Saturday, June 19, 2010

Fantastico is not installed at the default location

SkyHi @ Saturday, June 19, 2010

The error was


Fantastico is not installed at the default location
/usr/local/cpanel/3rdparty/fantastico. Either move the Fantastico directory
from it's current location to /usr/local/cpanel/3rdparty/fantastico OR
enable ioncube loaders in WHM -> Tweak settings.

Enabling ioncube did not fix it for me. Maybe it will for you. After looking I found cpanel now uses /var/cpanel/3rdparty/bin/php NOT /usr/local/cpanel/3rdparty/bin/php

After doing a php info I saw it did not have a php.ini file in the new location. The fix was:


cp /usr/local/cpanel/3rdparty/etc/php.ini /var/cpanel/3rdparty/etc<br />

Other Possible Fixes


You may want to first try enabling ioncube in WHM->Tweak Settings

Second you may want to try to update fantastico with cd /usr/local/cpanel/whostmgr/docroot/cgi/fantastico/scripts/ ; /usr/local/cpanel/3rdparty/bin/php cron.php

Third you may want to rebuild cpanel's php with /scripts/makecpphp

Fourth you may want to try a cpanel update with /scripts/upcp --force



Today I found this error while trying to open Fantastico page in cPanel.


Fantastico is not installed at the default location /usr/local/cpanel/3rdparty/fantastico. Either move the Fantastico directory from it’s current location to /usr/local/cpanel/3rdparty/fantastico OR enable ioncube loaders in WHM -> Tweak settings.





Though I did not do this in my case, if you are facing same problem, first of all, try restarting cpanel.


service cpanel restart



I have made it confirm that ioncube is installed. However, I reinstalled it by following command:



/scripts/phpextensionmgr install IonCubeLoader



This did not solve the problem. Then somewhere in forum/blog I have read it that rebuilding cpanel’s internal php may solve it. I did that:


/scripts/makecpphp



I have restarted cPanel (look above for command) and the problem is fixed like magic.


REFERENCES

http://wiki.cpaneldirect.net/wiki/index.php/Fantastico_is_not_installed_at_the_default_location

http://controlpanelblog.com/cpanel/fantastico-is-not-installed-at-the-default-location-usrlocalcpanel3rdpartyfantastico-either-move-the-fantastico-directory-from-its-current-location-to-usrlocalcpanel3rdpartyfantastico-or.html


Install Fantastico to cPanel

SkyHi @ Saturday, June 19, 2010

The following article explains how to add Fantastico to cPanel, since it is not installed by default. Fantastico allows you to install various scripts that are available for cPanel.


Before you begin, you will need to purchase a Fantastico license.


To install Fantastico, please follow these steps:


  1. Open a web browser and connect to your cPanel Control Panel located at https://ip address:2087.
  2. Login as the Administrator using the information sent to you in your setup email.
  3. From the menu, under Plugins, click Fantastico De Luxe WHM Admin (located at the bottom).


    If this option is not available, see the additional steps below.
  4. Click Click here to begin the install of Fantastico.

  5. Select a version from the dropdown menu. We recommend choosing the Stable version.

  6. Follow the remaining installation steps, using the default information.
  7. Once this process completes you may exit the browser.

Fantastico should now be configured for your cPanel control panel and you may begin adding various features. To log into Fantastico, open a browser and go to http://ip address:2083. At the bottom of the screen you will see the Fantastico icon; click on it to start Fantastico.





Additional Steps - Download Fantastico


If the Fantastico install option is not available, you will need to manually download Fantastico onto your VPS.


  1. Connect to your VPS using an SSH connection.
  2. Log in as the Administrator user.
  3. Change to the proper cgi folder using the following command:

    cd /usr/local/cpanel/whostmgr/docroot/cgi
  4. Download the Fantastico install file using the following command:

    wget http://www.netenberg.com/files/free/fantastico_whm_admin.tgz
  5. Extract the install file using the following command:

    tar -xzpf fantastico_whm_admin.tgz
  6. Remove the install file using the following command:

    rm -rf fantastico_whm_admin.tgz
  7. Log out of the SSH connection.
  8. Log out and log back into cPanel in a web browser.
  9. From the menu, under Plugins, click Fantastico De Luxe WHM Admin (located at the bottom).

  10. Continue the install using the steps above.

REFERENCES
http://www.hosting.com/support/cpanelvps/installfantastico/

Website Security and Management

SkyHi @ Saturday, June 19, 2010

Blog article index

Articles, How-To's, and opinions on a variety of topics. All the links below are permalinks. Most of the articles are long and detailed. They are updated whenever new information will improve them. Latest revision dates are shown at bottoms of pages. Posts are made as time permits, no schedule. Reader comments, questions, and discussion are invited in the Forum or by email from the Feedback page.

Latest articles

Differences between PHP as an Apache module and as CGI Describes in understandable terms the differences between the two methods of installation. Compares the differences in configurability, efficiency, security.
How to search for backdoor PHP shell scripts on a hacked server How to use grep in Linux or findstr in Windows to search for suspicious PHP code in website files, possibly indicating the presence of a backdoor shell script. How to recognize suspicious website access log entries that can be created when someone uses a backdoor script.
How to understand a Google Safe Browsing Diagnostic report Walkthrough of how to interpret the sections and terminology of the Safe Browsing Report that Google generates for every website. Especially useful for webmasters diagnosing and cleaning up a hacked site.
Using an Intel 537EP 56K dialup modem in Ubuntu Linux 9.04 The series of steps that led me to discover that the "8086:1009" subsystem of my 537EPU softmodem worked with the standard 537EP Ubuntu modem driver although it was not listed as a supported type and the scanModem program could not detect its chipset. One connection method that works reliably is pppconfig / pon / poff.
Install Ubuntu Linux 9.04 on 2nd hard drive for dual boot with Windows XP How I installed Ubuntu on 2nd hard drive to avoid making permanent changes to the existing Windows drive. Configuration to auto-boot from the operating system most recently used.

Article archive by topic

Browsing and using the Internet. Online safety.

How to set High security in Internet Explorer Recommended level for each Security Zone (using the slider controls), and a table of recommended settings for each individual configuration option in each Zone to achieve the highest security. How to disable risky IE7 plug-ins.
How to block tracking cookies in Internet Explorer and Firefox Block tracking cookies from being put on your computer so they can't collect data between anti-spyware scans.
How to block ads in Internet Explorer and Firefox Step by step how-to for several methods of blocking internet ads in IE7 and Firefox by disabling the technologies used and by blocking the advertising networks.
Recommended cookie settings for Internet Explorer 7 and Firefox 2 Description of what cookies are, how they are used, how they can be misused, and recommended cookie privacy settings for IE7 and Firefox.
Table of all configuration options for each predefined Internet Explorer 7 Security Level A table that shows how every individual configuration option is set by each of the five predefined IE7 Security Levels.
What is a URL (web address)? What really happens when I "go to" a website? Explains in simple terms the parts of a URL string (Uniform Resource Locator), the nature of your "connection" to a website, and how cookies allow you to stay "logged in".
How to use online language translators so people understand you How to use "round-trip" translation to improve results. Tips for writing in a style that is easy to translate. How to read and write forum posts in languages other than your own.

