If your server is sending spam or compromised, here are a few tip.

First thing is to do a password audit, you can view these passwords in plain text in this file:

C:Program FilesParallelsPleskMail ServersMail EnableConfigAUTH.TAB

If some passwords in use are very weak they will eventually become compromised. Pay extra attention to common business type addresses like info@ sales@ contact@ as they are almost always the first to be brute forced. Also make sure that no password contains any words from the domain name.

Disable options that wallow spam to be relayed through your server in the form of backscatter: http://en.wikipedia.org/wiki/Backscatter_%28email%29

Specifically NDR’s – so your server is no longer sending bounces to spoofed email addresses. Also disable the notification that tells the remote sender when an inbox is full which can also be used to relay spam.

For the brute force you have a few options – one is to consider disabling the administrator account and setting up a brute policy to lock users after a set number of failed attempts. You could also change the port that RDP is using (http://support.microsoft.com/kb/306759) to something more obscure.

There are also software based utilities that can help however I’m not personally familiar with them I have seen them in use before on client machines.

RdpGuard: http://rdpguard.com/
Syspeace: http://www.syspeace.com/start/
EvlWatcher: http://nerderies.blogspot.com/
IPban: https://github.com/jjxtra/Windows-IP-Ban-Service/downloads

From a PCI scan, this error.

Answer: Your scanning provider is apparently relying on the version information in the banner to determine vulnerability. Redhat frequently backports fixes into previous versions of applications which is the case with your version of OpenSSL (openssl-0.9.8e-27.el5_10.4). This is a false positive. The vulnerability does not affect this server.

You can read about this at https://access.redhat.com/articles/904433

# rpm -q --changelog openssl |grep CVE-2014
- fix CVE-2014-0221 - recursion in DTLS code leading to DoS
- fix CVE-2014-3505 - doublefree in DTLS packet processing
- fix CVE-2014-3506 - avoid memory exhaustion in DTLS
- fix CVE-2014-3508 - fix OID handling to avoid information leak
- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS
- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability
- fix CVE-2014-0221 - recursion in DTLS code leading to DoS
- fix CVE-2014-3505 - doublefree in DTLS packet processing
- fix CVE-2014-3506 - avoid memory exhaustion in DTLS
- fix CVE-2014-3508 - fix OID handling to avoid information leak
- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS
- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability

Error:

Error: Failed to create session directory in '/usr/local/psa/PMM/sessions': [Errno 31] Too many links: '/usr/local/psa/PMM/sessions/2014-09-05-151358.796' Resolution: Clean directory '/usr/local/psa/PMM/sessions' 

Solution

server# cd /usr/local/psa/PMM/sessions

Check the tree

server # tree -i -L 1
31999 directories, 0 files

Ext 3 has a limit for the number of directories.

server# cd /usr/local/psa/PMM
server# mv sessions sessions.bak
server# mkdir sessions

Source: http://www.howtogeek.com/121650/how-to-secure-ssh-with-google-authenticators-two-factor-authentication/

Also, for CentOS: http://www.tecmint.com/ssh-two-factor-authentication/

Want to secure your SSH server with easy-to-use two-factor authentication? Google provides the necessary software to integrate Google Authenticator’s time-based one-time password (TOTP) system with your SSH server. You’ll have to enter the code from your phone when you connect.

Problem: Our security settings are stopping me from downloading DirectX.

Disable IE Enhanced Security on Windows Server 2012

Description

This article will detail disabling the ‘IE Enhanced Security Configuration’ setting within Windows Server 2012. Enchanced Security mode limits the exposure of the server to potentially malicious Web content. However, as a result, this option can cause Web sites to load inproperly. This option can be disabled to allow for a smoother Web experience.

Disabling this option on production server’s is not recommended.

Instructions

1. Open the Server Manager from the task bar.
2. Select Local Server.
3. On the properties tab look for the IE Enchanced Security Configuration setting and Click On.
4. Modify the Security Configuration settings from On to Off. Click Ok to save your changes.
5. Refresh the Local Server details by clicking the refresh button from the top of the Server Manager. The setting will move from ‘On’ to ‘Off’.
6. Close any current instances of Internet Explorer and relaunch to ensure the setting take effect.

Keep it mind that http is a stateless protocol. Each line can represent one client opening multiple sockets to grab different files (css, images, etc) that will hang out for awhile in a timewait state.

To display only active Internet connections to the server at port 80 and sort the results, allow to recognize many connections coming from one IP

# netstat -an | grep :80 | sort

To display the list of the all IP addresses involved instead of just count.

# netstat -n -p | grep SYN_REC | sort -u

Slow Server

# netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n 

# netstat -nat | grep :80 | grep ESTAB | wc -l

# netstat -nat | grep :80 | gawk '{ print $5; }' | gawk -F: '{ print $1 }' | sort | uniq -c | sort -n

# netstat -an|grep ":80"|awk '/tcp/ {print $6}'|sort -nr| uniq -c | sort -n

# netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1

For Java?

