i have a dedicated server that i use for stream flv files. In this server i have apache.
Do you know any apache solution for prevent streaming of flv files to others domain name ? I want to stop leeching and permit stream of files only for my domain name. The htaccess solution in my case don't works...
It is possible to have anti-virus and anti-spam enabled by default when we go to "CREATE E-MAIL ADRESS" -> "SPAM FILTER" / "ANTI-VIRUS" is always disabled.
View 13 Replies View RelatedWhat are the advantages/disadvantages of running PHP as Apache module vs. running PHP as CGI module on your server?
View 5 Replies View RelatedSeems like I'm having considerable problems with APF's antidos feature. I keep getting legit users banned from my site, and don't know how to stop it (other than disabling antidos altogether, but I guess there should be another way).
I've already set:
TRIG="100"
SF_TRIG="100"
...in the antidos configuration file but I'm still seeing more and more legit IPs getting added to ad.rules. I've read that raising or lowering LN="100" is the other tweak I should try, but there simply is no such value defined in my conf.antidos file.
Another thing I noticed that, although I only got two notification mails telling me about "attackers" blocked by antidos, there are roughly 40 entries in ad.rules. As a matter of fact, I don't understand what antidos is doing there in the first place. Seems like iptables doesn't log to var/log/messages anyway, at least not on my machine - so where is antidos getting those ips from?
I would like to know is there any module for Apache which can collect information like who is surfing our website and how many pages they have accessed in last one hour. I know awstats or webalizer can do this but i need some thing realtime on apache level.
View 4 Replies View RelatedI found a script that updated php to 5.5, however it's only enabling me to run it as a CGI script, if I want to run PHP an Apache module, it's still only 5.3. How can I upgrade the Apache version?
View 3 Replies View RelatedWhat wil be the best way to protect an Apache server from a DDoS attack? Is there an Apache module for this type of problem?
View 14 Replies View RelatedI have a server running Apache 2 with PHP as an Apache module. There are a few php scripts that use lots of cpu when they run and have lots of hits, but Apache is still running fine and pages and php scripts load pretty fast. I was just wondering if running PHP as fastcgi would use less cpu or make php scripts load faster.
View 0 Replies View RelatedI have recently installed the latest version of apache which is version 2.2.4 and it seems many modules were left out so I decided to add one of my favorite modules myself
I have DirectAdmin install so here is what I did
I edited this file: configure.apache_2
and at the end of the file added --enable-expires
After adding normally we would recompile apache I was doing that and I got this error
Code:
/usr/local/directadmin/customapache/configure.apache_2: line 24: --enable-expires: command not found
*** There was an error while trying to configure Apache 2. Check the configure.apache_2 file
Not sure what I'm doing wrong if someone could help me I would be greatful.
I have some questions about the LDAP authentication module.I have a LDAP authentication with this config:
<AuthnProviderAlias ldap ldap-account>
AuthLDAPBindDN "CN=directory search,OU=Service-User,DC=company,DC=ch"
AuthLDAPBindPassword "xxxxx"
AuthLDAPURL "ldap://ldap.company.ch/ou=Users,dc=company,dc=ch?sAMAccountName?sub?(objectClass=*)"
</AuthnProviderAlias>
If a User logs in with username only, all works correct. If a user use the DomainUsername format, the login is rejected with "user not found".Should it not work with both login styles ? Or is there a option to reformat or rewrite the username before authentication without the "Domain part ?
I am trying to migrate a VPS with:
- Plesk 12 (v12.0.18 Update #40) and
- Linux CentOS 6.6 (v2.6.32-504.12.2.el6.x86_64)
to another VPS with:
- Plesk 12 (v12.0.18_build1200140606.15) and
- Linux CentOS 6.6 (v2.6.32-504.12.2.el6.x86_64)
I tried to do the following:
- Tools & Settings / Tools & Resources / Migration & Transfer Manager / Start New Migration
- Data source: Transfer data from another server
- Transfer the following data / Migrate the whole server
Following error/warrning message is recieved then:The following Apache modules are disabled on the destination server: sysenv. Please enable these modules to prevent possible problems.
