现象：nextcloud 需要上传超过10GB的文件，但上传完成后“组块时出错 502”。nginx 的web错误信息里有如：

recv() failed (104: Connection reset by peer) while reading response header from upstream request: "MOVE /remote.php/dav/uploads/name/web-file-upload-nnnn/.file" HTTP/1.1, upstream: fastcgi://unix:/tmp/php-cgi-72.sock

查看 php-fpm.log 的日志，如：

WARNING: [pool www] child nnnn, script '/www/wwwroot/nextcloud/remote.php'(request: "MOVE /remote.php") execution timed out (104.723765 sec). Terminating.
WARNING: [pool www] child nnnn exited on signal 15 (SIGTERM) after 13101.403079 seconds from start

估计是 php-fpm 的进程在约100秒后超时，被强制退出，然后重新创建进程了。

解决：在“宝塔”面板的php7.2管理配置窗口中，将“超时限制”（request_terminate_timeout）的时间上调，如从默认100秒的，上调到17200。

参考：

• https://docs.nextcloud.com/server/15/user_manual/files/large_file_upload.html
• https://serverfault.com/questions/520283/pool-www-exited-on-signal-15-sigterm-execution-timed-out/520895
• http://help.websoft9.com/cloudbox-practice/nextcloud/solution/mount-oss.html

需求：远程桌面连接Windows 2012时，会收到邮件提醒，提醒内容包含登录者的IP信息。

1.创建一个vbs脚本，能通过外部的smtp服务器发出邮件的

2.创建一个“定时任务”，条件是用户登录时运行，运行上边创建好的vbs脚本

3.如果通知内容还需带上远程桌面登录者的IP，可以在vbs脚本上加上提取IP的内容

例子：

set sh = CreateObject("Wscript.Shell") 
set Connections = CreateObject("Scripting.Dictionary") 

call Main() 

Function Main() 
    call GetConnections() 
    call ProcessConnections() 
End Function 

Function GetConnections() 
    i = 0 
    set shExec = sh.Exec("netstat -f") 

    Do While Not shExec.StdOut.AtEndOfStream 
        Line = shExec.StdOut.ReadLine() 
        If Instr(Line, "TCP") <> 0 Then 
            Set Connection = New NetworkConnection 
            Connection.ParseText(Line) 
            call Connections.Add(i, Connection) 
            i = i + 1 
        End If 
    Loop 
End Function 

Function ProcessConnections() 
    For Each ConnectionID in Connections.Keys 
        'wscript.echo ConnectionID & Connections(ConnectionID).RemoteIP
    Next 
End Function 

Class NetworkConnection 
    Public Protocol 
    Public LocalIP 
    Public LocalPort 
    Public RemoteIP 
    Public RemotePort 

    Public Sub ParseText(Line) 
        dim i 

        For i = 5 to 2 Step -1 
            Line = Replace(Line, String(i, " "), " ") 
        Next 

        Line = Replace(Line, ":", " ") 
        Line = Right(Line, Len(Line) - 1) 
        Line = Split(Line, " ") 

        Protocol = Line(0) 
        LocalIP = Line(1) 
        LocalPort = Line(2) 
        RemoteIP = Line(3) 
        RemotePort = Line(4) 

    End Sub 

    Private Sub Class_Initialize 
        'MsgBox "Initialized NetworkConnection object" 
    End Sub 

End Class

NameSpace = "http://schemas.microsoft.com/cdo/configuration/" 
Set Email = CreateObject("CDO.Message") 
Email.From = "18900000000@189.cn" 
Email.To = "18900000000@189.cn" 
Email.Subject = "有人登陆服务器 - " & ConnectionID & Connections(ConnectionID).RemoteIP
Email.Textbody = "注意检查登陆者是否合法!" 
With Email.Configuration.Fields 
.Item(NameSpace&"sendusing") = 2 
.Item(NameSpace&"smtpserver") = "smtp.189.cn" 
.Item(NameSpace&"smtpserverport") = 25 
.Item(NameSpace&"smtpauthenticate") = 1 
.Item(NameSpace&"sendusername") = "18900000000" 
.Item(NameSpace&"sendpassword") = "youxiangmima" 
.Update 
End With 
Email.Send

参考：

• https://www.landui.com/help/show-7431.html
• https://stackoverflow.com/questions/10706401/netstat-with-wmi-and-vbscript
• https://www.reddit.com/r/sysadmin/comments/1xqycr/email_notifications_when_rdp_logon_or_logoff/
• https://community.spiceworks.com/scripts/show/2056-email-rdp-successful-logon
• http://help.189.cn/client/client.html

问题：忘记Windows 2016系统的Administrator密码，需要设置一个新密码。

尝试：

1.将机子重启，从急救盘，如 SystemRescueCd 启动

2.ntfsfix /dev/sda2 # 先尝试修复非正常关机导致的ntfs错误，这里假设Windows目录在 /dev/sda2 设备

3.ntfs-3g /dev/sda2 /mnt/windows # 挂载Windows所在的分区到 /mnt/windows

4.chntpw /mnt/windows/Windows/System32/config/SAM # 先用chntpw清除Administrator的密码

5.chntpw -e /mnt/windows/Windows/System32/config/SYSTEM # 再编辑注册表SYSTEM

6.cd ControlSet001\Control\Lsa # 转到lsa所在的分区

7.ed LimitBlankPasswordUse # 编辑 LimitBlankPasswordUse 的值为零，即允许使用空密码远程桌面连接

8.保存后，退出急救系统，重启机子

9.net user Administrator xinmima # 用空密码远程桌面连接到Windows 2016系统，通过net命令设置新密码

10.再用注册表编辑器，将 LimitBlankPasswordUse 的值设回到1

如果chntpw改密码时出现找不到administrator的用户名，如 Cannot find user, path is <\SAM\Domains\Account\Users\Names\Administrator\@> Hives that have changed: # Name 可以用带i的参数执行，如 chntpw -i /mnt/windows/Windows/System32/config/SAM

参考：

• https://superuser.com/questions/796301/vps-lost-password-and-cant-use-blank-pass-via-remote-desktop-connection
• https://www.makeuseof.com/tag/quick-tip-change-the-windows-user-password-via-command-line/
• https://blog.rubypdf.com/2015/04/09/reset-windows-7-password-with-chntpw/

问题：网友说在vestacp环境中，从浏览器登录到web邮件管理界面，无法发出邮件，提示：550 Access denied - Invalid HELO name。

尝试：搜索得知，这是因为以IP登录到web邮件管理界面，无法成功发送HELO name，导致错误。如果需要使用IP登录到web mail发信，请更改 /etc/exim4/exim4.conf 文件内容，注释掉里边的：

drop condition = ${if isip{$sender_helo_name}}
message = Access denied - Invalid HELO name (See RFC2821 4.1.3)

参考：https://forum.vestacp.com/viewtopic.php?t=5408

问题：网友说网安发来通知，要补“openssh枚举用户名”的漏洞（CVE-2018-15473）。看截图，是用msf5自动化测试的。

尝试：

1.curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && chmod 755 msfinstall && ./msfinstall # 一键安装

2.msfconsole # 启动控制台

3.use auxiliary/scanner/ssh/ssh_enumusers # 使用相应的模块（库）

4.exploit # 通过set命令，设置好远程主机的IP或域名、端口、用户名等参数后，就可以开始扫了

问题：怎么无论设置什么用户名（如rooteifh3），msf5总是能扫得到？

参考：https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers