Wednesday, November 24, 2010

Interview Docs

1. rmdir command is used to remove empty directory
2. shell commands are of two types external and internal
to find out the type of command
type -a command

======
eg:
root@gvo19371 [~]# type -a ls
ls is aliased to `/bin/ls $LS_OPTIONS'
ls is /bin/ls
root@gvo19371 [~]#
=========
root@gvo19371 [~]# type -a history
history is a shell builtin
root@gvo19371 [~]#
------

3.What is the main advantage of creating links to a file instead of copies of the file?

The main advantage is not really that it saves disk space (though it does that too) but, rather, that a change of permissions on the file is applied to all the link access points. The link will show permissions of lrwxrwxrwx but that is for the link itself and not the access to the file to which the link points. Thus if you want to change the permissions for a command, such as su, you only have to do it on the original. With copies you have to find all of the copies and change permission on each of the copies.

4.How does a trace route work?

When you execute a traceroute command (ie traceroute www.yahoo.com), your machine sends out 3 UDP packets with a TTL (Time-to-Live) of 1. When those packets reach the next hop router, it will decrease the TTL to 0 and thus reject the packet. It will send an ICMP Time-to-Live Exceeded (Type 11), TTL equal 0 during transit (Code 0) back to your machine - with a source address of itself, therefore you now know the address of the first router in the path.

Next your machine will send 3 UDP packets with a TTL of 2, thus the first router that you already know passes the packets on to the next router after reducing the TTL by 1 to 1. The next router decreases the TTL to 0, thus rejecting the packet and sending the same ICMP Time-to-Live Exceeded with its address as the source back to your machine. Thus you now know the first 2 routers in the path.

This keeps going until you reach the destination. Since you are sending UDP packets with the destination address of the host you are concerned with, once it gets to the destination the UDP packet is wanting to connect to the port that you have sent as the destination port, since it is an uncommon port, it will most like be rejected with an ICMP Destination Unreachable (Type 3), Port Unreachable (Code 3). This ICMP message is sent back to your machine, which will understand this as being the last hop, therefore traceroute will exit, giving you the hops between you and the destination.

The UDP packet is sent on a high port, destined to another high port. On a Linux box, these ports were not the same, although usually in the 33000. The source port stayed the same throughout the session, however the destination port was increase by one for each packet sent out.

One note, traceroute actually sends 1 UDP packet of TTL, waits for the return ICMP message, sends the second UDP packet, waits, sends the third, waits, etc, etc, etc.

If during the session, you receive * * *, this could mean that that router in the path does not return ICMP messages, it returns messages with a TTL too small to reach your machine or a router with buggy software. After a * * * within the path, traceroute will still increment the TTL by 1, thus still continuing on in the path determination.

I really have no idea any localized place to get information about traceroute (although if you are on *nix, try the man page - it didn't look too bad in the brief look I had at it...).

Tuesday, November 16, 2010

How to Find Server is Under DDOS

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers.


netstat -anp | grep "tcp\|udp" | awk {'print $5'} | cut -d: -f1 | uniq -c | sort -n


So what will be the output ?

1 0.0.0.0
1 208.80.152.2
1 208.80.152.2
1 208.80.152.3
1 209.85.135.103
1 209.85.135.113
1 74.125.43.113
2 208.80.152.2
2 208.80.152.3
2 208.80.152.3
3 0.0.0.0
3 208.80.152.2

Left column indicates the number of connection,from the IP address which shown in right column. This was taken from my local test machine. If you are under an attack,this number may vary. The number will be any number.

How to Find APACHE under Attack

Here I would like to tell how an administrator find whether his Apache server is Under Attack.

1.First checkout the load of the server

top -u apache (Here apache means the web server user)

Tasks: 126 total, 1 running, 125 sleeping, 0 stopped, 0 zombie
Cpu(s): 3.8%us, 0.7%sy, 0.0%ni, 94.3%id, 1.1%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 1027224k total, 927296k used, 99928k free, 46428k buffers
Swap: 3004112k total, 0k used, 3004112k free, 410736k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
5573 apache 20 0 20696 3284 584 S 0 0.3 0:00.00 apache2
5575 apache 20 0 20696 3284 584 S 0 0.3 0:00.00 apache2
5576 apache 20 0 20696 3284 584 S 0 0.3 0:00.00 apache2
5577 apache 20 0 20696 3284 584 S 0 0.3 0:00.00 apache2
5578 apache 20 0 20696 3284 584 S 0 0.3 0:00.00 apache2

This is the normal stage of Apache. If the CPU usage is increasing,take care you are in trouble

2.Check the number of running Apache processes

ps -ef | grep apache | wc -l

If you get a number below 50,no problem. Other wise something nasty is happening

3.Check how many listening connection to port 80

ps -ef | grep apache | wc -l

If the number goes beyong 100,an attacker closely watching your servers

4.Check your listening foriegn IPs

netstat -tn

You can see that the same IP or IPrange is listening on your Web port (80). If you made a DNS lookup to those IPs You can found that all those IPS are come from a DHCP pool,it means ATTACK.

How a DNS works - Simple Example

* A User opens a web browser and tries to connect to www.google.com. The operating system not knowing the IP Address for www.google.com, asks the ISP's DNS Server for this information.

* The ISP's DNS Server does not know this information, so it connects to a Root Server to find out what name server, running somewhere in the world, to know the information about google.com.

* The Root Server tells the ISP's DNS Server to contact a particular name server that knows the information about google.com.

* The ISP's DNS Server connects to Google's DNS server and asks for the IP Address for www.google.com.

* Google's DNS Server responds to the ISP's DNS server with the appropriate IP Address.

* The ISP's DNS Server tells the User's operating system the IP Address for google.com.

* The operating system tells the Web Browser the IP Address for www.google.com.

* The web browser connects and starts communication with www.google.com.

Friday, November 12, 2010

Interview questions PART 1

1. To find the gateway address in linux.
route -n
netstat -nr or netstat -r

2.You need to view the contents of the tarfile called MyBackup.tar. What command would you use?
tar tf MyBackup.tar

3.You wish to create a link to the /data directory in bob's home directory so you issue the command ln /data /home/bob/datalink but the command fails. What option should you use in this command line to be successful.
Use the -F option

4.Who owns the data dictionary?
The SYS user owns the data dictionary. The SYS and SYSTEM users are created when the database is created.

5.You have a file called phonenos that is almost 4,000 lines long. What text filter can you use to split it into four pieces each 1,000 lines long?
split

The split text filter will divide files into equally sized pieces. The default length of each piece is 1,000 lines.

6.You would like to temporarily change your command line editor to be vi. What command should you type to change it?
set -o vi

The set command is used to assign environment variables. In this case, you are instructing your shell to assign vi as your command line editor. However, once you log off and log back in you will return to the previously defined command line editor.

7.You routinely compress old log files. You now need to examine a log from two months ago. In order to view its contents without first having to decompress it, use the _________ utility.
zcat

The zcat utility allows you to examine the contents of a compressed file much the same way that cat displays a file.

8.In order to run fsck on the root partition, the root partition must be mounted as
readonly

You cannot run fsck on a partition that is mounted as read-write.

9.What is the minimum number of partitions you need to install Linux?
Answer: 2
Linux can be installed on two partitions, one as / which will contain all files and a swap partition.

10.7.What is the difference between POP3 and IMAP ?

The Difference

POP3 works by reviewing the inbox on the mail server, and downloading the new messages to your computer. IMAP downloads the headers of the new messages on the server, then retrieves the message you want to read when you click on it.

When using POP3, your mail is stored on your PC. When using IMAP, the mail is stored on the mail server. Unless you copy a message to a "Local Folder" the messages are never copied to your PC.

Scenarios of Use

POP3

· You only check e-mail from one computer.

· You want to remove your e-mail from the mail server.

IMAP

· You check e-mail from multiple locations.

· You use Webmail.

11.Is it possible to install cpanel in debian servers?

No..Its not possible to install cpanel in debian

Here is the list of OS which supports cpanel
centos 3,4,5 and freebsd 7,8

Thursday, November 4, 2010

ssl installation via ssh

Zurück
How to create a self-signed SSL Certificate ...

... which can be used for testing purposes or internal usage

Overview

The following is an extremely simplified view of how SSL is implemented and what part the certificate plays in the entire process.

Normal web traffic is sent unencrypted over the Internet. That is, anyone with access to the right tools can snoop all of that traffic. Obviously, this can lead to problems, especially where security and privacy is necessary, such as in credit card data and bank transactions. The Secure Socket Layer is used to encrypt the data stream between the web server and the web client (the browser).

SSL makes use of what is known as asymmetric cryptography, commonly referred to as public key cryptography (PKI). With public key cryptography, two keys are created, one public, one private. Anything encrypted with either key can only be decrypted with its corresponding key. Thus if a message or data stream were encrypted with the server's private key, it can be decrypted only using its corresponding public key, ensuring that the data only could have come from the server.

If SSL utilizes public key cryptography to encrypt the data stream traveling over the Internet, why is a certificate necessary? The technical answer to that question is that a certificate is not really necessary - the data is secure and cannot easily be decrypted by a third party. However, certificates do serve a crucial role in the communication process. The certificate, signed by a trusted Certificate Authority (CA), ensures that the certificate holder is really who he claims to be. Without a trusted signed certificate, your data may be encrypted, however, the party you are communicating with may not be whom you think. Without certificates, impersonation attacks would be much more common.

Step 1: Generate a Private Key

The openssl toolkit is used to generate an RSA Private Key and CSR (Certificate Signing Request). It can also be used to generate self-signed certificates which can be used for testing purposes or internal usage.

The first step is to create your RSA Private Key. This key is a 1024 bit RSA key which is encrypted using Triple-DES and stored in a PEM format so that it is readable as ASCII text.

openssl genrsa -des3 -out server.key 1024

Generating RSA private key, 1024 bit long modulus
.........................................................++++++
........++++++
e is 65537 (0x10001)
Enter PEM pass phrase:
Verifying password - Enter PEM pass phrase:

Step 2: Generate a CSR (Certificate Signing Request)

Once the private key is generated a Certificate Signing Request can be generated. The CSR is then used in one of two ways. Ideally, the CSR will be sent to a Certificate Authority, such as Thawte or Verisign who will verify the identity of the requestor and issue a signed certificate. The second option is to self-sign the CSR, which will be demonstrated in the next section.

