Loading ...
Stumble it!Red IP Addresses/Sites Do Not Work Off Primary Shared IP (cPanel/WHM)
If you go to “Show or Delete Current IP Addresses” in WHM and you see red IP addresses, the ipaliases service has failed or been forced to stop. This happens sometimes and their isn’t a feature in WHM to restart it. You need to restart it via SSH:
service ipaliases restart
OR
/etc/init.d/ipaliases restart
Easy way to find php.ini path
The easiest way to find the php.ini file (the file where all the general php settings are stored), short of not knowing it off the top of your head; you can use a combination of commands.
Do note execute these commands yet! You can use the command:
php -i
This prints out all the php information as seen via a web browser when the phpinfo(); command is used. Within all this information is the path to the php.ini file. So we’re simply going to grep the information. You can use this command to find the path to the php.ini file:
php -i | grep php.ini
It will return something like this:
Configuration File (php.ini) Path => /usr/local/lib/php.ini
That’s your file!
Ping
The popular ping command is used to check if a connection can be established with a server. It also measures the response times amongst a few other details. To run a ping use:
ping <ipaddress or domain>
Tracing
You can run a trace on any host providing you can connect to it. A trace, pings each hop of the connection and displays the information until it reaches the last node in the connection, generally your server. Traces are generally used to test for network issues.
traceroute <ipaddress or domain>
WHOIS
The internet is built on IP addresses. However to make it easier to access a server, the domain name implemented. To record who owns what domain name all information is stored in a large database generally referred to as the WHOIS database. You can run your own search by typing whois.
whois google.com
WHOIS look ups can also be done on IP addresses to see who they are registered to for things like reporting spam or abuse. Simply use the same command but replace it with the IP address to query instead.
Some providers offer are more refined database of their own that they store customer information in. For example:
rwhois://rwhois.layeredtech.com:4321
This is one example of a referral server and you can query it and find our more information generally even reseller names and details.
eg. whois -h rwhois.layeredtech.com -p 4321 <ipaddress>
RDNS lookup (host)
To check what an IP resolves to (reverse DNS entry) use the host command.
host 72.14.207.99
Send Message In SSH
You can send messages or broadcast notices to other SSH users by using the wall command.
eg. wall <message here>
Find Service
You can you the where is command if you are unsure of paths:
eh. whereis mysql
Create FTP Account For New Location
adduser <username>
passwd <username>
On request enter the password and re-enter the password on request.
chmod -R 755 /home/<username>
As required, change ownership to:
chown -R <username>.<username> /home/<username>
Create FTP Account For Duplicate Location (eg. second user same path)
Scenario: site1 already exists and user33 needs access to site1 files.
adduser user33
passwd user33
On request enter the password and re-enter the password on request.
nano /etc/passwd
Change user33 path from /home/user33 to /home/site1
nano /etc/group
Change user33 to site1 group (eg. site1:x:501:user33)
Delete Users
One of these commands will delete a specified user:
userdel
OR
deluser
OR
rmuser
Installing Nano (Text Editor) In SSH
wget download.fedora.redhat.com/pub/fedora/linux/core/3/i386/os/Fedora/RPMS/compat-openldap-2.1.30-2.i386.rpm
rpm –install compat-openldap-2.1.30-2.i386.rpm
wget ftp://rpmfind.net/linux/redhat/9/en/os/i386/RedHat/RPMS/pine-4.44-18.i386.rpm
rpm -Uhv ftp://mirror.switch.ch/mirror/scientificlinux/40rolling/i386/SL/RPMS/compat-libcom_err-1.0-5.i386.rpm
rpm –install pine-4.44-18.i386.rpm
If you’re still use to using the pico command, you can add use the following to create a link. This means so when you type pico it will link to the new command nano without you noticing.
cd /usr/bin
ln nano pico
Find Current Browsing Path
In SSH, its easy to find what path you are currently browsing. Some operating systems tell you in the prompt, for example:
root@server1 [/usr/local/apache/bin]# | cd /typing/command/
Others often don’t though. So if you’ve forgotten the path you’re browsing or you’d like to be able to copy and paste it, you can display it by typing:
pwd
The path should appear in a new line and go back to the prompt.
Backing up Database (Incomplete)
There are two easy ways:
- use mysqldump
- copy the data files from the mysql data directory
Mysqldump:
Using similar parameters for repairing a database:
mysqldump
Add -B for the database
Add -u to login as a user and -p if a password is required
If you want to backup all databases, use -A instead of -B (A meaning all).
