小型站点遭到DDOS/CC攻击处理方案

现在小型站点如果遭到DDOS攻击,就会面临服务器被服务商挂起的情况,这样的挂起情况会严重的影响SEO心情和站长的心情。所以我们需要避免这样的情况发生。

通常我们使用的云主机(主要指阿里云)可能会有一定的硬防或者软防,比如阿里云的主机自带了5G的DDOS防御,但假如超过这个量,还是无法避免的进入黑洞,挂起云主机或者服务器。

因为我的域名购买时就已经被拉入备案黑名单了,所以基于无法备案/考虑整体速度的情况下,我选择做多节点+故障监控(如cloudxns监控功能)这样如果A主机受到DDOS攻击则会自动切换到B主机节点,而这里的B主机节点,强烈建议使用硬防(比如OVH的部分服务器就提供了基本打不死的硬防,但海外硬防的访问速度通常都很糟糕)这样你A主机被打死之后,监控切换DDOS攻击到B主机的硬防扛,这样就能抗住普通的DDOS攻击。

但是仅仅如此还不够,大部分攻击除了DDOS也会给你赠送CC攻击(比如HTTP代理攻击)的流量包,这样你的硬防是不会起到效果的,因为CC攻击通常只会是你的 nginx/apache 等宕掉,而不会导致你的主机宕机,这样的情况监控就不会自动切换节点,硬防也相当于不起作用了。遇到这样的情况我们通常可以选择两种方案:

1:选择CDN过滤CC(http)攻击,比较常见的有百度云加速,还有国外的Cloudflare,因为百度云和cloudflare有合作,国内用户选择百度云加速也可以有效的扛住部分攻击。
2: 选择软防,比如通过nginx自带的lua模块,或者比较常见的安全狗,云锁等安全软件也可以防住部分小型CC攻击。

通过上面的软硬防御结合+多节点主机+监控动态切换其实就可以实现已较低成本防御部分常见攻击情况了。

LNMP1.4:解除禁止跨目录

因为cache文件在目录外,而lnmp1.4版本禁止了跨目录,所以首先进入网站目录解锁:
chattr -i .user.ini
然后删除这个文件
rm -rf .user.ini

森海老旗舰 IE80

自从入了 fiio X5 后,就想入个塞子,IE80作为森海老旗舰音质应该不用说了,三瓶均衡不过传说这款塞子需要煲鸡300小时以上,才能发挥出来… 剁手自京东自营全球购。

WechatIMG1

WechatIMG2

国砖 FIIO X5 III

据说HIFI穷三代… 入门级国砖,剁手自京东,买的时候看了一下评论,普遍是掉电快,系统卡,不过声音没毛病就都好说,上一代X5给我留下了比较好的印象,这一代的设计比上一代好太多了,很久没关注这一块,所以昨天无意中发现便下了单,第二天到货,手上只有IM70搭配,官方自带套套的很是难看,听网易假无损,主观感觉声音还不错的,对的起这个价位。

WechatIMG4

WechatIMG2

WechatIMG7

WechatIMG6

十年

一个人能有几个十年,而十年又能有几个人。

LNMP:Nginx 平滑升级 tengine

安装 tengine 备份nginx配置文件:

wget -c http://tengine.taobao.org/download/tengine-2.2.0.tar.gz
tar zxvf tengine-2.2.0.tar.gz
cd tengine-2.2.0
./configure
make
mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.old
cp -r objs/nginx /usr/local/nginx/sbin/nginx

vim /usr/local/nginx/conf/nginx.conf

删除如下代码:

location /status {

stub_status on;

access_log off;

}

检测是否正常:

/usr/local/nginx/sbin/nginx -t

提示“the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
configuration file /usr/local/nginx/conf/nginx.conf test is successful”为正常

重启nginx:

kill -USR2 `cat /usr/local/nginx/logs/nginx.pid`
kill -QUIT `cat /usr/local/nginx/logs/nginx.pid.oldbin`
/etc/init.d/nginx stop
/etc/init.d/nginx start

查看nginx版本:

/usr/local/nginx/sbin/nginx -v

MAC:终端快速链接远程主机技巧

创建配置文件:
sudo vi ~/.ssh/config

写入:

Host *
ControlMaster auto
ControlPath ~/.ssh/%h-%p-%r
ControlPersist yes

# 服务器1
Host vps
HostName IP地址
Port 端口
User 用户名

保存后打开终端:
ssh vps
链接一次后,短期第二次免密码链接。
原理很简单,开一个ssh连接在后台放着,以后再有需要用到ssh到同样主机的时候,直接使用这个连接的socket文件,不用再创建连接了,同理,也不需要再进行用户身份验证。

directadmin.conf 丢失解决方案

操作不慎导致 directadmin.conf 丢失,
google了一下看到了directadmin.conf在 /usr/local/directadmin/data/templates/ 存在副本,
随后将/usr/local/directadmin/data/templates/directadmin.conf 内容复制到 /usr/local/directadmin/conf/directadmin.conf 下,稍微修改NS和HOSTNAME即可
重启DA就恢复了。

DirectAdmin modsecurity 解决WordPress后台暴力扫描问题

cd /usr/local/directadmin/custombuild
./build update
./build set modsecurity yes
./build set modsecurity_ruleset comodo
./build modsecurity

vi /usr/local/cwaf/tmp/rules/workdir1/rules


SecAction phase:2,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:5000134  
<Locationmatch “/wp-login.php”>  
    # Setup brute force detection.  
    # React if block flag has been set.  
    SecRule user:bf_block “@gt 0” “deny,status:401,log,id:5000135,msg:’ip address blocked for 5 minutes, more than 10 login attempts in 3 minutes.'”  
    # Setup tracking. On a successful login, a 302 redirect is performed, a 200 indicates login failed.  
    SecRule RESPONSE_STATUS “^302” “phase:5,t:none,nolog,pass,setvar:ip.bf_counter=0,id:5000136”  
    SecRule RESPONSE_STATUS “^200” “phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/180,id:5000137”  
    SecRule ip:bf_counter “@gt 10” “t:none,setvar:user.bf_block=1,expirevar:user.bf_block=300,setvar:ip.bf_counter=0”  
</locationmatch>  
  
SecAction phase:2,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:5000234  
<Locationmatch “/xmlrpc.php”>  
    # Rate limit requests to xml-rpc  
    SecRule user:bf_block “@gt 0” “deny,status:401,log,id:5000235,msg:’ip address blocked for 5 minutes, more than 10 attempts in 3 minutes.'”  
    # Setup tracking. Whenever it gets a 200 or 405 status code, increase our brute force counter.  
    SecRule RESPONSE_STATUS “^(200|405)” “phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/180,id:5000237”  
    SecRule ip:bf_counter “@gt 10” “t:none,setvar:user.bf_block=1,expirevar:user.bf_block=300,setvar:ip.bf_counter=0”  
</Locationmatch>  

DirectAdmin CustomBuild 2.0

升级 Custombuild 2.0 升级

cd /usr/local/directadmin mv custombuild custombuild_1.x wget -O
custombuild.tar.gz
http://files.directadmin.com/services/custombuild/2.0/custombuild.tar.gz
tar xvzf custombuild.tar.gz cd custombuild ./build

大家可以直接进入DA后台插件目录,直接通过连接安装,或者是下载到本地然后上传到DA插件目录里面。 插件下载地址:http://www.custombuild.eu/plugin/custombuild.tar.gz

Linux iptables & CC

查看所有80端口的连接数

netstat -nat|grep -i “80”|wc -l

对连接的IP按连接数量进行排序

netstat -anp | grep ‘tcp|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n
netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n
netstat -ntu | awk ‘{print $5}’ | egrep -o “[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}” | sort | uniq -c | sort -nr

查看TCP连接状态

netstat -nat |awk ‘{print $6}’|sort|uniq -c|sort -rn
netstat -n | awk ‘/^tcp/ {print $NF}’|sort|uniq -c|sort -rn
netstat -n | awk ‘/^tcp/ {++S[$NF]};END {for(a in S) print a, S[a]}’
netstat -n | awk ‘/^tcp/ {++state[$NF]}; END {for(key in state) print key,”\t”,state[key]}’
netstat -n | awk ‘/^tcp/ {++arr[$NF]};END {for(k in arr) print k,”\t”,arr[k]}’
netstat -ant | awk ‘{print $NF}’ | grep -v ‘[a-z]’ | sort | uniq -c

查看80端口连接数最多的20个IP

cat /www/web_logs/waitalone.cn_access.log|awk ‘{print $1}’|sort|uniq -c|sort -nr|head -100
tail -n 10000 /www/web_logs/waitalone.cn_access.log|awk ‘{print $1}’|sort|uniq -c|sort -nr|head -100
cat /www/web_logs/waitalone.cn_access.log|awk ‘{print $1}’|sort|uniq -c|sort -nr|head -100
netstat -anlp|grep 80|grep tcp|awk ‘{print $5}’|awk -F: ‘{print $1}’|sort|uniq -c|sort -nr|head -n20
netstat -ant |awk ‘/:80/{split($5,ip,”:”);++A[ip[1]]}END{for(i in A) print A,i}’ |sort -rn|head -n20

用tcpdump嗅探80端口的访问看看谁最高

tcpdump -i eth0 -tnn dst port 80 -c 1000 | awk -F”.” ‘{print $1″.”$2″.”$3″.”$4}’ | sort | uniq -c | sort -nr |head -20

查找较多time_wait连接

netstat -n|grep TIME_WAIT|awk ‘{print $5}’|sort|uniq -c|sort -rn|head -n20

查找较多的SYN连接

netstat -an | grep SYN | awk ‘{print $5}’ | awk -F: ‘{print $1}’ | sort | uniq -c | sort -nr | more

linux下实用iptables封ip段的一些常见命令:

封单个IP的命令是:

iptables -I INPUT -s 211.1.0.0 -j DROP

封IP段的命令是:

iptables -I INPUT -s 211.1.0.0/16 -j DROP
iptables -I INPUT -s 211.2.0.0/16 -j DROP
iptables -I INPUT -s 211.3.0.0/16 -j DROP

封整个段的命令是:

iptables -I INPUT -s 211.0.0.0/8 -j DROP

封几个段的命令是:

iptables -I INPUT -s 61.37.80.0/24 -j DROP
iptables -I INPUT -s 61.37.81.0/24 -j DROP
想在服务器启动自运行的话有三个方法:
1、把它加到/etc/rc.local中
2、iptables-save >/etc/sysconfig/iptables可以把你当前的iptables规则放到/etc/sysconfig/iptables中,系统启动iptables时自动执行。
3、service iptables save 也可以把你当前的iptables规则放/etc/sysconfig/iptables中,系统启动iptables时#自动执行。
后两种更好此,一般iptables服务会在network服务之前启来,更安全。

解封的话:

iptables -D INPUT -s IP地址 -j REJECT
iptables -F #全清掉了

WHMCS autocancel_invoices_of_terminated_products

vim includes/hooks/autocancel_invoices_of_terminated_products.php

<?php

function hook_autocancel_invoices_of_terminated_products() {
$query = mysql_query(‘SELECT id FROM tblinvoices WHERE status=\’Unpaid\’ AND id IN (SELECT invoiceid FROM
tblinvoiceitems WHERE relid IN (SELECT id FROM tblhosting
WHERE domainstatus=\’Terminated\’));’);
$message = ‘
Invoices Canceled List :

‘;
while ($result = mysql_fetch_array($query)) {
$message .= ‘Invoice ID : ‘ . $result[id] . ‘
‘;
logactivity(‘Invoice ID : ‘ . $result[id] . ‘ Cancelled Automatically By WebSoftSolus AutoCancel Invoices Of Terminated
Products Cron Job’);
}
sendadminnotification($to = ‘system’, ‘AutoCancel Invoices Cron Job Activity’, $message, $deptid = ”);
$query = ‘UPDATE tblinvoices SET status=\’Cancelled\’,notes=\’Cancelled Automatically By WebSoftSolus
AutoCancel Invoices Of Terminated Products Cron Job\’ WHERE
status=\’Unpaid\’ AND id IN (SELECT invoiceid FROM
tblinvoiceitems WHERE relid IN (SELECT id FROM tblhosting
WHERE domainstatus=\’Terminated\’));’;
mysql_query($query); } add_hook(‘DailyCronJob’, 1, ‘hook_autocancel_invoices_of_terminated_products’);