Stock Options

Plain language overview of Black-Scholes stock option valuation Non-technical explanation of the Black-Scholes option valuation method.
Stock price volatility calculator Enter consecutive daily stock prices to calculate volatility by the method required by the Black-Scholes option valuation equation, and three other methods.
Simulated stock price generator Specify starting price and desired volatility. Monte Carlo generator calculates any number of hypothetical daily closing prices.
Black-Scholes stock option valuation calculator Compare stock option valuations as calculated by multiple Black-Scholes based methods.
Stock price range probability calculator Specify starting price and desired volatility. Calculates hypothetical probabilities of stock reaching different prices by target dates.
How to NOT make money: trading stock options Why option traders lose money and why it is impossible to "become good" at options trading.

Website Security and Management

How to remove the Google "This site may harm your computer" warning from your website Step by step walkthrough how to discover why your site got flagged in Google search results. How to find "badware" (malicious code, remotely served scripts, invisible iframes) on your pages.
How to know if your website has been hacked. How to monitor it. The symptoms of a website compromise, some obvious and others subtle. Where to look to monitor your site's status.
What to do after your website is hacked. How to prevent it. Step by step procedures for site repair, investigation, and most important of all, prevention.
What is a website hack? Who are the perpetrators? Why do they do it? Describes the most important dangers to your website, who the perpetrators are, what they want from your site, what methods they use to accomplish it, and what a Remote File Inclusion (RFI) attack looks like in your access log.
Passwords best practices: Use a different strong password for every purpose. Always use completely random character passwords. Never use the same password in more than one place. Why these rules are important for a webmaster.
How to close your website temporarily with Apache .htaccess How to take your website offline temporarily for maintenance.
How to configure php.ini and .htaccess before using PHP Security-related settings for your php.ini and .htaccess files.
How to use a CIDR netmask to ban an IP range in .htaccess How to calculate and use CIDR/netmask notation, in the context of using .htaccess to ban IP addresses in Apache webserver.
How to use cron to list all your website files on a Linux server Also explains how to interpret Linux file and folder permissions in "rwx" and numeric ("755") formats.
How to use Windows Explorer, Internet Explorer as an FTP client Step by step how to connect to your website by FTP using Windows Explorer / Internet Explorer, if you really have to. Their only advantage is that you already have them, as part of Windows.

FrontPage 2003

How to Replace Shared Borders with include pages Step by step walkthrough for replacing FrontPage Shared Borders with included content, and why this is an important conversion to do, even if you plan to continue using FrontPage.
How to Replace webbot includes with PHP includes Step by step conversion from FrontPage included content webbots to PHP, plus a walkthrough of a complex Find and Replace with regular expressions in both the Find and Replace strings.
How to Replace webbot link bars with HTML link bars Step by step for replacing webbot navbars with plain HTML navigation link bars.
How to Replace FrontPage theme with CSS theme Step by step for copying a FrontPage theme to CSS files under your control.
How to convert FrontPage forms to use the NMS FormMail handler How to get and configure the NMS FormMail Perl script and convert your FrontPage forms to use it instead of the forms handler provided by the FrontPage Extensions.
How to convert a FrontPage Table of Contents webbot to plain HTML. Step by step walkthrough for converting a FrontPage Outline webbot to a plain HTML list of hyperlinks, to give you control over what is included in the list and how it is formatted.
How to use Apache .htaccess and mod_rewrite with the FrontPage Extensions Simple modifications to configuration files that allow using the advanced features of Apache .htaccess without corrupting your FrontPage Extensions.
How to add a title property to images using Find/Replace and regular expressions Step by step how to add a title property to existing images using a FrontPage 2003 "HTML Tags" Find and Replace operation with regular expressions.

Web Design

HTML table template code for creating a simple website photo gallery Using plain HTML code for a photo gallery can be easier than using an automated gallery generator. Provides code and instructions.
How to create a custom Apache 404 Not Found error document Step by step how to create your ErrorDocument and modify .htaccess so Apache uses it.
How to convert Amazon.com affiliate ads to valid HTML 4.01 Transitional. Why Amazon.com ads don't validate. Walkthrough of how to fix them efficiently with Find and Replace, with or without using regular expressions. Part 2 shows how to validate Amazon Flash Widget ads.

IRC Chat

How to use IRC chat for a website chat room Why the cPanel chat scripts are insecure. Using IRC chat as an alternative. How to create a chat room.
Introduction to IRC Chat How IRC chat works, safety tips, obtaining ChatZilla, chat networks to connect to.
Configuring default ChatZilla preferences Preference (option) settings for someone starting out with ChatZilla. Screenshots. Where to find the ChatZilla log files.

Computer Use

How to Repair flickering Gateway FPD 1830 LCD monitor Step by step instructions for disassembling and repairing flickering display in Gateway FPD1830 LCD monitors.
Avoid Repetitive Stress Injuries (RSI) while typing Description of non-medical techniques I've found helpful for keeping RSI under control.
How to make any public domain book an audio book Download eBooks from Project Gutenberg and set up your computer so it reads them aloud to you.

Humor

The Spider That Almost Got Me! An attempt at humor about my battles with spiders.

Philosophy, Religion

The art of everything is the art of life An essay on finding meaning in life. Considering life as a work of art created by you. The characteristics that make an artistic creation satisfying also apply to life.
How did a belief in god begin and why is it so universal and enduring? A speculative essay about the origins of religion and prayer.






REFERENCES

http://25yearsofprogramming.com/blog/index.htm

What is the difference between PHP as an Apache module and as CGI?

SkyHi @ Saturday, June 19, 2010

A computer program is a list of instructions understandable by a computer that allow it to perform a task.


As a simple example, imagine a computer program that reads or receives a block of text, translates all the letters to upper
case, and outputs the result.


There are two ways we could design this program to be run:


We could make it a standalone console program so that we can type its name on the command line and have it convert any text we
give it to upper case. When a standalone program like this is installed on a server, it's sometimes called a
CGI, in a sense, a fancy name for a standalone program.


Or we could incorporate it into another, larger, program while we're building the larger program, so that conversion of text to
upper case becomes one of its built-in features. When a program is turned into a subprogram in this way, it is sometimes said to
be a module of the larger program.


PHP is a program like our upper case conversion program except that it's much
larger and more complicated, but its function is similar. It receives some input text (a PHP script or an HTML file with PHP
instructions embedded in it), and it outputs some result text. The operations that it performs between input and output might be
very simple or very complicated or somewhere in between.


If we're building an installation of the Apache web server,
and we want to be able to use the capabilities of PHP, we can do it either of the two ways:


PHP as Apache module


Apache is designed so that other programs can be incorporated into it as part of itself, and PHP is
designed so that it can be used this way. When the two programs are merged together, the things PHP can do become built-in
features of Apache, and PHP is said to be a module of Apache, or an Apache module. While Apache is processing a file, the execution
of
PHP code to produce the result text is something that it now inherently knows how to do using only the code that's
been built into it.


PHP as a CGI


Alternatively, we could install the standalone version of PHP on the server, separately from Apache. In this case,
Apache doesn't know how to execute PHP code. However, one computer program can call another program so that it launches and
runs. Apache knows how to call an outside program and receive the output it produces. In this case, Apache doesn't
execute the PHP code itself. Instead, it hands off the file to the PHP interpreter (program). PHP executes the code and sends the
resulting text, if any, back to Apache for further processing and to send to whoever requested it.


Configurability comparison


The main PHP configuration file is called php.ini. On a shared server, the master php.ini file is in a location that is not
accessible by any of the user accounts.


The two different server configurations provide differing options for
whether you can override settings in the master php.ini and whether you can specify equivalent settings in an alternative location.


