β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Speed ββOptimization-Use tmpfs to speed up your Linux server
pinterest.com/undercodeOfficial
π¦ ππΌππ πππΈβπ :
>cache files today and learned a trick is to use the virtual disk to store squid and seesion of php. A lot faster!
The default system will load / dev / shm, which is the so-called tmpfs. Some people say that it is different from ramdisk (virtual disk). Like a virtual disk, tmpfs can use your RAM, but it can also use your swap partition for storage. Moreover, the traditional virtual disk is a block device and requires a command such as mkfs to really use it. Tmpfs is a file system, not a block device; you just install it and it will work.
tmpfs has the following advantages:
1) The size of the dynamic file system;
2) Another major benefit of tmpfs is its lightning speed. Because a typical tmpfs file system resides entirely in RAM, reading and writing can be almost instantaneous;
3) tmpfs data is not retained after a restart, because virtual memory is inherently volatile. So it is necessary to do some scripts for operations such as loading and binding.
Okay, let βs talk about some road principles, everyone is annoying, let βs talk about my application :)
First, create a tmp folder in / dev / shm, and then bind it with the actual / tmp:
mkdir / dev / shm / tmp
chmod 1777 / dev / shm / tmp
mount --bind / dev / shm / tmp / tmp
Application example: 1. Squid cache directory settings
vi /etc/squid/squid.conf
Modify it to
cache_dir ufs / tmp 256 16 256
The first 256 here means using 256M memory, I think the method of using ramdisk
>shtml is not as good Use tmpfs directly, at least without using mkfs each time, and can also change the size dynamically. / Tmp at this time is actually dev / shm / tmp.
Then restart the service, ok, now all squid cache files are saved in the tmpfs file system, soon.
π¦ Optimization of PHP performance
1) For a website with a large number of visits to Apache + PHP, there may be many temporary files under tmp, such as seesion or some cache files, then you can save it to a tmpfs file.
2) The way to save the seesion is very simple, just modify php.ini. Since I have bound / dev / stm / tmp to / tmp, it is not necessary to rewrite. As for the cache file generated by the php program, it can only be changed Php program :)
3) As for other applications of tmpfs, I think everyone may be inspired by this tutorial
Written by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Speed ββOptimization-Use tmpfs to speed up your Linux server
pinterest.com/undercodeOfficial
π¦ ππΌππ πππΈβπ :
>cache files today and learned a trick is to use the virtual disk to store squid and seesion of php. A lot faster!
The default system will load / dev / shm, which is the so-called tmpfs. Some people say that it is different from ramdisk (virtual disk). Like a virtual disk, tmpfs can use your RAM, but it can also use your swap partition for storage. Moreover, the traditional virtual disk is a block device and requires a command such as mkfs to really use it. Tmpfs is a file system, not a block device; you just install it and it will work.
tmpfs has the following advantages:
1) The size of the dynamic file system;
2) Another major benefit of tmpfs is its lightning speed. Because a typical tmpfs file system resides entirely in RAM, reading and writing can be almost instantaneous;
3) tmpfs data is not retained after a restart, because virtual memory is inherently volatile. So it is necessary to do some scripts for operations such as loading and binding.
Okay, let βs talk about some road principles, everyone is annoying, let βs talk about my application :)
First, create a tmp folder in / dev / shm, and then bind it with the actual / tmp:
mkdir / dev / shm / tmp
chmod 1777 / dev / shm / tmp
mount --bind / dev / shm / tmp / tmp
Application example: 1. Squid cache directory settings
vi /etc/squid/squid.conf
Modify it to
cache_dir ufs / tmp 256 16 256
The first 256 here means using 256M memory, I think the method of using ramdisk
>shtml is not as good Use tmpfs directly, at least without using mkfs each time, and can also change the size dynamically. / Tmp at this time is actually dev / shm / tmp.
Then restart the service, ok, now all squid cache files are saved in the tmpfs file system, soon.
π¦ Optimization of PHP performance
1) For a website with a large number of visits to Apache + PHP, there may be many temporary files under tmp, such as seesion or some cache files, then you can save it to a tmpfs file.
2) The way to save the seesion is very simple, just modify php.ini. Since I have bound / dev / stm / tmp to / tmp, it is not necessary to rewrite. As for the cache file generated by the php program, it can only be changed Php program :)
3) As for other applications of tmpfs, I think everyone may be inspired by this tutorial
Written by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ CraftingRecipes resolve
>CraftingRecipes.xmlXml file storing all synthetic tables
This undercode tutorial will explain the file structure and content of the file in detail :
T.me/UnderCodeTesting
π¦ ππΌππ πππΈβπ :
1) Recipe elementΒΆ
The <Recipes>element names of multiple sub- elements under the root element of the xml file are used to express classifications. Each of the many element names under these "classification" elements Recipestores a synthesis table in the game. Below is one of the element names. as Recipeelements:
<Recipe Result = "StonePickaxeBlock" ResultCount = "1" RequiredHeatLevel = "0" a = "stick" b = "cobblestone" Description = "Make a stone tool" >
"bbb"
"a"
"a"
</ Recipe>
π¦Detailed properties:
Attribute name translation Detailed
Result product The attribute value BlocksData.txtis one of the squaresClass Name
ResultCount Yield Requires an attribute value less than that of the blockMaxStacking
ResultCount Yield Requires an attribute value less than that of the blockMaxStacking
Required
HeatLevel Demand fuel grade If the attribute value is equal to 0, can be synthesized in a backpack and synthetic station, not produced in the furnace
, if more than 0, only synthesized in the furnace, and the fuel box FuelHeatLevelmust be greater than or equal to the property value
a, b, etc. Raw materials
a, b, etc. Attribute value of the blockCraftingId
Description description The description of the interface display in the game synthesis table
π¦The text part of this element is how the raw materials are placed. Some things to note:
Blanks represent blanks, no raw materials can be placed in this position
For Required a synthetic table with an attribute value of 0, if the number of columns and columns is less than 3, it can be synthesized in both the backpack and the synthesis table
There is also a synthetic table with the following two attributes
π¦Attribute name translation Detailed
>Remains Remaining And Result similar, can be seen as a second product
>Remains
Count Remaining number Requires an attribute value less than that of the blockMaxStacking
Written by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ CraftingRecipes resolve
>CraftingRecipes.xmlXml file storing all synthetic tables
This undercode tutorial will explain the file structure and content of the file in detail :
T.me/UnderCodeTesting
π¦ ππΌππ πππΈβπ :
1) Recipe elementΒΆ
The <Recipes>element names of multiple sub- elements under the root element of the xml file are used to express classifications. Each of the many element names under these "classification" elements Recipestores a synthesis table in the game. Below is one of the element names. as Recipeelements:
<Recipe Result = "StonePickaxeBlock" ResultCount = "1" RequiredHeatLevel = "0" a = "stick" b = "cobblestone" Description = "Make a stone tool" >
"bbb"
"a"
"a"
</ Recipe>
π¦Detailed properties:
Attribute name translation Detailed
Result product The attribute value BlocksData.txtis one of the squaresClass Name
ResultCount Yield Requires an attribute value less than that of the blockMaxStacking
ResultCount Yield Requires an attribute value less than that of the blockMaxStacking
Required
HeatLevel Demand fuel grade If the attribute value is equal to 0, can be synthesized in a backpack and synthetic station, not produced in the furnace
, if more than 0, only synthesized in the furnace, and the fuel box FuelHeatLevelmust be greater than or equal to the property value
a, b, etc. Raw materials
a, b, etc. Attribute value of the blockCraftingId
Description description The description of the interface display in the game synthesis table
π¦The text part of this element is how the raw materials are placed. Some things to note:
Blanks represent blanks, no raw materials can be placed in this position
For Required a synthetic table with an attribute value of 0, if the number of columns and columns is less than 3, it can be synthesized in both the backpack and the synthesis table
There is also a synthetic table with the following two attributes
π¦Attribute name translation Detailed
>Remains Remaining And Result similar, can be seen as a second product
>Remains
Count Remaining number Requires an attribute value less than that of the blockMaxStacking
Written by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ 2020 open source software Nginx Block Bad Bots, Spam Referrer Blocker, Vulnerability Scanners, User-Agents, Malware, Adware, Ransomware, Malicious Sites, with anti-DDOS, Wordpress Theme Detector Blocking and Fail2Ban Jail for Repeat Offenders
instagram.com/UnderCodeTestingCompany
π¦ πβπππΈπππππΈπππβ πΈβπ» βπβ
linux
1) Download install-ngxblocker to your /usr/local/sbin/directory and make the script executable.
2) sudo wget https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/install-ngxblocker -O /usr/local/sbin/3) install-ngxblocker
3) sudo chmod +x /usr/local/sbin/install-ngxblocker
If your Linux distribution does not have wget you can replace the wget command above using curl as follows:
4) curl -sL https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/install-ngxblocker -o /usr/local/sbin/install-ngxblocker
π¦ FreeBSD
Install the package.
1) pkg install www/nginx-ultimate-bad-bot-blocker
Alternatively install via portmaster:
2) portmaster www/nginx-ultimate-bad-bot-blocker
3) Now run the install-ngxblocker script in DRY-MODE which will show you what changes it will make and what files it will download for you. This is only a DRY-RUN so no changes are being made yet.
4) The install-ngxblocker downloads all required files including the setup and update scripts.
cd /usr/local/sbin
sudo ./install-ngxblocker
This will show you output as follows of the changes that will be made (NOTE: this is only a DRY-RUN no changes have been made)
5) Checking url: https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/include_filelist.txt
Dry Run | not updating files | run as 'install-ngxblocker -x' to install files.
6) Creating directory: /etc/nginx/bots.d
REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master
Downloading [FROM]=> [REPO]/conf.d/globalblacklist.conf [TO]=> /etc/nginx/conf.d/globalblacklist.conf
Downloading [FROM]=> [REPO]/conf.d/botblocker-nginx-settings.conf [TO]=> /etc/nginx/conf.d/botblocker-nginx-settings.conf
REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master
Downloading [FROM]=> [REPO]/bots.d/blockbots.conf [TO]=> /etc/nginx/bots.d/blockbots.conf
Downloading [FROM]=> [REPO]/bots.d/ddos.conf [TO]=> /etc/nginx/bots.d/ddos.conf
Downloading [FROM]=> [REPO]/bots.d/whitelist-ips.conf [TO]=> /etc/nginx/bots.d/whitelist-ips.conf
Downloading [FROM]=> [REPO]/bots.d/whitelist-domains.conf [TO]=> /etc/nginx/bots.d/whitelist-domains.conf
Downloading [FROM]=> [REPO]/bots.d/blacklist-user-agents.conf [TO]=> /etc/nginx/bots.d/blacklist-user-agents.conf
Downloading [FROM]=> [REPO]/bots.d/blacklist-ips.conf [TO]=> /etc/nginx/bots.d/blacklist-ips.conf
Downloading [FROM]=> [REPO]/bots.d/bad-referrer-words.conf [TO]=> /etc/nginx/bots.d/bad-referrer-words.conf
Downloading [FROM]=> [REPO]/bots.d/custom-bad-referrers.conf [TO]=> /etc/nginx/bots.d/custom-bad-referrers.conf
REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master
Downloading [FROM]=> [REPO]/setup-ngxblocker [TO]=> /usr/local/sbin/setup-ngxblocker
Downloading [FROM]=> [REPO]/update-ngxblocker [TO]=> /usr/local/sbin/update-ngxblocker
setup-ngxblocker, install-ngxblocker and update-ngxblocker can all be configured with custom installation / update locations from the command line.
7) Run any of the setup, install or update scripts with --help or -h to view options.
8) Now run the install script with the -x parameter to download all the necessary files from the repository:
cd /usr/local/sbin/
sudo ./install-ngxblocker -x
This will give you the following output:
Checking url: https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/include_filelist.txt
8) Creating directory: /etc/nginx/bots.d
REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master
π¦ 2020 open source software Nginx Block Bad Bots, Spam Referrer Blocker, Vulnerability Scanners, User-Agents, Malware, Adware, Ransomware, Malicious Sites, with anti-DDOS, Wordpress Theme Detector Blocking and Fail2Ban Jail for Repeat Offenders
instagram.com/UnderCodeTestingCompany
π¦ πβπππΈπππππΈπππβ πΈβπ» βπβ
linux
1) Download install-ngxblocker to your /usr/local/sbin/directory and make the script executable.
2) sudo wget https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/install-ngxblocker -O /usr/local/sbin/3) install-ngxblocker
3) sudo chmod +x /usr/local/sbin/install-ngxblocker
If your Linux distribution does not have wget you can replace the wget command above using curl as follows:
4) curl -sL https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/install-ngxblocker -o /usr/local/sbin/install-ngxblocker
π¦ FreeBSD
Install the package.
1) pkg install www/nginx-ultimate-bad-bot-blocker
Alternatively install via portmaster:
2) portmaster www/nginx-ultimate-bad-bot-blocker
3) Now run the install-ngxblocker script in DRY-MODE which will show you what changes it will make and what files it will download for you. This is only a DRY-RUN so no changes are being made yet.
4) The install-ngxblocker downloads all required files including the setup and update scripts.
cd /usr/local/sbin
sudo ./install-ngxblocker
This will show you output as follows of the changes that will be made (NOTE: this is only a DRY-RUN no changes have been made)
5) Checking url: https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/include_filelist.txt
Dry Run | not updating files | run as 'install-ngxblocker -x' to install files.
6) Creating directory: /etc/nginx/bots.d
REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master
Downloading [FROM]=> [REPO]/conf.d/globalblacklist.conf [TO]=> /etc/nginx/conf.d/globalblacklist.conf
Downloading [FROM]=> [REPO]/conf.d/botblocker-nginx-settings.conf [TO]=> /etc/nginx/conf.d/botblocker-nginx-settings.conf
REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master
Downloading [FROM]=> [REPO]/bots.d/blockbots.conf [TO]=> /etc/nginx/bots.d/blockbots.conf
Downloading [FROM]=> [REPO]/bots.d/ddos.conf [TO]=> /etc/nginx/bots.d/ddos.conf
Downloading [FROM]=> [REPO]/bots.d/whitelist-ips.conf [TO]=> /etc/nginx/bots.d/whitelist-ips.conf
Downloading [FROM]=> [REPO]/bots.d/whitelist-domains.conf [TO]=> /etc/nginx/bots.d/whitelist-domains.conf
Downloading [FROM]=> [REPO]/bots.d/blacklist-user-agents.conf [TO]=> /etc/nginx/bots.d/blacklist-user-agents.conf
Downloading [FROM]=> [REPO]/bots.d/blacklist-ips.conf [TO]=> /etc/nginx/bots.d/blacklist-ips.conf
Downloading [FROM]=> [REPO]/bots.d/bad-referrer-words.conf [TO]=> /etc/nginx/bots.d/bad-referrer-words.conf
Downloading [FROM]=> [REPO]/bots.d/custom-bad-referrers.conf [TO]=> /etc/nginx/bots.d/custom-bad-referrers.conf
REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master
Downloading [FROM]=> [REPO]/setup-ngxblocker [TO]=> /usr/local/sbin/setup-ngxblocker
Downloading [FROM]=> [REPO]/update-ngxblocker [TO]=> /usr/local/sbin/update-ngxblocker
setup-ngxblocker, install-ngxblocker and update-ngxblocker can all be configured with custom installation / update locations from the command line.
7) Run any of the setup, install or update scripts with --help or -h to view options.
