分类 技术分享 下的文章

.mxZoZ4onWr

Capri是一套商務的DirectAdmin主題,用的人應該不少,我個人也相當喜歡。
前段時間,作者已經將這套主題放到github開源了,並且去掉了function.php的license認證機制。
所以現在算是免費提供使用了,就如上圖所示,當然顯示的license就是github version的。
github地址:https://github.com/Terrorhawk/Capri

wget -O capri.sh http://localserver.flaxe.eu/Capri-install/capri.sh
chmod +x capri.sh
./capri.sh

相關詳情請查看:
https://forum.directadmin.com/showthread.php?t=51079

转载:http://www.guyusoftware.com/2015-05-16-5921.html

添加到 configuration.php

$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR']; // 获取真实IP
list($_SERVER['REMOTE_ADDR']) = explode(', ', $_SERVER['REMOTE_ADDR'], 2); // 可能通过多个代理,其中第一个为真实ip地址
$_SERVER['HTTP_X_FORWARDED_FOR'] = $_SERVER['REMOTE_ADDR']; // 添加到WHMCS IP变量

参考:http://www.365mini.com/page/php-get-real-client-ip.htm

Add the following lines to your /usr/local/directadmin/conf/directadmin.conf file:

/etc/init.d/directadmin restart

---

skip_databases_in_backups=1: This will exclude all MySQL databases during the backup process.
skip_domains_in_backups=1: This will exclude all domains (website files) during the backup process.
skip_imap_in_backups=1: This will exclude all email messages which are stored in user mailboxes during the backup process.

xmlrpc

早上收到DNSPOD的网站宕机报告,访问看了下是被CloudLinux挂起了,资源使用超过限制。于是进去DA,查看Apache日记,看到xmlrpc.php不断被post,有人在尝试爆破后台,这种方式可以绕过WP后台的登录错误限制。解决办法可以安装 Login Security Solution 插件防御。

The following mini script is used to convert existing database tables to UTF-8. Upload the script to your account as "convert.php" and modify the database connection parameters and the character set, then execute the script.

To execute the script, you simply would visit the script in any web browser. If you upload the file to your public_html folder you'd visit "http://your-domain.com/convert.php".

Don't forget to replace your-domain.com with your actual domain name. Also, to get your languages to work on your site the collation will need to be utf8.

Code to convert your database to UTF-8

<?php  
     
// Fill in your Server, User, Database, Password, and Collation configuration below   
$db_server = 'localhost';   
$db_user = 'database user';   
$db_password = 'password';   
$db_name = 'database name';   
$char_set = 'new character set';  


// Adds the header information
header('Content-type: text/plain');  


// Connects to the MySQL database    
$connection = mysql_connect($db_server, $db_user, $db_password) or die(mysql_error() );      
$db = mysql_select_db($db_name) or die( mysql_error() ); 


// Runs the SQL query on teh database     
$sql = 'SHOW TABLES'; $result = mysql_query($sql) or die( mysql_error() ); 


// Runs a loop that finds all collations within the database and changes it to the new collation    
   while ( $row = mysql_fetch_row($result) )   {     
      $table = mysql_real_escape_string($row[0]);  
      $sql = "ALTER TABLE $table CONVERT TO CHARACTER SET $char_set COLLATE utf8_general_ci";     
      mysql_query($sql) or die( mysql_error() );       
      print "$table changed successfully.\n";  
   }    


// Update the Collation of the database itself  
$sql = "ALTER DATABASE CHARACTER SET $char_set;";  
mysql_query($sql) or die( mysql_error());     
print "Database collation has been updated successfully.\n";     


// close the connection to the database  
mysql_close($connection);     


?>
Note! You can use this script to change the database to any character set you wish. You need to define the character set in the script to change character sets:
$char_set = 'character set';

You will need the change the utf8_general_ci to match the character set you defined in the step above. So, if you want to change the character set to "Hebrew" you'd change the line to:

$sql = "ALTER TABLE $table CONVERT TO CHARACTER SET $char_set COLLATE hebrew_general_ci";

转载:http://www.inmotionhosting.com/support/website/databases/how-to-convert-a-database-to-utf-8

This is one of the most common topics that I see customers will ask about. As highly important as PHP handlers are, they often the least understood. They seem complicated, but its not too hard to understand. You don’t have to know that exact science of how it all works, but one should learn the basics if you want to take your website seriously. Picking the right PHP handler for your website will give you the optimal speeds you want and maybe allow you to save some money by using a cheaper hosting package. So I invite you to take a few minutes and learn something new.

What are PHP handlers

In order to run a PHP site, the server must interpret the PHP code and generate a page when visitors access the website. It interprets the code based on which PHP library you are using, such as PHP 4 or PHP 5. A PHP handler is what actually loads the libraries so that they can be used for interpretation. PHP handlers determine how PHP is loaded on the server.

There are multiple different handlers that can be used for loading PHP: CGI, DSO, suPHP, & FastCGI. Each handler delivers the libraries through different files and implementations. Each file and implementation affects Apache’s performance, because it determines how Apache serves PHP.

It is critical for your server’s performance that you select the handler that fits your situation. Selecting the right handler is just as important as the PHP version itself. One handler is not necessarily always better than another; it depends on your unique setup. What caching do you need, what modules do you need, etc…

  • Note: You may assign different PHP handlers to different versions of PHP. For example, version 5 may be handled by CGI while PHP 4 is handled by DSO.

How to change the handler

Changing the handler on cPanel is very easy to do and only takes seconds. Log into WHM and navigate to: Main >> Service Configuration >> Configure PHP and SuExec

You simply select your PHP handler choice from the drop-down menu. Then hit “Save New Configuration”.

  • Note: If you do not see your desired choice in the drop-down menu, it may need to be compiled on the server first. Run an “Easy Apache” to compile it.

List of PHP handlers

DSO (mod_php)

DSO is also known as mod_php. DSO stands for: Dynamic Shared Object. This is an older configuration but is generally considered the fastest handler. It runs PHP as an Apache module. This means that PHP scripts will run as the Apache user, which is the user: ‘nobody’.

DSO has two drawbacks. First, all files created by a PHP script will have the ownership of ‘nobody’. They will not be readable from the web. Websites that need to upload files through PHP will run into file permission issues. This is common with WordPress users that upload files through the WordPress interface or utilize the auto-update feature. These will fail with DSO.

The second drawback is a security issue. Created files will have the ‘nobody’ ownership. If a hacker finds an exploit in your PHP script, they could implement a file that has the same privileges as important system files that are also owned by ‘nobody’. This will give them the ability to modify files outside of that user’s account. This is really bad for anyone who does reselling or simply is hosting other person’s sites. You would not one user to be able to affect another user. However, if there is only one account on the server (or if all the accounts are yours), then DSO may be right for you. The speeds benefits of DSO are unquestionable.

An easy way to prevent the hack issue is to always keep your site’s software up to date. Check with your PHP script’s developer to keep up on the new releases. If you are the only one being hosted on the server, this is easy to do as it’s part of your webmaster duties already. However, if you’re reselling, it would be unreasonable to expect all your user’s to keep their software up to date. They simply may not be as diligent as you.

DSO’s low CPU usage typically amounts in higher speeds and load times over most other handlers. It is also the default setting on most servers.

CGI

CGI stands for: Common Gateway Interface. The CGI handler will run PHP as a CGI module as opposed to an Apache module. CGI still runs PHP processes as the Apache ‘nobody’ user. However, if you have suEXEC enabled, it will allow you to see the user that made the request.

The CGI method is intended as a fallback handler for when DSO is not available. According to cPanel’s own documentation, this method is neither fast nor secure, regardless of whether or not suEXEC is enabled.

http://docs.cpanel.net/twiki/bin/view/AllDocumentation/WHMDocs/MorePhphandlers

suPHP

suPHP stands for Single user PHP. suPHP also runs PHP as a CGI module instead of an Apache module. It differs from CGI in that PHP scripts that are called from the web will run under the user that owns them, as opposed to ‘nobody’. suPHP is typically the default handler and is recommended by cPanel for serving PHP because you will be able to see which user owns the account that is running the PHP script.

suPHP is beneficial in that if you are using a file upload tool on your site (such as an automatic updater or theme/plug-in installer for WordPress), the files will already have the right ownership & permissions. Uploading and other WordPress functions will not work without suPHP or FastCGI.

suPHP also offers a security advantage that any php script that is not owned by the particular user (such as another account or root) will not be executable. Also, files that have permissions set to world writeable will likewise be non-executable. This means that if one account is compromised, the malicious scripts will not be able to infect other accounts.

