CS & IT Solutions

We have already seen the apache2 installation if you want to check here for debian users and check here for ubuntu users.

Virtual Host refers to the practice of running more than one web site (such as www.company1.com and www.company2.com) on a single machine. Virtual hosts can be “IP-based”, meaning that you have a different IP address for every web site, or “name-based”, meaning that you have multiple names running on each IP address. The fact that they are running on the same physical server is not apparent to the end user.

Apache was one of the first servers to support IP-based virtual hosts right out of the box. Versions 1.1 and later of Apache support both IP-based and name-based virtual hosts (vhosts). The latter variant of virtual hosts is sometimes also called host-based or non-IP virtual hosts.

Basics Of Virtual Hosts

Using virtual hosts, host several domains with a single web server. In this way, save the costs and administration workload for separate servers for each domain. There are several options regarding virtual hosts

Name-based virtual hosts

IP-based virtual hosts

Operation of multiple instances of Apache on one machine

Name-Based Virtual Hosts Read the rest of this entry »

ehcp is a new Hosting Control Panel in Linux world. Although it is in beta stage, its basic functions are well functioning. it operates strongly with debian/ubuntu”s apt-get package manager..

it differs from other control panels, or even other opensource panels that, ehcp is the first and only: opensource,full php, object oriented, gpl, free hosting control panel on the earth !

You may use ehcp to easily setup a hosting environment, for yourself or for selling hosting..You may also use it for only ftp hosting..

Requirements:

A clean ubuntu or any debian based linux install. nothing else. Any apt-get enabled linux is enaugh.

to install copy and paste following on your linux console:

wget http://www.ehcp.net/ehcp_latest.tgz

tar -zxvf ehcp_latest.tgz

cd ehcp

./install.sh
#

the installer will ask some questions about your settings, then will automatically install any needed server programs such as apache, mysql and so on..

After installer finishes, navigate to localhost (if you installed on local) or to ip by typing at address bar of your browser.

default login: admin
default pass: 1234

you may find additional information check here, test ehcp on a real server at http://83.133.127.19.

source here

If you want to protect your apache webserver against DOS,DDOS or brute force attacks use mod_evasive module.mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently reports abuses via email and syslog facilities.

Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from any of the following:

* Requesting the same page more than a few times per second
* Making more than 50 concurrent requests on the same child per second
* Making any requests while temporarily blacklisted (on a blocking list)

This method has worked well in both single-server script attacks as well as distributed attacks, but just like other evasive tools, is only as useful to the point of bandwidth and processor consumption (e.g. the amount of bandwidth and processor required to receive/process/respond to invalid requests), which is why it’s a good idea to integrate this with your firewalls and routers for maximum protection.

This module instantiates for each listener individually, and therefore has a built-in cleanup mechanism and scaling capabilities. Because of this per-child design, legitimate requests are never compromised (even from proxies and NAT addresses) but only scripted attacks. Even a user repeatedly clicking on ‘reload’ should not be affected unless they do it maliciously. mod_evasive is fully tweakable through the Apache configuration file, easy to incorporate into your web server, and easy to use.

Install mod_evasive in Debian

#apt-get install libapache2-mod-evasive

This will complete the installation

Test mod_evasive Module

open any browser,open your apache server home page, and click the reload button as fast as you can.

source here

In this article I am trying to explain what DDOS is and how it can be prevented. DDOS happens due to lack of security awareness of the network/server owners. On a daily basis we hear that a particular machine is under DDOS attack or NOC has unplugged the machine due to DDOS attack . So DDOS has become one of the common issues in this electronics world. DDOS is like a disease which doesn’t have an anti-viral developed. So we should be carefull while dealing with it . Never take it lightly. In this article i am trying to explain the steps/measures which will help us defend from DDOS attack ,up to a certain extend .

What is a DDOS attack?

Simply said, DDOS is an advanced version of DOS attack . Like DOS , DDOS also tries to deny the important services running on a server by broadcasting packets to the destination server in a way that the Destination server cannot handle it. The speciality of the DDOS is that, it relays attacks not from a single network/host like DOS. The DDOS attack will be launched from different dynamic networks which has already been compromised.

