Monday, 17 December 2012

Installing Flvtool2 in Centos 6


You can install the module via ruby setup

cPanel offers a script to install ruby

 /scripts/installruby

          or try

 yum install subversion ruby libcurses-ruby or apt-get install subversion ruby libcurses-ruby

 cd /usr/local/src

 wget http://rubyforge.org/frs/download.php/17497/flvtool2-1.0.6.tgz

  tar -xvzf flvtool2-1.0.6.tgz

  cd flvtool2-1.0.6

  ruby setup.rb config

  ruby setup.rb setup

 ruby setup.rb install

  whereis flvtool2

Installing Mp4box in centos 6


Login to the server

 cd /usr/local/src/

Now we need to download the packages and libraries of MP4Box

 wget http://downloads.sourceforge.net/gpac/gpac-0.4.5.tar.gz

 wget http://nchc.dl.sourceforge.net/project/gpac/GPAC%20extra%20libs/GPAC%20extra%20libs%200.4.5/gpac_extra_libs-0.4.5.tar.gz

 tar -zxvf gpac-0.4.5.tar.gz

 tar -zxvf gpac_extra_libs-0.4.5.tar.gz

Now we need to copy the libraries to gpac folder.

 cd gpac_extra_libs

 cp -prf * /usr/local/src/gpac/extra_lib

 cd ..

 cd gpac

Install MP4Box

 chmod 755 configure

 [gpac]# ./configure

[gpac]# make lib

[gpac]# make apps

[gpac]# make install lib

[gpac]# make install

Now copy the gpac.so file from gpac directory to System libraries

[gpac]# cp -prf bin/gcc/libgpac.so /usr/lib64

>> ldconfig

>> which MP4Box

if you get an error like this

/usr/bin/ld: cannot find -lglutcollect2: ld returned 1 exit status

To fix this create a symbolic link of /usr/lib64/libglut.so.3 to /usr/lib64/libglut.so

[gpac]# ls /usr/lib64 |grep glutlibglut.so.3

[gpac]# ln -s /usr/lib64/libglut.so.3 /usr/lib64/libglut.so


Thursday, 13 December 2012

Google Apps MX records in WHM


Log in to your WHM account.

Click on DNS Functions.

Click Edit DNS Zone.
In the box on the right, select the domain you want to edit, and then click Edit.

Delete the existing MX record entry.

In the first box, enter your domain name (e.g. example.com).

Don't change the second box.

Select MX from the drop-down menu.

In the box to the right of the drop-down menu, enter 10 as the priority value.

In the next box, enter enter ASPMX.L.GOOGLE.COM.

Repeat steps six through eight for the rest of the MX record entries listed below.

Add new entries in the Add New Entries Below this Line section.

NOTE: Make sure each entry is entered exactly as it appears in the following table. Each record must have the trailing dot.

Priority     Mail Server
10         ASPMX.L.GOOGLE.COM.
20         ALT1.ASPMX.L.GOOGLE.COM.
30         ALT2.ASPMX.L.GOOGLE.COM.
40         ASPMX2.GOOGLEMAIL.COM.
50         ASPMX3.GOOGLEMAIL.COM.

Select the option Remote mail Exchanger

Then Click save.

Your MX records are now configured to point to Google. Keep in mind that changes to MX records may take up to 48 hours to propagate throughout the Internet.

You can check if it is correctly configured by the command :

dig +trace domainname mx

The result will display the respected Mx value listed above.

Saturday, 8 December 2012

Addon domain V/S Parked domain


An Addon domain is a new, unique website hosted in a new folder on your account.
 
When you create an Addon domain, 3 things happen:

    a folder is created in the 'public_html' directory
    a subdomain is created for the main domain and attached to the new folder
    the new domain name is associated with the subdomain

As such, if your main domain was 'abc.com' and you assign the Addon Domain '123.com'     the folder '123', the following routes (URLs) would be true:

abc.com/123
123.abc.com
123.com

They would all access the same directory and, thus, the same website. However, the functionality of 123.com holds true such that when a visitor goes to 123.com, all they know is 123.com -- there is no evidence that they are being routed through 123.abc.com behind the scenes, and everything functions normally.

This all happens automatically when an Addon domain is attached to an account -- no 'fix' required

 An Addon Domain is a domain name which points to its own folder within public_html and appears as a separate website from your primary domain.

    This allows you to have two separate Web sites on your account. You can have a cars.com and then a candy.com as an add-on domain. The candy.com would be a completely separate Web site and visitors would not know that it is part of your cars.com account.

A Parked Domain is a domain name that points to your main Web site on your account

    For example, if cars.com is your main Web site, you can purchase the cars.net and assign it as a parked domain so that if a visitor were to type cars.net they would see the same Web site as if they had typed cars.com
 

Unable to Acesss WHM

The main reason for the inaccessibility is that the Main IP address get blocked in IP tables and Csf.

Check if IP is blocked:
# iptables -L -n --line | grep [IP Address]

If IP appear as DROP or REJECT, the IP has been blocked 
Unblock the IP Address:
# iptables -I INPUT -s [IP Address] -j ACCEPT

Blocking back an IP Address:
# iptables -A INPUT -d [IP Address] -j DROP

 service iptables save

In CSF :
Check the file :
vi /etc/csf/csf.deny
If you find the Entry of thr respected IP Address, Comment it and restart it using :
csf -r

In CpHulk brute Force detection :
Try this command :
ps aux | grep -i cphulk
kill -9 PID#
Where PID# is the process ID number of that process.

Then disable it:

/usr/local/cpanel/bin/cphulk_pam_ctl --disable

At that point, if you can log into the machine, check WHM > Cphulk Brute Force Protection to see if your IP is whitelisted. If it isn't, whitelist your local IP address that you use to log into WHM to ensure you cannot be locked out when root user is brute forced and root logins to WHM are disabled.








