WHMCS 4.41 and the Plesk server module

WHMCS version 4.41 has split the Plesk server automation module out into three separate versions; plesk8, plesk9 and plesk10, but the upgrade script doesn’t handle changing the automation module settings for either your servers or your products/services. As a result of this short sightedness on the developer’s part you will loose all automation of your Plesk servers (account creation, suspension, termination, statistics updates etc.) and start experiencing fatal PHP errors in both the admin and client areas of WHMCS where the functions provided by the old “plesk” module are used (which is basically any area using products/services or servers defined with the “plesk” module) unless you retain the generic “plesk” module from your previous WHMCS 4.31 install. As copying over the “modules/servers/plesk” folder from WHMCS v4.31 or symlinking the appropriate folder of one of the new modules to “modules/servers/plesk” seems like a massive dirty hack to me, instead I decided to do what the WHMCS 4.41 installer should have done in the first place and fix the database to use the correct version of the new Plesk server module. For me the new “plesk9? module is the one to use, but you can adjust the following SQL appropriately to suit your needs (remember to backup your database however you see fit before you begin!):

As usual with WHMCS, there are no mention of any changes to the Plesk module in the release notes for version 4.41.

How to Install Mod_Security on Direct Admin

What is mod_security or modsecurity?

ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding applications from attacks. ModSecurity supports both branches of the Apache web server.
This HOW-TO is for Apache 2.X only.

cd /usr/local/src

mkdir modsecurity2

cd modsecurity2

wget http://www.serverbuddies.com/files/modsecurity-apache_2.5.9.tar.gz

perl -pi -e ’s/ServerTokens Major/ServerTokens Full/’ /etc/httpd/conf/extra/httpd-default.conf

perl -pi -e ’s/ServerSignature Off/ServerSignature On/’ /etc/httpd/conf/extra/httpd-default.conf

perl -pi -e ’s/ServerSignature EMail/ServerSignature On/’ /etc/httpd/conf/extra/httpd-default.conf

tar xzf modsecurity-apache_2.5.9.tar.gz

cd modsecurity-apache_2.5.9

cd apache2

./configure

make

make test

make install

Now we download a pre-defined mod_sec ruleset,

cd /etc/modsecurity2/

wget http://www.serverbuddies.com/files/modsec.v2.rules.conf

Add the new compiled mod_security module into the apache configuration,

vi /etc/httpd/conf/httpd.conf

After:

LoadModule php5_module /usr/lib/apache/libphp5.so

Add:

For 32bit -

LoadFile /usr/lib/libxml2.so

LoadModule security2_module     /usr/lib/apache/mod_security2.so

For 64bit -

LoadFile /usr/lib64/libxml2.so

LoadModule security2_module    /usr/lib/apache/mod_security2.so

At the botton of the httpd.conf config file we add the following,

# ModSecurity2 config file.

Include /etc/modsecurity2/modsec.v2.rules.conf

Restart the webserver.

service httpd restart

Installation should be completed and mod_sec should be now loaded on your Apache webserver.

Disable and Uninstall APF Firewall Script

You can easily disable and uninstall APF firewall script under any Linux distributions. Simply type the following command as root user.

Linux Remove APF firewall

# service iptables stop
# chkconfig apf off
# /bin/rm -rfv /etc/apf
# /bin/rm -fv /etc/cron.daily/fw
# /bin/rm -fv /etc/init.d/apf
# iptables -L -n

WARNING! These examples open your computer to everyone on the internet by disabling iptables firewall protection if executed.

Using remote desktop over SSH on a Linksys router

One of the easiest methods to allow remote access to your home PC involves opening and forwarding port 3389 on your router to your PC’s internal IP address. This works in most situations, but not always. This article describes how to run an SSH server on your home router (Linksys, Buffalo, Broadcom-based routers) to tunnel the windows remote desktop client (RDP) through the SSH tunnel to bypass firewall restrictions and to secure the RDP session. Not only can you use this to gain access to your home computer remotely, but you’ll have a full-fledged proxy that doesn’t require you to keep your home computer powered on, only your router. The proxy is great for browsing the web on public WIFI or untrusted networks. When I travel, especially in places like China where it’s well known that the government harvests usernames and passwords, I ONLY access the internet through my remote machine tunneled through SSH.

