All posts by Felix N

14Nov/16

How to harden wordpress

[huge_it_share]Almost 75% of websites and blogs are built in wordpress which is the mostly used CMS(Content Management System) . But unfortunately websites that use wordpress are mostly prone to attacks and vulnerabilities .So lets see how we can harden wordpress to resist the attacks .

As we know wordpress is a free tool .So anyone can try installing it .The same thing is the reason for most of the wordpress attack since anyone can install it everyone know the basic settings that we are going to use in our wordpress including the hackers .This is one of the main reasons hackers get into the because they know the default settings we are going to use .So one main thing we should do is change everything as possible from default settings in wordpress .Here I will be pointing some of the main things you can do to protect your wordpress sites . Continue reading

02Nov/16

Monit how to install & Configure on CentOS 7/RHEL 7

Monit is utility or package we usually used in Linux machines for managing and monitoring service running in the Linux machines. For example services like HTTPD, MySQL etc. Monit can start a process if it does not run, restart a process if it does not respond and stop a process if it uses too much resources. The monit also has user friendly web interface where you can directly view the system status and setup up processes using native HTTP(S) web server or via the command line interface.  In this blog we disscussing how we can implement monit on a Centos7 server. The Centos version I am using CentOS Linux release 7.2.1511

[[email protected] ~]# cat /etc/redhat-release 
CentOS Linux release 7.2.1511 (Core)

At this moment monit is not available in the base repository of Centos 7. So I used EPEL repository to install monit using yum.

wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-8.noarch.rpm

rpm -ivh epel-release-7-8.noarch.rpm
yum install monit

Monit configuration
Now we are going to enable monit web interface by configuring the monit conf file. After enabling we will be having a nice web interface of monit that shows status of services we are monitoring, how long it was up in the server etc. We have added a screenshot for the same at the end of this article. You are refer the same for how exactly it look like.

open  /etc/monitrc using vi editer and make below changes.

originally it was like

set httpd port 2812 and
 use address localhost # only accept connection from localhost
 allow localhost # allow localhost to connect to the server and
 allow admin:monit # require user 'admin' with password 'monit'

After changes it will look like

set httpd port 2812 and
 use address x.x.x.x(server IP) # only accept connection from localhost
 allow y.y.y.y(Your IP) # allow localhost to connect to the server and
 allow admin:monit # require user 'admin' with password 'monit'

Restart service using below command

service monit restart

Allow port 2812 in the firewall and verify its listening from outside using telnet commands. In my case I was using csf firewall. So I just need to add port in the csf conf file under TCP_IN and TCP_OUT section.

After that access the monit web interface using the url like http://x.x.x.x:2812

If you need us to setup the sever with nginx or php-fpm with high performance, you can contact us for the setup. Either you can subscribe for our Server Management or use our Hourly server management

Service Configuration

In this section we are going to monitor our server mySQL service by monit and restart it if its failed. Below are the changes.

Create a file named mysql.conf under directory /etc/monit.d/.

Add below entries and make necessary changes as per your server and pid file name and location.

check process mysqld with pidfile /var/lib/mysql/server.namemysql.pid
group mysql
start program = "/usr/bin/systemctl start mysql.service"
stop program = "/usr/bin/systemctl stop mysql.service"
if failed host 127.0.0.1 port 3306 then restart
if 5 restarts within 5 cycles then timeout

Once added check the syntax using command “monit -t” and you will get result like below.

monit -t
Control file syntax OK

restart monit service using below command.

service monit restart

After that refresh the monit web panel and you will see MySQL is monitored by Monit.

In centos 7 we can see monit log from the location tail -f /var/log/monit.log

monit-server

 

 

20Oct/16

MongoDB install in cPanel

During these days the request for MongoDB installation on Linux servers is high because the developers are really like the same.MongoDB is officially a “NoSQL” database. NoSQL refers to a database with a data model other than the tabular format used in relational databases such as MySQL, PostgreSQL, and Microsoft SQL. MongoDB features include: full index support, replication, high availability, and auto-sharding. MongoDb is usually used to store large amount of data. MongoDB helps you to integrate database information into your apps easier and faster.