PHP as Apache module: Because PHP is part of Apache, you can specify some PHP configuration settings in the
.htaccess Apache
configuration file, for Apache to pass through to its PHP module. On a shared server, this usually means that you can override some
of the master php.ini configuration settings in your local .htaccess files.


PHP as CGI: PHP is a completely separate program from Apache, so Apache can't manage the PHP configuration
settings, and you can't set them in .htaccess. On a shared server, if it is not running suPHP to allow users to have an additional
local php.ini file, this may mean that individual users cannot override any PHP settings except for the few that can be set within
a PHP script using
PHP program code.  


Efficiency comparison


PHP as Apache module: PHP is already loaded and ready to run at all times, so this option is faster.


PHP as CGI: The PHP program is read from disk and launched every time Apache needs its services. On a site that uses PHP
at all, PHP usually must be launched and run for every requested page. It is said that
FastCGI can help make PHP as CGI run faster.  


Security comparison


Background: User Permissions


The Linux and Windows operating systems allow for the creation of "users" (human or virtual) on the system. Each user has lists of files and folders that it is
allowed or not allowed to access, and a list of programs that it is allowed or not allowed to run. These access control settings
are called permissions.


You, when you opened an account with your webhost, were assigned a
userID, which is also the system user that you are known as on your Linux server. There are lists of things that you can and
cannot do on the server, and you, your userID, has ownership of all the files you created.


When a program runs on the computer, it runs as though it is one of the system's users (for example, the person who
launched it), and it has the same permissions as that user, the same list of files it can access, and the same list of actions it
is allowed or not allowed to perform.


PHP by default runs as the same user as Apache, which is often the Linux user called "nobody".


Linux does not allow one user to write
into the files owned by another user. You are userID, and PHP is nobody, and therefore by default PHP is unable to write into any
of the files in your website.


That is why, if you need PHP (nobody) to write to your files, you must loosen the permissions to allow other users write access to
your files, by setting the file permissions to 666 and folder permissions to 777.


That can be a security risk because it gives
write access not just to nobody, but also to all the other userIDs on the computer. On a shared server, those are the other user
accounts on the server. Thus, if any account on the server is compromised by a hacker, they may be able to reach across into your
site. Contrary to a common belief, the permissions don't allow "anybody in the world" to write to your files unless they
use some other means to break into the server first. 


A shared server has just one instance of Apache to handle all the accounts (websites). Apache runs continuously and can't be
restarted without causing server downtime, so its userID of "nobody" never changes.


PHP as Apache module: Since PHP is part of Apache,
it launches only once and runs continuously, so there is no opportunity to make it run as any other user. As nobody, it
can't write to your files, so if you need it to do that, you must make the permissions adjustments described above and either
accept the potential security risk or try to find a way to reduce it. One way to reduce it is to make your folders or files
writable by others only for the shortest possible time, when PHP actually needs to do the writing. The rest of the time, keep the
permissions locked down.  


PHP as CGI: Since PHP is freshly launched each time it's needed, there is an opportunity to run it as a different
user with each launch. See the next section.


suPHP provides greater security at a cost of speed


There is an Apache module/program called suPHP, which causes a CGI installation of PHP to run, each time
it is launched, as the user whose account caused it to be launched: your userID.


With this configuration,
PHP runs as you, with the same permissions as you, and is able to write into your files without your having to loosen the
permissions first.


In addition, just like you, it does not have permission to write into anybody else's account on your shared
server, so that if one account on the server is compromised, it does not automatically get access through PHP to other files and
folders in other accounts.


With suPHP, it is also possible for each user on a shared server to have their own php.ini file with PHP
configuration settings to override the ones in the master php.ini.


The downside is that suPHP is slower because it requires the PHP as CGI configuration.


Further reading


  • Discussion of security issues in the PHP Manual.
  • Complete list of php.ini configuration options, and
    table for understanding the locations where each can be
    set (php.ini, .htaccess, etc.).

Notes


  1. Sometimes when cleaning up a hacked website, you might run across a file that was installed by the hack and that you can't
    edit or delete. This is usually because the file and/or the folder it is in were created by PHP which was running as nobody.
    That makes nobody the owner. When you are working on your site in control panel or by FTP, you are your userID, not nobody, so
    you are denied access. The solution is to create and run a PHP script that does the editing or deletion. Your PHP script runs
    as nobody, so it is allowed access to the folder and file.

     
  2. The security advantages of PHP as CGI and suPHP are demonstrated by the April 2010 mass attack on WordPress blogs hosted
    at Network Solutions. In the attack, it appears that a maliciously created hosting account created at Network Solutions was
    able to read the wp-config.php files of other users on the same server. Those files contained in plain text the credentials
    for accessing the MySQL database. That information allowed the hacker to access the databases and inject malicious code.



    The solution was for affected customers to completely wall off their wp-config.php file from other users by setting the
    Linux permissions to 640. This gives read/write permissions
    to the owner, read permissions to the group (irrelevant for our purposes), and NO permissions at all, not even read
    permissions, to other users on the same server. This works because PHP as CGI with suPHP has the same permissions as owner, so
    PHP doesn't need any special permissions other than what the owner already has.



    Contrast that with PHP as Apache module: in order for PHP to read wp-config.php, read permissions must be granted to
    world/other (644). To function properly, WordPress (PHP) must be able to read wp-config.php, but if PHP can read it, so
    can everybody else on the same server because granting permissions to the one automatically grants them to everybody. There is
    no way around this. I've seen a number of suggestions online about how to protect wp-config.php from view, but none of them
    protect against access by a neighbor on the same server, when PHP is configured as Apache module. If Network Solutions had
    been configured this way, this situation would have had no available solution except to get rid of the malicious account
    (which I'm sure they have done) and try to prevent new malicious users from creating new accounts and doing the same thing. In
    other words, not a technological solution but an entirely human one.  

     
  3. But if #2 above seemed to make the choice look simple, there's a different situation that makes PHP as Apache module look
    good: a Remote File Inclusion is a type of exploit that tricks one of your PHP scripts into fetching script code from a remote
    site and running it. With PHP as CGI, the malicious script has owner-level permissions for every file and folder in your site,
    just like you do, so it can potentially modify every file. But with PHP as Apache module, the malicious script is just nobody,
    like every other PHP script, and is more limited in the amount of damage it can do. It can't put new files in folders unless
    they have 777 permissions, and it can't modify files unless they have 666 permissions.



    You could summarize the differences like this:



    PHP as CGI with suPHP: You are very securely walled off from the other accounts on your shared server. If another
    account gets hacked, it probably cannot affect your site at all. However, if your account gets hacked, the hacker has
    complete freedom to wreak total havoc inside your site because they can use PHP to access/change anything they want. Since PHP
    runs as you, you have no ability to protect your files from a rogue PHP script.



    PHP as Apache module: You are not walled off from other accounts on your shared server. If another account gets hacked,
    PHP can be used to read your files, and any file or folder that you can write to using PHP, the other account can, too.
    However, if your account gets hacked, the vast majority of your files remain protected from malicious modification by
    PHP, because PHP when running inside your account doesn't have any greater privileges than it already has all of the time. It
    is only nobody, and most of your files are owned by your userID, so it can't change them or add files to your site. It can
    only write to your 666 files and can only put new files into your 777 folders.