The drawback is that suPHP generally runs a much higher CPU load. In addition, you CANNOT use an Opcode Cache (such as Xcache or APC) with suPHP. It is strongly recommend that you install a caching plug-in to supplement this ned. If you find that your server is still continually struggling with CPU usage, you will want to consider switching to DSO or FastCGI.

*If you DO switch to either suPHP or FastCGI, you will need to update the file permissions and ownership. See my other article for automatic fixperms on cPanel servers: http://boomshadow.net/tech/fixes/fixperms-script/

FastCGI

FastCGI (aka: mod_fcgid or FCGI) is a high performance variation of CGI. It has the security/ownership benefits of suPHP in that PHP scripts will run as the actual cPanel user as opposed to ‘nobody’. The difference with FastCGI is that it can drastically save on CPU performance and give speeds close to that of DSO. It can also be used with an opcode cacher like eAccelerator or APC, which can help further speed the loading of pages.

The drawback is FastCGI has a high memory usage. This is because rather than creating the PHP process each time it is called, like suPHP, it keeps a persistent session open in the background. This is what lets it work with an opcode caching software.

If you like the security/ownership benefits of suPHP and you can afford a major increase in memory usage (meaning you already have a low average memory usage), you may wish to consider using FastCGI.

Comparison Graph

DSO CGI SuPHP FastCGI
Low CPU usage
Low Memory consumption
Runs PHP as site owner instead of Apache

only w/ suEXEC
Good security

Special Note for WordPress Users

If you are using WordPress to run your site, please consider the following:

  • Functions that require uploading files to the server (such as Auto-updates or Plug-in/Theme installation) will NOT work unless PHP is loaded as a CGI module. This means they will ONLY work with suPHP or FastCGI. This will ensure they are uploaded with the correct ownership & permissions.
  • CMS platforms such as WordPress will notoriously run a high CPU load. You will want to install a caching plug-in such as WP Super Cache, especially if you are running suPHP. If you find that your server is still continually struggling with CPU usage, you may want to consider switching to DSO or FastCGI.

转载:http://boomshadow.net/tech/php-handlers/

方法1: 用file_get_contents 以get方式获取内容

<?php  
$url='http://www.domain.com/';  
$html = file_get_contents($url);  
echo $html;  
?>  

方法2: 用fopen打开url, 以get方式获取内容

<?php  
$fp = fopen($url, 'r');  
//返回请求流信息(数组:请求状态,阻塞,返回值是否为空,返回值http头等)  
stream_get_meta_data($fp); 
while(!feof($fp)) {  
$result .= fgets($fp, 1024);  
}  
echo "url body: $result";  
fclose($fp);  
?>  

方法3:用file_get_contents函数,以post方式获取url

<?php  
$data = array ('foo' => 'bar');  
//生成url-encode后的请求字符串,将数组转换为字符串  
$data = http_build_query($data);  
$opts = array (  
<span style="white-space:pre">  </span>'http' => array (  
<span style="white-space:pre">      </span>'method' => 'POST',  
<span style="white-space:pre">      </span>'header'=> "Content-type: application/x-www-form-urlencoded\r\n" .  
<span style="white-space:pre">      </span>"Content-Length: " . strlen($data) . "\r\n",  
<span style="white-space:pre">      </span>'content' => $data  
<span style="white-space:pre">  </span>)  
);  
//生成请求的句柄文件  
$context = stream_context_create($opts);  
$html = file_get_contents('http://localhost/e/admin/test.html', false, $context);  
echo $html;  
?>  

方法4:用fsockopen函数打开url,以get方式获取完整的数据,包括header和body,fsockopen需要 PHP.ini 中 allow_url_fopen 选项开启

<?php  
function get_url ($url,$cookie=false)  
{  
$url = parse_url($url);  
$query = $url[path]."?".$url[query];  
echo "Query:".$query;  
$fp = fsockopen( $url[host], $url[port]?$url[port]:80 , $errno, $errstr, 30);  
if (!$fp) {  
return false;  
} else {  
$request = "GET $query HTTP/1.1\r\n";  
$request .= "Host: $url[host]\r\n";  
$request .= "Connection: Close\r\n";  
if($cookie) $request.="Cookie:   $cookie\n";  
$request.="\r\n";  
fwrite($fp,$request);  
while()) {  
$result .= @fgets($fp, 1024);  
}  
fclose($fp);  
return $result;  
}  
}  
//获取url的html部分,去掉header  
function GetUrlHTML($url,$cookie=false)  
{  
$rowdata = get_url($url,$cookie);  
if($rowdata)  
{  
$body= stristr($rowdata,"\r\n\r\n");  
$body=substr($body,4,strlen($body));  
return $body;  
}  
    return false;  
}  
?>  

