To update apache and compile everything, run the following:
cd /usr/local/directadmin/customapache
./build clean
rm -f configure.*
./build update
./build all
Once the update has completed, you'll need to restart apache:
/sbin/service httpd restart
Saturday, July 18, 2009
Saturday, April 25, 2009
site transfer
cPanel Account transfer
You should able to transfer accounts from your old server to this via WHM as follows. To work this properly you should able to SSH from this sever to the old server without any issue.
WHM login >> Main >> Transfers >> Copy multiple accounts/packages from another server
Here you need to provide the old server IP, SSH port, and root password.
If the above method fails you can transfer accounts manually as follows.
1. Take backup of the accounts using the following script: ( in source server)
# /scripts/pkgacct
This will create a backup file under /home with name cpmove-.tar.gz
2. Copy(use scp) this file into the target server: (say xx.xx.xx.xx)
#scp your-tar-filename root@newserverip:/home
It will ask the password of destination server
eg.
# scp cpmove-.tar.gz root@xx.xx.xx.xx:/home
3. Restore accounts using the following script:
# /scripts/restorepkg
--------------------------------------------------------------------
Scp command with port
Sometimes server needs a port for scp
#scp -p(portno) old-serverip:/home/tar-filename current-file
eg.
home#scp -P22 00.00.00.00:/home/cpmove-user.tar.gz ./
-------------------------------------------------------------------------
You should able to transfer accounts from your old server to this via WHM as follows. To work this properly you should able to SSH from this sever to the old server without any issue.
WHM login >> Main >> Transfers >> Copy multiple accounts/packages from another server
Here you need to provide the old server IP, SSH port, and root password.
If the above method fails you can transfer accounts manually as follows.
1. Take backup of the accounts using the following script: ( in source server)
# /scripts/pkgacct
This will create a backup file under /home with name cpmove-
2. Copy(use scp) this file into the target server: (say xx.xx.xx.xx)
#scp your-tar-filename root@newserverip:/home
It will ask the password of destination server
eg.
# scp cpmove-
3. Restore accounts using the following script:
# /scripts/restorepkg
--------------------------------------------------------------------
Scp command with port
Sometimes server needs a port for scp
eg.
home#scp -P22 00.00.00.00:/home/cpmove-user.tar.gz ./
-------------------------------------------------------------------------
Wednesday, April 15, 2009
500 Internal server error for easy apache
I logged into the WHM and tried to run the EasyApache (Apache Update) under the Software section.
But when i tried to run it, i got this wierd error :
Premature end of script headers: /usr/local/cpanel/whostmgr/docroot/cgi/easyapache.pl: Please check / usr / local / cpanel / logs / error_log for the exact error.
look in the log file but it just repeats the above error and doesnt supply any additional info.
Do the following from shell to fix above error
/scripts/upcp --force
But when i tried to run it, i got this wierd error :
Premature end of script headers: /usr/local/cpanel/whostmgr/docroot/cgi/easyapache.pl: Please check / usr / local / cpanel / logs / error_log for the exact error.
look in the log file but it just repeats the above error and doesnt supply any additional info.
Do the following from shell to fix above error
/scripts/upcp --force
Tuesday, April 14, 2009
Directadmin: Log File paths
The first place you should go when trying to debug a problem is the log file for that program. The list of Log Files are as follows:
DirectAdmin:
/var/log/directadmin/error.log
/var/log/directadmin/errortaskq.log
/var/log/directadmin/system.log
/var/log/directadmin/security.log
Apache:
/var/log/httpd/error_log
/var/log/httpd/access_log
/var/log/httpd/suexec_log
/var/log/httpd/fpexec_log
/var/log/httpd/domains/domain.com.error.log
/var/log/httpd/domains/domain.com.log
/var/log/messages (generic errors)
Proftpd:
/var/log/proftpd/access.log
/var/log/proftpd/auth.log
/var/log/messages (generic errors)
vm-pop3d:
/var/log/maillog
/var/log/messages
named (bind):
/var/log/messages
exim:
/var/log/exim/mainlog
/var/log/exim/paniclog
/var/log/exim/processlog
/var/log/exim/rejectlog
(on FreeBSD, they have "exim_" in front of the filenames)
mysqld:
RedHat:
/var/lib/mysql/server.hostname.com.err
FreeBSD:
/usr/local/mysql/data/server.hostname.com.err
crond:
/var/log/cron
To view a log file, run:
less /var/log/filename
Where /var/log/filename is the path of the log you wish to view. If the log is too large you can use the "tail" command:
tail -n 30 /var/log/filename
Where 30 is the number of lines from the end you wish to view.
DirectAdmin:
/var/log/directadmin/error.log
/var/log/directadmin/errortaskq.log
/var/log/directadmin/system.log
/var/log/directadmin/security.log
Apache:
/var/log/httpd/error_log
/var/log/httpd/access_log
/var/log/httpd/suexec_log
/var/log/httpd/fpexec_log
/var/log/httpd/domains/domain.com.error.log
/var/log/httpd/domains/domain.com.log
/var/log/messages (generic errors)
Proftpd:
/var/log/proftpd/access.log
/var/log/proftpd/auth.log
/var/log/messages (generic errors)
vm-pop3d:
/var/log/maillog
/var/log/messages
named (bind):
/var/log/messages
exim:
/var/log/exim/mainlog
/var/log/exim/paniclog
/var/log/exim/processlog
/var/log/exim/rejectlog
(on FreeBSD, they have "exim_" in front of the filenames)
mysqld:
RedHat:
/var/lib/mysql/server.hostname.com.err
FreeBSD:
/usr/local/mysql/data/server.hostname.com.err
crond:
/var/log/cron
To view a log file, run:
less /var/log/filename
Where /var/log/filename is the path of the log you wish to view. If the log is too large you can use the "tail" command:
tail -n 30 /var/log/filename
Where 30 is the number of lines from the end you wish to view.
Monday, April 13, 2009
Verify that port is open
Run following command:
(1)netstat -tulpn | less or
(2)netstat -lntp | grep :21 (put any port)
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 23054/vsftpd
(3)netstat -lnp | grep '0.0.0.0:80'
(4)netstat -lnp | grep 'exim'
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 22105/exim
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 22097/exim
tcp 0 0 0.0.0.0:26 0.0.0.0:* LISTEN 22091/exim
(1)netstat -tulpn | less or
(2)netstat -lntp | grep :21 (put any port)
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 23054/vsftpd
(3)netstat -lnp | grep '0.0.0.0:80'
(4)netstat -lnp | grep 'exim'
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 22105/exim
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 22097/exim
tcp 0 0 0.0.0.0:26 0.0.0.0:* LISTEN 22091/exim
Linux Basic Commands
(1) ls Command:
ls : list files/directories in a directory, comparable to dir in windows/dos.
ls -al : shows all files (including ones that start with a period), directories, and details attributes for each file.
(2) cd command
cd : change directory · · cd /usr/local/apache : go to /usr/local/apache/ directory
cd ~ : go to your home directory
cd - : go to the last directory you were in
cd .. : go up a directory cat : print file contents to the screen
(3) cat command
cat filename.txt : cat the contents of filename.txt to your screen
(4) chmod command
chmod: changes file access permissions
The set of 3 go in this order from left to right:
USER - GROUP - EVERONE
0 = --- No permission
1 = --X Execute only
2 = -W- Write only
3 = -WX Write and execute
4 = R-- Read only
5 = R-X Read and execute
6 = RW- Read and write
7 = RWX Read, write and execute
Usage:
chmod numberpermissions filename
chmod 000 : No one can access
chmod 644: Usually for HTML pages
chmod 755: Usually for CGI scripts
(5)chown command
chown: changes file ownership permissions
The set of 2 go in this order from left to right:
USER - GROUP
chown root myfile.txt : Changes the owner of the file to root
chown root.root myfile.txt : Changes the owner and group of the file to root
(6)tail : like cat, but only reads the end of the file
tail /var/log/messages : see the last 20 (by default) lines of /var/log/messages
tail -f /var/log/messages : watch the file continuously, while it's being updated
tail -200 /var/log/messages : print the last 200 lines of the file to the screen
(7)more command
more : like cat, but opens the file one screen at a time rather than all at once
more /etc/userdomains : browse through the userdomains file. hit Spaceto go to the next page, q to quit
(8)pico command
pico : friendly, easy to use file editor
pico /home/burst/public_html/index.html : edit the index page for the user's website.
(9) vi command
File Editing with VI ssh commands
vi : another editor, tons of features, harder to use at first than pico
vi /home/burst/public_html/index.html : edit the index page for the user's website.
Whie in the vi program you can use the following useful commands, you will need to hit SHIFT + : to go into command mode
:q! : This force quits the file without saving and exits vi
:w : This writes the file to disk, saves it
:wq : This saves the file to disk and exists vi
:LINENUMBER : EG :25 : Takes you to line 25 within the file
:$ : Takes you to the last line of the file
:0 : Takes you to the first line of the file
(10)grep command
grep : looks for patterns in files
grep root /etc/passwd : shows all matches of root in /etc/passwd
grep -v root /etc/passwd : shows all lines that do not match root
(11)ln command
ln : create's "links" between files and directories
ln -s /usr/local/apache/conf/httpd.conf /etc/httpd.conf : Now you can edit /etc/httpd.conf rather than the original. changes will affect the orginal, however you can delete the link and it will not delete the original.
(12)last command
last : shows who logged in and when
last -20 : shows only the last 20 logins
last -20 -a : shows last 20 logins, with the hostname in the last field
(13)
w : shows who is currently logged in and where they are logged in from.
(14)
who : This also shows who is on the server in an shell.
(15)
netstat : shows all current network connections.
netstat -an : shows all connections to the server, the source and destination ips and ports.
netstat -rn : shows routing table for all ips bound to the server.
(16)top
top : shows live system processes in a nice table, memory information, uptime and other useful info. This is excellent for managing your system processes, resources and ensure everything is working fine and your server isn't bogged down.
top then type Shift + M to sort by memory usage or Shift + P to sort by CPU usage
(17)ps
ps: ps is short for process status, which is similar to the top command. It's used to show currently running processes and their PID.
A process ID is a unique number that identifies a process, with that you can kill or terminate a running program on your server (see kill command).
ps U username : shows processes for a certain user
ps aux : shows all system processes
ps aux --forest : shows all system processes like the above but organizes in a hierarchy that's very useful!
(18)
touch : create an empty file
touch /home/burst/public_html/404.html : create an empty file called 404.html in the directory /home/burst/public_html/
(19)
file : attempts to guess what type of file a file is by looking at it's content.
file * : prints out a list of all files/directories in a directory
(20)
du : shows disk usage.
du -sh : shows a summary, in human-readble form, of total disk space used in the current directory, including subdirectories.
du -sh * : same thing, but for each file and directory. helpful when finding large files taking up space.
(21)
wc : word count
wc -l filename.txt : tells how many lines are in filename.txt
(22)cp
cp : copy a file
cp filename filename.backup : copies filename to filename.backup
cp -a /home/burst/new_design/* /home/burst/public_html/ : copies all files, retaining permissions form one directory to another.
cp -av * ../newdir : Copies all files and directories recurrsively in the current directory INTO newdir
(23)mv
mv : Move a file command
mv oldfilename newfilename : Move a file or directory from oldfilename to newfilename
rm : delete a file
rm filename.txt : deletes filename.txt, will more than likely ask if you really want to delete it
rm -f filename.txt : deletes filename.txt, will not ask for confirmation before deleting.
rm -rf tmp/ : recursively deletes the directory tmp, and all files in it, including subdirectories. BE VERY CAREFULL WITH THIS COMMAND!!!
TAR: Creating and Extracting .tar.gz and .tar files
tar -zxvf file.tar.gz : Extracts the file
tar -xvf file.tar : Extracts the file
tar -cf archive.tar contents/ : Takes everything from contents/ and puts it into archive.tar
gzip -d filename.gz : Decompress the file, extract it
ZIP Files: Extracting .zip files shell command
unzip file.zip
Firewall - iptables commands
iptables -I INPUT -s IPADDRESSHERE -j DROP : This command stops any connections from the IP address
iptables -L : List all rules in iptables
iptables -F : Flushes all iptables rules (clears the firewall)
iptables --save : Saves the currenty ruleset in memory to disk
service iptables restart : Restarts iptables
Apache Shell Commands
httpd -v : Outputs the build date and version of the Apache server.
httpd -l : Lists compiled in Apache modules
httpd status : Only works if mod_status is enabled and shows a page of active connections
service httpd restart : Restarted Apache web server
MySQL Shell Commands
mysqladmin processlist : Shows active mysql connections and queries
mysqladmin drop databasenamehere : Drops/deletes the selected database
mysqladmin create databasenamehere : Creates a mysql database
Restore MySQL Database Shell Command
mysql -u username -p password databasename < databasefile.sql : Restores a MySQL database from databasefile.sql
Backup MySQL Database Shell Command
mysqldump -u username -p password databasename > databasefile.sql : Backup MySQL database to databasefile.sql
kill: terminate a system process
kill -9 PID EG: kill -9 431
kill PID EG: kill 10550
Use top or ps ux to get system PIDs (Process IDs)
EG:
PID TTY TIME COMMAND
10550 pts/3 0:01 /bin/csh
10574 pts/4 0:02 /bin/csh
10590 pts/4 0:09 APP
Each line represents one process, with a process being loosely defined as a running instance of a program. The column headed PID (process ID) shows the assigned process numbers of the processes. The heading COMMAND shows the location of the executed process.
Putting commands together
Often you will find you need to use different commands on the same line. Here are some examples. Note that the | character is called a pipe, it takes date from one program and pipes it to another.
> means create a new file, overwriting any content already there.
>> means tp append data to a file, creating a newone if it doesn not already exist.
< send input from a file back into a command.
grep User /usr/local/apache/conf/httpd.conf |more
This will dump all lines that match User from the httpd.conf, then print the results to your screen one page at a time.
last -a > /root/lastlogins.tmp
This will print all the current login history to a file called lastlogins.tmp in /root/
tail -10000 /var/log/exim_mainlog |grep domain.com |more
This will grab the last 10,000 lines from /var/log/exim_mainlog, find all occurances of domain.com (the period represents 'anything',
-- comment it out with a so it will be interpretted literally), then send it to your screen page by page.
netstat -an |grep :80 |wc -l
Show how many active connections there are to apache (httpd runs on port 80)
mysqladmin processlist |wc -l
Show how many current open connections there are to mysql
ls : list files/directories in a directory, comparable to dir in windows/dos.
ls -al : shows all files (including ones that start with a period), directories, and details attributes for each file.
(2) cd command
cd : change directory · · cd /usr/local/apache : go to /usr/local/apache/ directory
cd ~ : go to your home directory
cd - : go to the last directory you were in
cd .. : go up a directory cat : print file contents to the screen
(3) cat command
cat filename.txt : cat the contents of filename.txt to your screen
(4) chmod command
chmod: changes file access permissions
The set of 3 go in this order from left to right:
USER - GROUP - EVERONE
0 = --- No permission
1 = --X Execute only
2 = -W- Write only
3 = -WX Write and execute
4 = R-- Read only
5 = R-X Read and execute
6 = RW- Read and write
7 = RWX Read, write and execute
Usage:
chmod numberpermissions filename
chmod 000 : No one can access
chmod 644: Usually for HTML pages
chmod 755: Usually for CGI scripts
(5)chown command
chown: changes file ownership permissions
The set of 2 go in this order from left to right:
USER - GROUP
chown root myfile.txt : Changes the owner of the file to root
chown root.root myfile.txt : Changes the owner and group of the file to root
(6)tail : like cat, but only reads the end of the file
tail /var/log/messages : see the last 20 (by default) lines of /var/log/messages
tail -f /var/log/messages : watch the file continuously, while it's being updated
tail -200 /var/log/messages : print the last 200 lines of the file to the screen
(7)more command
more : like cat, but opens the file one screen at a time rather than all at once
more /etc/userdomains : browse through the userdomains file. hit Spaceto go to the next page, q to quit
(8)pico command
pico : friendly, easy to use file editor
pico /home/burst/public_html/index.html : edit the index page for the user's website.
(9) vi command
File Editing with VI ssh commands
vi : another editor, tons of features, harder to use at first than pico
vi /home/burst/public_html/index.html : edit the index page for the user's website.
Whie in the vi program you can use the following useful commands, you will need to hit SHIFT + : to go into command mode
:q! : This force quits the file without saving and exits vi
:w : This writes the file to disk, saves it
:wq : This saves the file to disk and exists vi
:LINENUMBER : EG :25 : Takes you to line 25 within the file
:$ : Takes you to the last line of the file
:0 : Takes you to the first line of the file
(10)grep command
grep : looks for patterns in files
grep root /etc/passwd : shows all matches of root in /etc/passwd
grep -v root /etc/passwd : shows all lines that do not match root
(11)ln command
ln : create's "links" between files and directories
ln -s /usr/local/apache/conf/httpd.conf /etc/httpd.conf : Now you can edit /etc/httpd.conf rather than the original. changes will affect the orginal, however you can delete the link and it will not delete the original.
(12)last command
last : shows who logged in and when
last -20 : shows only the last 20 logins
last -20 -a : shows last 20 logins, with the hostname in the last field
(13)
w : shows who is currently logged in and where they are logged in from.
(14)
who : This also shows who is on the server in an shell.
(15)
netstat : shows all current network connections.
netstat -an : shows all connections to the server, the source and destination ips and ports.
netstat -rn : shows routing table for all ips bound to the server.
