How do I change the IP that is used for any outgoing connection from my server in plesk ?


Default IP for an outgoing connections can be set using ‘ip’ utility.

First of all check how routing is configured on the server:

You can check this by following command :-

# /sbin/ip route
192.168.50.0/24 dev eth1 proto kernel scope link src 192.168.50.53
169.254.0.0/16 dev eth1 scope link
default via 192.168.50.254 dev eth1

If no ‘src’ listed in ‘ip’ output for default route, then main IP on the interface is used for an outgoing connections. You can change it using:

# /sbin/ip route change default via 192.168.50.254 dev eth1 src 192.168.50.100

Now:

/sbin/ip route
192.168.50.0/24 dev eth1 proto kernel scope link src 192.168.50.53
169.254.0.0/16 dev eth1 scope link
default via 192.168.50.254 dev eth1 src 192.168.50.100

Note: be careful, if you set wrong IP as source you lose link to the server.

OR 

 

If primary mail server ip address is  blocked in any spam checker sites ( eg BARRACUDA,SORBS-SPAM etc)  then there is only one solution, that is change the mail server ip address on the server.

You can easily change the mail server ip address in cpanel by using /etc/mailips file. The same as in PLESK you can also change the outgoing mail server ip address by using :-

[root@server] # /var/qmail/control/smtproutes .
1) first check the domain name which is hosted on the server by using following file

[root@server] # cat /var/qmail/control/rcpthosts
domain1.com
domain2.com
domain3.com
domain4.com
domain5.com

2) By default the “/var/qmail/control/smtproutes” file  is not present on PLESK server, you need to create it.

vi /var/qmail/control/smtproutes

3) Then add the new ip address in the following format.

domain1.com:192.168.0.2  ( Replace 192.168.0.2  with your IP and domain1.com with your domain)
domain2.com:192.168.0.2

4) Save the file and restart qmail

[root@server] # /etc/init.d/qmail restart

 

 

 

Installation & Configuration maldet (Linux Malware Detect – LMD)


Installation & Configuration maldet (Linux Malware Detect – LMD)

There is nothing special to installing LMD, download the package and run the enclosed install.sh script:

=======================================================================
CODE
root@server[~]# wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
2010-05-15 23:34:05 (148 MB/s) – `maldetect-current.tar.gz’ saved [268031/268031]

root@server[~]# tar xfz maldetect-current.tar.gz
root@server[~]# cd maldetect-*
root@server[~]# ./install.sh
Linux Malware Detect v1.3.4
(C) 1999-2010, R-fx Networks <proj@r-fx.org>
(C) 2010, Ryan MacDonald <ryan@r-fx.org>
inotifywait (C) 2007, Rohan McGovern <rohan@mcgovern.id.au>
This program may be freely redistributed under the terms of the GNU GPL

installation completed to /usr/local/maldetect
config file: /usr/local/maldetect/conf.maldet
exec file: /usr/local/maldetect/maldet
exec link: /usr/local/sbin/maldet
cron.daily: /etc/cron.daily/maldet

maldet(32517): {sigup} performing signature update check…
maldet(32517): {sigup} local signature set is version 2010051510029
maldet(32517): {sigup} latest signature set already installed
=======================================================================

Now that LMD is installed, you need to open the configuration file located at /usr/local/maldetect/conf.maldet (with your favorite editor ie vi,nano etc ). The configuration file is fully commented so you should be able to make out most options but lets take a moment to review the more important ones anyways.
email_alert
This is a top level toggle for the e-mail alert system, this must be turned on if you want to receive alerts.

email_addr
This is a comma spaced list of e-mail addresses that should receive alerts.

quar_hits
This tells LMD that it should move malware content into the quarantine path and strip it of all permissions. Files are fully restorable to original path, owner and permission using the –restore FILE option.

quar_clean
This tells LMD that it should try to clean malware that it has cleaner rules for, at the moment base64_decode and gzinflate file injection strings can be cleaned. Files that are cleaned are automatically restored to original path, owner and permission.

quar_susp
Using this option allows LMD to suspend a user account that malware is found residing under. On CPanel systems this will pass the user to /scripts/suspendacct and add a comment with the maldet report command to the report that caused the users suspension (e.g: maldet –report SCANID). On non-cpanel systems, the users shell will be set to /bin/false.

quar_susp_minuid
This is the minimum user id that will be evaluated for suspension, the default should be fine on most systems.

The rest of the options in conf.maldet can be left as defaults unless you clearly understand what they do and how they may influence scan results and performance.

Usage & Manual Scans
The usage of LMD is very simple and there is a detailed –help output that provides common usage examples, I strongly recommend you check the –help output and spend a few minutes reviewing it.

The first thing most users are looking to do when they get LMD installed is to scan a certain path or series of paths. An important note is that LMD uses the ‘?’ character for wildcards instead of the ‘*’ char. In the below examples I will be using the long form flags but they are interchangeable with the short form flags (i.e: –scan-recent vs. -r).

If we wanted to scan all user public_html paths under /home*/ this can be done with:

root@server[~]# maldet –scan-all /home?/?/public_html

If you wanted to scan the same path but scope it to content that has been created/modified in the last 5 days you would run:
root@server[~]# maldet –scan-recent /home?/?/public_html 5
If you performed a scan but forget to turn on the quarantine option, you could quarantine all malware results from a previous scan with:

root@server[~]# maldet –quarantine SCANID

Similarly to the above, if you wanted to attempt a clean on all malware results from a previous scan that did not have the feature enabled, you would do so with:

root@server[~]# maldet –clean SCANID

If you had a file that was quarantined from a false positive or that you simply want to restore (i.e: you manually cleaned it), you can use the following:

root@server[~]# maldet –restore config.php.2384
root@server[~]# maldet –restore /usr/local/maldetect/quarantine/config.php.2384

Once again, I encourage you to fully review the –help output for details on all options and the README file for more details on how LMD operates.

You can also do the Daily scan by seetting the cron :-

Daily Scans
The cronjob installed by LMD is located at /etc/cron.daily/maldet and is used to perform a daily update of signatures, keep the session, temp and quarantine data to no more than 14d old and run a daily scan of recent file system changes.

The daily scan supports Ensim virtual roots or standard Linux /home*/user paths, such as Cpanel. The default is to just scan the web roots daily, which breaks down as /home*/*/public_html or on Ensim /home/virtual/*/fst/var/www/html and /home/virtual/*/fst/home/*/public_html.

 

Path to various log files in Plesk


Path to various log files in Plesk

Following is the list of path to different log files on a Plesk server.

Plesk Installation Logs:

root@server #/tmp/autoinstaller3.log

Plesk Upgrade Logs including other applications:

root@server #/tmp/psa-<app-name>…log

Plesk Access and Error Logs:

root@server #/usr/local/psa/admin/logs/httpsd_access_log
    root@server #/var/log/sw-cp-server/error_log

Plesk Migration Logs:

root@server #/usr/local/psa/PMM/logs/migration.log

WatchDog Logs on Plesk:

root@server #/usr/local/psa/var/modules/watchdog/log/monit.log

Apache Web Server Logs on Plesk:

root@server #/var/log/httpd/access_log
    root@server #/var/log/httpd/error_log

Apache Suexec Logs on Plesk:

root@server # /var/log/httpd/suexec_log

Access and Error Logs of a Website (account):

root@server #/var/www/vhosts/domain.tld/statistics/logs/access_log
    root@server #/var/www/vhosts/domain.tld/statistics/logs/error_log

Mysql Logs on Plesk:

root@server # /var/lib/mysql/server.hostname.err  (unless defined in /etc/my.cnf)

Named (Bind) Logs on Plesk:

root@server # /var/log/messages

Mail (Qmail and Postfix) Logs on Plesk:

root@server #/usr/local/psa/var/log/maillog

Ftp Logs on Plesk:

root@server #/var/log/messages

Server Logs on Plesk:

root@server #/var/log/messages

Horde Logs:

root@server # /var/log/psa-horde/psa-horde.log

Cronjob Logs:

root@server # /var/log/cron

SSH Logs:

root@server #/var/log/secure

Mailman Logs:

root@server #/var/log/mailman/

Tomcat Logs:

root@server #/var/log/tomcat5/catalina.out

mysql database size shows 0MB in cpanel


Just had an issue with my friend, When checked in mysql database I see the size as 0 mb. So made some changes and it worked.

1) SSH to your server as root and edit the cpanel.config file

root@server[~]# nano /var/cpanel/cpanel.config

Search for

disk_usage_include_sqldbs=0

and change to

disk_usage_include_sqldbs=1

If the parameter is not present, add it. Save the file and execute the following command:

root@server[~]# /scripts/update_db_cache

Also you can do this from WHM .

2) Login to the WHM, goto Tweak Settings >> ‘SQL’ section and enable the following option:

When displaying disk usage in cpanel/WHM include Postgresql and MySQL.

Thats it.

Enable zipped mysql dump support for phpmyadmin in cpanel :-


In phpmyadmin, while imporing a zipped database dump you might get an error as follows:

You attempted to load file with unsupported compression (application/zip). Either support for it is not implemented or disabled by your configuration. Enable .zip file import from cPanel phpmyadmin

This error occurs basically as there is no zip support enabled for phpmyadmin on the server. In order to enable the suppport you can do the following:

This will need reconfiguration of the internal cpanel php installation
Follow the steps given below:

Open the file

/var/cpanel/easy/apache/profile/makecpphp.profile.yaml.

[root@server~]# nano /var/cpanel/easy/apache/profile/makecpphp.profile.yaml

Locate for the line which says:
Cpanel::Easy::PHP5::Zip: 0

Here 0 indicates the support is disabled. In order to enable the support replace the 0 with 1.
The entry will look as follows:

Cpanel::Easy::PHP5::Zip: 1

3) Save and quit the editor.

4)Rebuild PHP with the changes made.