方法5:用fsockopen函数打开url,以POST方式获取完整的数据,包括header和body

<?php  
function HTTP_Post($URL,$data,$cookie, $referrer="")  
{  
    // parsing the given URL  
$URL_Info=parse_url($URL);  
    // Building referrer  
if($referrer=="") // if not given use this script as referrer  
$referrer="111";  
    // making string from $data  
foreach($data as $key=>$value)  
$values[]="$key=".urlencode($value);  
$data_string=implode("&",$values);  
    // Find out which port is needed - if not given use standard (=80)  
if(!isset($URL_Info["port"]))  
$URL_Info["port"]=80;  
    // building POST-request:  
$request.="POST ".$URL_Info["path"]." HTTP/1.1\n";  
$request.="Host: ".$URL_Info["host"]."\n";  
$request.="Referer: $referer\n";  
$request.="Content-type: application/x-www-form-urlencoded\n";  
$request.="Content-length: ".strlen($data_string)."\n";  
$request.="Connection: close\n";  
    $request.="Cookie:   $cookie\n";  
    $request.="\n";  
$request.=$data_string."\n";  
    $fp = fsockopen($URL_Info["host"],$URL_Info["port"]);  
fputs($fp, $request);  
while(!feof($fp)) {  
$result .= fgets($fp, 1024);  
}  
fclose($fp);  
    return $result;  
}  
?>  

方法6:使用curl库,使用curl库之前,可能需要查看一下php.ini是否已经打开了curl扩展

<?php  
$ch = curl_init();  
$timeout = 5;  
curl_setopt ($ch, CURLOPT_URL, 'http://www.domain.com/');  
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);  
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);  
$file_contents = curl_exec($ch);  
curl_close($ch);  
echo $file_contents;  
?>  

转载:http://blog.csdn.net/haha00217/article/details/7969504

1. 下载和安装mod_limitipconn

wget http://dominia.org/djao/limit/mod_limitipconn-0.24.tar.bz2
bzip2 -d  mod_limitipconn-0.24.tar.bz2
tar xvf mod_limitipconn-0.24.tar
cd mod_limitipconn-0.24
apxs -c -i -a mod_limitipconn.c
chmod 755 /usr/lib/apache/mod_limitipconn.so

2. 应用每个用户

创建自定义用户 VirtualHost 模板

cd /usr/local/directadmin/data/templates
cp virtual_host2*.conf custom
cd custom

编辑 virtual_host2.conf ,在 VirtualHost 中添加以下内容

<IfModule mod_limitipconn.c>
<Location />
MaxConnPerIP 10
NoIPLimit images/*
</Location>
</IfModule>

案例

#省略...

<VirtualHost |IP|:|PORT_80| |MULTI_IP|>
|CUSTOM|
|?CGI=ScriptAlias /cgi-bin/ `DOCROOT`/cgi-bin/|
	ServerName www.|DOMAIN|
	ServerAlias www.|DOMAIN| |DOMAIN| |SERVER_ALIASES|
	ServerAdmin |ADMIN|
	DocumentRoot |DOCROOT|
	|CGI|

	|USECANONICALNAME|

	<IfModule !mod_ruid2.c>
		SuexecUserGroup |USER| |GROUP|
	</IfModule>

	<IfModule mod_limitipconn.c>
	<Location />
	MaxConnPerIP 9
	NoIPLimit images/*
	</Location>
	</IfModule>

#省略...

重建所有用户 httpd.conf

cd /usr/local/directadmin/custombuild
./build rewrite_confs

重启Apache

service httpd restart

完成!

