Hardening your TCP/IP Stack Against SYN Floods

Denial of service (DoS) attacks launch via SYN floods can be very problematic for servers that are not properly configured to handle them. Proper firewall filtering policies are certainly usually the first line of defense, however the Linux kernel can also be hardened against these types of attacks. This type of hardening is useful for SYN floods that attempt to …

Read More »

How To Install APF Firewall on Cpanel

Advanced Policy Firewall, or APF, is basically an interface to iptables, which is the standard interface to managing network ports on Linux machines. Interacting with iptables can be complex and error-prone, and APF greatly simplifies working with it. However, APF is still only accessible by ssh. There is no way to make changes in APF through WHM or cPanel. All of the APF configuration files are located in the /etc/apf folder …

Read More »

How to Find and Kill All Zombie Processes

On Unix operating systems, a zombie process or defunct process is a process that has completed execution but still has an entry in the process table, allowing the process that started it to read its exit status. It almost always means that the parent is still around. If the parent exited, the child would be orphaned and re-parented to init, …

Read More »

cPanel AWStats is Not Updating Automatically

AWStats is one of the most commonly using cPanel tool to analyse website traffic summary. You can analyse a lot of things from here like Number of visits, Pages, Hits, Bandwidth etc. In some strange situations, you may get this problem with AWStats, it’s not updating automatically. There are a lot of reasons behind this problem including file permission. Here I’m …

Read More »

How to install System Integrity Monitor (SIM) Cpanel

Description: SIM is a system and services monitor for ‘SysVinit’ systems. It is designed to be intuitive and modular in nature, and to provide a clean and informative status system. It does this by consistently verifying that services are online, load averages are in check, and log files are at reasonable sizes. Many other SIM modules sport different and in-depth …

Read More »

CVE-2014-6271 – Critical BASH vulnerability discovered (Shellshock)

Critical BASH vulnerability discovered – update BASH on your CentOS Linux server!!! ## Shellshock vulnerability ## Summary >> A critical code execution vulnerability (Remote) affecting bash (Unix shell) has been discovered on September 24, 2014. >> The vulnerability occurs because bash does not stop after processing the function definition; it continues to parse and execute shell commands following the function …

Read More »

Running PPTP VPN with CSF firewall

Most of the time pptp vpn doesnt work with csf firewall. Here is the guide to make it working. 1) type the following command: nano /etc/csf/csfpre.sh 2) Put the following into the file: iptables -A INPUT -i venet0 -p tcp --dport 1723 -j ACCEPT iptables -A INPUT -i venet0 -p gre -j ACCEPT iptables -A OUTPUT -p gre -j ACCEPT …

Read More »