Exabytes (Hosting Review)

as we all know Exabytes the #1 hosting provider in Malaysia, now on facebook.

What you can get when subscribe domain/hosting plan with exabytes?

1. Excelent support. (it takes about 30 minutes on every support ticket to reply 24/7)

2. Tip top hardware.

- exabytes using latest technology to run our blog or business website. it will up in about 2-5 minutes after payment was made. just have a try http://exabytes.com.my and you will suprise.

3. No need to be expert.

- as normal user, you only think on how to expand your business. the rest, let exabytes do things for you. their experties will ensure your website will run in every second.

4. Easy to use

- With website builder, you can design your own website and it saves cost. there are preinstalled software like joomla, wordpress and shopping cart system. just click setup and its ready to use. no need to download, upload, database setup. no headache. click and you're done!

Visit for more information: http://www.facebook.com/exabytes.com.my

ipv6 presentation is helping

to complete all the task, you can follow the instruction

http://ipv6.he.net/presentations.php

level5 completed. now i'm professional

now i'm professional

how to complete?

go to http://www.tunnelbroker.net

set rdns to he.net (ns1-ns5.he.net)

go to http://dns.he.net

click add to reverse

input your ipv6 ip address and follow the step.

now going to sleep. zzZZzzz!!

level 4 email ipv4 passed

i'm upgrading to administrator :)

http://ipv6.he.net/certification/scoresheet.php?pass_name=apis17

reference: http://logout.sh/computers/sendmail/ipv6/

uncomment sendmail.mc

DAEMON_OPTIONS(`Port=smtp, Name=MTA, Family=inet6')dnl

csf ipv6 block all incoming connection

there is solution

TCP6_OUT = "0:65535"
UDP6_OUT = "0:65535"

reference: http://forum.configserver.com/viewtopic.php?t=3662

ipv6 enabled :)

http://ipv6.apis17.info

install ip6tables on centos

yum info iptables\*

Name : iptables-ipv6

Arch : i386

Version : 1.3.5

Release : 5.3.el5_4.1

Size : 161 k

Repo : base

Summary : IPv6 support for iptables.

URL : http://www.netfilter.org/

License : GPL

Description: The iptables package contains IPv6 (the next version of the IP

: protocol) support for iptables. Iptables controls the Linux kernel

: network packet filtering code, allowing you to set up firewalls and

: IP masquerading.

:

: Install iptables-ipv6 if you need to set up firewalling for your

: network and you are using ipv6.

yum install iptables-ipv6 -y

reference: http://www.0x61.com/forum/centos-linux-f91/how-to-install-ip6tables-t1256762.html

upgraded to level 3 ipv6 yess.. :)

http://ipv6.he.net/certification/scoresheet.php?pass_name=apis17

more more..

configuring ipv6 tunnel under linux

Legend of variables:
$ipv4a = tunnel server's IPv4 IP
$ipv4b = user's IPv4 IP
$ipv6a = tunnel server's side of point-to-point /64 allocation
$ipv6b = user's side of point-to-point /64 allocation

Using ifconfig:

ifconfig sit0 up
ifconfig sit0 inet6 tunnel ::$ipv4a
ifconfig sit1 up
ifconfig sit1 inet6 add $ipv6b
route -A inet6 add ::/0 dev sit1

Using ip:

ip tunnel add he-ipv6 mode sit remote $ipv4a local $ipv4b ttl 255
ip link set he-ipv6 up
ip addr add $ipv6b dev he-ipv6
ip route add ::/0 dev he-ipv6

reference: http://www.tunnelbroker.net/forums/index.php?topic=18.0

level 2 ipv6 certifivate

yess.. now i am ipv6 level 2. the explorer

my previous certificate

clean up disk space

today i delete previous kernel files. this freed up about 200MB :)

[root@local html]# df -h

Filesystem Size Used Avail Use% Mounted on

/dev/hdb6 8.6G 7.9G 250M 97% /

i'm using this reference:

http://www.cyberciti.biz/faq/proper-way-to-remove-old-linux-kernels/

haildb

facebook mysql rss entries shows about haildb

what is haildb?

http://www.haildb.com/

i not have any idea yet. this maybe high performance database to compete with mysql. cool.

joomla hardening

http://www.la-samhna.de/samhain/s_download.html

i'm searching on guide how to block brute force on website like joomla or custom php software that have login options

search engine brought me to this

Host Based Intrusion Detection - Samhain

http://www.howtoforge.com/host-based-intrusion-detection-samhain

i'm trying and hope to update later.

gomez email recipt

gomez email recipt, a photo by apis17 on Flickr.

get your own account at:

http://gomez.apis17.info

freebsd again

after comparing the bsd variation, i found that openbsd is more suitable for servers

http://forums.whirlpool.net.au/archive/488714

this brought me to http://www.openbsd.org/

and Open BSD as Xen dom U

http://wiki.stocksy.co.uk/wiki/OpenBSD_as_a_Xen_domU

this is interesting.

install freebsd on xen domU domain

i'm reading this

http://forums.freebsd.org/showthread.php?t=10268

and this

http://www.netbsd.org/ports/xen/howto.html#netbsd-domU

will be long day then. :)

nginx made me happy

no more incomplete page. fast loading, stable and very enjoy made me want to lompat lompat.

mysql load also reduced.

nginxcp made easy

for all cpanel administrators i recomend using nginx.

yesterday, new release was found.

