UnixServerAdmin

Server Administration & Management

How to Export Mailman Mailing lists on cPanel

You can export the mailman mailing list members using below steps :

# cd /usr/local/cpanel/3rdparty/mailman/bin

# ./list_members mailinglistname_domain.com > /home/username/list.txt

# chown username:username /home/username /list.txt

mailinglistname_domain.com is the name of the mailing list (@ changes to_ )

Advertisements

May 2, 2012 Posted by | cPanel | , , | Leave a comment

How to detect domain being Attacked or Attacking Out in cPanel

What we can do to find out which domain being attacked or attacking out from/to the server. Its no matter how this could happen, we need to stop that from happenning and turn our server stable. Its better to do this process in real-time within the  time frame of server being attacked or the server  others to make sure we can gather enough information, prove and logs. Its also recommended to document  your process of troubleshooting for your reference. Believe me you will need it in future.

As for me, I will do basic checking as below:

1. Check overall server load summary using top command:

# top -c

2. Using the same command, we can monitor which process has taken high resource usage by sorting memory (Shift+M) or sorting CPU usage (Shift+P)

3. Check the network and analyse which connection flooding your server. Following command might be useful:

3.1 Check and sort number of network statistics connected to the server:

# netstat -anp |grep ‘tcp|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

3.2 If you have APFinstalled and using kernel older than 2.6.20, you can check the connection tracking table:

# cat /proc/net/ip_conntrack | cut -d ‘ ‘ -f 10 | cut -d ‘=’ -f 2 | sort | uniq -c | sort -nr | head -n 10

3.3 Do tcpdump to analyse packet that transmitted from/to your server. Following command might help to analyse any connection to eth0interface port 53 (DNS):

# tcpdump -vvxXlnni eth0 port 53 | grep A? | awk -F? ‘{print $2}’

4. Analyse Apache status page at WHM –> Server Status –> Apache Status. To do this via command line, you can run following command:

# service httpd fullstatus

5. Analyse Daily process logs at WHM –> Server Status –> Daily Process Logs. Find any top 5 users which consume most CPU percentage, memory and SQL process

After that, we should see some suspected account/process/user which occupied much resources either on CPU, memory or network connections.
Up until this part, we should shorlist any suspected account.

Then from the suspected account, we should do any step advised as below:

6. Scan the public_html directory of suspected user with anti virus. We can use clamav, but make sure the virus definition is updated before we do this:

6.1 Update clamavvirus definition:

# freshclam

6.2 Scan the public_html directory of the suspected user recursively with scan result logged to scanlog.txt:

# cd /home/user/public_html

# clamscan -i -r -l scanlog.txt &

6.3 Analyse any suspected files found by clamav and quarantine them. Make sure the file cannot be executed by chmod it to 600

7. Find any PHP files which contain suspicious characteristic like base64 encoded and store it into text file called scan_base64.txt.
Following command might help:

# cd /home/user/public_html

# grep -lir “eval(base64” *.php >  scan_base64.txt

8. Scan the Apacheaccess log from raw log for any suspicious activities. Following command might help to find any scripting
activities happened in all domains via Apache:

# find /usr/local/apache/domlogs -exec egrep -iH ‘(wget|curl|lynx|gcc|perl|sh|cd|mkdir|touch)%20’ {} ;

9. Analysing AWstats and bandwidth usage also get more clues. Go to cPanel > suspected domain > Logs > Awstats.
In the AWstats page, check the Hosts, Pages-URL or any related section. Example as below:

There are various way to help you in executing this task. As for me, above said steps should be enough to detect any domain/account
which attacking out or being attacked. Different administrator might using different approach in order to produce same result.

March 5, 2012 Posted by | cPanel, Security | , , | Leave a comment

How to rename package names on cPanel server

Many time we like to rename package name for our hosting accounts but as hosting account is assigned to large number of user and we can’t reassign package one by one to all users as its time consuming process at that time we can refer following steps to secure time. First login in to shell as root user.