8) Now run the install script with the -x parameter to download all the necessary files from the repository:
cd /usr/local/sbin/
sudo ./install-ngxblocker -x
This will give you the following output:
Checking url: https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/include_filelist.txt
8) Creating directory: /etc/nginx/bots.d
REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master
Downloading [FROM]=> [REPO]/conf.d/globalblacklist.conf [TO]=> /etc/nginx/conf.d/globalblacklist.conf...OK
Downloading [FROM]=> [REPO]/conf.d/botblocker-nginx-settings.conf [TO]=> /etc/nginx/conf.d/botblocker-nginx-settings.conf...OK
REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master
9) Downloading [FROM]=> [REPO]/bots.d/blockbots.conf [TO]=> /etc/nginx/bots.d/blockbots.conf...OK
Downloading [FROM]=> [REPO]/bots.d/ddos.conf [TO]=> /etc/nginx/bots.d/ddos.conf...OK
Downloading [FROM]=> [REPO]/bots.d/whitelist-ips.conf [TO]=> /etc/nginx/bots.d/whitelist-ips.conf...OK
Downloading [FROM]=> [REPO]/bots.d/whitelist-domains.conf [TO]=> /etc/nginx/bots.d/whitelist-domains.conf...OK
Downloading [FROM]=> [REPO]/bots.d/blacklist-user-agents.conf [TO]=> /etc/nginx/bots.d/blacklist-user-agents.conf...OK
Downloading [FROM]=> [REPO]/bots.d/blacklist-ips.conf [TO]=> /etc/nginx/bots.d/blacklist-ips.conf...OK
Downloading [FROM]=> [REPO]/bots.d/bad-referrer-words.conf [TO]=> /etc/nginx/bots.d/bad-referrer-words.conf...OK
Downloading [FROM]=> [REPO]/bots.d/custom-bad-referrers.conf [TO]=> /etc/nginx/bots.d/custom-bad-referrers.conf...OK
REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master
10) Downloading [FROM]=> [REPO]/setup-ngxblocker [TO]=> /usr/local/sbin/setup-ngxblocker...OK
Downloading [FROM]=> [REPO]/update-ngxblocker [TO]=> /usr/local/sbin/update-ngxblocker...OK
All the required files have now been downloaded to the correct folders on Nginx for you direct from the repository.
11) MAKE SURE you set your setup and update scripts to be executable by running the following two commands. This is important before continuing with Step 4 and onwards.
sudo chmod +x /usr/local/sbin/setup-ngxblocker
sudo chmod +x /usr/local/sbin/update-ngxblocker
setup-ngxblocker, install-ngxblocker and update-ngxblocker can all be configured with custom installation / update locations from the command line.
Run any of the setup, install or update scripts with --help or -h to view options.
12) Now run the setup-ngxblocker script in DRY-MODE which will show you what changes it will make and what files it will download for you. This is only a DRY-RUN so no changes are being made yet.
cd /usr/local/sbin/
sudo ./setup-ngxblocker
This will give you output as follows (this output below assumes your nginx.conf file already has the default include of /etc/nginx/conf.d/*) All Nginx installations I know of have this default include in the nginx.conf file distributed with all versions.
13) Checking url: https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/include_filelist.txt
Dry Run | not updating files | run as 'setup-ngxblocker -x' to setup files.
INFO: /etc/nginx/conf.d/* detected => /etc/nginx/nginx.conf
inserting: include /etc/nginx/bots.d/blockbots.conf; => /etc/nginx/sites-available/mydomain2.com.vhost
inserting: include /etc/nginx/bots.d/ddos.conf; => /etc/nginx/sites-available/mydomain2.com.vhost
inserting: include /etc/nginx/bots.d/blockbots.conf; => /etc/nginx/sites-available/mydomain1.com.vhost
inserting: include /etc/nginx/bots.d/ddos.conf; => /etc/nginx/sites-available/mydomain1.com.vhost
Whitelisting ip: x.x.x.x => /etc/nginx/bots.d/whitelist-ips.conf
This script also whitelists your IP in the whitelist-ips.conf file for you. Further IP's or IP ranges can be added to your customizable whitelits-ips.conf file located in /etc/nginx/bots.d/whitelist-ips.conf.
setup-ngxblocker, install-ngxblocker and update-ngxblocker can all be configured with custom installation / update locations from the command line.
π¦ Run any of the setup, install or update scripts with --help or -h to view options.
1) Now run the setup script with the -x parameter to make all the n ecessary changes to your nginx.conf (if required) and also to add the required includes into all your vhost files.
Downloading [FROM]=> [REPO]/conf.d/botblocker-nginx-settings.conf [TO]=> /etc/nginx/conf.d/botblocker-nginx-settings.conf...OK
REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master
9) Downloading [FROM]=> [REPO]/bots.d/blockbots.conf [TO]=> /etc/nginx/bots.d/blockbots.conf...OK
Downloading [FROM]=> [REPO]/bots.d/ddos.conf [TO]=> /etc/nginx/bots.d/ddos.conf...OK
Downloading [FROM]=> [REPO]/bots.d/whitelist-ips.conf [TO]=> /etc/nginx/bots.d/whitelist-ips.conf...OK
Downloading [FROM]=> [REPO]/bots.d/whitelist-domains.conf [TO]=> /etc/nginx/bots.d/whitelist-domains.conf...OK
Downloading [FROM]=> [REPO]/bots.d/blacklist-user-agents.conf [TO]=> /etc/nginx/bots.d/blacklist-user-agents.conf...OK
Downloading [FROM]=> [REPO]/bots.d/blacklist-ips.conf [TO]=> /etc/nginx/bots.d/blacklist-ips.conf...OK
Downloading [FROM]=> [REPO]/bots.d/bad-referrer-words.conf [TO]=> /etc/nginx/bots.d/bad-referrer-words.conf...OK
Downloading [FROM]=> [REPO]/bots.d/custom-bad-referrers.conf [TO]=> /etc/nginx/bots.d/custom-bad-referrers.conf...OK
REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master
10) Downloading [FROM]=> [REPO]/setup-ngxblocker [TO]=> /usr/local/sbin/setup-ngxblocker...OK
Downloading [FROM]=> [REPO]/update-ngxblocker [TO]=> /usr/local/sbin/update-ngxblocker...OK
All the required files have now been downloaded to the correct folders on Nginx for you direct from the repository.
11) MAKE SURE you set your setup and update scripts to be executable by running the following two commands. This is important before continuing with Step 4 and onwards.
sudo chmod +x /usr/local/sbin/setup-ngxblocker
sudo chmod +x /usr/local/sbin/update-ngxblocker
setup-ngxblocker, install-ngxblocker and update-ngxblocker can all be configured with custom installation / update locations from the command line.
Run any of the setup, install or update scripts with --help or -h to view options.
12) Now run the setup-ngxblocker script in DRY-MODE which will show you what changes it will make and what files it will download for you. This is only a DRY-RUN so no changes are being made yet.
cd /usr/local/sbin/
sudo ./setup-ngxblocker
This will give you output as follows (this output below assumes your nginx.conf file already has the default include of /etc/nginx/conf.d/*) All Nginx installations I know of have this default include in the nginx.conf file distributed with all versions.
13) Checking url: https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/include_filelist.txt
Dry Run | not updating files | run as 'setup-ngxblocker -x' to setup files.
INFO: /etc/nginx/conf.d/* detected => /etc/nginx/nginx.conf
inserting: include /etc/nginx/bots.d/blockbots.conf; => /etc/nginx/sites-available/mydomain2.com.vhost
inserting: include /etc/nginx/bots.d/ddos.conf; => /etc/nginx/sites-available/mydomain2.com.vhost
inserting: include /etc/nginx/bots.d/blockbots.conf; => /etc/nginx/sites-available/mydomain1.com.vhost
inserting: include /etc/nginx/bots.d/ddos.conf; => /etc/nginx/sites-available/mydomain1.com.vhost
Whitelisting ip: x.x.x.x => /etc/nginx/bots.d/whitelist-ips.conf
This script also whitelists your IP in the whitelist-ips.conf file for you. Further IP's or IP ranges can be added to your customizable whitelits-ips.conf file located in /etc/nginx/bots.d/whitelist-ips.conf.
setup-ngxblocker, install-ngxblocker and update-ngxblocker can all be configured with custom installation / update locations from the command line.