MongoDB officially still not supported on cPanel servers but there is a way to install MogoDB on cPanel server and there are many users using them. The install is possible because actually cPanel server is a Linux server itself. Only problem we have is we need to create the mongo databases from shell and the users and administer it so as well.

Today we are going to install MongoDB in a cPanel server powered by Centos 6

Technical requirements

root access
PHP-pear for full pecl support
PHP-devel package installed to compile extension manually

Now we are performing the MongoDB install via MongoDB Repo

  • Login to the server via ssh as root user.
  • create a file named /etc/yum.repos.d/mongodb.repo
vim /etc/yum.repos.d/mongodb.repo
  • In my case I am using a 64bit operating system. So need to add below lines.
[mongodb]
name=MongoDB Repository
baseurl=http://downloads-distro.mongodb.org/repo/redhat/os/x86_64/
gpgcheck=0
enabled=1
  • use below lines if you are using a 32 bit operating system.
[mongodb]
name=MongoDB Repository
baseurl=http://downloads-distro.mongodb.org/repo/redhat/os/i686/
gpgcheck=0
enabled=1
  • Save the file in the vim editor.
  • Install MongoDB using Yum
yum install mongo-10gen mongo-10gen-server

imgpsh_fullsize

  • At this point, we have installed MongoDB on our server + cPanel box.
  • Configure MongoDB to start on boot and manually start the service.
chkconfig mongod on
service mongod start
  • Check MongoDB Service Status
service mongod status
  • Summary List of Status Statistics
mongostat
  • Enter the MongoDB Command Line
mongo
  • By default, running this command will look for a MongoDB server listening on port 27017 on the localhost interface.if you wanted to connect to a local MongoDB server listening on port 435984
mongo --port 22222
  • Install MongoDB PHP Extension, so php code can interact with MongoDB
pecl install mongo
/scripts/restartsrv_httpd
  • Once installed we can verify the same using below command.
    php -i | grep mongo -i

So now we completed the initial setup needed for MongoDB install on a cPanel server. Please post your comments below.

How to find Spamming in cPanel

cPanel is a Linux based web hosting control panel that provides a graphical interface and automation tools designed to simplify the process of hosting a web site. cPanel is one of the commonly used web hosting control panel. cPanel will install all the necessary softwares, which are required for a domain hosting. One of the common issue you might encounter is spamming in cPanel . Spam is flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it. Most spam is commercial advertising, often for dubious products, get-rich-quick schemes, or quasi-legal services.
Continue reading

27Jul/16

Enable mpm-itk in Webmin

The Apache HTTP Server is designed to be a powerful and flexible web server that can work on a very wide variety of platforms. Apache web server shipts with a selection of Multi-Processing Modules (MPMs) which are responsible for binding to network ports on the machine, accepting requests, and dispatching children to handle the requests.  Two MPMs thats comes with Apache on Linux is prefork and worker.

What is the default apache module used ?

In webmin by default prefork MPM is enabled. mpm-itk is another type MPM thats supported by Apache.

What are the benifits of using mpm-itk ?

The apache2-mpm-itk or mpm-itk is an MPM (Multi-Processing Module) for the Apache web server. mpm-itk allows us to run each of our  website vhost under a separate uid and gid. in other words, the scripts and configuration files for one vhost no longer have to be readable for all the other vhosts.

mpm-itk is based on the traditional prefork MPM, which means it’s non-threaded. We can run non-thread-aware code (like many PHP extensions) without problems. On the other hand, We will also take an additional performance hit over prefork, since there’s an extra fork per request.

With mpm-itk we can enable php opcode caching like APC, Xcache etc.  This is one of the main benefits of mpm-itk when it compared to suphp.

The latest version is 2.4.7-04 for Apache 2.4 and 2.2.17-01 Apache 2.2.x.

Installation

Virtualmin running on Ubuntu

apt-get install apache2-mpm-itk

Virtualmin running on Centos

yum install httpd-itk

If get any errors like erros like unmet dependencies with apache2.2-common missing. First we need to install the apache2.2-common .deb or rpm package manually after downloading package.

We can use commands like dpkg -i *.deb (debian) or rpm -ivh *.rpm ( Centos) bases servers.

Once the installation is completed we need to configure the webmin for mpm-itk. mpm-itk is configured on a per-vhost basis. Which means we don’t have to set any global options, and there’s only one directive we need to set in a vhost, AssignUserId, which takes two parameters, the user name and the group that the vhost will run as.

