How to allow only specific countries with CSF
Login to WHM-cPanel configuration via WHM
1. WHM
2. Plugins
3. ConfigServer Security & Firewall
4. Firewall Configuration)
“OR”
1. Login via SSH
# vi /etc/csf/csf.conf
What you are looking for is “CC_ALLOW_FILTER“
First, you will want to get a list of ISO Country Codes to allow.
http://www.countryipblocks.net/country-blocks/ “OR”
http://www.ipdeny.com/ipblocks/ “OR”
http://www.iana.org/domains/root/db/
For example, if you only wanted United States, Canada, Great Britian, Australia, and Mexico to be whitelisted, you would specify:
US,CA,GB,AU,MX
What this will do is download a list of IP ranges belonging to those countries, then add them to a whitelist, and deny everything else, that is, deny all other countries’ IP ranges. So, India will not be able to connect to your server, Russia will not be able to connect, etc..
Once you have change this in your configuration, don’t forget to restart your firewall to apply the new configuration.
How to block a country using mod_geoip
mod_geoip is a module that can be compiled into Apache on build. However if you are on a VPS or a Dedicated Server you can compile this module into Apache. Then just do the following
Edit your .htaccess file
===================================
GeoIP ON
SetEnvIF GEOIP_COUNTRY_CODE CN BlockThese
SetEnvIF GEOIP_COUNTRY_CODE TR BlockThese
# Add more countries here
Deny from env=BlockThese
===================================
A full list of 2 digit country codes can be found here:
http://www.countryipblocks.net/country-blocks/ “OR”
http://www.ipdeny.com/ipblocks/ “OR”
http://www.iana.org/domains/root/db/
The above listed in the example are “CN = China” and “TR = Turkey”
You could also just reverse the .htaccess to make it ALLOW and enter US or UK as the country code.
If you don’t have mod_geoip installed, you could use the output generated through http://www.countryipblocks.net/country-blocks/select-formats/
Keep in mind that the larger the .htaccess file, the slower your site loadings will be as it has to process the .htaccess file on each loading. IP numbers can also change and/or be added to certain country ranges. You will need to remember to update this list accordingly.
How to check HDD speed On linux
Here is following command to check hard drive speed
# hdparm -tT /dev/sda
/dev/sda:
Timing cached reads: 15312 MB in 2.00 seconds = 7669.12 MB/sec
Timing buffered disk reads: 12 MB in 3.16 seconds = 3.80 MB/sec
How to check database engine in MySQL
If you wish to check, which database engin is used by your database i.e is it using MyISAM or InnoDb
There are two ways to check database engine one is thruogh phpmyadmin and other is through shell.
Method -1 :- By PhpMyAdmin
a) Login to cpanel
b) Go to PhpMyAdminm
c) select database
Method -2 :- By Shell
Under structure Tab you will see colum name Type which indicates your current database engine.
a) Login to server shell as root and execute following command.
# mysqlshow –status databasename
How to change the access time for a file
Here is complete steps to change access time of particular file
# touch -a myfile
It would change the accesstime of myfile to whatever is the current time
How to set access time to a particular time
# touch -a 0526102311 myfile
Read it as two digits each for month, day, hour, minute and year.
05 –> Month
26 –> Day
10 –> Hour
23 –> Minute
11 –> Year
How to disable FTP for a single account
You can disable FTP for a single account using the steps shown below:
# ll /etc/proftpd/username
# mv /etc/proftpd/username /etc/proftpd/username.bak
Restart FTP Service
# /etc/init.d/proftpd restart
Then try to login to the account. You can’t login to the account.
WordPress Permalink not working
WordPress Permalink not working even through you enabled it from wordpress admin section –> Settings –> Permalinks.
Sometimes, WordPress requires a rewrite rules to be enabled in .htaccess file for Permalinks to work correctly.
Create .htaccess file in the installation directory of wordpress and add following rewrite rules.
=====================================
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
=====================================
Save exit file and now Permalinks should work fine.
