How to block users from accessing your site based on their IP address

How to block users from accessing your site based on their IP address

Blocking users by IP address is pretty simple with .htaccess.
So here it is the example:

Order allow, deny
Deny from 192.168.0.10
Deny from 212.155.
Deny from 1.2.3.4  5.6.7.8 127.0.0.1
Allow from all

Let’s take a look at the code line by line:
The first line “Order allow, deny” tells the web server the “Order” in which the Allow and Deny directive will be evaluated. It simply says: Give access to all hosts that are not present in the Deny from list and are present in the Allow from list. With allow, deny order Allow list is looked up first and then the web server checks the deny from list. So as we have allow from all – all access is allowed. Then the allowed access is filtered based on the Deny lists. With allow,deny access is disabled by default.

If we change the order to “deny, allow” then all access is enabled by default and only users in the deny lists are blocked. However as the deny is being processed first allow directives will override any maching settings set in deny directives.

The default Apache order is deny,allow. So you can skip the first line in your .htaccess file if you do not need to change the order in which the Deny and Allow rules are being evaluated by the web server.

So to keep the .htaccess simple you can just use:

Deny from 192.168.0.10
Deny from 212.155.

Basically you can use such rules in your .htaccess file to block a particular user, or a network from accessing your site.
You can put several IP address in a Deny or Allow rule. For example:

Deny from 1.2.3.4   5.6.7.9

The IP addresses must be separated by a space or tab.

You can put entire networks as

Deny from 212.155.

This will block all users which IP addresses start with 212.155

Or to block all access to your site:

Deny from all

And then add another line to enable access only for yourself:

Allow from 1.2.3.4

Where “1.2.3.4” should be replaced with your computer IP address.

Force SSL/https using .htaccess and mod_rewrite

Sometimes you may need to make sure that the user is browsing your site over securte connection. An easy to way to always redirect the user to secure connection (https://) can be accomplished with a .htaccess file containing the following lines:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

Please, note that the .htaccess should be located in the web site main folder.

In case you wish to force HTTPS for a particular folder you can use:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} somefolder
RewriteRule ^(.*)$ https://www.domain.com/somefolder/$1 [R,L]

Zero database size

When we login to any clients cpanel , it is not showing actual database size , instead it is showing zero. With phpmyadmin we can see correct size but as you login to capnel >> click on database >> and see the size , it will show O mb db size.

sol-

Edit line

disk_usage_include_sqldbs=1 ( you need to set it to '1' if '0' )

in /var/cpanel/cpanel.config

OR

If you are using 11.25 stable, check the following option in Tweak Settings:

"When displaying disk usage in cPanel/WHM include Postgresql and MySQL® disk usage. [Requires MySQL® 5+] (SQL disk usage is only updated every four hours)"

The mysql usage will be updated shortly.

then run:

#/scripts/update_db_cache

Virtuozzo administration.

Commands to monitor load and memory for hardware node -virtuozzo

1) vzlist -o laverage,veid

2) vzlist -o ctid,name,laverage,kmemsize -s laverage

This one gives a good overview of the load and memory usage

this comes back to tells you

123 vpsname.com 12.02/7.76/7.07 21272584

3) vcalc -v (vpsid)

4) vmstat vpsid

5) cat /var/log/messages | grep OOM | grep ve=661 | wc -l

here 661 is your vps id.

If there are number of customers complaining for dead services like ftp, http, named and so on

You need to check through this script and ask them to INCREASE the RAM.

server setup + directadmin

1)First install yum

This is for x86_64 Bit centos -5.3.

http://mirror.centos.org/centos-5/5.3/os/x86_64/CentOS/

rpm --import http://mirror.centos.org/centos-5/5.3/os/x86_64/RPM-GPG-KEY-CentOS-5
rpm -ihv http://mirror.centos.org/centos-5/5.3/os/x86_64/CentOS/python-elementtree-1.2.6-5.x86_64.rpm
rpm -ihv http://mirror.centos.org/centos-5/5.3/os/x86_64/CentOS/python-iniparse-0.2.3-4.el5.noarch.rpm
rpm -ihv http://mirror.centos.org/centos-5/5.3/os/x86_64/CentOS/python-sqlite-1.1.7-1.2.1.x86_64.rpm
rpm -ihv http://mirror.centos.org/centos-5/5.3/os/x86_64/CentOS/m2crypto-0.16-6.el5.3.x86_64.rpm
rpm -ihv http://mirror.centos.org/centos-5/5.3/os/x86_64/CentOS/python-urlgrabber-3.1.0-5.el5.noarch.rpm
rpm -ihv http://mirror.centos.org/centos-5/5.3/os/x86_64/CentOS/sqlite-3.3.6-2.x86_64.rpm
rpm -ivh http://mirror.centos.org/centos-5/5.3/os/x86_64/CentOS/rpm-python-4.4.2.3-9.el5.x86_64.rpm
rpm --nodeps -ihv http://mirror.centos.org/centos-5/5.3/os/x86_64/CentOS/yum-fastestmirror-1.1.16-13.el5.centos.noarch.rpm
rpm -ihv http://mirror.centos.org/centos-5/5.3/os/x86_64/CentOS/libxml2-2.6.26-2.1.2.7.x86_64.rpm

