HOW TO PROTECT YOUR SERVER FROM DDOS ATTACK MANUALLY

Featured

February 10, 2020 in Tips and Tricks

HOW TO PROTECT YOUR SERVER FROM DDOS ATTACK MANUALLY

in This part i’ll show you a manually way to protect your linux server from DDOs attack , first of all when your server is going down due to a DDOS attack the first thing you need to know is the striker IP address , so to do this i have a couple of commands :

First one :

——————-

netstat -n|grep :80|awk {‘print $5’}| cut -f1 -d: | sort | uniq -c

——————-

second one :

——————-

netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

——————-

Third One :

——————-

netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n | tail

those command are basicaly to show you the stricker ip addres and to know whos attacking your server , once you use one of them u’ll have a liste contain a lot of ip addresses and beside each ip address you will notice a packets that was sent to the server , if the packets are less than 50 it means its a normal connection to your server if it was more than 100 it means that your having a DDOS attack and you must stop it

Now lets stop those kinds of attacks :

First command :

——————-

iptables -A INPUT -s 0.0.0.0 -j DROP

——————-

Second command :

——————-

iptables -I INPUT 1 -p tcp -d 0.0.0.0 –dport 80 -j DROP

——————-

NOTICE : Change The 0.0.0.0 to the attacker IP address that you wanna stop

HOW TO DETECT DDOS ATTACK ?

Monitor internal network traffic and usage of server resources, such as Domain Name Server (DNS) and web server, to detect early traffic spikes and abnormal utilisation of system resources.

Work with Internet Service Providers (ISPs) or security service providers to monitor your Internet traffic at their operation centre.

Log security events and review alerts generated by security system, such as Intrusion Detection System (IDS) or Intrusion Prevention System (IPS), anti-malware solution, Internet gateway and firewall, to detect suspicious activities.

February 10, 2020 in Tips and Tricks

ASCII Table

ASCII stands for American Standard Code for Information Interchange. Below is the ASCII character table, including descriptions of the first 32 characters. ASCII was originally designed for use with teletypes, and so the descriptions are somewhat obscure and their use is frequently not as intended.

Java actually uses Unicode, which includes ASCII and other characters from languages around the world.

ASCII Table

Dec  = Decimal Value
Char = Character

'5' has the int value 53
if we write '5'-'0' it evaluates to 53-48, or the int 5
if we write char c = 'B'+32; then c stores 'b'


Dec  Char                           Dec  Char     Dec  Char     Dec  Char
---------                           ---------     ---------     ----------
  0  NUL (null)                      32  SPACE     64  @         96  `
  1  SOH (start of heading)          33  !         65  A         97  a
  2  STX (start of text)             34  "         66  B         98  b
  3  ETX (end of text)               35  #         67  C         99  c
  4  EOT (end of transmission)       36  $         68  D        100  d
  5  ENQ (enquiry)                   37  %         69  E        101  e
  6  ACK (acknowledge)               38  &         70  F        102  f
  7  BEL (bell)                      39  '         71  G        103  g
  8  BS  (backspace)                 40  (         72  H        104  h
  9  TAB (horizontal tab)            41  )         73  I        105  i
 10  LF  (NL line feed, new line)    42  *         74  J        106  j
 11  VT  (vertical tab)              43  +         75  K        107  k
 12  FF  (NP form feed, new page)    44  ,         76  L        108  l
 13  CR  (carriage return)           45  -         77  M        109  m
 14  SO  (shift out)                 46  .         78  N        110  n
 15  SI  (shift in)                  47  /         79  O        111  o
 16  DLE (data link escape)          48  0         80  P        112  p
 17  DC1 (device control 1)          49  1         81  Q        113  q
 18  DC2 (device control 2)          50  2         82  R        114  r
 19  DC3 (device control 3)          51  3         83  S        115  s
 20  DC4 (device control 4)          52  4         84  T        116  t
 21  NAK (negative acknowledge)      53  5         85  U        117  u
 22  SYN (synchronous idle)          54  6         86  V        118  v
 23  ETB (end of trans. block)       55  7         87  W        119  w
 24  CAN (cancel)                    56  8         88  X        120  x
 25  EM  (end of medium)             57  9         89  Y        121  y
 26  SUB (substitute)                58  :         90  Z        122  z
 27  ESC (escape)                    59  ;         91  [        123  {
 28  FS  (file separator)            60  <         92  \        124  |
 29  GS  (group separator)           61  =         93  ]        125  }
 30  RS  (record separator)          62  >         94  ^        126  ~
 31  US  (unit separator)            63  ?         95  _        127  DEL

