Monthly Archives: April 2013

Directadmin如何屏蔽ip阻止Brute Force Attack详细教程

自从安装了DA面板后,Brute Force Attack暴力破解DA后台密码就没有停止过,或许见多了就不怪了,但是老是收到诸如此类的信息:Brute-Force Attack detected in service log from IP(s) 106.187.43.249,总不是一件让人很愉快的事儿。

directadmin官方有教程,如何屏蔽ip阻止Brute ForceAttack

http://help.directadmin.com/item.php?id=380

以下我将官方的教程汉化下:
1)第一步,配置iptables,让block_ip.sh生效,DA官方的iptables文件适用于CentOS/Fedora,目前没有在Debian或者FreeBSD上测试,或许支持,或许不知道debian/FreeBSD。

cd /etc/init.d
mv iptables iptables.backup
wget http://files.directadmin.com/services/all/iptables
chmod 755 iptables*** 注意,ipables默认开启的ssh端口是22,如果你的ssh端口不是22,请手动修改iptables设置。

*** 注意,ipables默认开启的ssh端口是22,如果你的ssh端口不是22,请手动修改iptables设置。启动iptables:

/etc/init.d/iptables restart

2) 第二步,安装block_ip.sh脚本,block_ip.sh格式可以在found here找到 .

cd /usr/local/directadmin/scripts/custom
wget http://files.directadmin.com/services/all/block_ip.sh
wget http://files.directadmin.com/services/all/show_blocked_ips.sh
wget http://files.directadmin.com/services/all/unblock_ip.sh
chmod 700 block_ip.sh show_blocked_ips.sh unblock_ip.sh

3)创建blocked_ips文本:

touch /root/blocked_ips.txt
touch /root/exempt_ips.txt

去DA后台操作下Home–>Brute Forece Monitor–>IP info–>Blcok this IP.da-pojie1 da-pojie2 da-pojie3

4)自动封IP:

vi /usr/local/directadmin/scripts/custom/brute_force_notice_ip.sh

添加内容:

#!/bin/sh
SCRIPT=/usr/local/directadmin/scripts/custom/block_ip.sh
ip=$value $SCRIPT
exit $?;

chmod 700 brute_force_notice_ip.sh


以下是FreeBSD相关:

If you’re running FreeBSD with ipfw, you’d skip steps 2 and 3, and instead, add the following code to the file:

/usr/local/directadmin/scripts/custom/block_ip.sh
#!/bin/sh
echo “Blocking $ip with ipfw …<br>”;
ipfw add deny ip from $ip to any
exit $?

and don’t forget to chmod the block_ip.sh to 755.

DirectAdmin创建虚拟主机提示Error with system Quotas

User yqf1 created

Details

Unix User created successfully

Error with system Quotas
setquota: Mountpoint (or device) / not found or has no quota enabled. setquota: Not all specified mountpoints are using quota.
Debug Guide
User’s data directory created successfully
Domains directory created successfully
Domains directory created successfully in user’s home

Domain Created Successfully

User added to ssh config file.

2016年3.14日更新。好几年的问题,其实是Directadmin的一个bug,今天帮客户安装DA面板,系统是centos 6.x 64位,依然还是存在这个问题,耐心看了下官方的教程。简单处理下就可以了。

加入我们就一个盘,根目录是/,我们df -h是可以查看磁盘规划的。

我们执行 /usr/sbin/repquota / ,如果磁盘配额生效的,那会显示类似下面的:

[[email protected] ~]# /usr/sbin/repquota /
*** Report for user quotas on device /dev/xvda1
Block grace time: 7days; Inode grace time: 7days
Block limits File limits
User used soft hard grace used soft hard grace
———————————————————————-
root — 1985016 0 0 70212 0 0
daemon — 8 0 0 3 0 0
mail — 96 0 0 35 0 0
ftp — 1656 0 0 103 0 0
abrt — 24 0 0 4 0 0
haldaemon — 8 0 0 2 0 0
ntp — 8 0 0 2 0 0
named — 40 0 0 10 0 0
apache — 32 0 0 8 0 0
diradmin — 209608 0 0 3434 0 0
mysql — 31712 0 0 131 0 0
majordomo — 356 0 0 34 0 0
webapps — 73604 0 0 6126 0 0
dovecot — 0 0 0 8 0 0
admin — 132 0 0 33 0 0

问题就是他不显示正常的磁盘配额,所以我们要修改下配置:

/sbin/quotaoff -a; /sbin/quotacheck -avugm; /sbin/quotaon -a;