Running this command will “dump” the SQL from the database. We want to harvest this and put it in a file. As described earlier in symbols we can use the > symbol to store it in a file:
/pathtomysql/bin/mysqldump -B mytestdatabase -u myusernamehere -p > mytestdatabase_backup.sql
After running that it will ask for the password, when correct it will back up everything into the sql file. The sql file will stored at whatever the
MYSQL data files:
xx
Restoring a Database (Incomplete)
There are three easy ways:
- use a reverse of mysqldump
- use source in mysql
- copy the data files from the mysql data directory
Mysqldump:
a) cd pathtomysql/bin/
./mysqldump -B mytestdatabase -u myusernamehere -p < mytestdatabase_backup.sql
b) /pathtomysql/bin/mysqldump -B mytestdatabase -u myusernamehere -p < mytestdatabase_backup.sql
c) mysqldump -B mytestdatabase -u myusernamehere -p < mytestdatabase_backup.sql
* Note the inverted symbol from > to <
Via mysql:
Change directory to the path to where the sql file is stored. (eg. mytestdatabase_backup.sql)
Eg. cd /home/user4/backups
Type:
a) cd pathtomysql/bin/
./mysql
b) /pathtomysql/bin/mysql
c) mysql
It will load up the mysql prompt. If its protected by a password, use -u and -p as required.
eg. mysql -u and -p
After you load up mysql you ca
Check ports for processes
If you want to check what process is running on the server on a certain port you can use the lsof command. You can check everything by typing:
lsof
You can also check just a single port and protocol, using port 80 as an example:
lsof -i tcp:80
This will check port 80 on TCP protocol. Here’s an example output:
root@server [/]# lsof -i tcp:80
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
httpd 3313 root 19u IPv4 8033 TCP *:http (LISTEN)
httpd 25553 nobody 19u IPv4 8033 TCP *:http (LISTEN)
httpd 25554 nobody 19u IPv4 8033 TCP *:http (LISTEN)
httpd 25555 nobody 19u IPv4 8033 TCP *:http (LISTEN)
httpd 25556 nobody 19u IPv4 8033 TCP *:http (LISTEN)
httpd 25557 nobody 19u IPv4 8033 TCP *:http (LISTEN)
httpd 25789 nobody 19u IPv4 8033 TCP *:http (LISTEN)
httpd 26410 nobody 19u IPv4 8033 TCP *:http (LISTEN)
httpd 27622 nobody 19u IPv4 8033 TCP *:http (LISTEN)
httpd 27625 nobody 19u IPv4 8033 TCP *:http (LISTEN)
httpd 28113 nobody 19u IPv4 8033 TCP *:http (LISTEN)
Check Kernel Version
The Kernel is the core of the operating system and for security needs to kept updated. You can check what version is installed on your server with the following command:
uname -r
Just note however that the vendor doesn’t release the most up to date version of the Kernel and runs a bit behind. But in general you can check Kernel information at www.kernel.org.
Check for vulnerable / exploitable / hackable phpBB forums
A while back someone found an exploit in a phpBB forum in the bbcode.php file that allowed hackers full access to the server. Popular control panels such as cPanel use to come with phpBB build in and unless server administrators manually updated the scripts by running a forced cPanel update then the latest version of phpBB wasn’t updated.
Even then, server administrators need to make sure that the dangerous exploit is remove completely on their server and that customers keep their forums up to date. But how do you do that?
There is a very simple way:
find /home/ -name “bbcode.php” -exec grep ‘t<]\*)#is’ {} \; -print
This command is compliance of hostgeekz.com. This will display an output showing the code and under that the path. I would suggest you disable the forums and force them to update it on their own.
How to disable the phpBB forum?
