Pages

Monday, May 25, 2015

CryptPHP PHP malware


CryptPHP PHP malware
===================
CryptoPHP is a threat that uses backdoored Joomla, WordPress andn Drupal themes and plug-ins to compromise webservers on a large scale. More information about this threat can be found on the referenced link below.
Fox-IT: CryptoPHP - Analysis of a hidden threat inside popular content management systems
Attackers Using Compromised Web Plug-Ins in CryptoPHP Blackhat SEO Campaign
This infection almost certainly means that the infected web site has used pirated plugins from the nulledstylez.com, dailynulled.com sites or some other site that specializes in providing "nulled" (pirated) software. Fox-IT's research has shown that every pirated theme or plug-in on these two sites has been infested with the cryptophp malware.

Wednesday, May 20, 2015

ISPconfig spam email addresses reject / block spam



ISPconfig spam email addresses reject / block spam
==================================================

Login to ISPconfig ->
goto Email tab ->
look Spamfilter on left side and
click Blacklist ->

Click Add Blacklist Record ->

Select User:  @domainname.com  
type   Email: spamxyz@spamdomain.com (need to block incoming from this)
     
Click SAVE


=============================

Saturday, May 16, 2015

ISPconfig admin password reset


ISPconfig admin password reset
=======================

Login to mysql server with root password from command prompt

# mysql -u root -p
use dbispconfig;
UPDATE sys_user SET passwort = md5('admin') WHERE username = 'admin';
quit;



or, You can also login  to mysql server by phpMyAdmin with root passowrd from web browser

or,

if you forgot ispconfig db password then see from
# cat /usr/local/ispconfig/server/lib/mysql_clientdb.conf
mysql -h localhost -p dbispconfig

UPDATE sys_user SET passwort = md5('YourNewPassword') WHERE username = 'admin';
FLUSH PRIVILEGES;
quit;

======================================@tayab-khan@=============

Wednesday, May 13, 2015

Mikrotik Load Balance by two uplinks



Mikrotik Load Balance by two uplinks
==============================
Two Uplinks are
1. ISP1-A
2. ISP2-B

Two LANS are connected with a single interface
1. 192.168.50.0/24   want to use with ISP1-A
2. 172.16.50.0/24     want to use with ISP2-B

3. Creating NAT for two LANS
4. Creating Mangle for Mark Routing with separate LANs
5. Creating default routes with routing mark  with distance-1
     and also create route for failover with distance-10
6. Assign Queues



=========================================================


Another two methods of load balancing given bellow:

Dual WAN LoadBalancing PCC Method

/ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local
add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 interface=WAN1
add address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255 interface=WAN2

/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=221.132.112.8,8.8.8.8

/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn

add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2

add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=Local

add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes

add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN2

/ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN2 check-gateway=ping

add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping

/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade


Dual WAN loadbalancing nth method

/ip address
add address=192.168.1.3/24 network=192.168.1.0 broadcast=192.168.1.255 interface=WAN1 comment="" disabled=no
add address=192.168.2.3/24 network=192.168.2.0 broadcast=192.168.2.255 interface=WAN2 comment="" disabled=no
add address=10.10.0.1/24 network=10.10.0.0 broadcast=10.10.0.255 interface=internal comment="" disabled=no

/ip firewall mangle
add chain=prerouting in-interface=internal connection-state=new nth=2,1 action=mark-connection new-connection-mark=conn1 passthrough=yes comment="" disabled=no
add chain=prerouting in-interface=internal connection-mark=conn1 action=mark-routing new-routing-mark=conn1 passthrough=no comment="" disabled=no
add chain=prerouting in-interface=internal connection-state=new nth=1,1 action=mark-connection new-connection-mark=conn2 passthrough=yes comment="" disabled=no
add chain=prerouting in-interface=internal connection-mark=conn2 action=mark-routing new-routing-mark=conn2 passthrough=no comment="" disabled=no


/ip firewall nat
add chain=srcnat connection-mark=conn1 action=masquerade out-interface=WAN1 comment="" disabled=no
add chain=srcnat connection-mark=conn2 action=masquerade out-interface=WAN2 comment="" disabled=no


/ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10 routing-mark=conn1 comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=255 target-scope=10 routing-mark=conn2 comment="" disabled=no


Thursday, May 7, 2015

Linux / Unix Load Average details




Understanding the Load Average:
=========================
On Unix-like systems, including Linux, the system load is a measurement of the computational work the system is performing. This measurement is displayed as a number. A completely idle computer has a load average of 0. Each running process either using or waiting for CPU resources adds 1 to the load average. So, if your system has a load of 5, five processes are either using or waiting for the CPU.


If we type 'w' from a linux shell terminal, its output looks like bellow


 16:19:10 up 22 days, 44 min,  2 users,    load average: 1.05, 0.70, 5.09

From left to right, these numbers show you the average load over the last one minute, the last five minutes, and the last fifteen minutes. In other words, the above output means:
two user till login, server is up 22 days 44 min and 16:19:10 is current time

load average over the last 1 minute: 1.05

load average over the last 5 minutes: 0.70

load average over the last 15 minutes: 5.09


Assuming we’re using a single-CPU system, the numbers tell us that:

over the last 1 minute: The computer was overloaded by 5% on average. On average, .05 processes were waiting for the CPU. (1.05)

over the last 5 minutes: The CPU idled for 30% of the time. (0.70)

over the last 15 minutes: The computer was overloaded by 409% on average. On average, 4.09 processes were waiting for the CPU. (5.09)