UnixServerAdmin

Server Administration & Management

How to allow only specific countries with CSF

Login to WHM-cPanel configuration via WHM

1. WHM
2. Plugins
3. ConfigServer Security & Firewall
4. Firewall Configuration)

“OR”

1. Login via SSH

# vi /etc/csf/csf.conf

What you are looking for is “CC_ALLOW_FILTER

First, you will want to get a list of ISO Country Codes to allow.

http://www.countryipblocks.net/country-blocks/ “OR”

http://www.ipdeny.com/ipblocks/ “OR”

http://www.iana.org/domains/root/db/

For example, if you only wanted United States, Canada, Great Britian, Australia, and Mexico to be whitelisted, you would specify:

US,CA,GB,AU,MX

What this will do is download a list of IP ranges belonging to those countries, then add them to a whitelist, and deny everything else, that is, deny all other countries’ IP ranges. So, India will not be able to connect to your server, Russia will not be able to connect, etc..

Once you have change this in your configuration, don’t forget to restart your firewall to apply the new configuration.

Advertisements

April 30, 2011 Posted by | CSF, Firewall, Security | , , , | 3 Comments

How to block a country using mod_geoip

mod_geoip is a module that can be compiled into Apache on build.  However if you are on a VPS or a Dedicated Server you can compile this module into Apache. Then just do the following

Edit your .htaccess file

===================================
GeoIP ON
SetEnvIF GEOIP_COUNTRY_CODE CN BlockThese
SetEnvIF GEOIP_COUNTRY_CODE TR BlockThese
# Add more countries here
Deny from env=BlockThese
===================================

A full list of 2 digit country codes can be found here:

http://www.countryipblocks.net/country-blocks/ “OR”

http://www.ipdeny.com/ipblocks/ “OR”

http://www.iana.org/domains/root/db/

The above listed in the example are “CN = China” and “TR = Turkey”

You could also just reverse the .htaccess to make it ALLOW and enter US or UK as the country code.

If you don’t have mod_geoip installed, you could use the output generated through http://www.countryipblocks.net/country-blocks/select-formats/

Keep in mind that the larger the .htaccess file, the slower your site loadings will be as it has to process the .htaccess file on each loading.  IP numbers can also change and/or be added to certain country ranges.  You will need to remember to update this list accordingly.

April 29, 2011 Posted by | Apache, Firewall, Security, Tips & Tricks | , , , , | 2 Comments

How to check HDD speed On linux

Here is following command to check hard drive speed

# hdparm -tT /dev/sda

/dev/sda:
Timing cached reads: 15312 MB in 2.00 seconds = 7669.12 MB/sec
Timing buffered disk reads: 12 MB in 3.16 seconds = 3.80 MB/sec

April 28, 2011 Posted by | Tips & Tricks, Unix/Linux | , , | 2 Comments

How to check database engine in MySQL

If you wish to check, which database engin is used by your database i.e is it using MyISAM or InnoDb

There are two ways to check database engine one is thruogh phpmyadmin and other is through shell.

Method -1 :- By PhpMyAdmin

a) Login to cpanel
b) Go to PhpMyAdminm
c) select database

Method -2 :- By Shell

Under structure Tab you will see colum name Type which indicates your current database engine.

a) Login to server shell as root and execute following command.

# mysqlshow –status databasename

April 27, 2011 Posted by | cPanel, MySQL | , , | 4 Comments

How to change the access time for a file

Here is complete steps to change access time of particular file

# touch -a myfile

It would change the accesstime of myfile to whatever is the current time

How to set access time to a particular time

# touch -a 0526102311 myfile

Read it as two digits each for month, day, hour, minute and year.

05 –> Month
26 –> Day
10 –> Hour
23 –> Minute
11 –> Year

April 26, 2011 Posted by | Tips & Tricks, Unix/Linux | , , | 2 Comments

How to disable FTP for a single account

You can disable FTP for a single account using the steps shown below:

# ll /etc/proftpd/username

# mv /etc/proftpd/username /etc/proftpd/username.bak

Restart FTP Service

# /etc/init.d/proftpd restart

Then try to login to the account. You can’t login to the account.

April 25, 2011 Posted by | cPanel, FTP | , , | 2 Comments

WordPress Permalink not working

WordPress Permalink not working even through you enabled it from wordpress admin section –> Settings –> Permalinks.

Sometimes,  WordPress requires a rewrite  rules to be enabled in .htaccess file for Permalinks to work correctly.