π¦ Run any of the setup, install or update scripts with --help or -h to view options.
1) Now run the setup script with the -x parameter to make all the n ecessary changes to your nginx.conf (if required) and also to add the required includes into all your vhost files.
2) This setup-ngxblocker script assumes that all your vhost files located in /etc/nginx/sites-available end in an extension .vhost. It is good practice to make all your vhost config files end with a .vhost extension but if you prefer to stick what you already have eg .conf you can simply modify run setup-ngxblocker using the -e parameter to specify the extension you use for your vhost files.
3) For instance if your vhost files end in .conf you will change this execute setup-ngxblocker with an additional command line parameter as follows:
sudo ./setup-ngxblocker -x -e conf
4) So now let's run the setup script and let it make all the changes we need to make the Bot Blocker active on all your sites.
cd /usr/local/sbin/
sudo ./setup-ngxblocker -x
You will see output as follows:
Checking url: https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/include_filelist.txt
INFO: /etc/nginx/conf.d/* detected => /etc/nginx/nginx.conf
inserting: include /etc/nginx/bots.d/blockbots.conf; => /etc/nginx/sites-available/mydomain2.com.vhost
inserting: include /etc/nginx/bots.d/ddos.conf; => /etc/nginx/sites-available/mydomain2.com.vhost
inserting: include /etc/nginx/bots.d/blockbots.conf; => /etc/nginx/sites-available/mydomain1.com.vhost
inserting: include /etc/nginx/bots.d/ddos.conf; => /etc/nginx/sites-available/mydomain1.com.vhost
5) Whitelisting ip: x.x.x.x => /etc/nginx/bots.d/whitelist-ips.conf
You will note it has done the includes in all the .vhost files on my test bed server and also whitelisted your own IP address in the whitelist-ips.conf file for you. Further IP's or IP ranges can be added to your customizable whitelits-ips.conf file located in /etc/nginx/bots.d/whitelist-ips.conf.
What this setup script has done has simply added the following include statements into your .vhost files for you, it also adds /etc/nginx/conf.d/* to the includes in nginx.conf (if not already in nginx.conf), otherwise, the whole script will fail.
π¦ Bad Bot Blocker
include /etc/nginx/bots.d/ddos.conf;
include /etc/nginx/bots.d/blockbots.conf;
setup-ngxblocker, install-ngxblocker and update-ngxblocker can all be configured with custom installation / update locations from the command line.
Run any of the setup, install or update scripts with --help or -h to view options.
Now test your nginx configuration
sudo nginx -t
and you should see
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Now simply reload / restart Nginx and the Bot Blocker will immediately be active and protecting all your web sites.
sudo nginx -t && sudo nginx -s reload
or
sudo service nginx restart
That's it, the blocker is now active and protecting your sites from thousands of malicious bots and domains.
Now setup cron to automatically update the blocker for you every day so you always have the latest up to date protection.
sudo crontab -e
Add the following line at the end of your crontab file. Note adding the -e command line parameter to specify your email address where the update report is sent to. Obviously substitute yourname@youremail.com with your real email address or you will not receive the email when the script has updated.
00 22 * * * sudo /usr/local/sbin/update-ngxblocker -e yourname@youremail.com
This will update the blocker every night for you at 10 PM.
If you want it to update more frequently (as sometimes I push out 3-4 updates a day) you can set it as follows to run the cron every 8 hours, although just once a day is more than enough.
00 */8 * * * sudo /usr/local/sbin/update-ngxblocker -e yourname@youremail.com
If you don't want any email notification after an update (not advisable in case Nginx ever has an EMERG when reloading), then simply run your cron as follows.
00 */8 * * * sudo /usr/local/sbin/update-ngxblocker -n
If you would rather send e-mail via mailgun then run your cron as so:
3) For instance if your vhost files end in .conf you will change this execute setup-ngxblocker with an additional command line parameter as follows:
sudo ./setup-ngxblocker -x -e conf
4) So now let's run the setup script and let it make all the changes we need to make the Bot Blocker active on all your sites.
cd /usr/local/sbin/
sudo ./setup-ngxblocker -x
You will see output as follows:
Checking url: https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/include_filelist.txt
INFO: /etc/nginx/conf.d/* detected => /etc/nginx/nginx.conf
inserting: include /etc/nginx/bots.d/blockbots.conf; => /etc/nginx/sites-available/mydomain2.com.vhost
inserting: include /etc/nginx/bots.d/ddos.conf; => /etc/nginx/sites-available/mydomain2.com.vhost
inserting: include /etc/nginx/bots.d/blockbots.conf; => /etc/nginx/sites-available/mydomain1.com.vhost
inserting: include /etc/nginx/bots.d/ddos.conf; => /etc/nginx/sites-available/mydomain1.com.vhost
5) Whitelisting ip: x.x.x.x => /etc/nginx/bots.d/whitelist-ips.conf
You will note it has done the includes in all the .vhost files on my test bed server and also whitelisted your own IP address in the whitelist-ips.conf file for you. Further IP's or IP ranges can be added to your customizable whitelits-ips.conf file located in /etc/nginx/bots.d/whitelist-ips.conf.
What this setup script has done has simply added the following include statements into your .vhost files for you, it also adds /etc/nginx/conf.d/* to the includes in nginx.conf (if not already in nginx.conf), otherwise, the whole script will fail.
π¦ Bad Bot Blocker
include /etc/nginx/bots.d/ddos.conf;
include /etc/nginx/bots.d/blockbots.conf;
setup-ngxblocker, install-ngxblocker and update-ngxblocker can all be configured with custom installation / update locations from the command line.
Run any of the setup, install or update scripts with --help or -h to view options.
Now test your nginx configuration
sudo nginx -t
and you should see
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Now simply reload / restart Nginx and the Bot Blocker will immediately be active and protecting all your web sites.
sudo nginx -t && sudo nginx -s reload
or
sudo service nginx restart
That's it, the blocker is now active and protecting your sites from thousands of malicious bots and domains.
Now setup cron to automatically update the blocker for you every day so you always have the latest up to date protection.
sudo crontab -e
Add the following line at the end of your crontab file. Note adding the -e command line parameter to specify your email address where the update report is sent to. Obviously substitute yourname@youremail.com with your real email address or you will not receive the email when the script has updated.
00 22 * * * sudo /usr/local/sbin/update-ngxblocker -e yourname@youremail.com
This will update the blocker every night for you at 10 PM.
If you want it to update more frequently (as sometimes I push out 3-4 updates a day) you can set it as follows to run the cron every 8 hours, although just once a day is more than enough.
00 */8 * * * sudo /usr/local/sbin/update-ngxblocker -e yourname@youremail.com
If you don't want any email notification after an update (not advisable in case Nginx ever has an EMERG when reloading), then simply run your cron as follows.
00 */8 * * * sudo /usr/local/sbin/update-ngxblocker -n
If you would rather send e-mail via mailgun then run your cron as so:
00 22 * * * sudo /usr/local/sbin/update-ngxblocker -g yourname@yourdomain.com -d yourdomain.com -a mailgun api key -f from@yourdomain.com
That's it, the blocker will automatically keep itself up to date and also reload Nginx once it has downloaded the latest version of the globalblacklist.conf file.
You can now customize any of the following files below to suit your environment or requirements. These include files never get modified during an update using the auto update script above so whatever customizations you do here will never be overwritten during an update.
/etc/nginx/bots.d/whitelist-ips.conf
/etc/nginx/bots.d/whitelist-domains.conf
/etc/nginx/bots.d/blacklist-user-agents.conf
/etc/nginx/bots.d/blacklist-ips.conf
/etc/nginx/bots.d/bad-referrer-words.conf
/etc/nginx/bots.d/custom-bad-referrers.conf
Let's say for some "obscure" reason you actually want to block GoogleBot from accessing your site. You would simply add it to the /etc/nginx/bots.d/blacklist-user-agents.conf file and it will over-ride the default whitelist for GoogleBot. the same applies to any other bots that are whitelisted by default.
