Allow user to edit and add files to /var/www

The user should then be able to edit /var/www/ files without hassle.

The first line adds the user to the www-data group, the second line clears up any files with messed up ownership, and the third makes it so that all users who are members of the www-data group can read and write all files in /var/www.

If you are logged in as <username> you need to log out and log back in for the group membership to take effect.

Source : http://askubuntu.com/questions/19898/whats-the-simplest-way-to-edit-and-add-files-to-var-www

Cara Reset the MySQL root password on Ubuntu Linux

Ada kalanya mungkin kita lupa password root mysql di vps kita 😀 Nah ini dia caranya buat reset password root mysql kita 😉 Check it out yachhh…..

Stop the MySQL Server.

Start the mysqld configuration.

Login to MySQL as root.

Replace YOURNEWPASSWORD with your new password!

 

Done !!

Menangkal Serangan DDOS Di VPS Dengan Block IP Melalui IP Tables

Masih seperti sebelumnya, artikel ini adalah copas mentah2 dari http://forum.tuban-cyber.web.id/Thread-Tutorial-Menangkal-Serangan-DDoS-Di-VPS

Menangkal Serangan DDoS Di VPS

Cara ini sangat sederhana tapi juga ampuh untuk melihat serangan ddos yang menyerang server atau vps anda Big_smile2 ,1. login ke vps menggunakan putty masuk sebagai user root
2. Jalankan Perintah Berikut ini

Kode:

Perintah di atas akan menampilkan daftar / list IP pengujung dan jumlah koneksi yg di buat tiap IP tsb.

Akan tampil seperti ini misalnya:

Kode:

Pada tampilan di atas sebelah kiri menujukan Jumlah koneksi dan sebelah kanan IP yg mengakses

3.Perhatikan tampilan tsb dan koneksi standar pada server web biasanya maksimal 20 konneksi per ip per detik, anda bisa melihat apa ada yg melebihi 30 koneksi, misal anda menemukan ada IP yng koneksinya mewlebihi 20, coba anda jalankan perintah tadi minimal 5 kali dalam tempo minimal 5 detik

Kode:

Jika anda msh melihat IP tsb dengan koneksi yg tidak menurun bahkan bertambah, sudah di pastikan IP tsb bermasalah.

4. Tapi tunggu dulu jangan berpikir negatif Big_smile2 catat IP tsb cek dulu punya siapa IP tsb anda bisa mengecek IP melalui http://whatismyipaddress.com/ip-lookup, jika hasilnya ip tsb milik google kemungkinan itu google yg sedang melakukan bot crawling / mengindex server/website anda jika tidak brarti itu IP bahaya , di sini kami hanya merekomendasikan IP google Big Grin

5. Lakukan Block IP agar tidak bisa mengakses server anda dengan cara:

Kode:

x.x.x.x di ganti IP yg ingin anda block

6. Jika sudah coba anda cek koneksi lagi :

Kode:

di pastikan juika IP tadi sudah tidak akan tampil karena sudak di block

7. Untuk melihat Status IP yg sudah di block td anda bisa dengan cara :

Kode:

Maka akan tampil seperti ini misalnya:

Kode:

Terlihat bahwa IP yg tadi anda block, dan IP tsb terus berusaha mengirim paket lihat bagian Chain INPUT jumlah pkts akan terus bertambah dan nilai byte juga pasti bertambah.

Membuat Firewall di VPS Ubuntu 12.04

Dicopas mentah2 dari https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-ip-tables-on-ubuntu-12-04 😉

Creating the IP Table:

If you type in the following, you can see the current rules in the virtual server’s IP Table:

They should look like this:

If you have another set of rules in place or want to start fresh, you can always set the rules back to the default by flushing and deleting all of them:

Additionally, if you want speed up your work with IP Table, you can include -n in the command. This option disables DNS lookups and prevents the command from trying to find the reverse of each IP in the ruleset. You could use this to list rules, as an example:

A Basic Firewall

As it stands the current rules allow all connections, both incoming and outgoing. There are no security measures in place whatsoever. As we build up the table, keep in mind that as soon as a packet is ACCEPTED, REJECTED, or DROPPED, no further rules are processed. Therefore the rules that come first take priority over later ones.

While creating the rules, we have to be sure to prevent ourselves from accidentally blocking SSH (the method through which we connected to the server).

To start off, let’s be sure to allow all current connections, all of the connections at the time of making the rule, will stay online:

We can go ahead and break this down:

  1. -A tells the IP table to append a rule to the table.
  2. INPUT designates this rule as part of the Input chain.
  3. m conntrack followed by the –cstate ESTABLISHED,RELATED guarantees that the result of this rule will only apply to current connections and those related to them are allowed
  4. -j ACCEPT tells the packet to JUMP to accept and the connections are still in place.

