Monthly Archives: November 2015

Force www on a domain with apache

This is how!
Edit a .conf (in my case I have a redirects.conf) for this kind of redirects….

nano /etc/apache2/sites-enabled/redirects.conf

And add the following lines…

<VirtualHost *:80>
    ServerName example.com
    Redirect permanent / http://www.example.com/
</VirtualHost>

and naturally restart apache! 😉

service apache2 restart

Enabling cgi-bin on apache

I had to enable CGI on this new recent server

sudo a2enmod cgi
sudo service apache2 restart

Simple!,
But I was getting a error script not found or unable to stat

[Mon Nov 30 18:00:32.380748 2015] [cgi:error] [pid 18799] [client 84.91.XXX.XXX:62545] script not found or unable to stat: /usr/lib/cgi-bin/HiPGZ23est4

I had to edit the .conf file

nano /etc/apache2/sites-enabled/domain.com.conf

and add the following lines

ScriptAlias /cgi-bin/ /path_to_cgi_folder/cgi-bin/
<Directory "/path_to_cgi_folder/cgi-bin/">
 AllowOverride None
 Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
 Order allow,deny
 Allow from all
</Directory>

and then reload the apache configurations

service apache2 reload

sshd – Did not receive identification string from

fuckz!

Nov 30 06:27:58 ns33XXXXX sshd[16965]: Did not receive identification string from 5.196.20.94
...
Nov 30 06:31:07 ns33XXXXX sshd[17139]: Connection closed by 5.196.20.94 [preauth]
...
Nov 30 06:35:09 ns33XXXXX sshd[17313]: Connection closed by 5.196.20.94 [preauth]

So, what does this means?

Some miscreant (surprise!) is hammering at ssh to try to find a username/password combination that gets them into the system. Probably from some botnet doing the same to who knows how many other unsuspecting victims.

Source: http://serverfault.com/questions/483852/sshd-log-full-of-did-not-receive-identification-string-from

This one below means ssh server waited and did not receive what it needed in a timely fashion. This is typically due to connectivity issues. In an ssh connection, the server first provides its identification string, then waits for the client to then provide its identification string. If there is a loss in connection, or the client just bails, this is what you will see in the logs.

If someone uses telnet or netcat to fetch your ssh banner, or other various scans, the logs on the server side will show this as well.

 

Source: https://scottlinux.com/2012/03/07/troubleshooting-ssh-server-logs-and-error-messages/

So, I went to fail2ban and increased the values!
This is my /var/log/fail2ban.log.

2015-11-30 13:11:24,144 fail2ban.filter : INFO Set maxRetry = 3
2015-11-30 13:11:24,146 fail2ban.filter : INFO Set findtime = 6000
2015-11-30 13:11:24,146 fail2ban.actions: INFO Set banTime = 6000

Fuckers!

New server… data imported

Some data has been copied to the new server!

The source server didn’t allowed rsync ’cause it was a cpanel environment…

Captura de ecrã 2015-11-27, às 20.40.37

wget -m -c ftp://username:password@host/folder

the end looks like this…

FINISHED --2015-11-27 21:41:31--
Total wall clock time: 4h 6m 50s
Downloaded: 8286 files, 12G in 3h 0m 38s (1.11 MB/s)