分类 DirectAdmin 下的文章

DirectAdmin主题Capri官方现已开源免费使用

作者: admin
时间: 2015-08-16
分类: 主机模版,DirectAdmin
评论

.mxZoZ4onWr

Capri是一套商務的DirectAdmin主題，用的人應該不少，我個人也相當喜歡。
前段時間，作者已經將這套主題放到github開源了，並且去掉了function.php的license認證機制。
所以現在算是免費提供使用了，就如上圖所示，當然顯示的license就是github version的。
github地址：https://github.com/Terrorhawk/Capri

wget -O capri.sh http://localserver.flaxe.eu/Capri-install/capri.sh
chmod +x capri.sh
./capri.sh

相關詳情請查看：
https://forum.directadmin.com/showthread.php?t=51079

转载：http://www.guyusoftware.com/2015-05-16-5921.html

Directadmin备份排除用户目录/数据库/IMAP

作者: admin
时间: 2015-05-17
分类: DirectAdmin
评论

Add the following lines to your /usr/local/directadmin/conf/directadmin.conf file:

/etc/init.d/directadmin restart

---

skip_databases_in_backups=1: This will exclude all MySQL databases during the backup process.
skip_domains_in_backups=1: This will exclude all domains (website files) during the backup process.
skip_imap_in_backups=1: This will exclude all email messages which are stored in user mailboxes during the backup process.

DirectAdmin安装mod_limitipconn限制每个IP连接

作者: admin
时间: 2015-01-26
分类: DirectAdmin
评论

1. 下载和安装mod_limitipconn

wget http://dominia.org/djao/limit/mod_limitipconn-0.24.tar.bz2
bzip2 -d  mod_limitipconn-0.24.tar.bz2
tar xvf mod_limitipconn-0.24.tar
cd mod_limitipconn-0.24
apxs -c -i -a mod_limitipconn.c
chmod 755 /usr/lib/apache/mod_limitipconn.so

2. 应用每个用户

创建自定义用户 VirtualHost 模板

cd /usr/local/directadmin/data/templates
cp virtual_host2*.conf custom
cd custom

编辑 virtual_host2.conf ，在 VirtualHost 中添加以下内容

<IfModule mod_limitipconn.c>
<Location />
MaxConnPerIP 10
NoIPLimit images/*
</Location>
</IfModule>

案例

#省略...

<VirtualHost |IP|:|PORT_80| |MULTI_IP|>
|CUSTOM|
|?CGI=ScriptAlias /cgi-bin/ `DOCROOT`/cgi-bin/|
	ServerName www.|DOMAIN|
	ServerAlias www.|DOMAIN| |DOMAIN| |SERVER_ALIASES|
	ServerAdmin |ADMIN|
	DocumentRoot |DOCROOT|
	|CGI|

	|USECANONICALNAME|

	<IfModule !mod_ruid2.c>
		SuexecUserGroup |USER| |GROUP|
	</IfModule>

	<IfModule mod_limitipconn.c>
	<Location />
	MaxConnPerIP 9
	NoIPLimit images/*
	</Location>
	</IfModule>

#省略...

重建所有用户 httpd.conf

cd /usr/local/directadmin/custombuild
./build rewrite_confs

重启Apache

service httpd restart

完成！

DirectAdmin默认密码

作者: admin
时间: 2015-01-25
分类: DirectAdmin
评论

cat /usr/local/directadmin/scripts/setup.txt

DirectAdmin 安装 modsecurity WEB防火墙

作者: admin
时间: 2015-01-23
分类: DirectAdmin
评论

请注意，安装适用于 CustomBuild 2.0

cd /usr/local/directadmin/custombuild
./build update
./build set modsecurity yes
./build set modsecurity_ruleset comodo
./build modsecurity

wordpress后台暴力破解规则

/usr/local/cwaf/tmp/rules/workdir1/rules
新建文件，内容如下，保存后设置所属用户重启apache

SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:5000134
<Locationmatch "/wp-login.php">
	# Setup brute force detection.
	# React if block flag has been set.
	SecRule user:bf_block "@gt 0" "deny,status:401,log,id:5000135,msg:'ip address blocked for 5 minutes, more than 10 login attempts in 3 minutes.'"
	# Setup tracking. On a successful login, a 302 redirect is performed, a 200 indicates login failed.
	SecRule RESPONSE_STATUS "^302" "phase:5,t:none,nolog,pass,setvar:ip.bf_counter=0,id:5000136"
	SecRule RESPONSE_STATUS "^200" "phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/180,id:5000137"
	SecRule ip:bf_counter "@gt 10" "t:none,setvar:user.bf_block=1,expirevar:user.bf_block=300,setvar:ip.bf_counter=0"
</locationmatch>

SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:5000234
<Locationmatch "/xmlrpc.php">
	# Rate limit requests to xml-rpc
	SecRule user:bf_block "@gt 0" "deny,status:401,log,id:5000235,msg:'ip address blocked for 5 minutes, more than 10 attempts in 3 minutes.'"
	# Setup tracking. Whenever it gets a 200 or 405 status code, increase our brute force counter.
	SecRule RESPONSE_STATUS "^(200|405)" "phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/180,id:5000237"
	SecRule ip:bf_counter "@gt 10" "t:none,setvar:user.bf_block=1,expirevar:user.bf_block=300,setvar:ip.bf_counter=0"
</Locationmatch>

规则来自：https://github.com/sensson/puppet-directadmin/blob/master/templates/modsecurity/modsec-wordpress.conf.erb

非常有用的一个自动更新配置脚本

作者: admin
时间: 2015-01-23
分类: 管理维护,DirectAdmin
评论

Hello,
update script not part from directadmin.com
**** USE IT YOUR OWN RISKS ****
*****
*****
*****
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 2006,2007 Free Software Foundation, Inc.
51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Update script made by Wael Isa
H188, R4008, Arad 240, Kingdom of Bahrain
http://www.web4host.net
Version: 1.8.1
Release Date: 1 / 9 / 2006
*****
*****
*****
If you find update script useful, please consider to make a donation to support this freeware.
Please keep in mind that donations are welcome, but in no way required to use and distribute update.script.
You can support update.script by paypal – CLICK HERE
update.script Version: 1.8.1
update script tested in this OS 32bit and 64bit.

RedHat Linux

RedHat Fedora

RedHat Enterprise

CentOS

Debian

OpenSSL (You need to build ssh, apache, php, etc after upgrade)
Exim
OpenSSH
ProFTP
ProFTP with mod_clamav
phpMyAdmin
F-PROT Anti-Virus
AVG
ClamAV
MODclamAV
MRTG
SquirrelMail
SquirrelMail full language pack
SpamAssassin
MODsecurity 2.x (Apache 2.x Only)
ImageMagick
GraphicsMagick
eAccelerator
FFMPEG-php
PHP Clamav
Webmin control panel (You need to open one port 10000 in your firewall)
MailScanner
Suhosin
NoBody Check

安装

mkdir /usr/local/updatescript
cd /usr/local/updatescript
wget http://tools.web4host.net/update.script
chmod 755 update.script
Run this to read how to use.

运行以下命令查看如何使用

./update.script

查看更多：http://www.web4host.net/update-script/

DirectAdmin 取消 Brute Force Monitor 监控通知

作者: admin
时间: 2015-01-23
分类: DirectAdmin
评论

有些管理员不希望每个IP被封锁都得到DA的通知

brute_force_notice_ip.sh 的触发只发生在DA发送XX IP尝试多少次登入失败通知的时候，现在DA已经添加了一个选项，以防止发送，但brute_force_notice_ip.sh 仍然工作。

该directadmin.conf选项将是：

hide_brute_force_notifications=0

这是默认（选项禁用，发送通知）

如果你想不发通知，但brute_force_notice_ip.sh仍然工作，设置directadmin.conf：
hide_brute_force_notifications=1

Directadmin(DA)皮肤Capri无码破解版 - 解决加载慢问题

作者: admin
时间: 2015-01-15
分类: DirectAdmin
评论

wget -O capri http://www.outservices.net/soft/capri.sh
sh capri
随便输入密钥
然后把此文件覆盖过到：/usr/local/directadmin/data/skins/Capri/inc/