After we are assured that all the current connections to the virtual private server can stay up uninterrupted, we can proceed to start blocking off other insecure connections.

Let’s assume that we want to block all incoming traffic, except for those coming in on 2 common ports: 22 for SSH and 80 for web traffic. We proceed by allowing all traffic on the designated ports with the following commands:

In both of these commands, the -p option stands for the protocol with which the connection is being made, in this case tcp, while the –dport specifies the port through which the packet is being transmitted.

After we have guaranteed that the desirable traffic will make it through the firewall, we can finish up by blocking all remaing traffic from accessing our virtual server. Because this is the last rule in the list, all traffic that matches any of the previous rules in the IP Table will not be affected, and will be treated as we set up previously.

Let’s make a rule to block all of the remaining traffic:

With that, we can see what our updated rules look like:

We are almost finished. However, we are missing one more rule. We need to provide our VPS with loopback access. If we were to add the rule now without further qualifiers, it would go to the end of the list and, since it would follow the rule to block all traffic, would never be put into effect.

In order to counter this issue, we need to make this rule first in the list, using the INPUT option :

  1. -I INPUT 1 places this rule at the beginning of the table
  2. lo refers to the loopback interface
  3. -j ACCEPT then guarantees that the loopback traffic will be accepted

Now we have finished creating a basic firewall. Your rules should look like this (we can see the details of the iptable by typing -v):

However, as soon as the virtual server reboots, the IP tables will be wiped. The next step will go over saving and restoring the IP tables.

Saving IP Tables

Although the IP tables are effective, they will automatically be deleted if the server reboots. To make sure that they remain in effect, we can use a package called IP-Tables persistent.

We can install it using apt-get:

During the installation, you will be asked if you want to save the iptable rules to both the IPv4 rules and the IPv6 rules. Say yes to both.

Your rules will then be saved in /etc/iptables/rules.v4 and /etc/iptables/rules.v6.

Once the installation is complete, start iptables-persistent running:

After any server reboot, you will see that the rules remain in place.

Linux Screen – Solusi agar proses tetap berjalan saat koneksi SSH terputus

Artikel ini saya copy sepenuhnya dari http://hostuner.com/linux-screen/

 

Linux Screen

 

Ketika anda sedang meremote sebuah server melalui ssh dan sedang menjalankan proses yang tidak bisa ditinggal dan membutuhkan waktu lama, lalu tiba-tiba koneksi anda putus, tentunya itu akan sangat menjengkelkan, dan ketika kita kembali terhubung ke server melalui ssh, proses yang kita jalankan tadi tidak bisa kita lihat lagi. Untuk itu kita perlu menggunakan bantuan “linux screen”, utilitas ini berguna untuk melanjutkan kembali sesi terminal sebelumnya, sehingga anda bisa melanjutkan pekerjaan anda walaupun koneksi terputus. Berikut tutorial singkat penggunaan linux screen.

Instalasi Linux Screen

Debian/Ubuntu

CentOS

 

Cara menggunakan screen

Untuk menjalan screen, cukup ketikkan perintah “screen”

 

ketika anda mengetikan perintah tersebut, tidak akan terlihat perubahan yang berarti, hanya akan terjadi perubahan di title terminal anda.

 

linux screen tutorial

 

Sekarang beberapa perintah dasar menggunakan screen, perintah screen dimulai dengan menekan tombol ctrl bersamaan dengan tombol yang diperlukan,

 

  • ctrl+a+c : membuat sebuah sesi screen baru, sehingga anda dapat menggunakan beberapa sesi screen.
  • ctrl+a+n : beralih ke sesi screen selanjutnya (tentunya jika anda membuat beberapa sesi)
  • ctrl+a+p : beralih ke sesi screen sebelumnya
  • ctrl+a+d : melepaskan sebuah sesi screen (tanpa menghentikan proses yang berjalan di dalam screen)
  • exit : untuk mengakhiri sebuah sesi screen

 

Sekarang kita akan sedikit mencoba mempraktekan teori tersebut, pertama tentunya remote server anda, kemudian ketik perintah “screen”, lalu jalankan perintah yang bisa kita lihat, dalam contoh ini saya menggunakan perintah “mtr” (my trace route).

 

 

kemudian buat sesi screen baru lagi dengan menggunakan perintah “ctrl+a+c“, lalu jalankan perintah “ping” misalnya.

 

 

sekarang cobalah berganti sesi screen sebelumnya menggunakan perintah “ctrl+a+p“, dan coba ke screen selanjutnya dengan perintah “ctrl+a+n“.

