Installation of ZendOptimizer

If you wanted to install Zend Optimizer use the below command.


Inorder to check the module is available :
/scripts/phpextensionmgr list
Available Extensions:
EAccelerator
IonCubeLoader
Zendopt
SourceGuardian
PHPSuHosin

Installing the module :
/scripts/phpextensionmgr install Zendopt
Installing Zendopt
Determining PHP version
Installing Zend Optimizer binary
Activating Zend Optimizer in /usr/local/lib/php.ini
Zend Optimizer activated
Skipping install to /usr/local/php4, missing php.ini

Installation of Cpremote

cPremote is a remote incremental backup and it will use cPanel modules itself for taking backups to your remote backup server over ssh.

A growing number of clients are choosing to use CP Remote backup script as a ‘low load’ alternative to the standard Cpanel FTP backups. CP Remote is much more cost effective than the other backup solution we offer (R1 Soft) although it is a ‘time stamped’ solution and not a continuous data protection solution.

If you are happy to have off server backups taken nightly at a pre-defined time (usually 1am) then this backup solution could be for you. Quickly have your data restored to any cpanel server in the event of data loss.

It uses Rsync which means it is a very efficient way of working. Your first backup will take the longest as it copies all files from your server to the backup space you buy from us. The second backup only backs up what has changed so it is a very efficient solution in terms of bandwidth. All your data is backed up with this solution including Public_html folder, My SQL databases as well as email folders.

The Cpanel plug in works perfectly and allows you to check your backups and also restore quickly and easily from within an easy to use web based interface.

» Requirements:
You need a Linux cPanel server running latest stable release of cPanel(11.32 or higher) .

Need cpphp /var/cpanel/3rdparty/bin/php

» Install cPremote
Download the tar file cpremote.X.Y.tar.gz from https://portal.syslint.com/downloads.php where X.Y is the latest version.
tar -xzf cpremote.X.Y.tar.gz
# cd cpremote/
# ./install.sh

» Configure Backup
Go to WHM->Plugins -> cPanel Remote Backup -> Configure Backup . Here you can configure backup settings.

» Configure Backup Public Key in remote ssh account
Go to WHM->Plugins -> cPanel Remote Backup -> Your Backup Public Key and follow the procedure mentioned in that website to setup public key for backup ssh account.

» How to run a manual backup update
You may need to run the following script.
/scripts/cpremotebackup

» How to change the backup time
You may change the following cron time
0 1 * * * /scripts/cpremotebackup

» How to enable backup for Multiple Home folder
You may need to add your home folders mount point names n to the file /etc/cpremote/userhomes.txt. See an example below, It is the default settings.
/home
/home1
/home2
/home3
This option will enable multiple home folder feature.

» How to restore a cPremote Backup
1. A full account from daily , weekly, monthly and 7 days backups
2. Restore email fodler , home fodler , document root , individual files and fodlers, individual databases
3. cPanel end user interface for restoring backups
4. /scripts/cpremoterestore feature rich command line utility

» Restore Backups from Plugin Page
You may need to goo WHM -> Plugins -> cPanel Remote Backups -> Restore A backup , then select the cpanel accounts and backup option for restore.

» Restore Backups from server shell
If you need to restore a cPanel account say CPUSER from the backups see , the example commands below,

Restore email folder of cpanel user CPUSER from the daily backups
/scripts/cpremoterestore --user=CPUSER --from=daily --type=mail

Restore Document root from weekly backup for CPUSER
/scripts/cpremoterestore --user=CPUSER --from=weekly --type=www

Restore the complete home folder of CPUSER from monthly backup
/scripts/cpremoterestore --user=CPUSER --from=monthly --type=homefolder

Restore a full account from daily backup
/scripts/cpremoterestore --user=CPUSER --from=daily --type=full

Installing Ngnix on Cpanel

 Nginx can be used to serve static pages on a server running cPanel with Apache. Apache will handle the dynamic content for PHP and cgi scripts, while nginx will handle the static pages such as .htm and .html

Install nginx
 1. Make a copy of your httpd.conf file
     cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bak

 2. Go to WHM > Tweak Settings and change the Apache port:
    The port on which Apache listens for HTTP connections. Specifying a specific IP will prevent   Apache from listening on all other IPs. (default: 0.0.0.0:80)  To:  0.0.0.0:8081
     Do not change the https port listed.
     Click the “Save” button.

3. Grab a copy of the nginx installation script:
     mkdir /root/cpacct && cd /root/cpacct
     cd /usr/local/src
     wget http://nginxcp.com/latest/nginxadmin.tar
     tar xf nginxadmin.tar
     cd publicnginx
    ./nginxinstaller install

 If you receive this error when trying to install:
  access key doesn't exist create it in WHM
  Then go to WHM > Cluster/Remote Access > Setup Remote Access Key and click on the “Generate      New Key” button.
  At that point, then re-run “./nginxinstaller install” command.

4. Rebuild Apache and then restart nginx and Apache
    /scripts/rebuildhttpdconf
    /etc/init.d/nginx restart
    /etc/init.d/httpd restart

Now, your static pages should be serving from nginx, while PHP and cgi ones should be serving from Apache. Both httpd and nginx processes will be running on the machine.

Please note that sites will still show up on port 80 in a browser (so you don’t have to worry that pages in a browser will require a different port). nginx works as a proxy on port 80, so it handles the incoming requests on that port to see if they are dynamic or static, then it hands off the dynamic pages to Apache (running on port 8081). Your site visitors will have no idea that Apache is running on a different port due to the proxying nginx performs on the machine for it.

Uninstall nginx

If you decide you want to uninstall nginx at any point, simply run this command:
/root/cpacct/publicnginx/nginxinstaller uninstall
You would also need to go to WHM > Tweak Settings and change the Apache port back to 80:
The port on which Apache listens for HTTP connections. Specifying a specific IP will prevent Apache from listening on all other IPs. (default: 0.0.0.0:80)  To: 0.0.0.0:80
Then “Save” that area. Finally, rebuild and restart Apache:
  /scripts/rebuildhttpdconf
  /etc/init.d/httpd restart

Changing Litespeed webserver password

Login to the server
/usr/local/lsws/admin/misc/admpass.sh

Enter the user name:
New Password:
Retype New Password:

The password have been changed
============================================

Wordpress Installation in Cpanel

Step 1: Download the installation archive from the WordPress download section (http://wordpress.org/download/) by clicking on "Download.zip" or "Download.tar.gz". This way you will get the latest stable release of the WordPress application.

Step 2: When you are in cPanel -> File Manager, navigate to the uploaded file and extract it by clicking on "Extract". The other option is to extract the file on your computer and then to upload the content in the desired folder via FTP.

Step 3: You have to create a Mysql database and a database user and then assign that user in to the database with full privellages.

Step 4: Then you have to run the installer,With the new version of WordPress, you don’t have to edit your config. file anymore. Simply type the url of the directory where it was installed.

    For example: www.yourdomain.com/blog/





In cpanel case, you will need to add user_database format when you enter the name of your database. Enter the database you created in the step 2. Enter the username and password and thats it. You don’t need to change Database host and wp_prefix field.
Once you hit the submit button, it will take you to a follow up page like this :



Make sure that you check the box off if you don’t want this blog to be seen by search engines. For businesses, keep it on so you can be discovered. Make sure you enter a valid email because if something goes wrong, and your browser decide to shut off on you, and you didn’t get to copy the random password, it can send the password to you. Once you click install, a confirmation screen like below would appear:


After the step above, your installation is now complete and you can login to your WordPress admin panel by going to:

    http://www.yourdomain.com/wp-admin

Eventhough the install is complete, there is more that awaits you such as choosing the right theme, plugins, and advertising your blog.

Tuning Mysql Performance with Mysql tuner

MYSQL Tuner :-  It is a perl script that analyzes the MYSQL performance and based on the statistics , it gathers and give us an idea about the parameters need to be changed in the my.cnf file to increase the MYSQL performance.

