Howto: Install mod_python in cPanel box
Posted March 1st, 2006 by dreamwiz
* Advanced Guides
This is a simple guide to install mod_python in cPanel box, running Apache 1.3.x. You need to have Python installed for this to work - most RHEL+cpanel boxes have this installed by default.
1) Download and extract Python:
cd /usr/local/src
wget http://apache.dataphone.se/httpd/modpython/mod_python-2.7.11.tgz
tar zxvf mod_python-2.7.11.tgz
2) Configure & install Python
cd mod_python-2.7.11
./configure --with-apxs=/usr/local/apache/bin/apxs (check where your apxs is by typing: locate apxs)
make
make install
3) Configure Apache
pico -w /usr/local/apache/conf/httpd.conf
Locate your LoadModule - section by pressing CTRL-W and typing "LoadModule". Add the following line under the others:
LoadModule python_module libexec/mod_python.so
Now locate your AddModule - section by pressing CTRL-W and typing "AddModule". Add the following line under the others:
AddModule mod_python.c
4) Installation done, now time for testing!
First go to your public_html directory. Make a test directory for Python by typing:
Tuesday, November 6, 2007
Identifying Process
ps -A | grep mysql
lsof -p pid
see on the top after firing the command it will yield the things
lsof -p pid
see on the top after firing the command it will yield the things
httpd segmenation Fault
Fire following command to fix the issue.
ipcs -s | grep nobody | perl -e 'while () { @a=split(/\s+/); print `ipcrm sem $a[1]`}'
ipcs -s | grep nobody | perl -e 'while (
httpd issues , service started but sites not browsing
ipcs -s | grep nobody | perl -e 'while () {@a=split(/\s+/); print `ipcrm sem $a[1]`}'
Use this command when you are handeling the httpd down issues on linux servers
after firing service httpd restart command it shows httpd restarted but sites doesn't browse.
this time for a try you should fire the above command.
Use this command when you are handeling the httpd down issues on linux servers
after firing service httpd restart command it shows httpd restarted but sites doesn't browse.
this time for a try you should fire the above command.
View httpd , smtp other connections ( Unix )
ps -A | grep httpd | wc -l
change the scope as per needs , httpd , smtp etc..
change the scope as per needs , httpd , smtp etc..
http and https site issues
Some intresting Issue
A client was onlicne with the issue that he was able to view the site with http but not with https.
well I was new to this issue. Also he told that he was able to view a site with http and https.
I called shy. for the issue.
as the SSL needs a dedicated IP the site in the issue was having shared IP mean there are 2 sites running on a same IP so we just go to httpd.conf and change the IP to a dedicated one for the site in the issue.
A client was onlicne with the issue that he was able to view the site with http but not with https.
well I was new to this issue. Also he told that he was able to view a site with http and https.
I called shy. for the issue.
as the SSL needs a dedicated IP the site in the issue was having shared IP mean there are 2 sites running on a same IP so we just go to httpd.conf and change the IP to a dedicated one for the site in the issue.
Set up VPN for UNix servers
Hi,
I have had great difficulty in setting up OpenVPN, so I thought, when I finally do get it to work, I will write a HOWTO, so other can hopefully benefit…
This guide was done using a FC4 VPS, running on Xen, it will work on OpenVZ, all you need to do is ask your VPS provider to install “tun support”.
1. First of all get a few additional repos, If you already have your repos setup, skip this step
If you have Fedora 3, follow these steps,
http://stanton-finley.net/fedora_cor...notes.html#Yum
If you have Fedora 4, follow these steps,
http://stanton-finley.net/fedora_cor...notes.html#Yum
If you have Fedora 5, follow these steps,
http://stanton-finley.net/fedora_cor...notes.html#Yum
If you have CentOS, follow the “additional third party CentOS repos”
http://www.osresources.com/11_6_en.html
Then issue these commands, each line is a new command, anything beginning with "#" are comments so dont try to execute those.
Code:
yum update
yum install openssl openssl-devel
# openssl and openssl-devel may be installed already… so don’t worry
2. Right, now you want to install OpenVPN, here are the commands,
Code:
yum install openvpn -y
#Now check that it works
service openvpn start
service openvpn stop
3. A few things to setup before you can make certificates, issue these commands,
Code:
find / -name "easy-rsa"
#you should get an output like this…
/usr/share/doc/openvpn-2.0.7/easy-rsa
#Now, make a copy of the easy-rsa directory, to /etc/openvpn/ ( make sure you #have put the right version number in i.e. mine was -2.0.7, change if needed)
cp -R /usr/share/doc/openvpn-2.0.7/easy-rsa /etc/openvpn/
cd /etc/openvpn/easy-rsa
chmod 777 *
mkdir /etc/openvpn/keys
4. You need to edit the vars file, located in /etc/openvpn/easy-rsa
You can use any editor you like, I used vi.
Change the line
Code:
export KEY_DIR=$D/keys
to
Code:
export KEY_DIR=/etc/openvpn/keys
Also at the bottom of this file you will see something similar to this,
Code:
export KEY_COUNTRY=US
export KEY_PROVINCE=CA
export KEY_CITY=SOMEWHERE
export KEY_ORG="My Org"
export KEY_EMAIL=me@mydomain.com
Change this to your own values.
5. Now its time to make the certificates, enter these commands
Code:
. ./vars
Code:
./clean-all
Code:
./build-ca
# just hit enter to the defaults apart from Common Name, this must be unique
# call it something like mydomain-ca
Code:
./build-key-server server
Code:
./build-key client1
# remember that common name must be unique e.g. use mydomain-client1
# and YES you want to sign the keys
Code:
./build-key client2
# do this step for as many clients as you need.
Code:
./build-dh
6. We are almost done now… right we need to create a few config files, you can download my template from here,
Code:
cd /etc/openvpn
Code:
wget www.designpc.co.uk/downloads/server.conf
# make sure you change a few things in the server.conf file, like DNS
# servers
Code:
touch server-tcp.log
~ this makes the log file..
Code:
touch ipp.txt
this makes the IP reservation list.
7. You need to make a few changes to OpenVPN itself. Go to..
Code:
cd /etc/init.d/
edit the openvpn file
#Uncomment this line (line 119)
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
Add these lines below it, changing 123.123.123.123 to your public IP address,
Code:
iptables -t nat -A POSTROUTING -s 192.168.2.3 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.4 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.5 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.6 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.7 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.8 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.9 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.10 -j SNAT --to 123.123.123.123
Now install iptables if you don’t have it already,
Code:
yum install iptables
#test it
service iptables start
service iptables stop
8. Now for the client config files. If your client is a Windows machine, make sure you have installed OpenVPN, use the gui version, downloadable from here;
http://www.designpc.co.uk/downloads/....3-install.exe
You need to copy a few files from the server to your client machine, here is the list, located in /etc/openvpn/keys/
## WARNING ## Use a secure way of transferring these files off the server, something like WinSCP.
ca.crt
client1.csr
client1.key
client1.crt
Put these files in this directory C:\Program Files\OpenVPN\config\
Now you need to make a client config, here is an example..
PHP Code:
client
dev tun
proto tcp
#Change my.publicdomain.com to your public domain or IP address
remote my.publicdomain.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
#DNS Options here, CHANGE THESE !!
push "dhcp-option DNS 123.123.123.123"
push "dhcp-option DNS 123.123.123.124"
comp-lzo
verb 3
Make sure you edit any of the lines with comments above them.
Call this file client1.opvn and put it in C:\Program Files\OpenVPN\config\
Make sure the file extension is .opvn not .txt
To connect right click on OpenVPN in the taskbar >> Connect
To test ping 192.168.2.1
If you get a response, you in business
I have had great difficulty in setting up OpenVPN, so I thought, when I finally do get it to work, I will write a HOWTO, so other can hopefully benefit…
This guide was done using a FC4 VPS, running on Xen, it will work on OpenVZ, all you need to do is ask your VPS provider to install “tun support”.
1. First of all get a few additional repos, If you already have your repos setup, skip this step
If you have Fedora 3, follow these steps,
http://stanton-finley.net/fedora_cor...notes.html#Yum
If you have Fedora 4, follow these steps,
http://stanton-finley.net/fedora_cor...notes.html#Yum
If you have Fedora 5, follow these steps,
http://stanton-finley.net/fedora_cor...notes.html#Yum
If you have CentOS, follow the “additional third party CentOS repos”
http://www.osresources.com/11_6_en.html
Then issue these commands, each line is a new command, anything beginning with "#" are comments so dont try to execute those.
Code:
yum update
yum install openssl openssl-devel
# openssl and openssl-devel may be installed already… so don’t worry
2. Right, now you want to install OpenVPN, here are the commands,
Code:
yum install openvpn -y
#Now check that it works
service openvpn start
service openvpn stop
3. A few things to setup before you can make certificates, issue these commands,
Code:
find / -name "easy-rsa"
#you should get an output like this…
/usr/share/doc/openvpn-2.0.7/easy-rsa
#Now, make a copy of the easy-rsa directory, to /etc/openvpn/ ( make sure you #have put the right version number in i.e. mine was -2.0.7, change if needed)
cp -R /usr/share/doc/openvpn-2.0.7/easy-rsa /etc/openvpn/
cd /etc/openvpn/easy-rsa
chmod 777 *
mkdir /etc/openvpn/keys
4. You need to edit the vars file, located in /etc/openvpn/easy-rsa
You can use any editor you like, I used vi.
Change the line
Code:
export KEY_DIR=$D/keys
to
Code:
export KEY_DIR=/etc/openvpn/keys
Also at the bottom of this file you will see something similar to this,
Code:
export KEY_COUNTRY=US
export KEY_PROVINCE=CA
export KEY_CITY=SOMEWHERE
export KEY_ORG="My Org"
export KEY_EMAIL=me@mydomain.com
Change this to your own values.