    Corollary:



    There is a common type of attack in which a malicious PHP script runs through a website opening every file with index in its
    name (index.htm, index.html, index.php...) and stuffs malicious code (iframes or scripts) into each of them. This type of
    attack is normally not possible with PHP as Apache module because the files are protected by their permissions settings
    (unless the permissions settings were wrong). If an Apache module configured website suffers this type of attack, it must have
    happened through FTP password theft, with the attacker downloading the files, modifying them, and re-uploading them. While
    using FTP, the attacker is acting as your userID and therefore has the ability to change the files. They couldn't have done
    it, in this case, with PHP.



Questions and comments are welcome in the discussion
forum.


REFERENCES

http://25yearsofprogramming.com/blog/2010/20100407.htm

Common iptables command, cheatsheet

SkyHi @ Saturday, June 19, 2010

#!/bin/sh

#File: /etc/rc.d/rc.firewall


# Immediately log and drop any known abusive IPs


iptables -A INPUT -p tcp -s 87.118.104.44 -m limit –limit 1/minute  –limit-burst 10  -j LOG –log-prefix “[DROPPED_NODE]“   –log-level 4


iptables -A INPUT -p tcp -s 87.118.104.44 -j DROP



# Allow from any to any on 127.0.0.1/32


iptables -A INPUT -s 127.0.0.1/32 -j ACCEPT

iptables -A OUTPUT -s 127.0.0.1/32 -j ACCEPT



# Track connection state


iptables -A INPUT -p tcp -m state –state ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp -m state –state NEW,ESTABLISHED -j ACCEPT



# Allow all foreign IPs to access ports 443 and 80


iptables -A INPUT -p TCP –dport 443 -j ACCEPT

iptables -A INPUT -p TCP –dport 80 -j ACCEPT



# Allow access from a specified foreign IP

# to this server’s port 8080


iptables -A INPUT -p TCP -s 172.16.88.2/32 –dport 8080 -j ACCEPT



# Allow access from a specified foreign IP

# to any port listening on this server


iptables -A INPUT -p TCP -s 172.13.88.3/32  -j ACCEPT



# Drop incoming UDP packets on port 137 and 138 without logging


iptables -A INPUT -p UDP –dport 137 -j DROP

iptables -A INPUT -p UDP –dport 138 -j DROP



# Accept all other incoming UDP packets


iptables -A INPUT -p UDP -j ACCEPT



# Log and Drop everything else


iptables -A INPUT -j LOG  -m limit –limit 1/minute   –limit-burst 10 –log-prefix “[DROPPED_NODE]” –log-level 4

iptables -A INPUT -j DROP



# View all rules


iptables -L -v



# View INPUT rules


iptables -L INPUT -nv





# View max tracked connections


cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max



# Set max tracked connections

# add the following line to rc.local if sysctl.conf doesn’t exist


echo 128000 >  /proc/sys/net/ipv4/netfilter/ip_conntrack_max



# View Current HASHSIZE


cat /proc/sys/net/ipv4/netfilter/ip_conntrack_buckets




Related posts:

  1. Configuring your Firewall for Webmin Many operating systems block access to port 10000 by default...

Related posts brought to you by Yet Another Related Posts Plugin.





REFERENCES
http://controlpanelblog.com/general/common-iptables-command-cheatsheet.html
http://www.ducea.com/2006/06/28/using-iptables-to-block-brute-force-attacks/

Server Install: CentOS 5.3 and cPanel

SkyHi @ Saturday, June 19, 2010

Today I helped David Kosmider at HillSeven configure a secure CentOS server with cPanel. Below is a walk-through of how I did it.

Before We Begin

  • Your server’s IP address must be authorized to install cPanel. This can be done when purchasing your license.
  • This post does not cover the CentOS installation. I hope to write on this in the future.
  • Important: I’m assuming you have a fresh/clean install of CentOS 5.3. cPanel requires that you have no other software installed. If you have installed other software, there is a good chance the install may fail.
  • There are many ways to configure a server. This is how I do it. I offer no guarantees that this will work for you.

Let’s begin.

Login As Root

Log into your machine using SSH. Use the ’su’ command to become the root user. You will be prompted for a password.

su
Password: [enter password]

Set Hostname

Open the file /etc/sysconfig/network and change the HOSTNAME= value to mach your Fully Qualified Domain Name (FQDN) host name.

nano /etc/sysconfig/network

HOSTNAME=hostname.domain.com

Change the host associated with your main private IP address in your /etc/hosts file.

nano /etc/hosts

127.0.0.1 localhost
192.168.x.x hostname.domain.com hostname

Finally, run the hostname command, replacing hostname.domain.com with your FQDN.

hostname hostname.domain.com

Update Yum Repositories

Let’s update our YUM packages.

yum update

Press ‘y’ to continue.

Install Perl

Perl needs to be installed. Let’s install that now.

yum install perl

Download cPanel Installation Files

cd ~
wget http://layer1.cpanel.net/latest

Begin cPanel Installation

Let’s now start the installation. This may take several hours to complete. Maybe a good time to see that movie at the theater you’ve been itching to.

sh latest

Logging In

Once completed, you should see:

cPanel Layer 2 Install Complete

Now you can login to your cPanel.

Visiting http://[your_ip_address]:2086 or https://[your_ip_address]:2087 should bring up a login prompt.

Enter root for the user ID and your root password.

Complete cPanel Installation

You should see the cPanel interface now. Go through these steps. Basic networking knowledge is needed to complete this.

Once you’re finished, you have successfully installed cPanel on CentOS Server! Congrats! The last thing is to secure your machine. We will use the iptables firewall in CentOS for this.

Securing CentOS

There are many many ways to secure your server. The important thing is to secure it using something. This is the configuration I used. You may want to add or remove entries as needed. These commands will setup a firewall using iptables and will allow basic service ports to be accessed. I suggest you read up on iptables to gain a better understanding first.

Let’s make sure iptables is installed:

yum install iptables

Enter the commands below to build your firewall:

/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
/sbin/iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -j ACCEPT
/sbin/iptables -A INPUT -p tcp –dport 80 -j ACCEPT
/sbin/iptables -A INPUT -p tcp –dport 443 -j ACCEPT
/sbin/iptables -A INPUT -p tcp –dport 110 -j ACCEPT
/sbin/iptables -A INPUT -p tcp –dport 25 -j ACCEPT
/sbin/iptables -A INPUT -p tcp –dport 2082 -j ACCEPT
/sbin/iptables -A INPUT -p tcp –dport 2083 -j ACCEPT
/sbin/iptables -A INPUT -p tcp –dport 2086 -j ACCEPT
/sbin/iptables -A INPUT -p tcp –dport 2087 -j ACCEPT
/sbin/iptables -A INPUT -p tcp –dport 2089 -j ACCEPT
/sbin/iptables -A INPUT -p tcp –dport 2095 -j ACCEPT
/sbin/iptables -A INPUT -p tcp –dport 2096 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m state –state NEW –dport 22 -j ACCEPT
/sbin/iptables -A INPUT -p icmp -m icmp –icmp-type 8 -j ACCEPT
/sbin/iptables -A INPUT -j REJECT
/sbin/iptables -A FORWARD -j REJECT

What did we just do?

You restricted all incoming traffic to the following ports/services:

  • Port 80 – HTTP
  • Port 443 – HTTPS
  • Port 110 – POP3
  • Port 25 – SMTP
  • Port 2082 – cPanel
  • Port 2083 – cPanel
  • Port 2086 – cPanel
  • Port 2087 – cPanel
  • Port 2089 – cPanel Licensing
  • Port 2095 – Webmail
  • Port 2096 – Webmail (Secure)
  • Port 22 – SSH
  • ICMP – Ability to ping server

You can read more on the ports that cPanel uses at http://www.cpanel.net/2007/06/getting-the-most-out-of-your-systems-firewall.html.