Download Mysql Tuner script as follows:

# wget http://mysqltuner.com/mysqltuner.pl

Then, make the script executable by running

# chmod +x mysqltuner.pl

Run the script

# ./mysqltuner.pl

This is how you can run the mysql tuner script. Then, you will obtain the output as:

------------------------------------------


General recommendations:
    Run OPTIMIZE TABLE to defragment tables for better performance
    MySQL started within last 24 hours - recommendations may be inaccurate
    Enable the slow query log to troubleshoot bad queries
    When making adjustments, make tmp_table_size/max_heap_table_size equal
    Reduce your SELECT DISTINCT queries without LIMIT clauses
    Set thread_cache_size to 4 as a starting value
    Increase table_cache gradually to avoid file descriptor limits
    Your applications are not closing MySQL connections properly
Variables to adjust:
    query_cache_size (>= 8M)
    sort_buffer_size (> 8M)
    read_rnd_buffer_size (> 256K)
    tmp_table_size (> 20M)
    max_heap_table_size (> 20M)
    thread_cache_size (start at 4)
    table_cache (> 64)
    innodb_buffer_pool_size (>= 29M)

------------------------------------------------------

By adjusting the parameters listed in " Variables to adjust ", we can increase the performance of mysql

Tweaking Apache in WHM

Apache is the number one Web server running on Linux systems. There are a number of little things that can be done to tune Apache performance and to lessen its impact on system resources. One of these things is tweaking the memory usage.

By default, Apache allocates a maximum number of 256 simultaneous client connections, or 256 processes (one to serve each request). With this setting, a heavily-trafficked site would be taken down in moments (even if you assume 5 MB per process, 1.3 GB of RAM would be required to satisfy that number of requests). If nothing else, it would cause the system to thrash the hard disk by attempting to use swap to handle what can't fit into physical memory.

Inorder to Tweak the apache settings in WHM go to :

Main >> service configuration >> Apache configuration >> Global configuration

Other settings to tweak include the KeepAlive, KeepAliveTimeout, and MaxKeepAliveRequests settings. Recommended settings, which can all be set in the configuration, would be :

----------------------------------
 ServerLimit 150

 MaxClients 150

 KeepAlive On

 KeepAliveTimeout 2

 MaxKeepAliveRequests 1000
----------------------------------

By decreasing the KeepAliveTimeout from 15 seconds to 2 seconds, the MaxClients directive can be increased; 19 is pretty small, and 128 is much better. By reducing the number of seconds that a process can live, you can enable more connections in the same amount of time.


MaximumKeepAlive requset is actually the maximum number of requests to serve on a TCP connection. If you set it up to 100, clients with keepalive support will be forced to reconnect after downloading 100 items. By increasing the value to 1000, The clients can download a full page with a single connection. Bumping that value didn't had any negative impact, it only made everything more faster.



Please save the edited configuration

The value of the MaxClients can be increased if you have sufficent memmory to handle the request.

Social Engine Installation

Before installing social engine you need to create a Mysql database and database user with a strong password. Please also add the user to the database and assign  all privellages on to the database user.

You can download a copy of SocialEngine from the client area of our website :

http://www.socialengine.com/sign-in

Create a directory on your server where SocialEngine will be placed (e.g. "/socialnetwork") or, if you wish, you can simply use your existing HTTP root directory (e.g. "/httpdocs", "/public_html").

Download the SocialEngine4 ZIP file and extract it's contents to your computer.

Upload all the extracted files to your server.

Point your browser to the directory where your SocialEngine files were uploaded (e.g. "http://www.example.com/socialnetwork", "http://www.example.com").

Step 1: Enter your License Key :

Enter your SocialEngine license key and click Continue




Step 2: Check Requirements

Most of the requirements listed on this page should already be meet if your server meets the minimum requirements required by SocialEngine. If your server does not meet the minimum requirements, please contact your hosting provider.

f you are using a Unix server (or Unix variant, like Linux, OS X, FreeBSD, etc.), 777 permissions must be applied to the following directories:

    /install/config
    /temporary
    /public
    /application/themes
    /application/packages
    /application/languages
    /application/settings/

To apply permissions to these directories manually login over FTP and recursively set the permissions of the directories listed above to 777. To have SocialEngine set the permissions for these directories automatically, click on the "do it automatically" link.

Step 3: Select your connection type


If you select FTP/FTPS as your connection type, enter your FTP information and click Continue.



NOTE: If you are not sure what the path is to your SocialEngine installation directory, set the FTP Path to "/" and select "Search for SocialEngine Path". The     installation wizard will automatically find the correct file path to your SocialEngine installation directory.
 If you select None as your connection type, enter the path to your SocialEngine installation directory click Continue.
 
After SocialEngine has found and set the necessary permissions, click the Retry Requirements Test button to check the requirement once more.

  If all requirements have been meet, click the Continue button to proceed to step 3.


 
 Step 3: Setup MySQL Database

    Enter your MySQL database information and click Continue.
If SocialEngine is able to connect to your database, click the Continue button to proceed


If SocialEngine is able to create your database tables successfully, click the Continue button to proceed to step 4.

 Step 4: Create Admin Account

  Enter the name of your SocialEngine website, profile information and click Continue.

 Congratulations! SocialEngine has been installed successfully. You are now ready to login to your SocialEngine administration system and build your social network

Black List Removal/ Whitelisting IP

Steps to be followed when your IP address is Blacklisted :

If your Domain-Name or IP Address is blacklisted at any ISP, you need to send them a  request them to be removed from their blacklist (de-listed).

 Here are the basic steps that you should follow for the whitelisting/de-listing  procedure at the ISP in question:

 a) You should follow the URL links & apply for whitelisting/de-listing using their  online form.

                           or

 b) You should send an email to the mentioned email address.

List of ISP's :

--------------------------------------------------------------------------------------------------
Comcast:
  Follow this URL: www.comcastsupport.com/rbl
  Fill out the online form & submit.

  Cox:
  Follow this URL: http://postmaster.cox.net/confluence/display/postmaster/Error+Codes
  On the page, search the listed error codes to match the one you received when you were blacklisted. Click the URL suggested to get to the appropriate online form.      Then submit.

  EarthLink:
  Send an email to: blockedbyearthlink@abuse.earthlink.net
  Use the subject line <Blocked 'insert your email server's IP'> (example: Blocked 255.255.255.2555)
  More details are given on these pages:
  http://earthlink.net/block
  http://support.earthlink.net/articles/email/email-blocked-by-earthlink.php

  Gmail:
  Read Gmail's Bulk Senders Guidelines here: http://www.google.com/mail/help/bulk_mail.html
  Then follow this URL for the Bulk Sender Contact Form: http://mail.google.com/support/bin/request.py?contact_type=bulk_send&hl=en
  Fill out & submit.

  Hotmail:
  Follow this URL: https://support.msn.com/eform.aspx?productKey=edfsmsbl&ct=eformts
  Fill out the online form & submit.
  AT&T/SBC Global/Bellsouth:
  Follow this URL: http://rbl.att.net/cgi-bin/rbl/block_admin.cgi
  Fill out the online form & submit.
  For questions related to a request, please contact them at: abuse@rbl@abuse-att.net
  Juno/NetZero/Bluelight (United Online):
  Follow this URL: http://www.unitedonline.net/postmaster/blocked.html
  Fill out the online form & submit.
  Roadrunner/Adelphia:
  Follow this URL: http://security.rr.com/mail_blocks.htm
  Follow this URL to find whether your IP is blacklisted: http://security.rr.com/cgi-bin/block-lookup

  USA.NET:
  Follow this URL to find whether your IP is blacklisted: http://postmaster.usa.net/html/error.html

  Verizon:
  Follow this URL: http://www2.verizon.net/micro/whitelist/request_form.asp?id=isp
  Fill out the online form & submit.

  Yahoo:
  Follow this URL: http://help.yahoo.com/l/us/yahoo/mail/postmaster/bulkv2.html
  Fill out the online form & submit.

  Mail.ru:
  Follow this URL for the Google page translator tool: http://translate.google.com
  Check "Translate from Russian" and "Translate to English"
  Enter this link in the form: mail.ru/notspam/ Then and hit Enter or Return.
  Read and follow the directions on the newly translated page.

  AOL.com:
  If you have been blacklisted, visit AOL Postmaster
  You will need to open a Postmaster Support Request to put yourself on AOL's whitelist
  (*The AOL whitelist is meant for permission-based bulk senders. Bear in mind that if you are on their blacklist, you may have done something to violate their      technical guidelines or best practices)
  You can also apply for Whitelist Status immediately.
-----------------------------------------------------------------------------------------------------

     List of Blacklist's [RBL/DNSBL]:

  -----------------------------------------------------------------------------------------------------


  Lashback:
  Follow this URL to find whether your IP is blacklisted:
  http://www.lashback.com/support/UBLQuery.aspx
  Fill out the online box and follow the links.

