Installing ncrkiller

You will need to have installed a working postgres database, an Apache server with the rewrite module enabled and php version 4.01pl2 or greater compiled to work with apache and postgres for ncrkiller to work.

Download ncrkiller from here, and untar somewhere out of the way, your home directory for example will do fine.

tar -xvzf /path-to-file/ncrkiller.tar.gz

Change into the ncrkiller directory and run install path-to-document-root. This will install the file ncrkiller.php in your document root and it's configuration file with the same name in document-root/config directory.

The remainder of this document assumes that your document root is /var/www/html.


  cd ncrkiller

  ./install /var/www/html/

Next you need to run ./makedb, this will create a postgres database called worm with the tables required and a couple of default rows. It also grants all privileges to the user nobody on it's tables.


  cd ncrkiller

  ./install /var/www/html/

If you want to call your database something else you will need to edit makedb. If your apache server does not run as user nobody, edit worm.sql and change the grant statements at the end of the file so that the user matches the one you use to run the apache server.

Copy the default configuration file ncrkiller.php.default to ncrkiller.php in the directory /var/html/www/config.

cd /var/www/html/config

cp ncrkiller.php.default ./ncrkiller.php

Edit the configuration file /var/www/html/config/ncrkiller.php and setup your preferences, you will need to at the very least change $szDomain and $szPostmaster to reflect your site configuration. There are not many options available in the configuration file and each one is described in the file.

Sudo configuration:

You must allow the user that apache runs as to execute iptables, if you don't ncrkiller will not be able to block offending IP addresses...
Add the following line to the sudoers file, using the command visudo as root:

apache_user

myhost = NOPASSWD:

/sbin/iptables

For example, if you run apache as user nobody and your server is called www.mydomain.com add the following line:

nobody

www.mydomain.com = NOPASSWD:

/sbin/iptables

Apache configuration:

You need to add the following lines to your apache config file:

RewriteEngine	On
RewriteLogLevel	0
RewriteRule	^/scripts/(.*)	/ncrkiller.php	[NC]
RewriteRule	/winnt/(.*)	/ncrkiller.php	[NC]
RewriteRule	_bin/(.*)	/ncrkiller.php	[NC]

The RewriteEngine On command enables apaches' URL rewriter.
RewriteLogLevel sets the amount of information written to the log file, 0 is none.
The RewriteRule statements define which URL's to alter, here we say that any URL starting with /scripts/, or containing /winnt/ or _bin should be redirected to /ncrkiller.php. The [NC] option at the end of each rule states that the matches are not to be case sensitive i.e. WINNT and WinNT will match the /winnt/ rule.