CentOS Vsftp Server

[1] 安装VSFTP

yum -y install vsftpd

[2] 配置vsftpd.conf文件

vi /etc/vsftpd/vsftpd.conf

 # Example config file /etc/vsftpd/vsftpd.conf 
# 
# The default compiled in settings are fairly paranoid. This sample file 
# loosens things up a bit, to make the ftp daemon more usable. 
# Please see vsftpd.conf.5 for all compiled in defaults. 
# 
# READ THIS: This example file is NOT an exhaustive list of vsftpd options. 
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's 
# capabilities. 
# 
# Allow anonymous FTP? (Beware - allowed by default if you comment this out). 
*#anonymous_enable=YES* 
# 
# Uncomment this to allow local users to log in. 
local_enable=YES 
# 
# Uncomment this to enable any form of FTP write command. 
write_enable=YES 
# 
# Default umask for local users is 077. You may wish to change this to 022, 
# if your users expect that (022 is used by most other ftpd's) 
local_umask=022 
# 
# Uncomment this to allow the anonymous FTP user to upload files. This only 
# has an effect if the above global write enable is activated. Also, you will 
# obviously need to create a directory writable by the FTP user. 
#anon_upload_enable=YES 
# 
# Uncomment this if you want the anonymous FTP user to be able to create 
# new directories. 
#anon_mkdir_write_enable=YES 
# 
# Activate directory messages - messages given to remote users when they 
# go into a certain directory. 
dirmessage_enable=YES 
# 
# The target log file can be vsftpd_log_file or xferlog_file. 
# This depends on setting xferlog_std_format parameter 
xferlog_enable=YES 
# 
# Make sure PORT transfer connections originate from port 20 (ftp-data). 
connect_from_port_20=YES 
# 
# If you want, you can arrange for uploaded anonymous files to be owned by 
# a different user. Note! Using "root" for uploaded files is not 
# recommended! 
#chown_uploads=YES

#chown_username=whoever 
# 
# The name of log file when xferlog_enable=YES and xferlog_std_format=YES 
# WARNING - changing this filename affects /etc/logrotate.d/vsftpd.log 
#xferlog_file=/var/log/xferlog 
# 
# Switches between logging into vsftpd_log_file and xferlog_file files. 
# NO writes to vsftpd_log_file, YES to xferlog_file 
xferlog_std_format=YES 
# 
# You may change the default value for timing out an idle session. 
*idle_session_timeout=600* 
# 
# You may change the default value for timing out a data connection. 
*data_connection_timeout=120* 
# 
# It is recommended that you define on your system a unique user which the 
# ftp server can use as a totally isolated and unprivileged user. 
#nopriv_user=ftpsecure 
# 
# Enable this and the server will recognise asynchronous ABOR requests. Not 
# recommended for security (the code is non-trivial). Not enabling it, 
# however, may confuse older FTP clients. 
#async_abor_enable=YES 
# 
# By default the server will pretend to allow ASCII mode but in fact ignore 
# the request. Turn on the below options to have the server actually do ASCII 
# mangling on files when in ASCII mode. 
# Beware that on some FTP servers, ASCII support allows a denial of service 
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd 
# predicted this attack and has always been safe, reporting the size of the 
# raw file. 
# ASCII mangling is a horrible feature of the protocol. 
*ascii_upload_enable=YES* 
*ascii_download_enable=YES* 

# 
# You may fully customise the login banner string: 
*ftpd_banner=Welcome to lightnear FTP service.* 
# 
# You may specify a file of disallowed anonymous e-mail addresses. Apparently 
# useful for combatting certain DoS attacks. 
#deny_email_enable=YES 
# (default follows) 
#banned_email_file=/etc/vsftpd/banned_emails 
# 
# You may specify an explicit list of local users to chroot() to their home 
# directory. If chroot_local_user is YES, then this list becomes a list of 
# users to NOT chroot(). 
*chroot_local_user=YES* 
#chroot_list_enable=YES 
# (default follows) 
#chroot_list_file=/etc/vsftpd/chroot_list 
# 
# You may activate the "-R" option to the builtin ls. This is disabled by 
# default to avoid remote users being able to cause excessive I/O on large 
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume 
# the presence of the "-R" option, so there is a strong case for enabling it. 
*ls_recurse_enable=YES* 
# 
# When "listen" directive is enabled, vsftpd runs in standalone mode and 
# listens on IPv4 sockets. This directive cannot be used in conjunction 
# with the listen_ipv6 directive. 
listen=YES 
# 
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6 
# sockets, you must run two copies of vsftpd with two configuration files. 
# Make sure, that one of the listen options is commented !! 
#listen_ipv6=YES

pam_service_name=vsftpd 
userlist_enable=YES 
*userlist_deny=NO* 
*local_root=/var/public_root* 
tcp_wrappers=YES
*use_localtime=YES*