  BarracudaCentral:
  Follow this URL to find whether your IP is blacklisted: http://www.barracudacentral.org/lookups
  Then follow this URL: http://www.barracudacentral.org/rbl/removal-request Fill out the online form &   submit

  Spamhaus:
  Follow this URL to find whether your IP is blacklisted: http://www.spamhaus.org/lookup.lasso
  Fill out the online form, submit and follow appropriate links.

  Surbl:
  Follow this URL to find whether your IP is blacklisted: http://george.surbl.org/lookup.html
  Fill out the online form & submit.

  Invaluement.com:
  Follow this URL to find whether your IP is blacklisted: http://dnsbl.invaluement.com/lookup/
  Fill out the online form & submit.

  DNSBL Manitu:
  Follow this URL to find whether your IP is blacklisted: http://www.dnsbl.manitu.net/
  Fill out the online form & submit. You can also send an email to the link provided.

  Uribl:
  Follow this URL to find whether your IP is blacklisted: http://lookup.uribl.com/

  Hostkarma blacklist:
  http://ipadmin.junkemailfilter.com/remove.php Fill out the online form & submit.

  Spamcop:
  http://www.spamcop.net/fom-serve/cache/298.html For network and server administers.
  http://www.spamcop.net/fom-serve/cache/405.html For bounce message recipients and end-users.
  http://www.spamcop.net/bl.shtml Blacklist IP look-up
---------------------------------------------------------------------------

SPF records

An SPF record is a type of Domain Name Service (DNS) record that identifies which mail  servers are permitted to send email on behalf of your domain.SPF is an open standard  created to stop forgery of From addresses. SPF helps mail servers distinguish forgeries  from real mail by making it possible for a domain owner to say, "I only send mail from  these machines". That way, if any other machines try to send mail from that domain, the  mail server knows that the From address is forged.






  Creating SPF records
 -----------------------

  You can create the spf records for the domains from this link :

  http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

 Checking SPF records for a Domain
 ----------------------------------------

You can check if a Domain have valid SPF record via :

 http://mxtoolbox.com/spf.aspx

  Performing a Dig search :

  Dig +trace Domain name txt

  Will display a result like : v=spf1 include:spf.intermedia.net ~all  or
  v=spf1 A:my_smtp_server_name include:spf.intermedia.net ~all

Litespeedserver Installation in WHM

You can install litespeed on a WHM/Cpanel server by simply following the bellow steps :

 Log into server via SSH as ‘root’ user.

 Go to /usr/src

 cd /usr/src

 Download the installation file using wget.

 wget http://www.litespeedtech.com/packages/cpanel/lsws_whm_plugin_install.sh

 chmod 700 lsws_whm_plugin_install.sh

 sh lsws_whm_plugin_install.sh ( ./lsws_whm_plugin_install.sh)

 rm -rf lsws_whm_plugin_install.sh

 Log into WHM. Go to manage pluggins section.

 Start the installation procedure by clicking on ‘Install LiteSpeed’.

 This will ask you to enter your license information and admin password. Enter these information and click     on ‘Build matching PHP Binary. (Please do not tick the box to  start LiteSpeed immediately).

 Click on ‘Switch to LiteSpeed’

 Click on ‘Admin Web Console’ and login

 Final stages of setup

 Go to Configuration > General > Index Files > Edit

 You need to set the following and save.
 ===============================================
  Index Files: index.html, index.php, index.php5, index.htm
  Auto Index: Yes
  Auto Index URI => /_autoindex/default.php
 ===============================================

  In SSH Type:

  ln -sf /usr/local/lib/php/autoindex /usr/local/lsws/share/autoindex
  ================================================

  Go to Configuration > Log > Server Log > Edit

Set the following:
 ===============
 Log Level: Info
 Debug Level: None
 ===============

 Finally click on Actions > Graceful Restart to make these changes permanent.

 Now, you have successfully installed Litespeed on WHM/cpanel server.

RAID

Almost all modern servers are shipped with RAID controllers – redundant array of independent disks. Despite the fact that this technology was invented more than twenty years ago, nowadays the importance of it can scarcely be exaggerated.

So let’s consider various RAID types. No difference which Linux distribution you use – Ubuntu, Fedora, Debian, etc. – there are three types of RAID:

1. software
2. hardware
3. on-board solutions (sometimes called “fake RAID” or “host RAID”).

Software RAID

In the simplest case you have only software RAID. It could be determined without any software just by looking at /proc/mdstat file.

/proc/ is a Linux pseudo-filesystem which kernel uses for keeping various system parameters including this one. In spite of it’s just a file it’s very useful for managing and monitoring software RAID. If you have software RAID you will see something similar to the following:

[root@storage ~]$ cat /proc/mdstat

Personalities : [raid1] [raid10]
md2 : active raid10 sda3[0] sdd3[3] sdc3[2] sdb3[1]
959194880 blocks 64K chunks 2 near-copies [4/4] [UUUU]
md1 : active raid10 sda2[0] sdd2[3] sdc2[2] sdb2[1]
17385216 blocks 64K chunks 2 near-copies [4/4] [UUUU]
md0 : active raid1 sda1[0] sdb1[3] sdd1[2] sdc1[1]
96256 blocks [4/4] [UUUU]unused devices:

Besides you can simply run df command and if you see md devices it means you have software RAID :

[root@storage ~]$df -h

Filesystem Size Used Avail Use% Mounted on
/dev/md2 915G 512G 403G 56% /
tmpfs 5.9G 1.6M 5.9G 1% /dev/shm
/dev/md0 92M 43M 44M 50% /boot

To figure out your RAID level you should check first line of each device description :

For instance,

md2 : active raid10 sda3[0] sdd3[3] sdc3[2] sdb3[1]
As you can see here we have block device md2 that has level 10 (or 1+0 if you will). String “sda3[0] sdd3[3] sdc3[2] sdb3[1]” means that we have four devices (or more exactly partitions) in our RAID device md2. Four U letters in brackets [UUUU] indicate that all of our devices are active. So if you need check your software status you can do that just by checking /proc/mdstat. If one or more HDD failed you will see something like this:

[root@fs ~]$ cat /proc/mdstat

Personalities : [raid6] [raid5] [raid4]
md0 : active raid6 sdh1[4] sdg1[3] sde1[1] sdb1[5] sda1[0]
1953545728 blocks level 6, 128k chunk, algorithm 2 [6/5] [UU_UUU]
unused devices:

At this point you can stop reading if you are sure you have only one RAID controller and it’s software one on your server.

Hardware RAID

Inorder to detemine hardware raid, It would be a good idea to install all necessary software from the very beginning.You might need lshw and or lspci.

If your server is run by Ubuntu or Debian use aptitude or apt-get to install them:
[root@fs ~]$ aptitude install lshw lspci

If your choice is RPM-based system such as Fedora or Centos use yum:
[root@fs ~]$ yum install lshw lspci

Once you have these tools you can use them to find your RAID type.

Run

[root@storage2 ~]# lspci | grep -i raid

03:00.0 RAID bus controller: 3ware Inc 9690SA SAS/SATA-II RAID PCIe (rev 01)
Subsystem: 3ware Inc 9690SA SAS/SATA-II RAID PCIe

In most cases this output is your actual RAID controller. To check it use lshw.


On-board RAID controllers

Some motherboards contain a chipset with RAID functions. It is a device with simple functions like XOR and the other simple ones. Sometimes such controllers called fake RAID. One important thing about on-board RAID is HDDs mapped via /dev/mapper/chipsetName_randomName.
 So you can always check them out with these files. To verify if your RAID controller is an on-board solution you need to check you motherboard specification. To find you motherboard model use lshw or dmidecode.

Base Board Information
Manufacturer: MICRO-STAR INTERNATIONAL CO., LTD
Product Name: MS-7142
[root@storage6 ~]# lspci -vv | grep -i raid

00:08.0 RAID bus controller: Promise Technology, Inc. PDC20270 (FastTrak100 LP/TX2/TX4) (rev 02)

To check which controllers contain our motherboard we should check its specification.
So it really contains on-board RAID controllers so it’s a fake RAID.

To check its status we can use dmraid tool.
[root@storage7 ~]# dmraid -r

/dev/hde: pdc, "pdc_cbeedhjag", mirror, ok, 156301312 sectors, data@ 0
/dev/hdg: pdc, "pdc_cbeedhjag", mirror, ok, 156301312 sectors, data@ 0

Mosquitto installation on Centos

Mosquitto is an open source (BSD licensed) message broker that implements the MQ Telemetry Transport protocol version 3.1. MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power sensors or mobile devices such as phones, embedded computers or microcontrollers like the Arduino.

Add the CentOS mosquitto repository to YUM's list of repositories :

 cd /etc/yum/yum.repos.d

wget http://download.opensuse.org/repositories/home:/oojah:/mqtt/CentOS_CentOS-5/home:oojah:mqtt.repo

 yum update

yum install mosquitto

If you are getting the error :

---------------------------------------------------
useradd: unknown group mosquitto
warning: user mosquitto does not exist - using root
warning: group mosquitto does not exist - using root
----------------------------------------------------

This can be fixed using manually creating the missing user group details.

  useradd  mosquitto
  groupadd mosquitto

You can find the configuration file at :
/etc/mosquitto/mosquitto.conf

Finally start mosquitto as a daemon with the line, /etc/init.d/mosquitto start

You get the following status :
--------------------------------------
# /etc/init.d/mosquitto start
Starting Mosquitto MQTT broker [ OK ]
-------------------------------------- 

Mounting SSHFS remote directory in Fstab

Sshfs is used to mount  a remote directory on another server to our local server.This can be done by installing the sshfs package and a package named fuse.

The mounting is done as below :

sshfs USERNAME@HOSTNAME_OR_IP:/PATH LOCAL_MOUNT_POINT SSH_OPTIONS

sshfs sessy@mycomputer:/home/sessy /mnt/sessy -C -p 9876

To unmount the remote system :

fusermount -u LOCAL_MOUNT_POINT

To mount it again :

fusermount -u LOCAL_MOUNT_POINT

We have to do ssh-keygen inorder to avoid asking the password upon mounting.

This can be done as below :

Create private and public keys using ssh-keygen commands

ssh-keygen

This will generate  private key in /root/.ssh/id_rsa and public key in /root/.ssh/id_rsa.pub

Then copy the content in id_rsa.pub to users /.ssh/authorized_keys file in remote server from which we are mounting

You can use scp to copy the file.

Then try to connect it using sshuser2remotehost ,this time password will not be asked.

Then mount is on fstab using the following settings :

sshfs REMOTEUSER@REMOTE:REMOTEMOUNTPOINT LOCALMOUNTPOINT -pREMOTEPORTNUMBER -o uid=LOCALUSERID -o gid=DESIREDGROUPID -o idmap=user -o IdentityFile=/root/.ssh/YOURKKEYFILE -o allow_other

Eg:sshfs#user@remote.com:/home/user/audio /var/www/html/audio

fuse

IdentityFile=/root/.ssh/id_rsa,idmap=user,allow_other,port=10022,uid=0,gid=0,rw,nosuid,nodev

0 0

Reference : http://ewald.tienkamp.nl/2010/01/19/mounting-a-remote-file-system-over-ssh-using-sshfs-and-non-standard-settings/

Finding DDOS attacks

Below are some of the useful netstat commands to check during DDOS attack.

To list the connections to the target IPs (server's IP's) use the below command :


netstat -alpn | grep :80 | awk '{print $4}' |awk -F: '{print $(NF-1)}' |sort |uniq -c | sort -n


To list the connections from source IP's use the below command:


netstat -alpn | grep :80 | awk '{print $5}' |awk -F: '{print $(NF-1)}' |sort |uniq -c | sort -n


To see the state of each connection and the value use the below command:


netstat -an|grep ":80"|awk '/tcp/ {print $6}'|sort| uniq -c


You can use tcpdump to identify the attacker too:


tcpdump -c -n -i eth"x" -p host IP_Address


where x can be 0 or 1,n=number(100 or 1000). If it is a VPS, it can be venet0 too. Check the Output of ifconfig.



To check if a server is under a DoS attack with netstat, it’s common to use:

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n|wc -l

If the output of below command returns a result like 2000 or 3000 connections!, then obviously it’s very likely the server is under a DoS attack.

To detect a SYN flood with netstat :

netstat -nap | grep SYN | wc -l

If the output returns a value of 1032,1032 SYNs per second is quite a high number and except if the server is not serving let’s say 5000 user requests per second, therefore as the above output reveals it’s very likely the server is under attack, if however I get results like 100/200 SYNs, then obviously there is no SYN flood targetting

Checking if UDP Denial of Service is targetting the server :

netstat -nap | grep 'udp' | awk '{print $5}' | cut -d: -f1 | sort |uniq -c |sort -n

The above command will list information concerning possible UDP DoS.

The command can easily be accustomed also to check for both possible TCP and UDP denial of service, like so :

netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

You can see the output as :

104 109.161.198.86
115 112.197.147.216
129 212.10.160.148
227 201.13.27.137
3148 91.121.85.220

If after getting an IP that has too many connections to the server and is almost certainly a DoS host you would like to filter this IP.

Here is how I remove hosts to not be able to route packets to my server:

route add 110.92.0.55 reject

The above command would null route the access of IP 110.92.0.55 to my server.

Later on to look up for a null routed IP to my host, I use:

route -n |grep -i 110.92.0.55


Block the IPs with high connection above using CSF or APF firewall :

csf -d IP {reason}

apf -d IP

Prestashop Installation error while connecting to Database

While installing Prestashop if you are getting the error :

"Database server was not found. Please verify the login, password and server fields."


Check and comment the following attributes :

     vi /etc/my.cnf

    skip-networking
    skip-name-resolve
    skip-host-cache
    skip-locking

Now restart the mysql service

The database will be get connected.

Adding additional Ip address in Debian OS

Open the network configuration file :

vi /etc/network/interfaces

Check the name of your network interface. You should see a line similar to this one: "iface eth0 inet static". In my case the name is eth0.

Add these lines to the end of the file:

auto eth0:1
iface eth0:1 inet static
address 192.168.1.3
netmask 255.255.255.0
broadcast 192.168.1.255
network 192.168.1.0

Replace eth0 by your network interface name. If you are adding multiple IP addresses to the same system, you can increase the number after "eth0:".

Finally,activate the new virtual network interface :

ifup eth0:1

Kloxo panel showing default page after first Installation

After kloxo first installation, if we don't reboot the server and add contents to domain, then it will load default kloxo page while we access the domain .

 To load the site contents , do the following:

#  sh /script/fixweb --server=all
#reboot

After running the script, reboot the server for the change to take effect.

Blank page loading after Plesk panel Installation

After plesk first installation, plesk panel loading blank page. Its an error caused due to license key.

Type this command :

# /usr/local/psa/admin/sbin/keymng --install --source-file <source path>

where < source path > is the license key.

Email working ..........

Email is based around the use of electronic mailboxes. When an email is sent, the message is routed from server to server, all the way to the recipient's email server.
 More precisely, the message is sent to the mail server tasked with transporting emails (called the MTA, for Mail Transport Agent) to the recipient's MTA.
On the Internet, MTAs communicate with one another using the protocol SMTP, and so are logically called SMTP servers (or sometimes outgoing mail servers).
                                                                   
 The recipient's MTA then delivers the email to the incoming mail server (called the MDA, for Mail Delivery Agent), which stores the email as it waits for the user to accept it.
 There are two main protocols used for retrieving email on an MDA:

1.  POP3 (Post Office Protocol), the older of the two, which is used for retrieving email and, in certain cases, leaving a copy of it on the server.

2.  IMAP (Internet Message Access Protocol), which is used for coordinating the status of emails (read, deleted, moved) across multiple email clients.
     With IMAP, a copy of every message is saved on the server, so that this synchronisation task can be completed.

Difference between Imap amd Pop :

The main difference, as far as we are concerned here, is the way in which IMAP or POP controls your e-mail inbox.
When you use IMAP you are accessing your inbox on the central mail server. IMAP does not actually move messages onto your computer.
You can think of an e-mail program using IMAP as a window to your messages on the server.
Although the messages appear on your computer while you work with them, they remain on the central mail server.

POP does the opposite. Instead of just showing you what is in your inbox on the U's mail server, it checks the server for new messages.
Downloads all the new messages in your inbox onto your computer, and then deletes them from the server.
This means that every time you use POP to view your new messages, they are no longer on the central mail server.

Because IMAP leaves all of your messages on the central mail server, you can view these messages from any location with Internet access.
 This means the your  e-mail inbox you view from home will be the same one you see at work.

