linux share anti complaints server

Here is the tool to use this tool da.cpanel.import。

First of all，On cPanel servers，Download and unzip the tool to any directory you want。

Then we need to create a folder import and export folder

mkdir import export

just now，Copy the user's cpanel backup files to import folder。

Then，Edit this file defaults.conf，Two major changes。They are：

ip=XXX.XXX.XXX.XXX (Your IP address DA panel)
ns1=ns1.paulhost.com （NS1)
ns2=ns2.paulhost.com (NS2)

then，执行 perl da.cpanel.import.pl ， We then follow the prompts to select。

Have you read, understood and applied the above? (y / n) 选 and

[If you are running this tool on the cPanel server]: After this tool is finished, should successfully created DirectAdmin tarballs be transferred to your DirectAdmin reseller user_backups directory?(y / n) 选 and

Next, make sure the panel where the DA server IP，And to transfer to the backup path。

The next step is to wait for completion of the (middle panel enter DA server root password)。

after finishing，Enter DA Panel - Administrator recover the backup。

Use iptables prevent php-ddos Foreign udp contract
Recently php-ddos flood，Especially weaving dreams bunch tunnel，you know，We can use iptables，Foreign prohibited php-ddos contract from the source。

Preferred need to allow UDP port services (such as DNS)

iptables -I OUTPUT -p udp –dport 53 -d 8.8.8.8 -j ACCEPT
iptables -I OUTPUT -p udp –dport 53 -d 8.8.4.4 -j ACCEPT

“53”，The desired UDP port DNS，"8.8.8.8" section of DNS IP，According to set up your server to set，If you do not know your current DNS IP server using，Get to execute the following command in the SSH：

cat /etc/resolv.conf |grep nameserver |awk 'NR == 1{print $2 }’

Inhibit the unit sends out a UDP packet

iptables -A OUTPUT -p udp -j DROP

cd /usr/local/src
wget http://stderr.net/apache/rpaf/downlo…on F-0.6.tar.gz
tar -xzf mod_rpaf-0.6.tar.gz
CD mod_rpaf- *
apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c

2. Once installed, we need to load the module into Apache configuration. Since cPanel already has Include Editor for Apache, we will use that functions. Login to WHM > Service Configuration > Apache Configuration > Include Editor > Pre Main Include > All Versions and paste following text:

LoadModule rpaf_module modules/mod_rpaf-2.0.so
RPAFenable On
RPAFproxy_ips 127.0.0.1 123.124.125.88 # replace the value with your server IP
RPAFsethostname On
RPAFheader X-Real-IP

When initial contact OpenVZ VPS is in the selection of，OpenVZ VPS is a lot cheaper than Xen。After getting to know the product found OpenVZ virtual operating system layer，And Xen、KVM、Huper-V and other virtualization products are two completely different levels。OpenVZ provides only a virtual environment (VE)，OpenVZ container called themselves (Container)，Xen、KVM to provide a virtual machine with the Hypervisor，OpenVZ for cheaper low-end VPS is indeed better，Xen and other virtualization products are generally used in the enterprise application center、Cloud computing platform。

Installation OpenVZ

surroundings：Use CentOS5.6_x86_64 operating system is installed on a single PC DELL。

 

Official website (http://wiki.openvz.org/) Gives a source yum to install on CentOS，We adjusted yum source，And for security issues，Support for OpenVZ kernel patch CentOS5 supported kernel version must be greater than or equal 2.6.18.308.8.2.el5，You can go here to see supported kernel versionhttp://wiki.openvz.org/Download/kernel。

[root@openvz yum.repos.d]# cd /etc/yum.repos.d
[root@openvz yum.repos.d]# wget http://download.openvz.org/openvz.repo
[root@openvz yum.repos.d]#uname -r
2.6.18-238.9.1.el5
[root@openvz yum.repos.d]#yum install kernel.x86_64 # upgrade the kernel to 2.6.18.308，
[root@openvz yum.repos.d]#uname -r
2.6.18-308.8.2.el5

[root@openvz yum.repos.d]#cat openvz.repo #修改openvz源，Ensure that the following are selected by default version 6.2

[openvz-utils]
name = OpenVZ utilities
# = Baseurl<a href="http://download.openvz.org/current/">http://download.openvz.org/current/</a>
mirrorlist=<a href="http://download.openvz.org/mirrors-current">http://download.openvz.org/mirrors-current</a>
enabled=1
gpgcheck=1
gpgkey=http://download.openvz.org/RPM-GPG-Key-OpenVZ
[openvz-kernel-rhel5]
name = OpenVZ kernel-based RHEL5
# = Http baseurl://download.openvz.org/kernel/branches/rhel5-2.6.18/current/
mirrorlist=http://download.openvz.org/kernel/mirrors-rhel5-2.6.18
enabled=1
gpgcheck=1
gpgkey=http://download.openvz.org/RPM-GPG-Key-OpenVZ
[root@openvz ~]# yum install ovzkernel -y # kernel installed openvz
[root@openvz ~]# Two common tools yum install vzctl vzquota # installation of openvz

Because we need to access the external network of VE，So here to open the packet forwarding，We will talk later。

[root@openvz ~]# grep ip_forward /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@openvz ~]#

See grub.conf default boot kernel settings

default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title OpenVZ (2.6.18-308.8.2.el5.028stab101.1)
        root (hd0,0)
        kernel /vmlinuz-2.6.18-308.8.2.el5.028stab101.1 ro root = LABEL = / selinux = 0 # already closed automatically set up selinux
        initrd /initrd-2.6.18-308.8.2.el5.028stab101.1.img
[root@openvz ~]# init 6

Ensure vz service boot

[root@openvz ~]# service vz status
OpenVZ is running...
[root@openvz ~]# chkconfig --list vz
vz                 0:off    1:off    2:on    3:on    4:on    5:on    6:off
[root@openvz ~]#

Installation Manager VE

OpenVZ is using to manage the VE vzctl，Let's look at the detailed command。

[root@openvz ~]# vzctl
vzctl version 3.3
Copyright (C) 2000-2012, Parallels, Inc.
This program may be distributed under the terms of the GNU GPL License.
Usage: vzctl [options] <command> <ctid> [parameters]
vzctl create <ctid> [--ostemplate <name>] [--config <name>]
   [--layout ploop|simfs] [--hostname <name>] [--name <name>] [--ipadd <addr>]
   [--diskspace <kbytes>] [--private <path>] [--root <path>]#创建VE
vzctl start <ctid> [--force] [--wait]#启动VE
vzctl destroy | mount | umount | stop | restart | status <ctid>#关闭VE
vzctl convert <ctid> [--layout ploop[:mode]] [--diskspace <kbytes>]
vzctl quotaon | quotaoff | quotainit <ctid>#Setting qutoa
vzctl console <ctid> [ttyno]#进入VE
vzctl enter <ctid> [--exec <command> [arg ...]]#进入VE
vzctl exec | exec2 <ctid> <command> [arg ...]#Do not enter under the command VE VE execution
vzctl runscript <ctid> <script>#Execute the script for the VE
vzctl chkpnt <ctid> [--dumpfile <name>]#Save the file to the state of VE
vzctl restore <ctid> [--dumpfile <name>]#Restore from file VE state
vzctl set <ctid> [--save] [--force] [--setmode restart|ignore]
   [--ram <bytes>[Transitional]] [--swap <bytes>[Transitional]]#Setting RAM
   [--ipadd <addr>] [--ipdel <addr>|all] [--hostname <name>]#Adding and deleting IP
   [--nameserver <addr>] [--searchdomain <name>]#指定nameserber和sercherdomain
   [--onboot yes|no] [--bootorder <N>]#Setting the boot
   [--userpasswd <user>:<passwd>]#Modify the user's password VE
   [--cpuunits <N>] [--cpulimit <N>] [--cpus <N>] [--cpumask <cpus>]
   [--diskspace <soft>[:<hard>]] [--diskinodes <soft>[:<hard>]]
   [--quotatime <N>] [--quotaugidlimit <N>]
   [--noatime yes|no] [--capability <name>:on|off ...]
   [--devices b|c:major:minor|all:r|w|rw]
   [--devnodes device:r|w|rw|none]
   [--netif_add <ifname[,mac,host_ifname,host_mac,bridge]]>]#Adding bridging device
   [--netif_del <ifname>]#Remove bridging device
   [--applyconfig <name>] [--applyconfig_map <name>]
   [--features <name:on|off>] [--name <remote>] [--ioprio <N>]
   [--pci_add [<domain>:]<bus>:<slot>.<func>] [--pci_del <d:b:s.f>]
   [--iptables <name>] [--disabled <yes|no>]#VE firewall settings
   [UBC parameters]