PHP Handlers


PHP handlers are the programs that interpret the PHP code in your web application and process it to be sent as HTML (or another static format) by your web server. Out of the box none of the major web servers can handle PHP by themselves so they need another program to do it for them. This program, known as a PHP handler takes all of your PHP code and generates the output which is then sent to the web server which forwards it on to the user.
Currently there are 4 major PHP handlers available on Apache. These include mod_php (AKA DSO), CGI, FastCGI, and suPHP. If you’re using another web server your options may be different (for example, nginx requires FastCGI). Each of these handle memory, CPU, and file permissions in a different way which can then manifest itself in your web app in everything from performance to important features of your application. Here’s a breakdown of each of the options

mod_php (DSO)


DSO (which is short for Dynamic Shared Object) or mod_php is the oldest and, some would say, the fastest PHP handler available. It essentially makes PHP a part of Apache by having the Apache server interpret the PHP code itself through use of an Apache module known as mod_php. This is the default handler typically installed when installing a web server package on your server.
On the plus side mod_php is fast, in fact very fast as it runs directly in the same process as your Apache server. Running it together with Apache also means that it has a very low CPU and memory requirement which may be beneficial in situations where computing resources are limited.
The major drawback of mod_php is that it runs as part of Apache which means that it runs as the same user that your Apache process runs as (if you’re on Ubuntu this would www-data). This means that all work on files will be done as the Apache user which therefore must have permissions to all of your files. In most cases when you upload files to your server you do so as a different user that has login rights to the machine. This means that all the files and folders you upload are “owned” by the user that you used to upload them. If you don’t give permissions to them to the Apache user the web server will not be able to read or write to the files, but if you do give access to them to the Apache user and your machine is compromised by an attacker that attacker could have access to much more than just the files in the website they used to get in to your system potentially creating problems for every site hosted on your machine.
The file permission issue is also the biggest source of headache for users of content management systems such as WordPress or Drupal. Because the files of your site are often owned by an account other than that which they are running as, users of mod_php are often unable to upload or modify files from within their CMS without substantial work arounds. Not only could this prevent an administrator from adding pictures and other media to their site easily, but it could also lead to security patches not being installed due to the added complexity of doing so which causes another security hole in your site.

CGI

CGI is the fallback in most servers when mod_php is not available. Instead of running the PHP code within Apache it is now run as it’s own CGI process, that is, in a program outside of your Apache server.
By default CGI will be called by the Apache server meaning that it will run as the Apache user with all the problems of doing so that mod_php encountered. Unlike mod_php however CGI has the ability to see the PHP as another user (presumably the user that owns the files) using another Apache module known as suexec.
For performance CGI is not nearly as fast as mod_php and requires more CPU time. It is however still soft on memory usage which may be a benefit to some users.

suPHP

suPHP runs PHP outside of the Apache script as CGI. Unlike CGI however it will run the scripts as a user other than the Apache user (presumably the user that owns the files). This means that if you are using a CMS you will be able to upload files from within your web application using suPHP. In addition, because your PHP is being run as a different user any vulnerability in your site can be restricted to only the files of your website thereby providing substantial security benefits particularly on servers that run multiple websites.
The cost of the upload ability and security of suPHP is not cheap. suPHP is slow and requires quite a bit of CPU to process all the files. In addition, as it must process the file each and every time it is called, suPHP cannot use any OPCode caching such as APC or memcached resulting in even higher CPU usage by your application. If you are running on a low-end VPS or other server with an application such as WordPress this configuration can easily push you passed any CPU limits you might have whenever traffic starts to climb.

FastCGI

FastCGI is the last major PHP handler. It offers the security benefits of suPHP by executing files as the owner of the file. Unlike suPHP however it keeps open a session for the file when the processing is done resulting in significant memory use but also allowing for the use of OPCode caching such as APC or memcached.


                                  mod_php CGI suPHP FastCGI
Memory usage             Low         Low    Low     High
CPU Usage                 Low          High    High Low
Security                       Low          Low    High High
Run as file owner         No            No     Yes      Yes
Overall Performance     Fast         Slow   Slow Fast


To determine the PHP Handler used in Cpanel servers :

/usr/local/cpanel/bin/rebuild_phpconfig --current

To determine the PHP version :

php -v

To determine the PHP modules currently enabled :

php -m

To create a phpinfo file, open a plain text file, add the following lines and save :

<?php // Show all information, defaults to INFO_ALL phpinfo(); ?>

Monday, 26 November 2012

Cpanel account Migration using Scripts


First you have to create a file containing the usernames of the accounts in the old server(users.txt).
================================
Take Backup(script.sh)

for i in `cat /home/users.txt`;
do /scripts/pkgacct $i;
done
================================
To move backup

scp cpmove-*.tar.gz root@IP(New server):/home/

passwd:
================================
rm -rf cpmove-*

=================================
In new Server:

restore Backup

for i in `cat /home/user.txt`;
do /scripts/restorepkg $i;
done

-================================
rm -rf cpmove-*

=================================

Install APC on CentOS 5


APC (Alternative PHP Cache) is a free and open cache for PHP. It’s a free framework for caching and optimizing PHP intermediate code.
In other words, it could improve your php website performance

Here are some instructions on how install APC on CentOS 5 :

yum install php-pear php-devel httpd-devel pcre-devel apr-devel

pecl install apc

Create the file : /etc/php.d/apc.ini

extension = apc.so
apc.enabled=1
apc.shm_segments=3
apc.optimization=0
apc.shm_size=128
apc.ttl=7200
apc.user_ttl=7200
apc.num_files_hint=1024
apc.mmap_file_mask=/tmp/apc.XXXXXX
apc.enable_cli=1
apc.slam_defense=Off
apc.cache_by_default=1

Then restart Apache:
service httpd restart


Upon receving errors :
====================================
/usr/local/src/APC-3.1.5/apc.c:419: error: 'apc_regex' has no member named 'preg'
/usr/local/src/APC-3.1.5/apc.c:419: error: 'apc_regex' has no member named 'preg'
/usr/local/src/APC-3.1.5/apc.c:420: error: 'apc_regex' has no member named 'nreg'
/usr/local/src/APC-3.1.5/apc.c:420: error: 'apc_regex' has no member named 'nreg'
/usr/local/src/APC-3.1.5/apc.c: In function 'apc_regex_match_array':
/usr/local/src/APC-3.1.5/apc.c:452: error: 'apc_regex' has no member named 'preg'
/usr/local/src/APC-3.1.5/apc.c:452: error: 'apc_regex' has no member named 'preg'
/usr/local/src/APC-3.1.5/apc.c:453: error: 'apc_regex' has no member named 'nreg'
/usr/local/src/APC-3.1.5/apc.c:453: error: 'apc_regex' has no member named 'nreg'
make: *** [apc.lo] Error 1
======================================

Fix : yum install pcre-devel


Now to see if it is really working, create a file info.php in your DocumentRoot.

<?php
phpinfo();
?>

Start your browser and go to your.server.xx/info.php.
You’ll see something like this:

Now to see if it is really working, create a file info.php in your DocumentRoot.