(16)top
top : shows live system processes in a nice table, memory information, uptime and other useful info. This is excellent for managing your system processes, resources and ensure everything is working fine and your server isn't bogged down.
top then type Shift + M to sort by memory usage or Shift + P to sort by CPU usage
(17)ps
ps: ps is short for process status, which is similar to the top command. It's used to show currently running processes and their PID.
A process ID is a unique number that identifies a process, with that you can kill or terminate a running program on your server (see kill command).
ps U username : shows processes for a certain user
ps aux : shows all system processes
ps aux --forest : shows all system processes like the above but organizes in a hierarchy that's very useful!
(18)
touch : create an empty file
touch /home/burst/public_html/404.html : create an empty file called 404.html in the directory /home/burst/public_html/
(19)
file : attempts to guess what type of file a file is by looking at it's content.
file * : prints out a list of all files/directories in a directory
(20)
du : shows disk usage.
du -sh : shows a summary, in human-readble form, of total disk space used in the current directory, including subdirectories.
du -sh * : same thing, but for each file and directory. helpful when finding large files taking up space.
(21)
wc : word count
wc -l filename.txt : tells how many lines are in filename.txt
(22)cp
cp : copy a file
cp filename filename.backup : copies filename to filename.backup
cp -a /home/burst/new_design/* /home/burst/public_html/ : copies all files, retaining permissions form one directory to another.
cp -av * ../newdir : Copies all files and directories recurrsively in the current directory INTO newdir
(23)mv
mv : Move a file command
mv oldfilename newfilename : Move a file or directory from oldfilename to newfilename
rm : delete a file
rm filename.txt : deletes filename.txt, will more than likely ask if you really want to delete it
rm -f filename.txt : deletes filename.txt, will not ask for confirmation before deleting.
rm -rf tmp/ : recursively deletes the directory tmp, and all files in it, including subdirectories. BE VERY CAREFULL WITH THIS COMMAND!!!
TAR: Creating and Extracting .tar.gz and .tar files
tar -zxvf file.tar.gz : Extracts the file
tar -xvf file.tar : Extracts the file
tar -cf archive.tar contents/ : Takes everything from contents/ and puts it into archive.tar
gzip -d filename.gz : Decompress the file, extract it
ZIP Files: Extracting .zip files shell command
unzip file.zip
Firewall - iptables commands
iptables -I INPUT -s IPADDRESSHERE -j DROP : This command stops any connections from the IP address
iptables -L : List all rules in iptables
iptables -F : Flushes all iptables rules (clears the firewall)
iptables --save : Saves the currenty ruleset in memory to disk
service iptables restart : Restarts iptables
Apache Shell Commands
httpd -v : Outputs the build date and version of the Apache server.
httpd -l : Lists compiled in Apache modules
httpd status : Only works if mod_status is enabled and shows a page of active connections
service httpd restart : Restarted Apache web server
MySQL Shell Commands
mysqladmin processlist : Shows active mysql connections and queries
mysqladmin drop databasenamehere : Drops/deletes the selected database
mysqladmin create databasenamehere : Creates a mysql database
Restore MySQL Database Shell Command
mysql -u username -p password databasename < databasefile.sql : Restores a MySQL database from databasefile.sql
Backup MySQL Database Shell Command
mysqldump -u username -p password databasename > databasefile.sql : Backup MySQL database to databasefile.sql
kill: terminate a system process
kill -9 PID EG: kill -9 431
kill PID EG: kill 10550
Use top or ps ux to get system PIDs (Process IDs)
EG:
PID TTY TIME COMMAND
10550 pts/3 0:01 /bin/csh
10574 pts/4 0:02 /bin/csh
10590 pts/4 0:09 APP
Each line represents one process, with a process being loosely defined as a running instance of a program. The column headed PID (process ID) shows the assigned process numbers of the processes. The heading COMMAND shows the location of the executed process.
Putting commands together
Often you will find you need to use different commands on the same line. Here are some examples. Note that the | character is called a pipe, it takes date from one program and pipes it to another.
> means create a new file, overwriting any content already there.
>> means tp append data to a file, creating a newone if it doesn not already exist.
< send input from a file back into a command.
grep User /usr/local/apache/conf/httpd.conf |more
This will dump all lines that match User from the httpd.conf, then print the results to your screen one page at a time.
last -a > /root/lastlogins.tmp
This will print all the current login history to a file called lastlogins.tmp in /root/
tail -10000 /var/log/exim_mainlog |grep domain.com |more
This will grab the last 10,000 lines from /var/log/exim_mainlog, find all occurances of domain.com (the period represents 'anything',
-- comment it out with a so it will be interpretted literally), then send it to your screen page by page.
netstat -an |grep :80 |wc -l
Show how many active connections there are to apache (httpd runs on port 80)
mysqladmin processlist |wc -l
Show how many current open connections there are to mysql
How to install GD/Curl in cPanel server
In cPanel servers, the safest way to install PHP modules is to use the cPanel script for Apache-PHP compilation. You can do this as follows.
WHM login >> Main >> Software >> Apache Update
Or from the console execute /scripts/easyapache
Go through each step as follows.
1. Click “start customizing based on profile”
2. Select Apache Version - Click Next to proceed with the current version.
3. Select PHP Major Version - Click Next to proceed with the current version.
4. Select PHP Minor version - Click Next to proceed with the current version.
5. Short option list - Click Exhaustive Options List to view full options.
6 Exhaustive Options List - From here you can select the PHP modules you needed
In this case you need to select ‘GD’ and/or ‘CURL’
7. Click Save & Build to start apache-php compilation.
Once the compilation over you can verify the installed modules using the following command.
[root@servername ~]# php -m
WHM login >> Main >> Software >> Apache Update
Or from the console execute /scripts/easyapache
Go through each step as follows.
1. Click “start customizing based on profile”
2. Select Apache Version - Click Next to proceed with the current version.
3. Select PHP Major Version - Click Next to proceed with the current version.
4. Select PHP Minor version - Click Next to proceed with the current version.
5. Short option list - Click Exhaustive Options List to view full options.
6 Exhaustive Options List - From here you can select the PHP modules you needed
In this case you need to select ‘GD’ and/or ‘CURL’
7. Click Save & Build to start apache-php compilation.
Once the compilation over you can verify the installed modules using the following command.
[root@servername ~]# php -m
How to Disable/Enable open_basedir protection in cPanel servers
You can easily Disable/Enable open_basedir protection in cPanel servers as follows.
Login to the WHM panel >> Main >> Security >> Security Center >> open_basedir protection
Here you can Disable/Enable the protection for particular domain or server wide.
Login to the WHM panel >> Main >> Security >> Security Center >> open_basedir protection
Here you can Disable/Enable the protection for particular domain or server wide.
#2002 - The server is not responding (or local MySQL server’s socket is not correctly configured).
#2002 - The server is not responding (or local MySQL server’s socket is not correctly configured).
Issue : -
While accessing PhpMyAdmin getting the following error.
ERROR
#2002 - The server is not responding (or local MySQL server’s socket is not correctly configured).
Reason :-
The mysql socket file is missing from the /tmp directory
Fix :-
1. Create a symbolic link from the original mysql socket file to /tmp
[root@test ~]# ln -s /var/lib/mysql/mysql.sock /tmp
OR
2. Restart MySQL service from WHM
WHM Login >> Main >> Restart Services >>SQL Server (MySQL)
OR
3. Edit the PhpMyAdmin configuration file to use the original MySQL socket file.
vi /usr/local/cpanel/base/3rdparty/phpMyAdmin/config.inc.php
Make sure, the correct mysql socket file is mentioned there.
----------------------
$cfg['Servers'][$i]['socket'] = ‘/var/lib/mysql/mysql.sock’;
$cfg['Servers'][$i]['connect_type'] = ’socket’;
--------------------
Issue : -
While accessing PhpMyAdmin getting the following error.
ERROR
#2002 - The server is not responding (or local MySQL server’s socket is not correctly configured).
Reason :-
The mysql socket file is missing from the /tmp directory
Fix :-
1. Create a symbolic link from the original mysql socket file to /tmp
[root@test ~]# ln -s /var/lib/mysql/mysql.sock /tmp
OR
2. Restart MySQL service from WHM
WHM Login >> Main >> Restart Services >>SQL Server (MySQL)
OR
3. Edit the PhpMyAdmin configuration file to use the original MySQL socket file.
vi /usr/local/cpanel/base/3rdparty/phpMyAdmin/config.inc.php
Make sure, the correct mysql socket file is mentioned there.
----------------------
$cfg['Servers'][$i]['socket'] = ‘/var/lib/mysql/mysql.sock’;
$cfg['Servers'][$i]['connect_type'] = ’socket’;
--------------------
Sunday, April 12, 2009
SET HOSTNAME
hostname - Changing server host name
Before starting ensure that your desired hostname is resolving
to the server . Steps in changing the hostname on a plain Red Hat Enterprise Linux server are:
1. Modifying /etc/sysconfig/network (replace XXX.XXX.XXX.XXX
with your gateway IP )
NETWORKING=yes
HOSTNAME="plain.ev1servers.net"
GATEWAY="XXX.XXX.XXX.XXX"
GATEWAYDEV="eth0"
FORWARD_IPV4="yes"
2. Modify /etc/hosts (
replace YYY.YYY.YYY.YYY with server ip)
replace server1.company.com with your server name.
replace server1 with your first part of your desired hostname.
127.0.0.1 localhost.localdomain localhost
YYY.YYY.YYY.YYY server1.company.com server1
3. restart kernel logging services
/etc/rc.d/init.d/syslog restart
4. To verify, type the following at prompt
hostname
==========================
Before starting ensure that your desired hostname is resolving
to the server . Steps in changing the hostname on a plain Red Hat Enterprise Linux server are:
1. Modifying /etc/sysconfig/network (replace XXX.XXX.XXX.XXX
with your gateway IP )
NETWORKING=yes
HOSTNAME="plain.ev1servers.net"
GATEWAY="XXX.XXX.XXX.XXX"
GATEWAYDEV="eth0"
FORWARD_IPV4="yes"
2. Modify /etc/hosts (
replace YYY.YYY.YYY.YYY with server ip)
replace server1.company.com with your server name.
replace server1 with your first part of your desired hostname.
127.0.0.1 localhost.localdomain localhost
YYY.YYY.YYY.YYY server1.company.com server1
3. restart kernel logging services
/etc/rc.d/init.d/syslog restart
4. To verify, type the following at prompt
hostname
==========================
HTTPD ERRORS AND TROUBLESHOOTING
(1) Address already in use: make_sock: could not bind to address - Apache - HTTPD Error
While restarting httpd service, getting below error
root@srv [/tmp]# service httpd start
[warn] NameVirtualHost
xx.xx.xx.xx:80 has no VirtualHosts
(98)Address already in use: make_sock: could not bind to address
0.0.0.0:443
no listening sockets available, shutting down
Unable to open logs
If you are not able to start httpd and unable to open log
root@srv [/tmp]# tail -f /usr/local/apache/logs/error_log
[Sun Apr 12 03:26:05 2009] [error] could not make child process
11204 exit, attempting to continue anyway
[Sun Apr 12 03:26:05 2009] [error] could not make child process
11208 exit, attempting to continue anyway
[Sun Apr 12 03:26:05 2009] [error] could not make child process
11210 exit, attempting to continue anyway
[Sun Apr 12 03:26:05 2009] [error] could not make child process
11230 exit, attempting to continue anyway
[Sun Apr 12 03:26:05 2009] [error] could not make child process
11231 exit, attempting to continue anyway
[Sun Apr 12 03:26:05 2009] [error] could not make child process
11233 exit, attempting to continue anyway
The fix is as follows. Run the following command
check if anyother service is running on port 80 instead of httpd and if it is running then stop that service or kill that process forcefully and try to start httpd.
netstat -lnp | grep '0.0.0.0:80'
# output
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 30982/crond
In my case the output showed that crond was using the port. I
ran the following to learn more
ps 30982
PID TTY STAT TIME COMMAND
30982 ? S 0:34 crond
I tried the following a couple of times
service crond stop OR kill -9 processid
and then
service httpd restart
Stopping httpd: [FAILED]
Starting httpd: [ OK ]
and later
service crond start
Starting crond: [ OK ]
===================================
While restarting httpd service, getting below error
root@srv [/tmp]# service httpd start
[warn] NameVirtualHost
xx.xx.xx.xx:80 has no VirtualHosts
(98)Address already in use: make_sock: could not bind to address
0.0.0.0:443
no listening sockets available, shutting down
Unable to open logs
If you are not able to start httpd and unable to open log
root@srv [/tmp]# tail -f /usr/local/apache/logs/error_log
[Sun Apr 12 03:26:05 2009] [error] could not make child process
11204 exit, attempting to continue anyway
[Sun Apr 12 03:26:05 2009] [error] could not make child process
11208 exit, attempting to continue anyway
[Sun Apr 12 03:26:05 2009] [error] could not make child process
11210 exit, attempting to continue anyway
[Sun Apr 12 03:26:05 2009] [error] could not make child process
11230 exit, attempting to continue anyway
[Sun Apr 12 03:26:05 2009] [error] could not make child process
11231 exit, attempting to continue anyway
[Sun Apr 12 03:26:05 2009] [error] could not make child process
11233 exit, attempting to continue anyway
The fix is as follows. Run the following command
check if anyother service is running on port 80 instead of httpd and if it is running then stop that service or kill that process forcefully and try to start httpd.
netstat -lnp | grep '0.0.0.0:80'
# output
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 30982/crond
In my case the output showed that crond was using the port. I
ran the following to learn more
ps 30982
PID TTY STAT TIME COMMAND
30982 ? S 0:34 crond
I tried the following a couple of times
service crond stop OR kill -9 processid
and then
service httpd restart
Stopping httpd: [FAILED]
Starting httpd: [ OK ]
and later
service crond start
Starting crond: [ OK ]
===================================
Wednesday, April 1, 2009
forbidden for newly created account
Getting below error for newly created account through WHM
If the accounts are created, but when it comes to the confirmation message appears this error :
*********************************ERROR**********************
"Setting up Frontpage ® ...
/ home / username / public_html does not exist or is not a
directory! "
************************************************************
If the account is created, but you can not access the cPanel,
or enter the FTP.
and when we want to see the domain is this.
"Forbidden
You do not have permission to access / on this server.
Additionally, a 403 Forbidden error was encountered while
trying to use an ErrorDocument to handle the request. "
this VPS is powered by OpenVZ and HyperVM.
-----------------
check cpanel logs
If you check the cpanel error log you'll see a lot of Disk Quota Exceeded. We
see this a lot on VPS's because there is not enough inodes allocated or there
is a file system issue. You will need to allocate more inodes to this VPS to increase quotaguidlimit.
If the accounts are created, but when it comes to the confirmation message appears this error :
*********************************ERROR**********************
"Setting up Frontpage ® ...
/ home / username / public_html does not exist or is not a
directory! "
************************************************************
If the account is created, but you can not access the cPanel,
or enter the FTP.
and when we want to see the domain is this.
"Forbidden
You do not have permission to access / on this server.
Additionally, a 403 Forbidden error was encountered while
trying to use an ErrorDocument to handle the request. "
this VPS is powered by OpenVZ and HyperVM.
-----------------
check cpanel logs
If you check the cpanel error log you'll see a lot of Disk Quota Exceeded. We
see this a lot on VPS's because there is not enough inodes allocated or there
is a file system issue. You will need to allocate more inodes to this VPS to increase quotaguidlimit.
Monday, March 23, 2009
CPanel: adding a range of IPs using WHM
You can add a range of IPs in Cpanel/WHM .This can be easily done using the WHM interface:
Go to IP Functions/Add a New IP Address. Here you can choose the “Ip(s) to add” and the Subnet Mask.
To add the IP range 192.168.0.100-192.168.0.105 you will just have to enter:
Ip(s) to add: 192.168.0.100-105
Subnet Mask: 255.255.255.0
and click on “Do it“.
This will add all the IPs in the range to the system.
In the background CPanel will add for each IP a line in the file /etc/ips:
#vi /etc/ips
192.168.0.100:255.255.255.0:192.168.0.255
192.168.0.101:255.255.255.0:192.168.0.255
...etc
The IPs are then configured using the CPanel startup script called ipaliases (/etc/init.d/ipaliases).
#service ipalias restart
Go to IP Functions/Add a New IP Address. Here you can choose the “Ip(s) to add” and the Subnet Mask.
To add the IP range 192.168.0.100-192.168.0.105 you will just have to enter:
Ip(s) to add: 192.168.0.100-105
Subnet Mask: 255.255.255.0
and click on “Do it“.
This will add all the IPs in the range to the system.
In the background CPanel will add for each IP a line in the file /etc/ips:
#vi /etc/ips
192.168.0.100:255.255.255.0:192.168.0.255
192.168.0.101:255.255.255.0:192.168.0.255
...etc
The IPs are then configured using the CPanel startup script called ipaliases (/etc/init.d/ipaliases).
#service ipalias restart
Make clone site
=============================================================
HOW TO COPY WEBSITE FROM http://abc.com to abc1.com with database
==============================================================
Open two shells ( one with abc.com and other abc1.com )
then copy public_html of abc.com to abc1.com
go to public_html folder of abc.com and hit the command
[root@server public_html of abc.com]# cp -R * /home/abc1/public_html
Change the ownership of the files copied under public_html of abc1.com
Then take backup of mysql datatbase of abc.com
mysqldump abc_databasename > abc_databasename.sql ( of abc.com)
Create a new database and username under abc1.com ( add user to database, make a note of db name, user & password)
then go to shell and enter the following command:-
mysql -u abc1_user -ppassword abc1_databasename < abc_databasename.sql
Then go to the configuration file and do the changes accordingly.
YOUR SITE HAS BEEN COPIED WITH DATABASE TO NEW SITE.
