Install Transmission BitTorrent Client on Dlink DNS-320

This guides assume you already have fun_plug 0.5 installed and running.

This guides are divided into 3 main section namely download packages, install & configure.

Download

Transmission v2.82

Curl v7.18

Install

1. Run PuTTY and log into DNS-320

2. Change directory to “/mnt/HD/HD_a2” & copy both packages into “/ffp/pkg” folder.

3. Install Curl

funpkg -i /ffp/pkg/curl-7.18.1.tgz

3. Install Transmission

funpkg -i /ffp/pkg/transmission-2.82-1.tgz

Configure

1. Edit Transmission start script to change home directory setting

vi /ffp/start/transmission.sh

Look for

TRANSMISSION_HOME=/mnt/HD_a2/.transmission-daemon

Change to

TRANSMISSION_HOME=/mnt/HD/HD_a2/.transmission-daemon

Save the file.

2. Configure by issuing the following command. Make sure you change USERNAME & PASSWORD to your preferred username & password.

su nobody -c "/ffp/bin/transmission-daemon -f -g /mnt/HD/HD_a2/.transmission-daemon -w /mnt/HD/HD_a2/Downloads -t -u USERNAME -v PASSWORD -a 127.0.0.1,192.168.*.*"

Wait for a while, transmission should be up and running.

3. Verify that transmission is running properly by opening transmission web interface. Type http://<your NAS IP>:9091/ in your browser to access the Web interface. After entering username & password you should see torrent que page.

4. You may now press CTRL-C in putty terminal & issue the following command to start transmission

/ffp/start/transmission.sh start

5. If you need to change the configuration such as to white list IPs to connect to Transmission Client, you may edit the following file

/.transmission-daemon/settings.json

7. You may want to download Transmission Remote GUI for Windows, Linux or Mac OS X.


How to find IP Address that Launch DDOS Attack

If your VPS or server load suddenly increases much higher than normal, it could be a DDOS attack.

To find out which IPs did that do the following,

Option 1 :- If you know which domain is attacked. SSH to your server & issue the following command. Make sure you replace “DOMAIN” with your domain name. If you are using cPanel/WHM and the domain is not the primary domain, normally it will be the sub domain of the primary domain.

less /usr/local/apache/domlogs/DOMAIN | awk '{print $1}' | sort | uniq -c | sort -n

Option 2 :- If you don’t know which domain is attacked. SSH to your server & issue the following command. Option 1 if preferable especially if your server is very busy has many domain. It will take quite sometimes to process the log file. You can check by issuing “top -c” command to find out which domain consume the most resources.

less /usr/local/apache/logs/access_log | awk '{print $1}' | sort | uniq -c | sort -n

Both of the option will give the ip and number of connections in the descending order. For example:

.....
.....
.....
.....
17843 56.51.155.156
19234 66.156.66.266
234578 156.56.16.76

In the above case we can see too many connections from those ips and it is abnormal. You can block these ips in the firewall such as ConfigServer Firewall (“csf”).