[root@server~]# /scripts/makecpphp

This rebuild process may take some time to complete. Once done, try to dump the zipped database in phpmyadmin.
It should now resolve the error.
Thats it

Configuring a plane server with cpanel and securing/hardning it


Hello Frnds,

Just purchased a new server and configured it with cpanel and also secured it :-

Here is what I did :-

Install Cpanel :-

Install cpanel on the server

root@server [~]# mkdir /home/cpins
root@server [~]#cd /home/cpins
root@server [~]#wget http://layer1.cpanel.net/latest

after this give screen command
If it works then OK ,but if did’nt work use

root@server [~]#yum install screen (Install all the dependencies with it )

now give screen command
root@server [~]#screen

after that give ‘ll’ or ls and you will see the file as ‘latest’

root@server [~]# ls

latest

change permission to 755
root@server [~]#chmod 755 latest

and then after give this command

#sh latest

After Installation you need to configure your WHM with 6 steps  once you login to your WHM with http://yourip:2086

Now Harden/Secure the server :-

Steps to Harden server :-

1] Install csf as almost 80 % of your server can be secured by installing csf :-

Steps to install csf :-

1) Download CSF script from

root@server [~]http://www.configserver.com/free/csf.tgz

2) Untar File

root@server [~]tar -xzxf csf.tar.gz

3) Install using following command

root@server [~]sh /csf/install.sh

That’s it! Wait for installation to finish.

Once you finish with the installation login to you WHM by  http://yourip:2086

WHM >> Plugins >>Config Server Security and Firewall >> Click on “Check Server Security” and from here you can increase the rating which will secure your server.

Further you can optimize your httpd and mysql by adding some manual entried in httpd.conf and my.cnf file respectively

Go to /etc/httpd/conf/httpd.conf file by your favorite editor  but before that do take the backup of your files

root@server [~]# cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf-bk

Now Go to /etc/httpd/conf/httpd.conf file

root@server [~]# nano /etc/httpd/conf/httpd.conf 

and add the following entries :-

Timeout 90
KeepAlive On
MaxKeepAliveRequests 200
KeepAliveTimeout 5
StartServers 8
MinSpareServers 5
MaxSpareServers 20
ServerLimit 1200
MaxClients 1200

Save and exit and restart apache service

root@server [~]# /etc/init.d/httpd restart

Now go to /etc/my.cnf but before that take a backup of it

root@server [~] cp /etc/my.cnf   /etc/my.cnf-bk

root@server [~] nano /etc/my.cnf

Add the following entries :-

[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
skip-locking
max_connections=500
query_cache_limit=1M
query_cache_size=16M
query_cache_type=1
max_user_connections=25
interactive_timeout=10
wait_timeout=10
connect_timeout=10
thread_cache_size=128
key_buffer=16M
join_buffer=1M
max_allowed_packet=16M
table_cache=1024
record_buffer=1M
sort_buffer_size=2M
read_buffer_size=1M
max_connect_errors=10
thread_concurrency=8
myisam_sort_buffer_size=32M
server-id=1
local-infile=0

[mysqld_safe]
open_files_limit = 8192

[mysqldump]
quick
max_allowed_packet=16M

[mysql]
no-auto-rehash

[isamchk]
key_buffer=32M
sort_buffer=32M
read_buffer=16M
write_buffer=16M

[myisamchk]
key_buffer=32M
sort_buffer=32M
read_buffer=16M
write_buffer=16M

[mysqlhotcopy]
interactive-timeout

Save and Exit and restart mysql service

root@server [~] # /etc/init.d/mysql restart

Thats it.

How to assign a dedicated IP to a Sub-domain OR Add-on/Park domain?


Hello friends

Just had an issue regarding the addition of dedicated IP to a subdomain OR addondomain/Parkdomain.

But if you see by default only 1 IP can be assisgned to a cpanel account. So to another IP you need to edit some files to do this.

Take for eg. you have a domain as “myserver.com”  with username “myserve” and a subdomain as”tester.myserver.com” and  you want to add a dedicated IP (1.1.1.1) to the subdomain.

So Here are the steps to add a dedicated IP to a subdomain :-

Edit the main Configuration File :-

root@server [~]# nano /var/cpanel/userdata/myserve/tester.myserver.com

Once you are in you need to change the value of IP with the dedicated IP. In this case the dedicated IP is 1.1.1.1

ip: 1.1.1.1

Save the file.

Now you need to rebuild the apache configuration so that the changes that you have made will take effect :-

root@server [~]# /scripts/rebuildhttpconf

Edit another file /etc/domainips and add the subdomain entry with the dedicated IP :-

root@server [~]# 1.1.1.1: tester.myserver.com

Save and rebuild the IPpool now with following command :-

root@server [~]# /scripts/rebuildippool

Now edit the DNS configuration file

root@server [~]# nano /var/named/myserver.com.db

Set the A record in front of the subdomaiin entry

tester 14400 IN A 1.1.1.1.
http://www.tester 14400 IN A 1.1.1.1

Save the file and restart the named service :-

root@server [~] /etc/init.d/named restart

Thats It. You will have a dedicated Ip for your subdomain.