rpm -ihv http://mirror.centos.org/centos-5/5.3/os/x86_64/CentOS/yum-metadata-parser-1.1.2-2.el5.x86_64.rpm
rpm -ihv http://mirror.centos.org/centos-5/5.3/os/x86_64/CentOS/yum-3.2.19-18.el5.centos.noarch.rpm

yum update
-----------------
2) yum install gcc g++ gcc-c++ flex

---------------------
3) wget http://www.directadmin.com/setup.sh
---------
4)chmod 755 setup.sh
-------------

5)[root@server~]# ./setup.sh
*** 64-bit OS ***
*** that being said, this should be a CentOS system. ***
*** We do not support any other OS in 64-bit. ***
*** If this is not CentOS, install a 32-bit OS (i386)***
Please enter your Client ID : xxxxx
Please enter your License ID : yyyyy
Please enter your hostname \(server.domain.com\)
It must be a Fully Qualified Domain Name
Do *not* use a domain you plan on using for the hostname:
eg. don't use domain.com. Use server.domain.com instead.
Do not enter http:// or www

Enter your hostname (FQDN) : host.domain-name
Client ID: xxxxx
License ID: yyyyy
Hostname: host.domain-name
Is this correct? (y,n) : y


Is eth0 your network adaptor with the license IP? (y,n) : n
Enter the name of the ethernet device you wish to use : venet0:0

Is 174.34.162.60 the IP in your license? (y,n) : y
DirectAdmin will now be installed on: Enterprise 5.3
Is this correct? (must match license) (y,n) :y

You now have 2 options for your apache/php setup.

1: customapache: older software. Includes Apache 1.3, php 4 and frontpage.
2: custombuild 1.1: newer software (recommended). Includes any Apache version, php 4, 5, or both in cli and/or suphp. Frontpage not available.
Post any issues with custombuild to the forum: http://www.directadmin.com/forum/forumdisplay.php?f=61

Enter your choice (1 or 2): 2

Would you like the default settings of apache 2.2 and php 5 cli? (y/n): y
-----------------

NOTE: if you are installing directadmin on vps server then

Is eth0 your network adaptor with the license IP? (y,n) : n and put "venet0:0" for name of the ethernet device
other wise enter the opting "yes" for
Is eth0 your network adaptor with the license IP? (y,n) : y
=============================================

htacces: Invalid command 'SecFilterEngine' + 500 Internal server error

We are getting 500 Internal Server Error on the site.

All the file permissions and ownerships are correct.

-----------------

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@the-landscape-design-site.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.

----------------------------------------------------

As I checked the apache error logs, it is showing-

----------------------------------------------------------------------------------------------

[Wed Mar 17 02:25:40 2010] [alert] [client xx.xx.x.xxx] /home/USER/public_html/.htaccess: Invalid command 'SecFilterEngine', perhaps mis-spelled or defined by a module not included in the server configuration, referer: http://www.websitename.com/

---------------------------------------------------------------------------------------------

Fix:

vi /home/USER/public_html/.htaccess

and search for the line containing words "SecFilterEngine" and "SecFilterScanPOST" and make comment for these lines and you can add following 4 lines(without number) proper code to disable mod security for this particular site.

--------------------------------

SecFilterEngine Off

SecFilterScanPOST Off

--------------------------------

save your .htaccess and restart apache on server. Your site should work now.

**********************************************

You can also disable mod security for a domain through virtual entry in httpd.conf.

First you should login to your server via SSH as the ‘root’ user.

You should then use nano or your favorite text editor (ie. pico, vi etc…)

to open the /etc/httpd/conf/httpd.conf (sometimes /usr/local/apache/conf/httpd.conf or /etc/apache2/httpd.conf) file.

Notice: You may have to edit a different file such as

/etc/httpd.conf/conf.d/vhosts.conf if your server is setup to use a separate vhost configuration file.

You should then locate the vhost for the domain in question and paste the following code into the vhost:

--------------------------

SecFilterEngine Off

SecFilterScanPOST Off

-------------------------

Now you just have to save, exit and restart apache. Run service httpd restart or /etc/init.d/httpd restart or whatever script you have to restart Apache.

