14Nov/16

How to change PHP handler from Server Backend

PHP handler means the way apache software on the server serves PHP scripts. On cPanel/WHM Servers there are four PHP handlers : SuPHP, DSO, CGI, FastCGI. suPHP is the default handler on cPanel/WHM Servers. You might be familiar with switching the PHP handler from Web Host Manager(WHM) but most of us are not sure how to do the same from server backend. This article will enlighten how to switch PHP handler on a cPanel/WHM Server.

Continue reading

14Nov/16

How to harden wordpress

[huge_it_share]Almost 75% of websites and blogs are built in wordpress which is the mostly used CMS(Content Management System) . But unfortunately websites that use wordpress are mostly prone to attacks and vulnerabilities .So lets see how we can harden wordpress to resist the attacks .

As we know wordpress is a free tool .So anyone can try installing it .The same thing is the reason for most of the wordpress attack since anyone can install it everyone know the basic settings that we are going to use in our wordpress including the hackers .This is one of the main reasons hackers get into the because they know the default settings we are going to use .So one main thing we should do is change everything as possible from default settings in wordpress .Here I will be pointing some of the main things you can do to protect your wordpress sites . Continue reading

02Nov/16

Monit how to install & Configure on CentOS 7/RHEL 7

Monit is utility or package we usually used in Linux machines for managing and monitoring service running in the Linux machines. For example services like HTTPD, MySQL etc. Monit can start a process if it does not run, restart a process if it does not respond and stop a process if it uses too much resources. The monit also has user friendly web interface where you can directly view the system status and setup up processes using native HTTP(S) web server or via the command line interface.  In this blog we disscussing how we can implement monit on a Centos7 server. The Centos version I am using CentOS Linux release 7.2.1511

[root@server ~]# cat /etc/redhat-release 
CentOS Linux release 7.2.1511 (Core)

At this moment monit is not available in the base repository of Centos 7. So I used EPEL repository to install monit using yum.

wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-8.noarch.rpm

rpm -ivh epel-release-7-8.noarch.rpm
yum install monit

Monit configuration
Now we are going to enable monit web interface by configuring the monit conf file. After enabling we will be having a nice web interface of monit that shows status of services we are monitoring, how long it was up in the server etc. We have added a screenshot for the same at the end of this article. You are refer the same for how exactly it look like.

open  /etc/monitrc using vi editer and make below changes.

originally it was like

set httpd port 2812 and
 use address localhost # only accept connection from localhost
 allow localhost # allow localhost to connect to the server and
 allow admin:monit # require user 'admin' with password 'monit'

After changes it will look like

set httpd port 2812 and
 use address x.x.x.x(server IP) # only accept connection from localhost
 allow y.y.y.y(Your IP) # allow localhost to connect to the server and
 allow admin:monit # require user 'admin' with password 'monit'

Restart service using below command

service monit restart

Allow port 2812 in the firewall and verify its listening from outside using telnet commands. In my case I was using csf firewall. So I just need to add port in the csf conf file under TCP_IN and TCP_OUT section.

After that access the monit web interface using the url like http://x.x.x.x:2812

If you need us to setup the sever with nginx or php-fpm with high performance, you can contact us for the setup. Either you can subscribe for our Server Management or use our Hourly server management

Service Configuration

In this section we are going to monitor our server mySQL service by monit and restart it if its failed. Below are the changes.

Create a file named mysql.conf under directory /etc/monit.d/.

Add below entries and make necessary changes as per your server and pid file name and location.

check process mysqld with pidfile /var/lib/mysql/server.namemysql.pid
group mysql
start program = "/usr/bin/systemctl start mysql.service"
stop program = "/usr/bin/systemctl stop mysql.service"
if failed host 127.0.0.1 port 3306 then restart
if 5 restarts within 5 cycles then timeout

Once added check the syntax using command “monit -t” and you will get result like below.

monit -t
Control file syntax OK

restart monit service using below command.

service monit restart

After that refresh the monit web panel and you will see MySQL is monitored by Monit.

In centos 7 we can see monit log from the location tail -f /var/log/monit.log

monit-server

 

 

27Oct/16
cPanel to Plesk Migration

cPanel to Plesk – How to Migrate a hosting account ?

Migration from cPanel to Plesk

Plesk and cPanel have different business models and features, requiring the conversion of migrated objects during deployment on the destination server. I am referring the way to migrate a cPanel hosting account to Plesk

For example: Parked domains in  cPanel converts to domain aliases in Plesk.

