Stop using custom php.ini in ntPHPselector.

StickyntPHPselector

I am writing this post to give an idea about how to use custom php.ini and stop using custom php.ini in ntPHPselector. Since we got some request form some of the customers about the same, so I am adding this as blog for others to check.

How to use custom php.ini

There are several instances that may require you to modify a setting in the php.ini file for your website, such as increasing the PHP upload limit. The customer need to copy the default php.ini ( collect it from the php info page ) and alter the values based on the site requirements.

Some of the disadvantages of using custom php.ini

You lose the ability to select the php version via the control panel, if the version is not specific to the respective php version, it may cause errors.

Any changes we made on the global php.ini will not be reflected on your site

Changes you made to php.ini will not be applied instantly

Some of the web hosts will not allow to use custom php.ini. Since allowing this feature will cause resource usage abuse, which include performance issue with the server too. So they forced to disable this feature.

In ntPHPselector, you can disable the custom php.ini by un commenting the following entries under the section “phprc_paths”. By default, there is no commented entry for 5.3 in the suphp.conf. You need add the following entry manually, since it is compiled by you using ntPHPSelector interface.

[phprc_paths]
application/x-httpd-ea-php54=/opt/cpanel/ea-php54/root/etc
application/x-httpd-ea-php55=/opt/cpanel/ea-php55/root/etc
application/x-httpd-ea-php56=/opt/cpanel/ea-php56/root/etc
application/x-httpd-ea-php70=/opt/cpanel/ea-php70/root/etc
application/x-httpd-ea-php71=/opt/cpanel/ea-php71/root/etc

; entry related with PHP 5.3
application/x-httpd-php53=/opt/cpanel/nt-php53/root/etc

Restart the httpd service and check whether it is loading or not.

If you need further customization to the plugin, you can contact our support and we will help you. Also you can inform us the feature requests or bug reports

Migrate EasyApache 3 to EasyApache 4 and ntPHPselector Installation

StickyntPHPselector

Here I am  discussing the migration of Easyapache 3 to Easyapache 4 and the ntPHPselector installation ( version 4 )and the things taken care while installing the plugin. The Migration section of WHM’s EasyApache 4 interface (Home >> Software >> EasyApache 4) displays your system’s version of EasyApache and allows you to migrate to and from EasyApache 3 (EA3) and EasyApache 4 (EA4). Continue reading

How to find Spamming in cPanel

StickycPanel

cPanel is a Linux based web hosting control panel that provides a graphical interface and automation tools designed to simplify the process of hosting a web site. cPanel is one of the commonly used web hosting control panel. cPanel will install all the necessary softwares, which are required for a domain hosting. One of the common issue you might encounter is spamming in cPanel . Spam is flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it. Most spam is commercial advertising, often for dubious products, get-rich-quick schemes, or quasi-legal services.
Continue reading

04Sep/19

How to disable portmapper services in centos 7

Centos

Sometimes you will get a notice saying like ” your server can be used or is used for abusing using portmapper services”

An open portmapper service that can be accessed from the Internet can be exploited by an attacker to perform DDoS reflection attacks. Furthermore, an attacker will gain information about the network, e.g. running RPC services or existing network shares.

What does the portmapper do when it is enabled ?

It actually helps to provide RPC (Remote Procedure Calls) like NFS mounts. PortMapper service name is called as portmapper and runs in port TCP and UDP 111.

The Vulnerability in having this was revealed back in 2015 and after that most of the techs suggest to get this disabled or atleast disable this port using TCP Wrappers or Firewall.

To get the list of RPC services , you can use the command rpcinfo.

Sample result which have portmapper service enabled

[root@server ~]# rpcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper

To stop the services , use the below commands

[root@server ~]# systemctl stop rpcbind
Warning: Stopping rpcbind.service, but it can still be activated by:
rpcbind.socket

[root@server ~]# systemctl stop rpcbind.socket

Now again check rpcinfo command to confirm if all process is stopped or not . Good result will be like the below

[root@server ~]# rpcinfo -p
rpcinfo: can’t contact portmapper: RPC: Remote system error – Connection refused

To disable this service and stop restarting even after reboots, disable the service using the below command.

[root@server ~]# systemctl disable rpcbind
Removed symlink /etc/systemd/system/multi-user.target.wants/rpcbind.service.

Cross check once more and confirm rpcinfo command is showing connection refused.

[root@server ~]# rpcinfo -p
rpcinfo: can’t contact portmapper: RPC: Remote system error – Connection refused

This way you can disable the service for ever.

