Most linux system administrators prefer to use commandline for most of the time and i have always struggled to use ftp commands to upload and download backup tar gz files. That is why i decided to post it here. I know how important it is to know these commands in crucial disaster situations and you may feel handy with these.

It is very simple and just follow below on how to upload and download files from FTP server to your local …

In recent times, it seems that there is a new form of Dos (denial of service) attack, targeted towards dns servers. The attacker sends a dns query packet with a spoofed IP and your server will keep on sending responses to the victim.

More information about this attack is documented in this page.

If you are running a dns server with bind, your server might encounter such attacks.  You will need to harden your DNS server (bind) using the below steps.

1. Open …

Mod security is a web application firewall which protects apache from various types of attacks.

If you are using Centos/RHEL and tried to install mod_security, you may often get

No package found.

Here is how you make it to work.

1. Create a new file /etc/yum.repos.d/utterramblings.repo

2. Place the following lines in that file.

[utterramblings]
name=Jason’s Utter Ramblings Repo
baseurl=http://www.jasonlitka.com/media/EL$releasever/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://www.jasonlitka.com/media/RPM-GPG-KEY-jlitka

Finally,

yum install mod_security

Important:
That should work. If you get 404 error then replace the correct enterprise linux version (4 or 5)

baseurl=http://www.jasonlitka.com/media/EL$releasever/$basearch/

to

baseurl=http://www.jasonlitka.com/media/EL5/$basearch/

I have seen in recent times, there are lot of brute force login failure attempts being bombarded on my ftp server running FTP service on port 21.  Every minute or so, my log file shows hundreds of login failure attempts per hour, with every combination.  Ever since from then i have been on a search for some kind of IP address blocking application that would automatically block IPs doing these brute force attempts.

I most frequently have used Proftp (or) Pure-ftp …

I have often noticed that while running ftp server with ProFTP there are strange f’s coming with ipadress like FFFF:11.33.44.99

I got this fixed by disabling IPv6 used by Proftp. Just put this one line in your proftp configuration file /etc/proftpd.conf

UseIPv6 off

You can see the changes while analysing the /var/log/secure log file for any login attempts.

If you running a FTP server (Pureftp/Proftp) in your linux server, it is very important to to enable passive mode,  because this mode, works best for ftp clients protected by firewall since the client initiates the connection.

If you are running a CSF firewall in your linux box, along with FTP server running Pure-ftp  or Proftp, just follow the below steps…

1. Add Passive Port range 30000-350000 to your Pureftp or Proftp configuration file

(i) Pureftpd

open /etc/pure-ftpd.conf, and this line

PassivePortRange    30000 35000

(ii) ProFTP

Open …

If you running older version of CSF firewall in your server, you might need to update to latest version to patch up for any security vulnerabilities.

Here is how you need to enable the auto update.

> nano /etc/csf/csf.conf

Then change the AUTO_UPDATES to ’1′ and once this is done, the CSF will check each day for any updates.

# Enabling auto updates creates a cron job called /etc/cron.d/csf_update which
# runs once per day to see if there is an update to csf+lfd and …

I have seen this question asked again and again by many people, including in many linux forums and frankly, the answer is

yes,  if your server load goes above 1.0, certainly you should think about upgrading your server hardware. Watch out for your server load as sometime occasionally, it could be a sudden spike in which case no upgrade required. For any ideal server, you should always try to keep your server load below 1. Anything in 4.0 or 5.0 range …

Understanding DNS & Troubleshooting Common DNS Errors

DNS (Domain name system) may not be known to most people who use internet but it is the real backbone and the invisible force driving the whole internet without which we would be seeing numbers and IPs. The whole meaning of domain names exist today just because of DNS.

INTRODUCTION

The simplest way of explaining DNS in one line is to map domain name to IP address. I am not sure how many would know …

How to check IPs on same subnet?

In many cases, you might want to check whether an ip address falls under a same subnet or not. It can be done both in perl and php using the Network library.

For PHP use Net IP4 library
For PERL use Net::IP library

<?php
// check for IP falls in same subnet or not
include("Net/IPv4.php");

$objIP = new Net_IPv4();

echo $objIP->ipInNetwork("192.xx.xx.xx", "192.xx.xx.x/24") ? "Same Subnet" : "Outside the Subnet";
?>

In perl you can use Net::IP module

#!/usr/bin/perl

use NetAddr::IP;

my $netwrk = NetAddr::IP->new(’192.xx.xx.x/24′);
my $ip …