You can manage most of the main mod_security settings from a .htaccess file, so you can control it down to a per-domain, per-directory and/or per-file basis, switching off individuals rules, added new ones and just turning it off.

*********************

DomainKeys and SPF

If you want to add DomainKeys and SPF for every new account created on Cpanel, then do the following.

----------------------------------------------------------

Add DomainKeys for single user

/usr/local/cpanel/bin/domain_keys_installer username

-----------------------------------------------------------

Add DomainKeys for all CPanel users.

If you wish to add DomainKeys for all Cpanel users on your server, execute following command.

cat /var/cpanel/users | while read a; do
/usr/local/cpanel/bin/domain_keys_installer $a
done

----------------------------------------------------------

Add SPF for single Cpanel accounts.

/usr/local/cpanel/bin/spf_installer username

------------------------------------------------------------

Add SPF for all Cpanel accounts.

If you want to add SPF records for all cpanel accounts exist on your server then use the following command.

cat /var/cpanel/users | while read a; do
/usr/local/cpanel/bin/spf_installer $a
done

--------------------------------------------------------

ADD SPF record while creating new accounts from WHM >>create account option.

vi /scripts/postwwwacct

postwwwacct is a file which execute after wwwacct (used to create account), paste following lines in the file.

*******

#!/usr/bin/perl

my %OPTS = @ARGV;
$ENV{USER} = “$OPTS{’user’}”;

#For domain key
system q(/usr/local/cpanel/bin/domain_keys_installer $USER);

#for spf record
system q(/usr/local/cpanel/bin/spf_installer $USER);

********

save it and restart cpanel service.

And create account from WHM and check DNS once the account is created. You will the SPF record is added automatically.

Mailbox quota shown wrong on cPanel

On your cPanel dedicated server, for an email the mailbox quota is displayed wrong ,
Go through the following steps:

Login to your server as root
cd /home/username/mail/domain.com/emailaccount
rm -rf maildirsize

Now, login to cPanel
Go to email account and change the quota for particular email account.
(Once you change quota, it will recreate file maildirsize automatically)

You can also delete maildirsize file from cpanel > file manager

repquota 100% with high load

The root process repquota is running with high cpu usage .

#ps afuxww | grep -i quota

->
root 10966 0.0 0.0 3276 528 ? D 05:14 0:00 | \_ /usr/sbin/repquota -auv
root 10556 0.0 0.0 3280 644 ? D 05:13 0:00 | \_ quota -v
root 10646 0.0 0.0 2916 644 ? D 05:13 0:00 | \_ quota -v
root 10745 0.0 0.0 1948 644 ? D 05:14 0:00 | \_ quota -v
root 10814 0.0 0.0 3284 640 ? D 05:14 0:00 | \_ quota -v

I have tried to kill repquota process but it is not getting killed.

This issue could be related to a read-only file system or file system corruption.

The following should help to determine if there is a read-only file-system

#touch testfile

If the "touch" command fails to create the files it should display an error, such as indicating there is a read-only file system.

You can reboot the server to resolve this.

If you are constantly facing repquota issue on server you can permanently disable the quotas

Run the command
quotaoff -a
Then remove the entry userquota from fstab, It will help you.

you can make changes in /etc/mtab and /etc/fstab for this.

Then mount it
#mount -a

Apache Optimization

Apache Optimization

1. Make a back up of your httpd.conf with following command
cp /user/local/apache/conf/httpd.conf /user/local/apache/conf/httpd.conf-backup



2. vi /user/local/apache/conf/httpd.conf

3. Make the following changes : ( you’d find these near the start )

Timeout 250
KeepAlive On
MaxKeepAliveRequests 250
KeepAliveTimeout 3
MinSpareServers 5
MaxSpareServers 15
StartServers 5
MaxClients 20
MaxRequestsPerChild 2000
HostnameLookups Off

4. Save and exit editor.

DNS recursive

DNS recursive

For who have recently notice that now DNSreport do verify if your DNS is recursive lookup or not, here is the tip on how to set it up.

open you named.conf and add before options { the follow lines:

acl "trusted" {
xxx.xxx.xxx.xxx;
yyy.yyy.yyy.yyy;
};

where xxx.xxx.xxx.xxx is your ip address same for yyy.yyy.yyy.yyy.
for cpanel users, you can find yours ips in the follow file: /etc/nameserverips

after that, inside the options add after the line "// query-source address * port 53;" the follow:
allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };

also uncomment the line

"// query-source address * port 53;"

to

"query-source address * port 53;" without the (double-quotes).

restart your service.