5. Now its time to make the certificates, enter these commands
Code:
. ./vars
Code:
./clean-all
Code:
./build-ca
# just hit enter to the defaults apart from Common Name, this must be unique
# call it something like mydomain-ca
Code:
./build-key-server server
Code:
./build-key client1
# remember that common name must be unique e.g. use mydomain-client1
# and YES you want to sign the keys
Code:
./build-key client2
# do this step for as many clients as you need.
Code:
./build-dh
6. We are almost done now… right we need to create a few config files, you can download my template from here,
Code:
cd /etc/openvpn
Code:
wget www.designpc.co.uk/downloads/server.conf
# make sure you change a few things in the server.conf file, like DNS
# servers
Code:
touch server-tcp.log
~ this makes the log file..
Code:
touch ipp.txt
this makes the IP reservation list.
7. You need to make a few changes to OpenVPN itself. Go to..
Code:
cd /etc/init.d/
edit the openvpn file
#Uncomment this line (line 119)
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
Add these lines below it, changing 123.123.123.123 to your public IP address,
Code:
iptables -t nat -A POSTROUTING -s 192.168.2.3 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.4 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.5 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.6 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.7 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.8 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.9 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.10 -j SNAT --to 123.123.123.123
Now install iptables if you don’t have it already,
Code:
yum install iptables
#test it
service iptables start
service iptables stop
8. Now for the client config files. If your client is a Windows machine, make sure you have installed OpenVPN, use the gui version, downloadable from here;
http://www.designpc.co.uk/downloads/....3-install.exe
You need to copy a few files from the server to your client machine, here is the list, located in /etc/openvpn/keys/
## WARNING ## Use a secure way of transferring these files off the server, something like WinSCP.
ca.crt
client1.csr
client1.key
client1.crt
Put these files in this directory C:\Program Files\OpenVPN\config\
Now you need to make a client config, here is an example..
PHP Code:
client
dev tun
proto tcp
#Change my.publicdomain.com to your public domain or IP address
remote my.publicdomain.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
#DNS Options here, CHANGE THESE !!
push "dhcp-option DNS 123.123.123.123"
push "dhcp-option DNS 123.123.123.124"
comp-lzo
verb 3
Make sure you edit any of the lines with comments above them.
Call this file client1.opvn and put it in C:\Program Files\OpenVPN\config\
Make sure the file extension is .opvn not .txt
To connect right click on OpenVPN in the taskbar >> Connect
To test ping 192.168.2.1
If you get a response, you in business
View Error Logs ( unix )
cat /var/log/messages | more
it will give you the server wide error messages
for cpanel server apache logs.
cd /usr/local/apache/domlogs
cat domainname - it will give you the logs for a particular domain.
Cpanel logs:
/usr/local/cpanel/logs
Apache logs:
/usr/local/apache/logs
it will give you the server wide error messages
for cpanel server apache logs.
cd /usr/local/apache/domlogs
cat domainname - it will give you the logs for a particular domain.
Cpanel logs:
/usr/local/cpanel/logs
Apache logs:
/usr/local/apache/logs
View Server Info , Configs ( Unix )
cat /proc/meminfo
cat/proc/cpuinfo
cat /proc/cpuinfo
cat /proc/meminfo
fdisk -l
uname -a
cat /var/log/dmesg
/etc/sysconfig/hwconf
cat/proc/cpuinfo
cat /proc/cpuinfo
cat /proc/meminfo
fdisk -l
uname -a
cat /var/log/dmesg
/etc/sysconfig/hwconf
View IPs Causing attack
netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
or
netstat -an | grep TIME_WAIT
netstat -an | grep :80 | grep TIME_WAIT
netstat -an | grep :80 | grep TIME_WAIT| wc -l
or
netstat -an | grep TIME_WAIT
netstat -an | grep :80 | grep TIME_WAIT
netstat -an | grep :80 | grep TIME_WAIT| wc -l
How to open ports
root@quix [/etc/init.d]# cd /etc/ip
root@quix [/etc/init.d]# iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
root@quix [/etc/init.d]# iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
root@quix [/etc/init.d]# ./iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
root@quix [/etc/init.d]# telnet localhost 53
root@quix [/etc/init.d]# iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
root@quix [/etc/init.d]# iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
root@quix [/etc/init.d]# ./iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
root@quix [/etc/init.d]# telnet localhost 53
Check mail logs for a particular Domain
cat /var/log/maillog | grep -i user@domain.com
or:
cat /var/log/maillog | grep -i domain.com
or:
cat /var/log/maillog | grep -i domain.com
Block the IPs / for particular port
If you want to block access to your server for whatever reason, you will need to log into the shell as root. Your server should either have ipchains or iptables to help accomplish this. In this example, the attacking IP is 192.168.56.210 .
If you are using ipchains, type "ipchains -A input -j DENY -p all -l -s 192.168.56.210/32"
If you are using iptables, type "iptables -A INPUT -s 192.168.56.210/32 -j DROP"
If you just want to block access to one port from an ip :
iptables -A INPUT -s 192.168.56.210/32 -p tcp --destination-port 23 -j DROP
The above would drop all packets from 192.168.56.210/32 to port 23 (telnet) on the server.
If you are using ipchains, type "ipchains -A input -j DENY -p all -l -s 192.168.56.210/32"
If you are using iptables, type "iptables -A INPUT -s 192.168.56.210/32 -j DROP"
If you just want to block access to one port from an ip :
iptables -A INPUT -s 192.168.56.210/32 -p tcp --destination-port 23 -j DROP
The above would drop all packets from 192.168.56.210/32 to port 23 (telnet) on the server.
full disk space issues ( Finding out the culprit )
if you wish to find out what file or directory is taking up the most space in a particular you location, you can use the du command. For instance, to display the 50 largest files/directores in /usr/local, you would issue the following command:
du -a /usr/local | sort -n -r | head -n 50
You can change the commands as per needs.
du -a /usr/local | sort -n -r | head -n 50
You can change the commands as per needs.
How to find out IPs trying to login to ssh
How to find out the IPs which were trying to login root via ssh:-
cat /var/log/secure | grep failed
1028 cat /var/log/messages | grep failed
1029 cat /var/log/messages | grep "Authentication failed for user"
1030 cat /var/log/secure | grep ssh
1031 cat /var/log/secure | grep ssh > /usr/local/apache/htdocs/ssh-attempts.txt
Suppose we need to download bakcup from the browser then :-
copy the backupfile into the path:-
/usr/local/apache/htdocs/cpmove.domainname.tar.gz
cat /usr/local/apache/htdocs/possible-attemps.txt | awk {'print $7}' | sort -n | uniq -c
65.64.217.180
cat /var/log/secure | grep failed
1028 cat /var/log/messages | grep failed
1029 cat /var/log/messages | grep "Authentication failed for user"
1030 cat /var/log/secure | grep ssh
1031 cat /var/log/secure | grep ssh > /usr/local/apache/htdocs/ssh-attempts.txt
Suppose we need to download bakcup from the browser then :-
copy the backupfile into the path:-
/usr/local/apache/htdocs/cpmove.domainname.tar.gz
cat /usr/local/apache/htdocs/possible-attemps.txt | awk {'print $7}' | sort -n | uniq -c
65.64.217.180
ffmpeg installation error , partition remounted
There was an issue with installing the ffmpeg software on a centos cpanel server
client was on chat saying that he need to unmount /tmp dir
I called up pankaj and he said that /tmp needs to be remounted
we used following command to do that
mount -o remount,exec /tmp
and we got the damn issue fixed
client was on chat saying that he need to unmount /tmp dir
I called up pankaj and he said that /tmp needs to be remounted
we used following command to do that
mount -o remount,exec /tmp
and we got the damn issue fixed
Exim load , finding email ID
tail -f /var/log/exim_mainlog
If the exim and spamd process eating the CPU
Fire the above command to see the logs
in this IP or user or email id which is causing the issue can be seen
just inform the client from which domain that email ID is
client will get the account suspended
and thus issue resolved.
If the exim and spamd process eating the CPU
Fire the above command to see the logs
in this IP or user or email id which is causing the issue can be seen
just inform the client from which domain that email ID is
client will get the account suspended
and thus issue resolved.
pure -ftpd , increase no . of dirctories viewable
editied the pure-ftpd.conf file on a server
edited the line 164
the line was regarding the no. of directories that can veiwed while ftping to the server
the limit was 2000 8 Nilesh was with me he fired the follwoing commands to get it done
first we found the file pure-ftpd.conf file
then
nano pure-ftpd.conf
went on line 164
changed the limit 5000 1 from 2000 8
save the file
after restart the pure-ftpd service.
issure resolved.
edited the line 164
the line was regarding the no. of directories that can veiwed while ftping to the server
the limit was 2000 8 Nilesh was with me he fired the follwoing commands to get it done
first we found the file pure-ftpd.conf file
then
nano pure-ftpd.conf
went on line 164
changed the limit 5000 1 from 2000 8
save the file
after restart the pure-ftpd service.
issure resolved.
How to flush DNS in linux
How to Flush DNS in Linux
In Linux, the nscd daemon manages the DNS cache.
To flush the DNS cache, restart the nscd daemon.
To restart the nscd daemon, use the command `/etc/rc.d/init.d/nscd restart`.
In Linux, the nscd daemon manages the DNS cache.
To flush the DNS cache, restart the nscd daemon.
To restart the nscd daemon, use the command `/etc/rc.d/init.d/nscd restart`.
Disable ping on the server ( unix )
/proc/sys/net/ipv4/icmp_echo_ignore_all
or
iptables -A INPUT -i eth0 -p icmp --icmp-type 8 -j DROP
or
iptables -A INPUT -i eth0 -p icmp --icmp-type 8 -j DROP
Setting Index page ( Unix )
DirectoryIndex index.php
Entering the above line in .htaccess file in the httpdocs dir of the domain.