01Sep/19

ntDNScheck version 1.0 released

ntDNScheck,

A DNS report plugin to verify the dns reports for the domains easily.

ntDNScheck plugin will prepare a dns report for the domains in the server. It will help the administrator to check the domains with local and remote name servers, local and remote mail servers. Also, it will help to identify the remote domains. It also provides an option to list down the domains using Cloudflare name servers. 

The main use of the plugin is to analyze the dns report for the domains and correct the issues. Also it will help the administrators to idenify the domains status for migrating data and mails without data loss.

You can check more details about the plugin here. It costs $10 per year and the installation process is pretty simple and you will get instructions along with the order confirmation mail.

Features of ntDNScheck

[+] A full dns report of all the domains in the server
[+] Domains grouped based on local and remote NS and MX
[+] Report for single domain for detailed investigation.
[+] User friendly WHM interface for showing the reports.
[+] Cloudflare name servers are seperately grouped. 

27Jul/19
directadmin

How to install Directadmin Control panel in Centos 7

directadmin, ,

One of the Best and Simple Control panel for Webhosting Companies

Directadmin is one of the best and simple control panel I have used in my last 10 years career and I will suggest this as an alternate to cPanel for every one. Due to recent Price Hike of cPanel license, it seems fortunes for Directadmin team is on their way and will get a good boosting from now on.

Directadmin has different kind of licenses and you should select the most suitable ones for you.

You can look in the below links for more details on licenses

https://directadmin.com/pricing.php

Installation Steps

IMP Note : Never Install this or any other control panel in a production server even if it is just having a lamp. Always use a freshly Os reloaded with Latest OS available at the time of the installation. In my case I am using Centos 7.x

Also update to the latest available updates and kernel before proceeding and secure ssh if possible before working on this.

[root@ntv ~]# cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core)

[root@ntv ~]# yum update

** If kernel is updated, please reboot the server and then proceed further

Install the Pre install commands needed for directadmin. This differs with each kind of os and you need to refer the below link and use respective details

https://help.directadmin.com/item.php?id=354 

[root@ntv ~]# yum install psmisc net-tools systemd-devel libdb-devel perl-DBI perl-Perl4-CoreLibs xfsprogs rsyslog logrotate crontabs file kernel-headers

You need to have atleast a trial license to install this and need to update license details prior to installation. You need to confirm the ip and Os version are corectly setup in the client area of the directadmin.

For the trial license , you need to register yourself in this link’s Order Now option . https://www.directadmin.com/features_list.php

To install panel it is simple 3 steps 

wget https://www.directadmin.com/setup.sh
chmod 755 setup.sh
sh setup.sh

There will be many questions asked while installation and make sure you give them the correct answers.

If you need any Installation / Setup / Migration assitance you can contact us any time or can order our Directadmin Per Server Management plan which will cover most of these.

Please contact us for any such helps and we are always ready to help you.

To ORDER our Directadmin Per Server Management plan, Please click here

You can refer more on from the Official guide as well using the below links

https://www.directadmin.com/installguide.php

07Feb/19

How to check Magento version

Magento,

As a server administrator, we may need to find the version of the application running under the sites. Sometimes we need our search criteria limited to some specific version to find the exact fix. So it is very important to find the version of the application running.  Today I am discussing the ways to check Magento version.

Magento is an open-source e-Commerce platform in PHP.  You can download the latest magento version of Magento version from the following link. You will get the latest available version from this link.

https://magento.com/tech-resources/download

  1. You can simply load the following link in the browser to get the version of the Magento installation. This will work until it is purposefully blocked by the administrator.
    2. https://yourdomainname.com/magento_version/
    Sample output
Magento/2.2 (Community)
  2. Another option is login into the Magento admin backend. You can see the running version at the bottom right corner of the page. 
  3. You can check the version using command line too. 

    4. Go to your Magento root directory and run the following command

    php bin/magento --version
    Sample output. 
Magento CLI version 2.2.5

26Jan/19

Security breach found in PHP “PEAR” library service

Uncategorized

The PEAR server is in a stopped state until safety is confirmed. Its maintainers found that there was a security breach such as an attack on the server “PEAR” which provides a library available in PHP.

Users who downloaded and installed PEAR PHP in the last 6 months from the official website of the PEAR pear-php.net, were may be infected so you should quickly download the Github version and install it. If they downloadeded “go-pear.phar” file after December 20, 2018 are asking for confirmation that the file has not been altered, and if the corresponding file was downloaded before December 20, 2018 Even if PEAR installation is executed, PEAR warns the user “It is prudent to check the system”.