Create .htaccess file in the installation directory of wordpress and add following rewrite rules.

=====================================
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
=====================================

Save exit file and now Permalinks should work fine.

April 24, 2011 Posted by | WordPress | | 2 Comments

How to install DomainKeys on a cPanel Server

Delivering mail to yahoo and google is so hard those days. Almost every server has had this problem even if it is not used to relay spam. Installing DomainKeys can help your server deliver “clean” emails directly to your user’s inbox.

Installation is simple and it’s done on a domain basis. Here is following steps to install DomainKeys on a specific domain.

First check that you are running the latest version on RELEASE or CURRENT of cPanel 11. Run the script

# /usr/local/cpanel/bin/domain_keys_installer username

Where username is the cPanel user.

If you get an error similar to “Domain keys are not installed on this machine.” you either are not running the latest release or current version of cPanel or you have not converted yet to maildir. Maildir conversion is required before you install DomainKeys.

Ok, we just installed DomainKeys for a domain, but how about if we want to install it for all the domains (users)?
Well, here is bash script that will parse all the cpanel users and then run the installation for each of them.

——————————————————————————–
for i in `ls /var/cpanel/users` ;
do /usr/local/cpanel/bin/domain_keys_installer $i ;
done
——————————————————————————–

Ok, but what about if we want that every new created account to have DomainKeys installed. Well this is a bit harder to do. But we recommend editing /scripts/postwwwacct and adding:

# vi /scripts/postwwwacct

——————————————-
my %OPTS = @ARGV;
my $user = $OPTS{’user’};
/usr/local/cpanel/bin/domain_keys_installer $user
——————————————-

Now test this by creating a new account.

April 23, 2011 Posted by | cPanel, Mail | , , , | 10 Comments

Locked out by the brute force system in cPanel

Sometimes, user can’t log in in WH due to CPHULKD Brute Force protection is preventing access to WHM account. The User can’t login due to Brute force protection, this account is currently locked out……. wait 30 minutes and try again,

We can’t wait for half an hour and ready still get the same message. Since we can’t login WHM we can’t disable the brute force protection.

Even more this burte force system has locked out from loging on to Linux. We had to login via SSH from Different IP address Or via using single user mode and reset root password with the passwd command.

But sometimes try to login in to WHM, will get locked out of the server if we restart the machine and each time we have to reset the password or else we can’t able to login to Linux server. All this after input the wrong password for a cPanel account, it locked all the accounts on the server including the root account.

Is this normal ? How can disable the brute force sistem from outside WHM.

If you can still ssh to the server login as root and type the following at the prompt Code:

# mysql

prompt should change to mysql

mysql> use cphulkd;

you will see…database changed

mysql>BACKUP TABLE `brutes` TO ‘/path/to/backup/directory’;

backup first!

mysql> SELECT * FROM `brutes` WHERE `IP`=’xxx.xxx.xxx.xxx’;

insert your IP instead xxx.xxx.xxx.xxx. Is your IP there? If so,

mysql> DELETE FROM `brutes` WHERE `IP`=’xxx.xxx.xxx.xxx’;

that should remove your IP from the table and you will see that in mysql reply. Finally

mysql>quit

should return you to your usual prompt.

Now Check, Its works ! ! !

April 22, 2011 Posted by | cPanel, Firewall, MySQL, Security | , , , , | 2 Comments

How to fix mailman stats in munin

By default if you install Munin via cPanel addons it does not enable mailman stats by default even though it shows a graph on the stats page… Here is how you can enable the stats.

First, you must edit your /etc/munin/plugin-conf.d/cpanel.conf file to look like this

# /etc/munin/plugin-conf.d/cpanel.conf

——————————————————————————-

[mysql*]
user root
group wheel
env.mysqladmin /usr/bin/mysqladmin
env.mysqlopts –defaults-extra-file=/root/.my.cnf

[exim_mailqueue]
group mail

[exim_mailstats]
group mail

[mailman]
user mailman
——————————————————————————-

Next, edit /etc/munin/plugins/mailman and change the line:

# vi /etc/munin/plugins/mailman

———————-
to
$pos=0;
———————-

Also touched ‘touch /var/lib/munin/plugin-state/munin-mailman-log.state’

Finally, if exim stats fail and you’ve made changes or restarted you need to remove the state file at /var/lib/munin/plugin-state/plugin-exim_mailstats.state

