Saturday, March 29, 2014

Can I Upgrade the Kernel on your VPS

It is generally understood that a server running Linux needs to have a relatively recent kernel version or at least one that has been securely patched to fix any vulnerabilities. For dedicated servers, a kernel upgrade is not big deal; a simple install, reboot and you are done. For a virtual private server, it can differ depending on the technology and method of deployment your provider uses.

On OpenVZ, for example, the virtual OS does not actually use its own kernel. It relies on the host’s kernel. Therefore, upgrading your kernel package will not actually have an effect and might even produce errors. Instead, you can either depend on your hosting provider to update the kernel periodically or you might be able to use some internal method that the host has to update the kernel to latest.

How to Create Cron Jobs with Webmin

Webmin is a web-based system administration tool for Linux and other Unix-like servers. Webmin provides a graphical interface for many of the tasks you would normally have to perform from the command line. Best of all, it is free and open source. One task you might have trouble performing from the Linux shell is creating cron jobs. Fortunately, Webmin has a cron job module.

    Navigate to the cron job module page
    Click “Create a new scheduled cron job”
    Under “Execute cron job as”, enter the username you want to run the cron job
    Select whether you want the cron job to be active (selecting no will create it but leave it inactive until you change this setting)
    Type the command string in the command field
    If you have data you need sent to the command, enter it in the “input to command” field
    Select the time you want for “when to execute”. The dropdown menu will give general times like “hourly”. Alternatively, you can use “Times and dates selected below” and setup your own schedule.
    Optionally, setup “Date range to execute” to limit the cron job to a time period. After it expires, it will not run again.
    Click “create” to finish.

How to backup configuration files on Webmin

Most Linux items that need backing up are stored in user home directories. This usually includes virtual web server directories as well, depending on the web server and settings you are using. One exception to this rule is configuration files. These are stored in /etc and other places. When it comes time to backup, many people backup database files and home directories but forget about configuration files. Webmin has a solution.

How to Setup Reverse DNS in WHM

One of the often overlooked aspects of web hosting is reverse DNS. A website will not connect to users who type in a domain name if the forward DNS does not identify the IP address associated with it, but some domains do not have reverse DNS, despite it being an established Internet standard.

Among other uses, reverse DNS can help security-conscious users and professionals verify that the relationship between a domain and an IP address is valid, which helps prevent spam, phishing, and other nefarious activities.

When you manage your server with WHM from cPanel, it is easy to setup reverse DNS records for your IP addresses. Just follow these steps:

Create a reverse DNS zone file

Friday, March 28, 2014

mod_security best rules

# Deprecated due to security issues so it should be off:
SecCacheTransformations Off

# Check Content-Length and reject all non numeric ones
SecRule REQUEST_HEADERS:Content-Length "!^\d+$" "deny,log,auditlog,msg:'Content-Length HTTP header is not numeric', severity:'2',id:'960016'"

# Do not accept GET or HEAD requests with bodies
SecRule REQUEST_METHOD "^(?:GET|HEAD)$" "chain,phase:2,t:none,deny,log,auditlog,status:400,msg:'GET or HEAD requests with bodies', severity:'2',id:'960011',tag:'PROTOCOL_VIOLATION/EVASION'"
SecRule REQUEST_HEADERS:Content-Length "!^0?$" t:none

Cpanel log locations



cPanel Installation Logs:

Apache domlogs:

How to troubleshoot mysql database server high cpu usage/slowness


1. Firstly find out what's causing server CPU high usage
Normally, we firstly will notice that server cpu load is high, run 'top' to confirm which process is contributing the cpu high usage, it's mysql or other process. Also, run uptime, vmstat 2 and iostat -x to find out if there's any abnormal situation.