<?php
phpinfo();
?>

Start your browser and go to your.server.xx/info.php.
You’ll see something like this :


Upon receiving the error :
================================
pecl/apc is already installed and is the same as the released version 3.1.9
install failed
==================================

Try : pecl install -f apc
             or
You can do a manual installation
==================
cd /usr/local/src
wget http://pecl.php.net/get/APC-3.1.12.tgz
tar -zxvf APC-3.1.12.tgz
cd APC-3.1.12
phpize
./configure
make && make install
 
 
 







Softaculous Installation


Before starting the installation make sure ionCube Loaders are enabled.
Please make sure that the Ioncube loader is selected for the backend copy of PHP

Enabling Ioncube
===============

 Login to WHM (root)
 Go to Server Configuration -> Tweak Settings -> PHP
 Select ioncube from the radio-button for cPanel PHP loader.
 Click on Save button.
 That's it. This will enable Ioncube for you in 3rd party PHP binary
 

 Now SSH to your server and enter following commands : 
 wget -N http://files.softaculous.com/install.sh
 chmod 755 install.sh
  ./install.sh
 
Now go to : WHM > Plugins (Add-Ons on older versions than 11) 
> Softaculous - Instant Installs
 
 
 



Friday, 9 November 2012

Installing Modules using /scripts/easyapache



Inorder to activate the modules such as GD Library,Ironcube loader,modsecurity,curl,zendcube loader,etc.
You can use /scripts/easyapache on the servers in which Cpanel is installed

Login to your server and type :

/scripts/easyapache

Select a profile to load and click "Start customizing based on profile"

Select the Apache version and click next step.

Select the Major PHP Version and click next step.

Select the PHP Minor Version and click next step.

Scroll down to the bottom and click "Exhaustive Options List". (If the module you are needing isn't listed)

Select the modules you wish to add then scroll to the bottom and click "Save and Build".

Installation of ZendOptimizer


If you wanted to install Zend Optimizer use the below command.


Inorder to check the module is available :
/scripts/phpextensionmgr list
Available Extensions:
EAccelerator
IonCubeLoader
Zendopt
SourceGuardian
PHPSuHosin

Installing the module :
/scripts/phpextensionmgr install Zendopt
Installing Zendopt
Determining PHP version
Installing Zend Optimizer binary
Activating Zend Optimizer in /usr/local/lib/php.ini
Zend Optimizer activated
Skipping install to /usr/local/php4, missing php.ini

Installation of Cpremote



cPremote is a remote incremental backup and it will use cPanel modules itself for taking backups to your remote backup server over ssh.

A growing number of clients are choosing to use CP Remote backup script as a ‘low load’ alternative to the standard Cpanel FTP backups. CP Remote is much more cost effective than the other backup solution we offer (R1 Soft) although it is a ‘time stamped’ solution and not a continuous data protection solution.

If you are happy to have off server backups taken nightly at a pre-defined time (usually 1am) then this backup solution could be for you. Quickly have your data restored to any cpanel server in the event of data loss.

It uses Rsync which means it is a very efficient way of working. Your first backup will take the longest as it copies all files from your server to the backup space you buy from us. The second backup only backs up what has changed so it is a very efficient solution in terms of bandwidth. All your data is backed up with this solution including Public_html folder, My SQL databases as well as email folders.

The Cpanel plug in works perfectly and allows you to check your backups and also restore quickly and easily from within an easy to use web based interface.

» Requirements:
You need a Linux cPanel server running latest stable release of cPanel(11.32 or higher) .

Need cpphp /var/cpanel/3rdparty/bin/php

» Install cPremote
Download the tar file cpremote.X.Y.tar.gz from https://portal.syslint.com/downloads.php where X.Y is the latest version.
tar -xzf cpremote.X.Y.tar.gz
# cd cpremote/
# ./install.sh

» Configure Backup
Go to WHM->Plugins -> cPanel Remote Backup -> Configure Backup . Here you can configure backup settings.

» Configure Backup Public Key in remote ssh account
Go to WHM->Plugins -> cPanel Remote Backup -> Your Backup Public Key and follow the procedure mentioned in that website to setup public key for backup ssh account.

» How to run a manual backup update
You may need to run the following script.
/scripts/cpremotebackup

» How to change the backup time
You may change the following cron time
0 1 * * * /scripts/cpremotebackup

» How to enable backup for Multiple Home folder
You may need to add your home folders mount point names n to the file /etc/cpremote/userhomes.txt. See an example below, It is the default settings.
/home
/home1
/home2
/home3
This option will enable multiple home folder feature.

» How to restore a cPremote Backup
1. A full account from daily , weekly, monthly and 7 days backups
2. Restore email fodler , home fodler , document root , individual files and fodlers, individual databases
3. cPanel end user interface for restoring backups
4. /scripts/cpremoterestore feature rich command line utility

» Restore Backups from Plugin Page
You may need to goo WHM -> Plugins -> cPanel Remote Backups -> Restore A backup , then select the cpanel accounts and backup option for restore.

» Restore Backups from server shell
If you need to restore a cPanel account say CPUSER from the backups see , the example commands below,

Restore email folder of cpanel user CPUSER from the daily backups
/scripts/cpremoterestore --user=CPUSER --from=daily --type=mail

Restore Document root from weekly backup for CPUSER
/scripts/cpremoterestore --user=CPUSER --from=weekly --type=www

Restore the complete home folder of CPUSER from monthly backup
/scripts/cpremoterestore --user=CPUSER --from=monthly --type=homefolder

Restore a full account from daily backup
/scripts/cpremoterestore --user=CPUSER --from=daily --type=full


Installing Ngnix on Cpanel



Nginx can be used to serve static pages on a server running cPanel with Apache. Apache will handle the dynamic content for PHP and cgi scripts, while nginx will handle the static pages such as .htm and .html

Install nginx
 1. Make a copy of your httpd.conf file 
     cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bak

 2. Go to WHM > Tweak Settings and change the Apache port:
    The port on which Apache listens for HTTP connections. Specifying a specific IP will prevent   Apache from listening on all other IPs. (default: 0.0.0.0:80)  To:  0.0.0.0:8081 
     Do not change the https port listed.
     Click the “Save” button.

3. Grab a copy of the nginx installation script:
     mkdir /root/cpacct && cd /root/cpacct
     cd /usr/local/src
     wget http://nginxcp.com/latest/nginxadmin.tar 
     tar xf nginxadmin.tar
     cd publicnginx
    ./nginxinstaller install

 If you receive this error when trying to install:
  access key doesn't exist create it in WHM
  Then go to WHM > Cluster/Remote Access > Setup Remote Access Key and click on the “Generate      New Key” button.
  At that point, then re-run “./nginxinstaller install” command.

4. Rebuild Apache and then restart nginx and Apache
    /scripts/rebuildhttpdconf
    /etc/init.d/nginx restart
    /etc/init.d/httpd restart

Now, your static pages should be serving from nginx, while PHP and cgi ones should be serving from Apache. Both httpd and nginx processes will be running on the machine.

Please note that sites will still show up on port 80 in a browser (so you don’t have to worry that pages in a browser will require a different port). nginx works as a proxy on port 80, so it handles the incoming requests on that port to see if they are dynamic or static, then it hands off the dynamic pages to Apache (running on port 8081). Your site visitors will have no idea that Apache is running on a different port due to the proxying nginx performs on the machine for it.