Verify again your status with DNSreport.

close your open DNS servers

For who have recently notice that now DNSreport do verify if your DNS is recursive lookup or not, here is the tip on how to set it up.

open you named.conf and add before options { the follow lines:

acl "trusted" {
xxx.xxx.xxx.xxx;
yyy.yyy.yyy.yyy;
};

where xxx.xxx.xxx.xxx is your ip address same for yyy.yyy.yyy.yyy.
for cpanel users, you can find yours ips in the follow file: /etc/nameserverips

after that, inside the options add after the line "// query-source address * port 53;" the follow:
allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };

also uncomment the line "// query-source address * port 53;" "to query-source address * port 53;" with out the " (double-quotes).

restart your service.

Verify again your status with DNSreport.

Observation: you can also set up a version line it should be like:
version "Oh come on why do you want to know witch version my DNS server is ?";

this line can be add iside your named.conf

close your open DNS servers

Howto: Check and close your open DNS servers

I just noticed www.dnsreport.com seems to have new check: it checks for open DNS server. This is how you check:

1) Go to http://www.dnsreport.com/tools/dnsreport.ch?domain=yourdoamin.com
2) Check for BIG RED "FAIL" (7th box, going down from up) saying "Open DNS servers".

If you see the message, you can correct it the following way:

1) login to your server as root
2) nano -w /etc/named.conf (if you are running Bind)
3) Look for // query-source address * port 53; and right below write the following line:

recursion no;

4) Save and exit, restart Bind by typing service named restart
5) Check DNSReport.com to make sure it went right. You should not see the error message anymore.

If you run something else than Bind then please check http://www.dnsreport.com/info/opendns.htm for instructions.

recursion restrictions for named.conf

Check /etc/named.conf for recursion restrictions
I'm getting this warning from check server security option in csf :

You have a local DNS server running but do not have any recursion restrictions set in /etc/named.conf. This is a security and performance risk and you should look at restricting recursive lookups to the local IP addresses only
--
solution:
Make backup copy of named.conf
#cp /etc/named.conf /etc/named.conf-backup

#vi /etc/named.conf

The top of your named.conf should look something like:
-------------------------------------------------------------------
include "/etc/namedb/rndc.key";

controls {
inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};

acl "trusted" {
127.0.0.1;
};

options {
pid-file "/var/run/named/named.pid";
directory "/etc/namedb";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
version "BIND";
allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };
forwarders { 127.0.0.1; };
};
------------------------------

If you don't have the lines in bold, add them to your named.conf (make a backup first!) and restart BIND. You can also add additional IP addresses if you have other servers in the DNS cluster.

Restart bind.

Mysql optimization

=========================================
[mysqld]
set-variable = max_connections=500
safe-show-database
local-infile=0
===========================================
[mysqld]
max_connections = 500
key_buffer = 32M
myisam_sort_buffer_size = 32M
join_buffer_size = 1M
read_buffer_size = 1M
sort_buffer_size = 2M
table_cache = 4000
thread_cache_size = 286
interactive_timeout = 25
wait_timeout = 7000
connect_timeout = 10
max_allowed_packet = 16M
max_connect_errors = 10
query_cache_limit = 4M
query_cache_size = 12M
query_cache_type = 1
tmp_table_size = 16M
skip-innodb

[mysqldump]
quick
max_allowed_packet = 16M
[myisamchk]
key_buffer = 64M
sort_buffer = 64M
read_buffer = 16M
write_buffer = 16M

[mysqlhotcopy]
interactive-timeout

Script Configuration Files

Location of Script Configuration Files

Config file locations.

4Images Gallery	/config.php
B2 Evolution	/conf/_basic_config.php
Boonex Dolphin	/inc/header.inc.php
Coppermine Photo Gallery	/include/config.inc.php
Cube Cart	/includes/global.inc.php
dotProject	/includes/config.php
Drupal	/sites/default/settings.php
FAQMasterFlex	/faq_config.php
Gallery	/config.php
Geeklog	/db-config.php /siteconfig.php /lib-common.php
Joomla	/configuration.php
Mambo	/configuration.php
Moodle	/config.php
Noahs Classifieds	/app/config.php
Nucleus	/config.php
osCommerce	/includes/configure.php /admin/includes/configure.php
PHP-Nuke	/config.php
phpBB	/config.php
phpFormGenerator	(only if you have saved form input to a database) /forms/admin/config.inc.php
PHPlist	/config/config.php
phpWCMS	/include/inc_conf/conf.inc.php
phpWebSite	/conf/config.php
PhpWiki	/admin.php /lib/config.php
Post-Nuke	/config.php
Siteframe	/config.php
SMF	/Settings.php
Soholaunch	/sohoadmin/config/isp.conf.php
TYPO3	/typo3conf/localconf.php
vBulletin	/includes/config.php
WebCalendar	/includes/settings.php
WordPress	/wp-config.php
Xoops	/mainfile.php
Zen Cart	/includes/configure.php /admin/includes/configure.php