 

Selanjutnya adalah coba kembali ke sesi SSH biasa atau dengan kata lain deattach (bukan menghentikan screen) dengan perintah “ctrl+a+d“.

 

Untuk melihat daftar screen yang ada, gunakan perintah

 

 

 

Untuk menghubungkan kembali ke salah satu screen, gunakan perintah “screen -r nomor_screen“, contoh

 

Untuk menghapus session screen

Lalu bagaimana jika koneksi saya terputus? Tinggal koneksi saja via ssh, lalu lihat screen yang ada, kemudian hubungkan seperti langkah diatas.

 

Semoga bermanfaat

 

Regards,

 

Install Elasticsearch in Ubuntu 12.04 LTS

Easy install Elasticsearch in Ubuntu 12.04

Source : https://gist.github.com/wingdspur/2026107

Common SSH Commands or Linux Shell Commands

ls : list files/directories in a directory, comparable to dir in windows/dos.
ls -al : shows all files (including ones that start with a period), directories, and details attributes for each file.

cd : change directory · · cd /usr/local/apache : go to /usr/local/apache/ directory
cd ~ : go to your home directory
cd – : go to the last directory you were in
cd .. : go up a directory cat : print file contents to the screen

cat filename.txt : cat the contents of filename.txt to your screen

chmod: changes file access permissions
The set of 3 go in this order from left to right:
USER – GROUP – EVERONE

0 = — No permission
1 = –X Execute only
2 = -W- Write only
3 = -WX Write and execute
4 = R– Read only
5 = R-X Read and execute
6 = RW- Read and write
7 = RWX Read, write and execute

Usage:
chmod numberpermissions filename

chmod 000 : No one can access
chmod 644: Usually for HTML pages
chmod 755: Usually for CGI scripts

chown: changes file ownership permissions
The set of 2 go in this order from left to right:
USER – GROUP

chown root myfile.txt : Changes the owner of the file to root
chown root.root myfile.txt : Changes the owner and group of the file to root

tail : like cat, but only reads the end of the file
tail /var/log/messages : see the last 20 (by default) lines of /var/log/messages
tail -f /var/log/messages : watch the file continuously, while it’s being updated
tail -200 /var/log/messages : print the last 200 lines of the file to the screen

more: like cat, but opens the file one screen at a time rather than all at once
more /etc/userdomains : browse through the userdomains file. hit Spaceto go to the next page, q to quit

pico : friendly, easy to use file editor
pico /home/burst/public_html/index.html : edit the index page for the user’s website.

File Editing with VI ssh commands
vi : another editor, tons of features, harder to use at first than pico
vi /home/burst/public_html/index.html : edit the index page for the user’s website.
Whie in the vi program you can use the following useful commands, you will need to hit SHIFT + : to go into command mode

:q! : This force quits the file without saving and exits vi
:w : This writes the file to disk, saves it
:wq : This saves the file to disk and exists vi
:LINENUMBER : EG :25 : Takes you to line 25 within the file
:$ : Takes you to the last line of the file
:0 : Takes you to the first line of the file

grep : looks for patterns in files
grep root /etc/passwd : shows all matches of root in /etc/passwd
grep -v root /etc/passwd : shows all lines that do not match root

ln : create’s “links” between files and directories
ln -s /usr/local/apache/conf/httpd.conf /etc/httpd.conf : Now you can edit /etc/httpd.conf rather than the original. changes will affect the orginal, however you can delete the link and it will not delete the original.

last : shows who logged in and when
last -20 : shows only the last 20 logins
last -20 -a : shows last 20 logins, with the hostname in the last field

w : shows who is currently logged in and where they are logged in from.
who : This also shows who is on the server in an shell.

netstat : shows all current network connections.
netstat -an : shows all connections to the server, the source and destination ips and ports.
netstat -rn : shows routing table for all ips bound to the server.

top : shows live system processes in a nice table, memory information, uptime and other useful info. This is excellent for managing your system processes, resources and ensure everything is working fine and your server isn’t bogged down.
top then type Shift + M to sort by memory usage or Shift + P to sort by CPU usage

ps: ps is short for process status, which is similar to the top command. It’s used to show currently running processes and their PID.
A process ID is a unique number that identifies a process, with that you can kill or terminate a running program on your server (see kill command).
ps U username : shows processes for a certain user
ps aux : shows all system processes
ps aux –forest : shows all system processes like the above but organizes in a hierarchy that’s very useful!

touch : create an empty file
touch /home/burst/public_html/404.html : create an empty file called 404.html in the directory /home/burst/public_html/

file : attempts to guess what type of file a file is by looking at it’s content.
file * : prints out a list of all files/directories in a directory

du : shows disk usage.
du -sh : shows a summary, in human-readble form, of total disk space used in the current directory, including subdirectories.
du -sh * : same thing, but for each file and directory. helpful when finding large files taking up space.

