03 Oct

3 Min read

Install a PowerDNS resolver on CentOS 7

3rd October 2017 Phil 2 comments

There are two versions of PowerDNS:

PowerDNS Server – used to power authoritative DNS servers
PowerDNS recursor – used to provide a resolver, typically not open to the public

Why run your own DNS?

You may want to run your own DNS resolver if you have a number of servers or a large network of computers; if you find public DNS servers or those provided by your ISP too slow; or if you want to ensure your DNS is unfiltered and not tracked.

Why PowerDNS over BIND?

Much of the decision is down to user preference and experience, both are extremely capable. I use PowerDNS as I prefer the mySQL rather than flat file back-end for authoritative use. I also find it quicker and more predictable under heavy load.

Other users prefer lighter distributions such as MaraDNS – so it’s worth looking around to see what’s best for you.

PowerDNS resolver install guide

If you need a server to try this out on, we recommend our friends at Linode.

You’ll need to enable the EPEL repository.

You can now install the PowerDNS resolver

 sudo yum install pdns-recursor

We’ll need to make a couple of changes to the configuration before we start the server

 sudo nano /etc/pdns-recursor/recursor.conf

You’ll see a line called ‘allow-from’.
Remove the # symbol from before this line.
It’s important that you add IP addresses, or IP ranges here that you want to serve recursive DNS for. By default 127.0.0.0/8 will be listed to allow the local server to use its own service, it’s safe to leave that in place.

The second line to edit is ‘local-address=’
Again, remove the # from the beginning.
You then need to add a comma-separated list of IP addresses that you want this server to listen on. This will usually just be 127.0.0.1 and the main IP of your server. eg:

local-address=127.0.0.1, 10.0.0.123

Ctrl+O to save and Ctrl+X to exit.

You can now start your server.

 sudo service pdns-recursor start

To make sure that the DNS server starts on boot, you can use

 sudo chkconfig pdns-recursor on

You can check the server is responding using the dig command.

 dig @127.0.0.1 www.netweaver.uk

If all is well, it would be advisable to set up a firewall at this point to only allow access from the IP addresses that will be using the server as an added precaution. CSF works very well.

02 Oct

3 Min read

Using ConfigServer Security & Firewall (CSF) with Virtualizor on Centos 7

2nd October 2017 Phil 0 comments

Virtualizor is an excellent control panel for managing multiple virtual servers on one or more servers. It’s released by the same people that make the popular Softaculous auto-installer software. There is a built-in firewall system, but it’s probably the weakest aspect of the whole system. I’m a big fan of CSF – provided free by Way to the Web Ltd. The configuration is straightforward yet feature packed and is constantly updated.

Virtualizor & CSF – the perfect couple

Thankfully, it’s very easy to replace the built-in firewall with CSF so that you can have the best of both worlds.

Firstly, we need to install a few CentOS packages that CSF needs.

 sudo yum install unzip perl-libwww-perl bind-utils wget nano

Install CSF

Once completed we can install CSF using the commands below:

cd /usr/src
rm -fv csf.tgz
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

Now we need to configure the firewall to our needs. This is done by editing the configuration files, I’d advise using nano.

Firstly edit the csf.allow file

 sudo nano /etc/csf/csf.allow

If you’re using a static IP, or a VPN with a static IP, add it here to ensure you maintain access. Then Ctrl + O to save and Ctrl+ X to exit.

Next, you need to edit the main configuration file

 sudo nano /etc/csf/csf.conf

There are a few options you’ll need to change for this specific use, but you may wish to look at others at a later time.

TESTING = “1” should be altered to TESTING = “0” – this makes the firewall active
TCP_IN = “….” should be altered to only have the ports you need open. eg TCP_IN = “4083,4085” – these are the two SSL ports. If you’re planning to use the LetsEncrypt! certificate feature, you’ll also need to open port 80 for that. If you don’t have a static IP you may also wish to leave SSH open for you to access, 22. As per the example in the configuration, just list the ports separated by commas.