π¦Tested and recommended by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
That's it, the blocker will automatically keep itself up to date and also reload Nginx once it has downloaded the latest version of the globalblacklist.conf file.
You can now customize any of the following files below to suit your environment or requirements. These include files never get modified during an update using the auto update script above so whatever customizations you do here will never be overwritten during an update.
/etc/nginx/bots.d/whitelist-ips.conf
/etc/nginx/bots.d/whitelist-domains.conf
/etc/nginx/bots.d/blacklist-user-agents.conf
/etc/nginx/bots.d/blacklist-ips.conf
/etc/nginx/bots.d/bad-referrer-words.conf
/etc/nginx/bots.d/custom-bad-referrers.conf
Let's say for some "obscure" reason you actually want to block GoogleBot from accessing your site. You would simply add it to the /etc/nginx/bots.d/blacklist-user-agents.conf file and it will over-ride the default whitelist for GoogleBot. the same applies to any other bots that are whitelisted by default.
π¦Tested and recommended by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ NTP communication:
twitter.com/UnderCodetc
π¦ ππΌππ πππΈβπ :
1) From the SRX specification, NTP communication should be considered. It is possible to synchronize with an NTP server behind the DMZ or Untrust, but only the RG0 Primary.
2) In order to synchronize NTP with the Secondary of RG0, it is necessary to reach the NTP server via the segment to which the management interface (fxp0) is connected or via that segment. Don't forget to set up a backup router if you want to go over a segment. Since the Secondary of RG0 cannot have a routing table, it is necessary to set up a backup router.
3) Since RG0 Secondary cannot start ntpd, perform manual synchronization. In the case of SRX, this is equivalent to the command "set date ntp". Make the following settings to execute this command periodically.
set event-options generate-event ntp-sync time-of-day β05:00:00 +0900β
set event-options policy Policy1 events ntp-sync
set event-options policy Policy1 then execute-commands commands βset date ntpβ
set event-options policy Policy1 then execute-commands output-filename ntp-sync
set event-options policy Policy1 then execute-commands destination local-directory
set event-options destinations local-directory archive-sites / var / tmp /
4) This setting synchronizes the time of node0 and node1 with the NTP server by "set date ntp" every day at 5:00 in the morning. Of course, ntp server settings are required separately.
π¦ NTP server settings
set system ntp server xxxx prefer
set system ntp server yyyy
If there is an NTP server that you want to prioritize, add "prefer".
5) Backup router settings
set groups node0 system backup-router 192.168.2.1 destination 8.8.8.8/32
set groups node1 system backup-router 192.168.2.1 destination 8.8.8.8/32
6) Set up backup routers separately for node0 and node1. Since the RG0 Secondary cannot have a routing table, be sure to set backup routers for both node0 and node1 so that either of them can be the Secondary.
Note that the backup router is separate from the static routing configuration.
7) Automatic switching back is recommended for control links
Basically, I don't think it is necessary to consider because the control link is directly connected, but if the control link (fxp1) goes down, the RG0 Secondary machine will be disabled and will not be usable.
8) If the control link is linked up again, it will not be able to escape from the disabled state by default, and will not recover from the disabled state without restarting.
9) To avoid such a situation, it is necessary to set a setting to automatically restore the control link status when the control link is restored. When designing SRX, we recommend that you apply the following settings.
set chassis cluster control-link-recovery
10) If this setting is entered, the device that was in the Disabled state when the control link was restored will automatically restart and restore the control link.
11) Fabric link monitoring should be disabled
By default, when the fabric link is linked down, the RG0 Secondary is disabled and becomes unusable.
12) The fabric link is used for synchronizing the ARP table and the session table. If the link goes down or goes up, the existing communication will not be affected much.
13) Like the control link, the fabric link is basically directly connected, so I don't think that the link will go down, but we recommend that you disable the monitoring setting in case of emergency. This is the Juniper recommended setting .
14) set chassis cluster no-fabric-monitoring
With this setting, nothing happens when the fabric link goes down or up.
Written by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ NTP communication:
twitter.com/UnderCodetc
π¦ ππΌππ πππΈβπ :
1) From the SRX specification, NTP communication should be considered. It is possible to synchronize with an NTP server behind the DMZ or Untrust, but only the RG0 Primary.
2) In order to synchronize NTP with the Secondary of RG0, it is necessary to reach the NTP server via the segment to which the management interface (fxp0) is connected or via that segment. Don't forget to set up a backup router if you want to go over a segment. Since the Secondary of RG0 cannot have a routing table, it is necessary to set up a backup router.
3) Since RG0 Secondary cannot start ntpd, perform manual synchronization. In the case of SRX, this is equivalent to the command "set date ntp". Make the following settings to execute this command periodically.
set event-options generate-event ntp-sync time-of-day β05:00:00 +0900β
set event-options policy Policy1 events ntp-sync
set event-options policy Policy1 then execute-commands commands βset date ntpβ
set event-options policy Policy1 then execute-commands output-filename ntp-sync
set event-options policy Policy1 then execute-commands destination local-directory
set event-options destinations local-directory archive-sites / var / tmp /
4) This setting synchronizes the time of node0 and node1 with the NTP server by "set date ntp" every day at 5:00 in the morning. Of course, ntp server settings are required separately.
π¦ NTP server settings
set system ntp server xxxx prefer
set system ntp server yyyy
If there is an NTP server that you want to prioritize, add "prefer".
5) Backup router settings
set groups node0 system backup-router 192.168.2.1 destination 8.8.8.8/32
set groups node1 system backup-router 192.168.2.1 destination 8.8.8.8/32
6) Set up backup routers separately for node0 and node1. Since the RG0 Secondary cannot have a routing table, be sure to set backup routers for both node0 and node1 so that either of them can be the Secondary.
Note that the backup router is separate from the static routing configuration.
7) Automatic switching back is recommended for control links
Basically, I don't think it is necessary to consider because the control link is directly connected, but if the control link (fxp1) goes down, the RG0 Secondary machine will be disabled and will not be usable.
8) If the control link is linked up again, it will not be able to escape from the disabled state by default, and will not recover from the disabled state without restarting.
9) To avoid such a situation, it is necessary to set a setting to automatically restore the control link status when the control link is restored. When designing SRX, we recommend that you apply the following settings.
set chassis cluster control-link-recovery
10) If this setting is entered, the device that was in the Disabled state when the control link was restored will automatically restart and restore the control link.
11) Fabric link monitoring should be disabled
By default, when the fabric link is linked down, the RG0 Secondary is disabled and becomes unusable.
12) The fabric link is used for synchronizing the ARP table and the session table. If the link goes down or goes up, the existing communication will not be affected much.
13) Like the control link, the fabric link is basically directly connected, so I don't think that the link will go down, but we recommend that you disable the monitoring setting in case of emergency. This is the Juniper recommended setting .
14) set chassis cluster no-fabric-monitoring
With this setting, nothing happens when the fabric link goes down or up.
Written by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Twitter
UNDERCODE TESTING COMPANY (@UnderCodeTC) | Twitter
The latest Tweets from UNDERCODE TESTING COMPANY (@UnderCodeTC). πΈππ§πππππ & πΈππ¨ππͺπ€ ππ‘πππ₯ππ. Lebanon-North
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to build a cluster- nTp
How to build Chassis Cluster (abbreviated CC) with SRX. If the versions do not exactly match, you cannot form a cluster.
1) Initialize settings
Initialize in operation mode. All subsequent operations are based on console connection.
root> request system zeroize
2) Executing this command automatically restarts.
Enable Chassis Cluster
We recommend connecting the control link.
3) Operations on the primary device
root @% cli
root> configure shared
root # delete interfaces
root # delete vlans
root # delete security
root # set system root-authentication plain-text-password
root # commit
root # exit
root> set chassis cluster cluster-id 1 node 0 reboot
4) Operations on the secondary device
root @% cli
root> configure shared
root # delete interfaces
root # delete vlans
root # delete security
root # set system root-authentication plain-text-password
root # commit
root # exit
root> set chassis cluster cluster-id 1 node 1 reboot
Written by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to build a cluster- nTp
How to build Chassis Cluster (abbreviated CC) with SRX. If the versions do not exactly match, you cannot form a cluster.