These paths are relative to the root of the script, not the account nor domain. So if it's a vBulletin forum, under /home/username/www/forum/, the configuration file would be in /home/username/www/forum/includes/config.php

Alternative PHP Cache [APC]

How to install Alternative PHP Cache [APC] on a Linux VPS/Dedicated server !

APC is a free, open, and robust framework for caching and optimizing PHP intermediate code. Here are the most simple steps :

# Login to the server as root

# Download APC
wget http://pecl.php.net/package/APC
eg : wget http://pecl.php.net/get/APC-3.0.15.tgz

# Extract it and move into the directory
tar -xzf APC-3.0.15.tgz
cd APC*

# Locate where php is
which php
This should return something like: /usr/local/bin/php Remember the location of php.

# Create configuration files
phpize

# Compile APC

./configure --enable-apc --enable-apc-mmap --with-apxs --with-php-config=/usr/local/bin/php-config
make
make install

# Install APC into php.ini

You will have to first locate php.ini using the following command

php -i | grep php.ini

This will usually return /usr/local/Zend/etc/php.ini on a server that has Zend optimizer installed. Now edit php.ini and add the APC extension.

vi /usr/local/Zend/etc/php.ini

Scroll down to the bottom and add the fallowing before the lines about the zend optimizer (They start with [Zend])

extension=”/apc_location/apc.so”


# Restart Apache

# Restart Apache

SOA parameters for a DNS server

To set the SOA parameters for a DNS server, perform the following steps:

1. Set the following parameters

1. Set the following parameters

Parameter Name	Description	Notes
E-mail	the mailbox of the person responsible for this DNS server.
TTL	"time-to-live": the time, in seconds, this DNS server caches (keeps) a piece of information received from your server before it asks your server again.	If you set the value too low, your server will get loaded down with too many repeat requests. If you set it too high, the information you change will not get distributed in a reasonable amount of time. By default, 86400 seconds (1 day) is set. The solution is as follows: If particular information is not expected to change in the near future, one can have a high TTL (anywhere between a day (86400 seconds) and a week (604800 seconds) If information is known to change soon, it can be transmitted with a low TTL (an hour to a day). It is standard practice to reduce the TTL transmitted with information that is scheduled to change in order to make that change visible rapidly throughout the Internet; once the change has happened, the TTL is increased again.
Refresh	the time interval, in seconds, before which the zones need to be updated.	By default, 10800 (3 hours) is set. A good value here would be 3600 (1 hour).
Retry	the time interval, in seconds, after which the next attemp of refresh should be taken, after a refresh failure.	By default, 3600 (1 hour) is set. A good value here would be 600 (10 minutes).
Expire	the upper limit, in seconds, on the time interval that can elapse before the zones are no longer authoritative	By default, 604800 (7 days) is set. A nice value here would be 3600000 (42 days).
Minimum TTL	the minimum number of seconds to be used for TTL value in RRs.	By default, 86400 (1 day) is set, which is a good value.

Virtuozzo Configuration Files

Matrix of Virtuozzo Configuration Files

There are a number of files responsible for the Virtuozzo system configuration. Most of the files are located in the /etc directory on the Hardware Node. However, some configuration files are stored in the /etc directory inside the Service Container, on the Backup Node, inside a Container, or on a dedicated server. In case a configuration file is located in a place other than the Hardware Node, we point clearly the exact position (the Service Container, etc.) where it can be found.

A list of configuration files is presented in the table below:

/etc/vz/vz.conf	The Virtuozzo global configuration file. This file keeps system-wide settings, affecting Container and Virtuozzo template default location, global network settings and so on.
/etc/vz/conf/<CT_ID>.conf	The private configuration file owned by a Container numbered <CT_ID>. The file keeps Container specific settings – its resource management parameters, location of private area, IP address and so on.
/etc/vz/conf/ve-<name>.conf.sample	Sample files, containing a number of default Container configurations, which may be used as a reference for Container creation. The following samples are shipped with Virtuozzo: basic, cpanel, confixx, slm.plesk, slm.256MB, slm.512MB, slm.1024MB, slm.2048MB. You may also create your new samples customized for your own needs.
/etc/vz/conf/dists/<distribution_name>.conf	The configuration files used to determine what scripts are to be run on performing some operations in the Container context (e.g. on adding a new IP address to the Container). These scripts are different from Virtuozzo action scripts and depend on the Linux version the given Container is running.
/etc/sysconfig/vzsve	The configuration file used for the Service Container creation by vzsveinstall.
/etc/sysconfig/vzagent/<file>	Parallels Agent configuration files.
/etc/vz/conf/networks_classes	The definition of network classes, used by traffic shaping and bandwidth management in Virtuozzo.
/etc/sysconfig/vzup2date/vzup2date.conf	This file specifies the default connection parameters for the vzup2date utility.
/<path>/<name>.conf	This configuration file specifies the default connection parameters for the vzup2date-mirror utility. It should be located on the computer where you are planning to run vzup2date-mirror.
/etc/cron.d/vereboot	The configuration file for the cron daemon. Using this file, Virtuozzo emulates the "reboot" command working inside a Container.
/etc/vzvpn/vzvpn.conf	The configuration file used to define the parameters for establishing a private secure channel to the Parallels support team server.
/etc/vzreport.conf	The configuration file used to define the parameters for sending your problem report to the Parallels support team.
/etc/sysctl.conf	Kernel parameters. Virtuozzo adjusts a number of kernel sysctl parameters, and modifies the default /etc/sysctl.conf file.
/etc/vzredirect.d/*.conf	These files define the offline management modes for controlling Containers by Container administrators.
/etc/vzlmond.conf	This configuration file defines the parameters used by the vzlmond daemon to collect information on the main Hardware Node resources consumption.
/etc/vzstat.conf	The file lists the warning and/or error levels for a number of resource control parameters. If a parameter hits the warning or error value, the vzstat utility will display this parameter in yellow or red.
/etc/vzstatrep.conf	This configuration file is located on the Monitor Node and used by the vzstatrep utility when generating statistic reports and graphics on the Hardware Node resource consumption and sending these reports to the Node administrator.
/etc/vzbackup.conf	The global configuration file residing on the Backup Node and determining the global Container backup settings.
/etc/vz/pkgproxy/rhn.conf	The Red Hat Network (RHN) Proxy Server configuration file used by the vzrhnproxy utility when setting up the RHN Proxy Server. This file can be located on any computer where the vzrhnproxy package is installed.
/etc/vzpkgpoxy/vzpkgproxy.conf	This configuration file is used by the vzpkgproxy utility when creating special caching proxy servers for OS and application EZ templates. The file can be located on any computer where the vzpkgproxy package is installed.
/etc/vztt/vztt.conf	This configuration file is used by the vzpkg utility when managing OS and application EZ templates.

Install XCache

XCache is a fast, stable PHP opcode cacher that has been tested and is now running on production servers under high load. It is tested (on linux) and supported on all of the latest PHP. It optimizes performance by removing the compilation time of PHP scripts by caching the compiled state of PHP scripts into the shm (RAM) and uses the compiled version straight from the RAM. This will increase the rate of page generation time by up to 5 times as it also optimizes many other aspects of php scripts and reduce server load.

To install follow the steps

1. Download and extract the source for XCache .

# cd /usr/local/src/
# wget http://xcache.lighttpd.net/pub/Releases/1.2.2/xcache-1.2.2.tar.gz
# tar -xzvf xcache-1.2.2.tar.gz

2. Build, configure and install the XCache module.
# cd xcache-1.2.2
# phpize
# ./configure --enable-xcache
# make && make install

You can see a message like this . Note the extension directory.

=============
Build complete.
Don’t forget to run ‘make test’.

Installing shared extensions: /usr/local/lib/php/extensions/no-debug-non-zts-20060613/
==============

3. Now configure the php.ini file ( To find .ini file, use the command `php -i | grep php.ini` )

# cat xcache.ini >> /usr/local/lib/php.ini

Replace the following line in php.ini with correct path ,which describes the Installed shared extensions that we noted above.

zend_extension = /usr/local/lib/php/extensions/non-debug-non-zts-xxx/xcache.so

It will become like this,

zend_extension = /usr/local/lib/php/extensions/no-debug-non-zts-20060613/xcache.so

4. Restart apache and confirm the Xcache installation.
# /etc/init.d/httpd restart

# php -v

it will show you as
-----------
php -v
PHP 5.2.8 (cli) (built: Feb 16 2009 05:42:38)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies
with XCache v1.2.2, Copyright (c) 2005-2007, by mOo
--------

htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable

How to solve “.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable”

My error log shows:-
[sat Jan 13 01:15:32 2009] [crit] [client 218.208.xxx.xxx] (13)Permission denied: /home/mydomain/public_html/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable

And the site is showing “403 Forbidden Error”.
At first, I suspect it’s .htaccess problem, but actually it’s caused by Frontpage Extension.