February 7, 2020 in Tips and Tricks

sms-retriever verify in android not working after update

The SMS Retriever API provides a fully automated user experience and should be used when possible. It does, however, require you to place a custom hash code in the message body, and this may be difficult to do if you’re not the sender of that message.

First download app signed certificate der from your play console account.

Then convert it to yourkeystore.keystore with keystore extension using this command: 

keytool -importcert -alias nonames098 -file deployment_cert.der -keystore keystore.jks -storepass nonames098
               OR
 keytool -import -alias nonames -keystore keystore.jks -file deployment_cert.der

Then create string hash using the created keystore. 

 keytool -exportcert -alias youralias -keystore keystore.jks | xxd -p | tr -d "[:space:]" | echo -n  com.test.testapp `cat` | sha256sum | tr -d "[:space:]-" | xxd -r -p | base64 | cut -c1-11


MSU1WTd7Goy
SMS Verification APIs

Automatic SMS Verification with the SMS Retriever API

With the SMS Retriever API, you can perform SMS-based user verification in your Android app automatically, without requiring the user to manually type verification codes, and without requiring any extra app permissions. When you implement automatic SMS verification in your app, the verification flow looks like this:

  1. A user initiates SMS verification in your app. Your app might prompt the user to provide a phone number or use the Smart Lock for Passwords hint selector if that information wasn’t required to create the user’s account.
  2. Your app makes a request to your server to verify the user’s phone number. Depending on what information is available in your user database, this request might include the user’s ID, the user’s phone number, or both.
  3. At the same time, your app calls the SMS Retriever API to begin listening for an SMS response from your server.
  4. Your server sends an SMS message to the user that includes a one-time code to be sent back to your server, and a hash that identifies your app.
  5. When the user’s device receives the SMS message, Google Play services uses the app hash to determine that the message is intended for your app, and makes the message text available to your app through the SMS Retriever API.
  6. Your app parses out the one-time code from the message text and sends it back to your server.
  7. Your server receives the one-time code from your app, verifies the code, and finally records that the user has successfully verified their account.

January 31, 2020 in Laravel, Php, Tips and Tricks

HTTP to HTTPS and HTTPS to HTTP redirect in php/laravel without htaccess

HTTP to HTTPS


<?php
//echo empty($_SERVER['HTTPS']);
if(empty($_SERVER['HTTPS'])) {
$redirect= "https://www".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
//header("location:$redirect"); //php
return redirect()->to($redirect)->send(); //laravel
}
?>

HTTPS to HTTPS


<?php
//echo empty($_SERVER['HTTPS']);
if(!empty($_SERVER['HTTPS'])) {
$redirect= "http://www".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
//header("location:$redirect"); //php
return redirect()->to($redirect)->send(); //laravel
}
?>

January 30, 2020 in Tips and Tricks, Ubuntu

how to check user load on ubuntu

different commands to check the load average in linux.Loadaverage is the system load,which is a measure of the amount of computational work that a computer system performs.When you run the command in output,you will see one, five, and fifteen minute moving load average of the system.The practical of load average command is done in Red Hat,CentOS,Ubuntu and Debian system. 

ubuntu@ip-172-31-93-130:/$  cat /proc/loadavg
0.00 0.00 0.00 2/196 7337
ubuntu@ip-172-31-93-130:/$
ubuntu@ip-172-31-93-130:/$ w
 10:47:40 up  3:28,  1 user,  load average: 0.06, 0.02, 0.00
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
ubuntu   pts/0    49.36.134.191    07:19    4.00s  0.16s  0.00s w
ubuntu@ip-172-31-93-130:/$
ubuntu@ip-172-31-93-130:/$ uptime
 10:48:42 up  3:29,  1 user,  load average: 0.02, 0.01, 0.00
ubuntu@ip-172-31-93-130:/$
ubuntu@ip-172-31-93-130:/$ top
top - 10:49:24 up  3:30,  1 user,  load average: 0.01, 0.00, 0.00
Tasks: 120 total,   1 running,  79 sleeping,   0 stopped,   0 zombie
%Cpu(s):  0.0 us,  0.2 sy,  0.0 ni, 99.8 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
KiB Mem : 15650116 total, 14640708 free,   479316 used,   530092 buff/cache
KiB Swap: 16777212 total, 16777212 free,        0 used. 14870788 avail Mem