Since POP downloads new messages to your computer and removes them from the server, you will not be able to see those new messages on another computer when you check your inbox.
 Those messages exist only on the computer that downloaded them using POP.

However, if you use IMAP and create e-mail folders on the server, these folders are accessible from anywhere you read your e-mail using IMAP.
 If you use POP and create e-mail folders, they are stored locally, and you cannot access these folders from anywhere except the computer on which you created them.

For these reasons,incoming mail servers are called POP servers or IMAP servers, depending on which protocol is used

To use a real-world analogy, MTAs act as the post office (the sorting area and mail carrier, which handle message transportation).

 while MDAs act as mailboxes, which store messages (as much as their volume will allow) until the recipients check the box.

 This means that it is not necessary for recipients to be connected in order for them to be sent email.
To keep everyone from checking other users' emails, MDA is protected by a user name called a login and by a password.

Retrieving mail is done using a software program called an MUA (Mail User Agent).
When the MUA is a program installed on the user's system, it is called an email client (such as Mozilla Thunderbird, Microsoft Outlook, Eudora Mail, Incredimail or Lotus Notes).

When it is a web interface used for interacting with the incoming mail server, it is called webmail.

Unauthorised access to database

While taking the output of the command mysqladmin proc stat, If you are getting logs like


056 | unauthenticated user | Ip address |    | Connect |      | Reading from net |


To avoid such problem add following lines in /etc/my.cnf file to avoid access for

unauthenticated user.

    root@server [~]# vi /etc/my.cnf

    skip-networking
    skip-name-resolve
    skip-host-cache
    skip-locking

Now restart the mysql service and check mysql process logs again.

By doing this we are disabling networking in /etc/my.cnf

The only limitation would be the users are not able to connect to MYSQL using an external

connection MYSQL manager,But they can still use PHPMyAdmin via cpanel.

You can also block the Ip address using Csf :

Csf -d Ip address {unauthenticated mysql user}
Csf -r

Exim commands

Shows the total no of email in qmail
  exim –bpc

Print a listing of the messages in the queue
  exim -bp

Shows no of frozen emails
  exim -bpr | grep frozen | wc -l

To remove FROZEN mails from the server
  exim -bp | exiqgrep -i | xargs exim -Mrm
  exiqgrep -z -i | xargs exim –Mrm

To shows the domain name and the no of emails sent   by that domain
  exim -bp | exiqsumm | more

Following command will show path to the script being utilized to send mail

  ps -C exim -fH eww
  ps -C exim -fH eww | grep home

  cd /var/spool/exim/input/
  egrep "X-PHP-Script" * -R

Check for spamming if anybody is using php script for sending mail through home

    tail -f /var/log/exim_mainlog | grep home

If anyone is spamming from /tmp

    tail -f /var/log/exim_mainlog | grep /tmp


To display the IP and no of tries done by the IP to send mail but rejected by the server.

    tail -3000 /var/log/exim_mainlog |grep ‘rejected RCPT’ |awk ‘{print$4}’|awk -F\[  '{print $2} '|awk -F\] ‘{print $1} ‘|sort | uniq -c | sort -k 1 -nr | head -n 5


Shows the  connections from a certain ip to the   SMTP server

   netstat -plan|grep :25|awk {‘print $5′}|cut -d: -f 1|sort|uniq -c|sort -nk 1


If  spamming from outside domain then you can block that domain or email id on the server

     pico /etc/antivirus.exim

Add the following lines:

    if $header_from: contains “name@domain.com”
    then
    seen finish
    endif

Following command will show you the maximum no of email currently in the mail queue have from or to the email address in the mail queue with exact figure.

    exim -bpr | grep “<*@*>” | awk ‘{print $4}’|grep -v “<>” | sort | uniq -c | sort -n


That will show you the maximum no of email currently in the mail queue have for the domain or from the domain with number.

    exim -bpr | grep “<*@*>” | awk ‘{print $4}’|grep -v “<>” |awk -F “@” ‘{ print $2}’ | sort | uniq -c | sort -n


Check if any php script is causing the mass mailing with

    cd /var/spool/exim/input
    egrep “X-PHP-Script” * -R

Just cat the ID that you get and you will be able to check which script is here causing problem for you.

To Remove particular email account email

    exim -bpr |grep “ragnarockradio.org”|awk {‘print $3′}|xargs exim -Mrm

Reading Email header

    exim -Mvh (ID)

To view a particular message body

     exim - Mvb(ID)

To view mails under a particular user

     exim -bp | grep alpha.com(domain)

To view the no of mails under a particular user

     exim -bp | grep alpha.com(domain) | wc -l

To  remove messages under the domain

      exiqgrep -f  (domain)  -i | xargs exim -Mrm

To clear the Mail queue
       
exim -bp | awk '/^ *[0-9]+[mhd]/{print "exim -Mrm " $3}' | bash  

Mencoder & Mplayer in Centos

Essential packages :

yum install libjpeg-devel libpng-devel libungif-devel pkgconfig libdv-devel
speex-devel libmad-devel lame-devel xvidcore-devel x264-devel libmpcdec-devel
faac-devel


Download the following archives:

wget -c http://www.mplayerhq.hu/MPlayer/releases/MPlayer-1.0rc1.tar.bz2

wget -c http://www.mplayerhq.hu/MPlayer/releases/codecs/all-20071007.tar.bz2


Install the codecs:

tar xjf all-20071007.tar.bz2

mkdir -p /usr/local/lib/codecs

cp -a all-20071007/* /usr/local/lib/codecs/

cd ..

Install mencoder and mplayer:

tar xjf MPlayer-1.0rc1.tar.bz2

cd MPlayer-1.0rc1

TMPDIR=/root ./configure --prefix=/usr/local

make

make install

Once finished mencoder will be installed in /usr/local/bin/mencoder, and mplayer in /usr/local/bin/mplayer.
If there is a problem with the ivtv libraries in 64 bit environments. Just try the whole process again without ivtv - you won't need it on a webserver anyway.

cd /path-to-mplayer-src/
make clean && make distclean
./configure --disable-ivtv
make && make install

Inorder to check whether Mplayer is working :
mplayer -v 

ChkRootkit

chkrootkit (Check Rootkit) is a common Unix-based program intended to help system
administrators check their system for known rootkits. It is a shell script using common
UNIX/Linux tools like the strings and grep commands to search core system programs for signatures and for comparing a traversalof the /proc filesystem with the output of the ps (process status) command to look for discrepancies.
                                                            There are inherent limitations to the reliability
of any program that attempts to detect compromises (such as rootkits and computer
viruses). Newer rootkits may specifically attempt to detect and compromise copies of
the chkrootkit programs or take other measures to evade detection by them.

Follow these steps to install ChkRootKit :

cd /usr/local/src/

wget http://www.spenneberg.org/chkrootkit-mirror/files/chkrootkit.tar.gz

tar -xvzf chkrootkit.tar.gz

Change to new directory :

cd chkrootkit-* (select the version)

Compile chkrootkit :

make sense

Run chkrootkit :

./chkrootkit

To setup a daily scan report
-----------------------------

Load crontab :

crontab -e

Add this line to the top:

-----------------------------------------------------------------------------------
0 1 * * * (cd /usr/local/src/chkrootkit*; ./chkrootkit 2>&1 | mail -s “chkrootkit

output” email@domain.com)
-----------------------------------------------------------------------------------

Securing /tmp - Server Hardening

Before securing the tmp directories, we need to understand the importance of securing

it and why we are doing this. As you know that most of the application uses /tmp

directory for storing data temporarily. So this directory can be used by rootkits,

trojans if it’s not secured properly.These are steps to secure temp directories (/tmp,

/var/tmp, /dev/shm).
We’re going to secure temp direcotries with noexec,nosuid paramaters. Before that we

need to find out whether /tmp directories are already secured. You can check this by

executing the command mount and also checking the fstab entries.