Again, Ctrl + O to save and Ctrl+ X to exit.

Finally, we need to add an additional config file to allow CSF to work with Virtualizer.

 sudo nano /etc/csf/csfpost.sh

And add the following line:

/sbin/iptables -A FORWARD -m physdev --physdev-is-bridged -j ACCEPT

If you’re using IPv6 you’ll also need to add:

/sbin/ip6tables -A FORWARD -m physdev --physdev-is-bridged -j ACCEPT

Again, Ctrl + O to save and Ctrl+ X to exit.

Reload CSF

 sudo csf -r

And you’re good to go.

01 Oct

2 Min read

Using NetHogs to find who is using your bandwidth on CentOS 7

1st October 2017 Phil 0 comments

It’s common to run a server for multiple users, running multiple different services. Sometimes this can make it a little difficult to track down who might be causing a drain on resources. However, using NetHogs, it’s nice and easy to trace big bandwidth users.

Picture the scene, your server or VPS is running along quite happily. Suddenly you notice a significant blip in your usage.

Thoughts of hackers, angry customers, huge bandwidth bills or, even worse, the phone might ring! Don’t worry though – NetHogs to the rescue.

What is NetHogs?

NetHogs is opensource software released by Arnout Engelen and is compatible with most current Linux distributions. The author describes it as “… a small ‘net top’ tool. Instead of breaking the traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process.”

In the scenario above this is exactly what we need – which process is using all my bandwidth?

How to install

First of all, you need to ensure you have the EPEL repository enabled – if not, please follow my guide here.

Now you can install via yum with:

 sudo yum install nethogs

Next simply run the command to launch the application.

 sudo nethogs

All the active processes on our server will then be monitored, giving you a rundown of sent and received data which will update every second.

If you have multiple network connections and only want to monitor one of them, simply add its name after the command.

 sudo nethogs eth0

Whilst running, you can also use a selection of interactive controls.

q : quit
s : sort by sent traffic (i.e. outbound)
r : sort by receive traffic (i.e. inbound)
m : switch between total (KB, B, MB) and KB/s mode

Once you’ve identified the source of the problem you’ll be able to take action to resolve it – or send them a big bill, depending on what time of the night it is.

26 Sep

2 Min read

How to block libwww-perl with .htaccess

26th September 2017 Phil 0 comments

Why block libwww-perl?

Any business is concerned with their websites search engine rankings. There are a number of online tools which analyse your site and give hints as to how best to improve your results. I’ve been trying some of these out for a future article and one of them recommended blocking requests to your website with the libwww-perl user-agent. (A user-agent is where a piece of software identifies itself when accessing your website).

The logic is simple enough – botnet scripts often use libwww-perl. And botnet scripts are often looking for ways to exploit your website. Thus it makes sense to block libwww-perl. Unless you host some data on your website for other scripts to collect, you’re not likely to cause any problems for legitimate visitors.

How can I block it?

You need to edit a special file called ‘.htaccess’. This file can usually be found in the root directory of your website – especially if you’ve already installed software such as WordPress or Joomla.

First, you need to make sure the following line already exists in the .htaccess file, if it doesn’t, add it:

RewriteEngine On

Then add these lines below it:

RewriteCond %{HTTP_USER_AGENT} libwww-perl.* 
RewriteRule .* ?

When someone (or, more accurately, somebot) tries to access your site with libwww-perl now, they will get a 403 Forbidden error.

cPanel Instructions

Log into cPanel and find the ‘File Manager’ option.

If you’ve not used File Manager before, once you’re on the File Manager page you’ll need to click the ‘Settings’ option and put a tick next to ‘Show Hidden Files’, then save.

file manager settings

Now go into the ‘public_html’ directory and you may see a file called ‘.htaccess’. If you do, click it then click ‘Edit’.

edit .htaccess

Add the following two lines below the ‘RewriteEngine On’ line, then save the file.