Below is official website of PEAR. As of January 24, 2019, the server is still down. Also, the official blog that details are written is also downed and can not be accessed.

You can use the below steps to check the go-pear.phar file’s vulnerability.

  • Login via SSH to your server where you are currently using PEAR.
  • Go to the directory where you currently downloaded the go-pear.phar file, most likely your user’s home directory.
# cd ~user
  • Check the md5sum value.
# md5sum go-pear.phar
  • The above command will return value like this. 1e26d9dd3110af79a9595f1a77a82de7
  • The infected file has the above hash value. If you see this value returned, you should proceed to disable the previous PEAR installation files and folders.
# mv go-pear.phar go-pear.phar_infected
# mv .pearrc .pearrc_infected
# mv pear pear_infected
  • Next, download a fresh copy of the go-pear.phar file from github
# wget https://github.com/pear/pearweb_phars/blob/master/go-pear.phar
  • You can then re-install PEAR using file downloaded from github
16Feb/18

How to change default PHP version in plesk

Plesk,

How to change default PHP version in plesk

In this article, I am referring to change default php version in plesk. In latest plesk versions are come with all the php versions installed ( we have the option to install all the php versions ). So no need to install a separate php in the server for setting the default PHP to the latest version. Creating symlink and some additional commands to bring the default handler to the required version.

Here is the environment in which the command worked.

Plesk Version : 17.5.3 CentOS 7

List the php handlers

/usr/local/psa/admin/bin/php_handlers_control --list

Verify the default php version.

php -v

Check the PHP version 5.6

/opt/plesk/php/5.6/bin/php -v

Find the default php binary

which php

Backup the php, php-cgi and php-fpm binaries.

mv /usr/bin/php /usr/bin/php.backup
mv /usr/bin/php-cgi /usr/bin/php-cgi.backup
mv /sbin/php-fpm /sbin/php-fpm.backup

Create symlink from php 5.6 binaries

ln -s /opt/plesk/php/5.6/bin/php /usr/bin/php
ln -s /opt/plesk/php/5.6/bin/php-cgi /usr/bin/php-cgi
ln -s /opt/plesk/php/5.6/sbin/php-fpm /sbin/php-fpm

You can set symlink from any other php version installed in the server. Following are the php bnaries for other versions, find the same for php-cgi and php-fpm too.

/opt/plesk/php/5.3/bin/php 
/opt/plesk/php/5.4/bin/php 
/opt/plesk/php/5.5/bin/php
/opt/plesk/php/5.6/bin/php
/opt/plesk/php/7.0/bin/php 
/opt/plesk/php/7.1/bin/php
/opt/plesk/php/7.2/bin/php

Once the symlink is created, the php version will show the new version we set. You can check it using the following command.

php -v

Next option is to update the plesk database with the changed versions. The reread option will update plesk database with the new versions.

/usr/local/psa/admin/bin/php_handlers_control --reread

After that reconfigure all the domains or the domains using the default php versions. And proceed with a service restart.

/usr/local/psa/admin/sbin/httpdmng --reconfigure-all
service httpd restart

Once this is completed, the sites will load with new php version.

Note: Make sure to do this by a qualified technician.

If you need us to do these changes for your server, please get it touch without support

14Feb/18

How to disable AutoSSL notifications to the customers cpanel account emails

cPanel, ,

Recently many of our customers had asked us how they can disable AutoSSL notifications to the end user cpanel account emails. So we guys made a reasearch on this and got the cpanel forum link which this discussion was already going on and saw a script.

Save the below to /root/autossldisable.sh, chmod 755 autossldisable.sh and then run it with ./autossldisable.sh

#!/bin/bash
cd /var/cpanel/users
for user in *
do
    cpapi2 --user=$user CustInfo savecontactinfo notify_autossl_renewal=0 notify_autossl_renewal_coverage=0 notify_autossl_expiry_coverage=0 notify_autossl_expiry=0 notify_ssl_expiry=0
done

This will disable  5 AutoSSL notices off for every user on the server.

Hope this helps

Update : Good news is that by Cpanel 70 version, you will have these options available at Manage Autossl section in the WHM

Reference and Courtsey for the above script : forum.cpanel.net

Reference Link for full discussion : https://forums.cpanel.net/threads/ssl-notifications-in-cpanel-68.614395/