1) Initialize settings
Initialize in operation mode. All subsequent operations are based on console connection.
root> request system zeroize
2) Executing this command automatically restarts.
Enable Chassis Cluster
We recommend connecting the control link.
3) Operations on the primary device
root @% cli
root> configure shared
root # delete interfaces
root # delete vlans
root # delete security
root # set system root-authentication plain-text-password
root # commit
root # exit
root> set chassis cluster cluster-id 1 node 0 reboot
4) Operations on the secondary device
root @% cli
root> configure shared
root # delete interfaces
root # delete vlans
root # delete security
root # set system root-authentication plain-text-password
root # commit
root # exit
root> set chassis cluster cluster-id 1 node 1 reboot
Written by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ quick protection of a stationary PC by UnderCode :
instagram.com/UndrCodeTestingCompany
π¦ ππΌππ πππΈβπ :
1) Install system updates: activate the automatic installation of Windows updates - so you will not miss important fixes.
2) Installing anti-virus: we recommend using domestic products from Kaspersky Lab and Doctor Web, which also have free products.
3) Software Updates: Close security holes in third-party applications, such as Adobe Reader and Java.
4) Checking browser extensions: look through the list of installed plugins and get rid of unknown ones.
5) Check OS security tools: Spybot program will save the system from spyware.
6) Immense scope for attacks
> there were nearly 700 million malware variants worldwide - a skyrocketing growth.
Written by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ quick protection of a stationary PC by UnderCode :
instagram.com/UndrCodeTestingCompany
π¦ ππΌππ πππΈβπ :
1) Install system updates: activate the automatic installation of Windows updates - so you will not miss important fixes.
2) Installing anti-virus: we recommend using domestic products from Kaspersky Lab and Doctor Web, which also have free products.
3) Software Updates: Close security holes in third-party applications, such as Adobe Reader and Java.
4) Checking browser extensions: look through the list of installed plugins and get rid of unknown ones.
5) Check OS security tools: Spybot program will save the system from spyware.
6) Immense scope for attacks
> there were nearly 700 million malware variants worldwide - a skyrocketing growth.
Written by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How to hack computers using the FM-receiver in the phone : > basic
pinterest.com/UnderCodeOfficial
π¦ ππΌππ πππΈβπ :
1) Hacking computers is carried out using mobile phones. In this case, you do not need to connect either a phone or a PC to any modern wireless connection. However, there is one condition: the computer from which the data will be received must be infected with a certain code.
2) AirHopper receives data from the radiation of a computer monitor and from keystrokes on the keyboard. In this case, a receiver operating in the FM band is used, reports tomsguide.com.
3) Some technical details of the research work have already been posted on the Ben Gurion University website, but basic information has not yet been disclosed. AirHopper has an effective range of up to 7 meters, and the walls are not an obstacle for him (since he receives FM radio signals).
4) βA large number of mobile phones currently have FM receivers. With appropriate malware, using electromagnetic radiation, radio signals can be received by a computer. This combination of a PC with a mobile receiver creates a potentially hidden channel that is not controlled by conventional security equipment, βsays one of the developers of AirHopper.
5) the computer and smartphones are not connected to a wired or wireless network. One phone is just a few meters from the monitor, and the second is in another room. The text typed on the computer is simultaneously displayed on the monitor and on the screens of two phones.
written by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How to hack computers using the FM-receiver in the phone : > basic
pinterest.com/UnderCodeOfficial
π¦ ππΌππ πππΈβπ :
1) Hacking computers is carried out using mobile phones. In this case, you do not need to connect either a phone or a PC to any modern wireless connection. However, there is one condition: the computer from which the data will be received must be infected with a certain code.
2) AirHopper receives data from the radiation of a computer monitor and from keystrokes on the keyboard. In this case, a receiver operating in the FM band is used, reports tomsguide.com.
3) Some technical details of the research work have already been posted on the Ben Gurion University website, but basic information has not yet been disclosed. AirHopper has an effective range of up to 7 meters, and the walls are not an obstacle for him (since he receives FM radio signals).
4) βA large number of mobile phones currently have FM receivers. With appropriate malware, using electromagnetic radiation, radio signals can be received by a computer. This combination of a PC with a mobile receiver creates a potentially hidden channel that is not controlled by conventional security equipment, βsays one of the developers of AirHopper.
5) the computer and smartphones are not connected to a wired or wireless network. One phone is just a few meters from the monitor, and the second is in another room. The text typed on the computer is simultaneously displayed on the monitor and on the screens of two phones.
written by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Pinterest
UndercOde (UNDERCODEOFFICIAL) on Pinterest
UndercOde | πππππ£βπ ππ πππ€π₯πππ βπ ππ‘πππͺ:
Programming, Web & Applications makers, Host, bugs fix, Satellite Reicivers Programming..
Started Since 2011
Programming, Web & Applications makers, Host, bugs fix, Satellite Reicivers Programming..
Started Since 2011
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ What to do if my Home pc is hacked ?
instagram.com/UnderCodeTestingCompany
π¦ ππΌππ πππΈβπ :
1) preventing further spread of the threat (isolation of a compromised device, cleaning, full system recovery from a trusted backup, etc.);
2) identifying methods of penetration / infection and eliminating them (examining an exident, installing security updates, refusing to use vulnerable software and network equipment, using intrusion prevention and detection systems, installing anti-virus software, changing the organizationβs information security policy, etc.);
3) assessment and elimination of the consequences of hacking (determination of information that fell as a result of hacking into the hands of attackers, change of credentials, CDN recovery, warning users about the need to change passwords, etc.)
written by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ What to do if my Home pc is hacked ?
instagram.com/UnderCodeTestingCompany
π¦ ππΌππ πππΈβπ :
1) preventing further spread of the threat (isolation of a compromised device, cleaning, full system recovery from a trusted backup, etc.);
2) identifying methods of penetration / infection and eliminating them (examining an exident, installing security updates, refusing to use vulnerable software and network equipment, using intrusion prevention and detection systems, installing anti-virus software, changing the organizationβs information security policy, etc.);
3) assessment and elimination of the consequences of hacking (determination of information that fell as a result of hacking into the hands of attackers, change of credentials, CDN recovery, warning users about the need to change passwords, etc.)
written by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How to Know if my home pc is Hacked
twitter.com/UnderCodeTC
π¦ ππΌππ πππΈβπ :
> Signs indicating that the computer has been compromised (Indicators of Compromise) hacked, can be:
1) the appearance on the computer of malicious files (viruses, backdoors, trojans, kilograms, cryptors, miners, etc.), as well as hacking tools (for network research, exploiting vulnerabilities, collecting credentials, etc.);
2) the appearance of unauthorized new executable and other files, even if they are not detected by antivirus software as malicious;
unauthorized network activity (connecting to remote hosts, opening unknown ports to listen on ports, or programs that should not do this, etc.);
3) abnormal activity on disk devices and increased consumption of system resources (due to disk searches, file encryption, using computer resources for an attacker to perform calculations or store and disseminate data, etc.)
4) and other signs, both visible "by eye" and requiring the use of specialized software to identify.
written by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How to Know if my home pc is Hacked
twitter.com/UnderCodeTC
π¦ ππΌππ πππΈβπ :
> Signs indicating that the computer has been compromised (Indicators of Compromise) hacked, can be:
1) the appearance on the computer of malicious files (viruses, backdoors, trojans, kilograms, cryptors, miners, etc.), as well as hacking tools (for network research, exploiting vulnerabilities, collecting credentials, etc.);
2) the appearance of unauthorized new executable and other files, even if they are not detected by antivirus software as malicious;
unauthorized network activity (connecting to remote hosts, opening unknown ports to listen on ports, or programs that should not do this, etc.);
3) abnormal activity on disk devices and increased consumption of system resources (due to disk searches, file encryption, using computer resources for an attacker to perform calculations or store and disseminate data, etc.)
