所在服务器:centos4.2
所需软件:mod_limitipconn
因为是apache2.x的版本,更详细的请看这里:http://dominia.org/djao/limitipconn2.html
注意,以下操作在root用户下进行
1. 下载
wget -c http://dominia.org/djao/limit/mod_limitipconn-0.22-1.i386.rpm
或者:
wget -c http://dominia.org/djao/limit/mod_limitipconn-0.22.tar.gz
(阅读全文 …)
什么是mod_evasive?
下面是官方的解释:
mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently reports abuses via email and syslog facilities.
Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from any of the following:
This method has worked well in both single-server script attacks as well as distributed attacks, but just like other evasive tools, is only as useful to the point of bandwidth and processor consumption (e.g. the amount of bandwidth and processor required to receive/process/respond to invalid requests), which is why it’s a good idea to integrate this with your firewalls and routers for maximum protection.
This module instantiates for each listener individually, and therefore has a built-in cleanup mechanism and scaling capabilities. Because of this per-child design, legitimate requests are never compromised (even from proxies and NAT addresses) but only scripted attacks. Even a user repeatedly clicking on ‘reload’ should not be affected unless they do it maliciously. mod_evasive is fully tweakable through the Apache configuration file, easy to incorporate into your web server, and easy to use.
官方网站:http://www.nuclearelephant.com/projects/mod_evasive/
注意:以下操作在root用户下进行的:)
From:http://linux-ha.org/zh/GettingStarted_zh
英文版:Getting Started with Linux-HA
首先,本文中的大部分内容并非原创。撰写本文的目的只是以某种方式作出贡献。我所作的工作只是将Linux-HA的其他文档中(如Volker Wiegand的硬件安装指南)的部分编辑成一份文档,这份文档可以帮助初学者了解Linux-HA, 而不需麻烦Alan Robertson, 并且避免在邮件列表上出现重复的问题。
(阅读全文 …)
系统:Centos4.2
其他软件:sendmail-8.13.1-2,sendmail-cf-8.13.1-2
Sendmail的SMTP认证一直是个问题,我们来试验一下最简单的方法。
注意:以下的操作都在root用户下。
1. 安装
yum install sendmail sendmail-cf
安装以上2个包就可以了,因为sendmail-8.13已经包含了cyrus-sasl的功能,所没必要再安装cyrus-sasl,其他版本应该也差不多,请仔细检查。
(阅读全文 …)
以前一直害怕PHP的注入,现在不用担心了,因为有了:mod_security 这个apache的mod可以有效的防止sql 注入。
mod_security的官方网站:http://www.modsecurity.org/
同时也关注一下apache安全配置的一些文章:http://www.apachesecurity.net/
mod_security的配置:http://fedoranews.org/jorge/mod_security/mod_security.conf
在不能使用代理服务器或者tor绕开防火长城的场合(比如单位里面不可以使用非企业代理,比如日后tor被土共封锁),如果ssh 22端口没有被封锁,那就可以利用OpenSSH强大的tunnel功能来
实现高速安全的访问Internet任意开放网站的任意开放端口 。在这里简称挖地道
1准备条件:
1.1 某国外主机shell,这个需要你自己去找,买一个或找找一个免费的,需要上面的开启sshd