After running the above command, here is a sample of some output:
$ret = preg_replace(”#(^|[\n ])([\w]+?://[^ \"\n\r\t<]*)#is”, “\\1<a href=\”\\2\” target=\”_blank\”>\\2</a>”, $ret);
/home/zxy/public_html/nets/pnuke/includes/bbcode.php
$ret = preg_replace(”#(^|[\n ])([\w]+?://[^ \"\n\r\t<]*)#is”, “\\1<a href=\”\\2\” target=\”_blank\”>\\2</a>”, $ret);
/home/zxy/public_html/forum/includes/bbcode.php
$ret = preg_replace(”#(^|[\n ])([\w]+?://[^ \"\n\r\t<]*)#is”, “\\1<a href=\”\\2\” target=\”_blank\”>\\2</a>”, $ret);
/home/zxy/public_html/phatbeatboxer/forum/includes/bbcode.php
$ret = preg_replace(”#(^|[\n ])([\w]+?://[^ \"\n\r\t<]*)#is”, “\\1<a href=\”\\2\” target=\”_blank\”>\\2</a>”, $ret);
/home/zxy/public_html/trk/nuke/includes/bbcode.php
$ret = preg_replace(”#(^|[\n ])([\w]+?://[^ \"\n\r\t<]*)#is”, “\\1<a href=\”\\2\” target=\”_blank\”>\\2</a>”, $ret);
/home/zxy/public_html/nyc/phpbb2/includes/bbcode.php
$ret = preg_replace(”#(^|[\n ])([\w]+?://[^ \"\n\r\t<]*)#is”, “\\1<a href=\”\\2\” target=\”_blank\”>\\2</a>”, $ret);
/home/zxy/public_html/teamfuelinjected/forum/includes/bbcode.php
$ret = preg_replace(”#(^|[\n ])([\w]+?://[^ \"\n\r\t<]*)#is”, “\\1<a href=\”\\2\” target=\”_blank\”>\\2</a>”, $ret);
/home/zxy/public_html/navy/includes/bbcode.php
$ret = preg_replace(”#(^|[\n ])([\w]+?://[^ \"\n\r\t<]*)#is”, “\\1<a href=\”\\2\” target=\”_blank\”>\\2</a>”, $ret);
/home/zxy/public_html/phpnuke/includes/bbcode.php
So you can see the following file could be exploited:
/home/zxy/public_html/forum/includes/bbcode.php
We need to find the configuration file and add a line of code to that. The configuration is located in the root of the forum install, so for example the configuration file would be at www.zxy.com/forum/config.php – so we know our config.php path is /home/zxy/public_html/forum/includes/config.php
So simply type:
nano /home/zxy/public_html/forum/includes/config.php
OR
/home/zxy/public_html/forum/includes/conf*
Then add the following line under the <?PHP tag:
die(”Forums Disabled – Contact Support Immediately!”);
Then save with Ctrl + O. Congratulation, the forum is disabled.
Flush Exim Queue
If you’ve got 2000 emails queued to be sent which you know are all spam, you can quickly clear the queue by typing:
exim -qff
You can also use it in debugging mode:
exim -qff -d9
Access Denied Error from phpMyAdmin via WHM (cPanel)
When you try and load phpMyAdmin from cPanel’s Web Host Manage (WHM) a message saying access denied appears. There is a very simple solution to this.
From web host manager, under SQL Services click MySQL Root Password. Enter in a password and save it.
Try loading up phpMyAdmin again from web host manager and it should be fine. No SSH commands, no configuration files – type and click.
Locate files owned by nobody and delete
This is extremely useful for locating files that have been uploaded using an exploit and are still owned by the nobody user. Note this isn’t the solution to cleaning up an exploit, just a tool to assist in the clean up.
The below command will search all user document root for files owned by nobody and display them on the screen. This is one of the most likely location of uploaded nobody files but its possible for files to be outside this directory. You’ll need to adjust the scope of the command where necessary.
find /home/*/public_html -user nobody -print
The below command will search and delete all files in the users document root that are owned by the nobody user. It’s recommended you just do a find first, then if it’s clear run the below command:
find /home/*/public_html -user nobody -print | xargs rm
To delete folders owned by nobody user too, use:
find /home/user/public_html -user nobody -print | xargs rm -Rf
Update, Fix, Correct or Sync Server Time and Date
Servers use NTP (Network Time Protocol) to sync their times. This process can be automated with NTPD. You can check the status with:
/usr/sbin/ntpd status
If it is stopped and you want to start it, check the configuration first at:
/etc/ntp.conf
You can edit this with:
nano /etc/ntp.conf
Afterwards you can start it with:
/usr/sbin/ntpd start
Stop with:
/usr/sbin/ntpd stop
You can update your time immediately with:
ntpdate <server_here>
The below command and server will work fine:
ntpdate pool.ntp.org
Source: http://www.sshcmds.com/
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
\\ tags: SSH, SSH Commands