4) and other signs, both visible "by eye" and requiring the use of specialized software to identify.
written by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ What is a spyware program?+ protection from it :
Spyware is a type of malware whose presence on the system is almost invisible to the user and often undetectable. Such a program collects information about the search history, habits and preferences of the user - or his sensitive data (for example, bank card data) and without the user's knowledge sends the collected information to remote servers belonging to the attackers. Keyloggers are a special kind of spyware that can track keystrokes on a user's keyboard.
π¦ How spyware infiltrates a user's device :
Spyware most often penetrates the victimβs computer along with programs or files downloaded from file-sharing sites (for example, providing free movies or music for downloading), or by downloading a file attached to an unsolicited email message. mail. As a rule, most users are not even aware of the penetration of spyware onto a computer.
π¦ How to recognize spyware
The presence of spyware is often accompanied by the appearance of new and / or unknown icons in the taskbar at the bottom of the screen, as well as the execution of search queries by a different search provider than the default setting. From time to time, error messages may appear when performing operations previously performed without difficulty.
π¦ How to suspend spyware
Modern antivirus software, as a rule, even in the basic version contains an anti-spyware protection component and is able to detect and remove spyware. You can also check the list of installed programs for unknown and / or not installed by you.
π¦ How to protect yourself from spyware
>Make sure you install the latest security updates for your browser, operating system, and third-party programs.
>Activate a higher level of security policy for your browser.
Be especially vigilant when downloading files from file hosting services.
>Do not click on pop-up messages of an advertising nature.
> install any anti-virus software
written by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ What is a spyware program?+ protection from it :
Spyware is a type of malware whose presence on the system is almost invisible to the user and often undetectable. Such a program collects information about the search history, habits and preferences of the user - or his sensitive data (for example, bank card data) and without the user's knowledge sends the collected information to remote servers belonging to the attackers. Keyloggers are a special kind of spyware that can track keystrokes on a user's keyboard.
π¦ How spyware infiltrates a user's device :
Spyware most often penetrates the victimβs computer along with programs or files downloaded from file-sharing sites (for example, providing free movies or music for downloading), or by downloading a file attached to an unsolicited email message. mail. As a rule, most users are not even aware of the penetration of spyware onto a computer.
π¦ How to recognize spyware
The presence of spyware is often accompanied by the appearance of new and / or unknown icons in the taskbar at the bottom of the screen, as well as the execution of search queries by a different search provider than the default setting. From time to time, error messages may appear when performing operations previously performed without difficulty.
π¦ How to suspend spyware
Modern antivirus software, as a rule, even in the basic version contains an anti-spyware protection component and is able to detect and remove spyware. You can also check the list of installed programs for unknown and / or not installed by you.
π¦ How to protect yourself from spyware
>Make sure you install the latest security updates for your browser, operating system, and third-party programs.
>Activate a higher level of security policy for your browser.
Be especially vigilant when downloading files from file hosting services.
>Do not click on pop-up messages of an advertising nature.
> install any anti-virus software
written by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦UNLIMITED HACKING-PROGRAMMING TIPS ARE POSTED HERE. BUT STILL WONDERING WHAT MOST LANGUAGE PROGRAMMING DESIGNED FOR HACKING SPECIALLY ?
Anonymous Poll
22%
JAVA-JAVASCRIPT?
22%
C,C++ ?
72%
PYTHON ?
UNDERCODE COMMUNITY
π¦UNLIMITED HACKING-PROGRAMMING TIPS ARE POSTED HERE. BUT STILL WONDERING WHAT MOST LANGUAGE PROGRAMMING DESIGNED FOR HACKING SPECIALLY ?
84% right, python is most usuable by hackers because its easy, but without C no python, python is made by Cπ€π
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Set up a large-capacity Web-based Email system full tutorial by UnderCode :
pinterest.com/UnderCodeOfficial
π¦ ππΌππ πππΈβπ :
> An Email system can be divided into server-side and client-side. The Email system of the Web interface puts the Email client on the Web server-side, so what the Email system needs to implement is an Email client of the Web interface. However, because this Email system requires a large number of users, there are specific requirements for the Email server.
γγβ operating system and user databases
1) by providing high-capacity Email System requirements for the operating system and the database is very high, therefore, select the appropriate operating system and the database is the most basic question.
2) Because of the high stability and performance required to provide web and email services, unix is ββgenerally used as the server operating system. For example, hotmail uses freebsd and solaris, and domestic sites such as 163 also use the bsd series.
3) However, Unix's standard email system is also unsuitable for such large capacity services. Some Unix systems, such as the current version of Linux, have only 16-bit user IDs, so the number of users can only be up to 64k, even if the Unix system itself supports 32-bit user IDs. Considering performance factors, the number of users supported by a single server Do not exceed 100,000. In order to support scalability for more users, multiple servers are generally used to provide services at the same time. Although standard Unix users can still be used as email users at this time, non-Unix systems are generally used in consideration of security, performance, and manageability.
4) Users come as email users. The storage of user data is usually in the form of a database that supports network access. Commonly used are ldap, standard databases, and user databases implemented by the email system itself. Among them, ldap is the standard for providing directory services, so it should be the best choice. Its commonly used open source implementation is openldap; while the standard database is easy to implement and highly scalable, and the most commonly used on the Internet is mysql. ; In addition, there are other ways to achieve.
γγ
β save messages
1) for bulk Email system, the most critical technical issue is how to handle mail storage, the manner in which to improve storage efficiency, we will determine the success of Email system or not.
2) Due to the large number of users, how to save users' emails is a very important issue. Traditional Unix uses a single directory to store mail for all users, which greatly reduces the performance of the file system when there are a large number of users.
3) Only by using multi-level directories and a limited number of files in each directory, can we reduce the system consumption when opening files, or no longer use simple files to save emails, but use a certain form of packaging. The database is completely used to save emails. Because users' email operations are mostly file operations, and the size changes greatly, it will cause a large waste of performance and storage space.
4) Due to the huge number of users and the need to be accessed by multiple servers at the same time, a server or server cluster with a large storage space must be used for storage. The storage space is shared through Fibre Channel or the network file system NFS, so that each user's mail storage The path is consistent for each server. Fibre Channel is a very expensive solution. It is more common to use NFS. You can use a dedicated NFS server, such as NetApp, or a PC Unix server with RAID capabilities.
π¦ Set up a large-capacity Web-based Email system full tutorial by UnderCode :
pinterest.com/UnderCodeOfficial
π¦ ππΌππ πππΈβπ :
> An Email system can be divided into server-side and client-side. The Email system of the Web interface puts the Email client on the Web server-side, so what the Email system needs to implement is an Email client of the Web interface. However, because this Email system requires a large number of users, there are specific requirements for the Email server.
γγβ operating system and user databases
1) by providing high-capacity Email System requirements for the operating system and the database is very high, therefore, select the appropriate operating system and the database is the most basic question.
2) Because of the high stability and performance required to provide web and email services, unix is ββgenerally used as the server operating system. For example, hotmail uses freebsd and solaris, and domestic sites such as 163 also use the bsd series.
3) However, Unix's standard email system is also unsuitable for such large capacity services. Some Unix systems, such as the current version of Linux, have only 16-bit user IDs, so the number of users can only be up to 64k, even if the Unix system itself supports 32-bit user IDs. Considering performance factors, the number of users supported by a single server Do not exceed 100,000. In order to support scalability for more users, multiple servers are generally used to provide services at the same time. Although standard Unix users can still be used as email users at this time, non-Unix systems are generally used in consideration of security, performance, and manageability.
4) Users come as email users. The storage of user data is usually in the form of a database that supports network access. Commonly used are ldap, standard databases, and user databases implemented by the email system itself. Among them, ldap is the standard for providing directory services, so it should be the best choice. Its commonly used open source implementation is openldap; while the standard database is easy to implement and highly scalable, and the most commonly used on the Internet is mysql. ; In addition, there are other ways to achieve.