==========================================================
HOW TO COPY WEBSITE FROM http://abc.com to abc1.com with database
==============================================================
Open two shells ( one with abc.com and other abc1.com )
then copy public_html of abc.com to abc1.com
go to public_html folder of abc.com and hit the command
[root@server public_html of abc.com]# cp -R * /home/abc1/public_html
Change the ownership of the files copied under public_html of abc1.com
Then take backup of mysql datatbase of abc.com
mysqldump abc_databasename > abc_databasename.sql ( of abc.com)
Create a new database and username under abc1.com ( add user to database, make a note of db name, user & password)
then go to shell and enter the following command:-
mysql -u abc1_user -ppassword abc1_databasename < abc_databasename.sql
Then go to the configuration file and do the changes accordingly.
YOUR SITE HAS BEEN COPIED WITH DATABASE TO NEW SITE.
==========================================================
APF
What is APF (Advanced Policy Firewall)? APF Firewall
APF is a policy based iptables firewall system designed for ease of use and configuration. It employs a subset of features to satisfy the veteran Linux user and the novice alike. Packaged in tar.gz format and RPM formats, make APF ideal for deployment in many server environments based on Linux. APF is developed and maintained by R-fx Networks: R-fx Networks - Internet Security Solutions - Projects » APF
This guide will show you how to install and configure APF firewall, one of the better known Linux firewalls available.10
Requirements:
- Root SSH access to your server
Lets begin!
Login to your server through SSH and su to the root user.
1. cd /root/downloads or another temporary folder where you store your files.
2. wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz
3. tar -xvzf apf-current.tar.gz
4. cd apf-0.9.5-1/ or whatever the latest version is.
5. Run the install file: ./install.sh
You will receive a message saying it has been installed
Installing APF 0.9.5-1: Completed.
Installation Details:
Install path: /etc/apf/
Config path: /etc/apf/conf.apf
Executable path: /usr/local/sbin/apf
AntiDos install path: /etc/apf/ad/
AntiDos config path: /etc/apf/ad/conf.antidos
DShield Client Parser: /etc/apf/extras/dshield/
Other Details:
Listening TCP ports: 1,21,22,25,53,80,110,111,143,443,465,993,995,2082, 2083,2086,2087,2095,2096,3306
Listening UDP ports: 53,55880
Note: These ports are not auto-configured; they are simply presented for information purposes. You must manually configure all port options.
6. Lets configure the firewall: pico /etc/apf/conf.apf
We will go over the general configuration to get your firewall running. This isn't a complete detailed guide of every feature the firewall has. Look through the README and the configuration for an explanation of each feature.We like to use DShield.org's "block" list of top networks that have exhibited
suspicious activity.
FIND: USE_DS="0"
CHANGE TO: USE_DS="1"
7. Configuring Firewall Ports:
Cpanel Servers
We like to use the following on our Cpanel Servers
Common ingress (inbound) ports
# Common ingress (inbound) TCP ports -3000_3500 = passive port range for Pure FTPD
IG_TCP_CPORTS="21,22,25,53,80,110,143,443,2082,208 3, 2086,2087, 2095, 2096,3000_3500"
#
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS="53"
Common egress (outbound) ports
# Egress filtering [0 = Disabled / 1 = Enabled]
EGF="1"
# Common egress (outbound) TCP ports
EG_TCP_CPORTS="21,25,80,443,43,2089"
#
# Common egress (outbound) UDP ports
EG_UDP_CPORTS="20,21,53"
Ensim Servers
We have found the following can be used on Ensim Servers - although we have not tried these ourselves as I don't run Ensim boxes.
Common ingress (inbound) ports
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS="21,22,25,53,80,110,143,443,19638"
#
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS="53"
Common egress (outbound) ports
# Egress filtering [0 = Disabled / 1 = Enabled]
EGF="1"
# Common egress (outbound) TCP ports
EG_TCP_CPORTS="21,25,80,443,43"
#
# Common egress (outbound) UDP ports
EG_UDP_CPORTS="20,21,53"
Save the changes: Ctrl+X then Y
8. Starting the firewall
/usr/local/sbin/apf -s
Other commands:
usage ./apf [OPTION]
-s|--start ......................... load firewall policies
-r|--restart ....................... flush & load firewall
-f|--flush|--stop .................. flush firewall
-l|--list .......................... list chain rules
-st|--status ....................... firewall status
-a HOST CMT|--allow HOST COMMENT ... add host (IP/FQDN) to allow_hosts.rules and
immediately load new rule into firewall
-d HOST CMT|--deny HOST COMMENT .... add host (IP/FQDN) to deny_hosts.rules and
immediately load new rule into firewall
9. After everything is fine, change the DEV option
Stop the firewall from automatically clearing itself every 5 minutes from cron.
We recommend changing this back to "0" after you've had a chance to ensure everything is working well and tested the server out.
pico /etc/apf/conf.apf
FIND: DEVM="1"
CHANGE TO: DEVM="0"
10. Configure AntiDOS for APF
Relatively new to APF is the new AntiDOS feature which can be found in: /etc/apf/ad
The log file will be located at /var/log/apfados_log so you might want to make note of it and watch it!
pico /etc/apf/ad/conf.antidos
There are various things you might want to fiddle with but I'll get the ones that will alert you by email.
# [E-Mail Alerts]
Under this heading we have the following:
# Organization name to display on outgoing alert emails
CONAME="Your Company"
Enter your company information name or server name..
# Send out user defined attack alerts [0=off,1=on]
USR_ALERT="0"
Change this to 1 to get email alerts
# User for alerts to be mailed to
USR="your@email.com"
Enter your email address to receive the alerts
Save your changes! Ctrl+X then press Y
Restart the firewall: /usr/local/sbin/apf -r
11. Checking the APF Log
Will show any changes to allow and deny hosts among other things.
tail -f /var/log/apf_log
Example output:
Aug 23 01:25:55 ocean apf(31448): (insert) deny all to/from 185.14.157.123
Aug 23 01:39:43 ocean apf(32172): (insert) allow all to/from 185.14.157.123
12. New - Make APF Start automatically at boot time
To autostart apf on reboot, run this:
chkconfig --level 2345 apf on
To remove it from autostart, run this:
chkconfig --del apf
13. Denying IPs with APF Firewall (Blocking)
Now that you have your shiny new firewall you probably want to block a host right, of course you do! With this new version APF now supports comments as well. There are a few ways you can block an IP, I'll show you 2 of the easier methods.
A) /etc/apf/apf -d IPHERE COMMENTHERENOSPACES
> The -d flag means DENY the IP address
> IPHERE is the IP address you wish to block
> COMMENTSHERENOSPACES is obvious, add comments to why the IP is being blocked
These rules are loaded right away into the firewall, so they're instantly active.
Example:
./apf -d 185.14.157.123 TESTING
pico /etc/apf/deny_hosts.rules
Shows the following:
# added 185.14.157.123 on 08/23/05 01:25:55
# TESTING
185.14.157.123
B) pico /etc/apf/deny_hosts.rules
You can then just add a new line and enter the IP you wish to block. Before this becomes active though you'll need to reload the APF ruleset.
/etc/apf/apf -r
14. Allowing IPs with APF Firewall (Unblocking)
I know I know, you added an IP now you need it removed right away! You need to manually remove IPs that are blocked from deny_hosts.rules.
A)
pico /etc/apf/deny_hosts.rules
Find where the IP is listed and remove the line that has the IP.
After this is done save the file and reload apf to make the new changes active.
/etc/apf/apf -r
B) If the IP isn't already listed in deny_hosts.rules and you wish to allow it, this method adds the entry to allow_hosts.rules
/etc/apf/apf -a IPHERE COMMENTHERENOSPACES
> The -a flag means ALLOW the IP address
> IPHERE is the IP address you wish to allow
> COMMENTSHERENOSPACES is obvious, add comments to why the IP is being removed These rules are loaded right away into the firewall, so they're instantly active.
Example:
./apf -a 185.14.157.123 UNBLOCKING
pico /etc/apf/allow_hosts.rules
# added 185.14.157.123 on 08/23/05 01:39:43
# UNBLOCKING
185.14.157.123
=============================
APF is a policy based iptables firewall system designed for ease of use and configuration. It employs a subset of features to satisfy the veteran Linux user and the novice alike. Packaged in tar.gz format and RPM formats, make APF ideal for deployment in many server environments based on Linux. APF is developed and maintained by R-fx Networks: R-fx Networks - Internet Security Solutions - Projects » APF
This guide will show you how to install and configure APF firewall, one of the better known Linux firewalls available.10
Requirements:
- Root SSH access to your server
Lets begin!
Login to your server through SSH and su to the root user.
1. cd /root/downloads or another temporary folder where you store your files.
2. wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz
3. tar -xvzf apf-current.tar.gz
4. cd apf-0.9.5-1/ or whatever the latest version is.
5. Run the install file: ./install.sh
You will receive a message saying it has been installed
Installing APF 0.9.5-1: Completed.
Installation Details:
Install path: /etc/apf/
Config path: /etc/apf/conf.apf
Executable path: /usr/local/sbin/apf
AntiDos install path: /etc/apf/ad/
AntiDos config path: /etc/apf/ad/conf.antidos
DShield Client Parser: /etc/apf/extras/dshield/
Other Details:
Listening TCP ports: 1,21,22,25,53,80,110,111,143,443,465,993,995,2082, 2083,2086,2087,2095,2096,3306
Listening UDP ports: 53,55880
Note: These ports are not auto-configured; they are simply presented for information purposes. You must manually configure all port options.
6. Lets configure the firewall: pico /etc/apf/conf.apf
We will go over the general configuration to get your firewall running. This isn't a complete detailed guide of every feature the firewall has. Look through the README and the configuration for an explanation of each feature.We like to use DShield.org's "block" list of top networks that have exhibited
suspicious activity.
FIND: USE_DS="0"
CHANGE TO: USE_DS="1"
7. Configuring Firewall Ports:
Cpanel Servers
We like to use the following on our Cpanel Servers
Common ingress (inbound) ports
# Common ingress (inbound) TCP ports -3000_3500 = passive port range for Pure FTPD
IG_TCP_CPORTS="21,22,25,53,80,110,143,443,2082,208 3, 2086,2087, 2095, 2096,3000_3500"
#
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS="53"
Common egress (outbound) ports
# Egress filtering [0 = Disabled / 1 = Enabled]
EGF="1"
# Common egress (outbound) TCP ports
EG_TCP_CPORTS="21,25,80,443,43,2089"
#
# Common egress (outbound) UDP ports
EG_UDP_CPORTS="20,21,53"
Ensim Servers
We have found the following can be used on Ensim Servers - although we have not tried these ourselves as I don't run Ensim boxes.
Common ingress (inbound) ports
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS="21,22,25,53,80,110,143,443,19638"
#
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS="53"
Common egress (outbound) ports
# Egress filtering [0 = Disabled / 1 = Enabled]
EGF="1"
# Common egress (outbound) TCP ports
EG_TCP_CPORTS="21,25,80,443,43"
#
# Common egress (outbound) UDP ports
EG_UDP_CPORTS="20,21,53"
Save the changes: Ctrl+X then Y
8. Starting the firewall
/usr/local/sbin/apf -s
Other commands:
usage ./apf [OPTION]
-s|--start ......................... load firewall policies
-r|--restart ....................... flush & load firewall
-f|--flush|--stop .................. flush firewall
-l|--list .......................... list chain rules
-st|--status ....................... firewall status
-a HOST CMT|--allow HOST COMMENT ... add host (IP/FQDN) to allow_hosts.rules and
immediately load new rule into firewall
-d HOST CMT|--deny HOST COMMENT .... add host (IP/FQDN) to deny_hosts.rules and
immediately load new rule into firewall
9. After everything is fine, change the DEV option
Stop the firewall from automatically clearing itself every 5 minutes from cron.
We recommend changing this back to "0" after you've had a chance to ensure everything is working well and tested the server out.
pico /etc/apf/conf.apf
FIND: DEVM="1"
CHANGE TO: DEVM="0"
10. Configure AntiDOS for APF
Relatively new to APF is the new AntiDOS feature which can be found in: /etc/apf/ad
The log file will be located at /var/log/apfados_log so you might want to make note of it and watch it!
pico /etc/apf/ad/conf.antidos
There are various things you might want to fiddle with but I'll get the ones that will alert you by email.
# [E-Mail Alerts]
Under this heading we have the following:
# Organization name to display on outgoing alert emails
CONAME="Your Company"
Enter your company information name or server name..
# Send out user defined attack alerts [0=off,1=on]
USR_ALERT="0"
Change this to 1 to get email alerts
# User for alerts to be mailed to
USR="your@email.com"
Enter your email address to receive the alerts
Save your changes! Ctrl+X then press Y
Restart the firewall: /usr/local/sbin/apf -r
11. Checking the APF Log
Will show any changes to allow and deny hosts among other things.
tail -f /var/log/apf_log
Example output:
Aug 23 01:25:55 ocean apf(31448): (insert) deny all to/from 185.14.157.123
Aug 23 01:39:43 ocean apf(32172): (insert) allow all to/from 185.14.157.123
12. New - Make APF Start automatically at boot time
To autostart apf on reboot, run this:
chkconfig --level 2345 apf on
To remove it from autostart, run this:
chkconfig --del apf
13. Denying IPs with APF Firewall (Blocking)
Now that you have your shiny new firewall you probably want to block a host right, of course you do! With this new version APF now supports comments as well. There are a few ways you can block an IP, I'll show you 2 of the easier methods.
A) /etc/apf/apf -d IPHERE COMMENTHERENOSPACES
> The -d flag means DENY the IP address
> IPHERE is the IP address you wish to block
> COMMENTSHERENOSPACES is obvious, add comments to why the IP is being blocked
These rules are loaded right away into the firewall, so they're instantly active.
Example:
./apf -d 185.14.157.123 TESTING
pico /etc/apf/deny_hosts.rules
Shows the following:
# added 185.14.157.123 on 08/23/05 01:25:55
# TESTING
185.14.157.123
B) pico /etc/apf/deny_hosts.rules
You can then just add a new line and enter the IP you wish to block. Before this becomes active though you'll need to reload the APF ruleset.
/etc/apf/apf -r
14. Allowing IPs with APF Firewall (Unblocking)
I know I know, you added an IP now you need it removed right away! You need to manually remove IPs that are blocked from deny_hosts.rules.
A)
pico /etc/apf/deny_hosts.rules
Find where the IP is listed and remove the line that has the IP.
After this is done save the file and reload apf to make the new changes active.
/etc/apf/apf -r
B) If the IP isn't already listed in deny_hosts.rules and you wish to allow it, this method adds the entry to allow_hosts.rules
/etc/apf/apf -a IPHERE COMMENTHERENOSPACES
> The -a flag means ALLOW the IP address
> IPHERE is the IP address you wish to allow
> COMMENTSHERENOSPACES is obvious, add comments to why the IP is being removed These rules are loaded right away into the firewall, so they're instantly active.
Example:
./apf -a 185.14.157.123 UNBLOCKING
pico /etc/apf/allow_hosts.rules
# added 185.14.157.123 on 08/23/05 01:39:43
# UNBLOCKING
185.14.157.123
=============================
change the ssh port
It is advisable to change your ssh port from defaul 22 to something higher to lower your chances of brute force attacks
Below are the steps to change the ssh port.
1. Update /etc/ssh/sshd_config file, line 13 (it might be different in your file):
old line:
Port 22
Change it to:
Port 18675 # any port number you wish
2. You need to update your /etc/services file to tell that your ssh service will now use a different port. Jump to line number 45 (may be differnt in your file) and change port number:
old line:
ssh 22/tcp # SSH Remote Login Protocol
change it to:
ssh 54545/tcp # SSH Remote Login Protocol
save and exit from the file.
3. Restart your sshd service,
# /etc/init.d/sshd restart
It should go smooth. You have to specify port number every time you use ssh or scp or any other service which use ssh in any way.
If your server or machine is behind a firewall, you must open the newly assigned port in your firewall.
4. Open a port in firewall
#cd /etc/sysconfig
#vi iptables
add the following line(just change port number in place of 1867)
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 1867 -j ACCEPT
save and restart iptables service.
=====================================================
How to open a port in APF
Open port 2346 using APF
Login as the root
Open config file /etc/apf/conf.apf
# vi /etc/apf/conf.apf
Find line that read as follows:
IG_TCP_CPORTS
Add port 2346 (keep all other ports):
IG_TCP_CPORTS="2346,22,25,53,80,443,993,904,...."
Close and save the file. Restart firewall:
# /etc/init.d/apf restart
Below are the steps to change the ssh port.
1. Update /etc/ssh/sshd_config file, line 13 (it might be different in your file):
old line:
Port 22
Change it to:
Port 18675 # any port number you wish
2. You need to update your /etc/services file to tell that your ssh service will now use a different port. Jump to line number 45 (may be differnt in your file) and change port number:
old line:
ssh 22/tcp # SSH Remote Login Protocol
change it to:
ssh 54545/tcp # SSH Remote Login Protocol
save and exit from the file.
3. Restart your sshd service,
# /etc/init.d/sshd restart
It should go smooth. You have to specify port number every time you use ssh or scp or any other service which use ssh in any way.
If your server or machine is behind a firewall, you must open the newly assigned port in your firewall.
4. Open a port in firewall
#cd /etc/sysconfig
#vi iptables
add the following line(just change port number in place of 1867)
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 1867 -j ACCEPT
save and restart iptables service.
=====================================================
How to open a port in APF
Open port 2346 using APF
Login as the root
Open config file /etc/apf/conf.apf
# vi /etc/apf/conf.apf
Find line that read as follows:
IG_TCP_CPORTS
Add port 2346 (keep all other ports):
IG_TCP_CPORTS="2346,22,25,53,80,443,993,904,...."