To solve “.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable” follow the steps below:-

* Login into your CPanel account
* Click on “Frontpage Extensions” icon
* Click on “Reinstall extensions” button beside your problem domain.
*If you do not use any frontpage extensions, it’s good to uninstall this extension
* Done. The “.htaccess pcfg_openfile: unable to check htaccess file” problem has been fixed.

Reverse DNS: how to check it?

Check RDNS using NSLOOKUP command ,HOST (on linux server ) command or centralops.net.

NSLOOKUP
--------------
1)You can check RDNS is setup or not from command prompt using nslookup command
Server which has RDNS set-

C:\>nslookup 10.11.12.13

Server: vnsc-pri.sys.gtei.net
Address: 4.2.2.1
Name: host.myhostname.com
Address: 10.11.12.13

Here if "Name" is your "hostname" then RDNS is setup for this server.


If RDNS is not setup you will see the "datacenter name " in front of "Name" as below.
C:\>nslookup 11.12.13.14
Server: vnsc-pri.sys.gtei.net
Address: 14.13.12.11
Name: bc.d3.7bae.static.theplaneet.com
Address: 11.12.13.14

Here "Name" is not your hostname, thus rdns is not set up for this server.


Using HOST command (on linux server)
-----------------------------------------------
1)on server
root@shell [~]# host 10.11.12.13
output-
13.12.11.10.in-addr.arpa domain name pointer host.myhostname.com.
=> If output line is ended with hostname, then rdns is setup for this.

2)on linux server -
root@shell [~]# host 1.2.3.4
output-
4.3.2.1.in-addr.arpa domain name pointer bc.d3.7bae.static.theplanet.com.
=> output line is not ended with hostname, thus rdns is not set for this .


Use centralops.net
---------------------------------------
browse http://centralops.net
1) open browser http://centralops.net/co/ >> Domain Dossier
put ip in it and see dns report
canonical name should be your hostname
and in dns report

13.12.11.10.in-addr.arpa IN PTR host.myhostname.com

ptr line should contain hostname.


3) open browser http://centralops.net/co/ >> Domain Dossier
put ip in it and see dns report
canonical name should be your hostname
and in dns report

"4.3.2.1.in-addr.arpa IN PTR ba.d3.7bae.static.theplanet.com"

ptr line does not contain hostname, thus no rdns set for this.

Installing cPanel/WHM

cpanel can offer 15-day test licenses for no cost.


Installing cPanel/WHM

To begin your installation, use the following commands:

1. cd /home — Opens the directory /home.
2. wget -N http://layer1.cpanel.net/latest — Fetches the latest installation file from the cPanel servers.
3. sh latest — Opens and runs the installation files.



4.(If you have purchased license for cpanel)
/usr/local/cpanel/cpkeyclt — Activates your license after installation.

5. Login to WHM and proceed with the intial WHM Setup.


Obtaining a cPanel/WHM License:

If you do not have a license for cPanel/WHM, you will need to obtain one for your IP address. You can obtain a license at http://www.cpanel.net/store.

create VPS container

Create VPS container on hardware node using virtuozzo control panel.

1. Log in to https://ip:4643/vz/cp
2. Click on >> Containers >>New Container
3. Number of Containers to create* 1
4. Hardware Node Selection - Click on radio button against - Select Hardware Node Manually
5. Click on NEXT
6. General Configuration >>

Name* = Domain name (domain.com)
Description = root
Select Container Sample = Select 256, 512, 1024 MB ram as per vps order
OS Template/Version* = will be selected automatically once you have selected the ram in the above step.

Administrative Password = Type Password ..Retype the password

Click on NEXT

Global Network

Hostname = hots.domain.com
DNS Server IP Address 4.2.2.1 .. Click on the PLUS ICON (+) and enter 4.2.2.2 in the second DNS Server IP Address box

Routed Network

IP Address >> Keep it on auto .. Click on PLUS ICON (+) two times as we need to give 3 ips.