The above line makes to fetch index.php first instead of the index.html
Entering the above line in .htaccess file in the httpdocs dir of the domain.
The above line makes to fetch index.php first instead of the index.html
Detect DDOS
netstat -plan|grep TIME_WAIT|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
netstat -plan|grep SYN_RECV|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
command to prevent it
route add -host 67.101.47.224 reject
iptables -I INPUT -s 61.58.29.77 -j DROP
if apf is installed then fire this command
apf -d IP
it will deny those IPs
Few more Commands
netstat -a | find "TCP"
idetifying SYN attack
====================
Load becomes very inconcistant
netstat -an | grep SYN (if long list SYN_REC)
netstat -n -p|grep SYN_REC|wc -l (gives count of SYN attacks)
also checking acces_logs (if perticular IP found to be requesting most
then can block that IP)
you can go for below
====================
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,PSH PSH -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,URG URG -j DROP
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
==============================
netstat -an | grep SYN | more
iptables -A INPUT -s IP -j DROP
iptables -A INPUT -s 168.75.16.116 -j DROP
iptables restart
look for this lines in your /etc/httpd/conf/httpd.conf
code:--------------------------------------------------------------------------------
# KeepAlive: Whether or not to allow persistent connections (more than
KeepAlive On
# MaxKeepAliveRequests: The maximum number of requests to allow
MaxKeepAliveRequests 100
# KeepAliveTimeout: Number of seconds to wait for the next request from the
KeepAliveTimeout 15
--------------------------------------------------------------------------------
set KeepAlive On to Off with your favorite text editor
that should work, if not you may be a victim of DoS attack
======================================================
echo 90 > /proc/sys/net/ipv4/tcp_keepalive_time
======================================================
netstat -plan|grep SYN_RECV|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
command to prevent it
route add -host 67.101.47.224 reject
iptables -I INPUT -s 61.58.29.77 -j DROP
if apf is installed then fire this command
apf -d IP
it will deny those IPs
Few more Commands
netstat -a | find "TCP"
idetifying SYN attack
====================
Load becomes very inconcistant
netstat -an | grep SYN (if long list SYN_REC)
netstat -n -p|grep SYN_REC|wc -l (gives count of SYN attacks)
also checking acces_logs (if perticular IP found to be requesting most
then can block that IP)
you can go for below
====================
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,PSH PSH -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,URG URG -j DROP
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
==============================
netstat -an | grep SYN | more
iptables -A INPUT -s IP -j DROP
iptables -A INPUT -s 168.75.16.116 -j DROP
iptables restart
look for this lines in your /etc/httpd/conf/httpd.conf
code:--------------------------------------------------------------------------------
# KeepAlive: Whether or not to allow persistent connections (more than
KeepAlive On
# MaxKeepAliveRequests: The maximum number of requests to allow
MaxKeepAliveRequests 100
# KeepAliveTimeout: Number of seconds to wait for the next request from the
KeepAliveTimeout 15
--------------------------------------------------------------------------------
set KeepAlive On to Off with your favorite text editor
that should work, if not you may be a victim of DoS attack
======================================================
echo 90 > /proc/sys/net/ipv4/tcp_keepalive_time
======================================================
Exim Admin
exiqgrep -z -i | xargs exim -Mrm
To delete the mail in exim queue that are older frozen
exiqgrep -o 432000 -i | xargs exim -Mrm
to delete the mails in exim queue that are older than 5 days.
To delete the mail in exim queue that are older frozen
exiqgrep -o 432000 -i | xargs exim -Mrm
to delete the mails in exim queue that are older than 5 days.
Direct Admin License Issues
Your license has been updated. When you see this issue as it happens with
directadmin where their servers do not always update automatically run the
following
http://help.directadmin.com/item.php?id=30
cd /usr/local/directadmin/scripts
./getLicense.sh 123 1234
service directadmin restart
Where 123 and 1234 are your Client ID and License ID, respectively
The client and license IDs needed can be found in
/usr/local/directadmin/scripts/setup.txt
--
--Shannon
directadmin where their servers do not always update automatically run the
following
http://help.directadmin.com/item.php?id=30
cd /usr/local/directadmin/scripts
./getLicense.sh 123 1234
service directadmin restart
Where 123 and 1234 are your Client ID and License ID, respectively
The client and license IDs needed can be found in
/usr/local/directadmin/scripts/setup.txt
--
--Shannon
Cron Job
to list the cron jobs
crontab -l
to add the crontab
crontab -e
crontab -l will show you your currently set up cron jobs on the server.
crontab -r will delete your current cron jobs.
crontab -e will allow you to add or edit your current cron jobs by using your default text editor to edit your "crontab file".
#
Here are some examples to help you learn the syntax for the numbers:
# 32 * * * * : will be run every hour on the 32nd minute.
# 12,42 * * * * : will be run twice an hour on the 12th and 42nd minutes.
# */15 */2 * * *: will be run at 0:00, 0:15, 0:30, 0:45, 2:00, 2:15, 2:30, ...
# 43 18 * * 7: will be run at 6:43pm every Sunday.
crontab -l
to add the crontab
crontab -e
crontab -l will show you your currently set up cron jobs on the server.
crontab -r will delete your current cron jobs.
crontab -e will allow you to add or edit your current cron jobs by using your default text editor to edit your "crontab file".
#
Here are some examples to help you learn the syntax for the numbers:
# 32 * * * * : will be run every hour on the 32nd minute.
# 12,42 * * * * : will be run twice an hour on the 12th and 42nd minutes.
# */15 */2 * * *: will be run at 0:00, 0:15, 0:30, 0:45, 2:00, 2:15, 2:30, ...
# 43 18 * * 7: will be run at 6:43pm every Sunday.
Critical Namd Issue
There was an issue with the named service on a dedicated server all the things were fine just the domain was not able to resolve but was able ping the name servers and the server IP , well the issue was forwarded to jacob.
Following how the steps were taken to resolve that issue.
jacob@hivelocity.net says:
to get bind to respond remotely, the zone definition in /etc/named.conf need to following setting:
allow-query { any; };
Hivelocity - Yogesh says:
ok
jacob@hivelocity.net says:
the incorrect zone definitions were all removed
jacob@hivelocity.net says:
an A record was created for the hostname
Hivelocity - Yogesh says:
so you added A record
Hivelocity - Yogesh says:
modified named.conf
jacob@hivelocity.net says:
the allow-query entry I added directly to the named.conf, yes
jacob@hivelocity.net says:
the zones were removed via cPanel
jacob@hivelocity.net says:
the A record for the server's hostname was also added via cPanel
Following how the steps were taken to resolve that issue.
jacob@hivelocity.net says:
to get bind to respond remotely, the zone definition in /etc/named.conf need to following setting:
allow-query { any; };
Hivelocity - Yogesh says:
ok
jacob@hivelocity.net says:
the incorrect zone definitions were all removed
jacob@hivelocity.net says:
an A record was created for the hostname
Hivelocity - Yogesh says:
so you added A record
Hivelocity - Yogesh says:
modified named.conf
jacob@hivelocity.net says:
the allow-query entry I added directly to the named.conf, yes
jacob@hivelocity.net says:
the zones were removed via cPanel
jacob@hivelocity.net says:
the A record for the server's hostname was also added via cPanel
Mysql Admin
Note:
To login into Northbeach server use
username as root and password
and for all other servers username and password is same as plesk login info
===============================================
mysql path
/var/lib/mysql
===================================
Restart mysql
/etc/rc.d/init.d/mysql stop
/etc/rc.d/init.d/mysql start
===================================
mysql -u TYPEUSERNAMEHERE -p
username is "admin" (same as plesk) and password "chtnta0e" (plesk password)
=========================================
Grant previligaes and enable remotehost login etc.
Always use this one
GRANT ALL PRIVILEGES ON bCo.* TO nan@'%' IDENTIFIED BY 'weenie';
bCo is Databse name
nan is username
weenie is password
so in general form
GRANT ALL PRIVILEGES ON dbname.* TO username@'%' IDENTIFIED BY 'password';
===============================
Solutiuon
Posted by [name withheld] on December 30 2003 1:15pm [Delete] [Edit]
Your second example, in which you claim MySQL is wrong in their documentation, will not work because you are trying to use a backquote (`) instead of the single quote ('). They look similar but are completely different. Thus your example:
GRANT ALL PRIVILEGES ON testData.* TO jts@'%' IDENTIFIED BY 'lwr5021' WITH GRANT OPTION;
does not work because nan@'%` is not properly quoted. It should read nan@'%' instead which is fine. This works as expected:
GRANT ALL PRIVILEGES ON bCo.* TO nan@'%' IDENTIFIED BY 'weenie' WITH GRANT OPTION;
Posted by Mike Barrett on January 7 2004 10:52am [Delete] [Edit]
I wanted to create a use who can
1) login with a password either locally or from within our local 10.*.*.* network
2) do anything they want to their own database
3) see what other databases are on the server, but not do anything to them (to facilitate requests for additional access).
This seemed to do the trick:
GRANT SHOW DATABASES ON *.* TO hubert@localhost IDENTIFIED BY 'password';
GRANT SHOW DATABASES ON *.* TO hubert@'10.%' IDENTIFIED BY 'password';
GRANT ALL ON hubertsdb.* TO hubert;
==============================================
Reset or set password
SET PASSWORD FOR 'mynewuser'@'localhost' = PASSWORD('newpwd');
====================================================
Create Database
Log into Mysql as root:
mysql -u root -p
(On a Windows server, go start>>run type "command", and it is d:\mysql\bin\mysql -u root -p')
2. Create the database:
create database DATABASENAME;
3. Create the user and grant privileges for the database:
grant select,insert,update,delete,create,drop,alter on DATABASENAME.* to MYSQLUSERNAME@'%' identified by 'PASSWORD';
4. Send new MySQL database email to customer.
=======================================================
To Administrar the mysql processes
Logged in to mysql as root:
show processlist;
Or not logged into mysql, to get a running view:
watch mysqladmin processlist -u admin -pPASSWRD
==================================================
To flush the cache command is :
mysqladmin flush-hosts -uadmin -pchtnta0e
To login into Northbeach server use
username as root and password
and for all other servers username and password is same as plesk login info
===============================================
mysql path
/var/lib/mysql
===================================
Restart mysql
/etc/rc.d/init.d/mysql stop
/etc/rc.d/init.d/mysql start
===================================
mysql -u TYPEUSERNAMEHERE -p
username is "admin" (same as plesk) and password "chtnta0e" (plesk password)
=========================================
Grant previligaes and enable remotehost login etc.
