Windows快速修改用户密码
cmd运行
net user administrator "密码"
administrator为用户名
admin 发布的文章
有CSF防火墙的Centos6安装PPTP VPN
环境:centos6.6,带有CSF的服务器;该安装方法也适用于XEN、KVM虚拟化结构VPS
首先编辑 /etc/csf/csf.conf ,打开1723、1356端口;
vi /etc/csf/csfpre.sh
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -A INPUT -p gre -j ACCEPT
iptables -A OUTPUT -p gre -j ACCEPT
iptables -A FORWARD -i ppp+ -o eth1 -p ALL -j ACCEPT
iptables -A FORWARD -i eth1 -o ppp+ -p ALL -j ACCEPT
iptables -t nat -A POSTROUTING -s 172.16.22.0/24 -j SNAT --to-source `ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR==1 { print $1}'`
iptables -A FORWARD -p tcp --syn -s 172.16.22.0/24 -j TCPMSS --set-mss 1356创建 csfore.sh 设置防火墙开启转发等;注意代码中 eth1 为公网IP网卡
创建安装PPTP一键脚本
vi /root/pptpd6.sh
yum remove pptpd ppp -y
iptables --flush POSTROUTING --table nat
iptables --flush FORWARD
rm -f /etc/pptpd.conf
rm -f /etc/ppp
arch=`uname -m`
yum -y install make libpcap iptables gcc-c++ logrotate tar cpio perl pam tcp_wrappers dkms kernel_ppp_mppe ppp
wget https://www.cnweed.com/usr/uploads/2015/08/pptpd-1.4.0-1.el6.$arch.rpm
rpm -Uvh pptpd-1.4.0-1.el6.$arch.rpm
mknod /dev/ppp c 108 0
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "mknod /dev/ppp c 108 0" >> /etc/rc.local
echo "echo 1 > /proc/sys/net/ipv4/ip_forward" >> /etc/rc.local
echo "localip 172.16.22.254" >> /etc/pptpd.conf
echo "remoteip 172.16.22.1-253" >> /etc/pptpd.conf
echo "ms-dns 8.8.8.8" >> /etc/ppp/options.pptpd
echo "ms-dns 8.8.4.4" >> /etc/ppp/options.pptpd
pass=`openssl rand 6 -base64`
if [ "$1" != "" ]
then pass=$1
fi
echo "vpn pptpd ${pass} *" >> /etc/ppp/chap-secrets
#iptables -t nat -A POSTROUTING -s 172.16.22.0/24 -j SNAT --to-source `ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR==1 { print $1}'`
#iptables -A FORWARD -p tcp --syn -s 172.16.22.0/24 -j TCPMSS --set-mss 1356
#service iptables save
#chkconfig iptables on
chkconfig pptpd on
#service iptables restart
service pptpd start
echo ""
echo "VPN service installed successfully, your VPN username is vpn, VPN password is ${pass}"
echo "Please visit: http://www.cnweed.com"
echo ""保存。然后 csf -r 重启CSF防火墙,以及sh /root/pptpd6.sh 安装脚本
chmod 755 /root/pptpd6.sh csf -r sh /root/pptpd6.sh
注:如果ip_forward没有打开,可以直接修改/etc/sysctl.conf
net.ipv4.ip_forward=1
修改之后运行 sysctrl -p 使其生效
Windows Server 2008 用户只允许一个会话
打开控制面板-管理工具,终端服务-终端服务配置
1、连接:RDP-tcp 点右键,属性。网络适配器-最大连接数,只允许1个。
2、终端服务器授权模式:点右键,属性。常规,限制每个用户只能使用一个会话,掉勾,确定。
3、防止恶搞,阻止远程用户终止控制台管理员
运行-gpedit.msc ,计算机配置-管理模板-Windows组件-终端服务。
终端服务器-连接。
配置:拒绝将已经登录到控制台会话的管理员注销,设置启用。
重启生效
参考:http://dengcunhong.blog.163.com/blog/static/28812917201242611115897/
DirectAdmin主题Capri官方现已开源 免费使用
Capri是一套商務的DirectAdmin主題,用的人應該不少,我個人也相當喜歡。
前段時間,作者已經將這套主題放到github開源了,並且去掉了function.php的license認證機制。
所以現在算是免費提供使用了,就如上圖所示,當然顯示的license就是github version的。
github地址:https://github.com/Terrorhawk/Capri
wget -O capri.sh http://localserver.flaxe.eu/Capri-install/capri.sh chmod +x capri.sh ./capri.sh
