分类 技术分享 下的文章

请注意,安装适用于 CustomBuild 2.0

cd /usr/local/directadmin/custombuild
./build update
./build set modsecurity yes
./build set modsecurity_ruleset comodo
./build modsecurity

wordpress后台暴力破解规则

/usr/local/cwaf/tmp/rules/workdir1/rules
新建文件,内容如下,保存后设置所属用户重启apache

SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:5000134
<Locationmatch "/wp-login.php">
	# Setup brute force detection.
	# React if block flag has been set.
	SecRule user:bf_block "@gt 0" "deny,status:401,log,id:5000135,msg:'ip address blocked for 5 minutes, more than 10 login attempts in 3 minutes.'"
	# Setup tracking. On a successful login, a 302 redirect is performed, a 200 indicates login failed.
	SecRule RESPONSE_STATUS "^302" "phase:5,t:none,nolog,pass,setvar:ip.bf_counter=0,id:5000136"
	SecRule RESPONSE_STATUS "^200" "phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/180,id:5000137"
	SecRule ip:bf_counter "@gt 10" "t:none,setvar:user.bf_block=1,expirevar:user.bf_block=300,setvar:ip.bf_counter=0"
</locationmatch>

SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:5000234
<Locationmatch "/xmlrpc.php">
	# Rate limit requests to xml-rpc
	SecRule user:bf_block "@gt 0" "deny,status:401,log,id:5000235,msg:'ip address blocked for 5 minutes, more than 10 attempts in 3 minutes.'"
	# Setup tracking. Whenever it gets a 200 or 405 status code, increase our brute force counter.
	SecRule RESPONSE_STATUS "^(200|405)" "phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/180,id:5000237"
	SecRule ip:bf_counter "@gt 10" "t:none,setvar:user.bf_block=1,expirevar:user.bf_block=300,setvar:ip.bf_counter=0"
</Locationmatch>

规则来自:https://github.com/sensson/puppet-directadmin/blob/master/templates/modsecurity/modsec-wordpress.conf.erb

Hello,
update script not part from directadmin.com
**** USE IT YOUR OWN RISKS ****

*****
*****
*****

GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 2006,2007 Free Software Foundation, Inc.
51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Update script made by Wael Isa
H188, R4008, Arad 240, Kingdom of Bahrain
http://www.web4host.net
Version: 1.8.1
Release Date: 1 / 9 / 2006

*****
*****
*****

If you find update script useful, please consider to make a donation to support this freeware.
Please keep in mind that donations are welcome, but in no way required to use and distribute update.script.
You can support update.script by paypal – CLICK HERE

update.script Version: 1.8.1
update script tested in this OS 32bit and 64bit.

  • RedHat Linux
  • RedHat Fedora
  • RedHat Enterprise
  • CentOS
  • Debian
  • OpenSSL (You need to build ssh, apache, php, etc after upgrade)
  • Exim
  • OpenSSH
  • ProFTP
  • ProFTP with mod_clamav
  • phpMyAdmin
  • F-PROT Anti-Virus
  • AVG
  • ClamAV
  • MODclamAV
  • MRTG
  • SquirrelMail
  • SquirrelMail full language pack
  • SpamAssassin
  • MODsecurity 2.x (Apache 2.x Only)
  • ImageMagick
  • GraphicsMagick
  • eAccelerator
  • FFMPEG-php
  • PHP Clamav
  • Webmin control panel (You need to open one port 10000 in your firewall)
  • MailScanner
  • Suhosin
  • NoBody Check

安装

mkdir /usr/local/updatescript
cd /usr/local/updatescript
wget http://tools.web4host.net/update.script
chmod 755 update.script
Run this to read how to use.