Securing /tmp
-----------------

First we need to take a backup of your present fstab entries so that if anything goes

wrong we can change it back to the old configuration.

cp -p /etc/fstab /etc/fstab_bkp

Create a separate partition for /tmp. For that we need to create a separate device with

a certain space. The space allocation is actually depending on the apps running on your

machine. Here I’m creating a separate device of size 100M and formatting it with ext3

filesystem.

dd if=/dev/zero of=/dev/tmpFS bs=1024 count=100000
mke2fs –j /dev/tmpFS

Copying existing data which is in the /tmp directory to a sperate temporary directory.

cp –pRf  /tmp /tmp_bkp

Mounting the new partition that we’ve created in the /tmp directory and setting the

necessary permissions.

mount -o loop,noexec,nosuid,rw /dev/tmpFS /tmp
chmod 1777 /tmp

Copy the old data which is int /tmp_bkp directory to the new /tmp directory.

cp –pRf  /tmp_bkp/* /tmp

Finally add the following entry to the fstab to make the changes permanent.

/dev/tmpFS /tmp ext3 loop,nosuid,noexec,rw 0 0

Now we’ve completed securing the /tmp directory.


Securing /var/tmp
--------------------

First move the contents of /var/tmp to a temporary location.

mv /var/tmp /var/tmp_bkp

Create a symlink of /var/tmp to the /tmp

ln –s /tmp /var/tmp

Lastly copy the contents back to the /tmp folder.

mv /var/tmp_bkp/* /var/tmp


Securing /dev/shm
---------------------

Edit your fstab entry and locate the line which specifies the mount point of shm.

vi /etc/fstab

And the line should be something like this.


tmpfs                   /dev/shm                tmpfs   defaults        0 0


You need to modify it with nosuid,noexec parameters.

tmpfs                   /dev/shm                tmpfs   defaults,nosuid,noexec,rw 0 0


After that remount /dev/shm

mount –o remount /dev/shm

Note: After securing the /tmp folder, you must restart the services (mysql) that uses /tmp.

Changing the timestamp on email clients

SquirrelMail
===========

Go inside the webmail program and click Options at the top.

Click the first link called Personal Information.

Under Timezone Options, look for "Your current timezone:" Change the drop down   to your time zone.

Click the Submit button.


Horde
======

 Go inside the webmail program and click Options at the top.

Click the second link called Locale and Time. Look for "Your current time zone:"

Change the drop down to your time zone.

Click the Save Options button.


RoundCube
==========

Go inside the webmail program and click Personal Settings at the top right.

Under User Interface, look for "Time zone"

Change the drop down to your time zone.

Click the Save button.


Outlook 2007
===========

At any time, you can change the time zone in Outlook so that it matches your current geographic location. Please consult the Outlook Help menu for assistance with other versions

On the Tools menu, click Options. Click Calendar Options.

Click Time Zone.

Under Current time zone, type a name for the current time zone in the Label box. In the Time zone list, click the time zone that you want to use.

 If you want your computer clock to automatically adjust for daylight saving time (DST) changes, select the Adjust for daylight saving time check box. This option is available only in time zones that use daylight saving time (DST).

 Click OK and you are done.


Thunderbird
===========

A Mozilla application has no clock of its own. It uses your system clock. Your system clock is controlled by your operating system settings.

Difference between ports 465 and 587

Port 465 is for smtps - SSL encryption is started automatically before any SMTP level communication.

Port 587 is for msa - it is almost like standard SMTP port. SSL encryption may be started by STARTTLS command at SMTP level if server supports it. Standard SMTP port accepts email from other mail servers without authentication. MSA should accept email after authentication (SMTP AUTH). It helps to stop outgoing spam when netmasters of DUL ranges can block outgoing connections to SMTP port.
 

SMTP Error (-1): Connection to server failed

When trying to send emails from Roundcube,Horde and SquirrelMail if you are receving the error as follows :

-------------------------------------------------------------------
SMTP Error (-1): Connection to server failed
--------------------------------------------------------------------

This error is typically seen due to a setting in the CSF firewall or another firewall. It might be caused by having the following set :

SMTP_BLOCK = 1
SMTP_ALLOWLOCAL = 0

You would need to change SMTP_ALLOWLOCAL to 1 to enable webmail to function.

LFD

If you installed CSF, (Config Server Firewal), on the server, there is a daemon called Login Failure Daemon (lfd), bundled with CSF, which is a process that runs all the time and periodically (every X seconds) scans the latest log file entries for login attempts against your server that continually fail within a short period of time.

Normally called "Brute-force attacks" the daemon process responds quickly to such patterns and blocks the IP's.

To check why 'lfd' has failed look at the end of /var/log/lfd.log

You can see errors as follows :

---------------------------------------------------------------------------------------------------------
/var/log/lfd.log:Jul 15 09:28:33 server lfd[11662]: Error: cannot fork: Cannot allocate memory, at line 2402
/var/log/lfd.log:Jul 15 14:10:09 server lfd[9297]: open3: fork failed: Cannot allocate memory at /usr/sbin/lfd line 1981
/var/log/lfd.log:Jul 16 05:43:22 server lfd[18107]: Error: cannot fork: Cannot allocate memory, at line 5380
/var/log/lfd.log:Jul 16 06:51:08 server lfd[1916]: Error: cannot fork: Cannot allocate memory, at line 5380
/var/log/lfd.log:Jul 16 09:24:53 server lfd[7386]: Error: cannot fork: Cannot allocate memory, at line 5380
/var/log/lfd.log:Jul 16 17:01:15 server lfd[17889]: Error: cannot fork: Cannot allocate memory, at line 5380
/var/log/lfd.log:Jul 16 22:55:31 server lfd[5289]: Error: cannot fork: Cannot allocate memory, at line 5380
/var/log/lfd.log:Jul 17 00:12:06 server lfd[8044]: Error: cannot fork: Cannot allocate memory, at line 5380
/var/log/lfd.log:Jul 17 02:19:15 server lfd[17821]: Error: cannot fork: Cannot allocate memory, at line 5380
/var/log/lfd.log:Jul 17 07:15:43 server lfd[21667]: Error: cannot fork: Cannot allocate memory, at line 5380
/var/log/lfd.log:Jul 17 09:10:10 server lfd[7318]: Error: cannot fork: Cannot allocate memory, at line 5380
/var/log/lfd.log:Jul 17 23:41:36 server lfd[24521]: Error: cannot fork: Cannot allocate memory, at line 6066
/var/log/lfd.log:Jul 18 00:00:11 server lfd[5859]: Error: cannot fork: Cannot allocate memory, at line 2018
/var/log/lfd.log:Jul 18 20:31:45 server lfd[11656]: open3: fork failed: Cannot allocate memory at /usr/sbin/lfd line 1981
/var/log/lfd.log:Jul 19 04:16:15 server lfd[31925]: Error: cannot fork: Cannot allocate memory, at line 6066
/var/log/lfd.log:Jul 19 06:00:07 server lfd[12118]: Error: cannot fork: Cannot allocate memory, at line 2018
/var/log/lfd.log:Jul 19 06:06:03 server lfd[20240]: Error: cannot fork: Cannot allocate memory, at line 5380
/var/log/lfd.log:Jul 19 16:50:16 server lfd[21681]: Error: cannot fork: Cannot allocate memory, at line 5380

-------------------------------------------------------------------------------------------

On further checking I have seen that the plugins installed on the server such as cmm, cmc, cmq, cse, csf, cxs, msinstall, msfe was not properly working which lead to these LFD email alerts to clients email address

Runing the following command fixed the issue.

curl -s configserver.com/free/csupdate | perl 

CSF error : No response from subprocess (/usr/local/cpanel/whostmgr/docroot/cgi/

On checking the Cpanel error log at /usr/local/cpanel/logs/error_log, you can see the errors as :

--------------------------------------------------------------------------------
Can't locate Net/LibIDN.pm in @INC (@INC contains: /usr/local/cpanel /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.8/i386-linux-thread-multi /usr/lib/perl5/5.8.8 .) at /usr/local/cpanel/Cpanel/Encoder/Punycode.pm line 10.
Compilation failed in require at /usr/local/cpanel/Cpanel/DomainTools.pm line 13.
BEGIN failed--compilation aborted at /usr/local/cpanel/Cpanel/DomainTools.pm line 13.
Compilation failed in require at /usr/local/cpanel/Cpanel/CheckData.pm line 8.
BEGIN failed--compilation aborted at /usr/local/cpanel/Cpanel/CheckData.pm line 8.
Compilation failed in require at /usr/local/cpanel/Cpanel/cPanelFunctions.pm line 11.
BEGIN failed--compilation aborted at /usr/local/cpanel/Cpanel/cPanelFunctions.pm line 11.
Compilation failed in require at /usr/local/cpanel/whostmgr/docroot/cgi/addon_csf.cgi line 24.
BEGIN failed--compilation aborted at /usr/local/cpanel/whostmgr/docroot/cgi/addon_csf.cgi line 24.
----------------------------------------------------------------------------------------------

Inorder to fix this issue run the following command :

curl -s configserver.com/free/csupdate | perl

This script will update: cmm, cmc, cmq, cse, csf, cxs, msinstall, msfe
Only those scripts that are already installed will be updated. Those that are updated are done so regardless as to whether they are the same or an older version of those available.