I am experiencing this problem right now. None of my website is running. But httpd status says running. What's wrong?
[root@cent cron]# apachectl restart
[Mon Apr 13 20:10:11 2008] [warn] module php5_module is already loaded, skipping
[root@cent cron]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [Mon Apr 13 20:10:55 2008] [warn] module php5_module is already loaded, skipping
[root@cent cron]# service httpd status
httpd (pid 24100 24099 24098 24097 24096 24094) is running...
I have been a web developer using PHP for years now, and my work laptop runs CentOS with PHP5 as an Apache Module. This suits me just fine for development, but now I want to setup a web server that runs PHP 4.4.8 and PHP 5.2.5 and offer hosting to people. I know PHP4 is very old, but I am looking to offer my users the freedom of choice, as there are still third party applications out there that may need to be run on PHP4.
I will want PHP 5 to be the default, and allow PHP 4 to be used if either the file extension is .php4, or they have a line in their .htaccess file. I have seen various tutorials in search engine results saying to run both, I can either do one of the following:
1. Install PHP5 as a module, and run PHP4 using FastCGI
2. Install PHP5 and PHP4 and run both using FastCGI
3. Install PHP4 as a module, and run PHP5 using FastCGI
In the future I will also be looking to support PHP6 once a stable version has been released, though that will probably be optional to begin with and require a line in the .htaccess file too - like PHP4. I will be using Apache 2.2.8 on CentOS 5.1. I am also looking to install Ruby on Rails and Django too, which I think use FastCGI.
What's the difference between running as an Apache Module, or using FastCGI? This will be for a shared hosting environment so performance over lots of connections, stability and security are my concerns. Should I run everything using FastCGI, if not, would the default PHP version be better off installed as an Apache Module?
How to be able to fix my problem that is related to the https using apache2 (enabling https in apache2) at opensuse:
By the way, my opensuse version is:
openSUSE 12.1 (x86_64)
VERSION = 12.1
CODENAME = Asparagus
1) At the /etc/apache2/vhosts.d/vhost-ssl.conf, and if I do not have a name (as the server will be accessed using its IP address), can I place in the ServerName 192.168.0.5? Do I have to place it 192.168.0.5:443 or it is enough to be 192.168.0.5?
2) Is there a relation between the SSLCipherSuite values and the used method to generate the certificate?
3) I am afraid from the way that I am using to generate the certificate and the ssl module that is coming with apache2 at my machine which has opensuse. How can I select the right way?
Actually I used following commands to generate the .crt, .key and the .csr:
openssl genrsa -des3
openssl req -new -x509
openssl x509 -req
And that was from this link: [URL] .... But did not work with me !
Meanwhile I am placing:
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
4) Do I have to configure the virualhost? Do I have to create files under the directory /etc/apache2/vhosts.d? Because I will have one application to be browsed .. nothing more.
Is there a possibility to enable php-fpm serverwide and to disable running php as apache on the server?
This for both existing subscriptions as for new subscriptions ?
to install mod_evasive module on our Apache2 that runs on Fedora server. However, for that we need Apache's apxs to compile it. We found out that we can do that by running the
yum install httpd-devel
However, when we run that, we get the following:
=============================================================================
Package Arch Version Repository Size
=============================================================================
Installing:
httpd-devel i386 2.2.8-1.fc7 updates 144 k
Updating:
httpd i386 2.2.8-1.fc7 updates 1.0 M
openldap i386 2.3.34-7.fc7 updates 291 k
Installing for dependencies:
apr-devel i386 1.2.8-6 fedora 170 k
apr-util-devel i386 1.2.10-1.fc7 updates 54 k
cyrus-sasl-devel i386 2.1.22-8.fc7 updates 351 k
db4-devel i386 4.5.20-5.fc7 fedora 2.3 M
expat-devel i386 1.95.8-9 fedora 129 k
openldap-devel i386 2.3.34-7.fc7 updates 1.5 M
Updating for dependencies:
httpd-manual i386 2.2.8-1.fc7 updates 821 k
mod_ssl i386 1:2.2.8-1.fc7 updates 85 k
openldap-clients i386 2.3.34-7.fc7 updates 179 k
Transaction Summary
==========================================
Install 7 Package(s)
Update 5 Package(s)
Remove 0 Package(s)
Total download size: 7.0 M
We're kind of cautios, because we have never updated Apache on our live server. We'd prefer if we could download and install just the httpd-devel module. Is this possible?