先执行下这个,如果还是报错。

那就修改下/etc/fstab设置,vi /etc/fstab

类似,添加红色的,usrquota,grpquota就可以了。

# Device                Mountpoint      FStype  Options            Dump    Pass#
/dev/ad0s1a             /               ext3     rw,usrquota,grpquota 1       1
/dev/ad0s1e             /tmp            ext3     rw                 2       2
proc                    /proc           procfs   rw                 0       0

然后重启下机器。

然后再执行下:

/sbin/quotaoff -a; /sbin/quotacheck -avugm; /sbin/quotaon -a;

会看见磁盘配额生效了:

[[email protected] ~]# /sbin/quotaoff -a; /sbin/quotacheck -avugm; /sbin/quotaon -a;
quotacheck: Your kernel probably supports journaled quota but you are not using it. Consider switching to journaled quota to avoid running quotacheck after an unclean shutdown.
quotacheck: Scanning /dev/xvda1 [/] done
quotacheck: Cannot stat old user quota file //aquota.user: No such file or directory. Usage will not be substracted.
quotacheck: Cannot stat old group quota file //aquota.group: No such file or directory. Usage will not be substracted.
quotacheck: Cannot stat old user quota file //aquota.user: No such file or directory. Usage will not be substracted.
quotacheck: Cannot stat old group quota file //aquota.group: No such file or directory. Usage will not be substracted.
quotacheck: Checked 11747 directories and 73601 files
quotacheck: Old file not found.
quotacheck: Old file not found.

===========================

[[email protected] ~]# /usr/sbin/repquota /
*** Report for user quotas on device /dev/xvda1
Block grace time: 7days; Inode grace time: 7days
Block limits File limits
User used soft hard grace used soft hard grace
———————————————————————-
root — 1985016 0 0 70212 0 0
daemon — 8 0 0 3 0 0
mail — 96 0 0 35 0 0
ftp — 1656 0 0 103 0 0
abrt — 24 0 0 4 0 0
haldaemon — 8 0 0 2 0 0
ntp — 8 0 0 2 0 0
named — 40 0 0 10 0 0
apache — 32 0 0 8 0 0
diradmin — 209608 0 0 3434 0 0
mysql — 31712 0 0 131 0 0
majordomo — 356 0 0 34 0 0
webapps — 73604 0 0 6126 0 0
dovecot — 0 0 0 8 0 0
admin — 132 0 0 33 0 0

各方面正常以后,再执行下:

echo “action=tally&value=all” >> /usr/local/directadmin/data/task.queue

就ok了。

Centos安装DirectAdmin教程

Centos安装DirectAdmin教程:

1、安装DA需要纯净的系统,之前有些朋友安装DA报错,请先执行:yum remove httpd* mysql* php*

2、预安装DA需要的环境:

yum install wget gcc gcc-c++ flex bison make bind bind-libs bind-utils openssl openssl-devel perl quota libaio libcom_err-devel libcurl-devel gd zlib-devel zip unzip libcap-devel cronie bzip2 db4-devel cyrus-sasl-devel perl-ExtUtils-Embed autoconf automake libtool

3、从官方下载setup.sh安装脚本安装DirectAdmin面板:

wget http://www.directadmin.com/setup.sh
chmod 755 setup.sh
./setup.sh

4、DA面板安装过程截图:

da-setup1

根据屏幕提示输入Client ID,License ID,以及主机名。

da-setup2

会核实是否是授权IP,以及DA授权绑定的linux发行版。

da-setup3

选择DA面板将要安装的PHP/Apache等,默认推荐的,选3即可。

da-setup4

开始搜索最快的下载镜像,进入DA编译安装过程。

5、DA面板安装完毕:

directory /home/tmp created
directory /usr/local/directadmin/data/sessions created
directory /etc/virtual created
directory /var/spool/virtual created
directory ./data/admin/ips created
directory ./data/admin/packages created
file ./data/admin/packages.list created
ip.list written successfully
./data/admin/login.hist written successfully
./data/admin/next_ticket.number written correctly
./data/admin/services.status written successfully
tickets.list written successfully
Admin user created
## INSTALL_COMPLETE
## ACCOUNT_INFO
The following information has been set:

Admin username: admin
Admin password: abcdefg
Admin email: [email protected]
Server IP: 50.116.xx.xxx
Server Hostname: abc.yqf.me

To login now, follow this link:

http://50.116.xx.xxx:2222

and enter your Admin username and password when prompted.

You should now visit http://admin.site-helper.com and http://www.directadmin.com/newinstall.html to learn how to get started.

