rushipkar90

cat /usr/local/apache/conf/modsec2.user.conf | grep xmlrpc
#xmlrpc
===================
SecRule REQUEST_LINE "POST .*xmlrpc.*" "pass,initcol:ip=%{REMOTE_ADDR},setvar:ip.maxlimit=+1,deprecatevar:ip.maxlimit=1/600,nolog,id:35061"
SecRule IP:MAXLIMIT "@gt 5" "log,deny,id:350611,msg:'wp-xmlrpc: denying %{REMOTE_ADDR} (%{ip.maxlimit} connection attempts)'"

#wp-bruteforce
===================
SecRule REQUEST_LINE "POST .*wp-login.*" "pass,initcol:ip=%{REMOTE_ADDR},setvar:ip.maxlimit=+1,deprecatevar:ip.maxlimit=1/600,nolog,id:35011"
SecRule IP:MAXLIMIT "@gt 10" "log,deny,id:350111,msg:'wp-bruteforce: denying %{REMOTE_ADDR} (%{ip.maxlimit} connection attempts)'"

rushipkar90

Reboot the server is rescue mode and then apply below fix.

# nvme list


- Fix for NVMe Servers
mount /dev/md3 /mnt/ 
mount /dev/md2 /mnt/boot/ 
mount /dev/nvme0n1p1 /mnt/boot/efi/ 
mount -o bind /dev /mnt/dev 

rushipkar90

Ref: https://linuxadminblogs.wordpress.com/2015/01/28/direct-admin-file-locations/

Direct Admin file locations:

———
CONF FILES /etc/httpd/conf/httpd.conf
LOG FILES /var/log/httpd/error.log
START/STOP /usr/local/etc/rc.d/httpd start/stop
Scripts /usr/local/directadmin/scripts/

rushipkar90

You may need to monitor server with the help of your server administrator and check domain access logs at the time of load spike to analyze further.

You can try this system monitoring script which records detailed logs of resource usage and process activity. Please use the following commands to install:
wget -O /root/sys-snap.pl https://raw.githubusercontent.com/cPanelTechs/SysSnapv2/master/sys-snap.pl
cd /root/ && chmod 744 sys-snap.pl && perl sys-snap.pl --start

The script connects data from the following places:
/proc/loadavg
/proc/meminfo
vmstat 1 10

rushipkar90

HOW TO INSTALL QMAIL-REMOVE ON LINUX PLESK?

Ref: http://www.datanethosting.com/kb/plesk-linux/how-to-install-qmail-remove-on-linux-plesk



First we will install Qmail-Remove on the server. Download the latest version through given below link.
Using following command

#wget http://www.linuxmagic.com/opensource/qmail/qmail-remove/qmail-remove-0.95.tar.gz

rushipkar90

How To Manage QMail Queue In Linux Plesk
Ref URL
----------------
http://geeksterminal.com/qmail-commands-logs-plesk-server/580/
https://www.24x7servermanagement.com/blog/how-to-manage-qmail-queue-in-linux-plesk/
----------------



1) To check the mail queue in plesk from command line, you can use the command :

rushipkar90

Ref Links:
=============
https://jvulinux.wordpress.com/2014/12/26/commands-to-check-spamming-in-postfix-mail-server/
https://www.cyberciti.biz/tips/howto-postfix-flush-mail-queue.html
=============


Commands to check spamming in POSTFIX mail server

1. To see the mail queue:

rushipkar90

#!/bin/bash
pprocess=`ps -ef | grep "spamemails.sh" | grep -v "grep" | wc -l`;
if [ "$pprocess"  -le 2 ]
then
{
sh /usr/local/src/newmalicious.sh >> /usr/local/src/permupdates.txt;
}
fi

rushipkar90

#/bin/bash
set -x
echo > /usr/local/src/customphpini.txt;
echo > /usr/local/src/commentphp.txt;
echo > /usr/local/src/oldextensions.txt;
echo > /usr/local/src/newextension.txt;
oldextension=`php -i | grep -w "extension_dir =" | grep -v "sqlite" | awk '{print $3}'`;
ls -la $oldextension | awk '{print $9}' | grep -v "./" | grep -v "../" | grep -v '^$' > /usr/local/src/oldextensions.txt;
thetime=`date +"%Y-%m-%d-%S"`;
php -m > /usr/local/src/modules.txt

rushipkar90

#/bin/bash
set -x
echo > /usr/local/src/customphpini.txt;
echo > /usr/local/src/commentphp.txt;
thetime=`date +"%Y-%m-%d-%S"`;
php -m > /usr/local/src/modules.txt
echo "================================" >> /usr/local/src/modules.txt
/usr/local/apache/bin/apachectl -M >> /usr/local/src/modules.txt
cp -ar /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf_$thetime;
cp -ar /usr/local/lib/php.ini /usr/local/lib/php.ini_$thetime;