wc : word count
wc -l filename.txt : tells how many lines are in filename.txt

cp : copy a file
cp filename filename.backup : copies filename to filename.backup
cp -a /home/burst/new_design/* /home/burst/public_html/ : copies all files, retaining permissions form one directory to another.
cp -av * ../newdir : Copies all files and directories recurrsively in the current directory INTO newdir

mv : Move a file command
mv oldfilename newfilename : Move a file or directory from oldfilename to newfilename

rm : delete a file
rm filename.txt : deletes filename.txt, will more than likely ask if you really want to delete it
rm -f filename.txt : deletes filename.txt, will not ask for confirmation before deleting.
rm -rf tmp/ : recursively deletes the directory tmp, and all files in it, including subdirectories. BE VERY CAREFULL WITH THIS COMMAND!!!

TAR: Creating and Extracting .tar.gz and .tar files
tar -zxvf file.tar.gz : Extracts the file
tar -xvf file.tar : Extracts the file
tar -cf archive.tar contents/ : Takes everything from contents/ and puts it into archive.tar
gzip -d filename.gz : Decompress the file, extract it

ZIP Files: Extracting .zip files shell command
unzip file.zip

Firewall – iptables commands
iptables -I INPUT -s IPADDRESSHERE -j DROP : This command stops any connections from the IP address
iptables -L : List all rules in iptables
iptables -F : Flushes all iptables rules (clears the firewall)
iptables –save : Saves the currenty ruleset in memory to disk
service iptables restart : Restarts iptables

Apache Shell Commands
httpd -v : Outputs the build date and version of the Apache server.
httpd -l : Lists compiled in Apache modules
httpd status : Only works if mod_status is enabled and shows a page of active connections
service httpd restart : Restarted Apache web server

MySQL Shell Commands
mysqladmin processlist : Shows active mysql connections and queries
mysqladmin drop databasenamehere : Drops/deletes the selected database
mysqladmin create databasenamehere : Creates a mysql database

Restore MySQL Database Shell Command
mysql -u username -p password databasename < databasefile.sql : Restores a MySQL database from databasefile.sql Backup MySQL Database Shell Command mysqldump -u username -p password databasename > databasefile.sql : Backup MySQL database to databasefile.sql

kill: terminate a system process
kill -9 PID EG: kill -9 431
kill PID EG: kill 10550
Use top or ps ux to get system PIDs (Process IDs)

EG:
PID TTY TIME COMMAND 10550 pts/3 0:01 /bin/csh 10574 pts/4 0:02 /bin/csh 10590 pts/4 0:09 APP
Each line represents one process, with a process being loosely defined as a running instance of a program. The column headed PID (process ID) shows the assigned process numbers of the processes. The heading COMMAND shows the location of the executed process.

Putting commands together
Often you will find you need to use different commands on the same line. Here are some examples. Note that the | character is called a pipe, it takes date from one program and pipes it to another.
> means create a new file, overwriting any content already there.
>> means tp append data to a file, creating a newone if it doesn not already exist.
< send input from a file back into a command. grep User /usr/local/apache/conf/httpd.conf |more This will dump all lines that match User from the httpd.conf, then print the results to your screen one page at a time. last -a > /root/lastlogins.tmp
This will print all the current login history to a file called lastlogins.tmp in /root/

tail -10000 /var/log/exim_mainlog |grep domain.com |more
This will grab the last 10,000 lines from /var/log/exim_mainlog, find all occurances of domain.com (the period represents ‘anything’,
— comment it out with a so it will be interpretted literally), then send it to your screen page by page.

netstat -an |grep :80 |wc -l
Show how many active connections there are to apache (httpd runs on port 80)

mysqladmin processlist |wc -l
Show how many current open connections there are to mysql

#top (untuk monitoring penggunaan resource secara live)
#top -D1 (interval setiap 1 detik, bisa diganti sesuai selera -D2, -D3 dst..)
#top kemudian pencet angka 1 (masih sama tetapi resource CPU lebih detail)

#yum install mc -y (untuk install MC = midnight commander, mirip total commander di windows, sejenis file manager versi console untuk centos, redhat)
#mc (menjalankan MC yang sudah diinstall)

#swapoff -a kemudian lanjutkan dengan #swapon -a (mengembalikan swap file ke angka 0 )

#sync; echo 3 > /proc/sys/vm/drop_caches (refresh RAM / menghilangkan cache yang ada di dalam RAM)

#mysqlcheck -Aao –auto-repair (optimizing database sql, auto repair jika ada yang error)