1.2 Firefox浏览器配合foxyproxy扩展,虽然用IE也方便,但是当大多数网站不需要挖地道访问只有个别网站需要挖地道访问自己又是懒人懒得每次访问blocked网站去切换浏览器的代理设置的情况下,用foxyproxy这个基于模版自动匹配代理的扩展还是很方便的。
1.3 国外代理服务器,任意一个高速匿名免费代理服务器
(阅读全文 …)
最近在重新打包,比较麻烦~~
很简单的比较:http://www.365digg.com和http://www.ourlinux.net这2个站点的速度就可以明显看的出来,虽然都用到PHP的同一种cache机制,但是还有很明显的不同,因为smarty(365digg用了smarty)还有一层的解析开销,在表现来说,肯定会有所不足!而ourlinux.net采用的是wordpress,虽然也有template,但是几乎用的是function来表现,效率肯定会比class的强,呵呵,个人牢骚:D
中国网通IP列表:
acl “cnc” {
60.63.0.0/16;
202.165.208.0/20;
218.98.0.0/16;
124.128.0.0/13;
218.244.32.0/19;
211.160.0.0/16;
124.90.0.0/15;
61.55.0.0/16;
61.54.0.0/16;
61.52.0.0/15;
61.48.0.0/12;
61.232.0.0/13;
61.189.0.0/17;
61.182.0.0/16;
61.181.0.0/16;
61.180.128.0/17;
61.179.0.0/16;
61.176.0.0/16;
61.168.0.0/16;
61.167.0.0/16;
61.163.0.0/16;
61.162.0.0/16;
61.161.128.0/17;
61.161.0.0/18;
61.159.0.0/18;
61.158.128.0/17;
61.156.0.0/16;
61.148.0.0/15;
61.139.128.0/18;
61.138.64.0/18;
61.138.128.0/18;
61.138.0.0/18;
61.137.128.0/17;
61.136.64.0/18;
61.136.62.0/23;
61.135.0.0/16;
61.134.96.0/19;
61.134.192.0/18;
61.134.128.0/18;
61.133.0.0/17;
60.8.0.0/15;
60.31.0.0/16;
60.30.0.0/16;
60.28.32.0/25;
60.28.239.0/19;
60.24.0.0/14;
60.220.0.0/14;
60.218.0.0/15;
60.208.0.0/12;
60.16.0.0/13;
60.14.0.0/15;
60.13.128.0/17;
60.13.0.0/18;
60.12.0.0/16;
60.11.0.0/16;
60.10.0.0/16;
60.0.0.0/12;
58.248.0.0/13;
58.246.0.0/15;
58.244.0.0/15;
58.242.0.0/15;
58.240.0.0/15;
58.22.0.0/15;
58.21.0.0/16;
58.20.0.0/16;
58.19.0.0/16;
58.18.0.0/16;
58.17.128.0/17;
58.17.0.0/17;
58.16.0.0/16;
58.100.0.0/15;
222.32.0.0/11;
222.163.64.0/18;
222.163.32.0/19;
222.163.128.0/17;
222.163.0.0/19;
222.162.0.0/16;
222.160.0.0/14;
222.153.0.0/17;
222.136.0.0/13;
222.132.0.0/14;
222.128.0.0/14;
221.8.0.0/15;
221.7.96.0/19;
221.7.64.0/19;
221.7.32.0/19;
221.7.128.0/17;
221.7.0.0/19;
221.6.0.0/16;
221.5.128.0/17;
221.5.0.0/17;
221.4.0.0/16;
221.3.128.0/17;
221.3.0.0/17;
221.216.0.0/13;
221.213.0.0/16;
221.212.0.0/13;
221.208.0.0/14;
221.207.64.0/18;
221.207.128.0/17;
221.207.0.0/18;
221.206.0.0/16;
221.204.0.0/15;
221.2.0.0/16;
221.200.0.0/14;
221.199.64.0/18;
221.199.48.0/20;
221.199.192.0/20;
221.199.128.0/18;
221.199.0.0/17;
221.198.0.0/16;
221.196.0.0/15;
221.195.0.0/16;
221.194.0.0/16;
221.192.0.0/14;
221.14.0.0/15;
221.13.96.0/19;
221.13.64.0/19;
221.136.0.0/16;
221.13.128.0/17;
221.13.0.0/18;
221.12.128.0/18;
221.12.0.0/17;
221.11.224.0/19;
221.11.192.0/19;
221.11.128.0/18;
221.11.0.0/17;
221.10.0.0/16;
