This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# We create a new /tmp/block file first, then append to it | |
# the 'sleep 1's are inserted because we suffered from slow/delayed disk cache writes | |
# which often caused this script to skip or not entirely finish pasting lists | |
wget -qO - --limit-rate=1500k https://raw.githubusercontent.com/notracking/hosts-blocklists/master/hostnames.txt > /tmp/block | |
sleep 1 | |
wget -qO - --limit-rate=1500k https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts >> /tmp/block | |
sleep 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# This script runs every other night at 04:56 CET on a webserver I maintain | |
# Results are always at: https://jult.net/block.txt ( or https://jult.net/block.txt.gz ) | |
# And much smaller, stripped of BS; https://jult.net/bloc.txt | |
# For use in Tixati IP filter: https://jult.net/bloc.txt.gz !!! | |
# And finally a txt file with just the bold IP-ranges: https://jult.net/bl.txt (or https://jult.net/bl.txt.gz ) | |
# Download open block-lists, unpack, filter: | |
curl -s https://www.iblocklist.com/lists.php | grep -A 2 Bluetack | xargs wget -qO - --limit-rate=500k | gunzip -f | egrep -v '^#' > /tmp/xbp |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# backup files files from server to server using ssh/rsync | |
# encrypt heavily using openssl before transfer to less secure location | |
# create the files | |
tar -zcpf /somepath/etc.tar.gz -C / etc | |
# tar -cv --exclude='root/io'-f /somepath/root.tar -find /root ! -type l | |
mysqldump --dump-date -uwp_admin -pSomedbpass -h localhost wordprass > /somepath/zichtbaar.sql |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
WP_OWNER=lamedude # <-- wordpress owner (usually also ftp-username) | |
WP_GROUP=psaserv # <-- wordpress group | |
WP_ROOT=/var/www/vhosts/somesite.tld/httpdocs # <-- wordpress root directory, note it's the docroot here, not wp default | |
WS_GROUP=psacln # <-- webserver group | |
# reset to safe defaults | |
find ${WP_ROOT} -exec chown ${WP_OWNER}:${WP_GROUP} {} \; | |
find ${WP_ROOT} -type d -exec chmod 2755 {} \; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# fonts only: | |
location ~* \.(eot|ttf|woff|woff2)$ { | |
add_header Access-Control-Allow-Origin *; | |
} | |
# all crossed, just remove the POST Methods if you don't want writes on the resource: | |
location ~* { | |
if ($request_method = 'OPTIONS') { | |
add_header 'Access-Control-Allow-Origin' '*'; | |
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
IP_TMP=/tmp/ip.tmp | |
IP_BLACKLIST=/etc/ip-blacklist.conf | |
IP_BLACKLIST_TMP=/tmp/ip-blacklist.tmp | |
IP_BLACKLIST_CUSTOM=/etc/ip-blacklist-custom.conf # optional | |
list="chinese nigerian russian lacnic exploited-servers" | |
BLACKLISTS=( | |
"http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1" # Project Honey Pot Directory of Dictionary Attacker IPs | |
# "http://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1" # TOR Exit Nodes, who would refuse those accessing your server? | |
# "http://www.maxmind.com/en/anonymous_proxies" # MaxMind GeoIP Anonymous Proxies |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# this is most of my /etc/postfix/main.cf file: | |
inet_protocols = all | |
inet_interfaces = all | |
recipient_delimiter = + | |
smtpd_banner = Blah ESMTP | |
empty_address_recipient = admin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// .stglobalignore | |
// These prevent SyncThing from trying to sync data that's locked, constantly changing, going to be thrown out, unimportant, etc. | |
// Lots of conflicts/issues disappeared using these ignores, but do check to prevent major disappointment! | |
// *.log and *cache* are in there, just so you know.. but firefox' startupCache and offlineCache will be synced. | |
// Ignores are case sensitive. | |
// Put both .stignore and this .stglobalignore in the root of your sync folder(s) (where .stfolder resides) | |
$RECYCLE.BIN | |
$WINDOWS.~BT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# version 2020 feb 24 | |
ssl_certificate /etc/letsencrypt/live/yardomain.org/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/yardomain.org/privkey.pem; | |
ssl_trusted_certificate /etc/letsencrypt/live/yardomain.org/chain.pem; | |
ssl_protocols TLSv1.2 TLSv1.3; | |
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; | |
ssl_prefer_server_ciphers off; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
echo never > /sys/kernel/mm/transparent_hugepage/enabled | |
echo noop > /sys/block/vda/queue/scheduler | |
echo 0 > /sys/block/vda/queue/rotational | |
echo 0 > /sys/block/vda/queue/rq_affinity | |
echo 9000 > /proc/sys/vm/dirty_expire_centisecs | |
echo 9000 > /proc/sys/vm/dirty_writeback_centisecs | |
ethtool --offload ens3 tx-checksum-ip-generic off |
OlderNewer