functions

摘自：http://www.hostloc.com/thread-214830-1-1.html

CSF/LFD添加 Directadmin 服务例外，减少误报

作者: admin
时间: 2015-01-14
分类: 系统安全,DirectAdmin
评论

为了减少一些误报，我们需要把 Directadmin 的一些值得信赖的服务添加CSF/LFD例外。编辑/etc/csf/csf.pignore 输入以下内容：

cmd:spamd child
exe:/bin/dbus-daemon
exe:/sbin/ntpd
exe:/usr/bin/dbus-daemon
exe:/usr/bin/dbus-daemon-1
exe:/usr/bin/fetchmail
exe:/usr/bin/freshclam
exe:/usr/libexec/dovecot/anvil
exe:/usr/libexec/dovecot/imap
exe:/usr/libexec/dovecot/imap-login
exe:/usr/libexec/dovecot/managesieve
exe:/usr/libexec/dovecot/managesieve-login
exe:/usr/libexec/dovecot/pop3
exe:/usr/libexec/dovecot/pop3-login
exe:/usr/libexec/gam_server
exe:/usr/libexec/hald-addon-acpi
exe:/usr/libexec/hald-addon-keyboard
exe:/usr/local/bin/clamd
exe:/usr/local/bin/freshclam
exe:/usr/local/bin/pureftpd_uploadscan.sh
exe:/usr/local/directadmin/dataskq
exe:/usr/local/directadmin/directadmin
exe:/usr/local/libexec/dovecot/imap
exe:/usr/local/libexec/dovecot/imap-login
exe:/usr/local/libexec/dovecot/pop3
exe:/usr/local/libexec/dovecot/pop3-login
exe:/usr/local/mysql-5.1.54-linux-x86_64/bin/mysqld
exe:/usr/local/php53/bin/php53
exe:/usr/local/php53/bin/php-cgi53
exe:/usr/local/php53/bin/php_uploadscan.sh
exe:/usr/local/php53/sbin/php-fpm53
exe:/usr/local/php54/bin/php54
exe:/usr/local/php54/bin/php-cgi54
exe:/usr/local/php54/bin/php_uploadscan.sh
exe:/usr/local/php54/sbin/php-fpm54
exe:/usr/local/php55/bin/php55
exe:/usr/local/php55/bin/php-cgi55
exe:/usr/local/php55/bin/php_uploadscan.sh
exe:/usr/local/php55/sbin/php-fpm55
exe:/usr/local/php56/bin/php56
exe:/usr/local/php56/bin/php-cgi56
exe:/usr/local/php56/bin/php_uploadscan.sh
exe:/usr/local/php56/sbin/php-fpm56
exe:/usr/local/sbin/nginx
exe:/usr/sbin/exim
exe:/usr/sbin/hald
exe:/usr/sbin/httpd
exe:/usr/sbin/mysqld
exe:/usr/sbin/mysqld_safe
exe:/usr/sbin/named
exe:/usr/sbin/nginx
exe:/usr/sbin/ntpd
exe:/usr/sbin/proftpd
exe:/usr/sbin/pure-ftpd
exe:/usr/sbin/sshd

然后重启LFD：

/etc/init.d/lfd restart

来自：https://www.plugins-da.net/info/csf-lfd-exceptions-for-directadmin-csf.pignore
p.s. Based on this thread: http://forum.directadmin.com/showthread.php?t=49424

DirectAdmin错误CSF Permission denied [User:admin UID:501]

作者: admin
时间: 2014-10-20
分类: DirectAdmin
1 条评论

如果你发现在DA打开CSF提示如下错误：

Permission denied [User:admin UID:501]

可以执行如下命令修复：

chown root /usr/local/directadmin/plugins/csf/exec/csf
chmod 4755 /usr/local/directadmin/plugins/csf/exec/csf

DirectAdmin禁用da-popb4smtp服务

作者: admin
时间: 2014-10-04
分类: DirectAdmin
评论

如果你想禁用DirectAdmin的da-popb4smtp服务
编辑 /etc/exim.conf
找到： hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts
修改为： hostlist relay_hosts =

重启 exim
/etc/init.d/exim restart # Redhat/Debian
/usr/local/etc/rc.d/exim restart # FreeBSD

来自：http://help.directadmin.com/item.php?id=467

DirectAdmin组件ZendGuardLoader探针显示不正常解决

作者: admin
时间: 2014-09-27
分类: DirectAdmin
评论

DirectAdmin组件ZendGuardLoader，明明安装了探针却显示红叉叉，是因为一般是根据zend_loader.enable判断的，DA没加这些在php.ini，我们手动加上就好了

编辑php.ini，搜索：zend_extension，在底下加上

zend_loader.enable=1
zend_loader.disable_licensing=0
zend_loader.obfuscation_level_support=3
zend_loader.license_path=

然后 service httpd restart 重启下apache使修改生效
至于DirectAdmin PHP.INI的位置可以参考：http://www.cnweed.com/2743.html