Close and save the file. Restart firewall:
# /etc/init.d/apf restart
Friday, March 20, 2009
How to Empty Logfiles
=====================================
Run Following Commands to empty exim and apache logs
====================================
echo > /var/log/exim_mainlog
echo > /var/log/exim_rejectlog
echo > /var/log/maillog
echo > /var/log/messages
echo > /var/log/messages.1
echo > /var/log/messages.2
echo > /var/log/messages.3
echo > /var/log/messages.4
echo > /var/log/lastlog
echo > /var/log/maillog
echo > /var/log/maillog.1
echo > /var/log/maillog.2
echo > /var/log/maillog.3
echo> /var/log/secure
echo> /var/log/secure.1
echo> /var/log/secure.2
echo> /var/log/secure.3
echo> /var/log/secure.4
echo > /usr/local/apache/logs/access_log
echo > /usr/local/apache/logs/suexec_log
echo > /usr/local/apache/logs/error_log
echo > /usr/local/cpanel/logs/access_log
echo > /usr/local/cpanel/logs/error_log
echo > /var/log/exim_mainlog.1
echo > /usr/local/cpanel/3rdparty/mailman/logs/locks
echo > /var/log/cron.2
echo > /var/log/chkservd.log
echo > /var/log/cron.4
echo > /var/log/exim_paniclog.1
echo > /var/log/exim_rejectlog.1
echo > /var/log/exim_paniclog
=================================================
How to delete unwanted things from /usr partion.
=================================================
1) Login to client machine via ssh.
2) type : df -h
3) then go to : cd /usr/local/apache/logs
4) type: ls -ihS
5) type: echo > error_log
6) type: echo > suexec_log
7) go to : cd ../domlogs/
8) type: ls -lhS | head -n 20
9) type: echo > anyone from the list.
===================================================
Run Following Commands to empty exim and apache logs
====================================
echo > /var/log/exim_mainlog
echo > /var/log/exim_rejectlog
echo > /var/log/maillog
echo > /var/log/messages
echo > /var/log/messages.1
echo > /var/log/messages.2
echo > /var/log/messages.3
echo > /var/log/messages.4
echo > /var/log/lastlog
echo > /var/log/maillog
echo > /var/log/maillog.1
echo > /var/log/maillog.2
echo > /var/log/maillog.3
echo> /var/log/secure
echo> /var/log/secure.1
echo> /var/log/secure.2
echo> /var/log/secure.3
echo> /var/log/secure.4
echo > /usr/local/apache/logs/access_log
echo > /usr/local/apache/logs/suexec_log
echo > /usr/local/apache/logs/error_log
echo > /usr/local/cpanel/logs/access_log
echo > /usr/local/cpanel/logs/error_log
echo > /var/log/exim_mainlog.1
echo > /usr/local/cpanel/3rdparty/mailman/logs/locks
echo > /var/log/cron.2
echo > /var/log/chkservd.log
echo > /var/log/cron.4
echo > /var/log/exim_paniclog.1
echo > /var/log/exim_rejectlog.1
echo > /var/log/exim_paniclog
=================================================
How to delete unwanted things from /usr partion.
=================================================
1) Login to client machine via ssh.
2) type : df -h
3) then go to : cd /usr/local/apache/logs
4) type: ls -ihS
5) type: echo > error_log
6) type: echo > suexec_log
7) go to : cd ../domlogs/
8) type: ls -lhS | head -n 20
9) type: echo > anyone from the list.
===================================================
Thursday, March 19, 2009
Scan viruses and Trojans
---------------------------------------------
Scan viruses and Trojans on cpanel server
---------------------------------------------
Search For Trojans in /dev
/scripts/finddev
Locate Trojan Horses
/scripts/findtrojans
Suggest Usage
/scripts/findtrojans > /var/log/trojans
/scripts/fixtrojans /var/log/trojans
---------------------------------------------
Install ClamAV in Centos with Cpanel
--------------------------------------------
Installing antivirus is most important if you run a VPS or dedicated server, because of so many worms and trojans get in to your server often without notice and could compromise the server.
Cpanel WHM Installation
The easiest way to install clam antivirus in cpanel is through install plugin option in Cpanel WHM .
Go > WHM > Cpanel Install Plugin > Enable Clamav Connector
-----------------------------------------
Manual Installation
You can install clamav by compiling RPM packages.
1. Compiling source: download from clamav site.
2. Installing RPM package. Download
I tried to download and compile source package, but i got zlib error complaining the version not updated. so tried RPM and just able to install for myself.
By default clamav doesnt come with centos or perhaps with yum. You have to find rpm repository and install it.
Here is how you install clam antivirus (freely available) in centos running with cpanel.
----------------------------------
yum install clamd
[OR]
yum install clamav
----------------
If it doesnt work use this
rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el4.rf.i386.rpm
follow this instructions here based on centos version (Locate B2 in that page)
after installing that you can issue
yum install clamd
[OR]
yum install clamav
either of those should work.
Once you have installed clamav in your centos…here are some of the basic commands using the software..
1. To update the antivirus database
> freshclam
2. To run antivirus
clamav -r /home
3. Running as Cron Daily Job
To run antivirus as a cron job (automatically scan daily) just run crontab -e from your command line. Then add the following line and save the file.
02 1 * * * root clamscan -R /var/www
This will run the cron job daily @ 1.02 AM by scanning the public html. You can change the folder to whatever you want for mail etc.
-------------------
Scan viruses and Trojans on cpanel server
---------------------------------------------
Search For Trojans in /dev
/scripts/finddev
Locate Trojan Horses
/scripts/findtrojans
Suggest Usage
/scripts/findtrojans > /var/log/trojans
/scripts/fixtrojans /var/log/trojans
---------------------------------------------
Install ClamAV in Centos with Cpanel
--------------------------------------------
Installing antivirus is most important if you run a VPS or dedicated server, because of so many worms and trojans get in to your server often without notice and could compromise the server.
Cpanel WHM Installation
The easiest way to install clam antivirus in cpanel is through install plugin option in Cpanel WHM .
Go > WHM > Cpanel Install Plugin > Enable Clamav Connector
-----------------------------------------
Manual Installation
You can install clamav by compiling RPM packages.
1. Compiling source: download from clamav site.
2. Installing RPM package. Download
I tried to download and compile source package, but i got zlib error complaining the version not updated. so tried RPM and just able to install for myself.
By default clamav doesnt come with centos or perhaps with yum. You have to find rpm repository and install it.
Here is how you install clam antivirus (freely available) in centos running with cpanel.
----------------------------------
yum install clamd
[OR]
yum install clamav
----------------
If it doesnt work use this
rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el4.rf.i386.rpm
follow this instructions here based on centos version (Locate B2 in that page)
after installing that you can issue
yum install clamd
[OR]
yum install clamav
either of those should work.
Once you have installed clamav in your centos…here are some of the basic commands using the software..
1. To update the antivirus database
> freshclam
2. To run antivirus
clamav -r /home
3. Running as Cron Daily Job
To run antivirus as a cron job (automatically scan daily) just run crontab -e from your command line. Then add the following line and save the file.
02 1 * * * root clamscan -R /var/www
This will run the cron job daily @ 1.02 AM by scanning the public html. You can change the folder to whatever you want for mail etc.
-------------------
yum installed or not?
You can check yum is installed or not on server
-----------------
rpm -q yum
rpm -ql yum
echo $PATH
------------------
-----------------
rpm -q yum
rpm -ql yum
echo $PATH
------------------
Wednesday, March 11, 2009
Installing PostgreSQL On Cpanel
Installing PostgreSQL
Install PostgreSQL using cPanel
To install PostgreSQL on the server that is running a cPanel server, complete the following:
1. Login as root
2. Type:
cd /scripts/
./installpostgres
3. cPanel will automatically install PostgreSQL using yum and initialize the database for you.
Install PostgreSQL using yum
Yum can be used to install PostgreSQL on a RedHat or CentOS platform. Run the following commands to get PostgreSQL installed with yum.
yum install postgresql postgresql-server postgresql-libs postgresql-devel
/etc/rc.d/init.d/postgresql start
-OR-
yum install postgresql postgresql-server postgresql-libs postgresql-devel
/etc/rc.d/init.d/postgresql initdb
/etc/rc.d/init.d/postgresql start
++++++++++++++++++++++++++++++++++++++
Install PostgreSQL using cPanel
To install PostgreSQL on the server that is running a cPanel server, complete the following:
1. Login as root
2. Type:
cd /scripts/
./installpostgres
3. cPanel will automatically install PostgreSQL using yum and initialize the database for you.
Install PostgreSQL using yum
Yum can be used to install PostgreSQL on a RedHat or CentOS platform. Run the following commands to get PostgreSQL installed with yum.
yum install postgresql postgresql-server postgresql-libs postgresql-devel
/etc/rc.d/init.d/postgresql start
-OR-
yum install postgresql postgresql-server postgresql-libs postgresql-devel
/etc/rc.d/init.d/postgresql initdb
/etc/rc.d/init.d/postgresql start
++++++++++++++++++++++++++++++++++++++
Sunday, March 8, 2009
Rvsite builder Installation and troubleshooting
How To Install RvSiteBuilder
Note: you need to get a license from RVSiteBuilder website.
Installing RVSiteBuilder:
# cd /usr/local/cpanel/whostmgr/docroot/cgi/
# rm -f rvsitebuilderinstaller.tar
# wget http://download.rvglobalsoft.com/rvsitebuilderinstaller.tar
# tar -xvf rvsitebuilderinstaller.tar
# chmod 755 addon_rvsitebuilder.cgi
Now open WHM, ->> Add-ons section ->> RVSiteBuilder Installer menu. Click RVSiteBuilder Installer to begin the installation process.
++++++++++++++++++-----------------------+++++++++++++++++++++++++
Troubleshooting:
1) Not Found Error on rvsitebuilder
If you get the next problem on rvsitebuilder running on a cpanel server:
Not Found
The server was not able to find the document
(./3rdparty/rvsitebuilder/index.php/sitebuilder/sitebuilderhome) you
requested.
Please check the url and try again. You might also want to report this
error to your webhost.
It should fix the problem to you:
Log in as root on your cpanel server and run these commands:
# rm -f /var/cpanel/rvglobalsoft/rvsitebuilder/var/INSTALL_COMPLETE.php
# rm -f /var/cpanel/rvglobalsoft/rvsitebuilder/rvsitebuilderversion.txt
# perl /usr/local/cpanel/whostmgr/docroot/cgi/rvsitebuilderinstaller/autoinstaller.cgi
Open your WHM on a web browser, https://serverip:2087
And go to root WHM -> Plugins -> RVSiteBuilder
It will automatically rebuild the database for you and should fix the problem.
++++++++++++++++++++++++++-------------------------------++++++++++++++++++++
Note: you need to get a license from RVSiteBuilder website.
Installing RVSiteBuilder:
# cd /usr/local/cpanel/whostmgr/docroot/cgi/
# rm -f rvsitebuilderinstaller.tar
# wget http://download.rvglobalsoft.com/rvsitebuilderinstaller.tar
# tar -xvf rvsitebuilderinstaller.tar
# chmod 755 addon_rvsitebuilder.cgi
Now open WHM, ->> Add-ons section ->> RVSiteBuilder Installer menu. Click RVSiteBuilder Installer to begin the installation process.
++++++++++++++++++-----------------------+++++++++++++++++++++++++
Troubleshooting:
1) Not Found Error on rvsitebuilder
If you get the next problem on rvsitebuilder running on a cpanel server:
Not Found
The server was not able to find the document
(./3rdparty/rvsitebuilder/index.php/sitebuilder/sitebuilderhome) you
requested.
Please check the url and try again. You might also want to report this
error to your webhost.
It should fix the problem to you:
Log in as root on your cpanel server and run these commands:
# rm -f /var/cpanel/rvglobalsoft/rvsitebuilder/var/INSTALL_COMPLETE.php
# rm -f /var/cpanel/rvglobalsoft/rvsitebuilder/rvsitebuilderversion.txt
# perl /usr/local/cpanel/whostmgr/docroot/cgi/rvsitebuilderinstaller/autoinstaller.cgi
Open your WHM on a web browser, https://serverip:2087
And go to root WHM -> Plugins -> RVSiteBuilder
It will automatically rebuild the database for you and should fix the problem.
++++++++++++++++++++++++++-------------------------------++++++++++++++++++++
Directadmin: Nameservers setup
Setup Your Nameservers on Directadmin
To setup your nameservers, simply do the following:
- Login to your DirectAdmin panel as "admin"
- Go to your IP Management section, and add two new IP addresses
- Once they are added, click the check boxes next to the two IPs that you've just submitted. Assign these IPs to "admin"
- Now go to your Reseller panel, and navigate to your Nameserver section
- On this page, create your two nameservers, generally ns1. and ns2.
- Finally, go back to your Admin panel and go to your Administrator Settings page. Set your nameservers to the ones you have just created and save your changes.
To setup your nameservers, simply do the following:
- Login to your DirectAdmin panel as "admin"
- Go to your IP Management section, and add two new IP addresses
- Once they are added, click the check boxes next to the two IPs that you've just submitted. Assign these IPs to "admin"
- Now go to your Reseller panel, and navigate to your Nameserver section
- On this page, create your two nameservers, generally ns1. and ns2.
- Finally, go back to your Admin panel and go to your Administrator Settings page. Set your nameservers to the ones you have just created and save your changes.
Monday, March 2, 2009
Load monitoring
Load monitoring and controlling
#top
#ps -aufx | grep nobody
#ps -aufx | grep pkgacct
#ps -aufx | grep mysql
====================
YOU CAN KILL NOBODY PROCESSESS
#kill -9 pid
#kill -9 $(pgrep -u nobody)
#kill -9 `ps -u nobody -o "pid="`
#/etc/init.d/restart httpd
======================
EXIM
to delete frozen mails
exim -bpr | grep frozen | awk {'print $3'} | xargs exim -Mrm
=====================
MYSQL:
To kill mysql process found in mysqladmin processlist
mysqladmin kill process id
====================
How to Monitor the services that is using up most of the cpu and memory on a server.
ps auxfw|sort -nr|grep -v 0.0
#top
#ps -aufx | grep nobody
#ps -aufx | grep pkgacct
#ps -aufx | grep mysql
====================
YOU CAN KILL NOBODY PROCESSESS
#kill -9 pid
#kill -9 $(pgrep -u nobody)
#kill -9 `ps -u nobody -o "pid="`
#/etc/init.d/restart httpd
======================
EXIM
to delete frozen mails
exim -bpr | grep frozen | awk {'print $3'} | xargs exim -Mrm
=====================
MYSQL:
To kill mysql process found in mysqladmin processlist
mysqladmin kill process id
====================
How to Monitor the services that is using up most of the cpu and memory on a server.
ps auxfw|sort -nr|grep -v 0.0
Plesk: mailqueue
How do I check the mail queue
sendmail -bp
It will print a list of emails
Command of check the number of messages waiting to be sent on the server is:
/var/qmail/bin/qmail-qstat
How to force qmail to process all messages in queue immediately?
If you send ALRM signal to the qmail-send process, Qmail will try to process all messages in queue again immediately.
# ps ax | grep qmail-send
# kill -ALRM
sendmail -bp
It will print a list of emails
Command of check the number of messages waiting to be sent on the server is:
/var/qmail/bin/qmail-qstat
How to force qmail to process all messages in queue immediately?
If you send ALRM signal to the qmail-send process, Qmail will try to process all messages in queue again immediately.
# ps ax | grep qmail-send
# kill -ALRM
Wget Error
for wget http://where.the.rpm it returns:
Code:
# wget http://------.rpm
bash: wget: command not found
**Fixed my wget problem with:
#yum install wget
Code:
# wget http://------.rpm
bash: wget: command not found
**Fixed my wget problem with:
#yum install wget
Monday, February 23, 2009
Migration
Whm transfer gives bad file descriptor error
During a transfer you may run into the following error:
--------------------------------------------------------------------------------
Connecting to Remote Server Failed: Unable to connect to IP.ADDRESS:22: Bad file descriptor
---------------------------------------------------------------------------------
This error is shown when the server that the copy is running on is unable to connect to the remote SSH server. The most common error is due to a firewall blocking outgoing port 22 on the server. Open up the firewall to allow this and the transfer will go through.
Apf Firewall.
#vi /etc/apf/conf.apf
On the APF firewall add port 22 to EG_TCP_CPORTS if you have EGF set to 1. Then restart apf with apf -r
You have to check port 22 in conf.apf file on both servers source and destination.
Scroll down to the "Common ingress (inbound) TCP ports section. At this point you need to find the correct configuration for your control panel.
----------------------------------------
-----cPanel -----
IG_TCP_CPORTS="20,21,22,25,26,53,80,110,143,443,465,993,995,2082,2083,2086,2087,2095,2096"
IG_UDP_CPORTS="21,53,873"
EGF="1"
EG_TCP_CPORTS="21,22,25,26,27,37,43,53,80,110,113,443,465,873,2089"
EG_UDP_CPORTS="20,21,37,53,873"
--------------------------------------------
During a transfer you may run into the following error:
--------------------------------------------------------------------------------
Connecting to Remote Server Failed: Unable to connect to IP.ADDRESS:22: Bad file descriptor
---------------------------------------------------------------------------------
This error is shown when the server that the copy is running on is unable to connect to the remote SSH server. The most common error is due to a firewall blocking outgoing port 22 on the server. Open up the firewall to allow this and the transfer will go through.
Apf Firewall.