Here, we need some baseline to compare with, before the problem happens and server is running fine, we should have recorded some baseline information first such as the output of:

vmstat 2 20
top -b -n 5
iostat -x 5 | grep sdb

2. check mysql error log , slow query log etc from /etc/my.cnf

How to Setup FTP with ProFTPD in Webmin

After installing Webmin on a VPS, you may be wondering how to add and configure FTP users. With Webmin it is not a one-click process, but the procedure is still fairly simple. To install proftpd and add a user, follow these steps:

Login to webmin at http://xx.xx.xx.xx:10000 (may be https:// for Debian/Ubuntu system)
Access the Webmin Modules option via Webmin > Webmin Configuration
Select Standard module from
Click the button on the right of that option
Choose: proftpd
Click Install Module
On the left sidebar, after installation, click Refresh Modules
Click Create a new user accessed via System > Users and Groups
Provide a username for what is to be your FTP account
Select Normal Password and provide a unique, complex password for the account
If desired, select a custom home directory, otherwise choose Create home directory near the bottom of the options.
Select New Group with same name as user
Click Create
Once this is done, you should be able to access FTP with the username
and password you selected, using your server's IP address as the host.

Allowed memory size of x bytes exhausted (tried to allocate xbytes)

Fatal error: Allowed memory size of x bytes exhausted (tried to allocate xbytes)

The error normally occurs when PHP tries to process a big database records or when importing or exporting. To solve the error, there are two fixes. One is to increase PHP memory limit of the account by using a custom php.ini file. But sometimes it won't work.

If it didn't work, then you can fix the error by increasing the memory of the particular PHP script (displayed in error message) by adding an additional line at the top of the script:

Enable Iptables Modules for a VPS

Below was the error while trying to install CSF in one of the OpenVz containers:

    [root@abc ~]# perl /etc/csf/
    Testing ip_tables/iptable_filter...OK
    Testing ipt_LOG...FAILED [ 4294967295] - Required for csf to function
    Testing ipt_multiport/xt_multiport...FAILED [FATAL Error: iptables: Unknown error 4294967295] - Required for csf to function
    Testing ipt_REJECT...OK
    Testing ipt_state/xt_state...FAILED [FATAL Error: iptables: Unknown error 4294967295] - Required for csf to function
    Testing ipt_limit/xt_limit...FAILED [FATAL Error: iptables: Unknown error 4294967295] - Required for csf to function
    Testing ipt_recent...FAILED [Error: iptables: Unknown error 4294967295] - Required for PORTFLOOD and PORTKNOCKING features
    Testing xt_connlimit...FAILED [Error: iptables: Unknown error 4294967295] - Required for CONNLIMIT feature
    Testing ipt_owner/xt_owner...FAILED [Error: iptables: Unknown error 4294967295] - Required for SMTP_BLOCK and UID/GID blocking features
    Testing iptable_nat/ipt_REDIRECT...FAILED [Error: iptables v1.3.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)] - Required for MESSENGER feature
    Testing iptable_nat/ipt_DNAT...FAILED [Error: iptables v1.3.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)] - Required for csf.redirect feature

Enable Iptables Modules for a VPS:-

Sunday, March 9, 2014

How to Import/Export MySQL Databases with SSH

To export a MySQL database, access your Dedicated Server or VPS via SSH and run:

# mysqldump -u username -p database_name > dumpfile.sql

To import a MySQL Database, run:

# mysql -u username -p database_name < dumpfile.sql

How to Clear cPanel/WHM Brute Force Log from SSH

If you find that you have accidentally been locked out of your WHM/cPanel server by Brute Force Detection, you can log in to your Server or VPS via SSH and run the following command to clear the brute force log:

# echo “delete from brutes; delete from logins;” | mysql cphulkd

How to Check CPU Info with SSH on Linux

To check the CPU allocation and information on your VPS, simply log in to SSH as root, and run the following command:

# cat /proc/cpuinfo

How to Install IonCube loader

IonCube is a PHP module extension that loads encrypted PHP files, and speeds up webpages that are being displayed.

It is often required for a lot of PHP-based applications.

Download ioncube from their site according to your system:

So for example, for linux x86,

# cd /usr/local/src
# wget
# tar -xfz ioncube_loaders_lin_x86.tar.gz
# mv ioncube /usr/local

Use a text editor to open up php.ini in /usr/local/lib/phi.ini and insert:
according to your php version. Save and restart httpd.
# nano -w /usr/local/lib/php.ini
# service httpd restart