Uninstall nginx

If you decide you want to uninstall nginx at any point, simply run this command: 
/root/cpacct/publicnginx/nginxinstaller uninstall
You would also need to go to WHM > Tweak Settings and change the Apache port back to 80:
The port on which Apache listens for HTTP connections. Specifying a specific IP will prevent Apache from listening on all other IPs. (default: 0.0.0.0:80)  To: 0.0.0.0:80
Then “Save” that area. Finally, rebuild and restart Apache:
  /scripts/rebuildhttpdconf
  /etc/init.d/httpd restart
======================================================================

Changing Litespeed webserver password


Login to the server
/usr/local/lsws/admin/misc/admpass.sh 

Enter the user name:
New Password:
Retype New Password: 

The password have been changed
============================================

Thursday, 25 October 2012

Wordpress Installation in Cpanel


Step 1: Download the installation archive from the WordPress download section (http://wordpress.org/download/) by clicking on "Download.zip" or "Download.tar.gz". This way you will get the latest stable release of the WordPress application.

Step 2: When you are in cPanel -> File Manager, navigate to the uploaded file and extract it by clicking on "Extract". The other option is to extract the file on your computer and then to upload the content in the desired folder via FTP.

Step 3: You have to create a Mysql database and a database user and then assign that user in to the database with full privellages.

Step 4: Then you have to run the installer,With the new version of WordPress, you don’t have to edit your config. file anymore. Simply type the url of the directory where it was installed.

    For example: www.yourdomain.com/blog/





In cpanel case, you will need to add user_database format when you enter the name of your database. Enter the database you created in the step 2. Enter the username and password and thats it. You don’t need to change Database host and wp_prefix field.
Once you hit the submit button, it will take you to a follow up page like this :



Make sure that you check the box off if you don’t want this blog to be seen by search engines. For businesses, keep it on so you can be discovered. Make sure you enter a valid email because if something goes wrong, and your browser decide to shut off on you, and you didn’t get to copy the random password, it can send the password to you. Once you click install, a confirmation screen like below would appear:


After the step above, your installation is now complete and you can login to your WordPress admin panel by going to:

http://www.yourdomain.com/wp-admin
Eventhough the install is complete, there is more that awaits you such as choosing the right theme, plugins, and advertising your blog.

Wednesday, 24 October 2012

Tuning Mysql Performance with Mysql tuner


MYSQL Tuner :-  It is a perl script that analyzes the MYSQL performance and based on the statistics , it gathers and give us an idea about the parameters need to be changed in the my.cnf file to increase the MYSQL performance.

Download Mysql Tuner script as follows:

# wget http://mysqltuner.com/mysqltuner.pl

Then, make the script executable by running

# chmod +x mysqltuner.pl

Run the script

# ./mysqltuner.pl

This is how you can run the mysql tuner script. Then, you will obtain the output as:

------------------------------------------


General recommendations:
    Run OPTIMIZE TABLE to defragment tables for better performance
    MySQL started within last 24 hours - recommendations may be inaccurate
    Enable the slow query log to troubleshoot bad queries
    When making adjustments, make tmp_table_size/max_heap_table_size equal
    Reduce your SELECT DISTINCT queries without LIMIT clauses
    Set thread_cache_size to 4 as a starting value
    Increase table_cache gradually to avoid file descriptor limits
    Your applications are not closing MySQL connections properly
Variables to adjust:
    query_cache_size (>= 8M)
    sort_buffer_size (> 8M)
    read_rnd_buffer_size (> 256K)
    tmp_table_size (> 20M)
    max_heap_table_size (> 20M)
    thread_cache_size (start at 4)
    table_cache (> 64)
    innodb_buffer_pool_size (>= 29M)

------------------------------------------------------

By adjusting the parameters listed in " Variables to adjust ", we can increase the performance of mysql

Tuesday, 23 October 2012

Tweaking Apache in WHM


Apache is the number one Web server running on Linux systems. There are a number of little things that can be done to tune Apache performance and to lessen its impact on system resources. One of these things is tweaking the memory usage.

By default, Apache allocates a maximum number of 256 simultaneous client connections, or 256 processes (one to serve each request). With this setting, a heavily-trafficked site would be taken down in moments (even if you assume 5 MB per process, 1.3 GB of RAM would be required to satisfy that number of requests). If nothing else, it would cause the system to thrash the hard disk by attempting to use swap to handle what can't fit into physical memory.

Inorder to Tweak the apache settings in WHM go to :

Main >> service configuration >> Apache configuration >> Global configuration

Other settings to tweak include the KeepAlive, KeepAliveTimeout, and MaxKeepAliveRequests settings. Recommended settings, which can all be set in the configuration, would be :

----------------------------------
 ServerLimit 150

 MaxClients 150

 KeepAlive On

 KeepAliveTimeout 2

 MaxKeepAliveRequests 1000
----------------------------------

By decreasing the KeepAliveTimeout from 15 seconds to 2 seconds, the MaxClients directive can be increased; 19 is pretty small, and 128 is much better. By reducing the number of seconds that a process can live, you can enable more connections in the same amount of time.


MaximumKeepAlive requset is actually the maximum number of requests to serve on a TCP connection. If you set it up to 100, clients with keepalive support will be forced to reconnect after downloading 100 items. By increasing the value to 1000, The clients can download a full page with a single connection. Bumping that value didn't had any negative impact, it only made everything more faster.



Please save the edited configuration

The value of the MaxClients can be increased if you have sufficent memmory to handle the request.

Monday, 22 October 2012

Social Engine Installation


Before installing social engine you need to create a Mysql database and database user with a strong password. Please also add the user to the database and assign  all privellages on to the database user.

You can download a copy of SocialEngine from the client area of our website :

http://www.socialengine.com/sign-in

Create a directory on your server where SocialEngine will be placed (e.g. "/socialnetwork") or, if you wish, you can simply use your existing HTTP root directory (e.g. "/httpdocs", "/public_html").

Download the SocialEngine4 ZIP file and extract it's contents to your computer.

Upload all the extracted files to your server.

Point your browser to the directory where your SocialEngine files were uploaded (e.g. "http://www.example.com/socialnetwork", "http://www.example.com").

Step 1: Enter your License Key :

Enter your SocialEngine license key and click Continue



Step 2: Check Requirements


Most of the requirements listed on this page should already be meet if your server meets the minimum requirements required by SocialEngine. If your server does not meet the minimum requirements, please contact your hosting provider.

f you are using a Unix server (or Unix variant, like Linux, OS X, FreeBSD, etc.), 777 permissions must be applied to the following directories:

    /install/config
    /temporary
    /public
    /application/themes
    /application/packages
    /application/languages
    /application/settings/

To apply permissions to these directories manually login over FTP and recursively set the permissions of the directories listed above to 777. To have SocialEngine set the permissions for these directories automatically, click on the "do it automatically" link.

Step 3: Select your connection type



If you select FTP/FTPS as your connection type, enter your FTP information and click Continue.

NOTE: If you are not sure what the path is to your SocialEngine installation directory, set the FTP Path to "/" and select "Search for SocialEngine Path". The     installation wizard will automatically find the correct file path to your SocialEngine installation directory.

 If you select None as your connection type, enter the path to your SocialEngine installation directory click Continue.

 

After SocialEngine has found and set the necessary permissions, click the Retry Requirements Test button to check the requirement once more.

 

  If all requirements have been meet, click the Continue button to proceed to step 3.

  
   

 Step 3: Setup MySQL Database

    Enter your MySQL database information and click Continue.

 

  If SocialEngine is able to connect to your database, click the Continue button to proceed

 

 

If SocialEngine is able to create your database tables successfully, click the Continue button to proceed to step 4.

 

 Step 4: Create Admin Account

  Enter the name of your SocialEngine website, profile information and click Continue.

 

 Congratulations! SocialEngine has been installed successfully. You are now ready to login to your SocialEngine administration system and build your social network

   









Friday, 19 October 2012

Black List Removal

Steps to be followed when your IP address is Blacklisted :

If your Domain-Name or IP Address is blacklisted at any ISP, you need to send them a  request them to be removed from their blacklist (de-listed).

 Here are the basic steps that you should follow for the whitelisting/de-listing  procedure at the ISP in question:

 a) You should follow the URL links & apply for whitelisting/de-listing using their  online form.

                           or

 b) You should send an email to the mentioned email address.

List of ISP's :

--------------------------------------------------------------------------------------------------
Comcast:
  Follow this URL: www.comcastsupport.com/rbl
  Fill out the online form & submit.
 
  Cox:
  Follow this URL: http://postmaster.cox.net/confluence/display/postmaster/Error+Codes
  On the page, search the listed error codes to match the one you received when you were blacklisted. Click the URL suggested to get to the appropriate online form.      Then submit.
 
  EarthLink:
  Send an email to: blockedbyearthlink@abuse.earthlink.net
  Use the subject line <Blocked 'insert your email server's IP'> (example: Blocked 255.255.255.2555)
  More details are given on these pages:
  http://earthlink.net/block
  http://support.earthlink.net/articles/email/email-blocked-by-earthlink.php
 
  Gmail:
  Read Gmail's Bulk Senders Guidelines here: http://www.google.com/mail/help/bulk_mail.html
  Then follow this URL for the Bulk Sender Contact Form: http://mail.google.com/support/bin/request.py?contact_type=bulk_send&hl=en
  Fill out & submit.
 
  Hotmail:
  Follow this URL: https://support.msn.com/eform.aspx?productKey=edfsmsbl&ct=eformts
  Fill out the online form & submit.
  AT&T/SBC Global/Bellsouth:
  Follow this URL: http://rbl.att.net/cgi-bin/rbl/block_admin.cgi
  Fill out the online form & submit.
  For questions related to a request, please contact them at: abuse@rbl@abuse-att.net
  Juno/NetZero/Bluelight (United Online):
  Follow this URL: http://www.unitedonline.net/postmaster/blocked.html
  Fill out the online form & submit.
  Roadrunner/Adelphia:
  Follow this URL: http://security.rr.com/mail_blocks.htm
  Follow this URL to find whether your IP is blacklisted: http://security.rr.com/cgi-bin/block-lookup

  USA.NET:
  Follow this URL to find whether your IP is blacklisted: http://postmaster.usa.net/html/error.html

  Verizon:
  Follow this URL: http://www2.verizon.net/micro/whitelist/request_form.asp?id=isp
  Fill out the online form & submit.
 
  Yahoo:
  Follow this URL: http://help.yahoo.com/l/us/yahoo/mail/postmaster/bulkv2.html
  Fill out the online form & submit.

  Mail.ru:
  Follow this URL for the Google page translator tool: http://translate.google.com
  Check "Translate from Russian" and "Translate to English"
  Enter this link in the form: mail.ru/notspam/ Then and hit Enter or Return.
  Read and follow the directions on the newly translated page.
 
  AOL.com:
  If you have been blacklisted, visit AOL Postmaster
  You will need to open a Postmaster Support Request to put yourself on AOL's whitelist
  (*The AOL whitelist is meant for permission-based bulk senders. Bear in mind that if you are on their blacklist, you may have done something to violate their      technical guidelines or best practices)
  You can also apply for Whitelist Status immediately.
-----------------------------------------------------------------------------------------------------

     List of Blacklist's [RBL/DNSBL]:

  -----------------------------------------------------------------------------------------------------

 
  Lashback:
  Follow this URL to find whether your IP is blacklisted:
  http://www.lashback.com/support/UBLQuery.aspx
  Fill out the online box and follow the links.
 
  BarracudaCentral:
  Follow this URL to find whether your IP is blacklisted: http://www.barracudacentral.org/lookups
  Then follow this URL: http://www.barracudacentral.org/rbl/removal-request Fill out the online form &   submit
 
  Spamhaus:
  Follow this URL to find whether your IP is blacklisted: http://www.spamhaus.org/lookup.lasso
  Fill out the online form, submit and follow appropriate links.
 
  Surbl:
  Follow this URL to find whether your IP is blacklisted: http://george.surbl.org/lookup.html
  Fill out the online form & submit.
 
  Invaluement.com:
  Follow this URL to find whether your IP is blacklisted: http://dnsbl.invaluement.com/lookup/
  Fill out the online form & submit.
 
  DNSBL Manitu:
  Follow this URL to find whether your IP is blacklisted: http://www.dnsbl.manitu.net/
  Fill out the online form & submit. You can also send an email to the link provided.
 
  Uribl:
  Follow this URL to find whether your IP is blacklisted: http://lookup.uribl.com/
 
  Hostkarma blacklist:
  http://ipadmin.junkemailfilter.com/remove.php Fill out the online form & submit.
 
  Spamcop:
  http://www.spamcop.net/fom-serve/cache/298.html For network and server administers.
  http://www.spamcop.net/fom-serve/cache/405.html For bounce message recipients and end-users.
  http://www.spamcop.net/bl.shtml Blacklist IP look-up
----------------------------------------------------------------------------------------------

SPF records


An SPF record is a type of Domain Name Service (DNS) record that identifies which mail  servers are permitted to send email on behalf of your domain.SPF is an open standard  created to stop forgery of From addresses. SPF helps mail servers distinguish forgeries  from real mail by making it possible for a domain owner to say, "I only send mail from  these machines". That way, if any other machines try to send mail from that domain, the  mail server knows that the From address is forged.
 