Always use this one
GRANT ALL PRIVILEGES ON bCo.* TO nan@'%' IDENTIFIED BY 'weenie';
bCo is Databse name
nan is username
weenie is password
so in general form
GRANT ALL PRIVILEGES ON dbname.* TO username@'%' IDENTIFIED BY 'password';
===============================
Solutiuon
Posted by [name withheld] on December 30 2003 1:15pm [Delete] [Edit]
Your second example, in which you claim MySQL is wrong in their documentation, will not work because you are trying to use a backquote (`) instead of the single quote ('). They look similar but are completely different. Thus your example:
GRANT ALL PRIVILEGES ON testData.* TO jts@'%' IDENTIFIED BY 'lwr5021' WITH GRANT OPTION;
does not work because nan@'%` is not properly quoted. It should read nan@'%' instead which is fine. This works as expected:
GRANT ALL PRIVILEGES ON bCo.* TO nan@'%' IDENTIFIED BY 'weenie' WITH GRANT OPTION;
Posted by Mike Barrett on January 7 2004 10:52am [Delete] [Edit]
I wanted to create a use who can
1) login with a password either locally or from within our local 10.*.*.* network
2) do anything they want to their own database
3) see what other databases are on the server, but not do anything to them (to facilitate requests for additional access).
This seemed to do the trick:
GRANT SHOW DATABASES ON *.* TO hubert@localhost IDENTIFIED BY 'password';
GRANT SHOW DATABASES ON *.* TO hubert@'10.%' IDENTIFIED BY 'password';
GRANT ALL ON hubertsdb.* TO hubert;
==============================================
Reset or set password
SET PASSWORD FOR 'mynewuser'@'localhost' = PASSWORD('newpwd');
====================================================
Create Database
Log into Mysql as root:
mysql -u root -p
(On a Windows server, go start>>run type "command", and it is d:\mysql\bin\mysql -u root -p')
2. Create the database:
create database DATABASENAME;
3. Create the user and grant privileges for the database:
grant select,insert,update,delete,create,drop,alter on DATABASENAME.* to MYSQLUSERNAME@'%' identified by 'PASSWORD';
4. Send new MySQL database email to customer.
=======================================================
To Administrar the mysql processes
Logged in to mysql as root:
show processlist;
Or not logged into mysql, to get a running view:
watch mysqladmin processlist -u admin -pPASSWRD
==================================================
To flush the cache command is :
mysqladmin flush-hosts -uadmin -pchtnta0e
Configure User Quota on a Plain server ( Unix )
To configure or manage user quotas on a RedHat server (with no control panel installed), follow the steps below:
1. Understanding the user's quota file structure.
Below is an example of a user's quota file:
Disk quotas for user bob (uid 501):
Filesystem blocks soft hard inodes soft hard
/dev/hda2 1944 0 0 120 0 0
Each column represents the following (working from left to right):
* Filesystem - Linux filesystem that you are configuring quotas on for the specific user.
* Blocks - Number of blocks (Kilobytes) the user is currently using.
* Soft - The soft limit for the amount of blocks (Kilobytes) the user can use. The soft limit can be surpassed, up to the hard limit, but only for a specified grace period - which is also configurable.
* Hard - The hard limit for the amount of blocks (Kilobytes) the user can use. The hard limit is the maximum limit that can be used by the user and cannot be surpassed.
* Inodes - Number of inodes the user is currently using. An inode is used for every file or directory on a linux filesystem. Limiting the number of inodes is usually not as important to most system administrators as limiting block usage - however, it isn't a bad idea to limit a user's inode usage too, as a filesystem can run out of inodes (which will deny the server from creating any new files or directories).
* Soft - The soft limit for the amount of inodes the user can use. The soft limit can be surpassed, up to the hard limit, but only for a specified grace period.
* Hard - The hard limit for the amount of inodes the user can use. The hard limit is the maximum limit that can be used by the user and cannot be surpassed.
2. Defining or editing the quota limits for a user.
To define or edit a user's quota limits on your RedHat server, use this command:
edquota -u
example: edquota -u bob
After executing the edquota command, it will bring up the specified user's quota file (shown in step 1) in the popular editor 'vi' (for more information on how to use vi, please see our knowledgebase article pertaining to such). Change the soft/hard limits for the user's block and inode usage as you see fit. Setting any of the user's limits to '0' provides unlimited usage for that particular setting. Once you are finished setting the user's limits, save and exit the file - the settings you have edited will be applied immediately.
3. Viewing a user's quota limits.
To view the changes you've just made, or, to view any user's current quota limits, use the command below:
quota -u
example: quota -u bob
Also, to see a summary of all of your system users' quota usage, use this command:
repquota -a
1. Understanding the user's quota file structure.
Below is an example of a user's quota file:
Disk quotas for user bob (uid 501):
Filesystem blocks soft hard inodes soft hard
/dev/hda2 1944 0 0 120 0 0
Each column represents the following (working from left to right):
* Filesystem - Linux filesystem that you are configuring quotas on for the specific user.
* Blocks - Number of blocks (Kilobytes) the user is currently using.
* Soft - The soft limit for the amount of blocks (Kilobytes) the user can use. The soft limit can be surpassed, up to the hard limit, but only for a specified grace period - which is also configurable.
* Hard - The hard limit for the amount of blocks (Kilobytes) the user can use. The hard limit is the maximum limit that can be used by the user and cannot be surpassed.
* Inodes - Number of inodes the user is currently using. An inode is used for every file or directory on a linux filesystem. Limiting the number of inodes is usually not as important to most system administrators as limiting block usage - however, it isn't a bad idea to limit a user's inode usage too, as a filesystem can run out of inodes (which will deny the server from creating any new files or directories).
* Soft - The soft limit for the amount of inodes the user can use. The soft limit can be surpassed, up to the hard limit, but only for a specified grace period.
* Hard - The hard limit for the amount of inodes the user can use. The hard limit is the maximum limit that can be used by the user and cannot be surpassed.
2. Defining or editing the quota limits for a user.
To define or edit a user's quota limits on your RedHat server, use this command:
edquota -u
example: edquota -u bob
After executing the edquota command, it will bring up the specified user's quota file (shown in step 1) in the popular editor 'vi' (for more information on how to use vi, please see our knowledgebase article pertaining to such). Change the soft/hard limits for the user's block and inode usage as you see fit. Setting any of the user's limits to '0' provides unlimited usage for that particular setting. Once you are finished setting the user's limits, save and exit the file - the settings you have edited will be applied immediately.
3. Viewing a user's quota limits.
To view the changes you've just made, or, to view any user's current quota limits, use the command below:
quota -u
example: quota -u bob
Also, to see a summary of all of your system users' quota usage, use this command:
repquota -a
Command to change the Date ( Unix )
command to change date
date -s "03/24/2006 14:0:10"
Commands:
FreeBSD:
date 0604111425
06 - year
04 - month
11 - date
14 -- hours
25 -- mins
second option
/usr/sbin/ntpdate -s 204.123.2.72 204.34.198.40 128.252.19.1 192.5.41.40
CentOS
rdate -s time.nist.gov
date -s "05/07/2007 00:11:59"
checking error logs for a domain and httpd logs plain server ( Unix )
var/log/httpd/error_log is a general error log for whole server
for a specific domain it is as follows:
/home/httpd/vhosts/DomainName.com/statistics/logs/error_log
for a specific domain it is as follows:
/home/httpd/vhosts/DomainName.com/statistics/logs/error_log
Check and close your DNS servers ( unix )
Howto: Check and close your open DNS servers
Posted May 9th, 2006 by dreamwiz
* General system administration
I just noticed www.dnsreport.com seems to have new check: it checks for open DNS server. This is how you check:
1) Go to http://www.dnsreport.com/tools/dnsreport.ch?domain=mydomain.com
2) Check for BIG RED "FAIL" (7th box, going down from up) saying "Open DNS servers".
If you see the message, you can correct it the following way:
1) login to your server as root
2) nano -w /etc/named.conf (if you are running Bind)
3) Look for // query-source address * port 53; and right below write the following line:
recursion no;
4) Save and exit, restart Bind by typing service named restart
5) Check DNSReport.com to make sure it went right. You should not see the error message anymore.
If you run something else than Bind then please check http://www.dnsreport.com/info/opendns.htm for instructions.
Posted May 9th, 2006 by dreamwiz
* General system administration
I just noticed www.dnsreport.com seems to have new check: it checks for open DNS server. This is how you check:
1) Go to http://www.dnsreport.com/tools/dnsreport.ch?domain=mydomain.com
2) Check for BIG RED "FAIL" (7th box, going down from up) saying "Open DNS servers".
If you see the message, you can correct it the following way:
1) login to your server as root
2) nano -w /etc/named.conf (if you are running Bind)
3) Look for // query-source address * port 53; and right below write the following line:
recursion no;
4) Save and exit, restart Bind by typing service named restart
5) Check DNSReport.com to make sure it went right. You should not see the error message anymore.
If you run something else than Bind then please check http://www.dnsreport.com/info/opendns.htm for instructions.
How To change the port ( SSH )
You can edit sshd_config to change the port sshd listens on. The default directory for ssh configuration is /etc/ssh.