Install a Guest，OpenVZ official recommended installation method，Download its optimized operating system archive，To install。OpenVZ operating system stored on the archive location is / vz / template / cache /。OS archive download addresshttp://wiki.openvz.org/Download/template/precreated 。I am here to download the CentOS5_X84_64，For installation testing。

[root@openvz ~]# ll /vz/template/cache/
total 188092
-rw-r--r-- 1 root root 192411846 Jul 19 02:08 centos-5-x86_64.tar.gz
[root@openvz ~]# vzctl create 2 --ostemplate centos-5-x86_64 --hostname centos01
Creating container private area (centos-5-x86_64)
Performing postcreate actions
CT configuration saved to /etc/vz/conf/2.conf#配置文件保存为/etc/vz/下的2.conf
Container private area was created
[root@openvz ~]#

Use OS template centos-5-x86_64 installation ID of the VE 2，Host name centos01，After the installation is complete, you need to modify the default configuration file，Restart VE。

Setting VE boot from the start、Setting IP、DNS settings、RAM、Set the disk size

[root@openvz ~]# vzctl set 2 --onboot yes
WARNING: Settings were not saved to config (use --save flag) #Prompts to save the configuration files need --save
[root@openvz ~]# vzctl set 2 --onboot yes --save
CT configuration saved to /etc/vz/conf/2.conf
[root@openvz ~]# vzctl set 2 --ipadd 10.20.100.146 --save#此时还不能使用
CT configuration saved to /etc/vz/conf/2.conf
[root@openvz ~]# vzctl set 2 --nameserver 10.20.1.6 --save
CT configuration saved to /etc/vz/conf/2.conf
[root@openvz ~]# vzctl set 2 --ram 345 --save
Error: kernel does not support vswap, unable to use --ram/--swap parameters
Error parsing options  #内核不支持
[root@openvz ~]# vzctl set 2 --diskspace 3G:3G --save
CT configuration saved to /etc/vz/conf/2.conf
[root@openvz ~]# vzctl start 2 # to start the ID of VE 2
Starting container ...
Container is mounted
Adding IP address(is): 192.168.221.2
Setting CPU units: 1000
Container start in progress...
[root@openvz ~]#

Use vzlist View VE

[root@openvz ~]# vzlist 2
      CTID      NPROC STATUS    IP_ADDR         HOSTNAME
         2         12 running   192.168.221.2   centos01

Sign VE、退出 VE、Restart the VE、Start VE、Close VE、Off VE

[root@openvz ~]# vzctl enter 2
[root@centos01 /]# exit
[root@openvz ~]# vzctl restart 2
[root@openvz ~]# vzctl start 2
[root@openvz ~]# vzctl stop 2
[root@openvz ~]# vzctl destroy 2

Not landing VE，Excuting an order、Execute scripts

[root@openvz ~]# vzctl  exec 2  ifconfig # View card information without logging VE
[root@openvz ~]# vzctl  runscript 2 Scriptname # script on the server

Calculation of consumption VE

[root@openvz ~]# vzcalc -v 2

VE modify the root password

[root@openvz ~]# vzctl exec 2 passwd # enter the password twice
[root@openvz ~]# vzctl set 2  --userpasswd root:123456#Directly modify the password is 123456

 