If you need to start over, use this command to remove the current iptables:

/sbin/iptables -F

After you are done, save your iptables. If you do not, you will lose your firewall settings on reboot:

/sbin/service iptables save

You’re Done

Admittedly, I am no cPanel expert; however, if you run into difficulty, let me know. I will do my best to help. As always, I would love to hear feedback. Happy installing everyone!

Admittedly, I am no cPanel expert; however, if you run into difficulty, let me know. I will do my best to help. As always, I would love to hear feedback. Happy installing everyone!


To run cPanel on your server without any problem you need to open following ports on your servers in firewall / IPTables.



20 FTP TCP inbound and outbound



21 FTP TCP,UDP inbound and outbound



22 SSH inbound



25 SMTP TCP inbound and outbound



26 SMTP TCP inbound and outbound



37 RDATE TCP outbound



43 WHOIS TCP outbound



53 DNS TCP/UDP inbound and outbound



80 HTTP TCP inbound and outbound



110 POP3 TCP inbound



113 IDENT TCP outbound



143 IMAP TCP inbound



443 HTTPS TCP inbound



465 SMTP TLS/SSL TCP/UDP inbound and outbound



873 RSYNC TCP/UDP outbound



993 IMAP SSL TCP inbound



995 POP3 SSL TCP inbound



2082 CPANEL TCP inbound



2083 CPANEL SSL TCP inbound



2086 WHM TCP inbound



2087 WHM SSL TCP inbound



2089 CP LICENCE TCP outbound



2095 WEBMAIL TCP inbound



2096 WEBMAIL SSL TCP inbound



3306 MYSQL TCP


Useful
cPanel Command List

Ever locked yourself out of your Server while making some iptables changes? What about when you change your SSH port and then forget what you set it to? These are common support tickets we receive at RackWire.com. In many cases this is something our customer’s can fix on their own if they are using cPanel on thier VPS/Server.

cPanel comes with a number of “hidden” autofix commands that allow for administrators to fix common problems simply be logging into WHM and going to a special URL. Two of the most useful ones I’ve seen are flushing iptables and restarting SSH in “safe mode” (basically the default settings and port).


Flushing iptables rules http://yourdomain.com:2086/scripts2/doautofixer?autofix=iptablesflush


Restart SSH in safe mode http://yourdomain.com:2086/scripts2/doautofixer?autofix=safesshrestart


Once you hit the URL you will be prompted to log in. Simply enter your root password and cPanel will do the rest. These have definitely saved me on more than one occasion when my attempt to ’secure’ my server worked a little too well. Remember that if you happen to also lock yourself out of WHM through iptables, you will not be able to hit the URL’s I mentioned. In that case, contact support.


Here are some other userful commands as well:


Reset the Firewall Settings https://yourdomain.com:2087/scripts2/doautofixer?autofix=iptablesflush


Reset the SSH Settings http://yourdomain.com:2086/scripts2/doautofixer?autofix=safesshrestart


bsdbindfix http://yourdomain.com:2086/scripts2/doautofixer?autofix=bsdbindfix


Autorepair http://yourdomain.com:2086/scripts2/doautofixer?autofix=autorepair


Compress Zlib http://yourdomain.com:2086/scripts2/doautofixer?autofix=Compress-Zlib-1.42.tar.gz


Compresszlibfix http://yourdomain.com:2086/scripts2/doautofixer?autofix=compresszlibfix


dbdmysql http://yourdomain.com:2086/scripts2/doautofixer?autofix=dbdmysql


Cooldiagnose_apache_conf http://yourdomain.com:2086/scripts2/doautofixer?autofix=diagnose_apache_conf


fpindexfile http://yourdomain.com:2086/scripts2/doautofixer?autofix=fpindexfile


libxml2-2.6.28.tar.gz http://yourdomain.com:2086/scripts2/doautofixer?autofix=libxml2-2.6.28.tar.gz


libxml64fix http://yourdomain.com:2086/scripts2/doautofixer?autofix=libxml64fix


pro* http://yourdomain.com:2086/scripts2/doautofixer?autofix=pro*


spamd_dbm_fix http://yourdomain.com:2086/scripts2/doautofixer?autofix=spamd_dbm_fix


test http://yourdomain.com:2086/scripts2/doautofixer?autofix=test


vfilterfix http://yourdomain.com:2086/scripts2/doautofixer?autofix=vfilterfix


yumduprpmfix http://yourdomain.com:2086/scripts2/doautofixer?autofix=yumduprpmfix


resellerresourceacctounts http://yourdomain.com:2086/scripts2/doautofixer?autofix=resellerresourceacctounts


horde_sqmail_current_fix http://yourdomain.com:2086/scripts2/doautofixer?autofix=horde_sqmail_current_fix


Good Luck, and if you need more help you can always Contact RackWire.com Support!




REFERENCES

http://gaclabs.com/2009/09/server-install-centos-5-3-and-cpanel

http://www.cpanel.net/2007/06/getting-the-most-out-of-your-systems-firewall.html

http://www.webhosting.uk.com/forums/control-panel-questions/4542-open-ports-run-cpanel-behind-iptables.html

http://my.myriadnetwork.com/kb/questions.php?questionid=181

http://blog.rackwire.com/tag/cpanel-commands/



Install CSF Firewall for Cpanel

SkyHi @ Saturday, June 19, 2010

CSF firewall commonly known as Configserver Security and Firewall has become one of the popular firewall not just because of its easy of use it also provides a cpanel interface and can be easily installed and tuned by any novice users. If you are running cpanel without firewall then CSF firewall is very much recommended, considering the security aspects of your server.



You can visit the CSF firewall website for more information.

You can also download necessary files there.

Important Features



* WHM Interface for CPanel

* Firewall Running Status

* Easy to Install and Administer

* Brute Force Attack Prevention

* One Click Server Security Checks

* Port scan prevention and blocking

* Intrusion detection system

* Easy Installation and Configuration

* IP Blocking and more..



Let us prepare a linux based server running with cpanel. Note that CSF firewall requires to remove any currently running IP based firewall (APF or other IP tables firewall). It comes with all necessary scripts that will remove APF or IP tables firewall.

Installation Steps



1. Download the package here




Code:

wget <<path_of_tgz_file>>

2. Untar it




Code:

tar -zxf csf.tgz

3. Run the Install script.




Code:

sh csf/install.sh

Thats it! wait until the script ends!



4. Remove APF or IPTables Firewall



If you have any existing IP tables firewall remove them using uninstall scripts located at /etc/csf. In this case i was running APF firewall and BFD in my server so i have to remove it.




Code:

sh /etc/csf/remove_apf_bfd.sh

5. Start the Firewall in Testing Mode



Start the firewall with the following command.




Code:

csf -s<br />// start the firewall<br />csf -r<br />// restart the firewall<br />csf -f<br />// flush the rules or stop the firewall.

If you are running a VPS plan, then you might get the error like this



"iptables LKM ip_tables missing so this firewall cannot function unless you enable MONOLITHIC_KERNEL in /etc/csf/csf.conf

Error: aborted, at line 156"



To fix:

Open the /etc/csf/csf.conf and look for a line MONOLITHIC_KERNEL = "0" and change to MONOLITHIC_KERNEL = "1"



Thats all! Now restart the firewall.



