Tcpdump to monitor SMTP activity from a IP or range of IP
The tcpdump is a useful utility to monitor the network activity in the server.
tcpdump -i eth0 -n src 192.168.1.22 \or dst 192.168.1.22 -w smtp.tcpdump -s 2048
You can monitor the SMTP activity to find out the mail account used by spammer.
The above command will monitor the SMTP activity from the IP address 192.168.1.4 and will log to the file smtp.tcpdump.
Use the following command to monitor a range of IP
tcpdump -i eth0 -n src net 119.91.0.0/16 \or dst net 119.91.0.0/16 -w smtp.tcpdump -s 2048
The above command will monitor the range of IP starting with 119.91. You can use Wireshark to analyze the dump file.
For VPS you need to use venet0:0
tcpdump [ -AdDeflLnNOpqRStuUvxX ] [ -c count ]
[ -C file_size ] [ -F file ]
[ -i interface ] [ -m module ] [ -M secret ]
[ -r file ] [ -s snaplen ] [ -T type ] [ -w file ]
[ -W filecount ]
[ -E spi@ipaddr algo:secret,... ]
[ -y datalinktype ] [ -Z user ]
Howto disable ipv6 networking
First check if the module is loaded:
To check if this module is currently loaded in your system, issue the following command as root. If you see ipv6 in its output, then the module is loaded.
Disable ipv6 in ubuntu:
You need to edit the aliases file using the following command:
sudo nano /etc/modprobe.d/aliases
Find
change to
alias net-pf-10 off
alias ipv6 off
Save the file and reboot.
Disable ipv6 in Fedora/Centos:
Open your modprob.conf file and add following line:
Add
Or disable it with the following command.
csf LF_SCRIPT_ALERT option
This option will notify you when a large amount of email is sent from a particular script on the server, helping track down spam scripts.
Spam Protection Alerts
If you want to add some spam protection, CSF can help. Look in the configuraiton for the following:
LF_SCRIPT_ALERT = 0 change this to 1. This will send an email alert to the system administrator when the limit configured below is reached within an hour.
LF_SCRIPT_LIMIT = 100 change this to 250. This will alert you when any scripts sends out 250 email messages in an hour.
This setting will then send an alert email if more than LF_SCRIPT_LIMIT lines appear with the same cwd= path in them within an hour. This can be useful in identifying spamming scripts on a server, especially PHP scripts running under the nobody account. The email that is sent includes the exim log lines and also attempts to find scripts that send email in the path that may be the culprit.
The limit after which the email alert for email scripts is sent. Care should be taken with this value if you allow clients to use web scripts to maintain pseudo-mailing lists which have large recipients.
Reference: http://www.configserver.com
How to deploy a .WAR application
Upload the .WAR archive to /public_html/servlet
Extract .WAR archive using Shell access using the unzip command (See How to access SSH if you need help)
Example:
# unzip example.war
Archive: example.war
creating: META-INF/
inflating: META-INF/MANIFEST.MF
inflating: helloworld.jsp
creating: WEB-INF/
inflating: WEB-INF/web.xml
inflating: index.html
The system scans the appBase for WAR files at 5 minute intervals.
There is a specific structure that Java web archives must have and it will not work if it does not.
cPanel XML and JSON APIs
cPanel XML API allows you to issue commands to cPanel and WHM using the XML language, while JSON API allows you to submit requests to the system and receive a JSON response. By including these commands in your custom scripts, you can perform functions remotely, without having to access the cPanel or WHM user interface.
There are several possible applications of the XML and JSON APIs. For example, they can make managing a data center easy by allowing you to issue a single command across multiple servers.
The JSON API is much less resource-intensive than the XML API. cPanel highly recommend using the JSON API, especially if performance is important, since it provides much faster results.
Reference: http://cpanel.net