Problem Adding Addon Domains

Error from park wrapper: Using nameservers with the following IPs: 77.74.196.121,77.74.196.120 Sorry, the domain is already pointed to an IP address that does not appear to use DNS servers associated with this server. Please transfer the domain to this servers nameservers or have your administrator add one of its nameservers to /etc/ips.remotedns and make the proper A entries on that remote nameserver.

Try to find the following option in your WHM -> Tweak Settings:

Allow Creation of Parked/Addon Domains that resolve to other servers (i.e. domain transfers) [This can be a major security problem. If you must have it enabled, be sure to not allow users to park common internet domains.]

and enable it. Your problem can be solved.

How do I generate a CSR on Microsoft IIS 7.0

Resolution

To generate a CSR for Microsoft IIS 7.0, perform the following steps:

1. Choose Start > Administrative Tools > Internet Information Services (IIS) Manager
2. In the IIS Manager, choose your server name
3. In the Features pane (the middle pane), double-click the Server Certificates option (Figure A) located under the Security heading.



4. You will notice two default certificates already installed on this server. To begin the process of requesting a new certificate, from the Actions pane, choose the Create Certificate Request option as shown below in Figure B.



5. The first screen of the wizard asks for details regarding the new site. The common name should match the fully-qualified domain name for the site. Otherwise, provide information about your site, making sure to spell out the name of your state and locality. (Figure C)



6. Click Next to continue.
7. The next screen of the wizard asks you to choose cryptography options. The default, Microsoft RSA SChannel Cryptography Provider is fine. A key length of 1,024 bits is the default option and is fine as well. (Figure D)



8. Click Next to continue.
9. Finally, provide a filename to which to save the certificate request. You will need the contents of this file in the next step, so make sure you know where to find it. (Figure E)

#2002 – The server is not responding (or the local MySQL server’s socket is not correctly configured”

#2002 – The server is not responding (or the local MySQL server’ssocket is not correctly configured”

Here is what worked for me

pico /usr/local/cpanel/base/3rdparty/phpMyAdmin/config.inc.php

find

$cfg['Servers'][$i]['socket'] = ”;
change to
$cfg['Servers'][$i]['socket'] = ‘/var/lib/mysql/mysql.sock’;

next line

$cfg['Servers'][$i]['connect_type'] = ‘tcp’;

change to

$cfg['Servers'][$i]['connect_type'] = ‘socket’;

like i said worked for me

Create a test instance of a Magento store

Once I have a new Magento site up and running, I always like to create a freshly copied test or development instance of the site.  I use the development site to test out any new code, style, or configuration changes before applying them to the production server. Better safe than sorry, right?

I used to create the test instance as a subdomain on the production server.  However, that approach can lead to easy mistakes, at least in my experience.  When the paths are so close, it is easy to accidently wind up in the magento root rather than in the subdirectory.  So, my preferred approach these days is to have a separate domain, say mytestserver.us, and have all of my dev servers on it.  So, I may have one magento instance under mytestserver.us/site1 and another under mytestserver.us/site2.  In my case, the production domain (let's call it myprodserver.com, for example) and the dev server reside on the same VPS, so it is easy to copy files as needed via SSH.

When the production site is in a state that is ready to copy, here are the steps I take:

1. Decide on the location for the development instance files.  In my case, I have a separate domain, mytestserver.us, and a subdirectory for each test instance.  So, I login to my VPS via SSH and create a new subdirectory.
   

   cd /home/mytestserver/public_html/
   
   mkdir newtestsite

   
   


2. Copy the production server Magento files to the new test server subdirectory.
   

   cp -r /home/myprodserver/public_html/* /home/mytestserver/public_html/newtestsite/
   
   cp /home/myprodserver/public_html/.htaccess /home/mytestserver/public_html/newtestsite/

   
   


3. Create a new empty database on the testserver.


4. Create a data dump from the production database.  The mySQL command is noted below.  Replace the all caps items with your information.
   

   mysqldump -h DBHOST -u DBUSER -pDBPASS DBNAME > /home/backup/data.sql

   
   


5. Import the data dump previously created into the empty database on the test server.  Replace the all caps items with the credentials for your new test server database.
   

   mysql -h DBHOST -u DBUSER -pDBPASS DBNAME < /home/backup/data.sql

   
   


6. Next you'll need to make some edits.  In the test database, go to the core_config_data table and change the values of web/unsecure/base_url and web/secure/base_url to the test server url.  E.g.  http://mytestserver.us/newtestsite/.  I do not use an SSL certificate on my development servers, so the value for the unsecure and secure urls are the same.  I make the edits using phpMyAdmin.  Below is example SQL for the updates.
   