7. Specify which ports you want to allow.



It is very important to check the firewall on which ports to open and close all remaining port numbers. Open the /etc/csf/csf.conf and edit the following line with port numbers



# Allow incoming TCP ports

TCP_IN = "20,21,22,25,53,80,110,143,443,465,953,993,995,207 7,2078,2082,2083,2087"

# Allow outgoing TCP ports

TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873,953,2 087,2089,2703"

# Allow incoming UDP ports

UDP_IN = "20,21,53,953"

# Allow outgoing UDP ports

# To allow outgoing traceroute add 33434:33523 to this list

UDP_OUT = "20,21,53,113,123,873,953,6277"



21 => FTP

22 => SSH

23 => Telnet

25 => SMTP Mail Transfer

43 => WHOIS service

53 => name server (DNS)

80 => HTTP (Web server)

110 => POP protocol (for email)

443 => HTTP Secure (SSL for https:// )

995 => POP over SSL/TLS

9999 => Urchin

3306 = > MysQL Server

2082 => CPANEL Default

2083 => CPANEL - Secure/SSL

2086 => CPANEL WHM

2087 => CPANEL WHM - Secure/SSL

2095 => cpanel webmail

2096 => cpanel webmail - secure/SSL

Plesk Control Panel => 8443

DirectAdmin Control Panel => 2222

Webmin Control Panel => 10000





6. Disable the Testing Mode and Start the Firewall



Remember by default the firewall is running in testing mode. You might want to disable the firewall running in testing mode.




Code:

vi /etc/csf/csf.conf

//Look for the first line and set testing mode to "0"

TESTING = "0"



//Now restart the firewall!


Code:

csf -r

In Cpanel



If you have successfully installed the CSF firewall, then you will find this CSF Security & Firewall option within cpanel WHM at the bottom of the menu. Just click on the link and you can also edit the firewall settings inside Cpanel, which is very easy to do.



CSF Firewall in Cpanel

Config Files



/etc/csf/csf.conf CSF Firewall configuration file

/etc/csf/csf.allow => Config file to allow IPs

/etc/csf/csf.deny => Config file to deny IPs

/etc/csf/ => Alert files with TXT extension are stored within this directory

Final Steps



1. Check the status of firewall inside cpanel

2. Harden the firewall security by performing the system security check. To do this go to Cpanel WHM > CSF Firewall & Security > Check System Security. There it will list WARNINGS based on your server.

Frequently Asked Questions

1. How do i know whether the firewall is running or not?



Just login to Cpanel WHM > Config Security & Firewall > Status: Running



Another good idea is to check and see which ports have been opened and closed by firewall.



To look for open ports, just use the following commands in linux and observe which ports are open.



netstat -nap

OR

nmap fuser localhost

2. How do i Remove the CSF Firewall



Just run the uninstall script located at /etc/csf/ directory




Code:

sh /etc/csf/uninstall.sh




REFERENCES
http://underhost.us/forums/tutorials-how-cpanel-whm/471-install-csf-firewall-cpanel.html
http://www.serveridol.com/2010/03/13/installing-csf-on-whmcpanel-for-centos/
http://forum.microfusionz.com/index.php/topic/278-csf-firewall-installation-guide-cpanel-centos-4x-5x/
http://tutorials.ausweb.com.au/web/Tutorials/VPS-hosting-tutorials/How-to-install-CSF-Firewall-on-virtuozzo/

How to Install SPF records on a cPanel server

SkyHi @ Saturday, June 19, 2010
Sender Policy Framework (SPF) is an attempt to control forged e-mail. SPF is not directly about stopping spam – junk email. It is about giving domain owners a way to say which mail sources are legitimate for their domain and which ones aren’t. While not all spam is forged, virtually all forgeries are spam. SPF was created in 2003 to help close loopholes in email delivery systems that allow spammers to “spoof” or steal your email address to send hundreds, thousands or even millions of emails illicitly.

Why do I want to have SPF records for my domains?

Many mail servers are now testing for the presence of SPF records so if you don’t have one your email will probably not be delivered to that server. A good example is Hotmail that is testing for SPF records since 2004.


What syntax should I use?

Now that you have learnt what it is and why you should use it, it’s time to see what syntax you should use.

For SPF to work you have to add to each DNS zone a record similar to this:


domain.com. 14400 IN TXT “v=spf1 a mx -all”

How to install SPF records?

Now that we know what they are and how to write them it’s time to install them.

I’ll divide my presentation in two sections.

In the first one I will teach you how to add a SPF record automatically to newly created accounts and in the second section how to add them to domains that are already setup and don’t have them.

If this is a new cPanel server or you want all the domains that you add on the server from now on to have a SPF record you have to do the fallowing:


  1. Login to WHM using root
  2. Click on Edit Zone Templates and then on “standard”
  3. Add at the end of file:
  4. %domain%. IN TXT “v=spf1 a mx -all” You can replace “v=spf1 a mx -all”


    with the syntax that you decide it’s the best for you.

  5. Repeat step 2 and 3 for the “simple” zone template

That’s it ! From now on all the accounts that you will create on the server will have a SPF record.


Now what do we do with all the accounts that are already created and don’t have a SPF record?


Here is a simple bash script to do this for you.

Run as root the fallowing:


for i in `ls /var/cpanel/users` ;do /usr/local/cpanel/bin/spf_installer $i ;done

Wait for it to finish. (it might take a few minutes!).


That’s about it. Hope it helps a lot a people !


REFERENCES

http://blog.goodealhosting.cn/2010/02/how-to-install-spf-records-on-a-cpanel-server/

Fix corrupted RPM database on CentOS 5

SkyHi @ Saturday, June 19, 2010
If rpm / yum command hangs during operations or you see error messages -

it means your rpm database corrupted.




/var/lib/rpm/ stores rpm database just delete the same and <strong>rebuild rpm database</strong>:

Command to rebuild rpm database


rm -f /var/lib/rpm/__db*

rpm --rebuilddb -v -v


REFERENCES

http://blog.goodealhosting.cn/2009/12/fix-corrupted-rpm-database-on-centos-5/

Common Cpanel issues

SkyHi @ Saturday, June 19, 2010

authentication issue


/etc/init.d/courier-imap restart

/etc/init.d/courier-authlib restart
======================

blockip issue

1) grep /etc/sysconfig/iptables

2) grep /etc/apf/iptables-deny

3) iptables -L | grep

========================
To unblock the ip 206.18.97.243

iptables -D INPUT -s 206.18.97.243 -p tcp -j DROiP
service iptables save
———————–

iptables -I INPUT -s 60.48.177.152 -j DROP

4) grep /etc/icf/deny.host
==================================

cpanel issue
=============

/usr/local/cpanel/

list of scripts r there

./cpkeyclt for updating the cpanel version
./cpup updating the cpanel

—————–

fatal error
a) we can resolve this issue by upgrading the cpanel to latest version

upgrade the cpanel
———

1) whm >> update config

cPanel/WHM Updates

select <>

2) save

3) /scripts/upcp –force
=====================================

cannot access the cpanel
————————

tail -f /usr/local/cpanel/logs/error_log

1) check the .htaccess file

2) /scricpts/upcp –force

3) vi /var/cpanel/users/

delete suspended entry if there is

4) /scripts/updateuserdomains

———————–

Cpanel/whm License expired
—————————-

cd /usr/localcpanel

./cpkeyclt
========================

check the given file for park domain

1) /var/cpanell/users/

2) /scripts/updateyuserdomains

3) /var/named/domain.db

4) /etc/named.conf

5) /usr/local/apache/conf/conf.httpd

6) /etc/localdomains

7) /etc/userdomains

8) /etc/trueuserdomains

9) /etc/trueuserowners

10) /etc/valiases/

11) /etc/vdomainaliases/

12) /etc/vfilters/

====================================

crontab issue

crontab -e -u

crontab -l -u

cron for updatetime error

solluction
———-

port open 123 in /etc/cpf/conf.apf

=============================

Weblog issue

/home/delight1/tmp/awstats

AllowToUpdateStatsFromBrowser = 0 to 1

===================================

ftpissue

1) vi /etc/pureftpd.conf
search passive
enable passive range 3000-5000
2) /etc/apf/conf.apf
enable ingress ftp enable
search ingress