# cd /var/cpanel/packages/

Now rename package for test purpose, we are renaming test_test package to test_support package.

# mv test_test test_support

Now make sure that you reassign package to your users who are currently using test_test package.

# cd /var/cpanel/users

Now search users who are currently using test_test package.

# grep test_test * -R
admin12:PLAN=test_test
test12:PLAN=test_test

Now simply run following command to replace all instance for test_test package in users file with new package name test_support

# grep test_test * -R -l > rename-packages

The above command will store all users name who currently using test_test package in rename-packages file.

# cat rename-packages
admin12
test12

Now create new file packages.sh with the following code.

# vi packages.sh
===================================
#!/bin/sh
dir=”/var/cpanel/users/”
fstr=”test_test”
rstr=”test_support”
exec 3<&0
exec 0<”/var/cpanel/users/rename-packages”
while read LINE ; do
sed -i “s/$fstr/$rstr/” “$LINE”
done
===================================
Set executable permission to file packages.sh file

#chmod 755 packages.sh

Before running packages.sh file check one of the users file and check package name.

# cat admin12
# cPanel — If you edit this file directly you must run /scripts/updateuserdomains afterwards to rebuild the system caches
BWLIMIT=unlimited
CONTACTEMAIL=
CONTACTEMAIL2=
DEMO=0
DNS=server.com
FEATURELIST=default
HASCGI=1
IP=xx.xx.xx.xx
LANG=english
LOCALE=en
MAXADDON=5
MAXFTP=0
MAXLST=0
MAXPARK=0
MAXPOP=0
MAXSQL=0
MAXSUB=0
MTIME=1283914039
MXCHECK-server.com=0
OWNER=root
PLAN=test_test
RS=x3
STARTDATE=1269778722
USER=admin12

Now run file packages.sh

# ./packages.sh

After running packages.sh file you can check user file name and found out that package name is changed.

# cat admin12
# cPanel — If you edit this file directly you must run /scripts/updateuserdomains afterwards to rebuild the system caches
BWLIMIT=unlimited
CONTACTEMAIL=
CONTACTEMAIL2=
DEMO=0
DNS=server.com
FEATURELIST=default
HASCGI=1
IP=xx.xx.xx.xx
LANG=english
LOCALE=en
MAXADDON=5
MAXFTP=0
MAXLST=0
MAXPARK=0
MAXPOP=0
MAXSQL=0
MAXSUB=0
MTIME=1283914039
MXCHECK-server.com=0
OWNER=root
PLAN=test_support
RS=x3
STARTDATE=1269778722
USER=admin12

Note: The above steps useful to rename packages for users , it will not change any value like addon , parked domain limit etc.

December 20, 2011 Posted by | cPanel | , | Leave a comment

cPanel: rsync error

If you have issued the following command

# rsync -av rsync://rsync.cpanel.net/scripts /scripts;chown 0.0 /scripts

And resulting in the  following error message:

rsync: failed to connect to rsync.cpanel.net: Connection refused (111)
rsync error: error in socket IO (code 10) at clientserver.c(94)

Here is the fix

cPanel has discontinued the use of rsync and all syncs need to be done using using the following command. Run these commands as root:

# /scripts/cpanelsync httpupdate.cpanel.net /cpanelsync/RELEASE/scripts /scripts

December 19, 2011 Posted by | cPanel | , | Leave a comment

cPanel JailShell, Unmount and Clean Virtfs [Jailshell virtfs]

NOTE:- Be careful! Don’t remove any folder which is inside /home/virtfs, NEVER. this folder links back to your systems root file system.

You might end up screwing up your server if you attempt it.

NEVER DELETE ANY FILES FROM /home/virtfs/

/home/virtfs is used to chroot the user into jailed shell. cPanel will hard link files into this directory so deleting files in /home/virtfs will also delete the files on the server in the actual location.