   UPDATE core_config_data SET value="http://mytestserver.us/newtestsite/" WHERE path=’web/unsecure/host’;
   
   UPDATE core_config_data SET value="http://mytestserver.us/newtestsite/" WHERE path=’web/secure/host’;

   
   


7. Clear cache files that were copied over from the production site.
   

   cd /home/mytestserver/public_html/newtestsite
   
   rm -rf var/*

   
   


8. Edit the local.xml file (app/etc/local.xml).  Change the database values to point to the new test database host, database name, user, and password.  If you are using a php cache such as apc, also remove or comment out the lines that use it.  It is preferable not to have caching turned on in a development environment so all changes are reflected immediately.


9. You should now be able to navigate to the new test instance's frontend and backend.


10. Go to the backend to make some further changes to the settings (e.g. http://mytestserver.us/newtestsite/admin/).  The login is the same as the production instance. Below are some of the items you may want to set differently for the development version of the site.
    
    
    
    • Turn on the store demo notice.  System > Configuration > Design > HTML Head > Display Demo Store Notice.
    
    
    • Change email addresses used.  For testing, you probably want emails to go to you or other developer, rather than the store owner. System > Configuration > Store Email Addresses and Sales Emails.
    
    
    • Turn off production payment methods.  For example, you may want to either disable Paypal entirely, or put it in Sandbox mode.  Likewise, you may want to turn on Check / Money Order, or other quick and easy payment method for testing order functionality.
    
    
    • Turn off SSL.  Turn off Javascript file merging.  System > Configuration > General > Web > Secure > Use Secure URLs in Frontend.
    
    
    • Turn off Google Analytics.  System > Configuration > Google API > Google Analytics.
    
    
    • Turn off Javascript file merging.  System > Configuration > Advanced > Developer > Javascript Settings.  Also turn off CSS file merging if it was used.
    
    
    • Turn off Caching.  System > Cache > Select All, then Disable.  Also Flush Javascript/CSS Cache.
    
    
    • Rebuild indices.  System > Index Management > Select all, then Rebuild.
    
    
    • You may also want to change the admin login or other accounts.  System > Permissions > Users.
    
    
    
    


11. Also check your .htaccess file on the test instance to make sure that any production-only rewrite rules are removed or commented out.  I also like to password protect the directory so that only allowed users have access.  Below is an example of the code to add to your .htaccess file after you have set up the password (this is usually an option in your hosting control panel).
    

    AuthName "Protected Area"
    AuthType Basic
    AuthUserFile /home/mytestserver/.htpasswds/public_html/newtestsite/passwd
    Require valid-user

    
    


12. Edit your robots.txt file to keep search engine robots away.
    

    User-agent: *
    Disallow: /

    
    


13. That's it!  You now have a copy of your production Magento store ready for development and testing.

Change admin password - Plesk

Contents

Change admin password in Plesk

Broken database PSA in MySQL

Change admin password in Plesk

ions today How to Install Clam AntiVirus (ClamAV) in RHEL/CentOS 4

To install Clam AntiVirus (ClamAV), we are going to use the precompiled binaries from Dag Wieers RPM packages for Red Hat, RHEL, CentOS and Fedora. To do this, we are going to configure Yum to look for the ClamAV packages in Dag’s repository.

Adding Dag Wieers RPM Repository to Yum

1. Click Applications, select System Tools and click Terminal. This will launch the Terminal window. Type in the command cd /etc/yum.repos.d and press Enter. This will bring us to the Yum repository configuration directory.