3000-5000

————————————————–
synchronize ftp passowrd – whm
———————————————-
switch to pure-ftp
———————————————-

insmod ip_conntrack_ftp
lsmod
modprobe ip_conntrack_ftp

———————————————–

I am sorry, Ftp client is not provided by us. You have to get it from the internet. If you want you can us this ftp client
http://software.visicommedia.com/en/products/aceftpfreeware/
====================================

mailmonissue

mailmon/maillist

/script/fixmailmon

=====================================

dnsissue for cluster servers

/scripts/dnscluster synczone
======================================

changing logindetails

1) vi /etc/ssh/sshd_config

PermitRootLogin no

2) useradd admin
passwd admin

3) whm >> Security >> Manage Wheel Group Users

Add a user to the wheel group

4) make port oen

vi /etc/apf/apf.conf
search ingress
add the port there

restart apf
save iptables
restart iptables

===================================

Bandwidth issue

http://forums.vpslink.com/showthread.php?t=2461

^MWe cannot support this type of issue through our ticketing system, however, please consider the following advice (you are welcome to follow it at your discretion):

#1 – Disable Image Hotlinking See these instructions to disable hotlinking via mod_rewrite as a basis for implementing an HTTP referrer check and blocking visitors who may be viewing your content from someone else’s site.

#2 – Block dubious bots – Set up a robots.txt directive to Disallow: /pot-o-honey/ under your web root, then add a script under /pot-o-honey/ which adds IP addresses which access the script to a log. Create a link to the script from your index page and hide the link from real visitors:

Code:

Link

Block every IP which shows up in the log file.

#3 – Check your logs – It sounds as though the traffic is primarily web traffic (so this may not be a major component to the issue) but you should run a security audit and review your logfiles if you continue to see excessive bandwidth usage on your VPS.
===================================

shell access
Main >> Account Functions >> Manage Shell Access
Main >> Security >> Security Center >> Compilers Tweak >>enable compilers
for /usr/bin/gcc*
/usr/bin/g++*
====================================

rvskin issue

As posted in the RVskins forum, the fix should be:

rm -f /usr/local/cpanel/Cpanel/rvversion
perl /root/rvadmin/auto_rvskin.pl

=====================================

perl issue (YaBB.pl)

1)add entry in apache conf

AddHandler cgi-script .cgi .pl

2) cp -p YaBB.pl /home//cgi-bin/YaBB.pl

3)add entry in virtual entry of apache conf

Options FollowSymLinks +ExecCGI
===================================

protect listings of map content

http://www.roscripts.com/forum/hosting/69-need-hide-website-folder.html

====================================

GETTING BLANK PAGE

-It might be as simple as turning on “short_open_tag” (currently set to Off) for PHP5.

killall -9 httpd

then restart apache

====================================

OUTLOOK ERROR CODES

http://support.microsoft.com/kb/813514

http://www.nthelp.com/50/Outlook_error_codes.htm

====================================

Frontpage issue

To publish using Frontpage Extensions, your domain *MUST* point to our servers and be fully propagated before you can publish your web!

To publish using Frontpage2000 do the following:
1. Open Frontpage
2. Open your web
3. Go to File —- Publish Web
4. Enter http://www.yourdomain.com, hit OK
5. It will prompt for your user name and password, these can be found in your confirmation email
6. Once published, you can view your domain at domain.com
===========================================

Solution for the RVSiteBuilder issue in cPanel

1. Make sure ioncube is selected under WHM->Server Configuration >> Tweak Settings >> PHP section
2. perl /var/cpanel/rvglobalsoft/rvsitebuilder/panelmenus/cpanel/scripts/autofixphpini.pl
3. Restart cPanel service: /usr/local/cpanel/startup
4. Open /usr/local/cpanel/3rdparty/etc/php.ini and add and search for zend_extension
5. Add following line at the end of the zend section, just before the line where it says Windows extension
zend_extension=”/usr/local/cpanel/3rdparty/fantastico/loaders/ioncube_loader_lin_5.2.so”
6. Save and quit the file.
7. Restart cPanel service: /usr/local/cpanel/startup

========================================

Error from datacenter:

22/06/2008 15:06 3:34 Connected ok, but error occured receiving from socket
22/06/2008 15:06 0:00 An existing connection was forcibly closed by the remote host 87.117.197.52:25

type this command at the shell prompt:

ulimit -a

root@nameless1 [~]# ulimit -a
core file size (blocks, -c) 1000000
data seg size (kbytes, -d) unlimited
file size (blocks, -f) unlimited
max locked memory (kbytes, -l) unlimited
max memory size (kbytes, -m) unlimited
open files (-n) 4096
pipe size (512 bytes, -p) 8
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) 14335
virtual memory (kbytes, -v) unlimited

check whether the max user processes is aroung a value of 14000, if it is a high value, change it to value like this. then add thising
ulimit -u 14335

then add it in the .bashrc file
=============================

get error while connecting to remote database using mysql_connect function: we receive the following error when calling that mysql_connect function:

___________________
MySQL Connection Error #2003

Can’t connect to MySQL server on
‘mysql.leglobal.dreamhosters.com’ (4)

fix: try using stopping the firewall of our server, check if the remote ip is blocked, then allow their ip in the apf or csf firewall. restart the firewall. then check :
telnet remote server 3306
if this is connecting without any problem, the issue is fixed.

=================================

phpmyadmin error:

Cannot start session without errors, please check errors given in your PHP
and/or webserver log file and configure your PHP installation properly.

Fix:uscripts/makecpphp
Fix: run /scripts/makecpphp
then /scripts/upcp

Also check whether /home/phpmyadmin/ exists, if not mkdir phpmyadmin and then
chown cpanelphpmyadmin.cpanelphpmyadmin phpmyadmin
and check if /var/cpanel/userhomes contains cpanel-phpmyadmin:

root@hostname /var/cpanel/userhomes#ll
drwxr-xr-x 3 cpanel-phpmyadmin cpanel-phpmyadmin 4096 May 7 03:09 cpanel-phpmyadmin
====================================

For updating the nameservers in the new server after account transfer:

check in the Main >> IP Functions >> Show IP Address Usage for the new server : here it is 208.43.163.240 (only one ip)

and check the same in old server( it may be difft ips)

Now , take a backup of /var/named of old server
then for each of the IPs in the used server, run perl -pi -e “s//208.43.163.240/g,” /var/named/* in the old server itself. So that the old servers db file so ll be updated as to resolve all the accouts to new IP. This will reduce any downtime that may have occurred till the new namservers are all set.
=========================================

Named errors:

/etc/init.d/ipaliases restart
/scripts/fixnamedviews

==========================================
issue: phpmyadmin not working:

fix: the mysql.sock was absent in /tmp , create a symb link and issue is fixed

also for fantastico

==================

IMPORTANT:

IF a custom php.ini do not work (ex: register global to be turned on or off), with a domain , when the server has both php 4
and 5: then the php must be compiled as suphp: you can change it at “configure php and suexec” option at the whm. It wont wor
k with cgi
====================================

Spamd not running
error on restarting exim

fix: type cpan
this will provide you a cpanel prompt. here you have to type
cpan > force install Mail::SpamAssassin
this will reinstall spamassassin

=============================================

wget error while upgrading fantanstico:

in whm>fantastico>settings, here set the wget timout to be 30 s or more

===========

In fantastico of a domain , what ever application is chosen, we get an error “This application is currently not available. Please contact your host.”