VE Network

The method according to the direct addition of IP，VE access the Internet There are two ways to achieve。One is to open the base unit (the term used machine tools，Really better distinguish) packet forwarding function，VE and base unit using the same IP segment，In this way independent of VPS is the use of IP，VE has its own external network IP，Users can log in to manage your VPS；Another is to use the routing forwarding，Source NAT firewalls do snat，VE private IP，In this case，VE can access the Internet,However, the external network can not directly access the internal network VE。

method one：Public IP

Open packet forwarding

[root@openvz ~]# grep ip_forward /etc/sysctl.conf
net.ipv4.ip_forward = 1

To take effect

[root@openvz ~]# /sbin/sysctl -p
net.ipv4.ip_forward = 1

VE configure or modify the IP，This IP and machine tools in the same paragraph (VPS is used in public IP)。

[root@openvz ~]# ifconfig # IP machine tools
eth0 Link encap:Ethernet  HWaddr 00:0C:29:FD:E4:AA 
          inet addr:10.20.100.141  Bcast:10.20.100.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:35535 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8399 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:3534995 (3.3 MiB)  TX bytes:934525 (912.6 KiB)
          Interrupt:59 Base address:0x2000
lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          Loopback UP RUNNING MAN:16436  Metric:1
          RX packets:10 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:784 (784.0 b)  TX bytes:784 (784.0 b)
venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:494 errors:0 dropped:0 overruns:0 frame:0
          TX packets:283 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:37807 (36.9 KiB)  TX bytes:23312 (22.7 KiB)
[root@openvz ~]# vzctl set 2 --ipadd 10.20.100.146 --save # modify or set of IP VE，

Test VE Network

[root@openvz ~]# vzctl exec 2 ifconfig
lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          Loopback UP RUNNING MAN:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
          inet addr:127.0.0.1  P-t-P:127.0.0.1  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:224 errors:0 dropped:0 overruns:0 frame:0
          TX packets:292 errors:0 dropped:53 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:18572 (18.1 KiB)  TX bytes:23106 (22.5 KiB)
venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
          inet addr:10.20.100.146  P-t-P:10.20.100.146  Bcast:10.20.100.146  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
[root@openvz ~]# vzctl exec 2 ping www.baidu.com
PING www.a.shifen.com (220.181.111.147) 56(84) bytes of data.
64 bytes from 220.181.111.147: icmp_seq=1 ttl=54 time=35.2 ms
64 bytes from 220.181.111.147: icmp_seq=2 ttl=54 time=34.9 ms

Second way：Private IP，Sanat

Open packet forwarding

[root@openvz ~]# grep ip_forward /etc/sysctl.conf
net.ipv4.ip_forward = 1

To take effect

[root@openvz ~]# /sbin/sysctl -p
net.ipv4.ip_forward = 1

VE modify the IP，This IP is private IP

[root@openvz ~]# vzctl set 2 --ipdel 10.20.100.146 --100 paragraph deleted before the IP save #
[root@openvz ~]# vzctl set 2 --ipadd 10.20.102.146 --save # modify or set the IP，Machine tools and IP segments different

Open SNAT

[root@openvz ~]# /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

or

[root@openvz ~]# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 10.20.100.141
[root@openvz ~]# iptables -t nat -L # Check NAT Policy
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination        
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination        
SNAT       all  --  anywhere             anywhere            to:10.20.100.141
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

View VE Network

[root@openvz ~]# vzctl exec 2 ifconfig
lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          Loopback UP RUNNING MAN:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
          inet addr:127.0.0.1  P-t-P:127.0.0.1  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:330 errors:0 dropped:0 overruns:0 frame:0
          TX packets:407 errors:0 dropped:53 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:26810 (26.1 KiB)  TX bytes:33397 (32.6 KiB)
venet0:1  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
          inet addr:10.20.102.146  P-t-P:10.20.102.146  Bcast:10.20.102.146  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
[root@openvz ~]#

VE Network Testing

[root@openvz ~]# vzctl exec 2 ping www.baidu.com
PING www.a.shifen.com (220.181.111.147) 56(84) bytes of data.
64 bytes from 220.181.111.147: icmp_seq=1 ttl=54 time=35.0 ms
64 bytes from 220.181.111.147: icmp_seq=2 ttl=54 time=34.9 ms
[root@openvz ~]#