分类 DirectAdmin 下的文章

If you see the error

/usr/local/lib/libz.so.1: no version information available (required by python)

it has to do with the version of libz installed. The reason for the current version has to do with the version of libz that libxml2 requires. A newer version of both will resolve the issue, but due to many reported issues with this update, we reverted to the older version of libz and libxml2. Note that the warning is not going to hurt anything, so it can be ignored.

We do not recommend using the options below.

If you still wish to update libz and libxml2 to their newer versions to avoid the message, type:

cd /usr/local/directadmin/custombuild
./build update
./build set new_zlib yes
./build update_data
./build zlib
./build libxml2
./build php n

If you host a large database that can't be split up, and your server doesnt have the resources to handle it, you can setup mysql to be run on an external server. This shouldn't be needed too often, as usually, you can just move entire user accounts to another server to ease the load. But in the case of one large database using up the whole server, then you dont' have much choice.

Note that this guide does not transfer any databases over. It's generally a good idea to do this before you add users. Also, mysql will continue to run on your local DA.. so existing databases and scripts should continue to function, but users will not be able to control them through DA.

1)The first step is to install mysql onto the remote server. DA is not require on this server, as it is just used for mysql and nothing else. I won't go into the detail on how to do this (use google).

2) The next step is to setup a user that DA can connect to on the remote mysql server. The default DA uses is da_admin, so staying with that name is a good idea, but not required.
You can use this guide to setup the da_admin user on your server: help.directadmin.com/item.php?id=45. The username and password you setup have to be set in the /usr/local/directadmin/conf/mysql.conf file for DA to use.
On a related note, if the remote server is on a LAN IP, and the connecting IP to that remote server will not be your server IP, but rather some other IP such as a 192.168.x.x type of IP then you can use this guide to add an access host by default instead of the server IP: directadmin.com/features.php?id=818.

Note that the above guide will only grants da_admin on the "localhost", meaning you have to already be on that remote mysql server to use the account. We'll need to add another acccess hsot (ip) to allow the DA server to connect to it. Basically, you just run the "GRANT ALL PRIVILEGES ON *.* TO da_admin@localhost" command again, but you change localhost to the IP of your DA server,

GRANT ALL PRIVILEGES ON *.* TO da_admin@1.2.3.4 WITH GRANT OPTION;
FLUSH PRIVILEGES;

we don't need the "identified by 'pass'" again, because the password is already from adding it the first time.

3) At this point.. the remote mysql database should be setup and ready to accept DA to use it. Test it out by logging into your DA machine via ssh, and type:

mysql -uda_admin -p --host=4.3.2.1

where 4.3.2.1 is the IP of your mysql server. If you can't connect, go back over your settings again.. also make sure that port 3306 is open on the remote box.

4)Now.. the easier part is to tell DA to use the remote server. Edit:
/usr/local/directadmin/conf/mysql.conf
add the line:
host=4.3.2.1
where 4.3.2.1 is the IP of your remote server. Make sure there is a newline character at the end of the line.. (Eg, press enter)

5) That should be it. Go into DA and check the mysql section of your user level to see if you get any errors. If not, try adding a database to make sure it works.

6) The only cleanup task would then be to fix up phpMyAdminto also connect to the remote host.
Edit /var/www/html/phpMyAdmin/config.inc.php
Find this line:

$cfg['Servers'][$i]['host']          = 'localhost'; // MySQL hostname or IP address

and change it to

$cfg['Servers'][$i]['host']          = '4.3.2.1'; // MySQL hostname or IP address

官方文档:http://help.directadmin.com/item.php?id=140

.mxZoZ4onWr

Capri是一套商務的DirectAdmin主題,用的人應該不少,我個人也相當喜歡。
前段時間,作者已經將這套主題放到github開源了,並且去掉了function.php的license認證機制。
所以現在算是免費提供使用了,就如上圖所示,當然顯示的license就是github version的。
github地址:https://github.com/Terrorhawk/Capri

wget -O capri.sh http://localserver.flaxe.eu/Capri-install/capri.sh
chmod +x capri.sh
./capri.sh

相關詳情請查看:
https://forum.directadmin.com/showthread.php?t=51079

转载:http://www.guyusoftware.com/2015-05-16-5921.html

Add the following lines to your /usr/local/directadmin/conf/directadmin.conf file:

/etc/init.d/directadmin restart

---

skip_databases_in_backups=1: This will exclude all MySQL databases during the backup process.
skip_domains_in_backups=1: This will exclude all domains (website files) during the backup process.
skip_imap_in_backups=1: This will exclude all email messages which are stored in user mailboxes during the backup process.

1. 下载和安装mod_limitipconn

wget http://dominia.org/djao/limit/mod_limitipconn-0.24.tar.bz2
bzip2 -d  mod_limitipconn-0.24.tar.bz2
tar xvf mod_limitipconn-0.24.tar
cd mod_limitipconn-0.24
apxs -c -i -a mod_limitipconn.c
chmod 755 /usr/lib/apache/mod_limitipconn.so

2. 应用每个用户

创建自定义用户 VirtualHost 模板

cd /usr/local/directadmin/data/templates
cp virtual_host2*.conf custom
cd custom

编辑 virtual_host2.conf ,在 VirtualHost 中添加以下内容

<IfModule mod_limitipconn.c>
<Location />
MaxConnPerIP 10
NoIPLimit images/*
</Location>
</IfModule>

案例

#省略...