During the generation of the CSR, you will be prompted for several pieces of information. These are the X.509 attributes of the certificate. One of the prompts will be for "Common Name (e.g., YOUR name)". It is important that this field be filled in with the fully qualified domain name of the server to be protected by SSL. If the website to be protected will be https://public.akadia.com, then enter public.akadia.com at this prompt. The command to generate the CSR is as follows:

openssl req -new -key server.key -out server.csr

Country Name (2 letter code) [GB]:CH
State or Province Name (full name) [Berkshire]:Bern
Locality Name (eg, city) [Newbury]:Oberdiessbach
Organization Name (eg, company) [My Company Ltd]:Akadia AG
Organizational Unit Name (eg, section) []:Information Technology
Common Name (eg, your name or your server's hostname) []:public.akadia.com
Email Address []:martin dot zahn at akadia dot ch
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Step 3: Remove Passphrase from Key

One unfortunate side-effect of the pass-phrased private key is that Apache will ask for the pass-phrase each time the web server is started. Obviously this is not necessarily convenient as someone will not always be around to type in the pass-phrase, such as after a reboot or crash. mod_ssl includes the ability to use an external program in place of the built-in pass-phrase dialog, however, this is not necessarily the most secure option either. It is possible to remove the Triple-DES encryption from the key, thereby no longer needing to type in a pass-phrase. If the private key is no longer encrypted, it is critical that this file only be readable by the root user! If your system is ever compromised and a third party obtains your unencrypted private key, the corresponding certificate will need to be revoked. With that being said, use the following command to remove the pass-phrase from the key:

cp server.key server.key.org
openssl rsa -in server.key.org -out server.key

The newly created server.key file has no more passphrase in it.

-rw-r--r-- 1 root root 745 Jun 29 12:19 server.csr
-rw-r--r-- 1 root root 891 Jun 29 13:22 server.key
-rw-r--r-- 1 root root 963 Jun 29 13:22 server.key.org

Step 4: Generating a Self-Signed Certificate

At this point you will need to generate a self-signed certificate because you either don't plan on having your certificate signed by a CA, or you wish to test your new SSL implementation while the CA is signing your certificate. This temporary certificate will generate an error in the client browser to the effect that the signing certificate authority is unknown and not trusted.

To generate a temporary certificate which is good for 365 days, issue the following command:

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=CH/ST=Bern/L=Oberdiessbach/O=Akadia AG/OU=Information
Technology/CN=public.akadia.com/Email=martin dot zahn at akadia dot ch
Getting Private key

Step 5: Installing the Private Key and Certificate

When Apache with mod_ssl is installed, it creates several directories in the Apache config directory. The location of this directory will differ depending on how Apache was compiled.

cp server.crt /usr/local/apache/conf/ssl.crt
cp server.key /usr/local/apache/conf/ssl.key

Step 6: Configuring SSL Enabled Virtual Hosts

SSLEngine on
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

Step 7: Restart Apache and Test

/etc/init.d/httpd stop
/etc/init.d/httpd stop

https://public.akadia.com

http://www.akadia.com/services/ssh_test_certificate.html

Wednesday, October 27, 2010

suspicious process running in the server

add the process entry to /etc/csf/pignore file

Tuesday, October 26, 2010

To niew mysql promt command history

For viewing the mysql command history
cat .mysql_history

command to read mysql database table

For reading the database table
mysql> select * from wp_users \G;

For resolving a site from our local sysytem in windows

For resolving a site from our local sysytem

E:\WINDOWS\system32\drivers\etc\hosts
edit the file
IP domainname
After this chages made the site will resolve from the local system

Saturday, September 25, 2010

Redirecting site to index.php if index.html exists

put following entry in .htaccess file

DirectoryIndex index.php

Wednesday, September 15, 2010

wordpress site broken

The problem is due to the site url. YOu can change it via cpanel or via backend.

go to cpanel >> phpmuadmin >> select db >> wp-options and edit the site url

backend:

step 1: use foreverg_wrdp1;
step2: show tables;
step3: desc wp_options;
step4: select * from wp_options where option_name='home';
step5: select * from wp_options where option_name='siteurl';
step6: update wp_options set option_value='http://forevergreenliving.com/' where option_id=37;
step7: update wp_options set option_value='http://forevergreenliving.com/' where option_id=1;

How to boot system in single user mode

1. At the starting time i.e when grub loading select press e
2. Then select kernel and press e
3. Then at the end of the line add the letter S or the word single
4.Then press ENTER

Monday, August 30, 2010

Internal server error +webmail +User 'mypassbo' is over quota.

Please check the quota and if is in the given range then


move the following file

/var/cpanel/onerquota/username

wordpress site url change

You can do this via cpanel

=========
go to cpanel >> phpmyadmin >> select database >> select table wp-options and edit the table with correct site URL.
========

Also we can do this via backend

==========
step 1: use foreverg_wrdp1;
step2: show tables;
step3: desc wp_options;
step4: select * from wp_options where option_name='home';
step5: select * from wp_options where option_name='siteurl';
step6: update wp_options set option_value='http://forevergreenliving.com/' where option_id=37;
step7: update wp_options set option_value='http://forevergreenliving.com/' where option_id=1;
=========

Tuesday, August 24, 2010

Script to replace frames

grep -iRl octopusdye.ru /home/newellfi/public_html

for i in `grep -Rl 725af0498bd203c5f15bea5958ce1494 .` ;do sed -i '/725af0498bd203c5f15bea5958ce1494/d' $i ;done

Scripting Tutorials

SHELL SCRIPTING:

* sHELL: it is an interface between user and OS.
bash is a character based sell interface, these interfaces accepts lines f textul command
that the user type in.

* For sorting a file

sort -n filname >> filname.txt
This will save the sorted out put of filename to filename.txt

* UNIX is one of the first operating systems to make the user interface independent
of the operating system.

** Bourne shell, K shell,

* To install bash as your login shell, type chsh bash-name, where bash-name
is the response you got to your whereis command (or whatever worked).
For example:% chsh /usr/local/bin/bash

* lp ==command used for printing

* WILD CARDS:

? == ANY SIGNLE CHARACTER
* == aNY STRING OF CHARACTER
[set] == any characher in set

Brace []:

b{ar{d,n,k},ed}s. == >> out puts bards,barns,barks,beds


** cat < file1 > file2 This similaer tp cp file1 file2

** CUT command:

grep usernames from /etc/passwd file

cat /etc/passwd | cut -d: -f1 >> test1


** To print natural numbers:

for i in `seq 1 10`;do echo $i;done;


ECHO:

echo string ==>> o/put as string
echo 'string' ==>> o/put as string
echo "string" ==>> o/put as string

echo 2 * 2 > 3 == o/put as a file with name 3 and containing all the file names in the
current directory including 2.

echo '2 * 2 > 3' == >> o/put as 2 * 2 > 3

echo " 2 * 2 > 3 " == >> o/put as 2 * 2 > 3


Most popular unix editors:
vi and emacs

Word press MU or WordPressµ

Wordpress MU is or WordPressµ is multi user version of wordpress.It is useful for peples who wants to set up a large networs of blogs.It is used in newspapers, magazines etc.

Using the WordPress multi-user edition, you will be able offer users an opportunity to sign up for a new blog. They will be able to securely manage their templates and settings without affecting any other users. You can have unlimited users with unlimited blogs, and users can have various roles (administrator, editor, author, contributor, subscriber) on each other's blogs. One or more Site Administrators can perform site-wide management tasks, including adding users and blogs, altering permissions and granting access to themes.

WordPress MU Plugins and Themes are controlled by a central system administrator. Unlike the single-user version of WordPress, individual WPMU bloggers cannot upload their own WordPress Plugins and Themes. The users can only select from the ones made available by the system administrator. Individual themes can be made available to all blogs or just to specific ones.

Tuesday, July 27, 2010

How to tar multiple files

To group multiple files : tar -cvf foo.tar a.dat b.dat c.dat ( this will group files [a-c]*.dat to one file foo.tar )
c = create a tar file
v = verbose( nothing important :P )
f = create the tar file with filename provided as the argument

Thats all you need to know to tar(group) a bunch of files/directories.

* To tar files and gzip them : tar -czf foo.tar.gz *.dat ( this will create a gzip-compressed Tar file of the name foo.tar.gz of all files with a .dat suffix in that directory )

* To untar(separate) files from a tar archive : tar -xvf foo.tar ( this will produce three separate files a.dat, b.dat and c.dat )

* To untar(extract) a gzipped tar archive file : tar -xzf foo.tar.gz

* To untar a bzipped (.bz2) tar archive file : tar -xjf foo.tar.bz2

Tuesday, July 20, 2010

Iframe attack

find . -type f -exec replace '' '' -- {} \;

eg: find . -type f -exec replace '
' '' -- {} \;

Thursday, July 8, 2010

cpanel backup with wget

wget --http-user=YourUsername --http-password=YourPassword http://YourWebsiteUrl:2082/getbackup/backup-YourWebsiteUrl-`date +"%-m-%d-%Y"`.tar.gz

Friday, June 18, 2010

transfering a reseller account ?

For transfering a reseller acct after transferring change the reseller ownership.
in /etc/trueuserdomains also check the accounts are listed in whm.

Change reseller accounts IP address?

login to whm as root
then go to reseller centre
select that reseller >> Manage reseller's IP delegation
then assign our IP

select that reseller >> Manage reseller's main/shared IP >> assign our IP

Then select the reseller >> Edit reseller privileges & nameservers >> give full privilge

THen login into WHm as reseller then assign the IP address to our IP(list accts >> under IP ...edit IP adress).

Getting following message in cron email? Sorry, allow_url_fopen variable

Getting following message in cron email?

======
Sorry, allow_url_fopen variable can't be set to 1 from php script.
You should set allow_url_fopen = 1 in your php.ini file in order to run
Backlink Index Express
========

Solution: change crontab with curl
i.e */5 * * * * curl http://thewebsitemarketingpro.com/bie_v6/indexexpress.php
for php give the full path.. i.e /home/uname/public_html/thewebsitemarketingpro.com/bie_v6/indexexpress.php

Set local php.ini

carete php.ini under user account then put the following snipet in the .htaccess file

===========
suPHP_ConfigPath /home/reiedac/public_html/php.ini ===>>>>(path to php.ini)
===========

Thursday, June 3, 2010

Command to see the contents of your MBR

To see the contents of your MBR, use this command:

dd if=/dev/hda of=mbr.bin bs=512 count=1 od -xa mbr.bin

Wednesday, May 26, 2010

Website shows various charactors

Some times website shows various characters instead of showing correct contents.

For solving this check the php version and check which version is compatible .

Then set the corresponding version via cpanel

i.e goto CPANEL >> php cofiguration >> enable php4 or 5

String replacement commands

Replace:
Syntax:
replace from to - filename

eg:cat test1
hai I am fine

replace hai hi -- test1

==================================

We can also use sed command for replacing the string

====================
Syntax:
sed 's/oldstring/newstring/g' filename

eg: sed 's/hai/hi/g' test1

/etc/mailips

Mailips is mainly auto-generated file and is used for outgoing SMTP interface. However, you can also manually update and manage the mailips file. Full path to the mailips is: "/etc/mailips"

The syntax is:

* Add default sending IP address

*: IP

The above line will send outgoing mail from the default (eth0) IP address. Entry begins with an asterisk (*) will sets the default sending IP (from the eth0) address for domains without their own specific entry.