运行以下命令查看如何使用

./update.script

查看更多:http://www.web4host.net/update-script/

有些管理员不希望每个IP被封锁都得到DA的通知

brute_force_notice_ip.sh 的触发只发生在DA发送XX IP尝试多少次登入失败通知的时候,现在DA已经添加了一个选项,以防止发送,但brute_force_notice_ip.sh 仍然工作。

该directadmin.conf选项将是:

hide_brute_force_notifications=0

这是默认(选项禁用,发送通知)

如果你想不发通知,但brute_force_notice_ip.sh仍然工作,设置directadmin.conf:
hide_brute_force_notifications=1

在wdcp的后台里,是可以备份这个数据库的,但目前是没有恢复或自动恢复的,那要恢复时,怎么办?
备份目录在
/www/backup/mysql下
要恢复的话,直接解压就可以

tar zxvf dbname.tar.gz -C /www/wdlinux/mysql/var/

这样就可以了,什么都不用操作
dbname.tar.gz为你要恢复的数据库备份文件
当然,这个是默认情况下
有些时候,还需要修改下权限,修改这个解压的目录的权限为mysql

chown -R mysql.mysql /www/wdlinux/mysql/var/dbname

这样修改的原因,主要是有移动过目录或上传或下载等原因,改变了原文件的权限,所以需要修改,默认备份恢复,是可以不用修改这个

同样的情况,如果迁移服务器,也可以打包上传解压,也可以直接上传整个目录到/www/wdlinux/mysql/var下
这样操作的话,一定要改权限,否则会启动不了,又或是对数据库无法写操作

操作完上面后,别忘了重起一下数据库,否则可能也不会生效,如

service mysqld restart

备注
这个直接操作数据库目录文件的方法,仅限于在使用mysql版本相同或相近时可以,否则可能会有其它一些问题
此时,可以使用mysqldump,phpmyadmin导出,再导入的方法

原文连接:http://www.wdlinux.cn/bbs/thread-3795-1-1.html

新的VPS给客户安装WDCP后无法安装Wordpress,点击提交数据库资料安装的时候页面被重定向,恢复WP后也无法打开插件、主题等页面。解决方法可以登入ssh,执行下面的命令:

mv /usr/lib64/libsqlite3.so.0.8.6 /usr/lib64/libsqlite3.so.0.8.6.bak

一查询数值型数据:
SELECT * FROM tb_name WHERE sum > 100;
查询谓词:>,=,<,<>,!=,!>,!<,=>,=<

二查询字符串
SELECT * FROM tb_stu WHERE sname = '小刘'
SELECT * FROM tb_stu WHERE sname like '刘%'
SELECT * FROM tb_stu WHERE sname like '%程序员'
SELECT * FROM tb_stu WHERE sname like '%PHP%'

三查询日期型数据
SELECT * FROM tb_stu WHERE date = '2011-04-08'
注:不同数据库对日期型数据存在差异: :
(1)MySQL:SELECT * from tb_name WHERE birthday = '2011-04-08'
(2)SQL Server:SELECT * from tb_name WHERE birthday = '2011-04-08'
(3)Access:SELECT * from tb_name WHERE birthday = #2011-04-08#

四查询逻辑型数据
SELECT * FROM tb_name WHERE type = 'T'
SELECT * FROM tb_name WHERE type = 'F'
逻辑运算符:and or not

五查询非空数据
SELECT * FROM tb_name WHERE address <>'' order by addtime desc
注:<>相当于PHP中的!=

六利用变量查询数值型数据
SELECT * FROM tb_name WHERE id = '$_POST[text]'
注:利用变量查询数据时,传入SQL的变量不必用引号括起来,因为PHP中的字符串与数值型数据进行连接时,程序会自动将数值型数据转变成字符串,然后与要连接的字符串进行连接

七利用变量查询字符串数据
SELECT * FROM tb_name WHERE name LIKE '%$_POST[name]%'
完全匹配的方法"%%"表示可以出现在任何位置

八查询前n条记录
SELECT * FROM tb_name LIMIT 0,$N;
limit语句与其他语句,如order by等语句联合使用,会使用SQL语句千变万化,使程序非常灵活