γγ
β save messages
1) for bulk Email system, the most critical technical issue is how to handle mail storage, the manner in which to improve storage efficiency, we will determine the success of Email system or not.
2) Due to the large number of users, how to save users' emails is a very important issue. Traditional Unix uses a single directory to store mail for all users, which greatly reduces the performance of the file system when there are a large number of users.
3) Only by using multi-level directories and a limited number of files in each directory, can we reduce the system consumption when opening files, or no longer use simple files to save emails, but use a certain form of packaging. The database is completely used to save emails. Because users' email operations are mostly file operations, and the size changes greatly, it will cause a large waste of performance and storage space.
4) Due to the huge number of users and the need to be accessed by multiple servers at the same time, a server or server cluster with a large storage space must be used for storage. The storage space is shared through Fibre Channel or the network file system NFS, so that each user's mail storage The path is consistent for each server. Fibre Channel is a very expensive solution. It is more common to use NFS. You can use a dedicated NFS server, such as NetApp, or a PC Unix server with RAID capabilities.
Pinterest
UndercOde (UNDERCODEOFFICIAL) on Pinterest
UndercOde | πππππ£βπ ππ πππ€π₯πππ βπ ππ‘πππͺ:
Programming, Web & Applications makers, Host, bugs fix, Satellite Reicivers Programming..
Started Since 2011
Programming, Web & Applications makers, Host, bugs fix, Satellite Reicivers Programming..
Started Since 2011
5) When using NFS shared storage space, you must pay attention to a very important issue: Because NFS lacks a file locking mechanism, when using the traditional user mail storage format mailbox, all mails are stored in the same file, so mail is sent. The operation must be locked to ensure that there are no access conflicts, which makes it unsuitable for NFS storage. In order to solve this problem, qmail proposes the Maildir storage method. Each mail is stored as a separate file in the user's personal mail directory, which avoids locking. Therefore, common free mail servers generally use the Maildir method to store user mail.
6) If you do not plan to use a shared file system to store user mail, and you want to allow each server to access only user mail on its own hard disk storage space, then both the Email server and the client need to be customized so that they can pass the user name Come to find the real server to which the user belongs, and hand over the access task to this server to complete. The disadvantages of this method are that in addition to the large changes required and the complex system structure, the server is divided by users, which is not conducive to load sharing.
6) If you do not plan to use a shared file system to store user mail, and you want to allow each server to access only user mail on its own hard disk storage space, then both the Email server and the client need to be customized so that they can pass the user name Come to find the real server to which the user belongs, and hand over the access task to this server to complete. The disadvantages of this method are that in addition to the large changes required and the complex system structure, the server is divided by users, which is not conducive to load sharing.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦PART 2- Set up a large-capacity Web-based Email system full tutorial by UnderCode :
pinterest.com/UnderCodeOfficial
β Web client
1) what kind of script to use Web Email client program is not standard, but if the use of open source will save a lot of trouble.
2) Web Interface Another important part of the Email system is the Web client. This part will function like OutLook in a personal computer and is responsible for providing users with the ability to access their own mail. Because Web access itself is connectionless, user security must be guaranteed. Basically, security can be guaranteed by the session ID, temporary directory established after login, and verification in the program.
3) The Web client must access the server in a unified way. It can obtain the user's mail through direct file access, or through standard protocols such as POP3 and IMAP. For a system that uses a network file system to share user mail, the direct file access method is the most direct and convenient, and does not require additional consumption. The direct benefit of accessing the server through the POP3 and IMAP protocols is that the Web client is separated from the Email server, which improves system security.
β load balancing
1) Load balancing system will be a long-term problem, which determines the scalability of the system.
2) Because it needs to provide access to a large number of users, a single server cannot meet this need, and a multi-server approach must be used.
3) In addition to partitioning according to functionality, such as the separation of Web server, Email server, and file server, it is also necessary to use multiple servers for load balancing for some resource-constrained services. Although some current commercial manufacturers have also proposed some server cluster solutions, the common simple and effective methods are DNS cycle analysis, Web server relocation, and NAT load balancing.
4) DNS round-robin resolution is to assign multiple IP addresses to the same name. It is used on quite large sites such as Yahoo and the actual results are quite good. Web server relocation is a process in which the web server randomly generates real page URLs on different servers, so that different browsers load pages on different servers. Using it can only achieve load balancing for web clients. And NAT load balancing uses the fourth layer switch to make the same request to different servers. In addition to expensive switches, there are some software that can complete the NAT function. I have changed the FreeBSD natd to support load balancing, which is also an option for users who have to reduce performance requirements due to switch price issues.
γγβ case study
1) there are many domestic Web Email system, Netease, 21CN and Sina Email is one of the representatives.
2) Currently, the most popular Web interface Email system in rusia/leb is NetEase's system. It is a system that uses qmail as the basic server software and then changes it. It uses the NFS network file system as the user's mail storage space, uses Maildir as the mail storage format, and provides multi-level directories to support a large number of users. The Web client is implemented for them, and provides services to users by directly accessing users' emails.
Written by UnderCode
γβ β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦PART 2- Set up a large-capacity Web-based Email system full tutorial by UnderCode :
pinterest.com/UnderCodeOfficial
β Web client
1) what kind of script to use Web Email client program is not standard, but if the use of open source will save a lot of trouble.
2) Web Interface Another important part of the Email system is the Web client. This part will function like OutLook in a personal computer and is responsible for providing users with the ability to access their own mail. Because Web access itself is connectionless, user security must be guaranteed. Basically, security can be guaranteed by the session ID, temporary directory established after login, and verification in the program.
3) The Web client must access the server in a unified way. It can obtain the user's mail through direct file access, or through standard protocols such as POP3 and IMAP. For a system that uses a network file system to share user mail, the direct file access method is the most direct and convenient, and does not require additional consumption. The direct benefit of accessing the server through the POP3 and IMAP protocols is that the Web client is separated from the Email server, which improves system security.
β load balancing
1) Load balancing system will be a long-term problem, which determines the scalability of the system.
2) Because it needs to provide access to a large number of users, a single server cannot meet this need, and a multi-server approach must be used.
3) In addition to partitioning according to functionality, such as the separation of Web server, Email server, and file server, it is also necessary to use multiple servers for load balancing for some resource-constrained services. Although some current commercial manufacturers have also proposed some server cluster solutions, the common simple and effective methods are DNS cycle analysis, Web server relocation, and NAT load balancing.
4) DNS round-robin resolution is to assign multiple IP addresses to the same name. It is used on quite large sites such as Yahoo and the actual results are quite good. Web server relocation is a process in which the web server randomly generates real page URLs on different servers, so that different browsers load pages on different servers. Using it can only achieve load balancing for web clients. And NAT load balancing uses the fourth layer switch to make the same request to different servers. In addition to expensive switches, there are some software that can complete the NAT function. I have changed the FreeBSD natd to support load balancing, which is also an option for users who have to reduce performance requirements due to switch price issues.
γγβ case study
1) there are many domestic Web Email system, Netease, 21CN and Sina Email is one of the representatives.
2) Currently, the most popular Web interface Email system in rusia/leb is NetEase's system. It is a system that uses qmail as the basic server software and then changes it. It uses the NFS network file system as the user's mail storage space, uses Maildir as the mail storage format, and provides multi-level directories to support a large number of users. The Web client is implemented for them, and provides services to users by directly accessing users' emails.
Written by UnderCode
γβ β β ο½ππ»βΊπ«Δπ¬πβ β β β
Pinterest
UndercOde (UNDERCODEOFFICIAL) on Pinterest
UndercOde | πππππ£βπ ππ πππ€π₯πππ βπ ππ‘πππͺ:
Programming, Web & Applications makers, Host, bugs fix, Satellite Reicivers Programming..
Started Since 2011
Programming, Web & Applications makers, Host, bugs fix, Satellite Reicivers Programming..
Started Since 2011