Backup the current configuration and use your favorite editor to change the Port line:
root@root [~]# cd /etc/ssh/
root@root [/etc/ssh]# cp sshd_config sshd_config.save
root@root [/etc/ssh]# vi sshd_config
#Port 22
I will set mine to port 4000. Do not forget to remove the comment (#).
Port 4000
root@root [/etc/ssh]# diff sshd_config sshd_config.save
13c13
< Port 4000
---
> #Port 22
root@root [/etc/ssh]#
Restart sshd and verify that it is listening on the new port.
root@root [/etc/ssh]# /etc/init.d/sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
root@root [/etc/ssh]# netstat -anp | grep sshd
tcp 0 0 0.0.0.0:4000 0.0.0.0:* LISTEN 1605/sshd
Backup the current configuration and use your favorite editor to change the Port line:
root@root [~]# cd /etc/ssh/
root@root [/etc/ssh]# cp sshd_config sshd_config.save
root@root [/etc/ssh]# vi sshd_config
#Port 22
I will set mine to port 4000. Do not forget to remove the comment (#).
Port 4000
root@root [/etc/ssh]# diff sshd_config sshd_config.save
13c13
< Port 4000
---
> #Port 22
root@root [/etc/ssh]#
Restart sshd and verify that it is listening on the new port.
root@root [/etc/ssh]# /etc/init.d/sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
root@root [/etc/ssh]# netstat -anp | grep sshd
tcp 0 0 0.0.0.0:4000 0.0.0.0:* LISTEN 1605/sshd
CGI Issues not able to bowse the page
there was as issue with CGI scripts on the linux server
when I try to browse a CGI page its gives the internal server error.
well Rohan was there with me to check out the issue
the configurations of the CGI folders are as follows
the permission on CGI folder is set to be 755
and the pages under that directory should have 755 permissions
usr/bin/perl - path to perl on linux server.
when I try to browse a CGI page its gives the internal server error.
well Rohan was there with me to check out the issue
the configurations of the CGI folders are as follows
the permission on CGI folder is set to be 755
and the pages under that directory should have 755 permissions
usr/bin/perl - path to perl on linux server.
Bind Configuration ERRor ( Named )
Simon on chat was getting the following error while adding the domain or subdomains in the cpanel it was centos server.
Bind reconfiguring on cp using rndcError reconfiguring bind on cp: rndc: connection to remote host closedThis may indicate that the remote server is using an older version of the command protocol, this host is not authorized to connect,or the key is invalid.
I called shy. to resolve the issue.
and the resolution was so simple
just fire the following command.
/scripts/fixndc
acutally it is a script that needs to fire , it reconfigure the named and get it restarted.
Bind reconfiguring on cp using rndcError reconfiguring bind on cp: rndc: connection to remote host closedThis may indicate that the remote server is using an older version of the command protocol, this host is not authorized to connect,or the key is invalid.
I called shy. to resolve the issue.
and the resolution was so simple
just fire the following command.
/scripts/fixndc
acutally it is a script that needs to fire , it reconfigure the named and get it restarted.
Adding IPs on plain CentOS server ( Unix )
1) cd /etc/sysconfg/network-scripts
2) cp ifcfg-eth0 ifcfg-eth0:0
3) pico ifcfg-eth0:0
4) DEVICE=eth0 will bereplaced to DEVICE=eth0:0
5) IPADDR=69.46.20.77 will be replaced to IPADDR=69.46.20.78
6) exit the file
7) ifup ifcfg-eth0:0
8) same way cp ifcfg-eth0:0 ifcfg-eth0:1 ifcfg-eth0:2 ifcfg-eth0:3 ifcfg-eth0:4 ifcfg-eth0:5
and replace the IPs.
2) cp ifcfg-eth0 ifcfg-eth0:0
3) pico ifcfg-eth0:0
4) DEVICE=eth0 will bereplaced to DEVICE=eth0:0
5) IPADDR=69.46.20.77 will be replaced to IPADDR=69.46.20.78
6) exit the file
7) ifup ifcfg-eth0:0
8) same way cp ifcfg-eth0:0 ifcfg-eth0:1 ifcfg-eth0:2 ifcfg-eth0:3 ifcfg-eth0:4 ifcfg-eth0:5
and replace the IPs.
High Traffic balance with this script ( Unix )
Okay, Well... This script is not a security script, nore a load balencing script. But it is a very useful script if you get high traffic or are hosting a Game Server. I've Had CounterStrike Server player ping go down as much as 50ms after running this script.
So what you want to do is log into your server's shell, and create a file (nano filename.sh). Once you create the file, you need to put this code in the file;
#!/bin/bash
# Create backup
if [ ! -e ./speed_backup.sh ] ; then
echo -n "Creating backup (`pwd`/speed_backup.sh)... "
echo "#!/bin/bash" > ./speed_backup.sh
echo "" >> ./speed_backup.sh
echo "echo \"`cat /proc/sys/net/ipv4/tcp_sack`\" > /proc/sys/net/ipv4/tcp_sack" >> ./speed_backup.sh
echo "echo \"`cat /proc/sys/net/ipv4/tcp_timestamps`\" > /proc/sys/net/ipv4/tcp_timestamps" >> ./speed_backup.sh
echo "echo \"`cat /proc/sys/net/ipv4/tcp_mem`\" > /proc/sys/net/ipv4/tcp_mem" >> ./speed_backup.sh
echo "echo \"`cat /proc/sys/net/ipv4/tcp_rmem`\" > /proc/sys/net/ipv4/tcp_rmem" >> ./speed_backup.sh
IIS Tunning
Maximize your installation
Before you even decide to enable IIS, it is a good idea to evaluate the server you are going to install IIS on. What is this box currently running? Does it have sensitive and/or confidential information stored on it? You need to ask yourself such questions prior to opening up the box to the Internet or even an intranet.
If the Web server is going to be a stand-alone box, it is important to strip away all services and programs that aren’t necessary so you can optimize the security and performance of the box. For example, you might remove any applications that affect performance, such as File and Print services, UNIX services, or maybe even an Exchange or ISA server. Other services that are not needed on a stand-alone Web server include:
* DHCP server
* WINS server
* Fax service
* Messenger
* Telnet
* Internet Connection Sharing
* NetMeeting
* Computer Browser
Tweaking the registry
Let’s talk about managing the Windows registry as it relates to IIS. The registry stores settings for all installed hardware and applications. For your OS to work effectively, the registry must not be corrupt.
——————————————————————————–
Important note
Remember to back up your entire registry whenever you tweak it for performance.
——————————————————————————–
You can access the registry by selecting Start | Run and typing regedt32. The registry is broken down into these five areas:
* HKEY_Classes_Root
* HKEY_Current_Config
* HKEY_Current_User
* HKEY_Local_Machine
* HKEY_Users
Let's walk through the steps for tweaking the registry to make IIS purr like a kitten. The registry settings for IIS are stored in HKEY_LOCAL_MACHINE | SYSTEM | CURRENTCONTROLSET | SERVICES | INETINFO | PARAMETERS. You can work with following values:
Cachesecuritydescriptor—Enter 1 to enable security descriptors or 0 to disable. If you have this option enabled, IIS will not have to reaccess user access rights; it will be able to look in the cache. This tweak is recommended for authenticated users only.
Checkcertrevocation—If you enter a value of 1, IIS will check to see whether a client certificate has been revoked. This is recommended only if you have your own certificates.
Disablememorycache—This setting allows you to disable the memory cache. It is enabled by default, and I see no need to disable it.
Listenbacklog—This registry setting specifies how many active connections IIS has in its queue. The default value is 15, and it can range all the way up to 250.
Maxcachedfilesize—You can determine the maximum size of a file that can be placed in cache. The maximum setting is 256 KB.
Maxconcurrency—This setting specifies how many threads per processor can run at the same time. It defaults to 0.
These are just some of the registry settings you can tweak for better performance. For more information on how to tweak the IIS registry, see IIS Common Registry Parameters (Q143180).
IIS metabase settings
Along the same lines as performing registry edits is using the Metabase to optimize IIS performance. The metabase is essentially a private registry just for IIS configuration data. This Microsoft Q article provides a good introduction to the IIS metabase, and this Q article includes a useful example of how to maximize metabase settings to configure IIS to handle a high-traffic load. For more information on the metabase settings, see the IISFAQ.
Once you have installed your IIS Web server for maximum performance and tweaked it using the registry and the IIS metabase, you're ready to read my article on monitoring and tuning IIS and take the next step toward achieving the most optimal performance
Before you even decide to enable IIS, it is a good idea to evaluate the server you are going to install IIS on. What is this box currently running? Does it have sensitive and/or confidential information stored on it? You need to ask yourself such questions prior to opening up the box to the Internet or even an intranet.
If the Web server is going to be a stand-alone box, it is important to strip away all services and programs that aren’t necessary so you can optimize the security and performance of the box. For example, you might remove any applications that affect performance, such as File and Print services, UNIX services, or maybe even an Exchange or ISA server. Other services that are not needed on a stand-alone Web server include:
* DHCP server
* WINS server
* Fax service
* Messenger
* Telnet
* Internet Connection Sharing
* NetMeeting
* Computer Browser
Tweaking the registry
Let’s talk about managing the Windows registry as it relates to IIS. The registry stores settings for all installed hardware and applications. For your OS to work effectively, the registry must not be corrupt.
——————————————————————————–
Important note
Remember to back up your entire registry whenever you tweak it for performance.
——————————————————————————–
You can access the registry by selecting Start | Run and typing regedt32. The registry is broken down into these five areas:
* HKEY_Classes_Root
* HKEY_Current_Config
* HKEY_Current_User
* HKEY_Local_Machine
* HKEY_Users
Let's walk through the steps for tweaking the registry to make IIS purr like a kitten. The registry settings for IIS are stored in HKEY_LOCAL_MACHINE | SYSTEM | CURRENTCONTROLSET | SERVICES | INETINFO | PARAMETERS. You can work with following values:
Cachesecuritydescriptor—Enter 1 to enable security descriptors or 0 to disable. If you have this option enabled, IIS will not have to reaccess user access rights; it will be able to look in the cache. This tweak is recommended for authenticated users only.