  Creating SPF records
 -----------------------

  You can create the spf records for the domains from this link :
 
  http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

 Checking SPF records for a Domain
 ----------------------------------------

You can check if a Domain have valid SPF record via :

 http://mxtoolbox.com/spf.aspx

  Performing a Dig search :

  Dig +trace Domain name txt

  Will display a result like : v=spf1 include:spf.intermedia.net ~all  or 
  v=spf1 A:my_smtp_server_name include:spf.intermedia.net ~all


                              




Litespeedserver Installation in WHM


 You can install litespeed on a WHM/Cpanel server by simply following the bellow steps :

 Log into server via SSH as ‘root’ user.

 Go to /usr/src

 cd /usr/src

 Download the installation file using wget.

 wget http://www.litespeedtech.com/packages/cpanel/lsws_whm_plugin_install.sh

 chmod 700 lsws_whm_plugin_install.sh

 sh lsws_whm_plugin_install.sh ( ./lsws_whm_plugin_install.sh)

 rm -rf lsws_whm_plugin_install.sh

 Log into WHM. Go to manage pluggins section.

 Start the installation procedure by clicking on ‘Install LiteSpeed’.

 This will ask you to enter your license information and admin password. Enter these information and click     on ‘Build matching PHP Binary. (Please do not tick the box to  start LiteSpeed immediately).

 Click on ‘Switch to LiteSpeed’

 Click on ‘Admin Web Console’ and login

 Final stages of setup

 Go to Configuration > General > Index Files > Edit

 You need to set the following and save.
 ===============================================
  Index Files: index.html, index.php, index.php5, index.htm
  Auto Index: Yes
  Auto Index URI => /_autoindex/default.php
 ===============================================
 
  In SSH Type:

  ln -sf /usr/local/lib/php/autoindex /usr/local/lsws/share/autoindex
  ================================================

  Go to Configuration > Log > Server Log > Edit

Set the following:
 ===============
 Log Level: Info
 Debug Level: None
 ===============

 Finally click on Actions > Graceful Restart to make these changes permanent.

 Now, you have successfully installed Litespeed on WHM/cpanel server.

Thursday, 18 October 2012

RAID


Almost all modern servers are shipped with RAID controllers – redundant array of independent disks. Despite the fact that this technology was invented more than twenty years ago, nowadays the importance of it can scarcely be exaggerated.

So let’s consider various RAID types. No difference which Linux distribution you use – Ubuntu, Fedora, Debian, etc. – there are three types of RAID:

1. software
2. hardware
3. on-board solutions (sometimes called “fake RAID” or “host RAID”).

Software RAID

In the simplest case you have only software RAID. It could be determined without any software just by looking at /proc/mdstat file.

/proc/ is a Linux pseudo-filesystem which kernel uses for keeping various system parameters including this one. In spite of it’s just a file it’s very useful for managing and monitoring software RAID. If you have software RAID you will see something similar to the following:

[root@storage ~]$ cat /proc/mdstat

Personalities : [raid1] [raid10]
md2 : active raid10 sda3[0] sdd3[3] sdc3[2] sdb3[1]
959194880 blocks 64K chunks 2 near-copies [4/4] [UUUU]
md1 : active raid10 sda2[0] sdd2[3] sdc2[2] sdb2[1]
17385216 blocks 64K chunks 2 near-copies [4/4] [UUUU]
md0 : active raid1 sda1[0] sdb1[3] sdd1[2] sdc1[1]
96256 blocks [4/4] [UUUU]unused devices:

Besides you can simply run df command and if you see md devices it means you have software RAID :

[root@storage ~]$df -h

Filesystem Size Used Avail Use% Mounted on
/dev/md2 915G 512G 403G 56% /
tmpfs 5.9G 1.6M 5.9G 1% /dev/shm
/dev/md0 92M 43M 44M 50% /boot

To figure out your RAID level you should check first line of each device description :

For instance,

md2 : active raid10 sda3[0] sdd3[3] sdc3[2] sdb3[1]
As you can see here we have block device md2 that has level 10 (or 1+0 if you will). String “sda3[0] sdd3[3] sdc3[2] sdb3[1]” means that we have four devices (or more exactly partitions) in our RAID device md2. Four U letters in brackets [UUUU] indicate that all of our devices are active. So if you need check your software status you can do that just by checking /proc/mdstat. If one or more HDD failed you will see something like this:

[root@fs ~]$ cat /proc/mdstat

Personalities : [raid6] [raid5] [raid4]
md0 : active raid6 sdh1[4] sdg1[3] sde1[1] sdb1[5] sda1[0]
1953545728 blocks level 6, 128k chunk, algorithm 2 [6/5] [UU_UUU]
unused devices:

At this point you can stop reading if you are sure you have only one RAID controller and it’s software one on your server.

Hardware RAID

Inorder to detemine hardware raid, It would be a good idea to install all necessary software from the very beginning.You might need lshw and or lspci.

If your server is run by Ubuntu or Debian use aptitude or apt-get to install them:
[root@fs ~]$ aptitude install lshw lspci

If your choice is RPM-based system such as Fedora or Centos use yum:
[root@fs ~]$ yum install lshw lspci

Once you have these tools you can use them to find your RAID type.

Run

[root@storage2 ~]# lspci | grep -i raid

03:00.0 RAID bus controller: 3ware Inc 9690SA SAS/SATA-II RAID PCIe (rev 01)
Subsystem: 3ware Inc 9690SA SAS/SATA-II RAID PCIe

In most cases this output is your actual RAID controller. To check it use lshw.


On-board RAID controllers

Some motherboards contain a chipset with RAID functions. It is a device with simple functions like XOR and the other simple ones. Sometimes such controllers called fake RAID. One important thing about on-board RAID is HDDs mapped via /dev/mapper/chipsetName_randomName.
 So you can always check them out with these files. To verify if your RAID controller is an on-board solution you need to check you motherboard specification. To find you motherboard model use lshw or dmidecode.

Base Board Information
Manufacturer: MICRO-STAR INTERNATIONAL CO., LTD
Product Name: MS-7142
[root@storage6 ~]# lspci -vv | grep -i raid

00:08.0 RAID bus controller: Promise Technology, Inc. PDC20270 (FastTrak100 LP/TX2/TX4) (rev 02)

To check which controllers contain our motherboard we should check its specification.
So it really contains on-board RAID controllers so it’s a fake RAID.