You’ll also need to restart munin

# /etc/init.d/munin-node restart

April 21, 2011 Posted by | cPanel | , , , | 4 Comments

How to secure /tmp directory

Step 1: Backup your /etc/fstab file

# cp /etc/fstab /etc/fstab.bak

Step 2: Make a 3GB file for /tmp parition and an ext3 filesystem for tmp:

# dd if=/dev/zero of=/var/tempFS bs=1024 count=3072000 /sbin/mkfs.ext3 /var/tempFS

*Change the count= to something higher if you need more space*

Step 3: Create a backup copy of your current /tmp drive:

# cp -Rpf /tmp /tmpbackup

Step 4: Mount our new tmp parition and change permissions

# mount -o loop,noexec,nosuid,rw /var/tempFS /tmp

# chmod 1777 /tmp

Step 5: Copy the old data

# cp -Rpf /tmpbackup/* /tmp/

* If your /tmp was empty earlier, you might get this error : cp: cannot stat `/tmp.bak/*’: No such file or directory

Step 6: Edit /etc/fstab and add this

# vi /etc/fstab

And ADD this line:

/var/tempFS /    tmp    ext3    loop,nosuid,noexec,rw    0    0

Step 7: Test your fstab entry

# mount -o remount /tmp

Step 8: Verify that your /tmp mount is working

# df -h

Should look something like this

/var/tempFS           962M   18M  896M   2% /tmp

———————————————————————————————————-

Secure /var/tmp

Step 1: Use /tmp as /var/tmp

# mv /var/tmp /var/vartmp

# ln -s /tmp /var/tmp

Step 2: Copy the old data back

# cp /var/vartmp/* /tmp/

* If your /var/tmp was empty earlier, you might get this error : cp: cannot stat `/var/vartmp/*’: No such file or directory

———————————————————————————————————-

Secure /dev/shm

Step 1: Edit your /etc/fstab

# vi /etc/fstab

Locate: none /dev/shm tmpfs defaults,rw 0 0

Change it to: none /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0

Step 2: Remount /dev/shm

# mount -o remount /dev/shm

You should restart services that uses /tmp partition

———————————————————————————————————-

For cPanel

# /scripts/securetmp

April 20, 2011 Posted by | cPanel, Security, Tips & Tricks | , , , | 4 Comments

How to hide PHP version

Find your php.ini file

# vi /usr/local/lib/php.ini

and look for the line that says “expose_php On“ Change it to “expose_php Off“

Restart your HTTP service

# /etc/init.d/httpd restart

Done! No more PHP version number in your HTTP response header

April 19, 2011 Posted by | PHP, Security | , , | 3 Comments

How to hide Apache version

Open your Apache’s httpd.conf file

# vi /usr/local/apache/conf/httpd.conf “OR”

# vi /etc/http/conf/httpd.conf

and look for the line that says: “ServerSignature On“ Change it to ServerSignature Off” , this will hide the Apache version normally seen at the bottom of your 404 error pages) Then add “ServerTokens Prod” below that line, to hide the version in HTTP response headers

————————————————————————————————
ServerTokens Prod[uctOnly] : Server sends (e.g.): Server: Apache
ServerTokens Major :: Server sends (e.g.): Server: Apache/2
ServerTokens Minor :: Server sends (e.g.): Server: Apache/2.0
ServerTokens Min[imal] :: Server sends (e.g.): Server: Apache/2.0.41
ServerTokens OS :: Server sends (e.g.): Server: Apache/2.0.41 (Unix)
ServerTokens Full (or not specified) :: Server sends (e.g.): Server: Apache/2.0.41(Unix)/PHP/4.2.2 MyMod/1.2
————————————————————————————————

Restart your HTTP service

# /etc/init.d/httpd restart

Done! No more Apache version numbers. This setting applies to the entire server, and cannot be enabled or disabled on a virtualhost by virtualhost basis.

April 18, 2011 Posted by | Apache, Security | , , | 4 Comments

How to enable .jsp support for domain in cPanel

Login to the server via SSH and fire the commands below

# /scripts/addservlets domain.com

Now,  if you want to remove the servlets for the domain you can use the command below

# /scripts/remservlets domain.com

Restart the tomcat on the server once.

# /etc/init.d/tomcat stop

# /etc/init.d/tomcat start

You can try uploading the .jsp pages under the account and check.

