How to find IP Address that Launch DDOS Attack

If your VPS or server load suddenly increases much higher than normal, it could be a DDOS attack.

To find out which IPs did that do the following,

Option 1 :- If you know which domain is attacked. SSH to your server & issue the following command. Make sure you replace “DOMAIN” with your domain name. If you are using cPanel/WHM and the domain is not the primary domain, normally it will be the sub domain of the primary domain.

less /usr/local/apache/domlogs/DOMAIN | awk '{print $1}' | sort | uniq -c | sort -n

Option 2  :- If you don’t know which domain is attacked. SSH to your server & issue the following command. Option 1 if preferable especially if your server is very busy has many domain. It will take quite sometimes to process the log file. You can check by issuing “top -c” command to find out which domain consume the most resources.

less /usr/local/apache/logs/access_log | awk '{print $1}' | sort | uniq -c | sort -n


Both of the option will give the ip and number of connections in the descending order. For example:

1 2 3 4 5 6 7

..... ..... ..... ..... 17843 56.51.155.156 19234 66.156.66.266 234578 156.56.16.76

In the above case we can see too many connections from those ips and it is abnormal. You can block these ips in the firewall such as ConfigServer Firewall (“csf”).

Exim mail relay from an IP without authentication

create the file /etc/alwaysrelay and add the IP addresses .

For example:

                  vi  /etc/alwaysrelay  

Add the IPs in the file

192.168.1.100

10.0.60.22

Then, restart exim (/etc/init.d/exim restart or ‘service exim restart’)

After this either restart antirelayd or wait for a little while and it will automatically include these IPs in /etc/relayhosts

Restore MySQL database from a backup file

Backing up your MySQL Databases

The following command will dump all databases to an sql file. Replace pass with your root database password and filename with the name of the file you wish to create such as backup.sql

# mysqldump -u<user> -p<pass> -B --all-databases > <filename>
# mysqldump -uroot -pSuperPass -B --all-databases > all.sql

A single database can be backed up also.

# mysqldump -u<user> -p<pass> <database> > <filename>
# mysqldump -uWiki -pBlue wikidb > wikidb.sql

Restore MySQL database from a backup file

There are many reasons you would want to restore a database from a backup file… But you should also test this on a test server just to make sure that your database backups are working correctly. Here’s the syntax:

mysql -h hostname -u username -pthepassword databasename < dumpfile.sql

Here’s an example:

mysql -h localhost -u root -ptgX!2121 < thedumpfile.sql

Linux: Find out serial / model number and vendor information for SATA and IDE hard disk

One of the below command may be used to get the Harddisk information.

1:   smartctl --all /dev/sda 

2:   hdparm -I /dev/sda 

where sda is the drive which need to check.

How to install NginX on cPanel/WHM Server

NginX is one of the most popular choice open source Web server and a reverse proxy. For those who are not very familiar with Linux & have cPanel/WHM installed in your server or VPS here is the guide on how to install them.

The package comes with Nginx Admin plugins for cPanel. To install execute the following command through SSH client. You have to login as root.

cd /usr/local/src wget http://nginxcp.com/latest/nginxadmin.tar tar xf nginxadmin.tar cd publicnginx ./nginxinstaller install

If you are installing Nginx Admin for the first time and there is Python Error while installing you have to execute the following command.

./pythonfix ./nginxinstaller install

If you want to uninstall Nginx Admin, execute the following commands.

cd /usr/local/src wget http://nginxcp.com/latest/nginxadmin.tar tar xf nginxadmin.tar cd publicnginx ./nginxinstaller uninstall

Cpanel Enable the slow query log

You would add the following to /etc/my.cnf file to enable the slow query log.

log-slow-queries=/var/lib/mysql/slow.log

After that, then do the following commands to create the file with the right ownership and file permissions:

touch /var/lib/mysql/slow.log
chmod 660 /var/lib/mysql/slow.log
chown mysql:mysql /var/lib/mysql/slow.log

How to Install cPanel/WHM on CentOS VPS

cPanel/WHM installation on your VPS or dedicated server is very easy. Just follow the steps below & you are done. Remember that you need fresh CentOS installation prior to installing cPanel/WHM.