Checkcertrevocation—If you enter a value of 1, IIS will check to see whether a client certificate has been revoked. This is recommended only if you have your own certificates.
Disablememorycache—This setting allows you to disable the memory cache. It is enabled by default, and I see no need to disable it.
Listenbacklog—This registry setting specifies how many active connections IIS has in its queue. The default value is 15, and it can range all the way up to 250.
Maxcachedfilesize—You can determine the maximum size of a file that can be placed in cache. The maximum setting is 256 KB.
Maxconcurrency—This setting specifies how many threads per processor can run at the same time. It defaults to 0.
These are just some of the registry settings you can tweak for better performance. For more information on how to tweak the IIS registry, see IIS Common Registry Parameters (Q143180).
IIS metabase settings
Along the same lines as performing registry edits is using the Metabase to optimize IIS performance. The metabase is essentially a private registry just for IIS configuration data. This Microsoft Q article provides a good introduction to the IIS metabase, and this Q article includes a useful example of how to maximize metabase settings to configure IIS to handle a high-traffic load. For more information on the metabase settings, see the IISFAQ.
Once you have installed your IIS Web server for maximum performance and tweaked it using the registry and the IIS metabase, you're ready to read my article on monitoring and tuning IIS and take the next step toward achieving the most optimal performance
IIS Tweaking
As an administrator of Internet Information Services (IIS) Web servers, you pride yourself on keeping your IIS systems running at peak condition. You want your visitors to have a great experience when coming to your site and not have to put up with slow loading pages or crawling links. But what do you do when your Web site just can’t handle the load? The information in this article will help you tune your IIS Server to achieve the most optimal performance.
Performance Monitor basics
The first step in tuning your IIS server is to learn the tools that allow you to do so. The primary tool for monitoring your IIS server is the native Windows Performance Monitor. With the Performance Monitor, you can perform the following:
* Log Performance data
* Create charts and reports
* Configure and set alerts
* Identify bottlenecks
In Windows NT/2000/XP, you can access the Performance Monitor from the Administrative Tools folder. (In Win2K and WinXP, the Performance Monitor icon is simply called Performance.) Because the Performance Monitor is so customisable, you must spend some time getting to know what counters you will need to use to measure specific events on your systems. When adding counters, you are provided with an Explain button that helps sort out what each counter means. In addition, you can specify different colours and widths for each counter you choose, so that you can immediately recognise them when they are graphed.
Tip
You can save the Performance Monitor results to a file for later viewing. I also recommend that for your mission-critical Web servers, you have a dedicated workstation that you use to monitor your Web servers full-time so that you can quickly examine their status at regular intervals and whenever you think there may be a problem.
To add counters to your Performance Monitor:
* Open Performance Monitor from the Administrative Tools Folder.
* Click the Add button and add the appropriate counters.
* Click Close.
Another useful feature of the Performance Monitor is the ability to add alerts. For example, you might specify alerts to warn you if your processor utilisation becomes too high or if your memory becomes too low.
To configure an alert:
* Open Performance Monitor.
* Expand Performance Logs And Alerts.
* Right-click on Alert and select New Alert Settings.
* Select a Name, add your counters, and select your action.
Now let's see how to use the Performance Monitor to look at the two most important performance metrics: memory and CPU.
Memory tuning
Performance of your IIS Web server can be drastically reduced if you do not have enough memory to handle the load. You want to make sure that you have enough memory on your IIS system so that swapping does not occur. Windows 2000 and IIS will cache memory as long as there is enough installed on the box. Caching is much faster than swapping. To make sure that you have enough memory for IIS, you should monitor the following counters:
* File Cache Hits
* File Cache Hits %
* File Cache Misses
* File Cache Flushes
By monitoring the successful and failed hits, you can determine whether IIS has to rely on paging as opposed to going to cache. Keep in mind that the IIS file cache can use up to 4 GB of RAM for caching.
CPU utilisation
Obviously, it is important to take a look at your CPU utilisation. Monitoring counters such as %Processor Time and Total Processor Time will give you a bigger picture of how your CPU is handling the load. You processor should not sustain a level of more than 80 percent for either of these counters. If it does, you need to look at upgrading your processor or adding another processor, if the system allows for it.
Task Manager
Another quick and useful tool for monitoring IIS is the Task Manager (in Win2K and WinXP). You can access the task manager quickly by pressing [Ctrl][Shift][Esc]. With the Task Manager, you can:
* View CPU and memory usage quickly.
* Monitor the CPU and memory usage of Inetinfo.exe (the global IIS process).
* Monitor the Index Server and Certificate Server, if applicable.
Furthermore, you can add columns to the graphs on the Processes tab of the Task Manager by clicking View | Select Columns. A good column to add is the Memory Usage Delta column. This is useful in determining which applications might have a memory leak. I have used this many times when troubleshooting third-party applications. I can’t tell you how often third-party tools request memory and don't release it when they are finished. This counter helps in determining memory leaks, which can definitely degrade the performance of your Web server.
Event Viewer
The Event Viewer can give you a detailed first glimpse of a problem. When identifying problems, look for the following keywords in the source column in the Event Viewer:
* NNTP Service—NNTPSVC
* WWW Service—W3SVC
* FTP Service—MSFTPSVC
* SMTP Service—SMTPSVC
* Active Server Pages
* Microsoft COM+ MSDTC
* Certificate Services CERTSVC
Bandwidth Throttling
Now that you have a basic grasp of the Windows tools used in troubleshooting your IIS systems, let’s take a look at a helpful tip for tuning the performance of your Web server. In some cases, you might need to enable Bandwidth Throttling.
Many companies in today’s market run more than just IIS on a Web server. It is safe to assume that they could also be running DHCP, an SMTP server, DNS, and/or other related services. Bandwidth Throttling allows other applications to use the available bandwidth. In addition, if you use host headers and run more than one Web site on your IIS server, you can throttle bandwidth based on each Web site.
After you have gone over the basics, go ahead and take a look at Microsoft’s Web Application Stress Tool, which allows you to simulate multiple machines connecting to a Web site. This tool was created so that an administrator can find and eliminate any problems with an IIS Web site prior to bringing the IIS Web server live on the production network.
Performance Monitor basics
The first step in tuning your IIS server is to learn the tools that allow you to do so. The primary tool for monitoring your IIS server is the native Windows Performance Monitor. With the Performance Monitor, you can perform the following:
* Log Performance data
* Create charts and reports
* Configure and set alerts
* Identify bottlenecks
In Windows NT/2000/XP, you can access the Performance Monitor from the Administrative Tools folder. (In Win2K and WinXP, the Performance Monitor icon is simply called Performance.) Because the Performance Monitor is so customisable, you must spend some time getting to know what counters you will need to use to measure specific events on your systems. When adding counters, you are provided with an Explain button that helps sort out what each counter means. In addition, you can specify different colours and widths for each counter you choose, so that you can immediately recognise them when they are graphed.
Tip
You can save the Performance Monitor results to a file for later viewing. I also recommend that for your mission-critical Web servers, you have a dedicated workstation that you use to monitor your Web servers full-time so that you can quickly examine their status at regular intervals and whenever you think there may be a problem.
To add counters to your Performance Monitor:
* Open Performance Monitor from the Administrative Tools Folder.
* Click the Add button and add the appropriate counters.
* Click Close.
Another useful feature of the Performance Monitor is the ability to add alerts. For example, you might specify alerts to warn you if your processor utilisation becomes too high or if your memory becomes too low.
To configure an alert:
* Open Performance Monitor.
* Expand Performance Logs And Alerts.
* Right-click on Alert and select New Alert Settings.
* Select a Name, add your counters, and select your action.
Now let's see how to use the Performance Monitor to look at the two most important performance metrics: memory and CPU.
Memory tuning
Performance of your IIS Web server can be drastically reduced if you do not have enough memory to handle the load. You want to make sure that you have enough memory on your IIS system so that swapping does not occur. Windows 2000 and IIS will cache memory as long as there is enough installed on the box. Caching is much faster than swapping. To make sure that you have enough memory for IIS, you should monitor the following counters:
* File Cache Hits
* File Cache Hits %
* File Cache Misses
* File Cache Flushes
By monitoring the successful and failed hits, you can determine whether IIS has to rely on paging as opposed to going to cache. Keep in mind that the IIS file cache can use up to 4 GB of RAM for caching.
CPU utilisation
Obviously, it is important to take a look at your CPU utilisation. Monitoring counters such as %Processor Time and Total Processor Time will give you a bigger picture of how your CPU is handling the load. You processor should not sustain a level of more than 80 percent for either of these counters. If it does, you need to look at upgrading your processor or adding another processor, if the system allows for it.
Task Manager
Another quick and useful tool for monitoring IIS is the Task Manager (in Win2K and WinXP). You can access the task manager quickly by pressing [Ctrl][Shift][Esc]. With the Task Manager, you can:
* View CPU and memory usage quickly.
* Monitor the CPU and memory usage of Inetinfo.exe (the global IIS process).
* Monitor the Index Server and Certificate Server, if applicable.
Furthermore, you can add columns to the graphs on the Processes tab of the Task Manager by clicking View | Select Columns. A good column to add is the Memory Usage Delta column. This is useful in determining which applications might have a memory leak. I have used this many times when troubleshooting third-party applications. I can’t tell you how often third-party tools request memory and don't release it when they are finished. This counter helps in determining memory leaks, which can definitely degrade the performance of your Web server.