相關詳情請查看:
https://forum.directadmin.com/showthread.php?t=51079
转载:http://www.guyusoftware.com/2015-05-16-5921.html
Centos安装hdparm测试硬盘性能
一、安装hdparm
yum install hdparm -y
二、评估读取
SSD 硬盘,请使用hdparm命令进行读取测试。
hdparm -t /dev/sda1 L
SSH执行以上命令,可使用hdparm评估SSD的读取速率。
注意,“/dev/sda1”指的是对应磁盘的驱动号,请执行“fdisk -l”查看。
转载自:http://linux.it.net.cn/CentOS/server/2014/0226/332.html
WHMCS 使用CDN获取真实IP
添加到 configuration.php
$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR']; // 获取真实IP
list($_SERVER['REMOTE_ADDR']) = explode(', ', $_SERVER['REMOTE_ADDR'], 2); // 可能通过多个代理,其中第一个为真实ip地址
$_SERVER['HTTP_X_FORWARDED_FOR'] = $_SERVER['REMOTE_ADDR']; // 添加到WHMCS IP变量
参考:http://www.365mini.com/page/php-get-real-client-ip.htm
Directadmin备份排除用户目录/数据库/IMAP
Add the following lines to your /usr/local/directadmin/conf/directadmin.conf file:
/etc/init.d/directadmin restart
---
skip_databases_in_backups=1: This will exclude all MySQL databases during the backup process.
skip_domains_in_backups=1: This will exclude all domains (website files) during the backup process.
skip_imap_in_backups=1: This will exclude all email messages which are stored in user mailboxes during the backup process.
CentOS里下载百度网盘资源的方法
wget -c --referer=引用地址 -O 文件名 "真实下载地址"
Linux Glibc幽灵漏洞的检查与修复
In this section, we will analyze real-world examples of programs that
call the gethostbyname*() functions, but we first introduce a small test
program that checks whether a system is vulnerable or not:
[user@...ora-19 ~]$ cat > GHOST.c << EOF
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#define CANARY "in_the_coal_mine"
struct {
char buffer[1024];
char canary[sizeof(CANARY)];
} temp = { "buffer", CANARY };
int main(void) {
struct hostent resbuf;
struct hostent *result;
int herrno;
int retval;
/*** strlen (name) = size_needed - sizeof (*host_addr) - sizeof (*h_addr_ptrs) - 1; ***/
size_t len = sizeof(temp.buffer) - 16*sizeof(unsigned char) - 2*sizeof(char *) - 1;
char name[sizeof(temp.buffer)];
memset(name, '0', len);
name[len] = '\0';
retval = gethostbyname_r(name, &resbuf, temp.buffer, sizeof(temp.buffer), &result, &herrno);
if (strcmp(temp.canary, CANARY) != 0) {
puts("vulnerable");
exit(EXIT_SUCCESS);
}
if (retval == ERANGE) {
puts("not vulnerable");
exit(EXIT_SUCCESS);
}
puts("should not happen");
exit(EXIT_FAILURE);
}
EOF
[user@...ora-19 ~]$ gcc GHOST.c -o GHOST
On Fedora 19 (glibc-2.17):
[user@...ora-19 ~]$ ./GHOST
vulnerable
On Fedora 20 (glibc-2.18):
[user@...ora-20 ~]$ ./GHOST
not vulnerable修复漏洞
升级glibc库
RHEL/CentOS : sudo yum update glibc
Ubuntu : sudo apt-get update ; sudo apt-get install libc6
参考:http://www.openwall.com/lists/oss-security/2015/01/27/9
WordPress xmlrpc.php 攻击解决
早上收到DNSPOD的网站宕机报告,访问看了下是被CloudLinux挂起了,资源使用超过限制。于是进去DA,查看Apache日记,看到xmlrpc.php不断被post,有人在尝试爆破后台,这种方式可以绕过WP后台的登录错误限制。解决办法可以安装 Login Security Solution 插件防御。