dos deflate

(D)DoS Deflate is a lightweight bash shell script designed to assist in the process of blocking a denial of service attack. It utilizes the command below to create a list of IP addresses connected to the server, along with their total number of connections. It is one of the simplest and easiest to install solutions at the software level.

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

IP addresses with over a pre-configured number of connections are automatically blocked in the server’s firewall, which can be direct iptables or Advanced Policy Firewall (APF). (We highly recommend that you use APF on your server in general, but deflate will work without it.)

Notable Features

It is possible to whitelist IP addresses, via /usr/local/ddos/ignore.ip.list.
Simple configuration file: /usr/local/ddos/ddos.conf
IP addresses are automatically unblocked after a preconfigured time limit (default: 600 seconds)
The script can run at a chosen frequency via the configuration file (default: 1 minute)
You can receive email alerts when IP addresses are blocked.


chmod 0700


chmod 0700 uninstall.ddos

Converting MySQL database to Firebird – part1


I have a heavy-used website powered by LAMP stack (CentOS Linux,
Apache 2, MySQL and PHP). It started on a shared hosting so I had to
use MySQL. Year and a half later, I switched shared, virtual hosting
and not run it on a dedicated server. I decided to try Firebird to see
how it performs and also how it compares to MySQL in RAM usage, disk
usage, etc.

The software

The system is CentOS 5.5 64bit with default LAMP stack. I installed
Firebird 2.5. RC3 from the .rpm package on Firebird website.
Surprisingly, it does not require any additional rpm package 🙂

Converting the database

As far as I can tell, there are no tools to do this automatically. I
created Firebird database and tables by hand, slightly editing the
schema dump from phpMyAdmin. This was easy. Loading the data seemed a
problem because default mysqldump places multiple VALUES clasuses in
INSERT statements. I used a Postgres tool mysql2pgsql to convert the
file to a more usable form:

I had to alter it a little bit, to avoid prefixing strings with E
character. I commented out this line:

# for the E'' see

Next problem was that ” and ‘ are escaped with backslash \.

With Firebird ” does not need escaping and ‘ is escaped with another
‘, becomes ”. A simple sed command to fix this:

cat postgres.sql | sed s1\\\\\"11g | sed s1\\\\\'1\'\'1g > firebird.sql

A few more manual edits were needed to remove the CREATE TABLE and
similar stuff, because I only needed data. After that I added
“commit;” to the end of the script and ran it via isql:

/opt/firebird/bin/isql /var/db/firebird/s.fdb -user sysdba -pass
******** -i firebird.sql

this took some time. Here is the result:

# du -h -s /var/lib/mysql/slagalica/
1.9G /var/lib/mysql/slagalica/

# du -h -s /var/db/firebird/slagalica.fdb
2.1G /var/db/firebird/slagalica.fdb

This is before I created indexed on tables in Firebird database.
Afterwards we get:

2.3G /var/db/firebird/slagalica.fdb

So, Firebird database is slightly bigger.

Now, it's time to convert the DB access layer in PHP application, and
compare the perfomance. Stay tuned...

Delete last command from bash history


how to delete last command from bash history
If you have ever typed something into a command prompt that you wished you hadn’t – you may find it useful to know that you can delete it from ~/.bash_history very easily.

The command:
history -d offset
will delete the history entry at position offset.

# history
1 cd
2 history
3 ls -alhF
4 history
5 wget
6 history

so to delete the wget command (which contains a password) – just use:
history -d 5

# history -d 5
# history
1 cd
2 history
3 ls -alhF
4 history
5 history
6 history -d 5
7 history

But suppose you KNOW you’re about to enter a command you don’t want to go into history. It’d be nice if you could just tack a little “hideme” modifer onto the front or tail of your command and be done with it. Unfortunately from what I’ve been able to google there is no such feature built into history or bash.

Naturally I made one.

TMP=$(history | tail -1 | awk '{print $1}') && history -d $TMP && \

And naturally someone smarter than me came along and found a better way to do it – THANKFULLY they posted a comment here to help us out (thanks Mitch!):

history -d $((HISTCMD-1)) && \

Rather than holding down backspace, you may find it useful to know that in bash Ctrl-W will delete from the cursor to the beginning of the previous word.