221.0.0.0/15;
220.252.0.0/13;
220.250.0.0/24;
220.248.0.0/17;
220.192.0.0/12;
219.82.0.0/16;
219.245.64.0/18;
219.238.141.0/25;
219.159.0.0/18;
219.158.128.0/17;
219.158.0.0/20;
219.156.0.0/15;
219.154.0.0/15;
218.97.235.0/21;
218.8.0.0/15;
218.7.0.0/16;
218.68.0.0/15;
218.67.128.0/17;
218.60.0.0/15;
218.56.0.0/14;
218.28.46.0/23;
218.28.0.0/15;
218.27.0.0/16;
218.26.0.0/16;
218.24.0.0/15;
218.21.128.0/17;
218.12.0.0/16;
218.11.0.0/16;
218.106.0.0/15;
218.105.0.0/16;
218.104.224.0/19;
218.104.208.0/20;
218.104.200.0/21;
218.104.192.0/21;
218.104.160.0/19;
218.104.128.0/19;
218.104.0.0/13;
218.10.0.0/16;
211.154.192.0/18;
211.153.0.0/16;
211.148.192.0/19;
210.82.0.0/15;
210.74.96.0/19;
210.74.128.0/19;
210.53.128.0/17;
210.53.0.0/17;
210.52.128.0/17;
210.52.0.0/26;
210.51.0.0/16;
210.22.0.0/16;
210.21.0.0/16;
210.192.97.0/19;
210.15.96.0/19;
210.15.32.0/19;
210.15.128.0/18;
210.15.0.0/17;
210.14.192.0/18;
210.14.160.0/17;
210.13.128.0/17;
210.12.0.0/26;
203.93.8.0/24;
203.93.192.0/18;
203.93.0.0/25;
203.212.0.0/20;
203.212.0.0/20;
203.175.192.0/18;
202.99.96.0/21;
202.99.64.0/18;
202.99.240.0/20;
202.99.232.0/21;
202.99.224.0/21;
202.99.208.0/20;
202.99.176.0/20;
202.99.168.0/21;
202.99.160.0/21;
202.99.128.0/18;
202.98.8.0/21;
202.98.0.0/19;
202.97.240.0/20;
202.97.224.0/21;
202.97.192.0/18;
202.97.128.0/19;
202.96.72.0/21;
202.96.64.0/19;
202.96.0.0/18;
202.38.143.0/24;
202.130.224.0/19;
202.111.128.0/19;
202.110.0.0/18;
202.108.0.0/16;
202.107.0.0/17;
202.106.0.0/16;
202.102.232.0/21;
202.102.224.0/19;
202.102.128.0/18;
125.40.0.0/13;
125.36.0.0/14;
125.35.128.0/17;
125.35.0.0/17;
125.34.0.0/16;
125.33.0.0/16;
125.32.0.0/16;
124.92.0.0/14;
124.89.0.0/17;
124.88.0.0/16;
124.64.0.0/15;
};
最近,发现几台使用innodb的mysql服务器上居然都出现io超高,memory几乎快耗尽,ibdata的总数据量大概:60G,虽然系统还是比较稳定的运行,但是也比较担忧~~~
看来想法用裸设备来解决…
系统:RedHat AS4 up4
软件:bind-chroot-9.2.4-2、bind-9.2.4-2、bind-utils-9.2.4-2、bind-libs-9.2.4-2
为了方便更新dns后不用直接重起named,所以特地为dns上加上了key,方法其实很简单,执行下面命令,产生:rndc.conf
rndc-confgen > rndc.conf
cat rndc.conf 你就会发现有下面的文字:
(阅读全文 …)
说来也是比较郁闷的事情,wordpress默认居然不支持 smtp 发信,所以最近注册的用户老是收不到密码!哎~~~
刚加了smtp的类并修改了部分php程序,终于搞定了这个问题, 太郁闷了~~
难道是我没有弄通worpress的各个功能?
软件:最新版:mysql-4.0.27-hi4.tgz
(约12MB)MD5:1db4b0327a2551833760773f8e5e6815
1. 下载
点击上面的连接进行下载!
2. 安装:
(阅读全文 …)
早上来上班前故意看了一下窗外,哇,终于有太阳了,结果走到楼下,晕倒,居然有毛毛小雨,哎,太阳雨啊,希望晚上下班后别下雨,偶没带伞,555
zongyaotang is discussing.
zongyaotang 13:12 on 2006 年 12 月 29 日 链接地址
第1个cat处大概应该有: