Ntop is a network traffic tools that shows real time network usage on your server. You can use a web browser to manage and navigate through ntop traffic information to better understand network status. Continue reading
PHP handler means the way apache software on the server serves PHP scripts. On cPanel/WHM Servers there are four PHP handlers : SuPHP, DSO, CGI, FastCGI. suPHP is the default handler on cPanel/WHM Servers. You might be familiar with switching the PHP handler from Web Host Manager(WHM) but most of us are not sure how to do the same from server backend. This article will enlighten how to switch PHP handler on a cPanel/WHM Server.
Munin is a networked opensource resource monitoring tool that can be used to monitor servers and their services. It displays information gathered from the system as graphs through a web based interface. Here I am referring the steps for munin installation. Continue reading
[huge_it_share]Almost 75% of websites and blogs are built in wordpress which is the mostly used CMS(Content Management System) . But unfortunately websites that use wordpress are mostly prone to attacks and vulnerabilities .So lets see how we can harden wordpress to resist the attacks .
As we know wordpress is a free tool .So anyone can try installing it .The same thing is the reason for most of the wordpress attack since anyone can install it everyone know the basic settings that we are going to use in our wordpress including the hackers .This is one of the main reasons hackers get into the because they know the default settings we are going to use .So one main thing we should do is change everything as possible from default settings in wordpress .Here I will be pointing some of the main things you can do to protect your wordpress sites . Continue reading
Monit is utility or package we usually used in Linux machines for managing and monitoring service running in the Linux machines. For example services like HTTPD, MySQL etc. Monit can start a process if it does not run, restart a process if it does not respond and stop a process if it uses too much resources. The monit also has user friendly web interface where you can directly view the system status and setup up processes using native HTTP(S) web server or via the command line interface. In this blog we disscussing how we can implement monit on a Centos7 server. The Centos version I am using CentOS Linux release 7.2.1511
[root@server ~]# cat /etc/redhat-release CentOS Linux release 7.2.1511 (Core)
At this moment monit is not available in the base repository of Centos 7. So I used EPEL repository to install monit using yum.
wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-8.noarch.rpm rpm -ivh epel-release-7-8.noarch.rpm
yum install monit
Now we are going to enable monit web interface by configuring the monit conf file. After enabling we will be having a nice web interface of monit that shows status of services we are monitoring, how long it was up in the server etc. We have added a screenshot for the same at the end of this article. You are refer the same for how exactly it look like.
open /etc/monitrc using vi editer and make below changes.
originally it was like
set httpd port 2812 and use address localhost # only accept connection from localhost allow localhost # allow localhost to connect to the server and allow admin:monit # require user 'admin' with password 'monit'
After changes it will look like
set httpd port 2812 and use address x.x.x.x(server IP) # only accept connection from localhost allow y.y.y.y(Your IP) # allow localhost to connect to the server and allow admin:monit # require user 'admin' with password 'monit'
Restart service using below command
service monit restart
Allow port 2812 in the firewall and verify its listening from outside using telnet commands. In my case I was using csf firewall. So I just need to add port in the csf conf file under TCP_IN and TCP_OUT section.
After that access the monit web interface using the url like http://x.x.x.x:2812
In this section we are going to monitor our server mySQL service by monit and restart it if its failed. Below are the changes.
Create a file named mysql.conf under directory /etc/monit.d/.
Add below entries and make necessary changes as per your server and pid file name and location.
check process mysqld with pidfile /var/lib/mysql/server.namemysql.pid group mysql start program = "/usr/bin/systemctl start mysql.service" stop program = "/usr/bin/systemctl stop mysql.service" if failed host 127.0.0.1 port 3306 then restart if 5 restarts within 5 cycles then timeout
Once added check the syntax using command “monit -t” and you will get result like below.
monit -t Control file syntax OK
restart monit service using below command.
service monit restart
After that refresh the monit web panel and you will see MySQL is monitored by Monit.
In centos 7 we can see monit log from the location tail -f /var/log/monit.log
Now a days android phones are common and most of them are checking mails via phone. Here I am referring the steps for email configuration in android phones.
To configure email for Android you will need to the following:
Migration from cPanel to Plesk
Plesk and cPanel have different business models and features, requiring the conversion of migrated objects during deployment on the destination server. I am referring the way to migrate a cPanel hosting account to Plesk
For example: Parked domains in cPanel converts to domain aliases in Plesk.
Some objects and settings will not migrate due to the technical limitations
For example: Encrypted FTP user’s password in cPanel will not migrate to Plesk.
Plesk generates new passwords for FTP users during the deployment process and reports them in the migration results report.
This article explains the process of migrating accounts from cPanel to Plesk control panel using the Plesk Migration & Transfer Manager tool.
Plesk’s built-in Migration Manager is available only on latest versions of Plesk like 11.0,11.5,12.0,12.5
Open the Migration & Transfer Manager in the Plesk GUI:
Tools & Settings > Migration & Transfer Manager and click the Start New Migration button.
On the first step of the migration wizard, input the source server hostname (or IP address), the SSH server’s port, and the root user password. Then choose the options to migrate the whole server or to perform a selective migration.
Leave the Use rsync transport option enabled — this will improve the speed and reliability of the data transfer, as well as lower the free disk space requirements for both the source and the destination servers.
You can specify the location of temporary migration data on the source (Migration & Transfer Agent upload path) and destination (Temporary Files Location) servers. If the source server hosts large databases or the Use rsync transport option has been disabled, it is recommended you to choose paths to locations with enough free disk space
If selective migration was selected in the previous step, the Migration & Transfer Manager wizard will present a screen with a list of accounts on the source server, each with a check-box to select.
Additionally, you can choose the options to transfer all data, mail only, or everything except mail. By default, all data will migrate.
The next step IP address mapping allows you to choose an IP mapping scheme.(i.e. which IP addresses the domains will have on the destination server, based on the IP addresses they had on the source server)
Two or more shared IP addresses can maps to a single shared IP address on the Plesk server. But mapping of dedicated IP addresses can be done one-to-one.
IP addresses will be changed in domain’s DNS records and hosting setup during deployment.
After that, your migration will start. Progress can be monitored on the Migration & Transfer Manager screen. Upon completion, the Migration and Transfer Manager will report on the general status of the migration. (Completed or Completed with errors)
If the migration finishes with errors, links to view or download the migration results report will be available on the migration process screen. To access it, click on the source server’s hostname in the list of migrations
For migration assistance, you can contact us. Also we will manage cPanel and Plesk servers with lowest rates, you can check our cPanel Server Management for more details.
What is Dirty COW Vulnerability and why its called so ?
Dirty COW vulnerability allows attackers to gain root access to servers and take control over the whole system.A rare condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
What is the CVE-2016-5195 ?
CVE-2016-5195 is the official reference to this bug. CVE (Common Vulnerabilities and Exposures) is the Standard for Information Security Vulnerability Names maintained by MITRE.
Who found the Dirty COW vulnerability?
How to check if vulnerability is affected on your server
To find out if your server is affected, check your kernel version.
# uname -rv
You’ll see output like this:
4.4.0-42-generic #62-Ubuntu SMP Wed Oct 26 22:10:20 IST 2016
If your version is earlier than the following, you are affected:
– 4.8.0-26.28 for Ubuntu 16.10
– 4.4.0-45.66 for Ubuntu 16.04 LTS
– 3.13.0-100.147 for Ubuntu 14.04 LTS
– 3.2.0-113.155 for Ubuntu 12.04 LTS
– 3.16.36-1+deb8u2 for Debian 8
– 3.2.82-1 for Debian 7
– 4.7.8-1 for Debian unstable
Some versions of CentOS can use this script provided by RedHat for RHEL to test your server’s vulnerability. To try it, first download the script.
# wget https://access.redhat.com/sites/default/files/rh-cve-2016-5195_1.sh
Then run it with bash.