[3] 增加FTP帐户

useradd cent -s /sbin/nologin
passwd cent

[4] 编辑user_list文件,允许cent用户访问FTP

vi /etc/vsftpd/user_list

# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody
*cent*

[5] 建立我们的根目录,并设置访问权限

mkdir /var/public_root
chown -R cent /var/public_root
chmod -R 755 /var/public_root

[6] 开启vsftpd服务

service vsftpd start

[7] 默认开启vsftp服务

chkconfig vsftpd on

Google Fonts 中科大镜像源

Google被尽了,360自尽了,中科大的镜像源算是目前比较好用的靠谱的

fonts.useso.com         fonts.lug.ustc.edu.cn
ajax.googleapis.com          ajax.lug.ustc.edu.cn
themes.googleusercontent.com google-themes.lug.ustc.edu.cn
fonts.gstatic.com            fonts-gstatic.lug.ustc.edu.cn

WHMCS 隐藏版权

只需在jquery.js最底部 加一行代码

$(function(){$('p:has(a[href*=whmcs])').hide()});

愿你安好

若你想放声大喊,却无声

若你想暗暗抽泣,却无泪

若你一脸的笑容,却发现泪水已划过眼角

若你感到了恐惧,却发现孤独与无助同来

只愿你能拥有像孩童般天真的笑容,却也能像孩子一样放声哭泣

愿你不再孤独无助,愿你拥有一颗争心,也愿你心中有一丝敬畏

最后,愿你安好。

间接性雄心满志,持续性萎靡不振

“间接性雄心满志,持续性萎靡不振” 总结一下这应该就是最近的状态了,偶尔的一段时间会给自己一点压力、也许还有一点紧迫感,但是一段时间过后,生活的安逸总是让你放松下来,不..准确地说是懒惰下来,没有什么比平淡的生活更能让人懒惰了。

不去想未来,也不去想过往,日复一日遵照相同的惯例度过每一天,这样的生活好像并不少见,也许你每天在街道上、过马路的时候、在咖啡厅坐下来休息的时候,在车水马龙中看到的某一些人也都有这样的生活,这样的生活也许是一种病…麻木?

我想..我真一点儿也不想加入这样的麻木人群里走着!

习惯了这样的生活,也许就会害怕突如其来的变化。

Nginx:过滤Pingback CC请求

写入 nginx.conf 过滤Pingback CC请求

if ($http_user_agent ~*
(ApacheBench|pingback|WordPress|MJ12bot|AhrefsBot|360JK|PHP|php|Jorgee)
) {return 101;} if ($http_user_agent = “” ) {return 101;} if (
$request = “POST /reg.html HTTP/1.1” ) {return 400;} if ( $request =
“POST / HTTP/1.1” ) {return 400;} if ( $request = “POST / HTTP/1.0” )
{return 400;} if ( $request = “POST // HTTP/1.0” ) {return 400;}

Linux:DDoS Deflate 防御轻量级DDCC

一、检查iptables是否在运行

service iptables status

二、安装DDoS Deflate

wget http://soft.kwx.gd/security/ddos-Deflat.sh

设置权限并运行脚本

chmod +x ddos-Deflat.sh
./ddos-Deflat.sh

三、设置DDoS Deflate
修改指定文件

vim /usr/local/ddos/ddos.conf

根据以下相关说明设置

##### Paths of the script and other files
PROGDIR=”/usr/local/ddos”
PROG=”/usr/local/ddos/ddos.sh”
IGNORE_IP_LIST=”/usr/local/ddos/ignore.ip.list” //IP白名单文件
CRON=”/etc/cron.d/ddos.cron” //定时执行
APF=”/etc/apf/apf”
IPT=”/sbin/iptables”
##### frequency in minutes for running the script
##### Caution: Every time this setting is changed, run the
script with –cron
##### option so that the new frequency takes effect
FREQ=1 //检查网络时间间隔,单位为分钟
##### How many connections define a bad IP? Indicate that below.
NO_OF_CONNECTIONS=150 //单个IP最大连接数,若超过则执行规则,默认即可
##### APF_BAN=1 (Make sure your APF version is atleast 0.96)
##### APF_BAN=0 (Uses iptables for banning ips instead of APF)
APF_BAN=10
//使用APF还是iptables。推荐使用iptables,将APF_BAN的值改为0即可。
##### KILL=0 (Bad IPs are’nt banned, good for interactive execution
of script)
##### KILL=1 (Recommended setting)
KILL=1 //是否屏蔽IP,默认即可
##### An email is sent to the following address when an IP is banned.
##### Blank would suppress sending of mails
EMAIL_TO=”root” //当IP被屏蔽时给指定邮箱发送邮件,若不使用则在前面加“#”屏蔽
##### Number of seconds the banned ip should remain in blacklist.
BAN_PERIOD=600 //禁用IP时间,默认600秒