Run ASP on Your Own PC

Your Windows PC as a Web Server

Your own PC can act as a web server if you install IIS or PWS
IIS or PWS turns your computer into a web server
Microsoft IIS and PWS are free web server components
IIS - Internet Information Server

IIS is a set of Internet-based services for servers created by Microsoft for use with Microsoft Windows.

IIS comes with Windows 2000, XP, and Vista. It is also available for Windows NT.

IIS is easy to install and ideal for developing and testing web applications.


PWS - Personal Web Server

PWS is for older Windows system like Windows 95, 98, and NT.

PWS is easy to install and can be used for developing and testing web applications including ASP.

We don't recommend running PWS for anything else than training. It is outdated and has security issues.

Windows Web Server Versions

Windows Vista Business, Enterprise and Ultimate come with IIS 7
Windows Vista Home Premium comes with IIS 7
Windows Vista Home Edition does not support PWS or IIS
Windows XP Professional comes with IIS 5.1
Windows XP Home Edition does not support IIS or PWS
Windows 2000 Professional comes with IIS 5.0
Windows NT Professional comes with IIS 3 and also supports IIS 4
Windows NT Workstation supports PWS and IIS 3
Windows ME does not support PWS or IIS
Windows 98 comes with PWS
Windows 95 supports PWS
How to Install IIS on Windows Vista

Follow these steps to install IIS on Windows Vista:

Open the Control Panel from the Start menu
Double-click Programs and Features
Click "Turn Windows features on or off" (a link to the left)
Select the check box for Internet Information Services (IIS), and click OK
After you have installed IIS, make sure you install all patches for bugs and security problems. (Run Windows Update).

How to Install IIS on Windows XP and Windows 2000

Follow these steps to install IIS on Windows XP and Windows 2000:

On the Start menu, click Settings and select Control Panel
Double-click Add or Remove Programs
Click Add/Remove Windows Components
Click Internet Information Services (IIS)
Click Details
Select the check box for World Wide Web Service, and click OK
In Windows Component selection, click Next to install IIS
After you have installed IIS, make sure you install all patches for bugs and security problems. (Run Windows Update).

How to Install IIS on Windows XP and Windows 2000

Follow these steps to install IIS on Windows XP and Windows 2000:

On the Start menu, click Settings and select Control Panel
Double-click Add or Remove Programs
Click Add/Remove Windows Components
Click Internet Information Services (IIS)
Click Details
Select the check box for World Wide Web Service, and click OK
In Windows Component selection, click Next to install IIS
After you have installed IIS, make sure you install all patches for bugs and security problems. (Run Windows Update).

Test Your Web
After you have installed IIS or PWS follow these steps:

Look for a new folder called Inetpub on your hard drive
Open the Inetpub folder, and find a folder named wwwroot
Create a new folder, like "MyWeb", under wwwroot
Write some ASP code and save the file as "test1.asp" in the new folder
Make sure your Web server is running (see below)
Open your browser and type "http://localhost/MyWeb/test1.asp", to view your first web page
Note: Look for the IIS (or PWS) symbol in your start menu or task bar. The program has functions for starting and stopping the web server, disable and enable ASP, and much more.

Sending Email with ASP and CDOSYS

How convert .htaccess file to web.config

I have a requirement to re-define the apache re-write rule to IIS knowing language using web.xml on Windows 2008 server. There is one easy trick to achieve this.

Basic operations are,

1. Install Mod Rewrite component on II7
2. Create a website on IIS and import the .httaccess file

1. Installing Mod Rewrite Module

Download and install Mod Rewrite module from the following url according to your OS architecture.
http://learn.iis.net/page.aspx/460/using-the-url-rewrite-module/. Then Close the IIS MMC and reopen it. Now you see that module is present as shown below

Then Click on ” import rules” label showing on the right side of the window tree. Find the .htaccess file and import and t hen click to apply. It will create/update the web.config file in the document root directory.

Here is the sample code which I used for re-writing Codeigniter frame work

It’s file name is “web.config”

Cannot send emails- RoundCube just shows "Sending Message"

I found a problem with Roundcube, it shows sending message and hangs up there and actually it doesn't send message anymore. I found the following solution here.