Event Viewer
The Event Viewer can give you a detailed first glimpse of a problem. When identifying problems, look for the following keywords in the source column in the Event Viewer:
* NNTP Service—NNTPSVC
* WWW Service—W3SVC
* FTP Service—MSFTPSVC
* SMTP Service—SMTPSVC
* Active Server Pages
* Microsoft COM+ MSDTC
* Certificate Services CERTSVC
Bandwidth Throttling
Now that you have a basic grasp of the Windows tools used in troubleshooting your IIS systems, let’s take a look at a helpful tip for tuning the performance of your Web server. In some cases, you might need to enable Bandwidth Throttling.
Many companies in today’s market run more than just IIS on a Web server. It is safe to assume that they could also be running DHCP, an SMTP server, DNS, and/or other related services. Bandwidth Throttling allows other applications to use the available bandwidth. In addition, if you use host headers and run more than one Web site on your IIS server, you can throttle bandwidth based on each Web site.
After you have gone over the basics, go ahead and take a look at Microsoft’s Web Application Stress Tool, which allows you to simulate multiple machines connecting to a Web site. This tool was created so that an administrator can find and eliminate any problems with an IIS Web site prior to bringing the IIS Web server live on the production network.
ERROR 2003: Can't connect to MySQL server on 'localhost' (10061)
1. Uninstalled mysql (I guess my first installation
was corrupted).
2. c:\mysql\bin>mysqld-nt.exe --install or run it from GUI.
if mysqld-nt.exe does not work run mysqld-max-nt.exe
3. Reboot (not necessary)
4. Now, check the task manager and mysqld-nt.exe
should be running at the background. If not, there is
something wrong with the install -- I believe
it was my problem.
5. C:\mysql\bin>mysql -u root mysql
6. mysql> set password for
root@localhost=PASSWORD("funfun");
7. mysql> update user set password=PASSWORD
("funfun") where user='root';
8. mysql> flush privileges;
Note that funfun is my password
was corrupted).
2. c:\mysql\bin>mysqld-nt.exe --install or run it from GUI.
if mysqld-nt.exe does not work run mysqld-max-nt.exe
3. Reboot (not necessary)
4. Now, check the task manager and mysqld-nt.exe
should be running at the background. If not, there is
something wrong with the install -- I believe
it was my problem.
5. C:\mysql\bin>mysql -u root mysql
6. mysql> set password for
root@localhost=PASSWORD("funfun");
7. mysql> update user set password=PASSWORD
("funfun") where user='root';
8. mysql> flush privileges;
Note that funfun is my password
Retrieve IUSER Password with this Script
Dim Argcomputer, IISObject, ArgPath
ArgComputer = "localHost"
ArgPath = "/W3SVC/1/Root"
Sub DisplayUsage
WScript.Echo "usage: cscript ShowPasswords.vbs"
WScript.Echo " [--help|-?]"
WScript.Echo ""
WScript.Quit(1)
End Sub
Sub checkCmdLine()
Dim OArgs, ArgNum
Set oArgs = WScript.Arguments
ArgNum = 0
While ArgNum < oArgs.Count
Select Case LCase(oArgs(ArgNum))
Case "--help","-?":
Call DisplayUsage
Case Else:
WScript.Echo "Unknown argument "& oArgs(ArgNum)
Call DisplayUsage
End Select
ArgNum = ArgNum + 1
Wend
If (Left(Argpath,1) <> "/") Then
ArgPath = "/" & ArgPath
End If
End Sub
Sub ShowDetails(ShowWAM, Header, OBJ)
on error resume next
WScript.Echo Header
WScript.Echo " Annonymous user name : " & OBJ.AnonymousUserName
WScript.Echo " Annonymous user account password : " & OBJ.AnonymousUserPass
If (ShowWAM= True) Then
WScript.Echo
WScript.Echo " WAM user name : " & OBJ.WAMUserName
WScript.Echo " WAM password : " & OBJ.WAMuserPass
End If
WScript.Echo
WScript.Echo " ODBC username : " & OBJ.LogOdbcUserName
WScript.Echo " ODBC password : " & OBJ.LogOdbcPassword
WScript.Echo
End Sub
Sub DoObject(ObjectName, Objectclass)
Dim FullPath, IISOBJ, IISOBJ1
on error resume next
FullPath = "IIS://" & ArgComputer & "/" & ObjectName
Set IISOBJ = getObject(FullPath)
If (err <> 0) Then
WScript.Echo "Unable to access object : " & ObjectName & " on computer: " & Argcomputer & vbcrlf
exit sub
Else
If (Objectname <> "W3SVC") Then
Showdetails False, ObjectName, IISOBJ
Else
Showdetails True, ObjectName, IISOBJ
End If
For Each Server In IISOBJ
If (Server.Class = Objectclass) Then
if (ObjectName = "W3SVC") then
FullPath = "IIS://" & ArgComputer & "/" & ObjectName & "/" & Server.Name& "/Root"
else
FullPath = "IIS://" & ArgComputer & "/" & ObjectName & "/" & Server.Name
end if
Set IISOBJ1 = getObject(FullPath)
ShowDetails False, ObjectName & "/" & Server.Name, IISOBJ1
Set IISOBJ1 = Nothing
End If
Next
End If
set IISOBJ = nothing
End Sub
Call CheckCmdLine()
Call DoObject("MSFTPSVC", "IIsFTPServer")
Call DoObject("NNTPSVC", "IIsNNTPServer")
Call DoObject("W3SVC", "IIsWebServer")
'*******************************************************************
'*******************************************************************
ArgComputer = "localHost"
ArgPath = "/W3SVC/1/Root"
Sub DisplayUsage
WScript.Echo "usage: cscript ShowPasswords.vbs"
WScript.Echo " [--help|-?]"
WScript.Echo ""
WScript.Quit(1)
End Sub
Sub checkCmdLine()
Dim OArgs, ArgNum
Set oArgs = WScript.Arguments
ArgNum = 0
While ArgNum < oArgs.Count
Select Case LCase(oArgs(ArgNum))
Case "--help","-?":
Call DisplayUsage
Case Else:
WScript.Echo "Unknown argument "& oArgs(ArgNum)
Call DisplayUsage
End Select
ArgNum = ArgNum + 1
Wend
If (Left(Argpath,1) <> "/") Then
ArgPath = "/" & ArgPath
End If
End Sub
Sub ShowDetails(ShowWAM, Header, OBJ)
on error resume next
WScript.Echo Header
WScript.Echo " Annonymous user name : " & OBJ.AnonymousUserName
WScript.Echo " Annonymous user account password : " & OBJ.AnonymousUserPass
If (ShowWAM= True) Then
WScript.Echo
WScript.Echo " WAM user name : " & OBJ.WAMUserName
WScript.Echo " WAM password : " & OBJ.WAMuserPass
End If
WScript.Echo
WScript.Echo " ODBC username : " & OBJ.LogOdbcUserName
WScript.Echo " ODBC password : " & OBJ.LogOdbcPassword
WScript.Echo
End Sub
Sub DoObject(ObjectName, Objectclass)
Dim FullPath, IISOBJ, IISOBJ1
on error resume next
FullPath = "IIS://" & ArgComputer & "/" & ObjectName
Set IISOBJ = getObject(FullPath)
If (err <> 0) Then
WScript.Echo "Unable to access object : " & ObjectName & " on computer: " & Argcomputer & vbcrlf
exit sub
Else
If (Objectname <> "W3SVC") Then
Showdetails False, ObjectName, IISOBJ
Else
Showdetails True, ObjectName, IISOBJ
End If
For Each Server In IISOBJ
If (Server.Class = Objectclass) Then
if (ObjectName = "W3SVC") then
FullPath = "IIS://" & ArgComputer & "/" & ObjectName & "/" & Server.Name& "/Root"
else
FullPath = "IIS://" & ArgComputer & "/" & ObjectName & "/" & Server.Name
end if
Set IISOBJ1 = getObject(FullPath)
ShowDetails False, ObjectName & "/" & Server.Name, IISOBJ1
Set IISOBJ1 = Nothing
End If
Next
End If
set IISOBJ = nothing
End Sub
Call CheckCmdLine()
Call DoObject("MSFTPSVC", "IIsFTPServer")
Call DoObject("NNTPSVC", "IIsNNTPServer")
Call DoObject("W3SVC", "IIsWebServer")
'*******************************************************************
'*******************************************************************
Reverse DNS lookup in Windows
To create the reverse dns lookup zone, follow these steps
1) Open the DNS console and expand the server whre you want to create the zone.
2) Right click Reverse Lookup Zones, and choose New zone to launch the New zone Wizard.
3) Click next , choose standard primary and click next
4) In the netword ID field enter the first three octets of the zone's IP address and click next.
5) when the wizard offers a name for the DNS zone file click next to accept the default name and click finish.
1) Open the DNS console and expand the server whre you want to create the zone.
2) Right click Reverse Lookup Zones, and choose New zone to launch the New zone Wizard.
3) Click next , choose standard primary and click next
4) In the netword ID field enter the first three octets of the zone's IP address and click next.
5) when the wizard offers a name for the DNS zone file click next to accept the default name and click finish.
Server Application Error
The server failed to load application '/LM/W3SVC/1/Root/'. The error was 'The server process could not be started because the configured identity is incorrect. Check the username and password'
there are 2 ways to resolve the issue.
1)
Give "Logon as a batch job" rights to the IWAM_MACHINENAME and IUSR_MACHINENAME accounts. To do this, follow these steps: 1. On the Administrative Tools menu, expand Local Security Policies.
2. Select User Rights Assignment.
3. Select the IWAM_MACHINENAME and IUSR_MACHINENAME accounts.NOTE: If domain level policy settings are defined, they override local policy settings. Make sure that the Effective Policy Setting is also selected (this setting is dimmed). Contact your domain administrator if this setting is not selected
2 ) Resetting the application in IIS
Go to Sites properties and on home directory tab, set app process from high to low and click apply, then set back to high and click apply
All set.
there are 2 ways to resolve the issue.
1)
Give "Logon as a batch job" rights to the IWAM_MACHINENAME and IUSR_MACHINENAME accounts. To do this, follow these steps: 1. On the Administrative Tools menu, expand Local Security Policies.
2. Select User Rights Assignment.
3. Select the IWAM_MACHINENAME and IUSR_MACHINENAME accounts.NOTE: If domain level policy settings are defined, they override local policy settings. Make sure that the Effective Policy Setting is also selected (this setting is dimmed). Contact your domain administrator if this setting is not selected
2 ) Resetting the application in IIS
Go to Sites properties and on home directory tab, set app process from high to low and click apply, then set back to high and click apply
All set.
Server Performance Advisor ( Windows )
As I mentioned earlier, you can download Server Performance Advisor for free from the Microsoft Web site. The download URL is: http://www.microsoft.com/downloads/details.aspx?FamilyID=61a41d78-e4aa-47b9-901b-cf85da075a73&displaylang=en The download consists of a 4 MB Windows Installer file named SPA.MSI.
To install the Server Performance Advisor, create an empty folder on your server and download the SPA.MSI file into it. When the download completes, double click on the SPA.MSI file and Windows will ask you whether you’d like to open the file, or save it to your computer. Click the Open button and the Windows Installer will launch the Server Performance Advisor Setup Wizard. Click Next to bypass the wizard’s Welcome screen and you will see a screen asking you to accept the end user license agreement. Accept the license agreement, click Next and you will be prompted for the installation path. Verify that the installation path is OK and choose whether or not you want the Server Performance Advisor to be available to other administrators who log directly on to the server, and click Next. You will now be prompted to enter a location for the data storage folder. The data storage folder is used as a storage point for the performance data that the utility collects. You can use any folder that you want, but the volume containing the folder must have at least 150 MB of free space.
Click Next and you will be prompted for the path to the report folder. This folder will contain analytical reports based on the performance data that has been collected. The reports usually don’t take up very much space, so there are no special considerations for the Reports folder.
Click Next twice and the wizard will begin installing all of the necessary files. When the file copy process complete, click the Finish button to close the Wizard.
To install the Server Performance Advisor, create an empty folder on your server and download the SPA.MSI file into it. When the download completes, double click on the SPA.MSI file and Windows will ask you whether you’d like to open the file, or save it to your computer. Click the Open button and the Windows Installer will launch the Server Performance Advisor Setup Wizard. Click Next to bypass the wizard’s Welcome screen and you will see a screen asking you to accept the end user license agreement. Accept the license agreement, click Next and you will be prompted for the installation path. Verify that the installation path is OK and choose whether or not you want the Server Performance Advisor to be available to other administrators who log directly on to the server, and click Next. You will now be prompted to enter a location for the data storage folder. The data storage folder is used as a storage point for the performance data that the utility collects. You can use any folder that you want, but the volume containing the folder must have at least 150 MB of free space.
Click Next and you will be prompted for the path to the report folder. This folder will contain analytical reports based on the performance data that has been collected. The reports usually don’t take up very much space, so there are no special considerations for the Reports folder.
Click Next twice and the wizard will begin installing all of the necessary files. When the file copy process complete, click the Finish button to close the Wizard.
Setting Up IPsecurity with ADSI ( Script )
There are different ways to restrict clients from viewing resources on an IIS server. Resources can be configured to authorize access only to clients who use certificates, or to specific authenticated client user names, or to specific IP addresses or DNS host names.
This topic provides examples to configure IIS to restrict client access based on IP addresses or DNS host names. Each example modifies the IPSecurity metabase property, which can be configured for a service, a site, a virtual directory, or a Web file.
Using ADSI in VBScriptUsing ADSI in VBScript
The following example shows you how to use the VBScript scripting language to set an IP restriction on the default Web site and display the restrictions contained in the IPSecurity metabase property.
This example uses ADSI. For an example that uses System.DirectoryServices, see Setting IP Security Using System.DirectoryServices.
Visual Basic Script
' Set up variables.
Set IIsWebVirtualDirObj = GetObject("IIS://localhost/W3SVC/1/Root")
Set IIsIPSecurityObj = IIsWebVirtualDirObj.IPSecurity
Dim IPList
IPList = Array()
' If GrantByDefault is True, you can only use IPDeny and DomainDeny.
If True = IIsIPSecurityObj.GrantByDefault Then
' Insert a new restriction.
IPList = IIsIPSecurityObj.IPDeny
If (-1 = Ubound(IPList)) Then WScript.Echo("Currently no IP Addresses are denied")
Redim IPList (Ubound(IPList)+1)
IPList (Ubound(IPList)) = "123.0.0.1,255.255.255.0"
' Set the new lists back in the metabase in two stages, and then save
' the metabase.
IIsIPSecurityObj.IPDeny = IPList
IIsWebVirtualDirObj.IPSecurity = IIsIPSecurityObj
IIsWebVirtualDirObj.Setinfo
WScript.Echo("The IPRestriction has been set")
' Display the IP restrictions.
IIsWebVirtualDirObj.Getinfo
Set IIsIPSecurityObj = IIsWebVirtualDirObj.IPSecurity
IPList = IIsIPSecurityObj.IPDeny
WScript.Echo("These IP addresses are denied:")
For Each IP In IIsIPSecurityObj.IPDeny
WScript.Echo(IP)
Next
End if
This topic provides examples to configure IIS to restrict client access based on IP addresses or DNS host names. Each example modifies the IPSecurity metabase property, which can be configured for a service, a site, a virtual directory, or a Web file.
Using ADSI in VBScriptUsing ADSI in VBScript
The following example shows you how to use the VBScript scripting language to set an IP restriction on the default Web site and display the restrictions contained in the IPSecurity metabase property.
This example uses ADSI. For an example that uses System.DirectoryServices, see Setting IP Security Using System.DirectoryServices.
Visual Basic Script
' Set up variables.
Set IIsWebVirtualDirObj = GetObject("IIS://localhost/W3SVC/1/Root")
Set IIsIPSecurityObj = IIsWebVirtualDirObj.IPSecurity
Dim IPList
IPList = Array()
' If GrantByDefault is True, you can only use IPDeny and DomainDeny.
If True = IIsIPSecurityObj.GrantByDefault Then
' Insert a new restriction.
IPList = IIsIPSecurityObj.IPDeny
If (-1 = Ubound(IPList)) Then WScript.Echo("Currently no IP Addresses are denied")
Redim IPList (Ubound(IPList)+1)
IPList (Ubound(IPList)) = "123.0.0.1,255.255.255.0"
' Set the new lists back in the metabase in two stages, and then save
' the metabase.
IIsIPSecurityObj.IPDeny = IPList
IIsWebVirtualDirObj.IPSecurity = IIsIPSecurityObj
IIsWebVirtualDirObj.Setinfo
WScript.Echo("The IPRestriction has been set")
' Display the IP restrictions.
IIsWebVirtualDirObj.Getinfo
Set IIsIPSecurityObj = IIsWebVirtualDirObj.IPSecurity
IPList = IIsIPSecurityObj.IPDeny
WScript.Echo("These IP addresses are denied:")
For Each IP In IIsIPSecurityObj.IPDeny
WScript.Echo(IP)
Next
End if
System Restore Windows
The most requested feature (apart from the Logon Screen & Fast User Switching) is here! You will need your Windows XP CD on hand to install this, as files from Windows XP are required to install System Restore into Windows Server 2003.
Please take care when using System Restore, as system instabilities are still unknown at this point, although it has been tried and tested! If your copy of Windows Server 2003 is to be used as a 100% workstation, then it should be OK to use System Restore!
The installation of System Restore is as easy as pie, follow the instructions below:
Download: Add System Restore
1. Extract the zip file into a folder, you will see two main files - AddSystemRestoreEntries.reg and sr.inf
2. Double click on AddSystemRestoreEntries.reg and click on Yes when prompted.
3. Insert your Windows XP CD
4. Right click on sr.inf and select Install.
5. Point to the /i386 directory on the CD if prompted.
6. Reboot!
That simple eh! Many thanks to Gosh for this excellent hack!
Screenshots: Main System Restore Screen | System Restore tab in My Computer Properties
Let's move on to the last section, where you can find information and configure the little bits here and there!
Please take care when using System Restore, as system instabilities are still unknown at this point, although it has been tried and tested! If your copy of Windows Server 2003 is to be used as a 100% workstation, then it should be OK to use System Restore!
The installation of System Restore is as easy as pie, follow the instructions below:
Download: Add System Restore
1. Extract the zip file into a folder, you will see two main files - AddSystemRestoreEntries.reg and sr.inf
2. Double click on AddSystemRestoreEntries.reg and click on Yes when prompted.
3. Insert your Windows XP CD
4. Right click on sr.inf and select Install.
5. Point to the /i386 directory on the CD if prompted.
6. Reboot!
That simple eh! Many thanks to Gosh for this excellent hack!
Screenshots: Main System Restore Screen | System Restore tab in My Computer Properties
Let's move on to the last section, where you can find information and configure the little bits here and there!
Monday, November 5, 2007
Error while Removing Name serversfromWHM ICANN error
Cannot be removing since it is still registered with an ICANN register.
http://forums.spry.com/archive/index.php/t-150.html
http://www.fdcservers.net/vbulletin/archive/index.php/t-1012.html
http://layer0.layeredtech.com/archive/index.php?t-3666.html
Recently I have seen several instances of the following error in WHM:
"Sorry, the nameserver ip a.b.c.d cannot be removing since it is still registered with an ICANN register."
This error occurs under "Networking Setup -> Nameserver IPs" when you click the X to remove a nameserver.
This is caused by WHM doing whois lookups to determine if the nameservers are registered or not.
To correct the issue, go to Server Configuration -> Tweak Settings and check the box labeled "Disable whois lookups for the nameserver ip manager.".
Save the changes and you should be able to remove the nameserver now.
Subscribe to:
Posts (Atom)