旧朋友 – 黄凯芹

一首《旧朋友》是香港歌手黄凯芹演唱的一首歌曲,翻唱自陈升的《把悲伤留给自己》,粤语唱出来的感觉倒是别有一番风味。

MAC OS: Homebrew 使用 Wget

Homebrew 使 OS X 更完美。使用 gem 来安装 gems、用 brew 来搞定那些依赖包。

获取 Homebrew :打开终端输入以下命令
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

获取 Wget :
$ brew update # optional
$ brew install wget

LNMP:快速搬迁方案

备份LNMP操作:

killall nginx
service mysql stop
tar zcvf /home/wwwroot/wwwroot.tar.gz /home/wwwroot
tar zcvf /home/wwwroot/nginx.tar.gz /usr/local/nginx/conf
tar zcvf /home/wwwroot/mysql.tar.gz /usr/local/mysql/var
/usr/local/nginx/sbin/nginx
service mysql start

运行以上命令后,会在wwwroot目录下生成3个备份文件。wwwroot.tar.gz对应网站文件,nginx.tar.gz对应nginx配置文件,mysql.tar.gz对应数据库文件。

将wwwroot.tar.gz、nginx.tar.gz、mysql.tar.gz三个文件上传到目标服务器根目录,后执行以下命令。
恢复LNMP操作:

killall nginx
service mysql stop
tar zxvf wwwroot.tar.gz
tar zxvf nginx.tar.gz
tar zxvf mysql.tar.gz
mv /usr/local/nginx/conf /usr/local/nginx/conf-bak
mv /usr/local/mysql/var /usr/local/mysql/var-bak
mv home/wwwroot /home
mv usr/local/nginx/conf /usr/local/nginx/conf
mv usr/local/mysql/var /usr/local/mysql/var
chown -R mysql /usr/local/mysql/var
chown -R www /usr/local/nginx/conf
/usr/local/nginx/sbin/nginx
service mysql start

WHMCS:6.0 优化加速/Alipay接口

以模板Six为例,打开\templates\six\css\overrides.css,注释掉:

@import url(“//fonts.useso.com/css?family=Open+Sans:400,600|Raleway:400,700”);

whmcs后台主题blend,会有一个问题,480像数宽的手机访问时页面太窄导致内容乱得一塌糊涂,所以打开\admin\templates\blend\style.css找到:

body {
background-color: #1A4D80;
}

修改为:

body {
min-width: 640px;
background-color: #1A4D80;
}

同时注释掉这一行:

@import url(“//fonts.useso.com/css?family=Open+Sans:400,600”);

支付宝接口来自@tension,亲测可用
下载:Alipay-For-WHMCS-6 双功能接口
下载:Alipay-For-WHMCS-6

directadmin:高负载dataskq解决方案

Directadmin发现有几个dataskq进程CPU占用非常高,影响了网站的正常运作。大致了解了下dataskq这个进程是一个动作响应进程,在 /etc/cron.d/directadmin_cron 任务里每分钟都会执行一次
看了日志,dataskq一直检查到named没启动,就一直尝试,导致系统负载过高,机器的named可能在升级中卸载了,修复方法如下:

yum install bind
yum install dbus-libs
yum install dbus
cd /etc/init.d
mv named named.backup
wget http://www.directadmin.com/named
chmod 755 named
/sbin/chkconfig named reset

重新启动named服务:
service named restart

这时候named肯定启动了,启动后就没有这个问题了。

关于dataskq的一些东西,日志在/var/log/directadmin/errortaskq.log
tail -n 100 /var/log/directadmin/errortaskq.log

查看这里http://help.directadmin.com/item.php?id=402

另外webalizer可能也无法启动,原因是找不到libgd.so.2库文件,解决办法如下

echo “/usr/local/lib” >> /etc/ld.so.conf
ldconfig

如果还是存在的,说明没安装gd库

yum install gd

—–

如果不使用自带的DNS解析服务可以关掉named,不提供邮件服务可以关掉dovecot

1 2 3 7