rpaf/download/mod_rpaf-0.6.tar.gz
tar xzf mod_rpaf-0.6.tar.gz
cd mod_rpaf-0.6
apxs -cia mod_rpaf-2.0.c

If you have Apache 2.4 installed you will get an error when you execute apxs:

 

 

mod_rpaf-2.0.c:150: error: 'conn_rec' has no member named 'client_ip'

mod_rpaf-2.0.c:151: error: 'conn_rec' has no member named 'client_addr'
mod_rpaf-2.0.c:151: error: 'conn_rec' has no member named 'client_ip'
mod_rpaf-2.0.c: In function 'change_remote_ip':
mod_rpaf-2.0.c:164: error: 'conn_rec' has no member named 'client_ip'
mod_rpaf-2.0.c:183: error: 'conn_rec' has no member named 'client_ip'
mod_rpaf-2.0.c:186: error: 'conn_rec' has no member named 'client_ip'
mod_rpaf-2.0.c:187: error: 'conn_rec' has no member named 'client_addr'
mod_rpaf-2.0.c:187: error: 'conn_rec' has no member named 'client_ip'
apxs:Error: Command failed with rc=65536

 

We need to patch the file before executing apxs:

yum install git
git clone git://gist.github.com/2716030.git
patch mod_rpaf-2.0.c 2716030/mod_rpaf-2.0.c.patch
apxs -cia mod_rpaf-2.0.c

Now edit /etc/httpd/conf/extra/httpd-includes.conf and add:

<IfModule mod_rpaf-2.0.c>
RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1
RPAFheader X-Forwarded-For
</IfModule>

Now we let DirectAdmin change all the config files for your current users:

echo "action=rewrite&value=httpd" >> /usr/local/directadmin/data/task.queue

edit /etc/sysconfig/varnish and change the VARNISH_LISTEN_PORT to 80:

VARNISH_LISTEN_PORT=80

Now you can restart httpd and start varnish:

service httpd restart
service varnish start

And let's make sure varnish starts after a server reboot:

chkconfig varnish on

  • danitfk likes this