#vi /etc/apf/conf.apf
On the APF firewall add port 22 to EG_TCP_CPORTS if you have EGF set to 1. Then restart apf with apf -r
You have to check port 22 in conf.apf file on both servers source and destination.
Scroll down to the "Common ingress (inbound) TCP ports section. At this point you need to find the correct configuration for your control panel.
----------------------------------------
-----cPanel -----
IG_TCP_CPORTS="20,21,22,25,26,53,80,110,143,443,465,993,995,2082,2083,2086,2087,2095,2096"
IG_UDP_CPORTS="21,53,873"
EGF="1"
EG_TCP_CPORTS="21,22,25,26,27,37,43,53,80,110,113,443,465,873,2089"
EG_UDP_CPORTS="20,21,37,53,873"
--------------------------------------------
Lxadmin
Reset Default Lxadmin Password via commandline/backend
Sometimes when you intially setup Lxadmin, you can have problems resetting it from default. To get around this can you can do the following:
1. Login via SSH to your VPS.
2. Run:
cd /usr/local/lxlabs/lxadmin/httpdocs
3. Then run:
/usr/bin/lphp.exe ../bin/common/resetpassword.php master
Sometimes when you intially setup Lxadmin, you can have problems resetting it from default. To get around this can you can do the following:
1. Login via SSH to your VPS.
2. Run:
cd /usr/local/lxlabs/lxadmin/httpdocs
3. Then run:
/usr/bin/lphp.exe ../bin/common/resetpassword.php master
phpmyadmin
Maximum execution time of 300 seconds exceeded
If you get following error while uploding large SQL file.
"Fatal error: Maximum execution time of 300 seconds exceeded in /usr/local/cpanel/base/3rdparty/phpMyAdmin/libraries/import/sql.php on line 118"
Then edit config.default.php inside /usr/local/cpanel/base/3rdparty/phpMyAdmin/ and look for this line
$cfg[’ExecTimeLimit’] = 300;
and replace with any larger value
$cfg[’ExecTimeLimit’] = 3600;
If you get following error while uploding large SQL file.
"Fatal error: Maximum execution time of 300 seconds exceeded in /usr/local/cpanel/base/3rdparty/phpMyAdmin/libraries/import/sql.php on line 118"
Then edit config.default.php inside /usr/local/cpanel/base/3rdparty/phpMyAdmin/ and look for this line
$cfg[’ExecTimeLimit’] = 300;
and replace with any larger value
$cfg[’ExecTimeLimit’] = 3600;
htaccess file:
php_value register_globals 0
========================================
DirectoryIndex index.php index.html
=====================================
php_value upload_max_filesize 20M
========================================
php_value display_errors off
========================================
How to redirect a website using .htaccess
RewriteEngine on
RewriteCond %{HTTP_HOST} ^mysite.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.mysite.com$
RewriteRule ^(.*)$ http://www.mysite.com/forum/$1 [R=301,L]
Using the above code www.mysite.com will be redirected to www.mysite.com/forum
You can redirect your domain to any other domains.
========================================
DirectoryIndex index.php index.html
=====================================
php_value upload_max_filesize 20M
========================================
php_value display_errors off
========================================
How to redirect a website using .htaccess
RewriteEngine on
RewriteCond %{HTTP_HOST} ^mysite.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.mysite.com$
RewriteRule ^(.*)$ http://www.mysite.com/forum/$1 [R=301,L]
Using the above code www.mysite.com will be redirected to www.mysite.com/forum
You can redirect your domain to any other domains.
Restore directadmin data from backup drive
Direct Admin rsync process to restore accounts from backup drive.
#Transfer /home data
rsync -av --progress /backup/root/home /
#Transfer important files from /etc drive.
rsync -av --progress /backup/root/etc/passwd /etc
rsync -av --progress /backup/root/etc/shadow /etc
rsync -av --progress /backup/root/etc/group /etc
rsync -av --progress /backup/root/etc/exim.conf /etc
rsync -av --progress /backup/root/etc/exim.pl /etc
rsync -av --progress /backup/root/etc/system_filter.exim /etc
rsync -av --progress /backup/root/etc/exim.crt /etc
rsync -av --progress /backup/root/etc/exim.key /etc
rsync -av --progress /backup/root/etc/proftpd.conf /etc
rsync -av --progress /backup/root/etc/proftpd.vhosts.conf /etc
rsync -av --progress /backup/root/etc/proftpd.passwd /etc
rsync -av --progress /backup/root/etc/hosts /etc
rsync -av --progress /backup/root/etc/resolve.conf /etc
rsync -av --progress /backup/root/etc/named.conf /etc
rsync -av --progress /backup/root/etc/virtual/domainowners /etc/virtual
rsync -av --progress /backup/root/etc/virtual/domains /etc/virtual
rsync -av --progress /backup/root/etc/virtual/pophosts /etc/virtual
rsync -av --progress /backup/root/etc/virtual/majordomo/* /etc/virtual/majordomo
# Transfer HTTPD and configuration files
rsync -av --progress /backup/root/etc/httpd/conf/httpd.conf /etc/httpd/conf
rsync -av --progress /backup/root/etc/httpd/conf/ips.conf /etc/httpd/conf
rsync -av --progress /backup/root/etc/httpd/conf/ssl.crt /etc/httpd/conf
rsync -av --progress /backup/root/etc/httpd/conf/ssl.key/server.key /etc/httpd/conf/ssl.key
# Transfer logs and databases
rsync -av --progress /backup/root/var/named/* /var/named/
rsync -av --progress /backup/root/var/spool/virtual/* /var/spool/virtual
rsync -av --progress /backup/root/var/spool/mail/* /var/spool/mail
rsync -av --progress /backup/root/var/spool/cron/* /var/spool/cron
rsync -av --progress /backup/root/var/www/* /var/www
rsync -av --progress /backup/root/var/log/* /var/log
rsync -av --progress /backup/root/var/lib/mysql/* /var/lib/mysql
# Transfer frontpage config files
rsync -av --progress /backup/root/usr/local/frontpage/*.cnf /usr/local/frontpage
# Transfer directadmin configuration and user files
rsync -av --progress /backup/root/usr/local/directadmin/* /usr/local/directadmin
#Transfer /home data
rsync -av --progress /backup/root/home /
#Transfer important files from /etc drive.
rsync -av --progress /backup/root/etc/passwd /etc
rsync -av --progress /backup/root/etc/shadow /etc
rsync -av --progress /backup/root/etc/group /etc
rsync -av --progress /backup/root/etc/exim.conf /etc
rsync -av --progress /backup/root/etc/exim.pl /etc
rsync -av --progress /backup/root/etc/system_filter.exim /etc
rsync -av --progress /backup/root/etc/exim.crt /etc
rsync -av --progress /backup/root/etc/exim.key /etc
rsync -av --progress /backup/root/etc/proftpd.conf /etc
rsync -av --progress /backup/root/etc/proftpd.vhosts.conf /etc
rsync -av --progress /backup/root/etc/proftpd.passwd /etc
rsync -av --progress /backup/root/etc/hosts /etc
rsync -av --progress /backup/root/etc/resolve.conf /etc
rsync -av --progress /backup/root/etc/named.conf /etc
rsync -av --progress /backup/root/etc/virtual/domainowners /etc/virtual
rsync -av --progress /backup/root/etc/virtual/domains /etc/virtual
rsync -av --progress /backup/root/etc/virtual/pophosts /etc/virtual
rsync -av --progress /backup/root/etc/virtual/majordomo/* /etc/virtual/majordomo
# Transfer HTTPD and configuration files
rsync -av --progress /backup/root/etc/httpd/conf/httpd.conf /etc/httpd/conf
rsync -av --progress /backup/root/etc/httpd/conf/ips.conf /etc/httpd/conf
rsync -av --progress /backup/root/etc/httpd/conf/ssl.crt /etc/httpd/conf
rsync -av --progress /backup/root/etc/httpd/conf/ssl.key/server.key /etc/httpd/conf/ssl.key
# Transfer logs and databases
rsync -av --progress /backup/root/var/named/* /var/named/
rsync -av --progress /backup/root/var/spool/virtual/* /var/spool/virtual
rsync -av --progress /backup/root/var/spool/mail/* /var/spool/mail
rsync -av --progress /backup/root/var/spool/cron/* /var/spool/cron
rsync -av --progress /backup/root/var/www/* /var/www
rsync -av --progress /backup/root/var/log/* /var/log
rsync -av --progress /backup/root/var/lib/mysql/* /var/lib/mysql
# Transfer frontpage config files
rsync -av --progress /backup/root/usr/local/frontpage/*.cnf /usr/local/frontpage
# Transfer directadmin configuration and user files
rsync -av --progress /backup/root/usr/local/directadmin/* /usr/local/directadmin
Restore cpanel data from backup drive
# /etc User / IP's + passwd files
rsync -av --progress /oldroot/etc/passwd /etc/
rsync -av --progress /oldroot/etc/shadow /etc/
rsync -av --progress /oldroot/etc/group /etc/
rsync -av --progress /oldroot/etc/wwwacct.conf /etc/
rsync -av --progress /oldroot/etc/quota.conf /etc/
rsync -av --progress /oldroot/etc/domainalias /etc/
rsync -av --progress /oldroot/etc/remotedomains /etc/
rsync -av --progress /oldroot/etc/reservedipreasons /etc/
rsync -av --progress /oldroot/etc/reservedips /etc/
rsync -av --progress /oldroot/etc/secondarymx /etc/
rsync -av --progress /oldroot/etc/localdomains /etc/
rsync -av --progress /oldroot/etc/userdomains /etc/
rsync -av --progress /oldroot/etc/valiases /etc/
rsync -av --progress /oldroot/etc/vfilters /etc/
rsync -av --progress /oldroot/etc/vmail /etc/
rsync -av --progress /oldroot/etc/trueuserdomains /etc/
rsync -av --progress /oldroot/etc/ips /etc/
rsync -av --progress /oldroot/etc/domainips /etc/
rsync -av --progress /oldroot/etc/services /etc/
ftpd files
rsync -av --progress /old/etc/sysconfig/pure-ftpd /etc/sysconfig/
rsync -av --progress /old/etc/pure-ftpd.conf /etc/
rsync -av --progress /old/etc/pure-ftpd /etc/
rsync -av --progress /old/etc/proftpd /etc/
rsync -av --progress /old/etc/proftpd.* /etc/
# /var
rsync -av --progress /oldvar/cpanel /var/
rsync -av --progress /oldvar/spool/cron /var/spool/
rsync -av --progress /oldvar/netenberg /var/
# /usr config - 3rdparty
rsync -av --progress /oldusr/share/ssl /usr/share/
rsync -av --progress /oldusr/local/cpanel/3rdparty/mailman /usr/local/cpanel/3rdparty/
rsync -av --progress /oldusr/local/cpanel/base/frontend /usr/local/cpanel/base/
# Apache
rsync -av --progress /oldusr/local/apache/conf /usr/local/apache/
rsync -av --progress /oldusr/local/frontpage /usr/local/
# Mysql config
rsync -av --progress /oldroot/root/.my.cnf /root/
rsync -av --progress /oldroot/etc/my.cnf /etc/
# Named
rsync -av --progress /old/var/named /var/
rsync -av --progress /old/etc/named.conf /etc/
rsync -av --progress /old/etc/rndc.conf /etc/
# Mysql
rsync -av --progress /old/var/lib/mysql /var/lib/
========================
#for RSYNC of home create a sh file add the following lines, execute the file as sh file.sh
for SITE in `ls /old/var/cpanel/users`
do
rsync -av --progress /old/home/$SITE /home/
done
===============
I recomend updating cpanel afterwards:
-----------------------
/scripts/upcp --force
/scripts/updatenow
/scripts/sysup
/scripts/fixeverything
/scripts/exim4
/up2date
--------------------------
rsync -av --progress /oldroot/etc/passwd /etc/
rsync -av --progress /oldroot/etc/shadow /etc/
rsync -av --progress /oldroot/etc/group /etc/
rsync -av --progress /oldroot/etc/wwwacct.conf /etc/
rsync -av --progress /oldroot/etc/quota.conf /etc/
rsync -av --progress /oldroot/etc/domainalias /etc/
rsync -av --progress /oldroot/etc/remotedomains /etc/
rsync -av --progress /oldroot/etc/reservedipreasons /etc/
rsync -av --progress /oldroot/etc/reservedips /etc/
rsync -av --progress /oldroot/etc/secondarymx /etc/
rsync -av --progress /oldroot/etc/localdomains /etc/
rsync -av --progress /oldroot/etc/userdomains /etc/
rsync -av --progress /oldroot/etc/valiases /etc/
rsync -av --progress /oldroot/etc/vfilters /etc/
rsync -av --progress /oldroot/etc/vmail /etc/
rsync -av --progress /oldroot/etc/trueuserdomains /etc/
rsync -av --progress /oldroot/etc/ips /etc/
rsync -av --progress /oldroot/etc/domainips /etc/
rsync -av --progress /oldroot/etc/services /etc/
ftpd files
rsync -av --progress /old/etc/sysconfig/pure-ftpd /etc/sysconfig/
rsync -av --progress /old/etc/pure-ftpd.conf /etc/
rsync -av --progress /old/etc/pure-ftpd /etc/
rsync -av --progress /old/etc/proftpd /etc/
rsync -av --progress /old/etc/proftpd.* /etc/
# /var
rsync -av --progress /oldvar/cpanel /var/
rsync -av --progress /oldvar/spool/cron /var/spool/
rsync -av --progress /oldvar/netenberg /var/
# /usr config - 3rdparty
rsync -av --progress /oldusr/share/ssl /usr/share/
rsync -av --progress /oldusr/local/cpanel/3rdparty/mailman /usr/local/cpanel/3rdparty/
rsync -av --progress /oldusr/local/cpanel/base/frontend /usr/local/cpanel/base/
# Apache
rsync -av --progress /oldusr/local/apache/conf /usr/local/apache/
rsync -av --progress /oldusr/local/frontpage /usr/local/
# Mysql config
rsync -av --progress /oldroot/root/.my.cnf /root/
rsync -av --progress /oldroot/etc/my.cnf /etc/
# Named
rsync -av --progress /old/var/named /var/
rsync -av --progress /old/etc/named.conf /etc/
rsync -av --progress /old/etc/rndc.conf /etc/
# Mysql
rsync -av --progress /old/var/lib/mysql /var/lib/
========================
#for RSYNC of home create a sh file add the following lines, execute the file as sh file.sh
for SITE in `ls /old/var/cpanel/users`
do
rsync -av --progress /old/home/$SITE /home/
done
===============
I recomend updating cpanel afterwards:
-----------------------
/scripts/upcp --force
/scripts/updatenow
/scripts/sysup
/scripts/fixeverything
/scripts/exim4
/up2date
--------------------------
Linux Directory structure and basic commands.
Linux Directory Structure
Linux directory hierarchy:
This includes the root directory and all of its subdirectories.
=========================
Table of Contents
============================
Introduction
The Linux directory hierarchy at a glance
Top level directory
Subdirectories
The Linux Filesystem Hierarchy
/
/bin
/boot
/dev
/etc
/home
/lib
/mnt
/lost+found
/opt
/proc
/root
/sbin
/tmp
/usr
/var
========================
Introduction
==================================
In the Linux operating system, all filesystems are contained within one directory hierarchy. The root directory is the top level directory, and all its subdirectories make up the directory hierarchy. This differs to other operating systems such as MS-Windows which applies a separate hierarchy for each device and partition.
=============================================
The Linux directory hierarchy at a glance
The following directories are contained within the structure:
==========================
Top level directory
/
==========================
Subdirectories
==========================
bin sbin lib usr var boot dev etc home mnt proc root tmp lost+found opt
The Linux Filesystem Hierarchy
Listed below are the directories contained within the root filesystem.
/
The Linux filesystem has the root directory at the top of the directory tree. The following list of directories are subdirectories of the root directory. This directory is denoted by the / (pronounced "slash") symbol. To view the list of directories from the root directory, enter the following in the command line:
$ls /
You will see a list of subdirectories outputed to the screen. All these directories are explained below.
/bin
Contains executable programs such as ls and cp. These programs are designed to make the system usable. Programs within /bin are required for system repairing. Some of the files located in the /bin directory include:
Shell programs
* bash
* sh
File manipulation programs
* tar
* echo
* vi
* grep
Process handling programs
* kill
* ps
/boot
Stored in this directory are files that are required for the Linux boot process. Such files include vmlinuz, the Linux kernel file.
/dev
Contains device files required for interfacing with hardware. Devices in UNIX are either block or character devices. Examples of character devices are your keyboard, mouse and serial port. Block devices can include the floppy drive, CD-ROM drive and hard disk. Common files in /dev include:
* psaux (interface to PS/2 mouse)
* modem (interface to modem hardware)
* ttyS0 (first serial port)
* tty0 (first virtual console).
/etc
Contains configuration files which are local to the machine. Programs store configuration files in this directory and these files are referenced when programs are run. Common files or directories found in /etc include:
* /etc/X11/ (the X Window configuration directory)
* profile (system-wide environment configuration file).
/home
Contains user account directories. Each user created by the system administrator will have a subdirectory under /home with the name of the account. This is the default behaviour of Linux systems. E.g. User account for Anna is created, her home directory will be located in /home/anna. All her personal files will reside in this directory. All participants in this class are using the home directories of their respective user accounts. At Computerbank, /home is served via the network, enabling users to access their home directory from any networked machine.
/lib
Contains shared object library files that are necessary to boot the system as well as containing files required by various programs such as rm and ls. This directory also contains modules (located in /lib/modules) which can be loaded into the kernel. Files of interest in /lib include:
* libm.so (shared object file used for math functions)
* libc.so (C programming library used for all system and library calls).