Nginx Admin (Stable version) v2.3 released

this is using newest nginx 10

read more http://nginxcp.com/forums/Thread-nginx-admin-stableversion-v2-3-released

don't forget to visit main website http://nginxcp.com/

now i'm using nginx and very happy on performance and there are nginx control panel in whm >> plugin too.. :)

ngnix caching proxy

http://www.rfxn.com/nginx-caching-proxy/

need for later use

http://www.hostmedic.com/admin/network_administration/nginx-apache-happy-fast-cpanel-server/

4gb seg fixup, process tailwatchd

4gb seg fixup, process tailwatchd (pid 2050), cs:ip 73:001d3b78

printk: 57 messages suppressed.

4gb seg fixup, process tailwatchd (pid 2050), cs:ip 73:001d3b78

printk: 56931 messages suppressed.

4gb seg fixup, process tailwatchd (pid 2050), cs:ip 73:001d3b78

printk: 57093 messages suppressed.

4gb seg fixup, process tailwatchd (pid 2050), cs:ip 73:001d3b78

printk: 114397 messages suppressed.

4gb seg fixup, process mysqld (pid 22760), cs:ip 73:00e6b4b5

printk: 23090 messages suppressed.

4gb seg fixup, process tailwatchd (pid 2050), cs:ip 73:001d3b78

printk: 99415 messages suppressed.

4gb seg fixup, process tailwatchd (pid 2050), cs:ip 73:001d3b78

printk: 57 messages suppressed.

the solution

mv /lib/tls /lib/tls.disabled mv /usr/lib/tls /usr/lib/tls.disabled echo hwcap 0 nosegneg > /etc/ld.so.conf.d/kernelcap-`uname -r`.conf ldconfig

reboot the server

reference: http://forum.lxcenter.org/index.php?t=msg&goto=42027&

clear logs

refer to this page

http://www.linuxquestions.org/questions/debian-26/how-to-clear-all-kinds-of-logs-under-debian-404616/

cat /dev/null > /var/log/messages
cat /dev/null > /var/log/wtmp
cat /dev/null > /var/log/maillog

etc..

this will delete the contents of the file without removing the file itself or changing any of it's permissions. Repeat as necessary for each log file, write into a bash script whatever.. then delete all the numbered log files ( i.e. messages.1.tar.gz ) which are old logs that have been backed up from logrotate or a similar app.

from farslayer

some error logs with location

cat /dev/null > /var/log/messages
cat /dev/null > /var/log/openwebmail.log
cat /dev/null > /var/log/maillog
cat /dev/null > /var/log/secure
cat /dev/null > /var/log/httpd/error_log
cat /dev/null > /var/log/httpd/ssl_error_log
cat /dev/null > /var/log/httpd/ssl_request_log
cat /dev/null > /var/log/httpd/ssl_access_log

fine tune mysql server

http://serverfault.com/questions/53266/how-to-fine-tune-our-mysql-server

bookmark this page for later reference

filesystem benchmarking

http://honglus.blogspot.com/2010/02/file-system-benchmarking.html

yum install bonnie

yum install iozone

make sure you have rpmforge repositories

ps: another benchmark

http://fclose.com/b/linux/2260/xen-domus-io-performance-of-lvm-and-loopback-backed-vbds/

generate ssh keys

http://wiki.ocssolutions.com/Generating_an_SSH_key#Webmin_Users

Webmin Users

Connect to your account via SSH and issue these commands:

ssh-keygen -t dsa 

Just hit enter on all questions, the defaults are fine. Do not enter a passphrase unless you want one.

Then run,

mv ~/.ssh/id_dsa.pub ~/.ssh/authorized_keys chmod 0700 ~/.ssh chmod 0600 ~/.ssh/* chmod 0751 ~ cat ~/.ssh/id_dsa 

When you run the last command, it will display the private key. Copy and paste that key into a text editor and save it as id_dsa. Alternatively you can download it using FTP or SCP. Either way, delete the file once you've saved it as you don't need it on the server anymore (and in fact, do NOT want it on the server), via FTP, or by running:

rm -f ~/.ssh/id_dsa 

It is now ready for use in your SSH client of choice. See Connecting via SSH for more information.

htop

yum install htop

very funny top version but it is nice.

p:s/ make sure you have rpmforge repository

prevent ddos attact

just for future reference

http://woshka.com/blog/linux/centos/the-way-to-prevent-ddos-attacks.html

mysql tuning

this is good reference how to do about optimizing mysql setting

http://serverfault.com/questions/148926/mysql-optimizing

http://www.ibm.com/developerworks/library/l-tune-lamp-3.html

how to install rpmforge repository

wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm

2011-04-12 12:01:04 (11.8 KB/s) - `rpmforge-release-0.5.2-2.el5.rf.i386.rpm' saved [12680/12680]

rpm -Uvh rpmforge-release-0.5.2-2.el5.rf.i386.rpm

warning: rpmforge-release-0.5.2-2.el5.rf.i386.rpm: Header V3 DSA signature: NOKEY, key ID 6b8d79e6