Move all addon domains as a standalone accounts under a reseller

If there so many addon domains under a Cpanel account and we need to change all of these addon domains as a stand alone account under a reseller account, follow these steps:

Backup
------
1. Take a full backup of the user from Cpanel
2. Extract the backup.


Create as stand alone account
-----------------------------
3. Remove one addon domain
4. Create that domain from WHM --> Create new account


Restore web files
-----------------
5. Copy all web files of that addon domain from the backup to the new document root.
6. Change the ownership all files to newuser.newuser


Restore DB's
-----------
7. Make sure the name of DB for each domain.
8. In backup directory there is a mysql directory. All DB's are under that mysql directory.
9. Login to the new cpanel account of that new account.
10. Create a DB, DB user from Cpanel --> Mysql
11. Give all privileges to that mysql user to the corresponding DB from there.
12. Make sure to edit all mysql configuration files in the document root of that domain.
13. Restore the old DB to new DB.


Restore mails
-------------
14. In the backup, we can see a directory named mail. Copy the directory of the domain from that directory to new accounts mail directory /home/newuser/mail/
15. Change the ownership of that directory under /home/newuser/mail/ to newuser.newuser


Restore mail accounts with same password
----------------------------------------
16. In the backup we can see a directory etc. Copy the directory of the domain from that directory to new accounts /home/newuser/etc/
17. Change the ownership of that directory under /home/newuser/etc/ to newuser.mail

Cpanel plugin to list the number of domains which is not working or not resolvin

 Installation
-----------

# cd /home
# rm -f latest-accountdnscheck
# wget http://www.ndchost.com/cpanel-whm/plugins/accountdnscheck/download.php
# sh latest-accountdnscheck


Now login to your WHM > plugins > Account DNS Check

Or you can do this by executing command :

/var/cpanel/accountdnscheck/scripts/cli_run.sh

White List Hostname in CSF

Please follow the steps to white list hostname in CSF for domains using dynamic IPs.


1) Open the file "csf.dyndns" present on your server and add the hostname of your domain.

2) Open the file "csf.conf" present on your server and set DYNDNS = "300" which would would check for IP updates every 5 minutes

3) Open the file "csf.conf" present on your server and set DYNDNS_IGNORE = "1" to always ignore DYNDNS IP addresses in lfd blocking

4) Restart the firewall

Reparing Corrupted Mysql Database

Solution :1

Login to server with root access

Stop mysql using following command

/etc/init.d/mysql stop

Run following command to check all the tables in the database

Run following command to check all the tables in teh database

/usr/bin/myisamchk /var/lib/mysql/databasename/*.MYI

Run following command to repair all the tables in the database

/usr/bin/myisamchk -r /var/lib/mysql/databasename/*.MYI

Then recheck again using following command

/usr/bin/myisamchk /var/lib/mysql/databasename/*.MYI

Restrart MySql service using following command

/etc/init.d/mysql restart

Solution : 2

If you want repair DB using myisamchk, you need to shutdown MySQL service before proceeding otherwise it will corrupt some other databases.

Alternatively, if you do not want to shut down MySQL, you can use mysqlcheck.

mysqlcheck [DBNAME]

To repair the database tables:

mysqlcheck -r [DBNAME]

also we can use the commands

mysqlcheck -u{username} -p{password}  –check –optimize –auto-repair –all-databases

Starting Xen Vm from Backend

First shutdown the Vm via Solusvm, Then issue the command :

 xm create /home/xen/vm441/vm441.cfg

Where vm441 is the VM ID

Clamav Configuration

To install clamav

#yum install clamd

run #freshclam to update the virus definitions

create a file  /home/clamscan  and enter the below :

clamscan -ri --exclude-dir=^/sys\|^/proc\|^/dev / | mail -s "ClamAV Scan Results for `date +%D`" user@domain.com

Save the file and exit. (user@domain.com must be replaced by email address to which scan results are to be mailed)

#crontab -e

0 0 * * * /home/clamscan     

save the file and exit.   The above cron will run everyday at midnight.

Enabling SPF for all accounts in WHM

Command to install spf record on single cPanel account : 
----------------------------------------------------------
/usr/local/cpanel/bin/spf_installer <cPanelusername>


Install spf records for all cPanel accounts :
--------------------------------------------------

cd /var/cpanel/users

for i in `ls /var/cpanel/users` ;do /usr/local/cpanel/bin/spf_installer $i ;done

MYSQL OPTIMIZATION EX: sreeuks

I'm pasting some parameters which worked for me while optimizing mysql settings in /etc/my.conf file

vi /etc/my.cnf

[mysqld]
socket=/var/lib/mysql/mysql.sock
#skip-locking — disabled by default
#skip-innodb — only when all tables are MyISAM
skip-name-resolve # saves dns resolution time.
query_cache_limit=1M
query_cache_size=64M
query_cache_type=1
max_connections=500
interactive_timeout=75
wait_timeout=25
connect_timeout=10

thread_cache_size=128
key_buffer=256M
sort_buffer_size=2M
read_buffer_size=2M ## sort+read x connections + key = memory usage
join_buffer=2M
max_allowed_packet=16M
table_cache=1024
record_buffer=2M
thread_concurrency=8
myisam_sort_buffer_size=64M
#log-bin
server-id=1

[safe_mysqld]
err-log=/var/log/mysqld.log
pid-file=/var/lib/mysql/mysql.pid
open_files_limit=8192

[mysqldump]
quick
max_allowed_packet=16M

[mysql]
no-auto-rehash
#safe-updates

[isamchk]
key_buffer=64M
sort_buffer=64M
read_buffer=16M
write_buffer=16M

[myisamchk]
key_buffer=64M
sort_buffer=64M
read_buffer=16M
write_buffer=16M

/etc/init.d/mysql restart

CPanel Log File Locations

cPanel Installation Logs:

/var/log/cpanel-install-thread0.log


Apache :

/usr/local/apache/logs/access_log

/usr/local/apache/logs/error_log


Apache domlogs :

/usr/local/apache/domlogs/example.com


Apache SUEXEC Logs :

/usr/local/apache/logs/suexec_log


MySQL :

/var/lib/mysql/hostname.err


BIND (named) Log:

/var/log/messages


Exim :

/var/log/exim_mainlog

/var/log/exim_paniclog

/var/log/exim_rejectlog


Courier or Dovecot IMAP :

/var/log/maillog


Tomcat Logs :

/usr/local/jakarta/tomcat/logs/catalina.err

/usr/local/jakarta/tomcat/logs/catalina.out


cPanel Access Log :

/usr/local/cpanel/logs/access_log


cPanel Error Log :

/usr/local/cpanel/logs/error_log


cPanel License Log :

/usr/local/cpanel/logs/license_log


Stats Execution Logs :

/usr/local/cpanel/logs/stats_log


ChkServd (cPanel Monitoring Daemon) Logs:

/var/log/chkservd.log


cPHulkd :

/usr/local/cpanel/logs/cphulkd.log


cPanel Backup Logs:

/usr/local/cpanel/logs/cpbackup/*.log


Pure-FTP :

/var/log/messages

/var/log/xferlog (symlinked to /usr/local/apache/domlogs/ftpxferlog)


Cron Logs :

/var/log/cron


SSH Logs :

/var/log/secure


ModSecurity :

/usr/local/apache/logs/modsec_audit.log

/usr/local/apache/logs/modsec_debug_log

How to Stop Open Relay of Exim (Cpanel servers)

An open relay is a smtp server configured in such a way that is allows a third party to relay (send / receive email messages that are neither from nor for local users). Therefore, such servers are usually targets for spam senders.

You can test if a server is an open relay via this link :  http://www.mailradar.com/openrelay/

If the server supports open relay, you can stop it via the following script in Cpanel servers

/scripts/fixrelayd

service exim restart

How to Fix an (errno: 24) in MySQL

Upon checking the mysql logs in /var/lib/mysql/HOSTNAME.err, I got error as :

-----------------------------------------------------------------------------
[ERROR] /usr/sbin/mysqld: Can't open file: './database/table.frm' (errno: 24)
-----------------------------------------------------------------------------

errno: 24 simply means that too many files are open for the given process. There is a read-only mysql variable called open_files_limit that will show how many open files are allowed by the mysqld.