Normally, DDOS consists of 3 parts . One is the Master ,Other the slave and atlast the victim. The master is the attack launcher ie the person/machine behind all this,sound’s COOL right . The slave is the network which is being compromised by the Master and Victim is the target site/server . Master informs the compromised machines, so called slaves to launch attack on the victim’s site/machine. Hence its also called co-ordinated attack.

In my term, Master is said to be the Master Brain, Slave is said to be the launch pad for the attack and Victim is the target.

How do they Do it? Read the rest of this entry »

When would you need this: When you want to create a secure tunnel to transfer data between two sites without the use of VPN concentrator or other security devices.

Special Requirements: The routers used must support IPSec. Most of Cisco routers do. Another need is that both sides use a static public IP address to connect to the Internet.

We will go through the steps to be done on one side and the same steps must be repeated on the other side too. The encryption of data will depend on a shared-key. This way, we will not need specialized CAs or RSA methodologies.

1. Create Internet Key Exchange (IKE) key policy. The policy used for our case is policy number 9, because this policy requires a pre-shared key.

Router(config) #crypto isakmp policy 9

Router(config- isakmp)#hash md5

Router(config- isakmp)#authentication pre-share

2. Setup the shared key that would be used in the VPN,

Router(config) #crypto isakmp key VPNKEY address XXX.XXX.XXX. XXX

where,

VPNKEY is the shared key that you will use for the VPN, and remember to set the same key on the other end.

XXX.XXX.XXX. XXX the static public IP address of the other end.

3. Now we set lifetime for the IPSec security associations,

Router(config) #crypto ipsec security-associatio n lifetime seconds YYYYY

where YYYYY is the associations lifetime in seconds. It is usually used as 86400, which is one day.

4. Configure an extended access-list to define the traffic that is allowed to be directed through the VPN link,

Router(config) #access-list AAA permit ip SSS.SSS.SSS. SSS WIL.DCA.RDM. ASK DDD.DDD.DDD. DDD WIL.DCA.RDM. ASK

where,

AAA is the access-list number

SSS.SSS.SSS. SSS WIL.DCA.RDM. ASK is the source of the data allowed to use the VPN link.

DDD.DDD.DDD. DDD WIL.DCA.RDM. ASK is the destination of the data that need to pass though the VPN link.

5. Define the transformations set that will be used for this VPN connection,

Router(config) #crypto ipsec transform-set SETNAME BBBB CCCCC

where,

“SETNAME” is the name of the transformations set. You can choose any name you like.

BBBB and CCCCC is the transformation set. I recommend the use of “esp-3des esp-md5-hmac”. You can also use “esp-3des esp-sha-hmac”. Any one of these two will do the job.

6. After defining all the previous things, we need to create a cypto-map that associates the access-list to the other site and the transform set.

Router(config) #crypto map MAPNAME PRIORITY ipsec-isakmp

Router(config- crypto-map) #set peer XXX.XXX.XXX. XXX

Router(config- crypto-map) #set transform-set SETNAME

Router(config- crypto-map) #match address AAA

where,

MAPNAME is a name of your choice to the crypto-map

PRIORITY is the priority of this map over other maps to the same destination. If this is your only crypto-map give it any number, for example 10.

XXX.XXX.XXX. XXX the static public IP address of the other end

SETNAME is the name of the transformations set that we configured in step 5

AAA is the number of the access-list that we created to define the traffic in step 4

7. The last step is to bind the crypto-map to the interface that connects the router to the other end.

Router(config- if)#crypto map MAPNAME

where MAPNAME is the name of the crypto-map that we defined in step 6.

Now, repeat these steps on the other end, and remember to use the same key along with the same authentication and transform set.

Note: If you want to implement multiple VPN connections to multiple sites, you can do this by repeating the steps 2 to 7 (except step 3) for each VPN connection. The different crypto-maps and their assignments differentiate between the different VPN connections.

For troubleshooting purposes, you can use the following commands,

show crypto isakmp sa

show crypto ipsec sa

show crypto engine connections active

and show crypto map

source here