April 17, 2011 Posted by | cPanel | , , | 2 Comments

How to change your server time to IST (Indian Standard Time)

If you need to change your server clock to another timezone, you can do so by modifying the /etc/localtime file:

# mv /etc/localtime /etc/localtime.bak

# ln -s /usr/share/zoneinfo/Asia/Calcutta /etc/localtime

# date

Thurs April 16 09:54:56 IST 2011

April 16, 2011 Posted by | Tips & Tricks, Unix/Linux | , | 2 Comments

Error While adding domain via cPanel

Sometimes, you look following type of error in cPanel while adding domian :-

Error While adding domain via cPanel :: Error from domain wrapperError Message :: Error from domain wrapper: example.com is owned by another user.

1. Remove the domain name example.com from /var/cpanel/users/cpanel-username

2. Run /scripts/updateuserdomains as root user on the server because you changed the above file manually, this will create adjusted cache files

# /scripts/updateuserdomains

3. Remove the zone file /var/named/example.com.db if the file exists

4. Remove the virtualhost entry for domain example.com on /usr/local/apache/conf/httpd.conf

5. Remove the domain example.com from /etc/named.conf

Now try to add the domain once again in cPanel.

Note :: example.com is the domain name which you want to add via cPanel.

April 15, 2011 Posted by | cPanel | | Leave a comment

E-Mail Issue with SquirrelMail

While sending emails using SquirrelMail,Sometimes you would be getting following error message;

ERROR: Could not append message to INBOX.Sent.
Server responded: [ALERT] Cannot create message – no write permission or out of disk space.

ERROR: Could not append message to INBOX.Sent.
Server responded: Error in IMAP command received by server.

ERROR: Connection dropped by IMAP server.
Query: LOGOUT

Solutions of this issue is you have to create tmp directory in /home/cPanel-Username/mail/Domain-Name/xyz/.Sent folder and issue get resolved.

Note:-
1. cPanel-Username is username of cPanel account
2. Domain-Name is the domain on which email address is created
3. xyz is a initial of email address

April 14, 2011 Posted by | cPanel, Mail | , | 4 Comments

How to upload images through Cubecart

If you are not able to upload the images via cubecart admin panel, then it seems to be an issue with the permissions on the directory under your account. Please follow the steps below

1. Change permissions for the diretcory “cart/images/uploads” to 777

# chmod -R 777 cart/images/uploads

2. Change permissionsfor diretcory “cart/images/uploads/thumbs” to 777.

# chmod -R 777 cart/images/uploads/thumbs

Now try to upload the images.

April 13, 2011 Posted by | Unix/Linux | , , | 3 Comments

How to Install pecl_http PHP Extension

The pecl_http php extension is used to provide a convenient and powerful set of functionality for most of PHP’s applications ,like HTTP urls, dates, redirects, headers and messages, provides means for negotiation of clients preferred language and charset, as well as a convenient way to send any arbitrary data with caching and resuming capabilities. You can easily install it on Linux server using pecl or pear command.

This is a quick guide on how to compile pecl_http, as sometimes it has a little trouble compiling with the system’s cURL libraries.

1. Login to server via SSH.

2. Go into your compile directory:

# cd /usr/local/src/

3. Download the library:

# wget pecl download pecl_http

4. Bundle it in the current directory:

# pecl bundle pecl_http

5. Go into the pecl_http source directory:

# cd pecl_http*

6. Prepare the build environment:

# phpize

7. Configure the build with cPanel’s cURL SSL library:

# ./configure –with-http-curl-requests=/opt/curlssl

Note:- You must have cURLSSL already built by EasyApache

8. Compile it:

# make && make install

9. Add the extension to PHP:

# echo “extension=http.so” >> /usr/local/lib/php.ini

10 .Restart Apache:

# /etc/init.d/httpd stop

# /etc/init.d/httpd start

Once it done you will have add “extension=http.so” line to php.ini file.

April 12, 2011 Posted by | cPanel, PHP | , , | Leave a comment

Typo3 database error

The current username, password or host was not accepted when the connection to the database was attempted to be established!  If you are receiving error mentioned above after installing typo3, please follow the steps below.

1. Open the file typo3_src/t3lib/config_default.php

2. Find for ‘no_pconnect’ the default value set will be 0. Change the value for ‘no_pconnect’
to 1. This will look like

‘no_pconnect’ => 1

3. Save the file and exit.

mysql_pconnect will be disabled on servers for security reasons. By default, typo3 uses mysql_pconnect to connect to the database. Changing the value for no_pconnect to 1 will use mysql_connect to connect to the database.

April 11, 2011 Posted by | cPanel | , | 1 Comment