CREATE DATABASE information_schema DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ciSQL 查询:
-- -- ? information_schema -- CREATE DATABASE information_schema DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci
MySQL 返回:
#1044 - Access denied for user 'xxx'@'localhost' to database 'information_schema'

phpmyadmin导出的数据库里有创建数据库的语句,而空间没有创建数据库权限,所以出错。常见于没有进入特定数据库导出导致。

删除导出的sql文件里的创建数据库语句:

-- phpMyAdmin SQL Dump
-- version 2.11.6
-- http://www.phpmyadmin.net
--
-- 主机: localhost
-- 生成日期: 2014 年 09 月 01 日 15:46
-- 服务器版本: 5.0.51
-- PHP 版本: 5.2.6

SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";

/*!40101 SET

@OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS

*/;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;

--------------------------------------------------------
这中间的部分删除...
--
-- 表的结构 alerts
--------------------------------------------------------

保存,然后再进phpmyadmin导入数据就没有问题了。

本文参考:http://www.bxl.me/1598.html

请注意,安装适用于 CustomBuild 2.0

cd /usr/local/directadmin/custombuild
./build update
./build set modsecurity yes
./build set modsecurity_ruleset comodo
./build modsecurity

wordpress后台暴力破解规则

/usr/local/cwaf/tmp/rules/workdir1/rules
新建文件,内容如下,保存后设置所属用户重启apache

SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:5000134
<Locationmatch "/wp-login.php">
	# Setup brute force detection.
	# React if block flag has been set.
	SecRule user:bf_block "@gt 0" "deny,status:401,log,id:5000135,msg:'ip address blocked for 5 minutes, more than 10 login attempts in 3 minutes.'"
	# Setup tracking. On a successful login, a 302 redirect is performed, a 200 indicates login failed.
	SecRule RESPONSE_STATUS "^302" "phase:5,t:none,nolog,pass,setvar:ip.bf_counter=0,id:5000136"
	SecRule RESPONSE_STATUS "^200" "phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/180,id:5000137"
	SecRule ip:bf_counter "@gt 10" "t:none,setvar:user.bf_block=1,expirevar:user.bf_block=300,setvar:ip.bf_counter=0"
</locationmatch>

SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:5000234
<Locationmatch "/xmlrpc.php">
	# Rate limit requests to xml-rpc
	SecRule user:bf_block "@gt 0" "deny,status:401,log,id:5000235,msg:'ip address blocked for 5 minutes, more than 10 attempts in 3 minutes.'"
	# Setup tracking. Whenever it gets a 200 or 405 status code, increase our brute force counter.
	SecRule RESPONSE_STATUS "^(200|405)" "phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/180,id:5000237"
	SecRule ip:bf_counter "@gt 10" "t:none,setvar:user.bf_block=1,expirevar:user.bf_block=300,setvar:ip.bf_counter=0"
</Locationmatch>

规则来自:https://github.com/sensson/puppet-directadmin/blob/master/templates/modsecurity/modsec-wordpress.conf.erb

Hello,
update script not part from directadmin.com
**** USE IT YOUR OWN RISKS ****

*****
*****
*****

GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 2006,2007 Free Software Foundation, Inc.
51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Update script made by Wael Isa
H188, R4008, Arad 240, Kingdom of Bahrain
http://www.web4host.net
Version: 1.8.1
Release Date: 1 / 9 / 2006

*****
*****
*****

If you find update script useful, please consider to make a donation to support this freeware.
Please keep in mind that donations are welcome, but in no way required to use and distribute update.script.

You can support update.script by paypal – CLICK HERE

update.script Version: 1.8.1
update script tested in this OS 32bit and 64bit.

  • RedHat Linux
  • RedHat Fedora
  • RedHat Enterprise
  • CentOS
  • Debian
  • OpenSSL (You need to build ssh, apache, php, etc after upgrade)
  • Exim
  • OpenSSH
  • ProFTP
  • ProFTP with mod_clamav
  • phpMyAdmin
  • F-PROT Anti-Virus
  • AVG
  • ClamAV
  • MODclamAV
  • MRTG
  • SquirrelMail
  • SquirrelMail full language pack
  • SpamAssassin
  • MODsecurity 2.x (Apache 2.x Only)
  • ImageMagick
  • GraphicsMagick
  • eAccelerator
  • FFMPEG-php
  • PHP Clamav
  • Webmin control panel (You need to open one port 10000 in your firewall)
  • MailScanner
  • Suhosin
  • NoBody Check

安装

mkdir /usr/local/updatescript
cd /usr/local/updatescript
wget http://tools.web4host.net/update.script
chmod 755 update.script
Run this to read how to use.

运行以下命令查看如何使用

./update.script

查看更多:http://www.web4host.net/update-script/