Module files are located in /lib/modules/`uname -r`/kernel/
/mnt
Used for mounting temporary filesystems. When mounting a CD-ROM for instance, the standard mount point location is /mnt/cdrom. On the Debian GNU/Linux systems at Computerbank, the mount point has been changed to /cdrom.
/lost+found
When the filesystem cannot properly identify files, the respective files are placed in this directory. If data appears to have been lost mysteriously, it is a good idea to check in this direetory (or ask your system administrator to check for you).
/opt
Used for storing random data that has no other logical destination.
/proc
Provides information about running processes and the kernel. A directory is provided for each running process. Useful system information such as the amount of Random Access Memory (RAM) available on the system as well as Central Processing Unit (CPU) speed in Megahertz (MHz) can be found within the /proc directory. The following commands will give you this information:
$ cat /proc/cpuinfo - Display CPU information of system
$ cat /proc/meminfo - Display RAM information as well as swap space capacity and usage.
/root
This is the home directory for the super user (root). This directory is not viewable from user accounts. The /root directory usually contains system administration files.
/sbin
Similar to /bin, this directory contains executable programs needed to boot the system, however the programs within /sbin are executed by the root user. Contains system maintenance programs, examples of which are:
* ifconfig (interface configuration, use this command to add or remove a network interface)
* mkfs (make a filesystem on a partition)
* lilo (boot loader software, tells your Master Boot Record (MBR) where to find your operating system(s). Linux Loader (LILO) stores its working files in /boot.
/tmp
This directory is used for temporary storage space. Files within this directory are often cleaned out either at boot time or by a regular job process. The Debian GNU/Linux operating system cleans up the /tmp directory at boot time. An example for using the /tmp directory in Computerbank would be when downloading the OpenOffice deb packages. By downloading these packages into the /tmp directory, the user can be assured the packages will be wiped off the system next time the machine reboots.
/usr
Used to store applications. When installing an application on a Debian GNU/Linux machine, the typical path to install would be /usr/local. You will notice the directory structure within /usr appears similar to the root directory structure. Some directories located within /usr include:
* /usr/doc - Documentation relating to the installed software programs.
* /usr/bin - Executable programs that are not required for booting or repairing the system.
* /usr/local/src - Source code for locally installed applications.
/var
This directory contains files of variable file storage. Files in /var are dynamic and are constantly being written to or changed. Some directories located within /var include:
* /var/spool - files in the print queue
* /var/log - files containing logging information
* /var/run - files containing the process ID's for each current process.
===============================================
Linux directory hierarchy:
This includes the root directory and all of its subdirectories.
=========================
Table of Contents
============================
Introduction
The Linux directory hierarchy at a glance
Top level directory
Subdirectories
The Linux Filesystem Hierarchy
/
/bin
/boot
/dev
/etc
/home
/lib
/mnt
/lost+found
/opt
/proc
/root
/sbin
/tmp
/usr
/var
========================
Introduction
==================================
In the Linux operating system, all filesystems are contained within one directory hierarchy. The root directory is the top level directory, and all its subdirectories make up the directory hierarchy. This differs to other operating systems such as MS-Windows which applies a separate hierarchy for each device and partition.
=============================================
The Linux directory hierarchy at a glance
The following directories are contained within the structure:
==========================
Top level directory
/
==========================
Subdirectories
==========================
bin sbin lib usr var boot dev etc home mnt proc root tmp lost+found opt
The Linux Filesystem Hierarchy
Listed below are the directories contained within the root filesystem.
/
The Linux filesystem has the root directory at the top of the directory tree. The following list of directories are subdirectories of the root directory. This directory is denoted by the / (pronounced "slash") symbol. To view the list of directories from the root directory, enter the following in the command line:
$ls /
You will see a list of subdirectories outputed to the screen. All these directories are explained below.
/bin
Contains executable programs such as ls and cp. These programs are designed to make the system usable. Programs within /bin are required for system repairing. Some of the files located in the /bin directory include:
Shell programs
* bash
* sh
File manipulation programs
* tar
* echo
* vi
* grep
Process handling programs
* kill
* ps
/boot
Stored in this directory are files that are required for the Linux boot process. Such files include vmlinuz, the Linux kernel file.
/dev
Contains device files required for interfacing with hardware. Devices in UNIX are either block or character devices. Examples of character devices are your keyboard, mouse and serial port. Block devices can include the floppy drive, CD-ROM drive and hard disk. Common files in /dev include:
* psaux (interface to PS/2 mouse)
* modem (interface to modem hardware)
* ttyS0 (first serial port)
* tty0 (first virtual console).
/etc
Contains configuration files which are local to the machine. Programs store configuration files in this directory and these files are referenced when programs are run. Common files or directories found in /etc include:
* /etc/X11/ (the X Window configuration directory)
* profile (system-wide environment configuration file).
/home
Contains user account directories. Each user created by the system administrator will have a subdirectory under /home with the name of the account. This is the default behaviour of Linux systems. E.g. User account for Anna is created, her home directory will be located in /home/anna. All her personal files will reside in this directory. All participants in this class are using the home directories of their respective user accounts. At Computerbank, /home is served via the network, enabling users to access their home directory from any networked machine.
/lib
Contains shared object library files that are necessary to boot the system as well as containing files required by various programs such as rm and ls. This directory also contains modules (located in /lib/modules) which can be loaded into the kernel. Files of interest in /lib include:
* libm.so (shared object file used for math functions)
* libc.so (C programming library used for all system and library calls).
Module files are located in /lib/modules/`uname -r`/kernel/
/mnt
Used for mounting temporary filesystems. When mounting a CD-ROM for instance, the standard mount point location is /mnt/cdrom. On the Debian GNU/Linux systems at Computerbank, the mount point has been changed to /cdrom.
/lost+found
When the filesystem cannot properly identify files, the respective files are placed in this directory. If data appears to have been lost mysteriously, it is a good idea to check in this direetory (or ask your system administrator to check for you).
/opt
Used for storing random data that has no other logical destination.
/proc
Provides information about running processes and the kernel. A directory is provided for each running process. Useful system information such as the amount of Random Access Memory (RAM) available on the system as well as Central Processing Unit (CPU) speed in Megahertz (MHz) can be found within the /proc directory. The following commands will give you this information:
$ cat /proc/cpuinfo - Display CPU information of system
$ cat /proc/meminfo - Display RAM information as well as swap space capacity and usage.
/root
This is the home directory for the super user (root). This directory is not viewable from user accounts. The /root directory usually contains system administration files.
/sbin
Similar to /bin, this directory contains executable programs needed to boot the system, however the programs within /sbin are executed by the root user. Contains system maintenance programs, examples of which are:
* ifconfig (interface configuration, use this command to add or remove a network interface)
* mkfs (make a filesystem on a partition)
* lilo (boot loader software, tells your Master Boot Record (MBR) where to find your operating system(s). Linux Loader (LILO) stores its working files in /boot.
/tmp
This directory is used for temporary storage space. Files within this directory are often cleaned out either at boot time or by a regular job process. The Debian GNU/Linux operating system cleans up the /tmp directory at boot time. An example for using the /tmp directory in Computerbank would be when downloading the OpenOffice deb packages. By downloading these packages into the /tmp directory, the user can be assured the packages will be wiped off the system next time the machine reboots.
/usr
Used to store applications. When installing an application on a Debian GNU/Linux machine, the typical path to install would be /usr/local. You will notice the directory structure within /usr appears similar to the root directory structure. Some directories located within /usr include:
* /usr/doc - Documentation relating to the installed software programs.
* /usr/bin - Executable programs that are not required for booting or repairing the system.
* /usr/local/src - Source code for locally installed applications.
/var
This directory contains files of variable file storage. Files in /var are dynamic and are constantly being written to or changed. Some directories located within /var include:
* /var/spool - files in the print queue
* /var/log - files containing logging information
* /var/run - files containing the process ID's for each current process.
===============================================
Sunday, February 22, 2009
DDOS Attack
First aid for DDOS attack on port 80
We can use the following steps to recover our server from a DDOS attack on the port 80. To do this you must have logged into the server as a root user.
Step 1 : Install/Configure APF firewall
=============================
a) If there are no firewalls installed on the server please install the same,
you will get the steps and directions from the following site.
http://www.webhostgear.com/61.html
b) Turn on the antidos option (USE_AD) in the APF conf file
# vi /etc/apf/conf.apf
USE_AD = 1
Step 2 : Install/Configure mod_evasive (for Apache 1.3x)
=============================
mod_evasive and mod_dosevasive are the same
a) Install mod_evasive
# wget http://www.zdziarski.com/projects/mo..._1.10.1.tar.gz
# tar -xzvf mod_evasive_1.10.1.tar.gz
# cd mod_evasive
# /usr/local/apache/bin/apxs -i -a -c mod_evasive.c
# /etc/init.d/httpd restart
b) Also include the following lines in the apache conf file
# vi /usr/local/apache/conf/httpd.conf
-------------------------------------------------
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
-------------------------------------------------
c) Restart the webserver
# /etc/init.d/httpd restart
Step 3 : Install mod_security
=============================
Normally we can find/install this module from WHM
WHM >> cPanel >> Addon Modules >> Select "modsecurity " >>save
Step 4 : Blocking IPs
a) Find the IPs those have established a connection with the server
(The following command is the better one to get the IPs, as this will sort the IPs
according to the number of connections).
===========================================================================
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
===========================================================================
b) Block them using IPTABLES
iptables -I INPUT -s 81.134.13.35 -j DROP
service iptables save
service iptables restart
apf -d ip np
c) Block them on APF too
vi /etc/apf/deny_hosts.rules
service apf restart
Step 5 : Optimizing the httpd.conf file
=============================
# vi /usr/local/apache/conf/httpd.conf
Change the bellow options as follows, original values are shown in the
bracket.
MaxKeepAliveRequests 50 (100)
KeepAliveTimeout 60 (30)
Also edit the following options too, according to the situation.
Timeout
KeepAliv
MinSpareServers
MaxSpareServers
MaxClients
=============
Step 6 : Install/Configure 3rd party DDOS prevention tools
=============================
We can also use the most trusting 3rd party script 'DDoS-Deflate' for preventing DDOS attack effectively.
Steps to install this script are as follows.
# wget http://www.inetbase.com/scripts/ddos/install.sh
# sh install.sh
Add the script '/usr/local/ddos/ddos.sh' to cron as follows
# crontab -e
*/5 * * * * /usr/local/ddos/ddos.sh >/dev/null 2>&1
Step 7 : Suspend websites
=============================
Check the bandwidth usage of all the domains and suspend the high bandwidth consuming domains for a while
PERMANENT WAY TO FIX THE DDOS ATTACK
=============================
As we all know the softwares have its own limitations for preventing against DDOS attack, we can follow these steps to cure it permanently.
1. Ask the NOC for attaching Cisco Guard on the server for 24 hours
(Normally this service is free from most NOCs)
2. Attach a hardware firewall for the server
Hope this will help you in such a situation, for more information kindly refer the following URL:
http://forums.cpanel.net/showthread.php?t=66952
kill -9 $(pgrep -u crothers)
We can use the following steps to recover our server from a DDOS attack on the port 80. To do this you must have logged into the server as a root user.
Step 1 : Install/Configure APF firewall
=============================
a) If there are no firewalls installed on the server please install the same,
you will get the steps and directions from the following site.
http://www.webhostgear.com/61.html
b) Turn on the antidos option (USE_AD) in the APF conf file
# vi /etc/apf/conf.apf
USE_AD = 1
Step 2 : Install/Configure mod_evasive (for Apache 1.3x)
=============================
mod_evasive and mod_dosevasive are the same
a) Install mod_evasive
# wget http://www.zdziarski.com/projects/mo..._1.10.1.tar.gz
# tar -xzvf mod_evasive_1.10.1.tar.gz
# cd mod_evasive
# /usr/local/apache/bin/apxs -i -a -c mod_evasive.c
# /etc/init.d/httpd restart
b) Also include the following lines in the apache conf file
# vi /usr/local/apache/conf/httpd.conf
-------------------------------------------------
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
-------------------------------------------------
c) Restart the webserver
# /etc/init.d/httpd restart
Step 3 : Install mod_security
=============================
Normally we can find/install this module from WHM
WHM >> cPanel >> Addon Modules >> Select "modsecurity " >>save
Step 4 : Blocking IPs
a) Find the IPs those have established a connection with the server
(The following command is the better one to get the IPs, as this will sort the IPs
according to the number of connections).
===========================================================================
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
===========================================================================
b) Block them using IPTABLES
iptables -I INPUT -s 81.134.13.35 -j DROP
service iptables save
service iptables restart
apf -d ip np
c) Block them on APF too
vi /etc/apf/deny_hosts.rules
service apf restart
Step 5 : Optimizing the httpd.conf file
=============================
# vi /usr/local/apache/conf/httpd.conf
Change the bellow options as follows, original values are shown in the
bracket.
MaxKeepAliveRequests 50 (100)
KeepAliveTimeout 60 (30)
Also edit the following options too, according to the situation.
Timeout
KeepAliv
MinSpareServers
MaxSpareServers
MaxClients
=============
Step 6 : Install/Configure 3rd party DDOS prevention tools
=============================
We can also use the most trusting 3rd party script 'DDoS-Deflate' for preventing DDOS attack effectively.
Steps to install this script are as follows.
# wget http://www.inetbase.com/scripts/ddos/install.sh
# sh install.sh
Add the script '/usr/local/ddos/ddos.sh' to cron as follows
# crontab -e
*/5 * * * * /usr/local/ddos/ddos.sh >/dev/null 2>&1
Step 7 : Suspend websites
=============================
Check the bandwidth usage of all the domains and suspend the high bandwidth consuming domains for a while
PERMANENT WAY TO FIX THE DDOS ATTACK
=============================
As we all know the softwares have its own limitations for preventing against DDOS attack, we can follow these steps to cure it permanently.
1. Ask the NOC for attaching Cisco Guard on the server for 24 hours
(Normally this service is free from most NOCs)
2. Attach a hardware firewall for the server
Hope this will help you in such a situation, for more information kindly refer the following URL:
http://forums.cpanel.net/showthread.php?t=66952
kill -9 $(pgrep -u crothers)
Basic Commands for Hardware Node(vz-commands)
These are the commands that you can use while working on a Hardware Node.
* To check all the VPS’s hosted on a Node you need the following command: vzlist -a
* To start a VPS: vzctl start VPS_ID
* To Shutdown or Stop a VPS: vzctl stop VPS_ID
* To check the Status of a VPS: vzctl status VPS_ID
* To stop the VPS Forcefully or Quickly: vzctl stop VPS_ID fast
* To enter a Particular VPS: vzctl enter VPS_ID
* To check all the VPS’s hosted on a Node you need the following command: vzlist -a
* To start a VPS: vzctl start VPS_ID
* To Shutdown or Stop a VPS: vzctl stop VPS_ID
* To check the Status of a VPS: vzctl status VPS_ID
* To stop the VPS Forcefully or Quickly: vzctl stop VPS_ID fast
* To enter a Particular VPS: vzctl enter VPS_ID
Fantastico Installation And Troubleshotting
Fantastico Installation And troubleshotting:
================================
Installation of Fantasico.
====================================
To install fantastico run the following commands and then finish install from WHM.
cd /usr/local/cpanel/whostmgr/docroot/cgi
wget -N http://files.betaservant.com/files/free/fantastico_whm_admin.tgz
tar -xzpf fantastico_whm_admin.tgz
rm -rf fantastico_whm_admin.tgz
Now go to WHM, login as root and follow the link
WHM -> Add-Ons -> Fantastico De Luxe WHM Admin
=====================================================
Here are some common errors and fixes :
=====================================================
(1)
****
If you get following error after installation
"You have a buggy version of wget (wget-1.10.2-7.el5). Before proceeding with installation/upgrade, please see the following page for instructions on how to fix: http://www.netenberg.com/forum/index.php?topic=5430.0"
****
You can use the following commands for this purpose.
For 32-bit:
Code:
rpm -qa wget ;
wget ftp://ftp.funet.fi/pub/mirrors/ftp.redhat.com/pub/fedora/linux/core/5/i386/os/Fedora/RPMS/wget-1.10.2-3.2.1.i386.rpm
chattr -ia /usr/bin/wget
rpm -e wget ;
rpm -ivh --force wget-1.10.2-3.2.1.i386.rpm ;
rpm -qa wget ;
For 64-bit:
Code:
rpm -qa wget ;
wget http://download.fedora.redhat.com/pub/fedora/linux/releases/7/Everything/x86_64/os/Fedora/wget-1.10.2-15.fc7.x86_64.rpm ;
chattr -ia /usr/bin/wget
rpm -e wget ;
rpm -ivh --force wget-1.10.2-15.fc7.x86_64.rpm ;
rpm -qa wget ;
================
Fantastico is not installed at the default location
The error was
--
Fantastico is not installed at the default location
/usr/local/cpanel/3rdparty/fantastico. Either move the Fantastico directory
from it's current location to /usr/local/cpanel/3rdparty/fantastico OR
enable ioncube loaders in WHM -> Tweak settings.
--
Enabling ioncube did not fix it for me. Maybe it will for you. After looking I found cpanel now uses /var/cpanel/3rdparty/bin/php NOT /usr/local/cpanel/3rdparty/bin/php
After doing a php info I saw it did not have a php.ini file in the new location. The fix was:
root@server# ] cp /usr/local/cpanel/3rdparty/etc/php.ini /var/cpanel/3rdparty/etc
Other Possible Fixes
You may want to first try enabling ioncube in WHM->Tweak Settings
Second you may want to try to update fantastico with cd /usr/local/cpanel/whostmgr/docroot/cgi/fantastico/scripts/ ; /usr/local/cpanel/3rdparty/bin/php cron.php
Third you may want to rebuild cpanel's php with /scripts/makecpphp
Fourth you may want to try a cpanel update with /scripts/upcp --force
================================
Installation of Fantasico.