* Add specific entry for the domain.

domain.tld: IP1
sub.domain.tld: IP2
addondomain.tld: IP3
other.domain.tld: IP4

Each line defines a personal outgoing server for the domain. Doing it this way, each domain can have its own outgoing IP and that way, you will be able to setup RDNS (Reverse DNS) for each IP for that domain name.

package account without homw dir

/scripts/pkgacct --skiphomedir user

Yum Installation II

http://techtrouts.com/how-to-install-yum-on-red-hat-enterprise-linux-4/

Monday, May 24, 2010

VIPoint important links

Configure lite speed:

=====
http://www.litespeedtech.com/docs/webserver/admin/
http://www.litespeedtech.com/docs/webserver/troubleshoot/
http://www.litespeedtech.com/docs/webserver/config/vhostlist/
http://www.litespeedtech.com/docs/webserver/config/vhostgeneral/
http://www.litespeedtech.com/docs/webserver/config/rewrite/
http://www.litespeedtech.com/support/wiki/doku.php
http://www.litespeedtech.com/support/wiki/doku.php?id=litespeed_wiki:apache:da&rev=1175563776
http://www.litespeedtech.com/support/wiki/doku.php?id=litespeed_wiki:apache:ezcpanel
http://www.litespeedtech.com/support/wiki/doku.php?id=litespeed_wiki:apache:cpanel
=====


Poornam forum:

http://bobcares.com/

Mod_rewrite

http://www.workingwith.me.uk/articles/scripting/mod_rewrite

Gallery:

http://codex.gallery2.org/Gallery2:FAQ

Outlook email error

http://www.computersplace.com/vista/outlook-email-error


RV site builder

http://www.rvsitebuilder.com/faqweb/index.php?action=show&cat=2

For downloading testfiles

http://www.thinkbroadband.com/download.html

phpmyadmin

http://www.icewalkers.com/Linux/Software/517580/phpMyAdmin.html

Centos

http://mirror.centos.org/centos/3.6/os/i386/RedHat/RPMS/

openvz

http://forum.openvz.org/index.php?t=msg&goto=25671&

Wordpress


http://techsemi.wordpress.com/

PLeask blog

http://rootatlinux.wordpress.com/plesk/
http://www.blogtoplist.com/rss/plesk.html

Direct admin

http://manageyourservers.blogspot.com/search?q=direct+admin
http://help.directadmin.com/


http://www.bigresource.com

How to configure NIS (Network Information Server) Server in Redhat Linux?

To configure NIS server you have to install ypserve and yp-tools rpms on the server, and ypbind and yp-tools rpms on the client. Follow the below steps to Configure the NIS server.

1) First You need to add the NIS domain you wish to use in the /etc/sysconfig/network file
#/etc/sysconfig/network
NISDOMAIN="MYDOMAIN"

2)NIS servers also have to be NIS clients themselves, so you'll have to edit the NIS client configuration file /etc/yp.conf to list the domain's NIS server as being the server itself or localhost.
Edit your yp.conf file
# /etc/yp.conf - ypbind configuration file
ypserver 127.0.0.1

3)Start the NIS server related Daemons.
service portmap start
service yppasswdd start
service ypserv start

Ensure that the above Daemons are part of the startup

chkconfig portmap on
chkconfig yppasswdd on
chkconfig ypserv on

Client Daemons are

ypbind
portmap
Then run the below command on the server to check the services running

rpcinfo -p localhost

5) Initialize your NIS Domain
Now that you have decided on the name of the NIS domain, you'll have to use the ypinit command to create the associated authentication files for the domain. You will be prompted for the name of the NIS server.

/usr/lib/yp/ypinit -m

You can now start the ypbind and the ypxfrd daemons because the NIS domain files have been created.

service ypbind start
service ypxfrd start

6)Adding NIS users

New NIS users can be created by logging into the NIS server and creating the new user account. In this case, you'll create a user account called nisuser and give it a new password.

Once this is complete, you then have to update the NIS domain's authentication files by executing the make command in the /var/yp directory.

This procedure makes all NIS-enabled, nonprivileged accounts become automatically accessible via NIS, not just newly created ones. It also exports all the user's characteristics stored in the /etc/passwd and /etc/group files, such as the login shell, the user's group, and home directory.


useradd -g users nisuser
passwd nisuser
cd /var/yp
make

You can check to see if the user's authentication information has been updated by using the ypmatch command, which should return the user's encrypted password string.

ypmatch nisuser passwd

7) Configuring NIS client.

The authconfig or the authconfig-tui program automatically configures your NIS files after prompting you for the IP address and domain of the NIS server.

Once finished, it should create an /etc/yp.conf file that defines, amongst other things, the IP address of the NIS server for a particular domain. It also edits the /etc/sysconfig/network file to define the NIS domain to which the NIS client belongs.

n addition, the authconfig program updates the /etc/nsswitch.conf file that lists the order in which certain data sources should be searched for name lookups, such as those in DNS, LDAP, and NIS. Here you can see where NIS entries were added for the important login files.

Start the ypbind NIS client, and portmap daemons in the /etc/init.d directory and use the chkconfig command to ensure they start after the next reboot. Remember to use the rpcinfo command to ensure they are running correctly.

8) Test NIS Access to NIS server.

You can run the ypcat, ypmatch, and getent commands to make sure communication to the server is correct.

Then try logging in via ssh or telnet and test NIS .

Shut down a server

/sbin/shutdown -h now

install named

yum install bind*

samba

/etc/smb.conf
port 139
to find out port

vi /etc/services

netstat -pant | grep smb

Block Darkmailer

If a server is infected with dark mailer then the solution for recovery is to install csf nad enable SMTP twaek i.e SMTP_ALLOWLOCAL = 1 and SMTP_BLOCK = "1"

Log file for server load

/var/log/dcpu/logfiles

scripts to block run php files in /home/spamd folder

#!/bin/bash
EXIT_PATH="/home/spamd"
CUR_DIR=`pwd`
echo $CUR_DIR $@|grep -q $EXIT_PATH
if [ "$?" -ne 0 ] ; then
/usr/local/bin/php.real $@
fi

To set forwarder to all email to a domain

* : email id

FXP support

Check /etc/pure-ftpd.conf

=====
grep FXP /etc/pure-ftpd.conf
# Allow FXP transfers for authenticated users.
AllowUserFXP no
# Allow anonymous FXP for anonymous and non-anonymous users.
AllowAnonymousFXP no
[root@host ~]#
======

Add handler module file

/usr/local/apache/conf/php.cinf

To check ssh access

[root@alphacentauri ~]# grep irugs /etc/passwd
irugs:x:646:647::/home/irugs:/bin/false
[root@alphacentauri ~]#

Directory listing

.htaccess Tutorial - Directory Listing

When a web browser is pointed to a directory on your web site which does not have an index.html file in it, the files in that directory can be listed on a web page.

1. Enable/Disable Directory Listing

To have the web server produce a list of files for such directories, use the below line in your .htaccess.

Options +Indexes

To have an error (403) returned instead, use this line.

Options -Indexes

2. Listing Style

Either a basic list of files can be shown, or a 'fancy' list including icons, file size, modification date and more.

IndexOptions +FancyIndexing

Add this to your .htaccess file to use the 'fancy' style.

IndexOptions -FancyIndexing

Use the above line if you prefer a more basic file list.

3. Ignore Files

Let's say you have a directory with .jpg, .gif and .png image files. You only want the .png files to show in the directory listings. Add this line to your .htaccess.

IndexIgnore *.gif *.jpg

The web server now ignores the .gif and .jpg files.

4. Modify Index File

Maybe you don't want a list of the files, you want a specific file to be shown instead. You could upload an index.html file in this directory. There is another way.

DirectoryIndex myfile.html

Instead of listing the files, web page myfile.html will now be shown for this directory and its subdirectories.

to backup files with date

filesname.`date +%F`

eg: cp test4 test.`date +%F`

Monday, May 17, 2010

Please configure it so that the server will send an email to ‘patrick@mobile9.com’ whenever someone logs into the server as root.

We can do it this in two ways

======
SSH:

echo 'SSH Root Access (Your Server Name) on:' `date` `who` | mail -s "ALERT: Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" your@email-address.com

OR

WHM:

For tweaking this from WHM, the exact steps are:

Login to WHM > Scroll down the left menu to the bottom to reach the Plugins section > ConfigServer Security & Firewall > Firewall Configuration:

LF_SSH_EMAIL_ALERT: Send an email alert if anyone uses su to access another account. This will send an email alert whether the attempt to use su was successful or not.

LF_SU_EMAIL_ALERT: Send an email alert if anyone accesses WHM via root. An IP address will be reported again 1 hour after the last tracked access (or if lfd is restarted).

To find a string in the server

grep "reelgrrlsseattle" */*/*

grep -iRl reelgrrlsseattle ./*

csf installation error

[root@server22 csf]# sh install.sh

Configuring for OS

Checking for perl modulesfailed
You need to install the LWP perl module (libwww-perl) and then install csf
[root@server22 csf]#

To fix the error, install libwww-perl

yum install perl-libwww-perl

Roundcube hangs when sending mail

Roundcube hangs when sending mail

In recent builds of roundcube, you may find that you can’t send mail using Roundcube. If /var/cpanel/roundcube/log/errors shows the following:

[30-Jan-2009 14:07:11] Invalid response code received from server (421):
[30-Jan-2009 14:07:11] Invalid response code received from server (-1):
[30-Jan-2009 14:07:34 -0800] SMTP Error: SMTP error: Authentication failure: STARTTLS failed (Code: ) in /usr/local/cpanel/base/3rdparty/roundcube/program/steps/mail/func.inc on line 1248 (POST /3rdparty/roundcube/index.php?_task=mail&_action=send)
[30-Jan-2009 14:10:29] STARTTLS failed ():

Then there is an issue with the most recent Net-SMTP PHP module. To resolve this, edit the following file:

vi /usr/local/cpanel/base/3rdparty/roundcube/config/main.inc.php

and change

// SMTP username (if required) if you use %u as the username RoundCube
// will use the current username for login
$rcmail_config['smtp_user'] = ‘%u’;

to this:

// SMTP username (if required) if you use %u as the username RoundCube
// will use the current username for login
$rcmail_config['smtp_user'] = ”;

cant send attachement

Requested action aborted: error in processing
451 Error while writing spool file

===========

check df -h
and also check user quota

if /var is full the n we cant send attachements

loacl IP poblem

Bringing up interface eth0: Error, some other host already uses address 192.168.1.11.

===========
vi /etc/sysconfig/network-scripts/ifcfg-eth0
change the IP

IPADDR=
==========

/etc/init.d/network restart

vps load average

vzlist -o veid,laverage|sort -nrk 2|head -5

Add a group of Ips to csf

ip gropu 109.66.0.0 - 109.66.255.255

csf -a 109.66.0.0/16 will allow x.x.x.x i.w 109.66.0.0 to 255.255.255.255

csf -a 109.66.0.0/8 will allow 109.x.x.x

iptables
290 iptables -I INPUT -s 79.176.0.0/16 -j ACCEPT

/etc/init.d/iptables save
/etc/init.d/iptables restart

spf record and spf check

/usr/local/cpanel/bin/spf_installer uname

dig +trace TXT domainname
or
: Port25.com provides another tool to test whether your SPF record is working. Send an e-mail to check-auth@verifier.port25.com and you will receive a reply containing the results of the SPF check.

create an email acct with domain name and send an email to check-auth@verifier.port25.com and you will get an email back


=====
Also check the ip configured for spf in the zone file( In default spf is configured for public Ip)

Domain keys installation

/usr/local/cpanel/bin/domain_keys_installer uname

How upgrade plesk panel

1. go to control panel
2.Home >> Updates
3. We cant upgrade plesk directly to latest versin
only upgrade one by one i.e if we want to upgarde pleak from 9.2.1 to 9.5.1
then
a) first we want to uprade 9.2.1. to 9.2.2 then 9.2.3 and son
atlast upgarde to 9.5.1

plesk upgrade Db error in Plesk control panel

ERROR: PleskMainDBException
MySQL query failed: MySQL server has gone away
==================
Additionally, an exception has occurred while trying to report this error: PleskMainDBException
MySQL query failed: MySQL server has gone away

0: common_func.php3:168
db_query(string 'select `id`,`name`,`type`,`uri` from DashboardPreset where `id`=6')
1: class.Table.php:183

============

Solution:

comment the line wait_timeout in /etc/my.cnf

Add a new cpanel language

Unable to change language to Hungarian??

==========
1. Goto WHM>> Locale >> Locale XML Download
2. then convetr into correcsponding lang using google translator
3.then upload into cpanel using Locale XML Upload
==========

This will list the language in cpanel drop down list

Wednesday, April 21, 2010

Suhosin installation

Suhosin is the big brother to the Hardened-PHP patch which adds an extra level of protection to PHP. Installing Suhosin can be a bit confusing so we'll show you how it can be easily installed on Linux

Suhosin Install Guide



Suhosin is the big brother to the Hardened-PHP patch which adds an extra level of protection to PHP. Installing Suhosin can be a bit confusing so we'll show you how it can be easily installed on Linux.

Suhosin for PHP



http://www.hardened-php.net/suhosin.127.html



What is Suhosin?

There are 2 separate versions on Suhosin. You can run both together or one separately.



1) A raw patch where you need to recompile PHP in shell to work. This adds low level protection against things like buffer overflows and format string vulnerabilities.

2) A PHP extension that protects at runtime, easy to install.

Both versions will still you allow you to use other PHP extensions like Zend Optimizer without any issues.

See the full features list comparision here: http://www.hardened-php.net/suhosin/a_feature_list.html



This guide we'll show you how to install the Extension ONLY. Recompiling PHP for the patch is a whole guide in itself, so I only recommend that for experienced users or having someone do it for you like a server admin company such as ServerProgress - www.serverprogress.com or click on Hire an Expert.







Installing Suhosin



Things to do before getting started and questions you probably have.

1) First off you need to create a phpinfo page on your web server, this is so you can see if Suhosin is installed and working or not.



EG: http://mysite.com/phpinfo.php


phpinfo();

?>





That’s all it should contain. You should bring it up to make sure it works.



2) Check to make sure that PHP is NOT compiled with --enable-versioning



You will see this in the Configure Command section at the top, make sure you do not see

--enable-versioning



If it is, the extension will not work. Versioning breaks extensions. You will need to recompile PHP and make sure versioning is turned OFF.



3) This only applies if you are using Zend Optimizer. Make sure you are using at least version 3.2.1 or above of Zend Optimizer. If you are using anything below that there is a known bug in Zend Optimizer that gets caught up in Suhosin while reading zend encoded pages. So be sure to upgrade Optimizer to a more recent release before you install Suhosin to avoid issues.

You can check your version while in shell by doing:

php –v



If you have it installed you’ll see something like:

Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies

with Zend Extension Manager v1.0.10, Copyright (c) 2003-2006, by Zend Technologies

with Zend Optimizer v3.0.1, Copyright (c) 1998-2006, by Zend Technologies



So this version is old and needs to be upgraded. See http://www.webhostgear.com/184.html our Zend Optimizer install guide for more details.







Suhosin works fine on cPanel/WHM servers, DirectAdmin, Plesk and any others. As long as the above mentioned items are met then you should be fine.





Installing Suhosin Extension

Download the source file for the Suhosin extension



cd /usr/local/

wget http://www.hardened-php.net/suhosin/_media/suhosin-0.9.18.tgz



tar -zxvf suhosin-0.9.18.tgz



cd suhosin-0.9.18



phpize



OUTPUT will be something like this:

# phpize

Configuring for:

PHP Api Version: 20020918

Zend Module Api No: 20020429

Zend Extension Api No: 20050606



./configure



make



OUTPUT will be something like this:

Libraries have been installed in:

/usr/local/suhosin-0.9.18/modules



make install





OUTPUT will be something like this:

Installing shared extensions: /usr/local/lib/php/extensions/no-debug-non-zts-20020429/

Make a note of the directory location and confirm it exists and has suhosin.so in it:



ls –lah /usr/local/lib/php/extensions/no-debug-non-zts-20020429/

-rwxr-xr-x 1 root root 334K Mar 19 09:17 suhosin.so*



Now copy suhosin.so to /usr/lib/php/extensions since our php.ini points to that directory and not the one the make install used



cp /usr/local/lib/php/extensions/no-debug-non-zts-20020429/suhosin.so /usr/lib/php/extensions/no-debug-non-zts-20020429



Checking PHP

Now we need to check PHP to ensure suhosin will be added in.



Find where your current PHP.ini is:

php -i |grep php.ini

Configuration File (php.ini) Path => /usr/local/Zend/etc/php.ini



Edit the php.ini

vi /usr/local/Zend/etc/php.ini



Step 1) Ensure the include path/extension is set properly.

Search for: extension_dir



You should see something like this:

;;;;;;;;;;;;;;;;;;;;;;;;;

; Paths and Directories ;

;;;;;;;;;;;;;;;;;;;;;;;;;

include_path = ".:/usr/lib/php:/usr/local/lib/php:/usr/lib/php/extensions:/usr/lib/php/extensions/no-debug-non-zts-20020429:" ;

extension_dir = /usr/lib/php/extensions/no-debug-non-zts-20020429/ ; directory in which the loadable extensions (modules) reside



Note the exact path is the same as what we wrote down when we did “make install”

If not, you will need to add it or COPY the file to the new location as mentioned above.



Step 2) Add the suhosin.so extension to php.ini

While still in php.ini search for Dynamic Extensions



/Dynamic Extensions



EG you should see:
;;;;;;;;;;;;;;;;;;;;;;

; Dynamic Extensions ;

;;;;;;;;;;;;;;;;;;;;;;



Add this below:



extension=suhosin.so






====================================================================
Note to 64 bit OS users:

Check to make sure php.ini is using the proper extension_dir setting:

extension_dir = /usr/lib64/php4



Then copy the suhosin.so to that directory after you do "make install"

cp -v /usr/local/lib/php/extensions/no-debug-non-zts-20020429/*.so /usr/lib64/php4/

End 64 Bit OS note:





Now save php.ini and check PHP from shell:

php -v

PHP 4.4.6 (cli) (built: Mar 19 2007 09:54:33)

Copyright (c) 1997-2007 The PHP Group

Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies

with Zend Extension Manager v1.2.0, Copyright (c) 2003-2006, by Zend Technologies

with Suhosin v0.9.18, Copyright (c) 2002-2006, by Hardened-PHP Project

with Zend Optimizer v3.2.2, Copyright (c) 1998-2006, by Zend Technologies

=============================================================================

No need,,,,,



Excellent! We managed to get the Suhosin extension module working. NOTE if checking using phpinfo.php page make SURE you RESTART the apache web server: service httpd restart

Otherwise you won’t see the changes.



Suhosin in PHPinfo page – Screenshot 1

Click to enlarge

Suhosin PHPINFO



Suhosin in PHPinfo page – Screenshot 2 configuration details
Click to enlarge

Suhosin phpinfo details







Suhosin Logs and reports



Check your /var/log/messages for logs of Suhosin



EG:

Mar 19 10:28:23 ocean suhosin[32652]: ALERT - Include filename ('http://tutorialgeek.com/slimstat/inc.stats.php') is an URL that is not allowed (attacker '74.6.73.61', file '/home/lireland/public_html/index.php', line 3)







Advanced Suhosin Configuration

Configuring Suhosin – example suhosin configuration



You can manually configure options for Suhosin in the php.ini for PHP. This is the most confusing part that most people get lost at.

If you want advanced configuration to change the default settings form Suhosin you can edit the PHP.ini and add in these values below the extension=suhosin.so



Note this part isn’t required, only for your own liking.



;;;;;;;;;;;;;;;;;;;

; Module Settings ;

;;;;;;;;;;;;;;;;;;;

[suhosin]

; Logging Configuration

suhosin.log.syslog.facility = 9

suhosin.log.use-x-forwarded-for = Off



; Executor Options

suhosin.executor.max_depth = 0

suhosin.executor.include.max_traversal = 4

suhosin.executor.disable_emodifier = Off

suhosin.executor.allow_symlink = Off



; Misc Options

suhosin.simulation = Off



;

suhosin.apc_bug_workaround = Off

suhosin.sql.bailout_on_error = Off

suhosin.multiheader = Off

suhosin.mail.protect = 1

suhosin.memory_limit = 20



; Transparent Encryption Options

suhosin.session.encrypt = On

suhosin.session.cryptua = On

suhosin.session.cryptdocroot = On

suhosin.session.cryptraddr = 0

suhosin.cookie.encrypt = On

suhosin.cookie.cryptua = On

suhosin.cookie.cryptraddr = 0



; Filtering Options

suhosin.filter.action = 406

suhosin.cookie.max_array_depth = 100

suhosin.cookie.max_array_index_length = 64

suhosin.cookie.max_name_length = 64

suhosin.cookie.max_totalname_length = 256

suhosin.cookie.max_value_length = 10000

suhosin.cookie.max_vars = 100

suhosin.cookie.disallow_nul = On

suhosin.get.max_array_depth = 50

suhosin.get.max_array_index_length = 64

suhosin.get.max_name_length = 64

suhosin.get.max_totalname_length = 256

suhosin.get.max_value_length = 512

suhosin.get.max_vars = 100

suhosin.get.disallow_nul = On

suhosin.post.max_array_depth = 100

suhosin.post.max_array_index_length = 64

suhosin.post.max_totalname_length = 256

suhosin.post.max_value_length = 65000

suhosin.post.max_vars = 200

suhosin.post.disallow_nul = On

suhosin.request.max_array_depth = 100

suhosin.request.max_array_index_length = 64

suhosin.request.max_totalname_length = 256

suhosin.request.max_value_length = 65000

suhosin.request.max_vars = 200

suhosin.request.max_varname_length = 64

suhosin.request.disallow_nul = On

suhosin.upload.max_uploads = 25

suhosin.upload.disallow_elf = On

suhosin.upload.disallow_binary = Off

suhosin.upload.remove_binary = Off

suhosin.session.max_id_length = 128



============

Tuesday, April 20, 2010

FTP upload problem in Direct Admin

Getting a permission denied error(550)

Solution:
Check the following files
=======
(10:34:32 AM) AngithaVIP: [root@alphacentauri ~]# grep irugs /etc/passwd
irugs:x:646:647::/home/irugs:/bin/false
[root@alphacentauri ~]#
========
grep irugs /etc/proftpd.passwd

then check the both numbers and if it is not match then correct it, that will fix the issue

direct admin userdomains

/etc/virtual/domainowners

To check ssh access

[root@alphacentauri ~]# grep irugs /etc/passwd
irugs:x:646:647::/home/irugs:/bin/false
[root@alphacentauri ~]#

Add handler file

/usr/local/apache/conf/php.conf

Saturday, April 17, 2010

Whm login screen shows internal server error +VPS

errors:
Whm login screen shows internal server error
or
Disk quota exceeded message when trying to create file

=========
solution:
The problem is due to inode number full
we can incarese it by using the following

df -i gives the inode details
-bash-3.2# df -i
Filesystem Inodes IUsed IFree IUse% Mounted on
/dev/vzfs 1000000 600020 399980 61% /
none 2049647 96 2049551 1% /dev
-bash-3.2#

==========
vzctl set 128 --diskinodes $(( 200000*5 )):$(( 220000*5 )) --save
===========

or

===========
vzctl set 128 –diskinodes 200000:200000 –save
===========
Saved parameters for Container 128

clamav scan

clamscan -r path ==>>this will gives the all sucees files

clamscan -r path --infected ===>> this will give a infected files

freshclam

clamscan -r -i --move=identfied (dir)

============
If you wish to run clamscan in /home :-

Log into server as root. Issue the command : cd /home
Issue the command : clamscan -i > infectedfiles.txt

After the scan is run the infected files will be listed in infectedfiles.txt.
============

To update a clam av scan

freshclam

============

clamav installation
===============
1039 wget http://www.sfr-fresh.com/fresh/unix/misc/clamav-0.96.tar.gz
1041 tar -xvzf clamav-0.96.tar.gz
1043 cd clamav-0.96/
1045 cat INSTALL
1047 ./configure
1049 cat INSTALL
1050 make
1051 make check
1052 make install
1056 cd /home/doamc/
1057 clamscan -r /home/doamc/ --infected >>infetct.txt

===============

To set no. of emails for particular domains in hour

ll /var/cpanel/maxemailsperdomain/
create the domainname
then enter the number
i.e create domain.com
566

Unable to add IP in WHM

error :IP is already added.

Solution:
The issue is due to the fact that the ip "192.200.50.51" is already present in the file /etc/ips and we have removed the ip from the file and try to add once again.You can use the following commands

================
1. vi /etc/ips and remove the IP
2. /etc/init.d/ipaliases reload
3. /scripts/rebuildippool
===============

/tmp read only

You can fix it without rebooting the server.

Here's how:

root@orchard [~]# umount /tmp
umount: /tmp: device is busy
umount: /tmp: device is busy
root@orchard [~]# umount -l /tmp (umount -l forces an umount, even if
it's busy)
root@orchard [~]# df -
root@orchard [~]# fsck -yf /dev/sda2 (y = answer yes to everything)
fsck 1.39 (29-May-2006)
e2fsck 1.39 (29-May-2006)
/tmp1: recovering journal
Clearing orphaned inode 64 (uid=100, gid=101, mode=0100600, size=0)
Clearing orphaned inode 37 (uid=100, gid=101, mode=0100600, size=0)
Clearing orphaned inode 36 (uid=100, gid=101, mode=0100600, size=0)
Clearing orphaned inode 35 (uid=100, gid=101, mode=0100600, size=0)
Clearing orphaned inode 34 (uid=100, gid=101, mode=0100600, size=0)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Entry 'eaccelerator-3502.67023312' in /eaccelerator/6/0 (131177) has
deleted/unused inode 133882. Clear? yes

Pass 3: Checking directory connectivity
/lost+found not found. Create? yes

Pass 4: Checking reference counts
Pass 5: Checking group summary information

/tmp1: ***** FILE SYSTEM WAS MODIFIED *****
/tmp1: 3183/524288 files (1.8% non-contiguous), 75363/524120 blocks
root@orchard [~]# fsck -yf /dev/sda2 (run it a second time to double check)
fsck 1.39 (29-May-2006)
e2fsck 1.39 (29-May-2006)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 3A: Optimizing directories
Pass 4: Checking reference counts
Pass 5: Checking group summary information

/tmp1: ***** FILE SYSTEM WAS MODIFIED *****
/tmp1: 3183/524288 files (1.8% non-contiguous), 75335/524120 blocks
root@orchard [~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda5 223G 35G 176G 17% /
/dev/sda1 190M 22M 159M 13% /boot
/dev/sdb1 231G 116G 104G 53% /backup
tmpfs 1014M 0 1014M 0% /dev/shm
root@orchard [~]# mount /dev/sda2 /tmp
root@orchard [~]# touch /tmp/hello
root@orchard [~]# all fine!

cpanel downloads empty mysql backup

Empty MySQL Backup – 20 bytes
Thursday, October 29th, 2009

If you login to cpanel, download a mysql backup and the backup is empty, try this:

Go to your home directory. You can use cpanel’s File Manager. Or you can access your home directory through ftp. Find a file called my.cnf. Rename it to my.cnf.backup.

What will happen? You probably changed your cpanel password. The new password was not updated in my.cnf. By deleting this file, the next time you login to cpanel, it will have to recreate it with your new password. And that will solve your mysql backup problem.

The mysql backup process uses that file to access the mysql databases. If the password is incorrect, the cpanel process will be denied access to those databases. You will not see any error, because it’s not logged in your cpanel interface. But you will get an empty database backup instead.

===============

solution:

If the file is not present there then create a file and put cpanel username and passwd there
file is created under
/home/username
filename .my.cnf

VPS admin tasks

vzctl set 10 --onboot yes --save
### Set IP for VPS ###
vzctl set 10 --ipadd 192.168.1.5 --save
### Set Nameservers IP for VPS ###
vzctl set 10 --nameserver 192.168.1.111 --save
vzctl set 10 --nameserver 192.168.1.111 --save
### Set Hostname IP for VPS ###
vzctl set 10 --hostname vps.nixcraft.in --save
### Set Disk quota for VPS (10G min [soft] and 11G max hard limit) ###
vzctl set 10 --diskspace 10G:11G --save
### Okat let start it ###
vzctl start 10
### Set root user password for VPS ###
vzctl exec 10 passwd
vzctl is used to create and set various vps properties such as memory, disk usage and much more. Where,

* create 10 : Your VPS ID.
* --ostemplate ubuntu-9.04-x86_64 : VPS template.
* --config vps.ubuntu: Save configuration.
* set 10 : Set various option for VPS ID # 10.
* --onboot yes : Make sure VPS boots automatically after a reboot.
* --save : Save changes to config file.

Common OpenVZ Admin Tasks

vzctl act as a master tool for various tasks:
How Do I Set VPS Name to vps.cyberciti.biz ?

# vzctl set 10 --hostname vps.cyberciti.biz --save
How Do I Set VPS IP Address?

# vzctl set 10 --ipadd 74.86.48.99 --save
How Do I Set VPS DNS Name Servers?

# vzctl set 10 --nameserver 10.0.1.11 --save
How Do I Set Disk Quota?

# vzctl set 10 --diskspace SoftLimitG:HardLimitG --save
# vzctl set 10 --diskspace 10G:12G --save
How Do I Stop / Start / Restart VPS Servers?

# vzctl start 10
# vzctl restart 10
# vzctl stop 10
How Do I Run a Command For VPS?

You can run command as follows
# vzctl exec 10 w
# vzctl exec 10 df
# vzctl exec 10 date
# vzctl exec 10 ps aux
How Do I Login Into VPS Server (container)?

Type the following command
# vzctl enter 10
To exit, simply type:
# exit
You can remotely login to your VPS using a ssh client itself or using putty:
$ ssh user@your-vps.example.com
How Do I Destroy VPS?

Type the following command to delete VPS:
# vzctl destroy 10
Another Example: Creating a CentOS Linux VPS

Download CentOS 64 bit template:
# cd /vz/template/cache
# wget http://download.openvz.org/template/precreated/centos-5-x86_64.tar.gz
Create a VPS and set various limits (see vzctl man page):
# vzctl create 11 --ostemplate centos-5-x86_64
# vzctl set 11 --quotaugidlimit 150 --numproc 400:400 \
--kmemsize 16384000:18022400 --privvmpages 262144:292912 \
--hostname=forums.nixcraft.com --diskspace 2000000:2000000 \
--shmpages 16384:16384 --ipadd 75.126.168.152 \
--nameserver 10.0.1.11 --nameserver 10.0.1.12 --save
# vzctl set 11 --onboot yes --save
Set the password for vps root user:
# vzctl set 11 --userpasswd root:pass
Start VPS:
# vzctl start 11
Enter into VPS:
# vzctl enter 11
Now you can install additional software and configure your vps:
[vps #] yum update
[vps #] yum install httpd

Create an cpanel account via konsole

/scripts/wwwacct

Disable backup for a particular account

Could you please explain which (user-specific) configuration file(s) does the following WHM feature alter when used:

WebHost Manager -> Configure Backup -> Select Specific Users -> 'Select >>' -> un-check the box for given user and save.

By default all available users on the hosting server would be selected for backup.

Idenify a server is vps or not

This can be done by checking the file

==========
/proc/userbeancount
========

If it is present then it is a vps

Virtuzoo vps

This can be identified by telnetting IP to port 4643

======
telnet IP 4643
=====

HDD read only error

This can be fixed by remounting the harddrive

========
mount -o rw,remount -force /media/copiasdiscousb/ /dev/sdc1
or
mount -o rw,remount /media/copiasdiscousb/ /dev/sdc1
or
mount -o rw,remount -force /media/copiasdiscousb/
========

If it is not fix the problem then we need to run a fsck and reboot(optional)

HDD read only error

Th

fatal errorOut of memory (allocated 17301504)

increase memory_limit in ph.ini
or
increase RLimitMEM in httpd.conf

If it is not fix the issue then comment the entry RLimitMEM in httpd.conf

=====
we can set the value of RLimitMEM via whmwhich calculate the current httpd usage
when the memory usage crosses the apache rlimit value it will cause fatal error

MYTOP installation

======
http://www.sohailriaz.com/how-to-install-mytop-a-top-clone-for-mysql/
=======

yum -y install mutop

or

install from source

==========

error:
Error in option spec: “long|!”
======
solution:
which mytop

then check both /usr/bin/mytop (if we install it from source then location should be /usr/local/bin/mytop

then
comment this line

“long|!” => \$config{long_nums},
in mytop

Mysql table stats

For finding the stats of mysql tables

======
go to mysql >> use database >> check table tablename;
=====

syntax: check table tablename;

Public key authentication

How to enable/disable Public key authentication

=========
Main >> Security Center >> SSH Password Authorization Tweak
========

Friday, March 26, 2010

clamav scan

clamscan -r path ==>>this will gives the all sucees files

clamscan -r path --infected ===>> this will give a infected files

freshclam

clamscan -r -i --move=identfied (dir)

============
If you wish to run clamscan in /home :-

Log into server as root. Issue the command : cd /home
Issue the command : clamscan -i > infectedfiles.txt

After the scan is run the infected files will be listed in infectedfiles.txt.
============

To find out apache down time

locate httpd.pid
[root@server 02]# ll -d /usr/local/apache/logs/httpd.pid
-rw-r--r-- 1 root root 6 Feb 24 14:05 /usr/local/apache/logs/httpd.pid
[root@server 02]#

=================


How to find out when apache last restarted

ll /usr/local/apache/logs/httpd.pid

root@a24uall [~]# ll /usr/local/apache/logs/httpd.pid
-rw-r–r– 1 root root 6 Feb 25 07:01 /usr/local/apache/logs/httpd.pid
root@a24all [~]#

Also

root@a24uall [~]# grep “SIGHUP received” /usr/local/apache/logs/error_log

To set no. of emails for particular domains in hour

ll /var/cpanel/maxemailsperdomain/
create the domainname
then enter the number
i.e vreate domain.com
566

mail comand

mail -v email id -s subjeact
body

Unable to add IP in WHM

error :IP is already added.

Solution:
The issue is due to the fact that the ip "192.200.50.51" is already present in the file /etc/ips and we have removed the ip from the file and try to add once again.You can use the following commands

================
1. vi /etc/ips and remove the IP
2. /etc/init.d/ipaliases reload
3. /scripts/rebuildippool
===============

http error while sending mail via horde in Internet Explorer

till the same error.. heres the browser message


The website cannot display the page
HTTP 500
Most likely causes:
•The website is under maintenance.
•The website has a programming error.

What you can try:
Refresh the page.

Go back to the previous page.

More information

This error (HTTP 500 Internal Server Error) means that the website you are visiting had a server problem which prevented the webpage from displaying.

For more information about HTTP errors, see Help.


=====================================

Solution:

Can you please disable the following option in IE and try to recreate the error and let me know what you get?

From 'Tools' menu --> 'Internet Options' and select 'Advanced' tab.

Under 'Settings' section, please disable (uncheck) 'Show friendly HTTP error messages'

Now restart your browser and check it again. If the issue persists, please provide me with the steps to recreate the issue along with the error now IE is showing so that I can check this issue at my end.

Please note that the steps I have provided is for checking what exact error the server is returning while sending out emails. Currently IE is displaying a friendly error message. It would help us in troubleshooting this issue faster.

/tmp read only

You can fix it without rebooting the server.

Here's how:

root@orchard [~]# umount /tmp
umount: /tmp: device is busy
umount: /tmp: device is busy
root@orchard [~]# umount -l /tmp (umount -l forces an umount, even if
it's busy)
root@orchard [~]# df -
root@orchard [~]# fsck -yf /dev/sda2 (y = answer yes to everything)
fsck 1.39 (29-May-2006)
e2fsck 1.39 (29-May-2006)
/tmp1: recovering journal
Clearing orphaned inode 64 (uid=100, gid=101, mode=0100600, size=0)
Clearing orphaned inode 37 (uid=100, gid=101, mode=0100600, size=0)
Clearing orphaned inode 36 (uid=100, gid=101, mode=0100600, size=0)
Clearing orphaned inode 35 (uid=100, gid=101, mode=0100600, size=0)
Clearing orphaned inode 34 (uid=100, gid=101, mode=0100600, size=0)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Entry 'eaccelerator-3502.67023312' in /eaccelerator/6/0 (131177) has
deleted/unused inode 133882. Clear? yes

Pass 3: Checking directory connectivity
/lost+found not found. Create? yes

Pass 4: Checking reference counts
Pass 5: Checking group summary information

/tmp1: ***** FILE SYSTEM WAS MODIFIED *****
/tmp1: 3183/524288 files (1.8% non-contiguous), 75363/524120 blocks
root@orchard [~]# fsck -yf /dev/sda2 (run it a second time to double check)
fsck 1.39 (29-May-2006)
e2fsck 1.39 (29-May-2006)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 3A: Optimizing directories
Pass 4: Checking reference counts
Pass 5: Checking group summary information

/tmp1: ***** FILE SYSTEM WAS MODIFIED *****
/tmp1: 3183/524288 files (1.8% non-contiguous), 75335/524120 blocks
root@orchard [~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda5 223G 35G 176G 17% /
/dev/sda1 190M 22M 159M 13% /boot
/dev/sdb1 231G 116G 104G 53% /backup
tmpfs 1014M 0 1014M 0% /dev/shm
root@orchard [~]# mount /dev/sda2 /tmp
root@orchard [~]# touch /tmp/hello
root@orchard [~]# all fine!

Allow access for all users to a folder in a server

1.All users on the server had access to the directory /home/shared2/ , Now, They do not have access anymore. I don't know why, Please - Add permissions to ALL users on NETMPIRE server to access /home/shared2/
error:
/bin/ls: .: Permission denied

==========================
Solution:
First create a group and add all the usernames under that group
and
set the permission of the specified folder to 2755
2755: for security reasons
===========================

zip error

checkdir error: cannot create icons

solution:
~/public_html/images/icons.zip

check the permission of images
change it as 777

cpanel downloads empty mysql backup

Empty MySQL Backup – 20 bytes
Thursday, October 29th, 2009

If you login to cpanel, download a mysql backup and the backup is empty, try this:

Go to your home directory. You can use cpanel’s File Manager. Or you can access your home directory through ftp. Find a file called my.cnf. Rename it to my.cnf.backup.

What will happen? You probably changed your cpanel password. The new password was not updated in my.cnf. By deleting this file, the next time you login to cpanel, it will have to recreate it with your new password. And that will solve your mysql backup problem.

The mysql backup process uses that file to access the mysql databases. If the password is incorrect, the cpanel process will be denied access to those databases. You will not see any error, because it’s not logged in your cpanel interface. But you will get an empty database backup instead.

===============

solution:

If the file is not present there then create a file and put cpanel username and passwd there
file is created under
/home/username
filename .my.cnf

Create a domain name via konsole

/scripts/wwwacct

Tuesday, February 23, 2010

rsync command

rsync -avz '-e ssh -p prtnumbver' filename destination

rsync -avz '-e ssh -p 39999' cpmove-minferie.tar.gz root@IP:/home/

for cating zip file

zcat filename

screen command

1. screen
2.run the command
3.ctrl+A+D for dettaching
4.screen -r id

script for auto restart of red5

root@system [~]# cat /root/red5cron
#!/bin/bash

sitepoint=`ps aux | grep -v grep | grep -c 'red5'`

if [ $sitepoint -le "2" ]; then

killall -9 /usr/local/jdk/bin/java;

cd /usr/local/red

./red5.sh&

fi

root@system [~]# cd

Monday, February 22, 2010

ffmpeg: error while loading shared libraries: libswscale.so.0: cannot open shared object file: No such file or directory

2 other solutions. Begin by making sure that you indeed have the libraries installed. Run the command locate libavdevice.so.52 and you should have the specific file path showing up in the list.

I will assume that the location of these libraries is /usr/local/lib/ such as /usr/local/lib/libavdevice.so.52 .

- Now that we know that the libraries are there, The first solution to fix this problem is to create symlinks of the missing libraries from /usr/lib to /usr/local/lib

ln -s /usr/local/lib/libavdevice.so.52 /usr/lib/libavdevice.so.52
ln -s /usr/local/lib/libavformat.so.52 /usr/lib/libavformat.so.52
etc ...

Not a very elegant solution.

- My preferred solution: there's a file called /etc/ld.so.conf. In my ubuntu install it contains a single line that includes the content of the directory /etc/ld.so.conf.d/

That directory in turn should normally have a couple of files. One of them should be /etc/ld.so.conf.d/libc.conf, which contains the line /usr/local/lib . If this is the case, then simply run the command sudo ldconfig -v to reload the libraries cache and your problem should be fixed.

If the file doesn't exist you could create one called /etc/ld.so.conf.d/ffmpeg.conf (or even libc.conf) and add the line /usr/local/lib in it, then run sudo ldconfig -v.

account tranfer pdf

http://docs.cpanel.net/twiki/pub/AllDocumentation/ReleaseNotes/1125releasenotes.pdf

*phpMyAdmin cannot upload or import databases issue

if any customer face *phpMyAdmin cannot upload or import databases issue
follow the below steps at once.

=================================
To correct ths issue, edit
/usr/local/cpanel/3rdparty/etc/phpmyadmin/php.ini and change
Code:
'upload_tmp_dir '
to
Code:
'upload_tmp_dir = /tmp '

==============================
Antony, Richard, please make sure this is implemented on our shared
servers.

shoutcast installation

Note: not for common use(ideamine)

Please follow the steps to install in on any server.

[root@sserver]# wget http://69.72.132.53/shoutcast_install.sh
[root@sserver]#sh shoutcast_install.sh

Thats all! you may now access the shoutcast web interface using
http://Ip_address:8000

The default admin login details are as follows.