<VirtualHost |IP|:|PORT_80| |MULTI_IP|>
|CUSTOM|
|?CGI=ScriptAlias /cgi-bin/ `DOCROOT`/cgi-bin/|
	ServerName www.|DOMAIN|
	ServerAlias www.|DOMAIN| |DOMAIN| |SERVER_ALIASES|
	ServerAdmin |ADMIN|
	DocumentRoot |DOCROOT|
	|CGI|

	|USECANONICALNAME|

	<IfModule !mod_ruid2.c>
		SuexecUserGroup |USER| |GROUP|
	</IfModule>

	<IfModule mod_limitipconn.c>
	<Location />
	MaxConnPerIP 9
	NoIPLimit images/*
	</Location>
	</IfModule>

#省略...

重建所有用户 httpd.conf

cd /usr/local/directadmin/custombuild
./build rewrite_confs

重启Apache

service httpd restart

完成!

请注意,安装适用于 CustomBuild 2.0

cd /usr/local/directadmin/custombuild
./build update
./build set modsecurity yes
./build set modsecurity_ruleset comodo
./build modsecurity

wordpress后台暴力破解规则

/usr/local/cwaf/tmp/rules/workdir1/rules
新建文件,内容如下,保存后设置所属用户重启apache

SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:5000134
<Locationmatch "/wp-login.php">
	# Setup brute force detection.
	# React if block flag has been set.
	SecRule user:bf_block "@gt 0" "deny,status:401,log,id:5000135,msg:'ip address blocked for 5 minutes, more than 10 login attempts in 3 minutes.'"
	# Setup tracking. On a successful login, a 302 redirect is performed, a 200 indicates login failed.
	SecRule RESPONSE_STATUS "^302" "phase:5,t:none,nolog,pass,setvar:ip.bf_counter=0,id:5000136"
	SecRule RESPONSE_STATUS "^200" "phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/180,id:5000137"
	SecRule ip:bf_counter "@gt 10" "t:none,setvar:user.bf_block=1,expirevar:user.bf_block=300,setvar:ip.bf_counter=0"
</locationmatch>

SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:5000234
<Locationmatch "/xmlrpc.php">
	# Rate limit requests to xml-rpc
	SecRule user:bf_block "@gt 0" "deny,status:401,log,id:5000235,msg:'ip address blocked for 5 minutes, more than 10 attempts in 3 minutes.'"
	# Setup tracking. Whenever it gets a 200 or 405 status code, increase our brute force counter.
	SecRule RESPONSE_STATUS "^(200|405)" "phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/180,id:5000237"
	SecRule ip:bf_counter "@gt 10" "t:none,setvar:user.bf_block=1,expirevar:user.bf_block=300,setvar:ip.bf_counter=0"
</Locationmatch>

规则来自:https://github.com/sensson/puppet-directadmin/blob/master/templates/modsecurity/modsec-wordpress.conf.erb

Hello,
update script not part from directadmin.com
**** USE IT YOUR OWN RISKS ****

*****
*****
*****

GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 2006,2007 Free Software Foundation, Inc.
51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Update script made by Wael Isa
H188, R4008, Arad 240, Kingdom of Bahrain
http://www.web4host.net
Version: 1.8.1
Release Date: 1 / 9 / 2006

*****
*****
*****

If you find update script useful, please consider to make a donation to support this freeware.
Please keep in mind that donations are welcome, but in no way required to use and distribute update.script.

You can support update.script by paypal – CLICK HERE

update.script Version: 1.8.1
update script tested in this OS 32bit and 64bit.

  • RedHat Linux
  • RedHat Fedora
  • RedHat Enterprise
  • CentOS
  • Debian
  • OpenSSL (You need to build ssh, apache, php, etc after upgrade)
  • Exim
  • OpenSSH
  • ProFTP
  • ProFTP with mod_clamav
  • phpMyAdmin
  • F-PROT Anti-Virus
  • AVG
  • ClamAV
  • MODclamAV
  • MRTG
  • SquirrelMail
  • SquirrelMail full language pack
  • SpamAssassin
  • MODsecurity 2.x (Apache 2.x Only)
  • ImageMagick
  • GraphicsMagick
  • eAccelerator
  • FFMPEG-php
  • PHP Clamav
  • Webmin control panel (You need to open one port 10000 in your firewall)
  • MailScanner
  • Suhosin
  • NoBody Check

安装

mkdir /usr/local/updatescript
cd /usr/local/updatescript
wget http://tools.web4host.net/update.script
chmod 755 update.script
Run this to read how to use.

运行以下命令查看如何使用

./update.script

查看更多:http://www.web4host.net/update-script/

有些管理员不希望每个IP被封锁都得到DA的通知

brute_force_notice_ip.sh 的触发只发生在DA发送XX IP尝试多少次登入失败通知的时候,现在DA已经添加了一个选项,以防止发送,但brute_force_notice_ip.sh 仍然工作。

该directadmin.conf选项将是:

hide_brute_force_notifications=0

这是默认(选项禁用,发送通知)

如果你想不发通知,但brute_force_notice_ip.sh仍然工作,设置directadmin.conf:
hide_brute_force_notifications=1