How to install DomainKeys on a cPanel Server
Delivering mail to yahoo and google is so hard those days. Almost every server has had this problem even if it is not used to relay spam. Installing DomainKeys can help your server deliver “clean” emails directly to your user’s inbox.
Installation is simple and it’s done on a domain basis. Here is following steps to install DomainKeys on a specific domain.
First check that you are running the latest version on RELEASE or CURRENT of cPanel 11. Run the script
# /usr/local/cpanel/bin/domain_keys_installer username
Where username is the cPanel user.
If you get an error similar to “Domain keys are not installed on this machine.” you either are not running the latest release or current version of cPanel or you have not converted yet to maildir. Maildir conversion is required before you install DomainKeys.
Ok, we just installed DomainKeys for a domain, but how about if we want to install it for all the domains (users)?
Well, here is bash script that will parse all the cpanel users and then run the installation for each of them.
——————————————————————————–
for i in `ls /var/cpanel/users` ;
do /usr/local/cpanel/bin/domain_keys_installer $i ;
done
——————————————————————————–
Ok, but what about if we want that every new created account to have DomainKeys installed. Well this is a bit harder to do. But we recommend editing /scripts/postwwwacct and adding:
# vi /scripts/postwwwacct
——————————————-
my %OPTS = @ARGV;
my $user = $OPTS{’user’};
/usr/local/cpanel/bin/domain_keys_installer $user
——————————————-
Now test this by creating a new account.
Locked out by the brute force system in cPanel
Sometimes, user can’t log in in WH due to CPHULKD Brute Force protection is preventing access to WHM account. The User can’t login due to Brute force protection, this account is currently locked out……. wait 30 minutes and try again,
We can’t wait for half an hour and ready still get the same message. Since we can’t login WHM we can’t disable the brute force protection.
Even more this burte force system has locked out from loging on to Linux. We had to login via SSH from Different IP address Or via using single user mode and reset root password with the passwd command.
But sometimes try to login in to WHM, will get locked out of the server if we restart the machine and each time we have to reset the password or else we can’t able to login to Linux server. All this after input the wrong password for a cPanel account, it locked all the accounts on the server including the root account.
Is this normal ? How can disable the brute force sistem from outside WHM.
If you can still ssh to the server login as root and type the following at the prompt Code:
# mysql
prompt should change to mysql
mysql> use cphulkd;
you will see…database changed
mysql>BACKUP TABLE `brutes` TO ‘/path/to/backup/directory’;
backup first!
mysql> SELECT * FROM `brutes` WHERE `IP`=’xxx.xxx.xxx.xxx’;
insert your IP instead xxx.xxx.xxx.xxx. Is your IP there? If so,
mysql> DELETE FROM `brutes` WHERE `IP`=’xxx.xxx.xxx.xxx’;
that should remove your IP from the table and you will see that in mysql reply. Finally
mysql>quit
should return you to your usual prompt.
Now Check, Its works ! ! !
How to fix mailman stats in munin
By default if you install Munin via cPanel addons it does not enable mailman stats by default even though it shows a graph on the stats page… Here is how you can enable the stats.