# netstat -nat | grep :1935 | gawk '{ print $5; }' | gawk -F: '{ print $1 }' | sort | uniq -c | sort -n

Need to optimize?

http://httpd.apache.org/docs/2.2/misc/perf-tuning.html
http://blog.monitis.com/2011/07/05/25-apache-performance-tuning-tips/
http://stackoverflow.com/questions/8902103/is-there-an-apache-tuner-script-like-mysqltuner-pl

ssh to the server

# cd /etc/sysconfig/network-scripts
# ls -l | grep ifcfg-eth
-rw-r--r-- 1 root root   119 Jan 11 19:16 ifcfg-eth0
-rw-r--r-- 1 root root   119 Jan  3 08:45 ifcfg-eth0.bak
-rw-r--r-- 1 root root   119 Feb 24 04:34 ifcfg-eth1
-rw-r--r-- 1 root root   128 Jan 19 18:20 ifcfg-eth1.bak

If the main adapter is called “eth0” you have to call the next (virtual) adapter in a sequential order like so:

ifcfg-eth0 (primary adapter, physical)
ifcfg-eth0:1 (first virtual adapter to the physical primary adapter)
ifcfg-eth0:2 (second virtual adapter to the physical primary adapter)

Copy our primary adapter configuration file and name it to be the first virtual adapter:


# cp ifcfg-eth0 ifcfg-eth0:1
# ls -l | grep ifcfg-eth
-rw-r--r-- 1 root root   119 Jan 11 19:16 ifcfg-eth0
-rw-r--r-- 1 root root   119 Feb 24 08:53 ifcfg-eth0:1
-rw-r--r-- 1 root root   119 Jan  3 08:45 ifcfg-eth0.bak
-rw-r--r-- 1 root root   119 Feb 24 04:34 ifcfg-eth1
-rw-r--r-- 1 root root   128 Jan 19 18:20 ifcfg-eth1.bak

Configure this virtual adapter to be a static IP, no hardware address (MAC), configure netmask and of course rename the device.


# vim ifcfg-eth0:1
DEVICE=eth0:1
BOOTPROTO=static
ONBOOT=yes
IPADDR=10.1.1.2
NETMASK=255.255.255.0

There is no need to specify a MAC address – it is a virtual adapter and there is also no need to specify a default gateway as it is already routed through the primary adapter. Basically there are only four things that you will need to change:

File name for the adapter itself
DEVICE= (should correspond with the file name)
IPADDR=
NETMASK=

Restart the networking service:


# service network restart

That’s it; lets check ifconfig to make sure the virtual adapter is there and working:


# ifconfig eth0:1
eth0:1    Link encap:Ethernet  HWaddr 08:00:27:ED:05:B7
inet addr:10.1.1.2  Bcast:10.1.1.255  Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1


# ping 10.1.1.2
PING 10.1.1.2 (10.1.1.2) 56(84) bytes of data.
64 bytes from 10.1.1.2: icmp_seq=1 ttl=64 time=0.073 ms
64 bytes from 10.1.1.2: icmp_seq=2 ttl=64 time=0.042 ms
64 bytes from 10.1.1.2: icmp_seq=3 ttl=64 time=0.029 ms
64 bytes from 10.1.1.2: icmp_seq=4 ttl=64 time=0.029 ms
--- 10.1.1.2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.029/0.043/0.073/0.018 ms

http://httpd.apache.org/docs/2.2/programs/ab.html

http://www.cyberciti.biz/tips/howto-performance-benchmarks-a-web-server.html


ab -c 50 -n 10000 URL_TO_THE_SITE

-n 10000: ab will send 1000 number of requests to server 202.54.200.1 in order to perform for the benchmarking session
-c 50 : 50 is concurrency number i.e. ab will send 50 number of multiple requests to perform at a time to server 202.54.200.1

Login to Linux/bsd desktop computer and type following command:


$ ab -n 1000 -c 5 http://202.54.200.1/snkpage.html

Where,

-n 1000: ab will send 1000 number of requests to server 202.54.200.1 in order to perform for the benchmarking session
-c 5 : 5 is concurrency number i.e. ab will send 5 number of multiple requests to perform at a time to server 202.54.200.1
For example if you want to send 10 request, type following command:

Passive Mode

To enable FTP Passive Mode on Plesk systems, you will need to first edit the proftpd.conf file in /etc/

nano /etc/proftpd.conf

Then find the following lines

# delay on login off (are included on newest Plesk) 
IdentLookups off
UseReverseDNS off

Under the lines above, add the following and save the file.

# Custom directives
PassivePorts 60000 65000

Now restart xinetd

service xinetd restart

Once xinetd is restarted, you need to add the port range to the Plesk Firewall. Modules > Firewall > Edit Firewall Configuration > Add Custom Rule
Select Incoming, Allow, then add the port range 60000-65000, TCP and OK.

WHM/ cPanel

nano /etc/pure-ftp.conf

PassivePortRange 60000 65000

service pure-ftp restart

Now, log into WHM and edit the firewall:

ConfigServer Security & Firewall > Firewall Configuration. Add port range 60000:65000 to the TCP_IN rules and save!

Update: Configuring the Passive FTP Mode on a Microsoft Azure Instance
See this article: https://docs.plesk.com/en-US/onyx/deployment-guide/plesk-installation-and-upgrade-on-public-cloud-services/installing-plesk-on-microsoft-azure/configuring-the-passive-ftp-mode-on-a-microsoft-azure-instance.79079/