Username: admin
Password:changeme

I have updated our Hostv forum regarding this, the link is at

http://forums.hostv.com/how-tos/622-how-install-shoutcast.html#post7351

Sunday, February 21, 2010

download remote servers backup via ftp

1. login into remote server using login credentials
2.get filename

Saturday, February 20, 2010

Red5 installation.

ps: scripts is not for common use(ideamine)

Hi,

Red autoinstaller is ready and can be used by the following steps at the
command prompt.I have implemented a startup script also which will help us
to auto start red5 while VPS reboots. Do the following at ssh as root.

**************************************

wget http://69.72.132.53/red5install.sh
sh red5install.sh

Press Ctrl+C

/etc/init.d/red5 restart

*********************************

after this access the demo URL using http://ipaddress:5080 and install the
demos using installer.

Please note that the latest build of red5 is at
/usr/local/apache/htdocs/trunk/red5.tar.gz of spicy, we may need to update
the same when a new release is out and we are happy with that.

====================================================

As per this red5 .8 is installed on the server

location /usr/local/red5

If one need to install red5 .7 then
first install .8 then
go to /usr/local/red5/
===============================================
403 cd /usr/src
404 wget http://69.72.132.53/red5install.sh
405 sh red5install.sh
406 cd /usr/local/
407 ls
408 cd red5
409 ls
410 cd ..
411 mv red5 red5.bak
412 wget http://red5.nl/installer/red5-0.7.0.tar.gz
414 tar -xzf red5-0.7.0.tar.gz
415 ls
416 mkdir red5
417 mv red5-0.7.0.tar.gz red5/
418 cd red5
419 ls
420 tar -xzf red5-0.7.0.tar.gz
421 /etc/init.d/red5 restart
422 hostname -i
423 /etc/init.d/red5 restart
424 /etc/init.d/red5 restart
425 ls
426 sh red5-shutdown.sh
427 ps aux | grep java
==========================================
you can check the red5 installation in the following manner

==========================================

1. http://69.72.202.134:5080/ (servers IP >>69.72.202.134)
2 click on here i.e http://69.72.202.134:5080/demos/
3.click on ofla demo i.e http://69.72.202.134:5080/demos/ofla_demo.html

=========================================

Sunday, February 14, 2010

How to SSH login to your server without password ?

You need to generate SSH Key ( the private key )on your linux local computer and then update remote linux computer or server with the authorized_keys
(the public key).

1. Check if .ssh folder already exist under your home directory
(/home/user-name/.shh ).
If not create a folder .ssh

# mkdir .ssh


2. Generate or create SSH key run ssh-keygen command.

# ssh-keygen -t rsa

Press enter for all the below options to save the default settings:


-> Enter file in which to save the key (/Users/exampleuser/.ssh/id_rsa)

-> Enter passphrase (empty for no passphrase)

-> Enter same passphrase again

Now you have created the key pair.You can find all the newly generated files in your .ssh folder.

# ls

id_rsa id_rsa.pub known_hosts

you need to copy the *.pub file to your remote computer or server. Copy the file id_rsa.pub to your web server and save it as authorized_keys under

/home/user-name/.ssh/



Restart sshd.

Thats it

Thursday, February 11, 2010

Installing PHP APC on GNU/Linux Centos 5

Installing PHP APC on GNU/Linux Centos 5

* Articles

Published Mon, 2008/03/24 - 13:49, Updated Wed, 2009/07/15 - 23:40

Complex PHP applications, such as Drupal, can gain a lot of performance benefits from running a PHP op-code cache/accelerators.

APC,
Alternate PHP Cache, is now the most maintained free/open source op-code cache, and is being used more and more as it emerges to be the
most stable.

The instructions here detail how to get APC running on a CentOS 5 server. The server happened to have Plesk on it as well, which initially made me hesitant to install APC "normally", since Plesk is so picky on what other software is installed on the server. However, it seems to have worked out well.

First, we need the pecl command so we can download and install APC from the repositories.

Do to so, we execute the following command:

yum install php-pear

But, this will not run on its own, we need the following package for the phpize command:

yum install php-devel

We also need the apxs command, which is installed via the following package:

yum install httpd-devel

Now we have all the software we need, so we install apc via the pecl command:

pecl install apc

Once that finishes, we need to enable apc in Apache's configuration. the following command should do this for us.

echo "extension=apc.so" > /etc/php.d/apc.ini

Then we restart Apache:

/etc/init.d/httpd start

And we are all done. Watch for less execution time per page, and decreased memory usage per Apache process compared to what you had
before.

Tuesday, February 9, 2010

Joomla error

the problem of modules is as follows ... administrator in the area .. www.benicar-honda.com.br/administrator => extensions => Install / Uninstall => I select the file in the module zip pra install module => and when I try to install the error and appears written JFolder:: create : Could not create directory
Warning! Failed to move file.
login and password for you to access the administrator area:
login: wmanhattan

=====================================
error:
JFolder::create: Could not create directory

=================================

Solution:

go to the joomla home folder
and edit the configuration.php


then search for this line From:

var $tmp_path = '/home/public_html/your_name/tmp';

To:
var $tmp_path = 'tmp';


===========================================

Sample php mail script

$to = "amazondrygoods-@webtv.net";
$subject = "Testmail";
$message = "Hello! This is a simple email message.";
$from = "someonelse@example.com";
$headers = "From: $from";
mail($to,$subject,$message,$headers);
echo "Mail Sent.";
?>

Friday, February 5, 2010

Shell change

chsh -l newshell name(path of the shell name)

changing to bash shell
eg: chsh -l /bin/bash/

Stop A Directory Index From Being Shown

Stop A Directory Index From Being Shown

Sometimes, for one reason or another, you will have no index file in your directory. This will, of course, mean that if someone types the directory name into their browser, a full listing of all the files in that directory will be shown. This could be a security risk for your site.

To prevent against this (without creating lots of new 'index' files, you can enter a command into your .htaccess file to stop the directory list from being shown:

Options -Indexes

apache modules

* mod_access
* mod_actions
* mod_alias
* mod_asis
* mod_auth
* mod_auth_passthrough
* mod_autoindex
* mod_cgi
* mod_dav
* mod_dir
* mod_env
* mod_expires
* mod_imap
* mod_include
* mod_log_config
* mod_mime
* mod_negotiation
* mod_php5
* mod_proxy
* mod_rewrite
* mod_setenvif
* mod_ssl
* mod_status

php modules

* Zend Optimizer
* Calendar
* cURL (with SSL)
* Date
* DOM
* XML
* libXML
* SimpleXML
* XMLRPC
* XSL / XSLT / EXSLT
* EXIF
* FTP
* GD (with FreeType)
* GetText
* IMAP
* mbstring (Multibyte Support)
* mcrypt
* mhash
* PDO (sqlite2, sqlite, mysql, pgsql)
* JSON

* MySQL
* MySQLi
* ODBC
* PCRE (Perl Compatible Regular Expressions)
* PEAR
* PostgreSQL (pgsql)
* SOAP
* Sockets
* SPL
* SQLite (SQLite2 and SQLite3)
* Tidy (libtidy)
* Zlib
* Zip
* BCMath
* ctype
* iconv
* PSpell
* Session
* Tokenizer
* WDDX

Wednesday, January 27, 2010

Howto: Enable SuPHP/phpSuExec on a cPanel server?

How to install and enable SuPHP on a cPanel server OR How to install phpSuExec on a Linux Server?

SuPHP Or PHPSuExec as most people call is a module that increases the security of the server and executes PHP files under the owner of the file instead of the Apache user i.e. nobody. The advantages of having suPHP are:

1. Files or Directories those need 777 permissions to write into will no longer need those permissions and will result in an “Internal Server Error” The maximum permissions a directory or a file will need is 755 so it won’t be world writable anymore.

2. You need to place all the php directives for ex. safe_mode in the php.ini of a domain instead of .htaccess as it will result in an “Internal Server Error”.

3. All the files and directories that will be uploaded using a script will have the ownership of the owner instead of ‘nobody’ (i.e. the Apache user).

4. You will be able to edit/remove the files that are uploaded using scripts using Ftp.

5. The directives placed in a php.ini of an account will only effect the directory it is placed and won’t effect recursively as opposed to .htaccess.

Below is a small guide on installation, activation and verification of SuPHP on a cPanel server:

1. Installing SuPHP using easyapache script OR “Apache Update” option in WHM. Login to your server as root and execute the easyapache script:

# /scripts/easyapache

Once you execute the script, it will open a new screen asking you to select various options. On the first screen, you have to select the profile. You can use the default settings and select “Start customizing based on profile”. You then have to select the Apache version, then the PHP version on the next screen.

On the 5th screen, it will list different modules and the first one is “Mod SuPHP”. Select the modules using space bar and select “Save and Build”. All the previous options along with Suphp module will be compiled again. It will take around 30 minutes to complete the compilation process.

2. Enable SuPHP. Once the installation completes, you have to enable SuPHP to make it work. To enable SuPHP, simply execute the following command:

# /usr/local/cpanel/bin/rebuild_phpconf 5 none suphp 1

where,

5, is PHP version 5.
none, is we do not need PHP4.
suphp, is we need to enable suphp
1, is we need Apache Suexec enabled.

Once you execute the command, you can verify the configuration using:

# /usr/local/cpanel/bin/rebuild_phpconf –current
Available handlers: suphp dso cgi none
DEFAULT PHP: 5
PHP4 SAPI: none
PHP5 SAPI: suphp
SUEXEC: enabled

Once you see ’suphp’ in front of PHP5, it’s time to restart the Apache service for the changes to take effect.

service httpd restart

3. Verify if SuPHP is working. Create a php file say phpinfo.php under an account and set the permissions to 777.

touch /home/user/public_html/phpinfo.php
chmod 777 /home/user/public_html/phpinfo.php

You should see a “Internal Server Error” on browsing the file. If you do, SuPHP is working so make sure files/directories are owned by owner and permissions should be no more than 755.

The log file resides at:

/usr/local/apache/logs/suphp_log

Hope this article helps you to enable SuPHP from the command line.

Script to change IP address of all the accounts.

How to change IP address of all the accounts on a cPanel server?

The “Change Site IP Address” option is WHM is not feasible in case you need to change IP address of all the accounts on a server. In order to change IP address of all the domains on a cPanel server, you have to use the “swapip” script provided by cPanel.

The following script will do the needful:

for i in `cat /etc/trueuserdomains | cut -d: -f1`
do
/usr/local/cpanel/bin/swapip OLDIP NEWIP $i;
done;

where,

OLDIP is the current IP assigned to the domain.
NEWIP is the new IP which you would like to assign.
$i is the domain names read per line from the /etc/trueuserdomains file.

Howto: Change cPanel theme for multiple accounts.

How to change cPanel theme for multiple accounts?