First, you must edit your /etc/munin/plugin-conf.d/cpanel.conf file to look like this
# /etc/munin/plugin-conf.d/cpanel.conf
——————————————————————————-
[mysql*]
user root
group wheel
env.mysqladmin /usr/bin/mysqladmin
env.mysqlopts –defaults-extra-file=/root/.my.cnf
[exim_mailqueue]
group mail
[exim_mailstats]
group mail
[mailman]
user mailman
——————————————————————————-
Next, edit /etc/munin/plugins/mailman and change the line:
# vi /etc/munin/plugins/mailman
———————-
to
$pos=0;
———————-
Also touched ‘touch /var/lib/munin/plugin-state/munin-mailman-log.state’
Finally, if exim stats fail and you’ve made changes or restarted you need to remove the state file at /var/lib/munin/plugin-state/plugin-exim_mailstats.state
You’ll also need to restart munin
# /etc/init.d/munin-node restart
How to secure /tmp directory
Step 1: Backup your /etc/fstab file
# cp /etc/fstab /etc/fstab.bak
Step 2: Make a 3GB file for /tmp parition and an ext3 filesystem for tmp:
# dd if=/dev/zero of=/var/tempFS bs=1024 count=3072000 /sbin/mkfs.ext3 /var/tempFS
*Change the count= to something higher if you need more space*
Step 3: Create a backup copy of your current /tmp drive:
# cp -Rpf /tmp /tmpbackup
Step 4: Mount our new tmp parition and change permissions
# mount -o loop,noexec,nosuid,rw /var/tempFS /tmp
# chmod 1777 /tmp
Step 5: Copy the old data
# cp -Rpf /tmpbackup/* /tmp/
* If your /tmp was empty earlier, you might get this error : cp: cannot stat `/tmp.bak/*’: No such file or directory
Step 6: Edit /etc/fstab and add this
# vi /etc/fstab
And ADD this line:
/var/tempFS / tmp ext3 loop,nosuid,noexec,rw 0 0
Step 7: Test your fstab entry
# mount -o remount /tmp
Step 8: Verify that your /tmp mount is working
# df -h
Should look something like this
/var/tempFS 962M 18M 896M 2% /tmp
———————————————————————————————————-
Secure /var/tmp
Step 1: Use /tmp as /var/tmp
# mv /var/tmp /var/vartmp
# ln -s /tmp /var/tmp
Step 2: Copy the old data back
# cp /var/vartmp/* /tmp/
* If your /var/tmp was empty earlier, you might get this error : cp: cannot stat `/var/vartmp/*’: No such file or directory
———————————————————————————————————-
Secure /dev/shm
Step 1: Edit your /etc/fstab
# vi /etc/fstab
Locate: none /dev/shm tmpfs defaults,rw 0 0
Change it to: none /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0
Step 2: Remount /dev/shm
# mount -o remount /dev/shm
You should restart services that uses /tmp partition
———————————————————————————————————-
For cPanel
# /scripts/securetmp
How to hide PHP version
Find your php.ini file
# vi /usr/local/lib/php.ini
and look for the line that says “expose_php On“ Change it to “expose_php Off“
Restart your HTTP service
# /etc/init.d/httpd restart
Done! No more PHP version number in your HTTP response header
How to hide Apache version
Open your Apache’s httpd.conf file
# vi /usr/local/apache/conf/httpd.conf “OR”
# vi /etc/http/conf/httpd.conf
and look for the line that says: “ServerSignature On“ Change it to “ServerSignature Off” , this will hide the Apache version normally seen at the bottom of your 404 error pages) Then add “ServerTokens Prod” below that line, to hide the version in HTTP response headers
————————————————————————————————
ServerTokens Prod[uctOnly] : Server sends (e.g.): Server: Apache
ServerTokens Major :: Server sends (e.g.): Server: Apache/2
ServerTokens Minor :: Server sends (e.g.): Server: Apache/2.0
ServerTokens Min[imal] :: Server sends (e.g.): Server: Apache/2.0.41
ServerTokens OS :: Server sends (e.g.): Server: Apache/2.0.41 (Unix)
ServerTokens Full (or not specified) :: Server sends (e.g.): Server: Apache/2.0.41(Unix)/PHP/4.2.2 MyMod/1.2
————————————————————————————————
Restart your HTTP service
# /etc/init.d/httpd restart
Done! No more Apache version numbers. This setting applies to the entire server, and cannot be enabled or disabled on a virtualhost by virtualhost basis.
How to enable .jsp support for domain in cPanel
Login to the server via SSH and fire the commands below
# /scripts/addservlets domain.com
Now, if you want to remove the servlets for the domain you can use the command below
# /scripts/remservlets domain.com
Restart the tomcat on the server once.
# /etc/init.d/tomcat stop
# /etc/init.d/tomcat start
You can try uploading the .jsp pages under the account and check.