RewriteCond %{HTTP_USER_AGENT} libwww-perl.* 
RewriteRule .* ?

If you don’t already have a .htaccess file, from inside public_html click the ‘+ File’ button and type: .htaccess

Then add the following three lines and save the file.

RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} libwww-perl.* 
RewriteRule .* ?

You can now exit file manager and you’ve got this additional protection in place.

26 Sep

2 Min read

How to set PHP timezone

26th September 2017 Phil 0 comments

Why do I need to set the PHP timezone?

Most commonly used PHP scripts allow you to set the timezone as one of their settings. WordPress, for example, has a drop-down list within the Settings > General menu. However, this isn’t always the case. To ensure that the time on your scripts matches your local time, you can configure a default timezone in your php.ini file.

cPanel MultiPHP

If you’re using EasyApache4 on a cPanel server, log into WHM and visit the ‘MultiPHP INI Editor’ option.

Select ‘Editor Mode’ and then the PHP version you’re using from the dropdown list.

Scroll down to the ‘Module Settings’ section and you’ll see the option.

Remove any preceding ; before the ‘date.timezone’ setting and then add your locale. There’s a list of available options here.

In our case the line now looks like this:

date.timezone = "Europe/London"

Click to save and you are done. Depending on your webserver configuration, you may need to restart it for the change to take effect.

CentOS 7 without cPanel

When Apache and PHP are installed via yum the php.ini file is found in the /etc/ directory.

Using your favourite editor (I’m a big nano fan) open up /etc/php.ini

 sudo nano /etc/php.ini

Search for the ‘data.timezone’ directive – ctrl+w on nano

Not just remove the ; and add the locale of your choice (list here) leaving a line looking like this:

date.timezone = "Europe/London"

Save the file then restart apache and you’re done.

25 Sep

1 Min read

How to add the EPEL repo to CentOS 7

25th September 2017 Phil 0 comments

What is EPEL repo?

Many online guides talk about the EPEL (or Extra Packages for Enterprise Linux) repository for CentOS. It allows the easy installation of additional packages through yum. These packages aren’t distributed as standard with RedHat Enterprise Linux or any of the downstream versions such a CentOS, Oracle or Scientific. Additionally, it’s easy to keep them up to date through yum.

Although based on Fedora packages, the packages will never replace those which are standard in CentOS.

If you need a server to try this out on, we recommend our friends at Linode.

How can I install the repo?

 sudo yum install epel-release

I want to know more

There are more details on the official Fedora Project EPEL page.

23 Aug

2 Min read

Adding a hard drive in CentOS 7

23rd August 2017 Phil 6 comments

Whether installing a new physical hard drive to a server or adding an additional disk to your cloud server or VPS, you’ll need to configure CentOS to be able to use it.

If you’d prefer a managed server, with the power of a VPS – check out our web hosting.

We’re going to assume the drive is connected, so first of all, we need to find it.

First of all, we need to know the naming convention your server is using for drives, and we can find this with the ‘df’ command.

 df
Filesystem     1K-blocks    Used Available Use% Mounted on
/dev/vda2       24733776 2521604  20942668  11% /
/dev/vda1        1007512  203260    751824  22% /boot

The two lines above show that this particular server is using the vd* notation, but sd* is also used. Here the primary drive, vda, has two partitions – vda1 and vda2.

We can now use the following command to find other disks:

 ls -1 /dev/d
/dev/vda
/dev/vdb

We can see both our original disk, vda, and the new disk vdb. Now to create a filesystem the new disk with the ‘mkfs.ext4’ utility.

 sudo mkfs.ext4 /dev/vdb

This will just take a few seconds.

