Add the following lines to your /usr/local/directadmin/conf/directadmin.conf file:
/etc/init.d/directadmin restart
---
skip_databases_in_backups=1: This will exclude all MySQL databases during the backup process.
skip_domains_in_backups=1: This will exclude all domains (website files) during the backup process.
skip_imap_in_backups=1: This will exclude all email messages which are stored in user mailboxes during the backup process.
1. 下载和安装mod_limitipconn
wget http://dominia.org/djao/limit/mod_limitipconn-0.24.tar.bz2 bzip2 -d mod_limitipconn-0.24.tar.bz2 tar xvf mod_limitipconn-0.24.tar cd mod_limitipconn-0.24 apxs -c -i -a mod_limitipconn.c chmod 755 /usr/lib/apache/mod_limitipconn.so
2. 应用每个用户
创建自定义用户 VirtualHost 模板
cd /usr/local/directadmin/data/templates cp virtual_host2*.conf custom cd custom
编辑 virtual_host2.conf ,在 VirtualHost 中添加以下内容
<IfModule mod_limitipconn.c> <Location /> MaxConnPerIP 10 NoIPLimit images/* </Location> </IfModule>
案例
#省略... <VirtualHost |IP|:|PORT_80| |MULTI_IP|> |CUSTOM| |?CGI=ScriptAlias /cgi-bin/ `DOCROOT`/cgi-bin/| ServerName www.|DOMAIN| ServerAlias www.|DOMAIN| |DOMAIN| |SERVER_ALIASES| ServerAdmin |ADMIN| DocumentRoot |DOCROOT| |CGI| |USECANONICALNAME| <IfModule !mod_ruid2.c> SuexecUserGroup |USER| |GROUP| </IfModule> <IfModule mod_limitipconn.c> <Location /> MaxConnPerIP 9 NoIPLimit images/* </Location> </IfModule> #省略...
重建所有用户 httpd.conf
cd /usr/local/directadmin/custombuild ./build rewrite_confs
重启Apache
service httpd restart
完成!
cat /usr/local/directadmin/scripts/setup.txt
请注意,安装适用于 CustomBuild 2.0
cd /usr/local/directadmin/custombuild ./build update ./build set modsecurity yes ./build set modsecurity_ruleset comodo ./build modsecurity
wordpress后台暴力破解规则
/usr/local/cwaf/tmp/rules/workdir1/rules
新建文件,内容如下,保存后设置所属用户重启apache
SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:5000134
<Locationmatch "/wp-login.php">
# Setup brute force detection.
# React if block flag has been set.
SecRule user:bf_block "@gt 0" "deny,status:401,log,id:5000135,msg:'ip address blocked for 5 minutes, more than 10 login attempts in 3 minutes.'"
# Setup tracking. On a successful login, a 302 redirect is performed, a 200 indicates login failed.
SecRule RESPONSE_STATUS "^302" "phase:5,t:none,nolog,pass,setvar:ip.bf_counter=0,id:5000136"
SecRule RESPONSE_STATUS "^200" "phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/180,id:5000137"
SecRule ip:bf_counter "@gt 10" "t:none,setvar:user.bf_block=1,expirevar:user.bf_block=300,setvar:ip.bf_counter=0"
</locationmatch>
SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:5000234
<Locationmatch "/xmlrpc.php">
# Rate limit requests to xml-rpc
SecRule user:bf_block "@gt 0" "deny,status:401,log,id:5000235,msg:'ip address blocked for 5 minutes, more than 10 attempts in 3 minutes.'"
# Setup tracking. Whenever it gets a 200 or 405 status code, increase our brute force counter.
SecRule RESPONSE_STATUS "^(200|405)" "phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/180,id:5000237"
SecRule ip:bf_counter "@gt 10" "t:none,setvar:user.bf_block=1,expirevar:user.bf_block=300,setvar:ip.bf_counter=0"
</Locationmatch>规则来自:https://github.com/sensson/puppet-directadmin/blob/master/templates/modsecurity/modsec-wordpress.conf.erb
Hello,
update script not part from directadmin.com
**** USE IT YOUR OWN RISKS *********
*****
*****GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 2006,2007 Free Software Foundation, Inc.
51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Update script made by Wael Isa
H188, R4008, Arad 240, Kingdom of Bahrain
http://www.web4host.net
Version: 1.8.1
Release Date: 1 / 9 / 2006*****
*****
*****If you find update script useful, please consider to make a donation to support this freeware.
Please keep in mind that donations are welcome, but in no way required to use and distribute update.script.
You can support update.script by paypal – CLICK HEREupdate.script Version: 1.8.1
update script tested in this OS 32bit and 64bit.