# sh rh-cve-2016-5195_1.sh
If you’re vulnerable, you’ll see output like this:
Your kernel is 3.10.0-327.36.1.el7.x86_64 which IS vulnerable.
Red Hat recommends that you update your kernel. Alternatively, you can apply partial
mitigation described at https://access.redhat.com/security/vulnerabilities/2706661 .
The easiest way to protect your computers running Linux is to update your Linux distro to the latest version. You can use the following commands to update your Debian/Ubuntu/Centos and RHEL systems,also you need to reboot after updating it.
# sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade
# sudo yum update
# sudo reboot
To update your kernel on CentOS 7, run:
# sudo yum update
There is still no official update of the CentOS 5 and 6 kernel.we’re still waiting on a fix for CentOS 5 and 6. You can use this workaround from the Red Hat bug tracker.
Configuring postfix to block all emails except the specified email accounts.
If you need allow a emailing only from a particular from the postfix email server you can follow the below steps.
Use Transport Mapping
Here we can tell the postfix mail server to sent or disregard the emails. For this we need to edit the postfix configuration file.
Please make sure to take the backup of config files before editing. So that we can restore the original files if any errors occured while editing. You can take the backup like this
#cp -p /etc/postfix/main.cf /etc/postfix/main.cf.original
add the below line on the configuration
transport_maps = hash:/etc/postfix/transport
Now we need to edit the file /etc/postfix/transport
Here add the domain which we need to allow sending mail
example.com : * discard;
This will simply discard messages to any email address not of the domain example.com. If you wanted to reject with an error you’d use (set the error text to suit your needs)
You can add like this
example.com: * error: Not allowed for all domains
We can add additional domains after example.com (one line per domain).
Save the file.
Now we need to create a hash of the file (unless you used texthash in main.cf)
We need to reload postfix to get effect the changes.
During these days the request for MongoDB installation on Linux servers is high because the developers are really like the same.MongoDB is officially a “NoSQL” database. NoSQL refers to a database with a data model other than the tabular format used in relational databases such as MySQL, PostgreSQL, and Microsoft SQL. MongoDB features include: full index support, replication, high availability, and auto-sharding. MongoDb is usually used to store large amount of data. MongoDB helps you to integrate database information into your apps easier and faster.
MongoDB officially still not supported on cPanel servers but there is a way to install MogoDB on cPanel server and there are many users using them. The install is possible because actually cPanel server is a Linux server itself. Only problem we have is we need to create the mongo databases from shell and the users and administer it so as well.
Today we are going to install MongoDB in a cPanel server powered by Centos 6
PHP-pear for full pecl support
PHP-devel package installed to compile extension manually
Now we are performing the MongoDB install via MongoDB Repo
- Login to the server via ssh as root user.
- create a file named /etc/yum.repos.d/mongodb.repo
- In my case I am using a 64bit operating system. So need to add below lines.
[mongodb] name=MongoDB Repository baseurl=http://downloads-distro.mongodb.org/repo/redhat/os/x86_64/ gpgcheck=0 enabled=1
- use below lines if you are using a 32 bit operating system.
[mongodb] name=MongoDB Repository baseurl=http://downloads-distro.mongodb.org/repo/redhat/os/i686/ gpgcheck=0 enabled=1
- Save the file in the vim editor.
- Install MongoDB using Yum
yum install mongo-10gen mongo-10gen-server
- At this point, we have installed MongoDB on our server + cPanel box.
- Configure MongoDB to start on boot and manually start the service.
chkconfig mongod on service mongod start
- Check MongoDB Service Status
service mongod status
- Summary List of Status Statistics
- Enter the MongoDB Command Line
- By default, running this command will look for a MongoDB server listening on port 27017 on the localhost interface.if you wanted to connect to a local MongoDB server listening on port 435984
mongo --port 22222
- Install MongoDB PHP Extension, so php code can interact with MongoDB
pecl install mongo /scripts/restartsrv_httpd
- Once installed we can verify the same using below command.
php -i | grep mongo -i
So now we completed the initial setup needed for MongoDB install on a cPanel server. Please post your comments below.