Fix: Login to your whm -> click on ‘Fantastico De Luxe WHM Admin’ -> then click on ‘Detect/Fix common problems’, this will resolve your issue. I hope this clarifies.
Fantastico error

Solln:

enable ioncube in tweak setting and run /scripts/makecpphp

===================

to call the php extensions as php5 files, add the following in the .htaccess file in the public_html folder.

Options All -Indexes
AddHandler application/x-httpd-php5 .php

The first line is to disable the indexing (directory index which would call the index.php file as per the order), next is to use addhandler.

refer http://nsdesign.net/cgi-bin/newdesk/new/cgi-bin/staff.cgi?do=ticket&cid=12883
==================================

to compress a folder using tar

tar -cvf example.tar.gz example

===================================

Premature end of script headers : in apache logs
Fix: check the permissions, folder permission to be 755 and file permission to be 644
===================================

formmail issues:

http://www.interads.co.uk/formmail/

( http://www.scriptarchive.com/formmail.html

http://www.tectite.com/formmailpage.php)

==================================

SOCKET ERROR::
try telnet using correct port
if it’s not working open that port using
iptables -I INPUT -p tcp -s 63.247.77.234 –dport 443 -j accept
============================================

Perl issue

n my case, there was a problem with access right to yaml file (it was owned by root). I changed the owner and works fine:

Code:
chown ename:ename /home/ename/.cpaddons/cPanel\:\:Support\:\:cPSupport.0.yaml

====================================

Error from park wrapper: Using nameservers with the following IP

Go to whm and check tweak settings

Allow Creation of Parked/Addon Domains that resolve to other servers (ie domain transfers) [This can be a major security problem. If you must have it enabled, be sure to not allow users to park common internet domains.]
and make sure it is checked

or
Add IP to
/etc/ips.remotedns

============================

ssl issue

Error code: sec_error_untrusted_issuer

Sol:

when the error page shown.

on the page Click on ” or Add an Exception”

Box Pops Up — in the box click on ” Get a certificate “

Certificate will be added and click ” verify the certificate “

This will fix the issue..

========================

If you are speaking of Domain Keys, this can be enabled from any of your cPanels.
From your WHM, ensure your cPanels are using the x3 theme. From cPanel, you will see a Mail Authentication section. You will be able to enable Domain Keys from there.

===================================

scenario

After changing the primary ip of the Cpanel server following mail comes to the Admin from cpanel@server.xxxx.com

IMPORTANT: Do not ignore this email.
The hostname (server.xxxxx.com) resolves to . It should resolve to
xxx.xxx.xx.x. Please be sure to correct /etc/hosts as well as the ‘A’
entry in zone file for the domain.

You may be able to
automaticly correct this problem by using the ‘ Add an A
entry for your
hostname ‘ under ‘ Dns Functions ‘ in your Web Host Manager

But the host name resolves to the server properly.

ANSWER
The problem was not with the /etc/hosts …etc
Check the /etc/ipaddrpool is the new ip listed. I got a old ip listed there.
check /etc/ips .

The problem was some one saved the old eth configuration in
/etc/sysconfig/network-scripts/fcfg-eth0.back - when the network is restarted
the old ip gets loaded and created an conflict.

After removing the old ip’s config and restarting the network the old Ip is
gone but the secondary ips are also missing ….!!

Go to WHM and remove the secondary ips once and added the secondary
ip’s again issue fixed…..!

=================================

exim issue (-53)

/scripts/exim_tidydb

EXIM mail server & CPanel

“19d 1K30Yy-0000nQ-Oh var/spool/input/output error”

Struggled for three days for solution.

Scenario

I saw the exim mail queue is more than 50000 and tried to remove frozen mails.
got an error while running the command

exiqgrep -z -i | xargs exim -Mrm

19d 1K30Yy-0000nQ-Oh error
I tried
exim -Mrm
1K30Yy-0000nQ-Oh
got the message as
“19d 1K30Yy-0000nQ-Oh input/output error”

But I was able to run other commands like
exim -bpru|grep frozen|awk {‘print $3′}|xargs exim -Mrm
to remove frozen mails…

/scripts/eximup –force made a mess the server hung up
/scripts/exim4 –force success but same error.
Answer

It was simple but it didn’t strike for 3 days …
1.locate 1K30Yy-0000nQ-Oh
2.cd /var/spool/exim/input/y
3.rm -rf 1K30Yy-0000nQ-Oh

Then tried the same command
exiqgrep -z -i | xargs exim -Mrm
as well as
exiqgrep -o 432000 -i | xargs exim -Mrm
Wow it is working again…

======================================

unable to check htaccess file, ensure it is readable

Then first please check the permissions of your folder and .htaccess file because folder permission are most likely 755 and .htaccess permission 644 . To change permissions use : chmod 644 the_name_of_your_path after that still you are getting same problem,then might be Frontpage Extension problem.

* Login into your CPanel account
* Click on Frontpage Extensions icon
* Click on Reinstall extensions button beside your problem domain.
* Done.

The .htaccess pcfg_openfile: unable to check htaccess file problem will be fixed.

================================

EXIM mail server & CPanel

“Server replied: 421 Unexpected failure, please try later”

Gone crazy seeing that error

Scenario

The server stopped sending and receiving emails.. squirrel mail throws error
“Server replied: 421 Unexpected failure, please try later”

checked via sending mail from root to user wow works ..but no donuts

The mails which I sent got bounced back with error
Technical details of permanent failure:
“PERM_FAILURE: Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 530 530 5.7.1 Client was not authenticated (state 13).”
Checked the logs it said it is unable to locate user permission error

Google & Cpanel forum helped me again …..

Answer

The problem was /etc/localdomains file permission problem it must be “644 “
changed and restarted exim …
The mails started working again.

===============================

Steps for resetting word press login details

http://codex.wordpress.org/Resetting_Your_Password#Through_phpMyAdmin

================================

reverse DNS (PTR request

If you want your mail delivered properly the Official Host Name of the sending server should match the PTR (reverse DNS) of the sending IP Address, and there should be an “A” record that matches the official host name as well.

======================================

WWW::Curl::Easy module needs to be installed on the server

step 1 :login whm >> module installers >> click manage button in per module >> search “WWW::Curl::Easy” there and install

step 2: login cpanel >> perl modules >> search ” WWW::Curl::Easy” and install

=========================================

taking php.ini from local settings

for this edit two files

.htaccess and create php5.cgi in public_html folder

vi php5.cgi

#!/bin/sh
/usr/local/cpanel/cgi-sys/php5 -c /home/dtn/public_html/php.ini

vi .htaccess

Options All -Indexes
AddHandler application/x-httpd-php5 .php
Act

=======================

time reset for server

ntpdate clock.redhat.com



REFERENCES

http://abinz.wordpress.com/common-cpanel-issues/