Click on NEXT

CPU Parameters

diskspace Soft Limit 20,40,60 GB Hard Limit 21, 41, 61
diskinodes Soft Limit 200000, 300000, 400000 Hard Limit 220000, 320000, 420000 ( as per requirements)
quotaugidlimit - Enable by clicking on the check box against it. Set value 250, 350, 500 (as per VPS configuration)
quotatime - 60 seconds
ioprio - 4

Memory Parameters

slmmemorylimit - Soft Limit 256,512,1024 MB (as per requirement) Hard Limit 256,512,1024 MB

Click oN NEXT

Available Applications(81) - Click on the check box against [devel] . Add it to Scheduled for Installation by clicking on >>


After selecting devel, click on check box against Scheduled for Installation(1)

Click on NEXT

Please review the new Container configuration. ( MAKE SURE TO CHECK EVERYTHING)

FINALLY CLICK ON CREATE

Once the vps is created log into shell. Now you have to install yum and control panel on the server.

find command:

find command:

Find man page

Form of command: find path operators

Examples:

* Search and list all files from current directory and down for the string ABC:
find ./ -name "*" -exec grep -H ABC {} \;
find ./ -type f -print | xargs grep -H "ABC" /dev/null
egrep -r ABC *

* Find all files of a given type from current directory on down:
find ./ -name "*.conf" -print

* Find all user files larger than 5Mb:
find /home -size +5000000c -print

* Find all files owned by a user (defined by user id number. see /etc/passwd) on the system: (could take a very long time)
find / -user 501 -print

* Find all files created or updated in the last five minutes: (Great for finding effects of make install)
find / -cmin -5

* Find all users in group 20 and change them to group 102: (execute as root)
find / -group 20 -exec chown :102 {} \;

* Find all suid and setgid executables:
find / \( -perm -4000 -o -perm -2000 \) -type f -exec ls -ldb {} \;
find / -type f -perm +6000 -ls

Note: suid executable binaries are programs which switch to root privileges to perform their tasks. These are created by applying a "sticky" bit: chmod +s. These programs should be watched as they are often the first point of entry for hackers. Thus it is prudent to run this command and remove the "sticky" bits from executables which either won't be used or are not required by users. chmod -s filename

* Find all world writable directories:
find / -perm -0002 -type d -print

* Find all world writable files:
find / -perm -0002 -type f -print
find / -perm -2 ! -type l -ls

* Find files with no user:
find / -nouser -o -nogroup -print

* Find files modified in the last two days:
find / -mtime 2 -o -ctime 2

* Compare two drives to see if all files are identical:
find / -path /proc -prune -o -path /new-disk -prune -o -xtype f -exec cmp {} /new-disk{} \;

Partial list of find directives:

Directive	Description
-name	Find files whose name matches given pattern
-print	Display path of matching files
-user	Searches for files belonging to a specific user
-exec command {} \;	Execute Unix/Linux command for each matching file.
-atime (+t,-t,t)	Find files accessed more that +t days ago, less than -t or precisely t days ago.
-ctime (+t,-t,t)	Find files changed ...
-perm	Find files set with specified permissions.
-type	Locate files of a specified type: c: character device files b: blocked device d: directories p: pipes l: symbolic links s: sockets f: regular files
-size n	Find file size is larger than "n" 512-byte blocks (default) or specify a different measurement by using the specified letter following "n": nb: bytes nc: bytes nk: kilobytes nw: 2-byte words

Installing FFMpeg on cpanel server.

Installing FFMpeg

1)yum install ffmpeg ffmpeg-devel

If you get package not found, then you will need to add few lines in the yum repository for dag packages installation. Create a file named dag.repo in /etc/yum.repos.d with the following contents on it

[dag]
name=Dag RPM Repository for Red Hat Enterprise Linux

baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag
gpgcheck=0
enabled=1

then

yum install ffmpeg ffmpeg-devel

If everything is fine, then the installation should proceed smoothly

2)To check the FFmpeg working:

Finally, check the ffmpeg whether it is working or not.

> ffmpeg
> ffmpeg -formats
> ffmpeg --help
// This lists path of mpeg, its modules and other path information


ffmpeg -i Input.file Output.file

****Install FFMPEG-PHP Extension*****
FFmpeg-php is a very good extension and wrapper for PHP which can pull useful information about video through API interface. Inorder to install it you will need to download the source file and then compile and install extension in your server. You can download the source tarball : http://ffmpeg-php.sourceforge.net/

wget /path/to/this/file/ffmpeg-php-0.5.2.1.tbz2

tar -xjf ffmpeg-0.5.2.1.tbz2

phpize

./configure
make
make install

****Editing PHP.INI

Once you have done that without any problems then you will see the php extension file /usr/local/lib/php/extensions/no-debug-non-zts-20060613/ffmpeg.so and you will need mention that extension in php.ini file

nano /usr/local/lib/php.ini

Put the below two lines at the end of the php.ini file

[ffmpeg]
extension=ffmpeg.so

Then restart the server service httpd restart

****To check whether ffmpeg enabled with php, point your browser to test.php file. It should show the confirmation of installed ffmpeg php extension

// #test.php