To check its status we can use dmraid tool.
[root@storage7 ~]# dmraid -r

/dev/hde: pdc, "pdc_cbeedhjag", mirror, ok, 156301312 sectors, data@ 0
/dev/hdg: pdc, "pdc_cbeedhjag", mirror, ok, 156301312 sectors, data@ 0

Wednesday, 17 October 2012

Mosquitto installation on Centos


Mosquitto is an open source (BSD licensed) message broker that implements the MQ Telemetry Transport protocol version 3.1. MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power sensors or mobile devices such as phones, embedded computers or microcontrollers like the Arduino.

Add the CentOS mosquitto repository to YUM's list of repositories :

 cd /etc/yum/yum.repos.d

wget http://download.opensuse.org/repositories/home:/oojah:/mqtt/CentOS_CentOS-5/home:oojah:mqtt.repo

 yum update

yum install mosquitto

If you are getting the error :

---------------------------------------------------
useradd: unknown group mosquitto
warning: user mosquitto does not exist - using root
warning: group mosquitto does not exist - using root
----------------------------------------------------

This can be fixed using manually creating the missing user group details.

  useradd  mosquitto
  groupadd mosquitto

You can find the configuration file at :
/etc/mosquitto/mosquitto.conf

Finally start mosquitto as a daemon with the line, /etc/init.d/mosquitto start

You get the following status :
--------------------------------------
# /etc/init.d/mosquitto start
Starting Mosquitto MQTT broker [ OK ]
--------------------------------------


Mounting SSHFS remote directory in Fstab


Sshfs is used to mount  a remote directory on another server to our local server.This can be done by installing the sshfs package and a package named fuse.

The mounting is done as below :

sshfs USERNAME@HOSTNAME_OR_IP:/PATH LOCAL_MOUNT_POINT SSH_OPTIONS

sshfs sessy@mycomputer:/home/sessy /mnt/sessy -C -p 9876

To unmount the remote system :

fusermount -u LOCAL_MOUNT_POINT

To mount it again :

fusermount -u LOCAL_MOUNT_POINT

We have to do ssh-keygen inorder to avoid asking the password upon mounting.

This can be done as below :

Create private and public keys using ssh-keygen commands

ssh-keygen

This will generate  private key in /root/.ssh/id_rsa and public key in /root/.ssh/id_rsa.pub

Then copy the content in id_rsa.pub to users /.ssh/authorized_keys file in remote server from which we are mounting

You can use scp to copy the file.

Then try to connect it using sshuser2remotehost ,this time password will not be asked.

Then mount is on fstab using the following settings :

sshfs REMOTEUSER@REMOTE:REMOTEMOUNTPOINT LOCALMOUNTPOINT -pREMOTEPORTNUMBER -o uid=LOCALUSERID -o gid=DESIREDGROUPID -o idmap=user -o IdentityFile=/root/.ssh/YOURKKEYFILE -o allow_other

Eg:sshfs#user@remote.com:/home/user/audio /var/www/html/audio

fuse

IdentityFile=/root/.ssh/id_rsa,idmap=user,allow_other,port=10022,uid=0,gid=0,rw,nosuid,nodev

0 0

Reference : http://ewald.tienkamp.nl/2010/01/19/mounting-a-remote-file-system-over-ssh-using-sshfs-and-non-standard-settings/

Tuesday, 16 October 2012

Finding DDOS attacks


Below are some of the useful netstat commands to check during DDOS attack.

To list the connections to the target IPs (server's IP's) use the below command : 


netstat -alpn | grep :80 | awk '{print $4}' |awk -F: '{print $(NF-1)}' |sort |uniq -c | sort -n


To list the connections from source IP's use the below command:


netstat -alpn | grep :80 | awk '{print $5}' |awk -F: '{print $(NF-1)}' |sort |uniq -c | sort -n


To see the state of each connection and the value use the below command:


netstat -an|grep ":80"|awk '/tcp/ {print $6}'|sort| uniq -c


You can use tcpdump to identify the attacker too:


tcpdump -c -n -i eth"x" -p host IP_Address


where x can be 0 or 1,n=number(100 or 1000). If it is a VPS, it can be venet0 too. Check the Output of ifconfig.



To check if a server is under a DoS attack with netstat, it’s common to use:

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n|wc -l

If the output of below command returns a result like 2000 or 3000 connections!, then obviously it’s very likely the server is under a DoS attack.

To detect a SYN flood with netstat :

netstat -nap | grep SYN | wc -l

If the output returns a value of 1032,1032 SYNs per second is quite a high number and except if the server is not serving let’s say 5000 user requests per second, therefore as the above output reveals it’s very likely the server is under attack, if however I get results like 100/200 SYNs, then obviously there is no SYN flood targetting

Checking if UDP Denial of Service is targetting the server :

netstat -nap | grep 'udp' | awk '{print $5}' | cut -d: -f1 | sort |uniq -c |sort -n

The above command will list information concerning possible UDP DoS.

The command can easily be accustomed also to check for both possible TCP and UDP denial of service, like so :

netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

You can see the output as :

104 109.161.198.86
115 112.197.147.216
129 212.10.160.148
227 201.13.27.137
3148 91.121.85.220

If after getting an IP that has too many connections to the server and is almost certainly a DoS host you would like to filter this IP.

Here is how I remove hosts to not be able to route packets to my server:

route add 110.92.0.55 reject

The above command would null route the access of IP 110.92.0.55 to my server.

Later on to look up for a null routed IP to my host, I use:

route -n |grep -i 110.92.0.55


Block the IPs with high connection above using CSF or APF firewall :

csf -d IP {reason}

apf -d IP

Prestashop Installation error while connecting to Database


While installing Prestashop if you are getting the error :

"Database server was not found. Please verify the login, password and server fields."


Check and comment the following attributes :

     vi /etc/my.cnf

    skip-networking
    skip-name-resolve
    skip-host-cache
    skip-locking

Now restart the mysql service

The database will be get connected.



Adding additional Ip address in Debian OS


Open the network configuration file :

vi /etc/network/interfaces

Check the name of your network interface. You should see a line similar to this one: "iface eth0 inet static". In my case the name is eth0.

Add these lines to the end of the file:

auto eth0:1
iface eth0:1 inet static
address 192.168.1.3
netmask 255.255.255.0
broadcast 192.168.1.255
network 192.168.1.0

Replace eth0 by your network interface name. If you are adding multiple IP addresses to the same system, you can increase the number after "eth0:".

Finally,activate the new virtual network interface :

ifup eth0:1

Saturday, 13 October 2012

Kloxo panel showing default page after first Installation

After kloxo first installation, if we don't reboot the server and add contents to domain, then it will load default kloxo page while we access the domain .

 To load the site contents , do the following:

#  sh /script/fixweb --server=all
#reboot

After running the script, reboot the server for the change to take effect.

Blank page loading after Plesk panel Installation


After plesk first installation, plesk panel loading blank page. Its an error caused due to license key.

Type this command :

# /usr/local/psa/admin/sbin/keymng --install --source-file <source path>

where < source path > is the license key.