In case of webmin we perform this action using the Server Templates option. For example, add this to Virtualmin Server Templates:

<ifmodule mpm_itk_module>
AssignUserId ${USER} ${USER}
</ifmodule>
15Jul/16

Webmin with Nginx and php-fpm for high performance

This article is to install NGINX, a free, open-source, high-performance HTTP server in webmin with php-fpm. NGINX is known for its high performance, stability, rich feature set, simple configuration, and low resource consumption. Nginx is a lightweight webserver that supports most of the functionality of Apache. It is suited to websites that have a large amount of static content. Unlike traditional web servers, NGINX doesn’t rely on threads to handle requests. Instead it uses a much more scalable event-driven (asynchronous) architecture. This architecture uses small, but more importantly, predictable amounts of memory under load.

Installing Nginx in Webmin

Apache is the default web server installed in webmin and switching webserver apache to nginx is done, only if no virtual servers are created. Ideally the change should be done on a freshly installed system.

Please perform below steps after accessing your server over SSH.

On Centos

service httpd stop

chkconfig httpd off

On Debian

/etc/init.d/apache2 stop

update-rc.d apache2 remove
yum install nginx (Centos )

apt-get install nginx ( Debian based)

Start Nginx using below command

/etc/init.d/nginx start

Install the Webmin module to manage NGINX

yum install wbm-virtualmin-nginx wbm-virtualmin-nginx-ssl ( centos )

apt-get install webmin-virtualmin-nginx webmin-virtualmin-nginx-ssl ( Debian based)

If you need us to setup the sever with nginx or php-fpm with high performance, you can contact us for the setup. Either you can subscribe for our Server Management or use our Hourly server management

PHP-FPM

PHP-FPM (FastCGI Process Manager) is an alternative PHP FastCGI implementation with some additional features useful for sites of any size, especially busier sites. The main features include Adaptive process spawning,  Advanced process management with graceful stop/start, Accelerated upload support etc. PHP-FPM is a daemon process  which provides us with a new binary, called php-fpm, and a default configuration file called php-fpm.conf is installed in /etc.

For installation please follow below steps.

yum install php-fpm -y (  Centos)

apt-get install php-fpm ( Debian)

Now let’s disable the default way Virtualmin execute PHP (php-cgi) so that when you create a new site it uses PHP-FPM instead of PHP-CGI. Please note that we implemented the same on a fresh server.

Edit the file ‘/usr/libexec/webmin/virtualmin-nginx/virtualmin-nginx-lib.pl’ and replace the following entries to disable php-cgi call.

# Launch it, and save the PID
&start_php_fcgi_server_command($d, $cmd, $envs_to_set, $log, $pidfile);

Replace it with:

# Launch it, and save the PID
#&start_php_fcgi_server_command($d, $cmd, $envs_to_set, $log, $pidfile);

Now edit the PHP-FPM config file to make change the user from Apache to Nginx.

vi /etc/php-fpm.d/www.conf

Look for:

; RPM: apache Choosed to be able to access some dir as httpd
user = apache
; RPM: Keep a group allowed to write in log dir.
group = apache

Change it with:

; RPM: apache Choosed to be able to access some dir as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx

Start php-fpm after updating the above settings and use below commands to restart it.

service php-fpm start ( Centos )

/etc/init.d/php-fpm start ( Debian based)

We completed setting up php-fpm with Nginx on webmin servers. Now on if we create a website through webmin and put a test php page, it should need to work. Please report any errors if you found any.

07Jul/16

Install Let’s Encrypt for cPanel

Let’s Encrypt is a certificate authority launched on April 12, 2016. It provides  free X.509 certificates  for  (TLS) encryption using an automated process designed to eliminate the current complex process of manual creation, installation, and renewal of certificates for secure websites.

Using Let’s Encrypt the web administrators can  turn on and manage HTTPS with simple commands. Let’s Encrypt  make this possible with  the ACME protocol.  Once we enable the Let’s Encrypt for a website, we will be able to browse our websites over https like https://example.com/. We can read more details about  how the Let’s Encrypt works from the below link.

https://letsencrypt.org/how-it-works/

Let’s Encrypt for cPanel is a cPanel/WHM plugin for the Let’s Encrypt service, which provides  our clients with the ability to instantly issue free trusted SSL certificates for all of their hosted domains.