九查询后n条记录
SELECT * FROM tb_stu ORDER BY id ASC LIMIT $n

十查询从指定位置开始的n条记录
SELECT * FROM tb_stu ORDER BY id ASC LIMIT $_POST[begin],$n
注意:数据的id是从0开始的

十一查询统计结果中的前n条记录
SELECT * ,(yw+sx+wy) AS total FROM tb_score ORDER BY (yw+sx+wy) DESC LIMIT 0,$num

十二查询指定时间段的数据
SELECT 要查找的字段 FROM 表名 WHERE 字段名 BETWEEN 初始值 AND 终止值
SELECT * FROM tb_stu WHERE age BETWEEN 0 AND 18

十三按月查询统计数据
SELECT * FROM tb_stu WHERE month(date) = '$_POST[date]' ORDER BY date ;
注:SQL语言中提供了如下函数,利用这些函数可以很方便地实现按年、月、日进行查询
year(data):返回data表达式中的公元年分所对应的数值
month(data):返回data表达式中的月分所对应的数值
day(data):返回data表达式中的日期所对应的数值

十四查询大于指定条件的记录
SELECT * FROM tb_stu WHERE age>$_POST[age] ORDER BY age;

十五查询结果不显示重复记录
SELECT DISTINCT 字段名 FROM 表名 WHERE 查询条件
注:SQL语句中的DISTINCT必须与WHERE子句联合使用,否则输出的信息不会有变化 ,且字段不能用*代替

十六NOT与谓词进行组合条件的查询
(1)NOT BERWEEN … AND … 对介于起始值和终止值间的数据时行查询 可改成 <起始值 AND >终止值
(2)IS NOT NULL 对非空值进行查询
(3)IS NULL 对空值进行查询
(4)NOT IN 该式根据使用的关键字是包含在列表内还是排除在列表外,指定表达式的搜索,搜索表达式可以是常量或列名,而列名可以是一组常量,但更多情况下是子查询

十七显示数据表中重复的记录和记录条数
SELECT name,age,count(*) ,age FROM tb_stu WHERE age = '19' group by date

十八对数据进行降序/升序查询
SELECT 字段名 FROM tb_stu WHERE 条件 ORDER BY 字段 DESC 降序
SELECT 字段名 FROM tb_stu WHERE 条件 ORDER BY 字段 ASC 升序
注:对字段进行排序时若不指定排序方式,则默认为ASC升序

十九对数据进行多条件查询
SELECT 字段名 FROM tb_stu WHERE 条件 ORDER BY 字段1 ASC 字段2 DESC …
注意:对查询信息进行多条件排序是为了共同限制记录的输出,一般情况下,由于不是单一条件限制,所以在输出效果上有一些差别。

二十对统计结果进行排序
函数SUM([ALL]字段名) 或 SUM([DISTINCT]字段名),可实现对字段的求和,函数中为ALL时为所有该字段所有记录求和,若为DISTINCT则为该字段所有不重复记录的字段求和
如:SELECT name,SUM(price) AS sumprice FROM tb_price GROUP BY name

SELECT * FROM tb_name ORDER BY mount DESC,price ASC

二十一单列数据分组统计
SELECT id,name,SUM(price) AS title,date FROM tb_price GROUP BY pid ORDER BY title DESC
注:当分组语句group by排序语句order by同时出现在SQL语句中时,要将分组语句书写在排序语句的前面,否则会出现错误

二十二多列数据分组统计
多列数据分组统计与单列数据分组统计类似
SELECT *,SUM(字段1*字段2) AS (新字段1) FROM 表名 GROUP BY 字段 ORDER BY 新字段1 DESC
SELECT id,name,SUM(price*num) AS sumprice FROM tb_price GROUP BY pid ORDER BY sumprice DESC
注:group by语句后面一般为不是聚合函数的数列,即不是要分组的列

二十三多表分组统计
SELECT a.name,AVG(a.price),b.name,AVG(b.price) FROM tb_demo058 AS a,tb_demo058_1 AS b WHERE a.id=b.id GROUP BY b.type;