1. Run your preferred SSH client such PuTTY. Connect to your server & login as “root”.
2. Download & install cPanel/WHM by running the following commands one by one.

cd /home wget -N http://httpupdate.cpanel.net/latest sh latest

The process will take approximately 60 to 90 minutes but it is largely depending on your server internet connection and performance.

If you only want to install cPanel DNSONLY version use the following command instead

cd /home wget -N http://httpupdate.cpanel.net/latest-dnsonly sh latest-dnsonly

Once the installation complete, login to your WHM as root to configure,

http://yourip:2086    OR
https://yourip:2087

How to Check mod_rewrite Module in Apache/LiteSpeed is Loaded

To check if mod_rewrite Module is loaded in Apache/LiteSpeed follow the following steps:

1. For system with cPanel, log to SSH in issue the following commands

/usr/local/apache/bin/httpd -D DUMP_MODULES | grep rewrite

If it return the following, then mod_rewrite is loaded

Syntax OK rewrite_module (static)

2. For system with no cPanel, check “httpd.conf” file. If the following is in the file then it should be loaded.

LoadModule rewrite_module libexec/apache2/mod_rewrite.so

Restart IP Pool

If you have additional IPs added in WHM/Cpanel it may not bring them up after network restart.

In order to fix this behavior run the following command:

  /scripts/restartsrv_ipaliases

to make aliases available on network interface again.

How to change the primary IP addres of a WHM/cPanel server

Steps in WHM:

• Log into WHM and go to Basic cPanel & WHM Setup
• Change the Primary IP here with the option that says "The IP address (only one address) that will be used for setting up shared IP virtual hosts"
• Note: This might not actually be necessary.

Log in to SSH, and do the following:

• Edit /etc/sysconfig/network-scripts/ifcfg-eth0
  • Change the IPADDR and GATEWAY lines to match the new IP and Gateway for the new ip

• Edit /etc/sysconfig/network
  • Change the GATEWAY line here if it does not exist in the ifcfg-* file.

• Edit /etc/ips
  • Remove the new primary IP from this file if it is present
  • Add the old primary IP to this file with the format ::
     
• Edit /var/cpanel/mainip
  • Replace the old primary IP with the new primary IP

• Edit /etc/hosts
  • Replace the old primary IP with the new one if needed. The hostname's dns will need to be updated too

• Restart the network service to make the new IP the primary
  • service network restart
  • Note: You're probably going to be disconnected at this point, and have to log in to ssh using the new primary ip.

• Restart the ipaliases script to bring up the additional IP
  • service ipaliases restart
     
• Run ifconfig and make sure all IPs show up correctly

• Update the cpanel license to the new primary IP 

• Verify you can still log in to WHM and there is no license warning
• Verify cPanel

Check Current and Past Server Load

What causes high server loads?
Excessive usage of any of the following items can typically cause this issue:

• CPU
• memory (including swap)
• disk I/O

How can I check these items?
That depends you want to review their current resource usage, or historical resource usage.

System Activity Reporter (SAR) is an important tool that shows system admins an overview of the server machine with status of various metrics at different points of time.

To view the load averages for your server from the 23rd of the month:

Code:

[user@technoquick ~]$ sar -q -f /var/log/sa/sa23

'-q' to obtain the load average information, and '-f' to specify which sar file to obtain the information from.

Result:
Linux 2.6.18-348.16.1.el5 (technoquickfix.com)   23/05/2015
12:00:01 AM   runq-sz  plist-sz   ldavg-1   ldavg-5  ldavg-15
12:10:01 AM   5         331         0.83      1.20      1.39
12:20:01 AM   7         316         1.20      0.78      1.01
12:30:01 AM   6         317         0.51      0.67      0.84
12:40:01 AM   5         312         0.75      0.62      0.73

Here’s an explanation of the above variables:
“runq-sz” run queue length, which is the number of tasks waiting for run time.
“plist-sz” is the number of tasks in the task list.
“1davg-1″ refers to the system load average over the
 last minute. The load average is calculated as the average number of 
runnable or running tasks (R state), and the number of tasks in 
uninterrupted sleep (D state) over the specified interval.
“ldavg-5″ is the system load average for the past 5 minutes.
“ldavg-15″  the system load average for the past 15 minutes.

Current CPU usage:

Code:
 [user@technoquickfix ~]$ top c 
Tip: hit "P" to sort by processes that currently consuming the most CPU.

Historical CPU usage:
Check the "%idle" column:
Code:
 [user@technoquickfix ~]$ sar -p 

Current memory usage:

Code:
 [user@technoquickfix ~]$ free -m 

Historical memory usage:
This depends on the version of sar, which used to use '-r' to show %memused and %swpused (swap memory used), but later changed to '-S' to show %swpused.
Check "%memused" and "%swpused":
Code:
 [user@technoquickfix ~]$ sar -r 

Current disk I/O usage:

This will print the disk usage statistics 10 times, every 1 seconds. 
Check the %util column.

Code: 
 [user@technoquickfix ~]$ iostat -x 1 10 

Historial disk I/O usage:
Code:
 [user@technoquickfix ~]$ sar -d 

Can't connect to MySQL server on 'localhost' (10055)"

Cause of MySQL Error 10055?

This is more of an Operating System Error than a MySQL error.  Each time your website runs a query you open a connection to the Database, run the query, then close the connection.  Each time this happens your Server allocates a dynamic port for use by MySQL and your Website.  For Websites like mine which may run 2000+ Queries per second, this means that 2000+ dynamic ports must be set aside for these connections.  Sometimes your server gets under load and the operating system can't recycle these ports fast enough, leading you to run out of ports and then your server throws a 10055 Error.

By default Windows Server 2008 R2 has 16838 Ports designated for Dynamic use.  The default ranges are 49152 - 65535.  However this can be extended to a wider range of ports.

Fix MySQL Error 10055:

To fix the problem you need to increase the number of dynamic ports.
Running the following Commands will give give you 50000 ports for dynamic use.

On Windows Server 2008 R2
Open command Prompt

Type the following:

netsh int ipv4 set dynamicport tcp start=10000 num=50000

Press Enter

Type the following
netsh int ipv4 set dynamicport udp start=10000 num=50000
Press Enter

Protected directory cannot be enabled: "columns siteId, path are not unique"

Symptoms

When trying to add a new customer and protected directory in Parallels Plesk, the protected directory cannot be enabled:

Error message : ProtDir_IIS::update() failed: Add Protected Directory failed: columns siteId, path are not unique (Error code 1)

Cause

The protected directory was not synchronized properly.

Resolution

Synchronize the protected directories database using the following command:

"%plesk_cli%\repair.exe"  --synchronize-protected-directories-storage

Basic Linux Commands -Part 3

 cal :        Display a calendar

Syntax:

                        cal [-mjy] [[month] year]

Options:

           -m         Display monday as the first day of the week.

            -j          Display julian dates (days one-based,numbered from Jan 1

           -y          Display a calendar for the current year.

 chgrp :   Change group ownership

Syntax :

                 chgrp [Options]... {Group | --reference=File} File...

Key :

          -c

          --changes

                    Verbosely describe the action for each File whose group actually changes.

          -f

         --silent

         --quiet

                   Do not print error messages about files whose group cannot be changed.

         -f

         --no-dereference

                   Act on symbolic links themselves instead of what they point to.

         --reference=FILE

                  Use the group of the reference FILE instead of an explicit GROUP.

         -v

        --verbose

                 Verbosely describe the action or non-action taken for every File.

       -R

       --recursive

                Recursively change the group ownership of directories and their contents.

BOOT Process Of Linux Server

The following are the 6 high level stages of a typical Linux boot process.

1. BIOS

• BIOS stands for Basic Input/Output System
• Performs some system integrity checks
• Searches, loads, and executes the boot loader program.
• It looks for boot loader in floppy, cd-rom, or hard drive. You can press a key (typically F12 of F2, but it depends on your system) during the BIOS startup to change the boot sequence.
• Once the boot loader program is detected and loaded into the memory, BIOS gives the control to it.
• So, in simple terms BIOS loads and executes the MBR boot loader.

2. MBR

• MBR stands for Master Boot Record.
• It is located in the 1st sector of the bootable disk. Typically /dev/hda, or /dev/sda
• MBR is less than 512 bytes in size. This has three components 1) primary boot loader info in 1st 446 bytes 2) partition table info in next 64 bytes 3) mbr validation check in last 2 bytes.
• It contains information about GRUB (or LILO in old systems).
• So, in simple terms MBR loads and executes the GRUB boot loader.

3. GRUB

• GRUB stands for Grand Unified Bootloader.
• If you have multiple kernel images installed on your system, you can choose which one to be executed.
• GRUB displays a splash screen, waits for few seconds, if you don’t enter anything, it loads the default kernel image as specified in the grub configuration file.
• GRUB has the knowledge of the filesystem (the older Linux loader LILO didn’t understand filesystem).
• Grub configuration file is /boot/grub/grub.conf (/etc/grub.conf is a link to this). The following is sample grub.conf of CentOS.

#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/boot/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.18-194.el5PAE)
          root (hd0,0)
          kernel /boot/vmlinuz-2.6.18-194.el5PAE ro root=LABEL=/
          initrd /boot/initrd-2.6.18-194.el5PAE.img

• As you notice from the above info, it contains kernel and initrd image.
• So, in simple terms GRUB just loads and executes Kernel and initrd images.

5. Init

• Looks at the /etc/inittab file to decide the Linux run level.
• Following are the available run levels
  • 0 – halt
  • 1 – Single user mode
  • 2 – Multiuser, without NFS
  • 3 – Full multiuser mode
  • 4 – unused
  • 5 – X11
  • 6 – reboot
• Init identifies the default initlevel from /etc/inittab and uses that to load all appropriate program.
• Execute ‘grep initdefault /etc/inittab’ on your system to identify the default run level
• If you want to get into trouble, you can set the default run level to 0 or 6. Since you know what 0 and 6 means, probably you might not do that.
• Typically you would set the default run level to either 3 or 5.

6. Runlevel programs

• When the Linux system is booting up, you might see various services getting started. For example, it might say “starting sendmail …. OK”. Those are the runlevel programs, executed from the run level directory as defined by your run level.
• Depending on your default init level setting, the system will execute the programs from one of the following directories.
  • Run level 0 – /etc/rc.d/rc0.d/
  • Run level 1 – /etc/rc.d/rc1.d/
  • Run level 2 – /etc/rc.d/rc2.d/
  • Run level 3 – /etc/rc.d/rc3.d/
  • Run level 4 – /etc/rc.d/rc4.d/
  • Run level 5 – /etc/rc.d/rc5.d/
  • Run level 6 – /etc/rc.d/rc6.d/
• Please note that there are also symbolic links available for these directory under /etc directly. So, /etc/rc0.d is linked to /etc/rc.d/rc0.d.
• Under the /etc/rc.d/rc*.d/ directories, you would see programs that start with S and K.
• Programs starts with S are used during startup. S for startup.
• Programs starts with K are used during shutdown. K for kill.
• There are numbers right next to S and K in the program names. Those are the sequence number in which the programs should be started or killed.
• For example, S12syslog is to start the syslog deamon, which has the sequence number of 12. S80sendmail is to start the sendmail daemon, which has the sequence number of 80. So, syslog program will be started before sendmail.

Thats all about the Linux boot Process ..

Commonly Used Ports -Part 3

<<Previous Part 2

Port    TCP       UDP             DESCRIPTION

21   TCP   UDP    FTP control (command)
22   TCP   UDP    Secure Shell 
23   TCP   UDP    Telnet protocol—unencrypted text communications
24   TCP   UDP    Priv-mail : any private mail system.
25   TCP   UDP    Simple Mail Transfer Protocol 
26   TCP   UDP    Unassigned
27   TCP   UDP    NSW User System FE
29   TCP   UDP    MSG ICP
33   TCP   UDP    Display Support Protocol
35   TCP   UDP    Any private printer server protocol
37   TCP   UDP    TIME protocol
39   TCP   UDP    Resource Location Protocol
40   TCP   UDP    Unassigned
42   TCP   UDP    ARPA Host Name Server Protocol
42   TCP   UDP    Windows Internet Name Service
43   TCP   UDP    WHOIS protocol
47   TCP   UDP    NI FTP
49   TCP   UDP    TACACS Login Host protocol
50   TCP   UDP    Remote Mail Checking Protocol
51   TCP   UDP    IMP Logical Address Maintenance
52   TCP   UDP    XNS (Xerox Network Systems) Time Protocol
53   TCP   UDP    Domain Name System (DNS)
54   TCP   UDP    XNS (Xerox Network Systems) Clearinghouse
55   TCP   UDP    ISI Graphics Language (ISI-GL)
56   TCP   UDP    XNS (Xerox Network Systems) Authentication
56   TCP   UDP    Route Access Protocol (RAP)
57   TCP   UDP    any private terminal access
58   TCP   UDP    XNS (Xerox Network Systems) Mail
64   TCP   UDP    CI (Travelport) (formerly Covia) Comms Integrator
67   TCP   UDP    Bootstrap Protocol (BOOTP) Server; also used by DHCP
68   TCP   UDP    Bootstrap Protocol (BOOTP) Client; also used by DHCP
69   TCP   UDP    Trivial File Transfer Protocol (TFTP)
70   TCP   UDP    Gopher protocol
71   TCP   UDP    NETRJS protocol
72   TCP   UDP    NETRJS protocol
73   TCP   UDP    NETRJS protocol
74   TCP   UDP    NETRJS protocol
77   TCP   UDP    Any private Remote Job Entry
79   TCP   UDP    Finger protocol
80   TCP   UDP    Hypertext Transfer Protocol (HTTP)

Commonly Used Ports -Part 2

<< Previous Part 1                                                           Next Part 3 >>

Port    TCP      UDP       DESCRIPTION

0             UDP        Reserved
1     TCP   UDP        TCP Port Service Multiplexer (TCPMUX)
2     TCP   UDP       CompressNET[5] Management Utility
3     TCP   UDP       CompressNET[5] Compression Process
4     TCP   UDP       Unassigned
5     TCP   UDP       Remote Job Entry
6     TCP   UDP       Unassigned
7     TCP   UDP       Echo Protocol
8     TCP   UDP       Unassigned
9     TCP   UDP       Discard Protocol 
9             UDP       Wake-on-LAN
10    TCP   UDP       Unassigned
11    TCP   UDP       Active Users (systat[disambiguation needed] service)
12    TCP   UDP       Unassigned
13    TCP   UDP       Daytime Protocol (RFC 867)
14    TCP   UDP       Unassigned
15    TCP   UDP       Previously netstat service
16    TCP   UDP       Unassigned
17    TCP   UDP       Quote of the Day
18    TCP   UDP       Message Send Protocol
19    TCP   UDP       Character Generator Protocol (CHARGEN)
20    TCP   UDP       FTP data transfer

Basic Linux Commands -Part 2

<< Previous Part 1

 alias :  Create an alias

aliases allow a string to be substituted for a word when it is used as the first word of a simple command.
Syntax :                                                                         Key :
     alias [-p] [name[=value] ...]                                            -p   Print the current values
     unalias [-a] [name ... ]                                                   -a   Remove All aliases

 aspell  :   Spellcheck a file

Syntax :
      aspell check [options] filename
Key :
   -mode=mode
       The mode to use when checking files.
       The available modes are none, url, email, sgml, tex, texinfo, nroff
   –dont-backup
       Don't create a backup file.
   -lang=name
   -l name
       The language the document is written in. The default depends on the current locale.
   -encoding=name
       Encoding the document is expected to be in. The default depends on the current locale.
   -master=name
   -d name
       The main dictionary to use.

 bg :    Send job to background

Syntax :

      bg [PID...]

Key :

 If PID is specified, the jobs with the specified group ids are put in the background

 fg :      Send job to foreground

Syntax :
      fg [PID...]
Key :
 If PID is specified, the job with the specified group id is put in the foreground.

 jobs :   Print currently running jobs and their status.

Syntax :
      jobs [OPTIONS] [PID]
Keys :
   -c      --command       Print the command name for each process in jobs
   -g      --group            Only print the group id of each job
   -h      --help               Display a help message and exit
   -l       --last               Only the last job to be started is printed
   -p     --pid                Print the process id for each process in all jobs
 

 suspend :   Suspend the execution of shell until receives a SIGCONT signal.

Syntax :
      suspend [-f]
Key :
   -f   Do not complain if this is a login shell; just suspend anyway.

<< Previous Part 1

cPanel’s Manually Updated Hostname Alert

If you have recently updated your cPanel servers to 11.46, you may have received something that looks like the following alert.

WHM has detected a manual hostname change.
To fix this problem, we recommend that you perform the following action:
Update your hostname in WHM’s (http://new.hostname.com:2087/scripts2/changehostname) interface (Home » Networking Setup » Change Hostname).

If you did, then that means that your hostname was updated outside of WHM after cPanel was installed on that server. The fix is simple.

First log into SSH and run the below command:

root@host [~]# /usr/local/cpanel/scripts/check_valid_server_hostname
ERROR: WHM has detected a manual hostname change.


If your server is a WHM webserver, you need only navigate to WHM >> Change Hostname

Once that’s done, you can test that your server will no longer send an alert by running the hostname validation script manually:

root@host [~]# /usr/local/cpanel/scripts/check_valid_server_hostname 
OK

After the change you have made it’s confirmed that issue is fixed. Please always make sure you have a valid A record for your hostname.

BOOT Process Of Windows Server 2008

Here’s the brief description of Windows Server 2008 Boot process.

1. System is powered ON
2. The CMOS loads the BIOS and then runs POST
3. Looks for the MBR on the bootable device
4. Through the MBR the boot sector is located and the BOOTMGR is loaded
5. BOOTMGR looks for active partition
6. BOOTMGR reads the BCD file from the \boot directory on the active partition
7. The BCD (boot configuration database) contains various configuration parameters( this information was previously stored in the boot.ini)
8. BOOTMGR transfer control to the Windows Loader (winload.exe) or winresume.exe in case the system was hibernated.
9. Winloader loads drivers that are set to start at boot and then transfers the control to the windows kernel.

STEP 1:

 The first step is to see what hardware is available and its condition by using the power-on self

test (POST) routine. Next, BIOS executes the initial program load (IPL), which locates the

boot device and, if the device is a hard disk, the master boot record (MBR) is read from

the first sector on the disk. Otherwise, the equivalent information is obtained from the

boot device. From this information, partition information is obtained, the boot sector is

read, and the Windows Boot Manager (Bootmgr.exe) is started. On the screen, you see the

memory check, the identification of hardware, and the search for a boot device.

STEP 2:

 Windows Boot Manager reads the boot configuration data (BCD) and, if there is

more than one boot partition, asks the user to choose a partition and its OS. If a choice is

not made before the timeout, the default partition and OS is loaded. If you are booting

Windows Server 2008, the Windows Boot Loader (Winload.exe) is started. If you have

more than one hardware profile, you are given the option of pressing the spacebar to

select the hardware profile you want to use, for example, if you have a laptop that you

sometimes use with a docking station. If you press the spacebar , you can choose the

hardware profile you want; otherwise, the default profile is used.

Windows Server 2003 Booting Process

BIOS: performs Power On Self Test (POST)
BIOS: loads MBR from the boot device specified/selected by the BIOS
MBR: contains a small amount of code that reads the partition table, the first partition marked as active is determined to be the system volume
MBR: loads the boot sector from the system volume
BOOT SECTOR: reads the root directory of the system volume at loads NTLDR
NTLDR: reads BOOT.INI from the system volume to determine the boot drive (presenting a menu if more than 1 entry is defined)
NTLDR: loads and executes NTDETECT.COM from the system volume to perform BIOS hardware detection
NTLDR: loads NTOSKRNL.EXE, HAL.DLL, BOOTVID.DLL (and KDCOM.DLL for XP upwards) from the boot (Windows) volume
NTLDR: loads \WINDOWS\SYSTEM32\CONFIG\SYSTEM which becomes the system hive HKEY_LOCAL_MACHINE\System
NTLDR: loads drivers flagged as “boot” defined in the system hive, then passes control to NTOSKRNL.EXE
NTOSKRNL.EXE: brings up the loading splash screen and initializes the kernel subsystem
NTOSKRNL.EXE: starts the boot-start drivers and then loads & starts the system-start drivers
NTOSKRNL.EXE: creates the Session Manager process (SMSS.EXE)
SMSS.EXE: runs any programs specified in BootExecute (e.g. AUTOCHK, the native API version of CHKDSK)
SMSS.EXE: processes any delayed move/rename operations from hotfixes/service packs replacing in-use system files
SMSS.EXE: initializes the paging file(s) and the remaining registry hives
** before this step completes, bugchecks will not result in a memory dump as we need a working page file on the boot (Windows) volume **
SMSS.EXE: starts the kernel-mode portion of the Win32 subsystem (WIN32K.SYS)
SMSS.EXE: starts the user-mode portion of the Win32 subsystem (CSRSS.EXE)
SMSS.EXE: starts WINLOGON.EXE
WINLOGON.EXE: starts the Local Security Authority (LSASS.EXE)
WINLOGON.EXE: loads the Graphical User Identification and Authentication DLL (MSGINA.DLL by default)
WINLOGON.EXE: displays the logon window
WINLOGON.EXE: starts the services controller (SERVICES.EXE)
** at this point users can logon **
SERVICES.EXE: starts all services markes as automatic
———
NOTES:
The SYSTEM volume is the partition from which the boot process starts, containing the MBR, boot sector, NTLDR, NTDETECT.COM & BOOT.INI

The BOOT volume is the partition which contains the Windows folder – this can be a logical partition

Commonly Used Ports -Part1

This is a list of commonly used ports                                               Next Part 2 >>

cPanel

      cPanel     2082
      cPanel - SSL     2083
      WHM     2086
      WHM - SSL     2087
      Webmail     2095
      Webmail - SSL     2096

Plesk Panel

      Plesk Control Panel     8880
      Plesk Control Panel - SSL     8443
      Plesk Linux Webmail     N/A*
      Plesk Windows Webmail (SmarterMail)     9998**
      Plesk Webmail   8383

Email

      POP3     110
      POP3 - SSL     995
      IMAP     143
      IMAP - SSL     993
      SMTP     25
      SMTP Alternate     26
      SMTP Alternate     587
      SMTP - SSL     465

Web

      HTTP     80
      SSL     443
      FTP     21
      FTPs     990
      SFTP     22
      SFTP Shared/Reseller Servers     2222
      Webdisk     2077
      Webdisk - SSL     2078
      MySQL     3306
      MSSQL     1433
      SSH     22
      SSH Shared/Reseller Servers     2222

Other

      Virtuozzo     4643
      DotNet Panel     9001
      DotNet Panel Login     80

      RDP (Remote Desktop Protocol)     3389                                               Next Part 2 >>

Basic Linux Commands -Part 1

The Manual (terminal mode)                                                           Next Part 2 >>

man                                This command brings up the online Unix

manual. Use it on each of the commands below.

For Example:   

man pwd                        You will see the manual for the pwd command.

Accessing files in Folders (Directories) in terminal mode

pwd                                Shows what directory (folder) you are in.

In Linux, your home directory is /home/particle

·       Let's suppose you have several data files (data1, data2 ... etc.) in a directory called muondata.

·       Then suppose the directory muondata is an entry in your main home directory, /home/particle .

·       If you are in your home directory (where terminals start) and type pwd, you will see /home/particle.

·       If you were in the muondata directory, pwd would give you /home/particle/muondata instead    

·       The last slash after a directory name is optional.

As you can see, each slash (/) indicates another sub-directory.

cd                                  Changes directories.

Examples of relative movement among directories:

cd muondata                Moves down from your current directory

into the muondata sub-directory

cd ..                            Moves up one directory (yes, include the

two little dots) 

You can also move directly into directories

cd /home/particle/muondata

                   Moves from ANY directory into the muondata

sub-directory of your home directory.

cd ~               Takes you back to your home directory

(/home/particle)

Making or Removing a Directory (terminal mode)

mkdir dirName            Creates a directory with name dirName.

For Example:

mkdir temp             Creates the directory temp.

rmdir dirName      Removes a directory dirName.

For Example:

rmdir temp                  Removes the directory temp.

Looking at or Finding your Files (terminal mode)

ls                                  Lists files.

If you add -al after ls it will give more details for each file. Such as, size, permissions, owners, dates etc.

ls al                          You'll see a huge list of files that you can't see with the 'ls' command alone and lots of details.

If you see such a long list of files that they scroll off the terminal screen, one way to solve the problem is to use:

ls -al |more       Shows one screen of file names at a time.

less data1         Dumps the contents of the data1 file to your screen with a pause at each line so you don't miss any contents as they scroll. You may move through the file using page up, page down, home and end keys.  When done with less you use the q key to get back to the main terminal.

whereis data1      Shows you the location of the data1 file.

Altering your Files

rm data1                      Deletes the file data1 in the current directory. 

rm -i muon*                Removes all of your muon data files

(careful!!  rm * will remove ALL your files) 

The "-i" makes the computer prompt before removing each file.  If you really want to work without a net, omit the "-i".

cp data1 newdata/    will copy the file data1 to the directory newdata (assuming it has already been created)

mv data1 newdata/    moves the file data1 to the folder newdata and deletes the old one.

Using the Floppy Disk Drive in Linux

mount              Mounts a drive to the operating system.

Linux does not 'see' the floppy drive until

you tell it to.

For Example:

mount /mnt/floppy    Allows you to use the floppy drive which has directory name /mnt/floppy

cp aFile /mnt/floppy/     Copies the file aFile to the floppy disk.

ls /mnt/qfloppy/          Allows you to see what files are on your floppy.

You may run into problems moving large files onto a 1.44MB floppy disk.  One option to fit larger files is to create a zip archive containing the file onto the floppy.  For Example:

zip /mnt/floppy/myFile.zip muon.myDataRun 

                   Moves the file muon.myDataRun into a zip file on the floppy named myFile.zip

After you are done and before you eject it (this is very, very important), you must unmount the floppy.

umount /mnt/qfloppy     Allows you to remove the floppy disk

·       Make sure you wait for the command prompt to reappear (this might take a few seconds) before ejecting the floppy. 

·       If you eject the floppy before you unmount the floppy, it may corrupt the data on the floppy and cause the system to be confused if you try to use the floppy again. 

·       If you make a mistake like this, it's probably best to reboot.  Sorry.

df                                  Shows the disk usage. This will tell you how much disk space you have left on your hard drive as well as the floppy.