Change Hostname on CentOS6


nano /etc/sysconfig/network

nano /etc/hosts hostname


/etc/init.d/network restart


PhpMyAdmin Error after Updating PHP

Error during session start; please check your PHP and/or webserver log file and configure your PHP installation properly. Also ensure that cookies are enabled in your browser.

SOLUTION: CHMOD 777 /var/lib/php/session

Nginx vs Apache

  • Apache creates a thread for every request.
  • Nginx have workers single thread. Can handle more request.

It is also worth mentioning that sometimes both web servers are used at the same time – Nginx as a reverse proxy for Apache. In this combination, Nginx will take off most of the load from Apache. This can be an acceptable solution, if the system is already running with Apache and the costs of a full transfer to Nginx are greater, than using both in a combo.

Secure HTTP/HTTPS using Fail2ban


enabled = true
port = http,https
filter = http-get-dos
logpath = /var/log/apache2/YOUR_WEB_SERVER_ACCESS_LOG
# maxretry is how many GETs we can have in the findtime period before getting narky
maxretry = 300
# findtime is the time period in seconds in which we're counting "retries" (300 seconds = 5 mins)
findtime = 300
# bantime is how long we should drop incoming GET requests for a given IP for, in this case it's 5 minutes
bantime = 300
action = iptables[name=HTTP, port=http, protocol=tcp]

Create new file /etc/fail2ban/filters.d/http-get-dos.conf


# Option: failregex
# Note: This regex will match any GET entry in your logs, so basically all valid and not valid entries are a match.
# You should set up in the jail.conf file, the maxretry and findtime carefully in order to avoid false positives.

failregex = ^ -.*"(GET|POST).*

# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
ignoreregex =

Restart fail2ban

Login SSH without Password

Create private and public SSH keys:

ssh-keygen -t rsa
For a more secure 4096-bit key, run: ssh-keygen -t rsa -b 4096
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa
cat >> ~/.ssh/authorized_keys

Note: once you’ve imported the public key, you can delete it from the server.

and finally set file permissions on the server:

$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/authorized_keys

/etc/ssh/sshd_config file:

# Disable password authentication forcing use of keys
PasswordAuthentication no

Create ppk file using PuttyGen

  1. Click Conversions from the PuTTY Key Generator menu and select Import key.
  2. Navigate to the OpenSSH private key and click Open.
  3. Under Actions / Save the generated key, select Save private key.
  4. Choose an optional passphrase to protect the private key.
  5. Save the private key to the desktop as id_rsa.ppk.

Connect to server using Putty and Private Key

  1. Enter the remote server Host Name or IP address under Session.
  2. Navigate to Connection > SSH > Auth.
  3. Click Browse... under Authentication parameters / Private key file for authentication.
  4. Locate the id_rsa.ppk private key and click Open.
  5. Finally, click Open again to log into the remote server with key pair authentication.

Tested on CentOS6 i386

.htaccess Flag List

  • C (chained with next rule)
  • CO=cookie (set specified cookie)
  • E=var:value (set environment variable var to value)
  • F (forbidden – sends a 403 header to the user)
  • G (gone – no longer exists)
  • H=handler (set handler)
  • L (last – stop processing rules)
  • N (next – continue processing rules)
  • NC (case insensitive)
  • NE (do not escape special URL characters in output)
  • NS (ignore this rule if the request is a subrequest)
  • P (proxy – i.e., apache should grab the remote content specified in the substitution section and return it)
  • PT (pass through – use when processing URLs with additional handlers, e.g., mod_alias)
  • R (temporary redirect to new URL)
  • R=301 (permanent redirect to new URL)
  • QSA (append query string from request to substituted URL)
  • S=x (skip next x rules)
  • T=mime-type (force specified mime type)

How to set DKIM using VestaCP

DKIM is important like SPF in mail servers.

Go go VestaCP Mail section,

Enable DKIM for your domain.

Go to console: vlistmaildomaindkim <username> <domain>

Copy public key.

Go to your DNS server.

Add TXT.

Name: mail._domainkey

Value: v=DKIM1; k=rsa; p=<PUBLIC KEY>