摘自:http://bbs.csdn.net/topics/390407669

mysql中如果我们开启bin-log日志全在mysql目录发现大量的mysql-bin.000001,mysql-bin.000002等,如果多了会发现占很大的空间,下面我来介绍mysql-bin日志关闭与删除方法。

日记删除
首先使用root权限账户登入mysql
#mysql -u root -pxxxxx
执行:mysql> reset master;
完成后退出:exit;

关闭日记或定时删除
编辑 my.cnf 注释 log-bin=mysql-bin 重启mysql即可
如果需要定时删除则 expire_logs_days = 3
意思为3天删除

为了减少一些误报,我们需要把 Directadmin 的一些值得信赖的服务添加CSF/LFD例外。编辑/etc/csf/csf.pignore 输入以下内容:

cmd:spamd child
exe:/bin/dbus-daemon
exe:/sbin/ntpd
exe:/usr/bin/dbus-daemon
exe:/usr/bin/dbus-daemon-1
exe:/usr/bin/fetchmail
exe:/usr/bin/freshclam
exe:/usr/libexec/dovecot/anvil
exe:/usr/libexec/dovecot/imap
exe:/usr/libexec/dovecot/imap-login
exe:/usr/libexec/dovecot/managesieve
exe:/usr/libexec/dovecot/managesieve-login
exe:/usr/libexec/dovecot/pop3
exe:/usr/libexec/dovecot/pop3-login
exe:/usr/libexec/gam_server
exe:/usr/libexec/hald-addon-acpi
exe:/usr/libexec/hald-addon-keyboard
exe:/usr/local/bin/clamd
exe:/usr/local/bin/freshclam
exe:/usr/local/bin/pureftpd_uploadscan.sh
exe:/usr/local/directadmin/dataskq
exe:/usr/local/directadmin/directadmin
exe:/usr/local/libexec/dovecot/imap
exe:/usr/local/libexec/dovecot/imap-login
exe:/usr/local/libexec/dovecot/pop3
exe:/usr/local/libexec/dovecot/pop3-login
exe:/usr/local/mysql-5.1.54-linux-x86_64/bin/mysqld
exe:/usr/local/php53/bin/php53
exe:/usr/local/php53/bin/php-cgi53
exe:/usr/local/php53/bin/php_uploadscan.sh
exe:/usr/local/php53/sbin/php-fpm53
exe:/usr/local/php54/bin/php54
exe:/usr/local/php54/bin/php-cgi54
exe:/usr/local/php54/bin/php_uploadscan.sh
exe:/usr/local/php54/sbin/php-fpm54
exe:/usr/local/php55/bin/php55
exe:/usr/local/php55/bin/php-cgi55
exe:/usr/local/php55/bin/php_uploadscan.sh
exe:/usr/local/php55/sbin/php-fpm55
exe:/usr/local/php56/bin/php56
exe:/usr/local/php56/bin/php-cgi56
exe:/usr/local/php56/bin/php_uploadscan.sh
exe:/usr/local/php56/sbin/php-fpm56
exe:/usr/local/sbin/nginx
exe:/usr/sbin/exim
exe:/usr/sbin/hald
exe:/usr/sbin/httpd
exe:/usr/sbin/mysqld
exe:/usr/sbin/mysqld_safe
exe:/usr/sbin/named
exe:/usr/sbin/nginx
exe:/usr/sbin/ntpd
exe:/usr/sbin/proftpd
exe:/usr/sbin/pure-ftpd
exe:/usr/sbin/sshd

然后重启LFD:

/etc/init.d/lfd restart

来自:https://www.plugins-da.net/info/csf-lfd-exceptions-for-directadmin-csf.pignore
p.s. Based on this thread: http://forum.directadmin.com/showthread.php?t=49424

  1. 1
  2. ...
  3. 5
  4. 6
  5. 7
  6. 8
  7. 9
  8. 10
  9. 11
  10. ...
  11. 15