====================================
To install fantastico run the following commands and then finish install from WHM.
cd /usr/local/cpanel/whostmgr/docroot/cgi
wget -N http://files.betaservant.com/files/free/fantastico_whm_admin.tgz
tar -xzpf fantastico_whm_admin.tgz
rm -rf fantastico_whm_admin.tgz
Now go to WHM, login as root and follow the link
WHM -> Add-Ons -> Fantastico De Luxe WHM Admin
=====================================================
Here are some common errors and fixes :
=====================================================
(1)
****
If you get following error after installation
"You have a buggy version of wget (wget-1.10.2-7.el5). Before proceeding with installation/upgrade, please see the following page for instructions on how to fix: http://www.netenberg.com/forum/index.php?topic=5430.0"
****
You can use the following commands for this purpose.
For 32-bit:
Code:
rpm -qa wget ;
wget ftp://ftp.funet.fi/pub/mirrors/ftp.redhat.com/pub/fedora/linux/core/5/i386/os/Fedora/RPMS/wget-1.10.2-3.2.1.i386.rpm
chattr -ia /usr/bin/wget
rpm -e wget ;
rpm -ivh --force wget-1.10.2-3.2.1.i386.rpm ;
rpm -qa wget ;
For 64-bit:
Code:
rpm -qa wget ;
wget http://download.fedora.redhat.com/pub/fedora/linux/releases/7/Everything/x86_64/os/Fedora/wget-1.10.2-15.fc7.x86_64.rpm ;
chattr -ia /usr/bin/wget
rpm -e wget ;
rpm -ivh --force wget-1.10.2-15.fc7.x86_64.rpm ;
rpm -qa wget ;
================
Fantastico is not installed at the default location
The error was
--
Fantastico is not installed at the default location
/usr/local/cpanel/3rdparty/fantastico. Either move the Fantastico directory
from it's current location to /usr/local/cpanel/3rdparty/fantastico OR
enable ioncube loaders in WHM -> Tweak settings.
--
Enabling ioncube did not fix it for me. Maybe it will for you. After looking I found cpanel now uses /var/cpanel/3rdparty/bin/php NOT /usr/local/cpanel/3rdparty/bin/php
After doing a php info I saw it did not have a php.ini file in the new location. The fix was:
root@server# ] cp /usr/local/cpanel/3rdparty/etc/php.ini /var/cpanel/3rdparty/etc
Other Possible Fixes
You may want to first try enabling ioncube in WHM->Tweak Settings
Second you may want to try to update fantastico with cd /usr/local/cpanel/whostmgr/docroot/cgi/fantastico/scripts/ ; /usr/local/cpanel/3rdparty/bin/php cron.php
Third you may want to rebuild cpanel's php with /scripts/makecpphp
Fourth you may want to try a cpanel update with /scripts/upcp --force
Cpanel initial setup and hardning
Cpanel initial setup and hardning
From Shell prompt
Applicable : Centos/RedhatEnterprise/FedoraCore
check the hardware
cat /proc/cpuinfo
cat /etc/redhat-release
uname -a
cat /proc/meminfo
==========================
SSH Server Hardening
nano -w /etc/ssh/sshd_config
Uncomment #Protocol 2, 1
Change to Protocol 2
Append these lines to the bottom:
LoginGraceTime 120
IgnoreRhosts yes
X11Forwarding no
/etc/rc.d/init.d/sshd restart
============================
cd /etc
mv /etc/host.conf /etc/host.conf.bak
wget http://www.indiageeks.net/myscripts//host.conf
============================
mv /etc/sysctl.conf /etc/sysctl.conf.bak
cd /etc
wget http://www.indiageeks.net/myscripts/sysctl.conf
/sbin/sysctl -p
sysctl -w net.ipv4.route.flush=1
/sbin/ifconfig eth0 txqueuelen 1000
echo /dev/null > /proc/sys/kernel/core_pattern
=============================
cp /etc/fstab /etc/fstab.bak
First check to see that no /tmp partition is present.
df
If no /tmp partition is present, use this guide:
cd /usr
dd if=/dev/zero of=/usr/tmpMnt bs=1024 count=1000000
mke2fs -j /usr/tmpMnt
cd /
cp -R /tmp /tmp_backup
mount -o loop,noexec,nosuid,rw /usr/tmpMnt /tmp
chmod 0777 /tmp
/bin/cp -R /tmp_backup/* /tmp/
rm -rf /tmp_backup
nano -w /etc/fstab
At the bottom add
/usr/tmpMnt /tmp ext3 loop,noexec,nosuid,rw 0 0
If “df” shows a /usr/tmpDSK partition,
Then leave it!
If a standard /tmp partition is already present,
nano -w /etc/fstab
change “defaults” to loop,noexec,nosuid,rw
mount /tmp
/tmp should always have this: loop,noexec,nosuid,rw
/tmp and /var/tmp should be symlinked on EVERY server.
rm -rf /var/tmp
ln -s /tmp /var/tmp
/dev/shm
nano -w /etc/fstab
in /dev/shm line, change 'defaults' to noexec,nosuid
umount /dev/shm
mount /dev/shm
rm -rf /etc/httpd/proxy
rm -rf /var/spool/vbox
mount -o remount,noexec,nosuid /proc
Modify /etc/fstab, add options “noexec,nosuid” to the /proc line:
none /proc proc defaults,noexec,nosuid 0 0
=====================================
php -i | grep php.ini
disable_functions = dl,passthru,proc_open,proc_close,shell_exec,system
/etc/rc.d/init.d/httpd restart
=========================================
Logwatch
cd /root/
wget http://www.indiageeks.net/myscripts//logwatch-7.3.1-1.noarch.rpm
rpm -Uvh logwatch-7.3.1-1.noarch.rpm
rm -rf /etc/logwatch/conf/logwatch.conf
cd /etc/logwatch/conf
wget http://www.indiageeks.net/myscripts//logwatch.conf
=====================
chmod 750 /usr/bin/GET
chmod 750 /usr/bin/wget
chmod 750 /usr/bin/gcc
chmod 750 /usr/bin/rcp
chmod 750 /usr/bin/lynx
chmod 750 /usr/bin/links
chmod 750 /usr/bin/scp
history -c
=====================
From WHM:
Tweak Settings (Check all these options)
--------------
Allow Creation of Parked/Addon Domains that are not registered
Prevent users from parking/adding on common internet domains
E-mail users when they have reached 80% of bandwidth
Each domain can send out per hour: 500
Pop 3 in hour: 180
Allow Sharing Nameserver IPs
Use Jailshell as default
Set Default catch-all to FAIL
Delete each domain's access logs after stats run
Things to Uncheck
Boxtrapper
** When adding a new domain, if the domain is already registered, ignore the configured nameservers, and set the NS line to the authoritative (registered) ones.
** FormMail-clone cgi
Change:
The load average above the number of cpus at which logs file processing should be suspended (default 0):
To 10
** Number of minutes between mail server queue runs (default is 60).:
To 180
=================================================================================================
Tweak Security
--------------
open_basedir: Enable php open_basedir
Compilers disable
==========================
System Health - Background Process Killer
Check all of them
==========================
Please read carefully and make sure that you are aware of all the commands & settings and their effect.
From Shell prompt
Applicable : Centos/RedhatEnterprise/FedoraCore
check the hardware
cat /proc/cpuinfo
cat /etc/redhat-release
uname -a
cat /proc/meminfo
==========================
SSH Server Hardening
nano -w /etc/ssh/sshd_config
Uncomment #Protocol 2, 1
Change to Protocol 2
Append these lines to the bottom:
LoginGraceTime 120
IgnoreRhosts yes
X11Forwarding no
/etc/rc.d/init.d/sshd restart
============================
cd /etc
mv /etc/host.conf /etc/host.conf.bak
wget http://www.indiageeks.net/myscripts//host.conf
============================
mv /etc/sysctl.conf /etc/sysctl.conf.bak
cd /etc
wget http://www.indiageeks.net/myscripts/sysctl.conf
/sbin/sysctl -p
sysctl -w net.ipv4.route.flush=1
/sbin/ifconfig eth0 txqueuelen 1000
echo /dev/null > /proc/sys/kernel/core_pattern
=============================
cp /etc/fstab /etc/fstab.bak
First check to see that no /tmp partition is present.
df
If no /tmp partition is present, use this guide:
cd /usr
dd if=/dev/zero of=/usr/tmpMnt bs=1024 count=1000000
mke2fs -j /usr/tmpMnt
cd /
cp -R /tmp /tmp_backup
mount -o loop,noexec,nosuid,rw /usr/tmpMnt /tmp
chmod 0777 /tmp
/bin/cp -R /tmp_backup/* /tmp/
rm -rf /tmp_backup
nano -w /etc/fstab
At the bottom add
/usr/tmpMnt /tmp ext3 loop,noexec,nosuid,rw 0 0
If “df” shows a /usr/tmpDSK partition,
Then leave it!
If a standard /tmp partition is already present,
nano -w /etc/fstab
change “defaults” to loop,noexec,nosuid,rw
mount /tmp
/tmp should always have this: loop,noexec,nosuid,rw
/tmp and /var/tmp should be symlinked on EVERY server.
rm -rf /var/tmp
ln -s /tmp /var/tmp
/dev/shm
nano -w /etc/fstab
in /dev/shm line, change 'defaults' to noexec,nosuid
umount /dev/shm
mount /dev/shm
rm -rf /etc/httpd/proxy
rm -rf /var/spool/vbox
mount -o remount,noexec,nosuid /proc
Modify /etc/fstab, add options “noexec,nosuid” to the /proc line:
none /proc proc defaults,noexec,nosuid 0 0
=====================================
php -i | grep php.ini
disable_functions = dl,passthru,proc_open,proc_close,shell_exec,system
/etc/rc.d/init.d/httpd restart
=========================================
Logwatch
cd /root/
wget http://www.indiageeks.net/myscripts//logwatch-7.3.1-1.noarch.rpm
rpm -Uvh logwatch-7.3.1-1.noarch.rpm
rm -rf /etc/logwatch/conf/logwatch.conf
cd /etc/logwatch/conf
wget http://www.indiageeks.net/myscripts//logwatch.conf
=====================
chmod 750 /usr/bin/GET
chmod 750 /usr/bin/wget
chmod 750 /usr/bin/gcc
chmod 750 /usr/bin/rcp
chmod 750 /usr/bin/lynx
chmod 750 /usr/bin/links
chmod 750 /usr/bin/scp
history -c
=====================
From WHM:
Tweak Settings (Check all these options)
--------------
Allow Creation of Parked/Addon Domains that are not registered
Prevent users from parking/adding on common internet domains
E-mail users when they have reached 80% of bandwidth
Each domain can send out per hour: 500
Pop 3 in hour: 180
Allow Sharing Nameserver IPs
Use Jailshell as default
Set Default catch-all to FAIL
Delete each domain's access logs after stats run
Things to Uncheck
Boxtrapper
** When adding a new domain, if the domain is already registered, ignore the configured nameservers, and set the NS line to the authoritative (registered) ones.
** FormMail-clone cgi
Change:
The load average above the number of cpus at which logs file processing should be suspended (default 0):
To 10
** Number of minutes between mail server queue runs (default is 60).:
To 180
=================================================================================================
Tweak Security
--------------
open_basedir: Enable php open_basedir
Compilers disable
==========================
System Health - Background Process Killer
Check all of them
==========================
Please read carefully and make sure that you are aware of all the commands & settings and their effect.
Friday, February 13, 2009
Cpanel Scripts command
Scripts on Cpanel
/scripts/setupfp5 maindomainnameonly.com Installs FrontPage Extentions
( http://faq.cpanel.net/fp )
/scripts/unsetupfp4 maindomainonly.com Unsinstsalls Extentions
( http://faq.cpanel.net/fp )
/scripts/runweblogs username updates stats for user only
/scripts/runlogsnow activates starts cpanellogd process and starts stats stat log
/scripts/updateuserdomains This will determin if there is any conflicting domain names located in the:
/var/cpanel/users folders files.
/scripts/adddns Add a Dns Entry
/scripts/addfpmail Install Frontpage Mail Exts
/scripts/addservlets Add JavaServlets to an account (jsp plugin required)
/scripts/adduser Add a User
/scripts/admin Run WHM Lite
/scripts/apachelimits Add Rlimits (cpu and mem limits) to apache.
/scripts/dnstransfer Resync with a master DNS Server
/scripts/editquota Edit A User’s Quota
/scripts/finddev Search For Trojans in /dev
/scripts/findtrojans Locate Trojan Horses
Suggest Usage
/scripts/findtrojans > /var/log/trojans
/scripts/fixtrojans /var/log/trojans
/scripts/fixcartwithsuexec Make Interchange work with suexec
/scripts/fixinterchange Fix Most Problems with Interchange
/scripts/fixtrojans Run on a trojans horse file created by findtrojans to remove them
/etc/rc.d/init.d/httpd startssl
/scripts/setupfp5 maindomainnameonly.com Installs FrontPage Extentions
( http://faq.cpanel.net/fp )
/scripts/unsetupfp4 maindomainonly.com Unsinstsalls Extentions
( http://faq.cpanel.net/fp )
/scripts/runweblogs username updates stats for user only
/scripts/runlogsnow activates starts cpanellogd process and starts stats stat log
/scripts/updateuserdomains This will determin if there is any conflicting domain names located in the:
/var/cpanel/users folders files.
/scripts/adddns Add a Dns Entry
/scripts/addfpmail Install Frontpage Mail Exts
/scripts/addservlets Add JavaServlets to an account (jsp plugin required)
/scripts/adduser Add a User
/scripts/admin Run WHM Lite
/scripts/apachelimits Add Rlimits (cpu and mem limits) to apache.
/scripts/dnstransfer Resync with a master DNS Server
/scripts/editquota Edit A User’s Quota
/scripts/finddev Search For Trojans in /dev
/scripts/findtrojans Locate Trojan Horses
Suggest Usage
/scripts/findtrojans > /var/log/trojans
/scripts/fixtrojans /var/log/trojans
/scripts/fixcartwithsuexec Make Interchange work with suexec
/scripts/fixinterchange Fix Most Problems with Interchange
/scripts/fixtrojans Run on a trojans horse file created by findtrojans to remove them
/etc/rc.d/init.d/httpd startssl
Friday, February 6, 2009
SugarCRM Installation
Installing Sugar Suite
The process of installing Sugar Suite is as follows:
- Download Sugar Suite files.
- Copy the Sugar Suite files to your web server, check and set the dependencies and requirements.
- Install Sugar Suite with the Sugar Setup Wizard.
- Log into Sugar Suite.
Step 1: Download Sugar Suite Files
Sugar Open Source
Download the latest Sugar Open Source installation package.
- Click on the link to the appropriate Full Installation Package to download the installation file.
- For MS SQL Server support, be sure to download the installation package for Microsoft.
- For past releases, visit the Sugar Open Source Project page.
Sugar Professional and Sugar Enterprise
Visit the SugarCRM Support Portal to download the latest Sugar Professional or Sugar Enterprise installation package.
- To download the commercial editions, you must have a valid subscription to the software.
- Click on the Download Purchased Software Now link .
- If prompted, enter your download key into Download Key field and click Submit.
- Click on the package in the Installer section of the latest release to download the installation file.
Step 2. Copy Sugar Suite Files to the Web Server
After you download Sugar Suite, you need to unzip the files and set permissions.
- Locate your Web root directory on your Web server. This is the directory on your Web server where publicly accessible files are made available by your Web server. Common locations for the Web root includes:
- /var/www/html/ (Linux/Apache)
- C:\Inetpub\wwwroot\ (Windows/IIS)
- C:\Program Files\Apache Group\Apache\htdocs\ (Windows/Apache)
- /Library/Web server/Documents/ (MacOS X/Apache)
- Unzip the Sugar Suite zip file into your Web root. A directory is automatically created within Web root.
- You can rename this directory at any time.
- Set permissions on the Sugar Suite files. The following directories, all subdirectories, and files must be made writable by your Web server user: See the Troubleshooting section below for more details on setting the file permissions.
- cache
- custom
- data
- modules
- config.php
The system user that your Web server uses to access files in your Web root varies depending on your operating system configuration. Common Web server users include:
- apache (Linux/Apache)
- nobody (Linux/Apache)
- IUSR_computerName (Windows/IIS)
If you are unsure of your Web server user, consult your system administrator.
Step 3. Install Sugar Suite
After you copy the Sugar Suite files into your Web root, you can use the Sugar Setup Wizard. The http://
For example: http://localhost/SugarSuite-Full_4.5.0
To install Sugar Suite:
- Launch the browser and enter the URL described above. You are redirected to the Sugar Setup Wizard.
- Click Start to begin.
Note: At any time prior to accepting the Confirm Setting menu, you can modify any of your settings. To modify any settings, click the Back button.
Note: For locales that use a character set other than UTF8 or CP1252, you will have to define an export/import character set under System Settings in Sugar Suite. For more information, see the Sugar Open Source Administration Guide.
The License Acceptance screen displays. - Review the Sugar Public License, check “I Accept”, and click Next.The System Check Acceptance screen displays. Sugar Suite checks for dependencies and system requirements as listed below:
- Your database must be configured to work with PHP.
- The cURL Library must be included in your PHP installation.
- The session_save_path setting defined in your php.ini file. The memory_limit setting value (php.ini file) does not apply to Windows.
If any components are not set correctly or available, its status displays the message in red. Cancel out of the installation and correct the dependency.