Example: rm /home/virtfs/user/etc/exim.pl will delete /etc/exim.pl

If you’re a sysadmin of cPanel server, you might be aware of the JailShell. Its nothing but a User Shell with limited privileges. Users requesting for shell access to the webhosting server are provided with such shell instead of bash (Which provides root level privileges to users) .

Jailshell limits the users access to their home directory and keeps rest of the file system safe. Still there are chances of such users breaking into your system, so be sure of providing shell access to your servers. Jailshell mounts the filesystems of the users, who login via SSH under a directory called /home/virtfs.  This contains users home directory and a false file system which links back to system directories like /bin, /usr etc.

So, we got to know that the Jailshell provides a restricted shell access to users and mounts the home directory temporarily at /home/virtfs.

Now, what if you still see the directories of different users mounted under /home/virtfs?

Right, this normally happens when users forget to logout properly from their SSH sessions. As a system admin,
you’re responsible to unmount these directories safely.

How do I do that?

You can find all the virtfs mounts in /proc/mounts. Run cat /proc/mounts.

# cat /proc/mounts

Now, its time to unmount them one by one. For that you have to take the second column of the output Or write a simple for loop as follows.

for i in `cat /proc/mounts | grep /home/virtfs | cut -d ‘ ‘ -f 2 ` ; do umount $i ; done

If a user is reporting double the quota and it is from /home/virtfs then we need to umount or kill and hanging jailshell process.  To do this run

# ps aufx |grep user |grep jailshell

If there are no jailshell processes then run

# cat /proc/mounts

It will show,
/dev/root /home/virtfs/user/lib ext3 rw,data=ordered,usrquota 0 0
/dev/sda2 /home/virtfs/user/usr/lib ext3 rw,data=ordered,usrquota 0 0
/dev/sda2 /home/virtfs/user/usr/sbin ext3 rw,data=ordered,usrquota 0 0
/dev/sda2 /home/virtfs/user/usr/share ext3 rw,data=ordered,usrquota 0 0
/dev/sda2 /home/virtfs/user/usr/bin ext3 rw,data=ordered,usrquota 0 0
/dev/sda2 /home/virtfs/user/usr/man ext3 rw,data=ordered,usrquota 0 0
/dev/sda2 /home/virtfs/user/usr/X11R6 ext3 rw,data=ordered,usrquota 0 0
/dev/sda2 /home/virtfs/user/usr/kerberos ext3 rw,data=ordered,usrquota 0 0
/dev/sda2 /home/virtfs/user/usr/libexec ext3 rw,data=ordered,usrquota 0 0
/dev/sda2 /home/virtfs/user/usr/local/bin ext3 rw,data=ordered,usrquota 0 0
/dev/sda2 /home/virtfs/user/usr/local/share ext3 rw,data=ordered,usrquota 0 0
/dev/sda2 /home/virtfs/user/usr/local/Zend ext3 rw,data=ordered,usrquota 0 0
/dev/sda2 /home/virtfs/user/usr/include ext3 rw,data=ordered,usrquota 0 0
/dev/sda2 /home/virtfs/user/usr/local/lib ext3 rw,data=ordered,usrquota 0 0
/dev/sda3 /home/virtfs/user/var/spool ext3 rw,noatime,nodiratime,data=ordered,usrquota 0 0
/dev/sda3 /home/virtfs/user/var/lib ext3 rw,noatime,nodiratime,data=ordered,usrquota 0 0
/dev/sda3 /home/virtfs/user/var/run ext3 rw,noatime,nodiratime,data=ordered,usrquota 0 0
/dev/sda3 /home/virtfs/user/var/log ext3 rw,noatime,nodiratime,data=ordered,usrquota 0 0
/dev/sda6 /home/virtfs/user/tmp ext3 rw,nosuid,nodev,noexec,data=ordered 0 0
/dev/root /home/virtfs/userbin ext3 rw,data=ordered,usrquota 0 0

You will need to unmount each of these by running

# umount /home/virtfs/user/tmp

and so on

You can also run

for i in `cat /proc/mounts |grep virtfs |grep user |awk ‘{print$2}’`; do umount $i; done

Make sure to replace user with the cPanel username in the above command. This will then clear up the files in /home/virtfs and the quota should return to normal. If you want to unmount the virtfs of a perticular user, you can simply add an another pipe to for condition with grep username.