If not, would this mess up any of our existing configuration? Could we expect any problems? And do we need to shut Apache down, then run the updates and only then restart it?
Hosting Settings
There is no php support - so i canĀ“t change or choose running as apache module or cgi application (s. screenshot)...
OS Ubuntu 12.04.5 LTS
Panel version 11.5.30 Update #50, last updated at July 17, 2015 03:46 AM
One of my potential client is getting DDOS occassionally. According to the DCs-PCCW and Singtel, the attacks come from China mainly and the DDOS used up all the available bandwidth.
I have asked many DC in Hong Kong. Most of them said they will only null route their IPs and wait the DDOS gone. It seems that none of the DC in HK offer any sort of Anti-DDOS solution.
My client don't want their site completely offline every time they got attacked. So, could any professional suggest what we can do?
What I am thinking of is:
1. Getting 2 connection from different bandwidth providers
2. Using Geo DNS: [url]
Then, I can separate all China users by forcing them to use 1 connection. Will this work? Is there any potential problem here?
Also, I am also thinking of using BGP. Will that make us partially visible as well?
Can you recommend any anti DDOS provider that can help My servers are being attacked by low bandwidth, botnet attack.
View 14 Replies View RelatedWe have 2 servers, one running Windows 2003 Enterprise that hosts a ColdFusion app, and one running Windows 2003 Standard that hosts our SQL database that is used by the CF app. Nothing else runs on them.
Does anyone have any suggestions for anti-virus products that we could use on these? I don't want one of those elaborate and expensive "suite" programs. I just need to protect the boxes.
I use Kaspersky on our individual machines, and I really don't care much for Norton anymore.
it seems people tell Dos Deflate is the best basic antiddos script and tons of webhosts use it.
I think its ratter old and it doesnt work for anything these days. Why do hosts still run it? And why isnt there a better alternative?
I used Deflate some years ago and I got problems. And tried then after some years again and nothing changed, the same basic old script which counts connections and ban IPs.
The think with Deflate is that if you have a high limit, lets say ban with 150 connections per IPs, its absolutely worthless for attacks, since you are letting already 150 connections per IP.
And if you lower it at least me got with tons of problems banning real visitors. Even over 150 I had complaints about real visitors on a server telling the server blocks him. Dont ask me how someone has 150 connections to a servers but I got complaints from multiples people over the world the 1 month i had it running over a 2 years ago.
I also see a really big problem with it. Allot of ISP share IPs between users. So its really possible you get 200 connections from the same IP and they are different users. Banning an IP based on the connections you can probably shutdown a full IPS and their visitors. I wish there was a better solution but using a high value like 300 or 500 doesnt make sense in a Dos attack. And if you use a low value you start to get into problems.
We agree it will not work with distributed attacks but I dont think it can even work with single attacks since besides connection count it doesnt seem to be any more analisys behaviour.
The way I would make a script like that. Is to check all traffic and IPS all the time. And mark IPs that always access a server ass good ones. The newer the IP the more suspicious. On a attack this way real visitors would still pass but attackers will not as they are new ips. You can also match then the number of times its connecting, how long, etc.
Over the past number of years there has been an obvious increase in credit card fraud and identity theft.
Our policies have always tried to stay a step ahead but it seems no matter what is done the occasional fraudster manages to squeeze through, costing us a lot of money. At one some point in early 2009, it got as bad as 60% of the orders we received. It ended up eating a LOT of our time just to go through each order and verify them as best we could.
What methods do you use to fight fraud?
I'll start with some of the things we do.
