apache

Preventing DDOS aplification open resolver attack

Ananda Raj Pandey3 Comments

DDOS Attack  by open DNS resolver:

Open dns resolver provides name resolution to any network outside your network. This means any one can use your
server to resolve the host name and also use it to attack other server by spoofing as your server. This in return
consume your server bandwidth and also cpu + memory resources making your server slow or even result to crash.
(settings suggested below is for BIND server)

Disable open recursive requests:

If we dont need open recursive on our system then we can completly disable it by following method.

vi /etc/named.conf
recursion no; // turn off recursion
allow-transfer {none;};
allow-query-cache {none;};

after modifing the named.conf file DNS server must be restarted.

service named restart

If we need to enable dns recursion then we can specify the ips, so that only these ips can do recursions.

acl ourips {
192.168.0.0/24; // change ip as required
localhost;
};
options {
allow-recursion {ourips;};
allow-query-cache{ourips;};
allow-query{any;}; // for web servers
recursion yes;
...
}

after midifing the named.conf restart the bind server

service named restart

To check whether recursion is turn off run the following command:

host google.com <your name server>
and result will be 
Host google.com not found

If you are getting too much request to your named server, you will get big log file with entry of dined request. This
will slow down the server, so to disable failed request to be written to the log
add “category security {null;}; to named file.

vi /etc/named.conf
logging {
category security {null;};
channel default_debug {
......
};

cleaning up Cpanel RedHat servers – free some spaces.

Ananda Raj PandeyLeave a comment

We can clean up lots more spaces from cpanel or any linux web hosting servers. Few step we can always follows:

1. Clean the tmp folder. 

tmp folder / mount can be cleared manually by going
 to that folder and running command: 
$ cd /tmp
$ tmp> rm -rf *

Its better to use tmpwatch to clear tmp folders:

tmpwatch --mtime --all 1 /tmp
this command will remove all files more than a day old.

2. clean the access logs of the servers.

access_log for web host will built up over the time so its better to clean them time to time.

access files are located in /usr/local/apache/logs

and

/usr/local/apcahe/domlogs/

best way to do this in cpanel server is to limiting the log file size from :

cPanel: Main >> Logs >> Raw Access Logs >> Configure Logs

make sure

Archive Logs in your home directory at the end of each stats run
Remove the previous month’s archived logs from your home directory at the end of each month” are checked.

others files like error_log, messages, stats logs can also be managed from:

a)WHM > Tweak Settings > Log Rotation Size Threshold 

b)WHM >Service Configuration>cPanel Log Rotation Configuration

c)cPanel > Logs > Raw Access Logs > Configure Logs

3) Backup files:

All the backup files will be placed in the cpanel backup directory which is normally /home/backup but depends on the server settings.

you should download your backup files and remove the backup from the folder by using rm backup_file_name.tar.gz