Now, you’re done with cleaning of your virtfs.

December 17, 2011 Posted by | cPanel | , | 1 Comment

How to fix error in Mailing list

Error:-

Bug in Mailman version 2.1.9.cp2
We’re sorry, we hit a bug!
Please inform the webmaster for this site of this problem. Printing of traceback and other system information has been explicitly inhibited, but the webmaster can find this information in the Mailman error logs.

Fix:-

1. Go to /usr/local/cpanel/3rdparty/mailman

# cd /usr/local/cpanel/3rdparty/mailman

# ls -al

#chmod -R 2775 ./*

Check if this has fixed the issue, If not run the fixmailman script.

# /scripts/fixmailman

If this wont fix the issue.

# /scripts/reinstall mailman

December 16, 2011 Posted by | cPanel, Mail | , , , | Leave a comment

How to change language for Roundcube webmail

1. Edit Roundcube main config (/usr/local/cpanel/base/roundcube/config/main.inc.php)

# vi /usr/local/cpanel/base/roundcube/config/main.inc.php

To change language from English to Portuguese Brasil

Find

$rcmail_config[‘locale_string’] = ‘en’;

Replace it to

$rcmail_config[‘locale_string’] = ‘pt_BR’;

You can see the installed languages such as fr(french), en_US(english US) from the folder /usr/local/cpanel/base/roundcube/program/localization.

December 15, 2011 Posted by | cPanel, Mail | , , , | Leave a comment

How to run processes with cpuwatch on cPanel

We can run certain processes like account packaging or account restores with certain cpuwatch value to make sure the server load remains in control and thus normal server operations continue to work during the cpu intensive restore or package processes. This can be achieved by using below command :

# /usr/local/cpanel/bin/cpuwatch 10 /scripts/restorepkg USERNAME

We can keep cpuwatch to 10 , or lower or higher value depending on the specifications of the server and our requirements. As acceptable load values depends on server specifications specially the number of cores.

December 13, 2011 Posted by | cPanel | , , | Leave a comment

Fantastico Showing Blank Page

Fantastico is showing blank page after installation. New installation was  also giving the blank page.

FIX:- Change the following on config.php file.

#define(“PLUGIN_ROOTDIR”,”/tmp”);
define(“PLUGIN_ROOTDIR”,”plugins”);

CAUSE:-

The server is PHP-SUEXEC enabled so the plugin_rootdir should be given as “plugins” in config.php file.

December 12, 2011 Posted by | cPanel | , | Leave a comment

How to fix the time drift issue on a cPanel linux server

Many times you may notice a time drift problem on the server. It is common with some of the AMD Processor server series as well.  In most cases its impact is not very high and it can be controlled by setting up a cron to run each minute to make sure the time remains close to accurate.

e.g. you can setup below cron in either root cron file at /var/spool/cron or in /etc/crontb

*/1 * * * * rdate -s rdate.cpanel.net

This basically syncs the time using rdate, you can use cPanel’s rdate server or any of other public rdate servers.