What I don’t get, is that according man bash HISTCMD should be the CURRENT history number:
The history number, or index in the history list, of the current command.

and yet in ALL my tests $HISTCMD is the “index in the history list, of the current command” +1

But it can still lead to two two useful aliases:

alias hideme='history -d $((HISTCMD-1))'
alias hideprev='history -d $((HISTCMD-2)) && history -d $((HISTCMD-1))'

Dig the sneaky:

# history
1 cd
2 history
3 ls -alhF
4 history
5 history
6 history -d 5
7 history
8 vi .bashrc
9 history
# echo password && hideme
# echo password
# hideprev
# history
1 cd
2 history
3 ls -alhF
4 history
5 history
6 history -d 5
7 history
8 vi .bashrc
9 history
10 history

I know the blog’s kinda been on Linux kick lately – some of that is coming from the new job – I’m using Linux more. But, I’ve been working on a little project in Eclipse – Java/SWT – and I’m getting to a point where I may have some useful learnings to post coming out of that. Or maybe not…

Internet Tablet, and all my xbox’s are running fine…

I’d like to throw out some props to Ivie for sending me an email about one of my posts that she read. I try to post stuff that I myself have trouble finding out there on the interwebz – so it’s always nice to hear from someone that finds it useful – thanks Ivie!

socket bind() to port 25 for address (any IPv4) failed: Address already in use

socket bind() to port 25 for address (any IPv4) failed: Address already in use

If you get this error message:

socket bind() to port 25 for address (any IPv4) failed: Address already in use: waiting 30s before trying again (6 more tries) ….

That means there is already a smtp program listening on Port 25. Port 25 is reserved for Exim. To find out what other application(s) is listening to Port 25, SSH to the server and run the following command:
/bin/netstat -lnp | grep 25

You can either stop or kill the application that is listening to Port 25. Then restart Exim running the following command:

/sbin/service exim restart

Increase /tmp size


cPanel’s new securetmp script is handy to prevent users from executing malicious code in /tmp or /var/tmp but if your software is like a lot out there and doesn’t have any garbage collection, you’ll find your /tmp partition filling up quickly. By default, cPanel’s script uses a limit of 512MB, and for those with large session data files (storing image data, for instance) this amount is fairly small. I played around with the script and although the 512MB value is easily changed, a good amount of the code would have to be tweaked in order to re-do an existing secured /tmp.

So en lieu of that, I have included below the sequence of commands I used to expand the “partition” to 1GB. I quote it because it’s not really a partition in the normal sense, but a 1GB file mounted as a loop block device. Note that in the instructions below I only stop MySQL, which is due the mysql.sock file it uses, however you will want to stop any other processes using /tmp as well. You can find these by running lsof|grep /tmp and using the output PID/process name to stop accordingly (commonly you will also need to stop the cpanel and apache services as well).

Here are the steps:

# /etc/init.d/mysql stop
# cp -af /var/tmp /var/tmp.bak
# umount /var/tmp
# umount /tmp
# rm -f /usr/tmpDSK
# dd if=/dev/zero of=/usr/tmpDSK bs=1024 count=1048576
# mkfs /usr/tmpDSK
# tune2fs -j /usr/tmpDSK
# mount -t ext3 -o nosuid,noexec,loop /usr/tmpDSK /tmp
# mount -o bind,noexec,nosuid /tmp /var/tmp
# cp -a /var/tmp.bak/* /tmp/
# rm -rf /var/tmp.bak/
# chmod 1777 /tmp
# /etc/init.d/mysql start

You should now see the increase /tmp partition size:

root@server [~]# df -h|grep tmp
/usr/tmpDSK 1006M 13M 993M 1% /tmp

Backup all cpanel accounts

UPDATE: The one-liner below still works as of 7/23/15 on CENTOS 5.8 x86_64 WHM 11.50.0 (build 27). Will be testing shortly on CENT7

To create all accounts backup on your server, execute following command

for backup in `\ls /var/cpanel/users/`; do echo /scripts/pkgacct $backup; done

Run it the first time to see what it is going to do and then run it a second time and remove the echo command from it

for backup in `\ls /var/cpanel/users/`; do /scripts/pkgacct $backup; done

again you will find all accounts backed up under /home named cpmove-cpaneluser*.tar.gz

SCP Backups to New Server
After creating backup you have to transfer all accounts backup to your new server i.e Server B using SCP.

scp cpmove-* root@

Be sure all backups should move to /home directory of new server.

If you have done all accounts backup then you should have to move /var/cpanel/users file for restore on new server i.e Server B in /home directory with name user.txt

scp /var/cpanel/users root@

Restore Backup
To restore single account backup execute following command.

/scripts/restorepkg cpaneluser

where cpaneluser is of old server and can be found on backup filename after cpmove. i.e

To restore all accounts

for restore in `\cat /home/user.txt`; do echo /scripts/restorepkg $restore; done

Now you can List Account in WHM to see all accounts are transferred successfully to your new server and you can login to cpanel accounts of user using same Cpanel user / pass as old server.

Also for all accounts;

[] >> /scripts/cpbackup
[cpbackup] Process started in background.
[cpbackup] Log file: /usr/local/cpanel/logs/cpbackup/1286038243.log