Preparing... ########################################### [100%]

1:rpmforge-release ########################################### [100%]

# yum update

rpmforge | 1.1 kB 00:00

rpmforge/primary | 2.2 MB 00:12

rpmforge 10694/10694

Done.

reference: http://www.cyberciti.biz/tips/rhel5-fedora-core-add-new-yum-repository.html

install domainkey on cpanel

http://karthickv.wordpress.com/2008/06/28/how-to-install-domain-keys-on-a-cpanel-server/

/usr/local/cpanel/bin/domain_keys_installer username  It will install for the domain (test.com) successfully. Now you can verify it from the db record of the domain. The following new entry will be added in the db record.

vi /var/named/test.com.db  default._domainkey.username IN TXT "k=rsa; p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOmrn9fVOia0KET1UwIDAQAB;"  rndc reload test.com Restart exim service.

Now you can verify it by creating a new mail account test123@test.com and send an email to yahoo account, then verify the headers.

Return-Path:        Authentication-Results:  mta398.mail.re4.yahoo.com from=test.com; domainkeys=pass (ok) Received:    from mta398.mail.re4.yahoo.com with SMTP; Sun, 27 Apr 2008 03:49:29 -0700 DomainKey-Signature:     a=rsa-sha1; q=dns; c=nofws; s=default; d=test.com; 9BZnoI9FAPMSTPY;  From the above headers you can confirm that domain key is working fine for

another reference

http://www.sohailriaz.com/how-to-add-domainkeys-and-spf-records-on-cpanel-servers/

this is my script

#!/usr/bin/perl print “\nStarting install of Domainkeys\n”; my %OPTS = @ARGV; my $user = $OPTS{‘user’}; system(“/usr/local/cpanel/bin/domain_keys_installer”,$user); system(“/usr/local/cpanel/bin/spf_installer”,$user); print “\nDone with install of Domainkeys\n”;exit;

suspicious process under dbus

http://forum.configserver.com/viewtopic.php?t=2218

i'm trying this and not received any problem yet.

centos update 5.6

Today i found too many updates for centos. 102 updates. wow.

mysql troubleshooting

mysql> SHOW FULL PROCESSLIST\G
>>>> (ERROR 2006 (HY000): MySQL server has gone away)

http://dev.mysql.com/doc/refman/5.0/en/show-processlist.html
http://dbaspot.com/forums/mysql/147301-error-2006-hy000-mysql-server-has-gone-away.html

Max concurrent user

http://forums.cpanel.net/f189/how-raise-maxclient-apache-2-2-16-a-170946.html

Place the limits in /usr/local/apache/conf/includes/pre_main_global.conf file for ServerLimit and MaxClients instead, then run the following commands:

Code:

cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.bak101029 /usr/local/cpanel/bin/apache_conf_distiller --update /scripts/rebuildhttpdconf /etc/init.d/httpd restart

This will backup your current httpd.conf, run the distiller to distill the changes in the include file, rebuild Apache configuration file, then restart Apache.

finally - NAT server works!

i'm using this template

#---------------------------------------------------------------  # Load the NAT module #  # Note: It is best to use the /etc/rc.local example in this  #       chapter. This value will not be retained in the  #       /etc/sysconfig/iptables file. Included only as a reminder.  #---------------------------------------------------------------    modprobe iptable_nat   #---------------------------------------------------------------  # Enable routing by modifying the ip_forward /proc filesystem file #  # Note: It is best to use the /etc/sysctl.conf example in this  #       chapter. This value will not be retained in the #         /etc/sysconfig/iptables file. Included only as a reminder.  #---------------------------------------------------------------    echo 1 > /proc/sys/net/ipv4/ip_forward    #---------------------------------------------------------------  # Allow masquerading # - Interface eth0 is the internet interface  # - Interface eth1 is the private network interface  #---------------------------------------------------------------    iptables -A POSTROUTING -t nat -o eth0 -s 192.168.1.0/24 -d 0/0 \           -j MASQUERADE     #---------------------------------------------------------------  # Prior to masquerading, the packets are routed via the filter  # table's FORWARD chain.  # Allowed outbound: New, established and related connections  # Allowed inbound : Established and related connections  #---------------------------------------------------------------    iptables -A FORWARD -t filter -o eth0 -m state \           --state NEW,ESTABLISHED,RELATED -j ACCEPT     iptables -A FORWARD -t filter -i eth0 -m state \           --state ESTABLISHED,RELATED -j ACCEPT 

thank you for faj-kumar for let me find this

http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables

another linux journal

i'm now reading this post by raj-kumar.

http://raj-kumar-linux.blogspot.com/2010_03_07_archive.html

:)

tcptrack

how to install tcptrack

wget http://packages.sw.be/tcptrack/tcptrack-1.1.5-1.2.el5.rf.i386.rpm

yum install libpcap.i386

rpm -Uvh tcptrack-1.1.5-1.2.el5.rf.i386.rpm

run the program

tcptrack -i eth0

Done..