- Require CVV code on the credit card
- We call the customer's telephone number and verify with them. - Verify the telephone number matches the region of the address they provide
- Require the CC issuing Bank's name and number
- We often require the customer to fax a signed credit card authorization form
- GeoIP matches location of the address in the order
Obviously the big challenge is proving that the person placing the order is the actual owner of the card. I've received the correct CVV, spoken with the customer on the phone number, had the phone number match the region... non-US so I wasn't able to verify their telephone details with the issuing bank. Had the GeoIP match and still found out it was fraud.
On a side note: Am I the only one that feels banks and those issuing credit cards need to take more responsibility for a system that's clearly broken? Even after going through the process above, it can still be fraud with a chargeback issued. In those cases, the company loses the money they made, pay a fee to the payment provider, lost time for Sales Reps and Tech Reps, and of course they lose money on hardware, electricity and bandwidth.
Is there any anti proxy script which can detect any proxy sites on my server and kill it?
View 4 Replies View RelatedI am running Win2003 server with Plesk 8.3. Antivirus running is F-Prot. Me and my clients have been getting a lot of spam emails and I am looking for suggestions on how to stop them. Plesk seems to provide some options for checking blacklisted spam servers but I was not too satisfied with the result. Maybe I was not looking up the right urls?
So, any suggestions on blocking the spam would be welcome. I am ready to pay for it too...but I am on a very tight budget. A free solution would be the best for me at the moment.
I also used SpamAssasin for a time being but it did not work out to any of my client's satisfaction even after a month's "training" of SpamAssasin.
I am interested in ASSP as a anti-spam tool and have heard good things, but I have 1 question I can't seem to find an answer too.
With ASSP is there a way to screen image spam like you can with FuzzyOCR? With ASSP do you even need to scan images at all? Because it waits for the sending server to respond for authentication?
I was running MailScanner / SpamAssasin / FuzzyOCR combo with a couple of chron jobs (to sweep fake bounce email out of the mail que for example) with very effective results, but it took forever to tweak all three to reduce server load. MailScanner was breaking webmail randomly so I have it disabled currently so I get a lot more spam.
We recently had a problem with a mail spammer. He sent over 90,000 emails and had 20,000 in the queue. Is there anyway to possibly stop this as it was really lagging the server bad. So bad the softlayer took it offline for a while...
View 4 Replies View Relatedwhere i can buy some cheap spam protection appliance. Right now, we are buying from mailfoundry, but it is a little bit expensive. I send an email to can spam, but i was quoted 18 K anually, to protect 25K emails. Anyone, have a way to buy some cheap anti-spam appliances.
View 14 Replies View RelatedBest Dedicated Hosting for Anti DDOS - Please Help!
Our website has been coming under attack for the last 6 months. Usually every weekend for 3 days. We are currently hosting at ThePlanet and they do nothing more than turn on Cysco Guard which blocks the bad traffic and the good traffic as well. They don't do anything on their level to block the ddos attack.
I contacted the guys at ProxyShield and they want $1244 a month to route the traffic for us. That's a bit high for someone with a small business not making more than $500 a week online. EDIT: Just got back in touch with them and the $1244 is only for 20mb if you need 100mb it's $2400! that's just insane for a small business.
My question to you guys is who can host us or what services can I use to get rid of these ddos attacks? The Planet has horrible support and I'm not sure where to go or look. Unless we sit at the computer and block every inbound attack all day we simply can't beat it.
Any suggestions?? Currently they are sending SYN_FLOODs in the amount of 93MBit/s and our hosting only includes 100MBit/s, so you can guess how difficult it is to maintain reach ability.
I am trying to purchase either a anti-ddos or firewall machine. My main objective is to prevent from ddos attack.
Do i purchase a anti-ddos hardware (please recommend), or firewall hardware (please recommend)?
anti-ddos and firewall is the same right? is about ip analyse and filter right?
After using the ddoss/firewall , i may also want to subscribe to those third party doss prevention which has big bandwidth, if i have a good hardware anti-ddos/firewall already, do i still need to have subscribe to these services?
Is this just for mail antivirus? where do I see the report of the anti virus?
View 2 Replies View Related