Thank you for using DirectAdmin. Should you have any questions, don’t hesitate to contact us at [email protected]

## REPORT_END
Permissions set

System Security Tips:
http://help.directadmin.com/item.php?id=247

6、模板安装。模板安装好后,进入reseller级别,选中你要的模板,点应用所有,应用自己,就ok了。

directadmin有名的capri模板安装过程

directadmin模板NewWorld安装记录

2013年4月15日团购DirectAdmin面板网友需要提供的信息

服务器linux/unix发行版(32bit/64bit):

IP:

备注:您到底使用32位还是64位系统也请说明,小内存建议32位。

目前DirectAdmin支持的linux/Unix发行版!

如何查看你使用的是哪个Linux/Unix发行版?

Ubuntu用户请看看,是否有您使用的Ubuntu对应的Debian支持?

DirectAdmin能安装在Ubuntu上吗?

2016年5月31日更新参考

directadmin支持安装到ubuntu吗

DA授权后台是没有Unbuntu选项的,Ubuntu和Debian对应起来即可。
可以通过http://www.debian.org/releases/查看现在Debian发行版最新情况。

If my memory is correct, any Ubuntu version after (and including) 11.10 uses Debian 7, thus it’s not yet supported.Versions 9 and 10 (for the most part) use Debian 5, so things in betwen (prior to 11.10) would use Debian 6.If unsure, just install Debian 6. Check the /etc/debian_version prior to installation.

如果内存允许,11.10(包含)以后的Ubuntu,都可以和Debian7对应,但是目前不支持Debian7;Ubutu9和Ubuntu10,和Debian5对应,Ubuntu9(10)到Ubuntu11.10之间的Ubuntu和Debian6对应。

DirectAdmin如何查看使用的是哪个linux发行版?

ssh进去你的VPS或者独立服务器,敲下如下的某个命令,屏幕会显示到底您使用的是哪个linux/unix发行版:

cat /etc/redhat-release
cat /etc/debian_version
uname
uname -r
uname -m

编译安装directadmin完成,如何查看DirectAdmin是安装在哪个linux/unix发行版上呢,登陆DirectAdmin面板,点授权更新,即可显示。

da-system2

看上图,显示DirectAdmin信息,编译版本是Centos5,编译日期是2012年11月28日,DA当前版本是1.42.1,最新可用版本是1.43,最近更新是2012年12月2日。

当然,安装DA完毕,你也可以自己ssh进系统,敲下:

/usr/local/directadmin/directadmin o

即可显示出同样类似的信息:

[[email protected] ~]# /usr/local/directadmin/directadmin o
Compiled on ‘CentOS 5.0’
Compile time: Nov 28 2012 at 02:10:56
Compiled with IPv6

DirectAdmin官方退款策略

其实说了那么多,DA官方的退款策略大致如下:虽然30天内不满意可以退款,为了防止大家滥用退款政策,但是只退1个,而且只1次机会,当然这是对月付用户而言的。我比较关心的是内部批量价购买的话,支持退款否,答案是:不支持。所以官方给的建议是,先买一个DA,月付下,看看好用不,好用的话,30天内申请退款,然后再批量买20个,可以按照内部批量价。

Refund Policy

Monthly, Quarterly, and Yearly Licenses 

Customers may request a refund within 30 days of installation if not satisfied with DirectAdmin Web Control Panel.  To prevent abuse of this offer, only one refund per customer will be permitted.  Licenses ordered after a refund are not covered by this refund policy, but licenses ordered before that time are covered if within the 30 day period.  For example:

Refundable:

Gary orders three DirectAdmin monthly licenses and finds that he likes his old control panel software better.  Fifteen days after the purchase he requests a refund on all three licenses.

Not Refundable:

A few days later Gary purchases one more DirectAdmin monthly license for a different server.  Once again he finds that DirectAdmin isn’t for him.  He cannot request a refund because he had a previous chance to try DirectAdmin.

Lifetime and Bulk Lifetime Licenses

Due to the permanent nature of lifetime licenses, refunds are not available when lifetime and/or bulk lifetime licenses are purchased.  Customers wanting protection of the refund policy should:

1. Buy a monthly license

2. If satisfied with DirectAdmin, request a refund within 30 days

3. Purchase a lifetime license

DirectAdmin有几种价格体系?

da-price

1、DA授权,月付29美金:无限技术支持,自动升级,价格保护,无限域名,免费安装。

2、DA授权,季付108美金:无限技术支持,自动升级,价格保护,无限域名,免费安装。

3、DA授权,年付200美金:无限技术支持,自动升级,价格保护,无限域名,免费安装。

4、DA终身授权,299美金:仅提供90天技术支持,自动升级,无限域名,免费安装。