To use the new disk we now need to mount it. When you’ve decided where you want to mount the disk, first create that folder on your server. We’re going to use ‘home2’ for our disk.

 sudo mkdir /home2

We can now mount the disk to that location:

 sudo mount /dev/vdb /home2

Revisiting the df command we can now see that the new disk is mounted.

 df
Filesystem     1K-blocks    Used Available Use% Mounted on
/dev/vda2       24733776 2521604  20942668  11% /
/dev/vda1        1007512  203260    751824  22% /boot
/dev/vdb        25000000     100  24999900   1% /home2

To ensure the disk is automatically mounted when the server is rebooted, we also need to add it to fstab. Our preferred editor is ‘nano’ so we type

 sudo nano /etc/fstab

We add, to the end of the file, the line:

/dev/vdb /home2 ext4 defaults 0 0

Then CTRL + O to save and CTRL + X to exit.

The disk will now stay mounted after reboot and you can begin using it.

23 Aug

2 Min read

Install memcached with cPanel on CentOS 7 or Cloudlinux 7

23rd August 2017 Phil 4 comments

Memcached is a “Free & open source, high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load.”

It’s nice and easy to install and implement with cPanel, so long as you’re happy using SSH. As a pre-requisite you should be running the latest version of cPanel (v66 at the time of writing) and all current updates should be installed. You also need to be using EasyApache 4.

You’ll then need to add the EasyApache experimental repository:

 sudo yum install ea4-experimental

Once this is successful you’ll need to install the memcached daemon:

 sudo yum install ea-memcached

Now you need to install the php module for each version of php you intend to use with memcached. The command below installs php-memcached for php7.0 – you just need to change the version for others:

 sudo yum install ea-php70-php-memcache ea-php70-php-memcached

Finally, you’ll need to start the memcached daemon. The number in the middle (1024 in this example) is how much memory, in megabytes, should be allocated for the cache and will obviously depend on your available memory and the usage planned:

 sudo memcached -d -u nobody -m 1024 127.0.0.1 -p 11211

127.0.0.1 means it is to be started on localhost and 11211 is the port (this being the default for memcached).

Many open source applications allow you to take advantage of memcached – WordPress (via plugins such as W3 TotalCache) and ownCloud both make good use of it. You can configure them individually to use your new cache.

You can check how much work your memcached process has been doing using the stats command. First of all, telnet into the memcached service:

 telnet localhost 11211

Then just use the ‘stats’ command

Trying ::1...
Connected to localhost.
Escape character is '^]'.
stats
STAT pid 26503
STAT uptime 2256511
STAT time 1503408119
STAT version 1.4.35
STAT libevent 2.0.21-stable
STAT pointer_size 64
STAT rusage_user 186.063186
STAT rusage_system 409.667205
STAT curr_connections 10
STAT total_connections 308621
STAT connection_structures 86 ...

22 Aug

1 Min read

Setting the timezone on CentOS 7

22nd August 2017 Phil 0 comments

To keep ensure your logs are easy to analyse and some scripts operate correctly, it’s a good idea to set your server timezone to match where you are.

Display the current zone (and time) by using the ‘date’ command:

 date
Tue 22 Aug 13:32:27 BST 2017

From the above, you can see my timezone is set to BST.

To view a list of the available timezones, use the following:

 timedatectl list-timezones
Africa/Abidjan
Africa/Accra
Africa/Addis_Ababa
Africa/Algiers
Africa/Asmara
Africa/Bamako
Africa/Bangui
Africa/Banjul
Africa/Bissau
Africa/Blantyre ...

You can scroll through these, but it’s a big list. So we can use the ‘grep’ command to find what we need:

 timedatectl list-timezones | grep Europe
...
Europe/Kirov
Europe/Lisbon
Europe/Ljubljana
Europe/London
Europe/Luxembourg
Europe/Madrid
Europe/Malta
Europe/Mariehamn ...

For my use I need the Europe/London zone so I can set it using:

 sudo timedatectl set-timezone Europe/London

Repeat the ‘date’ command above to make sure it’s all correct and you’re done.

cPanel Instructions

Rendr theme

Contacts & enquiries

Subscribe