- If all these checks pass successfully, the installer displays the Next button.Click Next.
The Database Configuration screen displays. You can also populate the Sugar Suite demo data in this step. If you are installing Sugar Suite with the Sugar Public License (SPL), and if your database server is running on the same machine as your Web server, the host name is typically set to localhost. If you do not have a database name or user name, Sugar Suite allows you to create them at this time. Ensure that the user has administrative privileges.
The following screenshot illustrates the Database Configuration screen that displays for the SPL license. If you are installing with the SugarCRM Community License (S-CL), in the Host Name field, enter the name of the machine where you installed SQL Express.
The following screenshot illustrates the Database Configuration screen that displays for S-CL. - Click Next.
The Site Configuration screen displays. The Site Configuration menu allows you to set options specific to the Sugar installation such as enabling Sugar updates, and setting up advanced site security. The URL setting is your Sugar URL. Normally the default value is used. To customize your session directory, log directory, and application ID, uncheck the advance site security box. A supplemental menu appears below the check box for the advance site security settings. - Set your Sugar Suite URL, administrator password, and other miscellaneous options, and click Next.
The Locale Settings & Language Pack screen displays. - Enter the system-wide default settings for the date, time, name, language, and salutation and click Next.
Note: To change the default language from US English to another language, you must install the appropriate language pack.
The Confirm Settings screens displays all the configurations that you specified. - Check the settings carefully and click Next.
- If you need to change it, click the Back button to navigate to the screen you want.
The Perform Setup screen displays and the installer begins to set up your system. - When the setup is complete, click Next. The Registration screen displays.
To register your application with SugarCRM, click Send Registration. If you choose not to register at this time, click Finish to proceed to the login screen.
Step 4. Log into Sugar Suite
The Sugar Suite login screen displays. You may now log into Sugar with the admin user name and password you provided in the Setup Wizard. After a successful log in, you can configure users and do other administrative tasks. See the Sugar Open Source Administration Guide for more information.
Ports and Services
Ports and Services :
20 FTP (Consider SFTP over SSH as is more secure than FTP)
21 FTP (Consider SFTP over SSH as is more secure than FTP)
22 SSH (Consider switching SSH to a different, non-standard port for security reasons)
25 SMTP (some ISPs block port 25 so that a mail client cannot reach the mail server to
send mail)
26 SMTP (alternate SMTP port option – see notes for port 25)
37 rdate (needed to retrieve date and time information)
43 whois (part of generic DNS features)
53 bind (DNS)
80 http (Apache / Web)
110 POP3 (Email)
113 ident (authentication)
143 IMAP (Email)
443 https (Web / HTTP over SSL)
465 SMTP (TLS/SSL)
873 rsync (remote sync)
993 (IMAP SSL)
995 (POP3 SSL)
2083 cPanel (SSL encrypted)
2087 WHM (SSL encrypted)
2089 Licensing (Must be open to contact license server)
2096 Webmail (Horde, Squirrelmail)
3306 MySQL (MySQL remote connections)
20 FTP (Consider SFTP over SSH as is more secure than FTP)
21 FTP (Consider SFTP over SSH as is more secure than FTP)
22 SSH (Consider switching SSH to a different, non-standard port for security reasons)
25 SMTP (some ISPs block port 25 so that a mail client cannot reach the mail server to
send mail)
26 SMTP (alternate SMTP port option – see notes for port 25)
37 rdate (needed to retrieve date and time information)
43 whois (part of generic DNS features)
53 bind (DNS)
80 http (Apache / Web)
110 POP3 (Email)
113 ident (authentication)
143 IMAP (Email)
443 https (Web / HTTP over SSL)
465 SMTP (TLS/SSL)
873 rsync (remote sync)
993 (IMAP SSL)
995 (POP3 SSL)
2083 cPanel (SSL encrypted)
2087 WHM (SSL encrypted)
2089 Licensing (Must be open to contact license server)
2096 Webmail (Horde, Squirrelmail)
3306 MySQL (MySQL remote connections)
CRELoaded Installation
First, please download the CRELoaded files from CREloaded Projects Downloads and unzip it.
wget http://www.creloaded.com/main/products/shoppingcarts/creloaded/
You should then run the CRELoaded installation script from your domain - the URL you need to access would be
youdomain.com/pathtocatalog/install/index.php.
Please, replace youdomain.com with the domain name you actually have and the '/pathtocatalog' with the name of the folder where CRELoaded is installed. If you have installed CREloaded in your main folder, please, use simply
youdomain.com/install/index.php
During the installation process, please reply to all the questions on the installation script and once you are ready with them, the installation of CRELoaded 6.x will be finished.
In order to access the cart's administration tool, please login to Administration section with:
username: admin@localhost.com
password: Admin
Please, set your own user ID and password in order to protect your administration tools. With the help of the store administration tools -> configuration menu you can determine the store configuration settings. Then you can assign shipping modules, tax zones, payment modules and order total sort order. Well done! Now you have finished the installation process and you can now enjoy your CRE Loaded shopping cart.
That's it!!!
wget http://www.creloaded.com/main/products/shoppingcarts/creloaded/
You should then run the CRELoaded installation script from your domain - the URL you need to access would be
youdomain.com/pathtocatalog/install/index.php.
Please, replace youdomain.com with the domain name you actually have and the '/pathtocatalog' with the name of the folder where CRELoaded is installed. If you have installed CREloaded in your main folder, please, use simply
youdomain.com/install/index.php
During the installation process, please reply to all the questions on the installation script and once you are ready with them, the installation of CRELoaded 6.x will be finished.
In order to access the cart's administration tool, please login to Administration section with:
username: admin@localhost.com
password: Admin
Please, set your own user ID and password in order to protect your administration tools. With the help of the store administration tools -> configuration menu you can determine the store configuration settings. Then you can assign shipping modules, tax zones, payment modules and order total sort order. Well done! Now you have finished the installation process and you can now enjoy your CRE Loaded shopping cart.
That's it!!!
Vtiger Installation
How to install Vtiger CRM
Get a FREE Vtiger installation with SiteGround vTiger hosting Package!
In order to install the Vtiger on a SiteGround hosting account, please follow the instructions bellow:
Pre-installation Steps
Step 1: Database setup:
Please, check our MySQL tutorial, to see how to create MySQL database and user and how to link them together.
Step 2: Upload Files
Now your database is up and ready to be filled in with data. But first you have to upload the Vtiger CRM files to your hosting account. Please, go to http://www.vtiger.com/ and download the latest stable release.
You need to download the LAMP version - it includes only the source code of Vtiger CRM - we have already installed Apache, MySQL and PHP on our servers).
Extract it on your computer - the archive will uncompress to a folder that contains the files of the installation:
vtiger_crm/index.php
vtiger_crm/modules
vtiger_crm/includes/
vtiger_crm/schema/
vtiger_crm/themes/
etc.
Now, please, start your favorite FTP client (learn more about FTP).
You should have already chosen where Vtiger will be installed on your account. If you want it to be your main website application, you should upload the files and folders of the installation directly inside the public_html/ folder (or www/ - they are the same) of your account. In other words, if Vtiger is to be visible at http://YourDomain.com/, the files should be uploaded inside public_html/ folder.
If you want Vtiger installed in a sub-folder, create one inside public_html and upload all the files there. For example, if Vtiger is to be installed at http://www.yourdomain.com/vtigersite/, please, create the public_html/vtigersite directory and upload the files in there, which should produce similar paths:
public_html/vtigersite/index.php
public_html/vtigersite/modules/
piblic_html/vtigersite/cron/
etc.
Have a cup (or two) of nice coffe while the files are being uploaded.
vTiger Installation
Finally, you are ready to proceed with the installation. Please, point your browser to the URL where you have uploaded the files. We will assume Vtiger CRM will be your main website, so type www.yourdomain.com in your browser. The steps of the installation process are very straight forward and well-explained, so we will only discuss the most important ones in detail.
Step 1: The Vtiger installation is beginning. If you wish, you may send the Vtiger developer information about you (email and name), if not - click NEXT.
Step 2: The Vtiger installer is making the checks - if everything is fine, you should see some green text (available, writable, version numbers etc.)
Step 3: Database configuration: This is where you tell Vtiger how to access its database. Some time ago, you should have created an MySQL database and user - please enter the details in the boxes provided.
Do not forget to type in the password of the MySQL user. Remember that it is case-sensitive.
For "Host Name" enter "localhost";
Site configuration: Here you should leave the information as it is - URL: http://www.yourdomain.com/;
Path /home/yourcpaneluser/public_html/;
Path to the Cache folder : cache/;
Admin configuration: username: admin;
password: admin (by default).
Click NEXT.
Step 4: Confirm System Configuration: Please check again the system configuration and click "Change" if you need to change some data or "Also populate with Demo Data" if you wish. Click "Create".
Step 5: Here the Vtiger tells us that the configuration file is written successfully (config.inc.php).
Step 6: The vtiger CRM installer now creates the database tables and populates them with demo data. This may take some time (a minute or two). After completion please click "FINISH".
Step 7: Congratulations! Your vTiger is now up and running. Note your administrator username and password (admin/admin by default).
That's it! Vtiger should now be installed.
Get a FREE Vtiger installation with SiteGround vTiger hosting Package!
In order to install the Vtiger on a SiteGround hosting account, please follow the instructions bellow:
Pre-installation Steps
Step 1: Database setup:
Please, check our MySQL tutorial, to see how to create MySQL database and user and how to link them together.
Step 2: Upload Files
Now your database is up and ready to be filled in with data. But first you have to upload the Vtiger CRM files to your hosting account. Please, go to http://www.vtiger.com/ and download the latest stable release.
You need to download the LAMP version - it includes only the source code of Vtiger CRM - we have already installed Apache, MySQL and PHP on our servers).
Extract it on your computer - the archive will uncompress to a folder that contains the files of the installation:
vtiger_crm/index.php
vtiger_crm/modules
vtiger_crm/includes/
vtiger_crm/schema/
vtiger_crm/themes/
etc.
Now, please, start your favorite FTP client (learn more about FTP).
You should have already chosen where Vtiger will be installed on your account. If you want it to be your main website application, you should upload the files and folders of the installation directly inside the public_html/ folder (or www/ - they are the same) of your account. In other words, if Vtiger is to be visible at http://YourDomain.com/, the files should be uploaded inside public_html/ folder.
If you want Vtiger installed in a sub-folder, create one inside public_html and upload all the files there. For example, if Vtiger is to be installed at http://www.yourdomain.com/vtigersite/, please, create the public_html/vtigersite directory and upload the files in there, which should produce similar paths:
public_html/vtigersite/index.php
public_html/vtigersite/modules/
piblic_html/vtigersite/cron/
etc.
Have a cup (or two) of nice coffe while the files are being uploaded.
vTiger Installation
Finally, you are ready to proceed with the installation. Please, point your browser to the URL where you have uploaded the files. We will assume Vtiger CRM will be your main website, so type www.yourdomain.com in your browser. The steps of the installation process are very straight forward and well-explained, so we will only discuss the most important ones in detail.
Step 1: The Vtiger installation is beginning. If you wish, you may send the Vtiger developer information about you (email and name), if not - click NEXT.
Step 2: The Vtiger installer is making the checks - if everything is fine, you should see some green text (available, writable, version numbers etc.)
Step 3: Database configuration: This is where you tell Vtiger how to access its database. Some time ago, you should have created an MySQL database and user - please enter the details in the boxes provided.
Do not forget to type in the password of the MySQL user. Remember that it is case-sensitive.
For "Host Name" enter "localhost";
Site configuration: Here you should leave the information as it is - URL: http://www.yourdomain.com/;
Path /home/yourcpaneluser/public_html/;
Path to the Cache folder : cache/;
Admin configuration: username: admin;
password: admin (by default).
Click NEXT.
Step 4: Confirm System Configuration: Please check again the system configuration and click "Change" if you need to change some data or "Also populate with Demo Data" if you wish. Click "Create".
Step 5: Here the Vtiger tells us that the configuration file is written successfully (config.inc.php).
Step 6: The vtiger CRM installer now creates the database tables and populates them with demo data. This may take some time (a minute or two). After completion please click "FINISH".
Step 7: Congratulations! Your vTiger is now up and running. Note your administrator username and password (admin/admin by default).
That's it! Vtiger should now be installed.
Thursday, February 5, 2009
Wordpress Installation
Detailed Instructions wordpress installation:
Step 1: Download and Extract
If you have shell access to your web server, and are comfortable using console-based tools, you may wish to download WordPress directly to your web server using wget (or lynx or another console-based web browser) if you want to avoid FTPing:
a) wget http://wordpress.org/latest.tar.gz
b) Then unzip the package using:
tar -xzvf latest.tar.gz
(The WordPress package will extract into a folder called wordpress in the same directory that you downloaded latest.tar.gz.)
Step 2: Create the Database and a User
Create a database for WordPress on your web server, as well as a MySQL user who has all privileges for accessing and modifying it.
step 3 : Rename the wp-config-sample.php file to wp-config.php
mv wp-config-sample.php wp-config.php
step 4 : Open wp-config.php in your favorite text editor and fill in your database details as explained in Editing wp-config.php
Open the renamed wp-config.php file in your favorite text editor and fill in the following information.
DB_NAME : The name of the database you created for WordPress in Step 2 .
DB_USER : The username you created for WordPress in Step 2.
DB_PASSWORD : The password you chose for the WordPress username in Step 2.
DB_HOST : The hostname you determined in Step 2 (usually localhost, but not always. See some possible DB_HOST values).
DB_CHARSET : The database character set, normally should not be changed. See Editing wp-config.php for details.
DB_COLLATE : The database collation should normally be left blank. See Editing wp-config.php for details.
# Save the file.
step 5. Place the WordPress files in the desired location on your web server:
* If you want to integrate WordPress into the root of your domain (e.g. http://example.com/), move or upload all contents of the unzipped WordPress directory (but excluding the directory itself) into the root directory of your web server.
* If you want to have your WordPress installation in its own subdirectory on your web site (e.g. http://example.com/blog/), rename the directory wordpress to the name you'd like the subdirectory to have and move or upload it to your web server. For example if you want the WordPress installation in a subdirectory called "blog", you should rename the directory called "wordpress" to "blog" and upload it to the root directory of your web server.
(Hint: If your FTP transfer is too slow read how to avoid FTPing at : Step 1: Download and Extract. )
step 6. Run the WordPress installation script by accessing wp-admin/install.php in your favorite web browser.
* If you installed WordPress in the root directory, you should visit: http://example.com/wp-admin/install.php
* If you installed WordPress in its own subdirectory called blog, for example, you should visit: http://example.com/blog/wp-admin/install.php
That's it! WordPress should now be installed.
================================================
How to upgrade wordpress:
===============================================
public_html> wget http://wordpress.org/latest.zip
public_html>unzip latest.zip
public_html>chown user.user wordpress -R
public_html>rm -rf wp-admin wp-includes
public_html>cd wordpress
public_html/Wordpress>mv * ../
overwrite all except wp-content
====================================================
Step 1: Download and Extract
If you have shell access to your web server, and are comfortable using console-based tools, you may wish to download WordPress directly to your web server using wget (or lynx or another console-based web browser) if you want to avoid FTPing:
a) wget http://wordpress.org/latest.tar.gz
b) Then unzip the package using:
tar -xzvf latest.tar.gz
(The WordPress package will extract into a folder called wordpress in the same directory that you downloaded latest.tar.gz.)
Step 2: Create the Database and a User
Create a database for WordPress on your web server, as well as a MySQL user who has all privileges for accessing and modifying it.
step 3 : Rename the wp-config-sample.php file to wp-config.php
mv wp-config-sample.php wp-config.php
step 4 : Open wp-config.php in your favorite text editor and fill in your database details as explained in Editing wp-config.php
Open the renamed wp-config.php file in your favorite text editor and fill in the following information.
DB_NAME : The name of the database you created for WordPress in Step 2 .
DB_USER : The username you created for WordPress in Step 2.
DB_PASSWORD : The password you chose for the WordPress username in Step 2.
DB_HOST : The hostname you determined in Step 2 (usually localhost, but not always. See some possible DB_HOST values).
DB_CHARSET : The database character set, normally should not be changed. See Editing wp-config.php for details.
DB_COLLATE : The database collation should normally be left blank. See Editing wp-config.php for details.
# Save the file.
step 5. Place the WordPress files in the desired location on your web server:
* If you want to integrate WordPress into the root of your domain (e.g. http://example.com/), move or upload all contents of the unzipped WordPress directory (but excluding the directory itself) into the root directory of your web server.
* If you want to have your WordPress installation in its own subdirectory on your web site (e.g. http://example.com/blog/), rename the directory wordpress to the name you'd like the subdirectory to have and move or upload it to your web server. For example if you want the WordPress installation in a subdirectory called "blog", you should rename the directory called "wordpress" to "blog" and upload it to the root directory of your web server.
(Hint: If your FTP transfer is too slow read how to avoid FTPing at : Step 1: Download and Extract. )
step 6. Run the WordPress installation script by accessing wp-admin/install.php in your favorite web browser.
* If you installed WordPress in the root directory, you should visit: http://example.com/wp-admin/install.php
* If you installed WordPress in its own subdirectory called blog, for example, you should visit: http://example.com/blog/wp-admin/install.php
That's it! WordPress should now be installed.
================================================
How to upgrade wordpress:
===============================================
public_html> wget http://wordpress.org/latest.zip
public_html>unzip latest.zip
public_html>chown user.user wordpress -R
public_html>rm -rf wp-admin wp-includes
public_html>cd wordpress
public_html/Wordpress>mv * ../
overwrite all except wp-content
====================================================
Subscribe to:
Comments (Atom)