Some objects and settings will not migrate due to the technical limitations

For example: Encrypted FTP user’s password in cPanel will not migrate to Plesk.

 Plesk generates new passwords for FTP users during the deployment process and reports them in the migration results report.

This article explains the process of migrating accounts from cPanel to Plesk control panel using the Plesk Migration & Transfer Manager tool.

Plesk’s built-in Migration Manager is available only on latest versions of Plesk like 11.0,11.5,12.0,12.5

Open the Migration & Transfer Manager in the Plesk GUI:

Tools & Settings > Migration & Transfer Manager 
and click the Start New Migration button.

Step 1:

On the first step of the migration wizard, input the source server hostname (or IP address), the SSH server’s port, and the root user password. Then choose the options to migrate the whole server or to perform a selective migration.

Leave the Use rsync transport option enabled — this will improve the speed and reliability of the data transfer, as well as lower the free disk space requirements for both the source and the destination servers.

Migration Settings

untitled

You can specify the location of temporary migration data on the source (Migration & Transfer Agent upload path) and destination (Temporary Files Location) servers. If the source server hosts large databases or the Use rsync transport option has been disabled, it is recommended you to choose paths to locations with enough free disk space

Step 2:

If selective migration was selected in the previous step, the Migration & Transfer Manager wizard will present a screen with a list of accounts on the source server, each with a check-box to select.

Additionally, you can choose the options to transfer all data, mail only, or everything except mail. By default, all data will migrate.

Step 3:

The next step IP address mapping  allows you to choose an IP mapping scheme.(i.e. which IP addresses the domains will have on the destination server, based on the IP addresses they had on the source server)

Two or more shared IP addresses can maps to a single shared IP address on the Plesk server. But mapping of dedicated IP addresses can be done one-to-one.

IP addresses will be changed in domain’s DNS records and hosting setup during deployment.

untitled2

 

Step 4:

After that, your migration will start. Progress can be monitored on the Migration & Transfer Manager screen. Upon completion, the Migration and Transfer Manager will report on the general status of the migration. (Completed or Completed with errors)

untitled3

If the migration finishes with errors, links to view or download the migration results report will be available on the migration process screen. To access it, click on the source server’s hostname in the list of migrations

For migration assistance, you can contact us. Also we will manage cPanel and Plesk servers with lowest rates, you can check our cPanel Server Management for more details.

27Oct/16

Secure and Fix dirty COW Linux Vulnerability

What is Dirty COW Vulnerability and why its called so ?

Dirty COW vulnerability allows attackers to gain root access to servers and take control over the whole system.A rare condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

What is the CVE-2016-5195 ?

CVE-2016-5195 is the official reference to this bug. CVE (Common Vulnerabilities and Exposures) is the Standard for Information Security Vulnerability Names maintained by MITRE.

Who found the Dirty COW vulnerability?

Phil Oester

How to check if vulnerability is affected on your server

Ubuntu/Debian

To find out if your server is affected, check your kernel version.

# uname -rv

You’ll see output like this:

Output
4.4.0-42-generic #62-Ubuntu SMP Wed Oct 26 22:10:20 IST 2016

If your version is earlier than the following, you are affected:
– 4.8.0-26.28 for Ubuntu 16.10
– 4.4.0-45.66 for Ubuntu 16.04 LTS
– 3.13.0-100.147 for Ubuntu 14.04 LTS
– 3.2.0-113.155 for Ubuntu 12.04 LTS
– 3.16.36-1+deb8u2 for Debian 8
– 3.2.82-1 for Debian 7
– 4.7.8-1 for Debian unstable

CentOS

Some versions of CentOS can use this script provided by RedHat for RHEL to test your server’s vulnerability. To try it, first download the script.

# wget https://access.redhat.com/sites/default/files/rh-cve-2016-5195_1.sh

Then run it with bash.

# sh rh-cve-2016-5195_1.sh

If you’re vulnerable, you’ll see output like this:

Output

Your kernel is 3.10.0-327.36.1.el7.x86_64 which IS vulnerable.
Red Hat recommends that you update your kernel. Alternatively, you can apply partial
mitigation described at https://access.redhat.com/security/vulnerabilities/2706661 .
Standard Resolution

The easiest way to protect your computers running Linux is to update your Linux distro to the latest version. You can use the following commands to update your Debian/Ubuntu/Centos and RHEL systems,also you need to reboot after updating it.