Let’s Encrypt for cPanel is not a free plugin. It cost $30 on per server basis.  Detailed price listing is given in the below link.

https://letsencrypt-for-cpanel.com/pricing

Installation

The plugin is distributed in RPM form as part of a yum repository for CentOS 6 and 7.

Prerequisites

  • Root SSH access to server
  • 64-bit CentOS 6 or 7 (5 is not supported due to lack of SNI)
  • WHM 11.52 or higher (CloudLinux and LSWS compatible)
  • Remote access key has been generated (/root/.accesshash). If it is not present, simply visit the “Remote Access Key” page in WHM.
  1. Save our issued licence file as  /etc/letsencrypt-cpanel.licence and chmod to 0400.
  2. Add the letsencrypt package repository:
# cd /etc/yum.repos.d/
# wget https://letsencrypt-for-cpanel.com/static/letsencrypt.repo

3. install the plugin through yum

# yum install letsencrypt-cpanel

4. Once the installation completed we will  see the “Let’s Encrypt SSL” icon on the home screen of cPanel. We will be able to immediately issue certificates, provided that the domain name need to point to the server itself.

Untitled

 

 

24Jun/16

Create Domain in CentOS Web Panel

CentOS Web Panel

CentOS Web Panel is a free Web Hosting control panel. It is mainly designed for quick and easy management of servers without using ssh console for every little thing. Lots of options and features are available in this panel. As the name suggest the panel can only be installed in CentOS 6, RedHat 6 and CloudLinux 6.

How to access CentOS Web Panel after installation.

Access url

Non SSL Login: http://IP-Address:2030
SSL Login: https://IP-Address:2031

We can use the same server root logins to log in to the panel.

How to create Domain Account in CentOS Web Panel

  • Log in to the Panel as we have mentioned before.
  • Click “User Accounts” in left menu then Click “New Account”

CWP.admin

  • Enter Domain name (eg. example.com)
  • Enter username (make it similar to domain eg. example)
  • Copy random generated password from CentOS Web Panel to safe place or set your password
  • Select Package if you created previously or set it as default.
  • Enter email address in the email address field.

CWP.admin1

  • Click on button Create.
14Jun/16

Move cagefs-skeleton directory from /usr/share to another partition

CageFS is a virtualized file system and a set of tools to lock each system user in its own ‘cage’. Each customer will have its own fully functional CageFS, with all the system files, tools, etc.  For a cageFS enabled user only safe binaries are available, user will not see any other users  etc are the main benefits of CageFS.

CageFS creates individual namespace for each user, making it impossible for users to see each other’s files and creating high level of isolation. These safe files for each users are created by default on a folder location /usr/share/cagefs-skeleton.

Sometimes you need to move this cagefs-skeleton directory  from /usr/share to another partition like /home due to low free disk space available in the /usr partition. Below are the steps we used to achieve the same.

# cagefsctl --disable-cagefs 

This command will disable cagefs in the server.

 #  cagefsctl --unmount-all

This command will unmount all mount points created by cagefs.

To ensure all mount points created by cagefs are unmounted successfully please issue below command.

# cat /proc/mounts | grep cagefs 

if you see any cagefs entries, execute “cagefsctl –unmount-all” again and cagefs still exists please issue below command.

# /usr/share/cagefs-plugins/hooks/jail_shell_disable.sh

# mv /usr/share/cagefs-skeleton /home/cagefs-skeleton 

This command will move the folder from /usr to /home (which is having more free disk space).

 #  ln -s /home/cagefs-skeleton /usr/share/cagefs-skeleton

This commnad will create a softlink from /usr/share/cagefs-skeleton to /home/cagefs-skeleton where the actual files exits.

 # cagefsctl --enable-cagefs

This command will enable cagefs in the server.

If we doing this in cPanel servers, then in cPanel WHM choose “Server Configuration” and go to “Basic cPanel/WHM Setup”, then change Additional home directories default value to blank not “home”. If we haven’t set this option, then cPanel will create new accounts in incorrect places.

We encourage your valuable comments below if you encounter any issues while following this article.