Another way to fix it is by setting up ntpd (Network Time Protocol Daemon) on the server and is a method to achieve more accurate results. You can install ntp using following simple commands :

# yum install ntp

Edit /etc/ntp.conf for choice of your server

# vi /etc/ntp.conf

The default timer servers should work too , or you can update them as per your liking. The service can be controlled using below simple/standard commands :

# service ntpd start

# service ntpd stop

# service ntpd restart

There are more detail configuration settings as well like drift etc, but for normal use the default settings should be fine.  Another reason for time drift ( usually a crazy one ) can be kernel specific problem. That is in this case the time drifts forward and background with a jump of 20 / 30 seconds, and this becomes a serious problem resulting in failure of different services, one server I handled had both imap and ftp services failing on it.
This was a cPanel server with courier throwing below error :

BYE Clock skew detected. Check the clock on the file server

And ftp was also failing with such a time drift as was not able to do the initial connection session. This was resolved by installing the latest CentOS5 kernel on the related sever.

So for resolving a time drift issue, your sequence would be from rdate cron, ntpd to kernel upgrade , depending on what exactly is the problem and how severe it is.

If you have to choose between cron and ntpd then ntpd solution is preferred.

December 10, 2011 Posted by | cPanel, NTP | , , | 1 Comment

How to update awstats from shell for all users in cPanel

Refer following command to update awstats for all users on your cPanel linux server but make sure that you are logged in as root user.

# cat /etc/trueuserowners | sort | cut -f 1 -d : | awk ‘{print “/scripts/runweblogs “$1}

December 4, 2011 Posted by | cPanel | , , | Leave a comment

cPanel not showing FTP user accounts

This issue was due to the missing entries in the /etc/proftpd/username file.

For fixing this just issue the following command:-

# /scripts/ftpupdate.

This will sync the passwords of all the accounts in the server.

November 30, 2011 Posted by | cPanel, FTP | , | Leave a comment

How to enable PHP MsSQL extension on cPanel

You can enable mssql extension for php on cPanel server. For this you will need to first install some supporting modules. You will need root access to install it. Before you proceed for installation it is important that you backup your php.ini, http.conf and php.conf file.

1. Below are the required module

i) Txt2man
ii) unixODBC
iii) freeTDS
iv) PHP mssql.so

2. Install unixODBC package

# cd /usr/local/src/

# wget http://www.unixodbc.org/unixODBC-2.2.14-p2.tar.gz

# tar -xvzf unixODBC-2.2.14-p2.tar.gz

# cd unixODBC-2.2.14-p2

# ./configure -prefix=/usr/local -enable-gui=no

# make

# make install

3. Install freeTDS package

# cd /usr/local/src/

# wget ftp://ftp.ibiblio.org/pub/Linux/ALPHA/freetds/stable/freetds-stable.tgz

# tar -xvzf freetds-stable.tgz

# cd freetds-stable

# ./configure -with-tdsver=8.0 -with-unixODBC=/usr/local

# make

# make install

Once installation is completed it will show you configuration file path for freetds.conf note down this path in note pad.

4. Configuration freeTDS, Open file freetds.conf and add following to the bottom.

# vi freetds.conf

[MSHOSTNAME]
host = localhost
port = 1433
tds version = 8.0

5. Generating mssql.so file

# cd /home/cpeasyapache/src/php-x.x.x/ext/mssql/

# phpize

# ./configure

# make

# make install

6. Above steps will create a copy of mssql.so in the installed extension directory. Now locate your php.ini file and add extension as

# vi /etc/php.ini

extension = “mssql.so”

7.  Restarting apache service for php changes to take effect.

# /etc/init.d/httpd restart

Now executing php -m or create phpinfo file you will see mssql is listed in the list.

# php -m

November 20, 2011 Posted by | cPanel, PHP | , , | 1 Comment

Postgres Databases are not being showed on cPanel

We can fix this by modifying /var/lib/pgsql/data/pg_hba.conf from ‘md5? to ‘trust’. It should have the following entries:-

local all all trust
host all all 127.0.0.1 255.255.255.255 trust

Try to access cPanel now. Databases will be showing up on cPanel.

