This error is cropping up on a lot of new cPanel installs:

Can't locate Net/AIM.pm in @INC (@INC contains: /usr/lib/perl5/5.8.7/i686-linux /usr/lib/perl5/5.8.7 /usr/lib/perl5/site_perl/5.8.7/i686-linux /usr/lib/perl5/site_perl/5.8.7 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl . /scripts /scripts /scripts /scripts /scripts /scripts)

Once I installed the net aim stuff I started to get a new error:

Can't locate Tie/IxHash.pm in @INC (@INC contains: /usr/local/cpanel /usr/lib/perl5/5.8.7/i686-linux /usr/lib/perl5/5.8.7 /usr/lib/perl5/site_perl/5.8.7/i686-linux /usr/lib/perl5/site_perl/5.8.7 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl . /usr/local/cpanel /scripts /usr/local/cpanel /scripts /usr/local/cpanel /scripts /usr/local/cpanel) at /usr/local/cpanel/Cpanel/Form.pm line 16

Yet another error I was getting:

Can't locate DBI.pm in @INC (@INC contains: /usr/lib/perl5/5.8.7/i686-linux /usr/lib/perl5/5.8.7 /usr/lib/perl5/site_perl/5.8.7/i686-linux /usr/lib/perl5/site_perl/5.8.7 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl . /scripts /scripts /scripts /scripts /scripts /scripts /scripts /scripts) at cPScript/Mysql.pm line 23.

Yes more errors:

I ran into a problem where apache would not start due to some sort of mod_python error. This is typically something you only see on a busy server. If you get the following error:

[error] (28)No space left on device: mod_python: Failed to create global mutex 0 of 4 (/tmp/mpmtx175910).
Configuration Failed

Simply run the following to fix it:

echo "kernel.sem = 512 32000 100 512" >> /etc/sysctl.conf; sysctl -p; service httpd start

Subversion is a program much like cvs that allows for version management. Though I am not extremely familiar with it I was asked to install it on a redhat enterprise 3 update 6 server. The following rpms should work great as long as you have it running the latest according to up2date. If you have RHEL4 you can apparently just do up2date -l subversion. Anyways simply download and install these rpms:

While many people use the grep command through a pipe | there are more efficient ways of using it. I have nearly killed a server on many occasions by running cat filename |grep some-term while the command tries to list a huge file. Instead simply use egrep which is more efficient in terms of speed and system resources.

Rsync is another very powerful command that is used to sync 2 directories between servers and only transfer the new files to the server. This is a great method for backups as it is low on bandwidth and it is also commonly used to keep clustered servers working together. The ending slashes are very important when using rsync. If you are not familiar with how it works simply always make sure to have an ending slash on both the source and the destination and it should be fine.

The replace command is a very simple but VERY powerful command that comes as part of mysql. It can be used to quickly replace entries within a group of files. Generally I find it useful for mass-modification of an IP for dns or TTL for dns.

While not all datacenters do there are some that by default partition the system in a less then ideal manner. I have had to deal with quiet a few clients who have filled up their /var partition due to mysql being stored by default on the partition. This is a short little guide to show you how to move mysql to another parition on the system. I have another guide that shows you how to parition a drive for mysql but many times it is not possible to repartition a drive and it is a lot easier to simply move it to another live parition. I would make sure and leave mysql in the old place, or at least a backup copy, for a few days before deleting it to make sure all of the data was transfered fine. If you want to move to a partition other then /backup/ simply change backup to home or the partition name anyplace you see it. In addition to the space considerations moving to a different drive can also have a profound positive influence on the system performance.

This is a quick guide on adding IPs to a system manually. I would only suggest it if you are not using a control panel, such as cpanel, that has a feature to adds ips. If your main ethernet device is eth1 instead of eth0 simply substitute eth1 for eth0. Other then that should be pretty simple to follow, this should work on any standard redhat/centos based system.

cPanel's /scripts/installzendopt generally works if you run the cPanel control panel. If you do not the Zend website has an installer which is basically the same thing and works great. If you do not want to search the site I have provided a mirror of the files below. If you do please use version http://eth0.us/files/ZendOptimizer-3.2.8-linux-glibc21-i386.tar.gzas it is compatible with php5 and php4
Updated August 2007

Zend optimizer is a plugin to php which allows a server to read zend encoded files as well as serve as a platform to install zend modules such as eaccelerator.

 

A quick and usefull command for checking if a server is under ddos is:

netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

That will list the IPs taking the most amount of connections to a server. It is important to remember that the ddos is becoming more sophistcated and they are using fewer connections with more attacking ips. If this is the case you will still get low number of connections even while you are under a DDOS.

MySQL is one of the most important programs on a server, unfortunatly it is also pretty resource intensive. One a server it is not uncommon for a single user or even a query to take up the bulk of the servers cpu cycles. Mytop is a very useful program to see what queries a server is currently processing as well as which user is executing them. Think of mytop as top for mysql. If you see a lot from a user that means they are probably the hog. Mytop can also be useful for figuring out exactly which queries are causing the problem in the case of a self-designed website. The following is how to install mytop on the server and run it. Thanks to carlos for the actual commands

So what exactly is a server load balancer (SLB) and how is it going to help you?

An SLB is a rather expensive, but very effective, way to minimize downtime on an important website that requires 0 downtime. The load balancer that I have the most experience with is the foundry serveriron load balancer that ev1servers currently offers. The primary gain from a load balancer is the ability to host one, or a small group, of websites easily on multiple servers without having to rely on unbalanced solutions like round robin (RR) dns. The load balancer is configured so that each website has a single incoming IP and then when traffic hits the load balancer it will send it to which ever server has the least amount of connections. In this way if for some reason a server starts to slow down and the connections queue up it will stop sending them.

Okay, Well... This script is not a security script, nore a load balencing script. But it is a very useful script if you get high traffic or are hosting a Game Server. I've Had CounterStrike Server player ping go down as much as 50ms after running this script.

So what you want to do is log into your server's shell, and create a file (nano filename.sh). Once you create the file, you need to put this code in the file;

#!/bin/bash

# Create backup
if [ ! -e ./speed_backup.sh ] ; then
echo -n "Creating backup (`pwd`/speed_backup.sh)... "
echo "#!/bin/bash" > ./speed_backup.sh
echo "" >> ./speed_backup.sh
echo "echo \"`cat /proc/sys/net/ipv4/tcp_sack`\" > /proc/sys/net/ipv4/tcp_sack" >> ./speed_backup.sh
echo "echo \"`cat /proc/sys/net/ipv4/tcp_timestamps`\" > /proc/sys/net/ipv4/tcp_timestamps" >> ./speed_backup.sh
echo "echo \"`cat /proc/sys/net/ipv4/tcp_mem`\" > /proc/sys/net/ipv4/tcp_mem" >> ./speed_backup.sh
echo "echo \"`cat /proc/sys/net/ipv4/tcp_rmem`\" > /proc/sys/net/ipv4/tcp_rmem" >> ./speed_backup.sh

This guide is here for all those people that are starting a webhosting company but have absolutly no clue how to do it or just how much work it would take to run one. If you are thinking it is still the late 90's and the internet means quick and easy money just close this window now and stop reading...that internet is long gone. The truth of the matter is that there are thousands of webhosting "companies" many of whom are run from the desk of a 13 year old kid, while he is not at school of course. Of course I am not trying to say that all hosts are kiddie hosts, but many are and they are the ones that are willing to sell you a $5/year hosting plan. You have to realize that there are different levels of companies and service, if you try to get in to get the bottom feeder clients that want to pay as litlte as possible you will most likely run into trouble. In this article I will go over some of the things to consider before even trying to run a business.

So I am sure if you are running a cPanel server you are having the exact same trouble as we have been having the last week, lots of spam! It appears there is somebody in this world that has decided to write a rather efficient script that searches for webforms then sends spam via php and bcc. The first quick fix was to enable safe_mode but that obviouslly gets a fair amount of webhosting clients pretty bad. I have been working with mod_security and come up with a pretty simple rule that should help:

SecFilterSelective THE_REQUEST "bcc:|Bcc:|BCc:|BCC:|bCc:|bCC:|bcC:|BcC:"


What that will do is search first for the bcc, Bcc, etc then look for com, org, or net in a url. I was trying to filter it looking for an @ symbol but I was having trouble with apache picking it up. I figure if they are not spamming to one of those TDLs it is probably not a very big attack. If you want to protect more simply add to the list, remember all it has to do is catch one and it blocks the entire request.