Linux, Windows, Software Tips, Articles and Hacks
To remove specific emails from a domain:
# postqueue -p | tail -n +2 | awk 'BEGIN { RS = "" } /@domain\.com/ { print $1 }' | tr -d '*!' | postsuper -d -
Or
# mailq | tail -n +2 | grep -v '^ *(' | awk 'BEGIN { RS = "" } { if ($8 == "USER@EXAMPLE.COM" && $9 == "") print $1 } ' | tr -d '*!' | postsuper -d -
ModSecurity uses can help block potential attack attempts from malicious users, but sometimes it can also block legitimate requests.
Note: Using SecRuleEngine Off in your modsecurity configuration, you won’t want to put that in your ModSecurity configuration file. As that completely turns off ModSecurity. The SecRuleRemoveById setting is used instead to only disable one specific rule.
If you are seeing errors in you apache log files for a domain such as:
[Sat Jul 25 16:34:57 2015] [error] [client ??.7.??.??] ModSecurity: Access denied with code 406 (phase 2). Pattern match "(?:\\\\b(?:(?:type\\\\b\\\\W*?\\\\b(?:text\\\\b\\\\W*?\\\\b(?:j(?:ava)?|ecma|vb)|application\\\\b\\\\W*?\\\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\\\b.{0,100}?\\\\bsrc)\\\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)| ..." at REQUEST_FILENAME. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "111"] [id "1234123404"] [msg "Cross-site Scripting (XSS) Attack"] [data ".cookie"][severity "CRITICAL"] [tag "WEB_ATTACK/XSS"] [hostname "domain.com"] [uri "/skin/frontend/base/default/js/cadence/lib/jquery.cookie.js"] [unique_id "VbQdIdg3u9IAAB9DPQkAAAAH"]
Mod _security is doing its job. If this is a valid script, you can make a change and allow it.
Run the following from ssh:
# grep ModSecurity /usr/local/apache/logs/error_log | sed -e 's#^.*\[id "\([0-9]*\).*hostname "\([a-z0-9\-\_\.]*\)"\].*uri "#\1 \2 #' | cut -d\" -f1 | sort -n | uniq -c | sort -n
The results will look like this:
# 100 1234123404 www.domain.com /skin/frontend/base/default/js/cadence/lib/jquery.cookie.js
ModSecurity rule ID 1234123404 has been triggered at least 100 times when accessing /skin/frontend/base/default/js/cadence/lib/jquery.cookie.js file.
In order to disable just the specific ModSecurity rule for the 1234123404 rule, run the following command:
# echo "SecRuleRemoveById 1234123404" >> /usr/local/apache/conf/userdata/std/2/userna5/domain.com/modsec.conf
You can also search for the rule in WHM/cPanel at Home »Security Center »ModSecurity™ Tools » Rules List
Note the error in the log file – the ID:
# [id "1234123404"]
This is the rule. Search for this at Home »Security Center »ModSecurity™ Tools » Rules List.
You can click disable to allow the script.
Getting an ftp connection error on a plesk server:
15:04:41 Status: Resolving address of 66.226.xx.xx 15:04:41 Status: Connecting to 66.226.72.xx.xx 15:04:41 Status: Connection established, waiting for welcome message... 15:04:48 Status: Initializing TLS... 15:04:50 Status: Verifying certificate... 15:04:53 Status: TLS connection established. 15:04:59 Status: Connected 15:04:59 Status: Retrieving directory listing... 15:05:02 Command: PWD 15:05:02 Response: 257 "/" is the current directory 15:05:02 Command: TYPE I 15:05:02 Response: 200 Type set to I 15:05:02 Command: PASV 15:05:02 Response: 227 Entering Passive Mode (66,226,xx,xx1,46,242). 15:05:02 Command: MLSD 15:05:02 Error: The data connection could not be established: ECONNREFUSED - Connection refused by server 15:05:21 Error: Connection timed out after 20 seconds of inactivity 15:05:21 Error: Failed to retrieve directory listing 15:05:21 Status: Disconnected from server
Edit your configuration file and comment out MasqueradeAddress:
# nano /etc/proftpd.conf
#MasqueradeAddress 66.226.xx.xx
Restart xinetd
# service xinetd restart
It simply means that the security2 module is being listed twice in your httpd configurations.
edited /etc/httpd/conf/httpd.conf and commented out the occurrence of this module so you should no longer see this notification.
Here is how to install the mailman mailing list on CentOS 6.6.
Install Mailman via yum:
# yum install mailman
Next, edit its Apache configuration file:
# cd /etc/httpd/conf.d # vi mailman.conf RedirectMatch ^/mailman[/]*$ http://domain.com/mailman/listinfo
Uncomment the redirect parameter and enter the correct domain name.
Set the site master password:
# /usr/lib/mailman/bin/mmsitepass password
This password can be used to access any list or any page. Edit the Mailman configuration file:
# vi /usr/lib/mailman/Mailman/mm_cfg.py DEFAULT_URL_HOST = ‘domain.com’ DEFAULT_EMAIL_HOST = ‘domain.com’
The URL host parameter usually matches the domain name from the above Apache configuration file. The email host should match the origin of the mail (i.e. the part after the @ of the email address, whether it is host.domain.com or domain.com).
