1)
3) exim
6)
If the connections for a particular user is high, then look on whm daily process also
suspend user(/scripts/suspendacct username- in back end)
7)
\s - to check mysql uptime after getting into mysql using "mysql"
9) to check ddos
a)
b)
c) But before blocking any IP, check whether it is server IP. You can check it by the command,
d)
e) Also check apache status on whm
11) sites to check website speed and contents(useful when doing server tickets)
a) speed
www.alertra.com
www.tools.pingdom.com
b) contents
http://analyze.websiteoptimization.com/
12) allowing access to particular ip,
13)
14) when a lot of mails getting frozen for a mailid
15)
if see anything like
16) apache uptime - /usr/local/apache/bin/apachectl status
17) mysql uptime -
mysql(enter mysql)
\s
exit
Code: [Select]
ssh root@hostname -p port (default 22)
3) exim
Code: [Select]
exiqgrep -z -i | xargs exim -Mrm - to delete frozen messages
exim -bpc - to know the message count
exim -bp - to list all the messages
exim -bp | exiqsumm - to list all the messages in a group
exim -bp | grep centralph.com - to view mails under a particular user..for eg centralph.com
exim -bp | grep centralph.com | wc -l - to know count of mails under a particular user.for eg. centralph.com
exim -Mvh id - to view a particular message header
exim -Mvb id -to view a particular message body
exiqgrep -f centralph.com -i | xargs exim -Mrm - to remove messages under centralph.com
6)
Code: [Select]
mysqladmin stat proc
- to view mysql connections running
Code: [Select]
mysqladmin stat proc | grep username
- to view mysql connections running for a particular userIf the connections for a particular user is high, then look on whm daily process also
suspend user(/scripts/suspendacct username- in back end)
7)
Code: [Select]
nice top -d 2 -u user
- to view services run by an individual user\s - to check mysql uptime after getting into mysql using "mysql"
9) to check ddos
a)
Code: [Select]
pidof httpd
b)
Code: [Select]
netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
-> this can be also used , if more than 100 connections from an IP, then block it. c) But before blocking any IP, check whether it is server IP. You can check it by the command,
Code: [Select]
ifconfig | grep <ip>
d)
Code: [Select]
csf -d ipaddress
- to block that ip(confirm its not server ip)e) Also check apache status on whm
11) sites to check website speed and contents(useful when doing server tickets)
a) speed
www.alertra.com
www.tools.pingdom.com
b) contents
http://analyze.websiteoptimization.com/
12) allowing access to particular ip,
Code: [Select]
allow from <ip>
deny from all
(
for allowing access from that particular ip only, enter this on
.htaccess file of owners public_html.useful when unsuspending an account
by giving access to owner's ip. Owner should provide his local ip from http://www.whatismyip.com/)13)
Code: [Select]
tracert dotflashop.com
(from windows)
Code: [Select]
traceroute dotflashop.com
(From Mac terminal)14) when a lot of mails getting frozen for a mailid
Code: [Select]
grep "max emails" /var/log/exim_mainlog |tail
this is the proof, he is sending bulk mails15)
Code: [Select]
netstat -plan | grep :25
- to find the connections(mail)if see anything like
Quote
tcp 0 0 127.0.0.1:45738 127.0.0.1:25 ESTABLISHED 547580/sshd: usernameie is a spammer wih script.suspend that account....
tcp 0 0 127.0.0.1:45737 127.0.0.1:25 ESTABLISHED 547580/sshd: username
16) apache uptime - /usr/local/apache/bin/apachectl status
17) mysql uptime -
mysql(enter mysql)
\s
exit
No comments:
Post a Comment