Debian/Ubuntu:
# sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade

RHEL:
# sudo yum update
# sudo reboot

CentOS:

To update your kernel on CentOS 7, run:
# sudo yum update

There is still no official update of the CentOS 5 and 6 kernel.we’re still waiting on a fix for CentOS 5 and 6. You can use this workaround from the Red Hat bug tracker.

You can find more technical details about the Dirty COW vulnerability and exploit on the bug’s official website dirtycowRedHat site and GitHub page.

 

20Oct/16

Configuring postfix to block all emails except one email accounts

Configuring postfix to block all emails except the specified email accounts.

If you need allow a emailing only from a particular from the postfix email server you can follow the below steps.

Use Transport Mapping

Here we can tell the postfix mail server to sent or disregard the emails. For this we need to edit the postfix configuration file.

Please make sure to take the backup of config files before editing. So that we can restore the original files if any errors occured while editing. You can take the backup like this

#cp -p /etc/postfix/main.cf /etc/postfix/main.cf.original
#vi /etc/postfix/main.cf

add the below line on the configuration

transport_maps = hash:/etc/postfix/transport

Now we need to edit the file /etc/postfix/transport

#vi /etc/postfix/transport

Here add the domain which we need to allow sending mail

example.com :
* discard;

This will simply discard messages to any email address not of the domain example.com. If you wanted to reject with an error you’d use (set the error text to suit your needs)

You can add like this

 
example.com:


* error: Not allowed for all domains

We can add additional domains after example.com (one line per domain).

Save the file.

Now we need to create a hash of the file (unless you used texthash in main.cf)

postmap /etc/postfix/transport

We need to reload postfix to get effect the changes.

/etc/init.d/postfix reload
20Oct/16

MongoDB install in cPanel

During these days the request for MongoDB installation on Linux servers is high because the developers are really like the same.MongoDB is officially a “NoSQL” database. NoSQL refers to a database with a data model other than the tabular format used in relational databases such as MySQL, PostgreSQL, and Microsoft SQL. MongoDB features include: full index support, replication, high availability, and auto-sharding. MongoDb is usually used to store large amount of data. MongoDB helps you to integrate database information into your apps easier and faster.

MongoDB officially still not supported on cPanel servers but there is a way to install MogoDB on cPanel server and there are many users using them. The install is possible because actually cPanel server is a Linux server itself. Only problem we have is we need to create the mongo databases from shell and the users and administer it so as well.

Today we are going to install MongoDB in a cPanel server powered by Centos 6

Technical requirements

root access
PHP-pear for full pecl support
PHP-devel package installed to compile extension manually

Now we are performing the MongoDB install via MongoDB Repo

  • Login to the server via ssh as root user.
  • create a file named /etc/yum.repos.d/mongodb.repo
vim /etc/yum.repos.d/mongodb.repo
  • In my case I am using a 64bit operating system. So need to add below lines.
[mongodb]
name=MongoDB Repository
baseurl=http://downloads-distro.mongodb.org/repo/redhat/os/x86_64/
gpgcheck=0
enabled=1
  • use below lines if you are using a 32 bit operating system.
[mongodb]
name=MongoDB Repository
baseurl=http://downloads-distro.mongodb.org/repo/redhat/os/i686/
gpgcheck=0
enabled=1
  • Save the file in the vim editor.
  • Install MongoDB using Yum
yum install mongo-10gen mongo-10gen-server

imgpsh_fullsize

  • At this point, we have installed MongoDB on our server + cPanel box.
  • Configure MongoDB to start on boot and manually start the service.
chkconfig mongod on
service mongod start
  • Check MongoDB Service Status
service mongod status
  • Summary List of Status Statistics
mongostat
  • Enter the MongoDB Command Line
mongo
  • By default, running this command will look for a MongoDB server listening on port 27017 on the localhost interface.if you wanted to connect to a local MongoDB server listening on port 435984
mongo --port 22222
  • Install MongoDB PHP Extension, so php code can interact with MongoDB
pecl install mongo
/scripts/restartsrv_httpd
  • Once installed we can verify the same using below command.
    php -i | grep mongo -i

So now we completed the initial setup needed for MongoDB install on a cPanel server. Please post your comments below.