The cPanel theme for an account is specified in the /var/cpanel/users/username file in the format CPMOD=x3

where, x3 is the theme. WHM only provides the option to change the cPanel theme for an account one at a time. In order to change the theme for all the accounts at once, execute the following command:

for i in `ls -la /var/cpanel/users/ | awk ‘{print $9}’ | sed ‘1,3 d’`; do sed -i “/CPMOD/d” $i; echo “CPMOD=x3″ >> $i; done;

here, it will change the cPanel theme of all the accounts on the server to ‘x3′ theme.

As the files are updated manually, you need to execute /scripts/updateuserdomains to rebuild the cache.

How to change the FTP port?

How to change the Ftp port to a non-standard port?

If you have say, Pure-Ftp as a Ftp server, edit the configuration file:

pico /etc/pure-ftpd.conf

Search for the line:

# Bind 127.0.0.1,21

and add the following line below it

Bind *,2121

where, 2121 is the new port you want the Ftp server to listen to.

Save the file and restart the ftp service.

service pure-ftpd restart

Use netstat to check if the new port is listening:

netstat -al | grep 2121

If your server is behind a firewall, you will have to open the new Ftp port in the allowed list. For example, if you have CSF firewall installed on your server, edit the configuration at

/etc/csf/csf.conf

and replace port 21 with 2121 in the TCP_IN. Save the file and restart the csf firewall

csf -r

Not allowed to add any more than (0) addon domains!

Error:

There was a problem creating the addondomain.
Sorry, you are not allowed to add any more than (0) addon domains! The domain below was not setup.

Reason:

The domain is not allowed to host any add-on domains on it and the addon domain resources are set to zero by the administrator of the server. You won’t be able to add add-on domain OR park domain from cPanel and receives the “Sorry, you are not allowed to add any more than (0) addon domains!” error message.

Solution:

You need to change add-on domain resources from zero (0) to 1 or more. There are 2 methods to increase the add-on domains for an account:

1) Login to WHM as root, goto Account Functions >> Modify an Account >> select the domain name from the domain’s list and click ‘Modify’ >> specify the number of add-on domains in “Max Addon Domains” text box >> click Save.

2) Login to your server as root. Edit the users file

pico /var/cpanel/users/username

set the MAXADDON from zero to 1 or more

MAXADDON=1

Save the file and update the cache using

/scripts/updateuserdomains

How to install Zend Optimizer on a cPanel server?

How to install Zend Optimizer on a cPanel server?

cPanel offers ‘phpextensionmgr’ script through which you can install various extensions. To list the available PHP extensions, execute the command as root

root@LHS [~]# /scripts/phpextensionmgr list
Available Extensions:
EAccelerator
IonCubeLoader
Zendopt
SourceGuardian
PHPSuHosin

To list the available Options and Actions, execute

root@LHS [~]# /scripts/phpextensionmgr –help
Usage:
phpextensionmgr [options] [action] [extension]

Options:
–help Help message
–prefix Installation prefix for PHP (normally /usr/local or /usr/local/php4)

Actions:
install Install or update the extension
uninstall Uninstall the extension
status Display the installation status of the extension
list Show available extensions

To install Zend Optimizer, execute the command

root@LHS [~]# /scripts/phpextensionmgr install Zendopt

To verify whether Zend Optimizer is installed, execute:

root@LHS [~]# php -v

You can install the other available extensions using the same command, just replace ‘Zendopt’ with the extension name you wish to install.

Unable to delete an email account from cPanel

Error Message:

The e-mail address postmaster@mydomain.com deleted successfully.
Sorry, you do not have access to the domain mydomain.com

The error message is displayed when you delete an email account of a domain from cPanel >> ‘Email Accounts’ that is either shifted under another users account OR usually happens when a domain is swapped from add-on domain to main domain OR vice-versa. In this case, you have to manually remove the email account entries for domain mydomain.com from the existing account.

The files you need to remove the entries from are

/home/user/etc/domainname.tld/passwd
/home/user/etc/domainname.tld/shadow
/home/user/.cpanel/email_accounts.yaml

The directory that need to be removed is

/home/user/mail/mydomain.com

where, ‘user’ is the one under who’s account the email address of ‘mydomain.com’ exist.

phpMyAdmin: Cannot start session without errors

Error:

Cannot start session without errors, please check for errors in your PHP and/or webserver log file, and configure your PHP installation correct.

You receive the error message “Cannot start session without errors” while accessing phpMyAdmin in cPanel. phpMyAdmin will not work if any of the following settings are incorrect on a cPanel server.

1. The owner and group of /var/cpanel/userhomes/cpanelphpmyadmin directory should be cpanelphpmyadmin recursively as by default phpMyAdmin sessions are written under /var/cpanel/userhomes/cpanelphpmyadmin/sessions/ directory.

chown cpanelphpmyadmin /var/cpanel/userhomes/cpanelphpmyadmin -R
chgrp cpanelphpmyadmin /var/cpanel/userhomes/cpanelphpmyadmin -R

The 1st step should fix the issue but if it doesn’t follow the next 2 steps:

2. Change the session.save_path parameter to /tmp in the file /usr/local/cpanel/3rdparty/etc/phpmyadmin/php.ini i.e. edit the file

pico /usr/local/cpanel/3rdparty/etc/phpmyadmin/php.ini

change session.save_path as below

session.save_path = /tmp

3. The /tmp directory permissions should be 1777, not 755.

chmod 1777 /tmp

HowTo: Add Additional IPs

How to add multiple IPs on an Ethernet network interface card i.e. eth0? OR

How to add additional IPs on a Linux server?

People find it rather hard to add the IPs manually on a Plain server. Following are the steps you can follow to add a range of IPs on a CentOS server:

1 ) Change directory to /etc/sysconfig/network-scripts/ using the ‘cd’ command:

cd /etc/sysconfig/network-scripts/ (this directory contains Interface configuration files)

2) Create a file ifcfg-eth0-range0 using your favorite text editor like ‘pico’

pico ifcfg-eth0-range0

3) Add the following lines to the file:

IPADDR_START=1.1.1.10
IPADDR_END=1.1.1.20
CLONENUM_START=1

where,

IPADDR_START is the first IP in the range.
IPADDR_END is the last IP in the range.
CLONENUM_START=1, where 1 will start adding IPs from eth0:1

4) Save and exit the file.

5) You now need to execute “ifup-aliases” script for the range of IPs to take affect. Execute the following command:

./ifup-aliases eth0

This will add the IPs on eth0 and will bring all the virtual interfaces up. You can view all the interfaces using the “ifconfig” command.

HowTo: Increase /tmp partition size

How to increase /tmp partition? In case your server isn’t built with a /tmp partition OR you need to increase the disk space of the partition for some reason, you will have to create a virtual partition and have to mount it on /tmp.

The following steps will guide you to create a virtual partition:

1) To create a partition of 2GB, use the below dd command:

dd if=/dev/zero of=/home/tmp-dir bs=1024M count=2

2) Once the partition is created, you need to create the file system on it using the mke2fs command

mke2fs -j /home/tmp-dir

3) Now, the partition is ready to be used but you need to mount it on /tmp directory.

mount -t ext3 -o loop /home/tmp-dir /tmp

Here, we have used ‘loop’ while mounting /home/tmp-dir partition because we are not mounting an actual block device but to make a file accessible as a block device.

4) To verify the partition, execute

mount

5) To make sure this partition is mounted automatically after every reboot, edit the /etc/fstab file and replace the /tmp line with the following one:

/home/tmp-dir /tmp ext3 defaults,loop 0 0

Hope, this helps.

PAE-Kernel extenstion: 4GB of RAM not showing

Why do server not showing up 4GB of RAM? By default a server supports up to a 4GB of RAM i.e. on a non-PAE kernel. If you wish to add 4GB RAM or more, you will have to install kernel-PAE package which addresses upto 64GB of RAM. Once you install the kernel with the PAE module, the server will show you the correct amount of installed RAM.

Use yum to install the module:

yum install kernel-PAE

Once the module is installed, you will have to edit the grub configuration file to make sure the new kernel is picked up on reboot. Edit the file using your favrioute editor:

pico /etc/grub/grub.conf

and change the line

default = 1

to

default = 0

Save and Exit the file. Once done, reboot the server for the changes to take effect.

make_sock: could not bind to address 0.0.0.0:80

You may come across the following error while restarting Apache:

(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs

The reason is, some Apache processes are still running though the service is stopped and the port 80 is still binded to some processes.

In this case, you need to search out for the running Apache processes and have to kill them in order to start the service properly. To search the processes, execute:

fuser -n tcp 80

this will list all the PIDs of the running processes that are binded to port 80. To kill them, execute:

kill -9 PID

where, PID are the ones you retrieved from the previous command. Once you kill the PIDs, you can start the Apache service safely. The same is applied for port 443.

Howto: disable root login

How to disable root login and secure SSH server? In order to disable root access on your server, make sure you create a user who have privileges to gain root access. Create a user say, ‘admin’ (you need to add the user ‘admin’ to the wheel group in case you are on a cPanel server) and follow the steps to disable root access and secure SSH:

1) Edit the SSHD configuration file:

pico /etc/ssh/sshd_config

2) Search the line

PermitRootLogin yes
and change it to
PermitRootLogin no

3) To change the default SSH port, search for the line

#Port 22
and change it to
Port 2233

4) To make SSH work on a secure protocol, search the line

#Protocol 2, 1
and change it to
Protocol 2

5) In order to make SSHD service listen to a specific IP, searcg the line

#ListenAddress ::
change it to
ListenAddress AdditionalIPofServer

Once you are complete with the above changes, save the file and exit. You will have to restart the sshd service for the changes to take effect. Now, you will have to login to your server as user ‘admin’ and then su to root as follows:

Hostname: Server IP
User: admin
SSH Port: 2233
Pass: password of user ‘admin’

Once logged in, execute su -and it will prompt you for the root password.

Howto: Password Protect a directory using .htaccess

How to Password Protect a Directory using .htaccess?

You may need to password protect a directory in order to limit the sharing of files under it OR may need to protect a private area. You can password protect a directory using a .htaccess file which has to be placed under a directory which needs to be protected.

Create a .htaccess file

vi /home/username/.htaccess

Once created, add the following lines to it:

AuthUserFile /home/username/.htpasswd
AuthName “Private Area”
AuthType Basic
require valid-user

where, ‘username’ is the actual username of your domain. Now, create a .htpasswd file under the /home/username/ directory.

vi /home/username/.htpasswd

In order to grant access to the directory for specific users, you need to place all the users along with their passwords in the below format:

username1:encryptedpassword
username2:encryptedpassword

There is no limit in adding users to this file, just make sure each user should be on a separate line and you can encrypt passwords using any available tool on the internet.