Saturday, September 20, 2014

Customize your default apache page in cpanel

You just have to login to your server via ssh.
Navigate to /usr/local/apache/htdocs

    # cd /usr/local/apache/htdocs

And finaly edit the file index.html

    # nano index.html

If you list the content of /usr/local/apache/htdocs you will see that you can also modify the content of other error pages that cpanel’s apache outputs.

End you are done

How to catch spammer or Scammer in Cpanel server?

1. Open exim.conf
pico /etc/exim.conf

2) Find this;
Ctrl + W: hostlist auth_relay_hosts = *

Runtime configuration file for Exim #

3) After hostlist auth_relay_hosts = *

add the following

log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn
4) The final result should look like this

hostlist auth_relay_hosts = *

Friday, September 19, 2014

How to redirect to

Here is the steps:-

Make changes to zone db ( Ie /var/named/
create a subdomain webmail
entry wil be like this

    ========================== IN A IN A IN MX 0
    mail IN CNAME
    www IN CNAME
    ftp IN A
    cpanel IN A
    whm IN A
    webmail IN A
    webdisk IN A

mod_security: Access denied eror code 403

You may get the following error in Apache logs:-

mod_security: Access denied with code 403. Error reading request body, error code 70007:

The timeout specified has expired

1. Open the Apache configuration file

root@server1 [~]#vi /usr/local/apache/conf/httpd.conf

2. Change the  Timeout value to 300

3. Restart Apache service.

root@server1 [~]# /etc/init.d/httpd restart

Issue will be fixed.

How to disable PHP functions per domain?

If you want to disable the PHP functions  for a particular  domain, just put the following entry in the .htaccess corresponding to the domain.

php_flag engine off

You may also put the following entry in the virtual host entry  in httpd.conf corresponding to the domain.

php_admin_flag engine off

Restart httpd once this is done.

Different ports used on cPanel server

Here is the list of different ports used on cPanel server:-

20 –> FTP (Inbound/Outbound,TCP/UDP)
21 –> FTP (Inbound/Outbound,TCP/UDP)
22 –>SSH (Inbound,TCP)
25 –>SMTP (Inbound/Outbound,TCP)
26 –>SMTP (Inbound/Outbound,TCP)
37 –>RDATE (Outbound,TCP)
43 –>WHOIS(Outbound,TCP)
53 –>DNS (Inbound/Outbound,TCP/UDP)
80 –>HTTP (Inbound/Outbound,TCP)
110 –> POP3(Inbound,TCP)
143 –>IMAP4(Inbound,TCP)
443 –>HTTPS(Inbound,TCP)
465 –>SMTP (TLS/SSL)(Inbound/Outbound,TCP/UDP)
873 –> RSYNC(Outbound,TCP/UDP)
993 –>IMAP4 (SSL)(Inbound,TCP)
995 –>POP3 (SSL)(Inbound,TCP)
2082 –>CPANEL(Inbound,TCP)
2083 –>CPANEL (With SSL)(Inbound,TCP)
2086 –>WHM (Inbound,TCP)
2087 –>WHM (With SSL)(Inbound,TCP)
2089 –>cPanel licence(Outbound,TCP)
2095 –>WEBMAIL(Inbound,TCP)
2096 –>WEBMAIL (With SSL)(Inbound,TCP)
3306 –>MYSQL (Inbound/Outbound,TCP)

Enableing passive mode in FTP server with CSF firewall

Passive mode is always very important for ftp servers, if you are running csf firewall and cannot connect to ftp server then it means that range of passive ports is blocked in firewall. Here are simple steps

1) Add Passive Port range 30000-350000 to your Pureftp or Proftp configuration file

i) For Pure FTP

open /etc/pure-ftpd.conf, and this line

PassivePortRange    30000 35000

ii) For pro FTP

Open /etc/proftpd.conf, and add this line

PassivePorts    30000 35000

iii) Now add these ports in CSF config

Open /etc/csf/csf.conf

# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,30000:35000"

iv) restart csf and ftp

service csf restart
service pureftpd restart (or)
service proftpd restart

Now you will not get error while connecting to ftp
That's it!

Saturday, September 6, 2014

How to install CHKRootkit

Product Name: CHKROOTKIT
Product Version: 0.49

Description: chkrootkit (Check Rootkit) is a common Unix-based program intended to help system administrators check their system for known rootkits. It is a shell script using common UNIX/Linux tools like the strings and grep commands to search core system programs for signatures and for comparing a traversal of the /proc filesystem with the output of the ps (process status) command to look for discrepancies.
It can be used from a “rescue disc” (typically a LiveCD) or it can optionally use an alternative directory from which to run all of its own commands. These techniques allow chkrootkit to trust the commands upon which it depends a bit more.

There are inherent limitations to the reliability of any program that attempts to detect compromises (such as rootkits and computer viruses). Newer rootkits may specifically attempt to detect and compromise copies of the chkrootkit programs or take other measures to evade detection by them.
Step 1: Downloading and Installing it:

cd /usr/local/src
wget md5sum -c chkrootkit.md5
tar -zxvf chkrootkit.tar.gz
mkdir /usr/local/chkrootkit
mv /usr/local/src/chkrootkit*/* /usr/local/chkrootkit
cd /usr/local/chkrootkit
make sense Step 2: Adding program to daily cron job
There you go! should be installed, and you will get a mail daily with a status on your system

How to install Malware Detect (Maldet) for CentOS 6 / Linux

Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. In addition, threat data is also derived from user submissions with the LMD checkout feature and from malware community resources. The signatures that LMD uses are MD5 file hashes and HEX pattern matches, they are also easily exported to any number of detection tools such as ClamAV.

There is nothing complicated in installation process, but root access to your server is required. 
Installation via SSH

cd /usr/local/src/
tar -xzf maldetect-current.tar.gz
cd maldetect-*
sh ./ or sudo sh ./
maldet --update-ver
maldet --update

To scan a folder, for example /home you should type maldet -a /home.