November 12, 2011 Posted by | cPanel, PgSQL | , | Leave a comment

Preserving httpd.conf during EasyApache in cPanel

Issue : The apache configuration file (httpd.conf) has several custom entries which should not be over-written when an EasyApache is done for recompiling/adding a PHP/Apache extension.

Solution : Starting with cPanel 11.x, all the apache settings are also stored in a database and the configuration files
are recreated each time an account is added or a recompile is done.

1) To also save the changes in the database you will have to run:

# /usr/local/cpanel/bin/apache_conf_distiller –update

2) You can check to see if the changes were accepted and will not be discarded at the next apache recompile by running :

# /usr/local/cpanel/bin/build_apache_conf

November 3, 2011 Posted by | Apache, cPanel, Security | , , | Leave a comment

How to install pdo_pgsql in cPanel server

Its that easy to add the php module pdo_pgsql in a cPanel server. Just use the command

# pecl install pdo_pgsql

Then go for a Apache restart. It will be shown up in your phpinfo page.

# /etc/init.d/httpd /restart

November 2, 2011 Posted by | cPanel, PgSQL | , , | Leave a comment

Apache status showing blank page in WHM

If the Apache status page is showing blank in WHM, then you can fix the same by issuing the following script:-

# /scripts/addstatus

This should fix the issue.

October 31, 2011 Posted by | Apache, cPanel | , | Leave a comment

How to Fixquotas for cPanel in Virtuozzo

quotacheck: Scanning /dev/vzfs [/] quotacheck: lstat Cannot stat `//usr/share/sgml/docbook/xmlcatalog’: No such file or directory
Guess you’d better run fsck first !
exiting…

This is because cPanel has changed files provided by the OS template on which the system is built. The solution is:
On the main node server:

# vzfsutil –cM -t /vz/template /vz/private/

This will give you a set of files that has been modified.
do:

# chmod -S -t /vz/private//root/

then try:

# vzfsutil –cM -t /vz/template /vz/private/

once done, re-enter the C-panel server and run:

# /scripts/fixquotas

that will do.

October 25, 2011 Posted by | cPanel, Virtualization, Virtuozzo | , , , , | Leave a comment

How to enable Quota for cPanel in Virtuozzo

On Virtuozzo VPS with Cpanel control panel, disk quota is showing unlimited. I tried to enable quota through WHM –> Server Configuration –> Initial Quota Setup, but got following error.

Installing Default Quota Databases……Done
Quotas are now on
Updating Quota Files……
quotacheck: Can’t find filesystem to check or
filesystem not mounted with quota option.

quotacheck: Can’t find filesystem to check or
filesystem not mounted with quota option.
….Done

The problem is fixed by changing the VPS quotaugidlimit value to 800.

1. Click on Infrastructure Manager
2. Click on Virtual Private Servers
3. Click on VPS you need to enable quota
4. Click Preferences
5. Click on Resources tab
6. Click Extend button
7. Disk Quota – Click to set up Disk Quota parameters
8. Click Modify Button on top and change value of quotaugidlimit to 800 and save, this will restart the VPS.

Now you need to delete old quota to enable new quota.

# rm -rf /aquota.user 2>/dev/null

# rm -rf /aquota.group 2>/dev/null

# unlink /aquota.user 2>/dev/null

# unlink /aquota.group 2>/dev/null

And run following command, it should be in one line, No line breaks

for x in `find /proc/vz/vzaquota/ | tail -1 | xargs find | tail -2 `; do ln -s $x /; done

Now your Virtuozzo VPS will work with cPanel disk quotas.

October 24, 2011 Posted by | cPanel, Virtualization, Virtuozzo | , , , , | Leave a comment

How to modify Apache default success page in cPanel

To modify the apache default success page, follow the steps below.

1. You just have to login to your server via ssh.

2. Navigate to /usr/local/apache/htdocs

# cd /usr/local/apache/htdocs/

3. And finally edit the file index.html

# vi index.html

October 12, 2011 Posted by | Apache, cPanel | , , | Leave a comment