Check for updates:
# cd /usr/lib/mailman # bin/update Upgrading from version 0x0 to 0x2010cf0 getting rid of old source files no lists == nothing to do, exiting
If you get this error:
# bin/update
Traceback (most recent call last):
File "bin/update", line 48, in <module>
from Mailman import mm_cfg
File "/usr/lib/mailman/Mailman/mm_cfg.py", line 86, in <module>
DEFAULT_URL_HOST = coldriverdata.com
NameError: name 'coldriverdata' is not defined
Check that the format is correct with the domains
# vi /usr/lib/mailman/Mailman/mm_cfg.py DEFAULT_URL_HOST = ‘domain.com’ DEFAULT_EMAIL_HOST = ‘domain.com’
* Notice the “‘”
Create the mailman site list and set up the aliases:
> cd /usr/lib/mailman > bin/newlist mailman
Enter the email of the person running the list: minh@minhtech.com Initial mailman password: password To finish creating your mailing list, you must edit your /etc/aliases (or equivalent) file by adding the following lines, and possibly running the `newaliases’ program: ## mailman mailing list mailman: “|/usr/lib/mailman/mail/mailman post mailman” mailman-admin: “|/usr/lib/mailman/mail/mailman admin mailman” mailman-bounces: “|/usr/lib/mailman/mail/mailman bounces mailman” mailman-confirm: “|/usr/lib/mailman/mail/mailman confirm mailman” mailman-join: “|/usr/lib/mailman/mail/mailman join mailman” mailman-leave: “|/usr/lib/mailman/mail/mailman leave mailman” mailman-owner: “|/usr/lib/mailman/mail/mailman owner mailman” mailman-request: “|/usr/lib/mailman/mail/mailman request mailman” mailman-subscribe: “|/usr/lib/mailman/mail/mailman subscribe mailman” mailman-unsubscribe: “|/usr/lib/mailman/mail/mailman unsubscribe mailman”
Hit enter to notify mailman owner…
> vi /etc/aliases ## mailman mailing list mailman: “|/usr/lib/mailman/mail/mailman post mailman” mailman-admin: “|/usr/lib/mailman/mail/mailman admin mailman” mailman-bounces: “|/usr/lib/mailman/mail/mailman bounces mailman” mailman-confirm: “|/usr/lib/mailman/mail/mailman confirm mailman” mailman-join: “|/usr/lib/mailman/mail/mailman join mailman” mailman-leave: “|/usr/lib/mailman/mail/mailman leave mailman” mailman-owner: “|/usr/lib/mailman/mail/mailman owner mailman” mailman-request: “|/usr/lib/mailman/mail/mailman request mailman” mailman-subscribe: “|/usr/lib/mailman/mail/mailman subscribe mailman” mailman-unsubscribe: “|/usr/lib/mailman/mail/mailman unsubscribe mailman”
# newaliases
After creating the list, add the listed aliases to the bottom of the aliases file, and then run newaliases.
Finally, restart Apache and start mailman:
# /etc/init.d/httpd restart Stopping httpd: [ OK ] Starting httpd: [ OK ] # /etc/init.d/mailman start Starting mailman: [ OK ]
# chkconfig –level 2345 mailman on
Plesk 9.x
1. Login to Plesk control panel.
2. Click on Modules >> Firewall >> Edit Firewall Configuration.
3. Click on ‘Add Custom Rule’.
4. Enter a name for the rule.
5. Select the option ‘Incoming’ for ‘Match direction’.
6. Select ‘Deny’ for Action.
7. If you wish to add port, you can enter the port or port range in text box beside the option ‘Add port or port range’. Click Add. Select TCP or UDP protocol. If you do not wish to add port, leave it as it is.
8. Add the IP address to be blocked in the text box beside the option ‘Add IP address or network’. Click Add.
9. Click OK.
10. Click Activate.
Plesk 10.x
1. Login to Plesk control panel.
2. Click on Tools & Settings >> Firewall >> Edit Firewall Configuration.
3. Click on ‘Add Custom Rule’.
4. Enter a name for the rule.
5. Select the option ‘Incoming’ for ‘Match direction’.
6. Select ‘Deny’ for Action.
7. If you wish to add port, you can enter the port or port range in text box beside the option ‘Add port or port range’. Click Add. Select TCP or UDP protocol. If you do not wish to add port, leave it as it is.
8. Add the IP address to be blocked in the text box beside the option ‘Add IP address or network’. Click Add.
9. Click OK.
10. Click Activate.
Plesk 12.x
1. Login to Plesk control panel.
2. Click on Tools & Settings >> Firewall
3. Click on Modify Plesk Firewall Rules >> Add Custom Rule
4. Enter a name for the rule.
5. Select the option ‘Incoming’ for ‘Match direction’.
6. Select ‘Deny’ for Action.
7. If you wish to add port, you can enter the port or port range in text box beside the option ‘Add port or port range’. Click Add. Select TCP or UDP protocol. If you do not wish to add port, leave it as it is.
8. Add the IP address to be blocked in the text box beside the option ‘Add IP address or network’. Click Add.
9. Click OK.
10. Apply Changes.
If you have existing code in your .htaccess, add this above where there are already rules with a similar starting prefix.
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
Be sure to replace www.yourdomain.com with your actual domain name.
Still at 100% disk usage after deleting files? Deleting file won’t free the space until you delete the processes that have open handles against that file. Nevertheless, you can reclaim the space. All you need to do is to remove the file descriptors. First execute lsof | grep deleted to identify the process holding the file.
Open Documents Folder documents
Open Videos folder videos
Open Downloads Folder downloads
Open Favorites Folder favorites
Open Recent Folder recent
Open Recent Folder logoff
Open Pictures Folder pictures
Windows Sideshow control.exe /name Microsoft.WindowsSideshow
FTP produces the following error:
530 User cannot log in, home directory inaccessible
Other resources:
http://kb.odin.com/en/549
http://kb.odin.com/en/124140
http://kb.odin.com/en/116628
http://kb.odin.com/en/124094