How to change your server time to IST (Indian Standard Time)
If you need to change your server clock to another timezone, you can do so by modifying the /etc/localtime file:
# mv /etc/localtime /etc/localtime.bak
# ln -s /usr/share/zoneinfo/Asia/Calcutta /etc/localtime
# date
Thurs April 16 09:54:56 IST 2011
Error While adding domain via cPanel
Sometimes, you look following type of error in cPanel while adding domian :-
Error While adding domain via cPanel :: Error from domain wrapperError Message :: Error from domain wrapper: example.com is owned by another user.
1. Remove the domain name example.com from /var/cpanel/users/cpanel-username
2. Run /scripts/updateuserdomains as root user on the server because you changed the above file manually, this will create adjusted cache files
# /scripts/updateuserdomains
3. Remove the zone file /var/named/example.com.db if the file exists
4. Remove the virtualhost entry for domain example.com on /usr/local/apache/conf/httpd.conf
5. Remove the domain example.com from /etc/named.conf
Now try to add the domain once again in cPanel.
Note :: example.com is the domain name which you want to add via cPanel.
E-Mail Issue with SquirrelMail
While sending emails using SquirrelMail,Sometimes you would be getting following error message;
ERROR: Could not append message to INBOX.Sent.
Server responded: [ALERT] Cannot create message – no write permission or out of disk space.
ERROR: Could not append message to INBOX.Sent.
Server responded: Error in IMAP command received by server.
ERROR: Connection dropped by IMAP server.
Query: LOGOUT
Solutions of this issue is you have to create tmp directory in /home/cPanel-Username/mail/Domain-Name/xyz/.Sent folder and issue get resolved.
Note:-
1. cPanel-Username is username of cPanel account
2. Domain-Name is the domain on which email address is created
3. xyz is a initial of email address
How to upload images through Cubecart
If you are not able to upload the images via cubecart admin panel, then it seems to be an issue with the permissions on the directory under your account. Please follow the steps below
1. Change permissions for the diretcory “cart/images/uploads” to 777
# chmod -R 777 cart/images/uploads
2. Change permissionsfor diretcory “cart/images/uploads/thumbs” to 777.
# chmod -R 777 cart/images/uploads/thumbs
Now try to upload the images.
How to Install pecl_http PHP Extension
The pecl_http php extension is used to provide a convenient and powerful set of functionality for most of PHP’s applications ,like HTTP urls, dates, redirects, headers and messages, provides means for negotiation of clients preferred language and charset, as well as a convenient way to send any arbitrary data with caching and resuming capabilities. You can easily install it on Linux server using pecl or pear command.
This is a quick guide on how to compile pecl_http, as sometimes it has a little trouble compiling with the system’s cURL libraries.
1. Login to server via SSH.
2. Go into your compile directory:
# cd /usr/local/src/
3. Download the library:
# wget pecl download pecl_http
4. Bundle it in the current directory:
# pecl bundle pecl_http
5. Go into the pecl_http source directory:
# cd pecl_http*
6. Prepare the build environment:
# phpize
7. Configure the build with cPanel’s cURL SSL library:
# ./configure –with-http-curl-requests=/opt/curlssl
Note:- You must have cURLSSL already built by EasyApache
8. Compile it:
# make && make install
9. Add the extension to PHP:
# echo “extension=http.so” >> /usr/local/lib/php.ini
10 .Restart Apache:
# /etc/init.d/httpd stop
# /etc/init.d/httpd start
Once it done you will have add “extension=http.so” line to php.ini file.
Typo3 database error
The current username, password or host was not accepted when the connection to the database was attempted to be established! If you are receiving error mentioned above after installing typo3, please follow the steps below.
1. Open the file typo3_src/t3lib/config_default.php
2. Find for ‘no_pconnect’ the default value set will be 0. Change the value for ‘no_pconnect’
to 1. This will look like
‘no_pconnect’ => 1
3. Save the file and exit.
mysql_pconnect will be disabled on servers for security reasons. By default, typo3 uses mysql_pconnect to connect to the database. Changing the value for no_pconnect to 1 will use mysql_connect to connect to the database.