A lot systems set this to something very low, like 1024. When creating a large number of partitions or tables, MySQL may mysteriously stop working and will generate this eeror.

Add the following parameter in /etc/my.cnf file and restart mysql service.

[mysqld]
open_files_limit = 100000

Rootkit Hunter Installation in Centos 5,6 using Yum

Update yum repository with epel package:

Centos 5.x

wget http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
wget http://rpms.famillecollet.com/enterprise/remi-release-5.rpm
sudo rpm -Uvh remi-release-5*.rpm epel-release-5*.rpm

Centos 6.x

wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
sudo rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm

Run:
yum update

After update:
yum install rkhunter

Get more details about Rkhunt commands and all.
man rkhunter 

Creating Backup of a Xen vm

Let the vm ID be vm378.

dd if=/dev/Xen/vm378_img of=/dev/Xen/vm378_img.img 

Checking and Reparing filesystem using with FSCK

fsck is a Unix utility for checking and repairing file system inconsistencies . File system can become inconsistent due to several reasons and the most common is abnormal shutdown due to hardware failure , power failure or switching off the system without proper shutdown. Due to these reasons the super-block in a file system is not updated and has mismatched information relating to system data blocks, free blocks and inodes .

fsck – Modes of operation :

Interactive :- fsck examines the file system and stops at each error it finds in the file system and gives the problem description and ask for user response whether to correct the problem or continue without making any change to the file system.

Non interactive :- fsck tries to repair all the problems it finds in a file system without stopping for user response useful in case of a large number of inconsistencies in a file system but has the disadvantage of removing some useful files which are detected to be corrupt .

If file system is found to have problem at the booting time non interactive fsck is run and all errors which are considered safe to correct are corrected. But if still file system has problems the system boots in single user mode asking for user to manually run the fsck to correct the problems in file system.

Running fsck :

         fsck should always be run in a single user mode which ensures proper repair of file system . If it is run in a busy system where the file system is changing constantly fsck may see the changes as inconsistencies and may corrupt the file system .

If the system can not be brought in a single user mode fsck should be run on the partitions ,other than root & user , after unmounting them . Root & user partitions can not be unmounted . If the system fails to come up due to root/user files system corruption the system can be booted with CD and root/user partitions can be repaired using fsck.

fsck phases

fsck checks the file system in a series of 5 pages and checks a specific functionality of file system in each phase.


** phase 1 – Check Blocks and Sizes
** phase 2 – Check Pathnames
** phase 3 – Check Connectivity
** phase 4 – Check Reference Counts
** phase 5 – Check Cylinder Groups

Procedure
=======
1) Take system down to runlevel one (make sure you run all command as root user):

# init 1

2)Unmount file system, for example if it is /home (/dev/sda3) file system then type command:

umount /home

3) Now run fsck on the partition:

# fsck -fyC /dev/sda3

y- Display completion/progress bars for those filesystem checkers (currently only for ext2 and ext3) which support them
C - to fix any detected filesystem corruption automatically

4) Once fsck finished, remount the file system:

# mount /home

5) Go to multiuser mode

# init 3

Screen Commands

To install screen : #yum install screen

After installation if you see "/var/run/screen must have permissions 777" then change the permission to 777  :  #chmod 777 /var/run/screen

#screen -ls --  this will list screenname and state (attached or detached)

After typing screen -ls it will show whether screen is "detached" or "attached" state

To reattach "detached" screen --  #screen -r <screenname>

Leaving screen --  press down ctrl + A together and type D   (ctrl A + D)

When u type screen -ls if the screen is attached, then do the below

#screen -D <screenname>     then
#screen -r <screenname>

To enter a name for the screen :   #Screen -S test

Detecting common Zone file errors of Domains

The domain won't resolve if the zone file of the domain have any syntax errors or configuration errors.

So better way to understand the syntax or normal errors in the zone file is by running the command

named-checkzone domain.com domain.com.db on the server
where domain.com is the domain name and domain.com.db is the zone file.

 named-checkzone weibo520.com weibo520.com.db
zone weibo520.com/IN: loaded serial 2013011601
OK

If the zone file is correct then it will show the result as ok as above. If it has errors it will list the errors as well, so that it will be easier for us to investigate.

Login Problem in horde,squirrel mail and round cube in Cpanel

If you are facing login issue with horde,squirrel mail and roundcube after login to the webmail for an account.

At first run the following commands.
/usr/local/cpanel/bin/updatehorde --force
/usr/local/cpanel/bin/updatesquirrelmail --force
/usr/local/cpanel/bin/updateroundcube --force

 Normally it will fix those issues. but still there is login problems, then it might be with some configuration issues on the Cpanel acount.

Please run the following command in root SSH:
/scripts/whoowns domain.com
Where domain.com is the domain name in question. If it doesn't show any ownership, then move the following files:

cd /etc
mv userdomains userdomains.bak
mv trueuserdomains trueuserdomains.bak

At that point, run the following script and recheck ownership for the domain:

/scripts/updateuserdomains
/scripts/whoowns domain.com

If instead of showing no ownership, the domain showed the wrong ownership, you'd have to edit the /var/cpanel/users/username file that is improperly owning the domain to remove the DNS line that it has for that domain, then run the above move and updateuserdomains commands.



If the ownership is correct, then at that point, try instead checking the Roundcube logs as it has the most accurate logging of the 3 webmail programs. Try to log into the account in Roundcube, and then go to /var/cpanel/roundcube and tail the log:

After this issue will be fixed.

Error while uploading files to Cpanel accounts >> unknown bytes complete FAILED! :Upload canceled: VIRUS DETECTED! ( Access denied. ERROR )

If you are getting the following error while uploading files to the Cpanel accounts :

------------------------------------------------------
unknown bytes complete FAILED! :Upload
canceled: VIRUS DETECTED! ( Access denied. ERROR )
------------------------------------------------------

Go to WHM >> Manage Plugins.

There you can see the different add-ons. Check for clamavconnector.
If it is not installed, install it. If it is there, uninstall and install again.

Warning while restarting the CSF service >> *WARNING* Since the Virtuozzo VPS iptables ip_conntrack_ftp kernel module is currently broken

*WARNING* Since the Virtuozzo VPS iptables ip_conntrack_ftp kernel module is currently broken you have to open a PASV port hole in iptables for incoming FTP connections to work correctly. See the csf readme.txt under 'A note about FTP Conne ction Issues' on how to do this if you have not already done so.


---------------------------------------------------------------------------------------------------------

It is important when using an SPI firewall to ensure FTP client applications
are configured to use Passive (PASV) mode connections to the server.

On servers running Monolithic kernels (e.g. VPS Virtuozzo/OpenVZ and custom
built kernels) ip_conntrack and ip_conntrack_ftp iptables kernel modules may
not be available or fully functional. If this happens, FTP passive mode (PASV)
won't work. In such circumstances you will have to open a hole in your firewall
and configure the FTP server to use that same hole.

For example, with pure-ftpd you could add the port range 30000:35000 to TCP_IN
and add the following line to /etc/pure-ftpd.conf and then restart pure-ftpd:
PassivePortRange        30000 35000

For example, with proftpd you could add the port range 30000:35000 to TCP_IN
and add the following line to /etc/proftpd.conf and then restart proftpd:
PassivePorts    30000 35000

FTP over SSL/TLS will usually fail when using an SPI firewall. This is because
of the way the FTP protocol established a connection between client and server.
iptables fails to establish a related connection when using FTP over SSL
because the FTP control connection is encrypted and so cannot track the
relationship between the connection and the allocation of an ephemeral port.

Increase Swap Size for linux Server

1. Create Swap file

 > touch /swapfile

2. To create 2GB of swap file,

 > dd if=/dev/zero of=/swapfile bs=1024 count=2048000

  For 4GB,

 > dd if=/dev/zero of=/swapfile bs=1M count=4096

3. mkswap /swapfile

Now the swap file is created.

4. To activate /swapfile file,

 > swapon /swapfile

5. Add entry on /etc/fstab file to activate after serevr reboot,

 > vi /etc/fstab

   /swapfile swap    swap    defaults        0 0

Now check the swap space,

 > free -m