Working of Email

Email is based around the use of electronic mailboxes. When an email is sent, the message is routed from server to server, all the way to the recipient's email server.
 More precisely, the message is sent to the mail server tasked with transporting emails (called the MTA, for Mail Transport Agent) to the recipient's MTA.
On the Internet, MTAs communicate with one another using the protocol SMTP, and so are logically called SMTP servers (or sometimes outgoing mail servers).
                                                                     
 The recipient's MTA then delivers the email to the incoming mail server (called the MDA, for Mail Delivery Agent), which stores the email as it waits for the user to accept it.
 There are two main protocols used for retrieving email on an MDA:

1.  POP3 (Post Office Protocol), the older of the two, which is used for retrieving email and, in certain cases, leaving a copy of it on the server.

2.  IMAP (Internet Message Access Protocol), which is used for coordinating the status of emails (read, deleted, moved) across multiple email clients.
     With IMAP, a copy of every message is saved on the server, so that this synchronisation task can be completed.

Difference between Imap amd Pop :

The main difference, as far as we are concerned here, is the way in which IMAP or POP controls your e-mail inbox.
When you use IMAP you are accessing your inbox on the central mail server. IMAP does not actually move messages onto your computer.
You can think of an e-mail program using IMAP as a window to your messages on the server.
Although the messages appear on your computer while you work with them, they remain on the central mail server.

POP does the opposite. Instead of just showing you what is in your inbox on the U's mail server, it checks the server for new messages.
Downloads all the new messages in your inbox onto your computer, and then deletes them from the server.
This means that every time you use POP to view your new messages, they are no longer on the central mail server.

Figure 1 illustrates these concepts :




Because IMAP leaves all of your messages on the central mail server, you can view these messages from any location with Internet access.
 This means the your  e-mail inbox you view from home will be the same one you see at work.

Since POP downloads new messages to your computer and removes them from the server, you will not be able to see those new messages on another computer when you check your inbox.
 Those messages exist only on the computer that downloaded them using POP.

However, if you use IMAP and create e-mail folders on the server, these folders are accessible from anywhere you read your e-mail using IMAP.
 If you use POP and create e-mail folders, they are stored locally, and you cannot access these folders from anywhere except the computer on which you created them.

For these reasons,incoming mail servers are called POP servers or IMAP servers, depending on which protocol is used




To use a real-world analogy, MTAs act as the post office (the sorting area and mail carrier, which handle message transportation).

 while MDAs act as mailboxes, which store messages (as much as their volume will allow) until the recipients check the box.

 This means that it is not necessary for recipients to be connected in order for them to be sent email.
To keep everyone from checking other users' emails, MDA is protected by a user name called a login and by a password.

Retrieving mail is done using a software program called an MUA (Mail User Agent).
When the MUA is a program installed on the user's system, it is called an email client (such as Mozilla Thunderbird, Microsoft Outlook, Eudora Mail, Incredimail or Lotus Notes).

When it is a web interface used for interacting with the incoming mail server, it is called webmail.




Wednesday, 10 October 2012

Unauthorised access to database


While taking the output of the command mysqladmin proc stat, If you are getting logs like


056 | unauthenticated user | Ip address |    | Connect |      | Reading from net |


To avoid such problem add following lines in /etc/my.cnf file to avoid access for

unauthenticated user.

    root@server [~]# vi /etc/my.cnf

    skip-networking
    skip-name-resolve
    skip-host-cache
    skip-locking

Now restart the mysql service and check mysql process logs again.

By doing this we are disabling networking in /etc/my.cnf

The only limitation would be the users are not able to connect to MYSQL using an external

connection MYSQL manager,But they can still use PHPMyAdmin via cpanel.

You can also block the Ip address using Csf :

Csf -d Ip address {unauthenticated mysql user}
Csf -r

Tuesday, 9 October 2012

Exim commands


Shows the total no of email in qmail
  exim –bpc

Print a listing of the messages in the queue
  exim -bp

Shows no of frozen emails
  exim -bpr | grep frozen | wc -l

To remove FROZEN mails from the server
  exim -bp | exiqgrep -i | xargs exim -Mrm
  exiqgrep -z -i | xargs exim –Mrm

To shows the domain name and the no of emails sent   by that domain
  exim -bp | exiqsumm | more

Following command will show path to the script being utilized to send mail

  ps -C exim -fH eww
  ps -C exim -fH eww | grep home

  cd /var/spool/exim/input/
  egrep "X-PHP-Script" * -R

Check for spamming if anybody is using php script for sending mail through home

    tail -f /var/log/exim_mainlog | grep home

If anyone is spamming from /tmp

    tail -f /var/log/exim_mainlog | grep /tmp


To display the IP and no of tries done by the IP to send mail but rejected by the server.

    tail -3000 /var/log/exim_mainlog |grep ‘rejected RCPT’ |awk ‘{print$4}’|awk -F\[  '{print $2} '|awk -F\] ‘{print $1} ‘|sort | uniq -c | sort -k 1 -nr | head -n 5


Shows the  connections from a certain ip to the   SMTP server

   netstat -plan|grep :25|awk {‘print $5′}|cut -d: -f 1|sort|uniq -c|sort -nk 1


If  spamming from outside domain then you can block that domain or email id on the server

     pico /etc/antivirus.exim

Add the following lines:

    if $header_from: contains “name@domain.com”
    then
    seen finish
    endif

Following command will show you the maximum no of email currently in the mail queue have from or to the email address in the mail queue with exact figure.

    exim -bpr | grep “<*@*>” | awk ‘{print $4}’|grep -v “<>” | sort | uniq -c | sort -n


That will show you the maximum no of email currently in the mail queue have for the domain or from the domain with number.

    exim -bpr | grep “<*@*>” | awk ‘{print $4}’|grep -v “<>” |awk -F “@” ‘{ print $2}’ | sort | uniq -c | sort -n


Check if any php script is causing the mass mailing with

    cd /var/spool/exim/input
    egrep “X-PHP-Script” * -R

Just cat the ID that you get and you will be able to check which script is here causing problem for you.

To Remove particular email account email

    exim -bpr |grep “ragnarockradio.org”|awk {‘print $3′}|xargs exim -Mrm

Reading Email header

    exim -Mvh (ID)

To view a particular message body

     exim - Mvb(ID)

To view mails under a particular user

     exim -bp | grep alpha.com(domain)

To view the no of mails under a particular user

     exim -bp | grep alpha.com(domain) | wc -l

To  remove messages under the domain

      exiqgrep -f  (domain)  -i | xargs exim -Mrm

To clear the Mail queue
         
exim -bp | awk '/^ *[0-9]+[mhd]/{print "exim -Mrm " $3}' | bash