- RedHat Linux
- RedHat Fedora
- RedHat Enterprise
- CentOS
- Debian
安装
mkdir /usr/local/updatescript
cd /usr/local/updatescript
wget http://tools.web4host.net/update.script
chmod 755 update.script
Run this to read how to use.
运行以下命令查看如何使用
./update.script
查看更多:http://www.web4host.net/update-script/
有些管理员不希望每个IP被封锁都得到DA的通知
brute_force_notice_ip.sh 的触发只发生在DA发送XX IP尝试多少次登入失败通知的时候,现在DA已经添加了一个选项,以防止发送,但brute_force_notice_ip.sh 仍然工作。
该directadmin.conf选项将是:
hide_brute_force_notifications=0
这是默认(选项禁用,发送通知)
如果你想不发通知,但brute_force_notice_ip.sh仍然工作,设置directadmin.conf:
hide_brute_force_notifications=1
wget -O capri http://www.outservices.net/soft/capri.sh
sh capri
随便输入密钥
然后把此文件覆盖过到:/usr/local/directadmin/data/skins/Capri/inc/
摘自:http://www.hostloc.com/thread-214830-1-1.html
为了减少一些误报,我们需要把 Directadmin 的一些值得信赖的服务添加CSF/LFD例外。编辑/etc/csf/csf.pignore 输入以下内容:
cmd:spamd child exe:/bin/dbus-daemon exe:/sbin/ntpd exe:/usr/bin/dbus-daemon exe:/usr/bin/dbus-daemon-1 exe:/usr/bin/fetchmail exe:/usr/bin/freshclam exe:/usr/libexec/dovecot/anvil exe:/usr/libexec/dovecot/imap exe:/usr/libexec/dovecot/imap-login exe:/usr/libexec/dovecot/managesieve exe:/usr/libexec/dovecot/managesieve-login exe:/usr/libexec/dovecot/pop3 exe:/usr/libexec/dovecot/pop3-login exe:/usr/libexec/gam_server exe:/usr/libexec/hald-addon-acpi exe:/usr/libexec/hald-addon-keyboard exe:/usr/local/bin/clamd exe:/usr/local/bin/freshclam exe:/usr/local/bin/pureftpd_uploadscan.sh exe:/usr/local/directadmin/dataskq exe:/usr/local/directadmin/directadmin exe:/usr/local/libexec/dovecot/imap exe:/usr/local/libexec/dovecot/imap-login exe:/usr/local/libexec/dovecot/pop3 exe:/usr/local/libexec/dovecot/pop3-login exe:/usr/local/mysql-5.1.54-linux-x86_64/bin/mysqld exe:/usr/local/php53/bin/php53 exe:/usr/local/php53/bin/php-cgi53 exe:/usr/local/php53/bin/php_uploadscan.sh exe:/usr/local/php53/sbin/php-fpm53 exe:/usr/local/php54/bin/php54 exe:/usr/local/php54/bin/php-cgi54 exe:/usr/local/php54/bin/php_uploadscan.sh exe:/usr/local/php54/sbin/php-fpm54 exe:/usr/local/php55/bin/php55 exe:/usr/local/php55/bin/php-cgi55 exe:/usr/local/php55/bin/php_uploadscan.sh exe:/usr/local/php55/sbin/php-fpm55 exe:/usr/local/php56/bin/php56 exe:/usr/local/php56/bin/php-cgi56 exe:/usr/local/php56/bin/php_uploadscan.sh exe:/usr/local/php56/sbin/php-fpm56 exe:/usr/local/sbin/nginx exe:/usr/sbin/exim exe:/usr/sbin/hald exe:/usr/sbin/httpd exe:/usr/sbin/mysqld exe:/usr/sbin/mysqld_safe exe:/usr/sbin/named exe:/usr/sbin/nginx exe:/usr/sbin/ntpd exe:/usr/sbin/proftpd exe:/usr/sbin/pure-ftpd exe:/usr/sbin/sshd
然后重启LFD:
/etc/init.d/lfd restart
来自:https://www.plugins-da.net/info/csf-lfd-exceptions-for-directadmin-csf.pignore
p.s. Based on this thread: http://forum.directadmin.com/showthread.php?t=49424
如果你发现在DA打开CSF提示如下错误:
Permission denied [User:admin UID:501]
可以执行如下命令修复:
chown root /usr/local/directadmin/plugins/csf/exec/csf chmod 4755 /usr/local/directadmin/plugins/csf/exec/csf
如果你想禁用DirectAdmin的da-popb4smtp服务
编辑 /etc/exim.conf
找到: hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts
修改为: hostlist relay_hosts =
重启 exim
/etc/init.d/exim restart # Redhat/Debian
/usr/local/etc/rc.d/exim restart # FreeBSD
来自:http://help.directadmin.com/item.php?id=467