  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND
    1 root      20   0  159732   8980   6676 S   0.0  0.1   0:03.37 systemd
    2 root      20   0       0      0      0 S   0.0  0.0   0:00.00 kthreadd
    4 root       0 -20       0      0      0 I   0.0  0.0   0:00.00 kworker/0:0H
    6 root       0 -20       0      0      0 I   0.0  0.0   0:00.00 mm_percpu_wq
    7 root      20   0       0      0      0 S   0.0  0.0   0:00.13 ksoftirqd/0

January 30, 2020 in Tips and Tricks, Ubuntu

what is meaning of www-data:www-data

security

The files are not world writeable. They are restricted to the owner of the files for writing.

The web server has to be run under a specific user. That user must exist.

If it were run under root, then all the files would have to be accessible by root and the user would need to be root to access the files. With root being the owner, a compromised web server would have access to your entire system. By specifying a specific ID a compromised web server would only have full access to its files and not the entire server.

If you decide to run it under a different user ID, then that user would need to be the effective owner of the files for proper privileges. It could be confusing to have personal ownership of system-wide files to your personal account.

Creating a specific user would make it easier to recognize the files and consistent to recognize which ID to chown to new files and folders added to the site.

The Userid or Name of the owner doesn’t matter. Whatever is chosen or decided upon will have to be configured in the web server configuration files.

By default the configuration of the owner is www-data in the Ubuntu configuration of Apache2. Since that is the default configuration, you conveniently know the ownership needed for your web files. If you change it, you would have to change the files in your site to match.

January 27, 2020 in Tips and Tricks, Ubuntu

How do I change permissions for a folder and all of its subfolders and files in one step in Linux?

The other answers are correct, in that chmod -R 755 will set these permissions to all files and subfolders in the tree. But why on earth would you want to? It might make sense for the directories, but why set the execute bit on all the files?

I suspect what you really want to do is set the directories to 755 and either leave the files alone or set them to 644. For this, you can use the find command. For example:

To change all the directories to 755 (drwxr-xr-x):

sudo find /home/ubuntu/public_html -type d -exec chmod 755 {} \;

To change all the files to 644 (-rw-r--r--): 

sudo find /home/ubuntu/public_html -type f -exec chmod 644 {} \;

January 23, 2020 in Tips and Tricks

How to Delete a Facebook Pixel from Business Manager

There is no way to delete an existing pixel. However, you can go to “Business Settings” > “Data Sources” > “Pixels” and there remove the connected “Ad Account” this way the pixel won’t show up in your list of pixels when creating ads or custom/lookalike audiences!

Soa Technology

Additionally, don’t forget to remove them from your website as well.

After contacting facebook support, I learned that it is not possible to delete your pixel from your account! This is outrageous indeed and does not make any sense! You can remove them from your site and this would stop data tracking and everything, except for your facebook account would have multiple Pixels that would make it look unorganized.

SUBSCRIBE YOUTUBE CHANNEL

Email : adityaypi@yahoo.com, Mobile : +91-9555699081

January 15, 2020 in Tips and Tricks

filezilla not showing hidden files

FileZilla

Open the Filezilla FTP program.

  1. From the menu bar at the top of the screen select Server.
  2. Select Force showing hidden files.
  3. In the Remote Site panel on the right, you should now see all of your files including any hidden ones.

WinSCP

Open the WinSCP FTP program.

  1. From the menu bar at the top the screen select Options then Preferences.
  2. Select Panels from the left column.
  3. Tick to Show hidden files.
  4. In the panel on the right showing the remote site, you should now see all files including hidden ones.

That’s it! You now know how to show hidden files in FileZilla and WinSCP.