Problem with Roundcube, installed when updated to newest CURRENT release. - Page 3 - cPanel Forums:


vi /usr/local/cpanel/base/3rdparty/roundcube/config/main.inc.php

and changed

$rcmail_config['smtp_user'] = '%u';
to
$rcmail_config['smtp_user'] = '';

FIXED....

How To CreateHow To Create OpenVZ Virtual Machines (VPS) OpenVZ Virtual Machines (VPS)

How do I create OpenVZ virtual machine (VPS) to run CentOS or Debian as VPS?

OpenVZ comes with a template for each VPS or virtual machine. OpenVZ provides templates for all leading Linux distributions. You need to download those templates in order to create a VPS. Visit this page to grab templates for vps.

Download Ubuntu Linux VPS

Type the following commands to download precreated Ubuntu Linux template:

# cd /vz/template/cache
# wget http://download.openvz.org/template/precreated/ubuntu-9.04-x86_64.tar.gz

Download CentOS 64 bit template:

# cd /vz/template/cache
# wget http://download.openvz.org/template/precreated/centos-5-x86_64.tar.gz

Create VPS

Now you’ve download the template for your virtual machine. You can just start a VPS based on the template you have just downloaded, by typing the following commands:  [10 is VPS ID you can use as per your requirement]

vzctl create 10 –ostemplate ubuntu-9.04-x86_64
vzctl set 10 –onboot yes –save

***  Set IP for VPS ***
vzctl set 10 –ipadd 192.168.1.5 –save

*** Set Nameservers IP for VPS ***
vzctl set 10 –nameserver 192.168.1.111 –save
vzctl set 10 –nameserver 192.168.1.111 –save

*** Set Hostname IP for VPS ***
vzctl set 10 –hostname ourlinuxblog.wordpress.com –save

*** Set Disk quota for VPS (10G min [soft] and 11G max hard limit) ***
vzctl set 10 –diskspace 10G:11G –save

*** Okay lets the vps ***
vzctl start 10

***  Set root user password for VPS ***
vzctl exec 10 passwd

vzctl is used to create and set various vps properties such as memory, disk usage and much more. Where,

• create 10 : Your VPS ID.


• –ostemplate ubuntu-9.04-x86_64 : VPS template.


• –config vps.ubuntu: Save configuration.


• set 10 : Set various option for VPS ID # 10.


• –onboot yes : Make sure VPS boots automatically after a reboot.


• –save : Save changes to config file.

Common OpenVZ Admin Tasks

vzctl act as a master tool for various tasks:

How Do I Set VPS Name to ourlinuxblog.wordpress.com ?

# vzctl set 10 –hostname ourlinuxblog.wordpress.com –save

How Do I Set VPS IP Address?

# vzctl set 10 –ipadd 74.86.48.99 –save

How Do I Set VPS DNS Name Servers?

# vzctl set 10 –nameserver 10.0.1.11 –save

How Do I Set Disk Quota?

# vzctl set 10 –diskspace SoftLimitG:HardLimitG –save

# vzctl set 10 –diskspace 10G:12G –save

How Do I Stop / Start / Restart VPS Servers?

# vzctl start 10
# vzctl restart 10
# vzctl stop 10

How Do I Run a Command For VPS?

You can run command as follows

# vzctl exec 10 w
# vzctl exec 10 df
# vzctl exec 10 date
# vzctl exec 10 ps aux

How Do I Login Into VPS Server (container)?

# vzctl enter 10

How Do I Delete VPS?

Type the following command to delete VPS:

# vzctl destroy 10

cPanel, Lxadmin or Direct Admin – Roundcube issues

cPanel, Lxadmin or Direct Admin – Roundcube issues – SERVICE CURRENTLY NOT AVAILABLE! Error No. [500] / Error No. [0x01F4]

On cPanel, just update roundcube

/usr/local/cpanel/bin/update-roundcube --force

On Lxadmin, just re-install

rm /var/cache/lxadmin/lxwebmail*
lphp.exe ../bin/misc/installRoundCube.php
/script/upcp

On DirectAdmin

check logs   var/www/html/roundcube/logs/error

just deleted da_roundcube
and ./build roundcube

solved the problem

ack up From the Command Line (using mysqldump)

If you have shell or telnet access to your web server, you can backup your MySQL data by using the mysqldump command. This command connects to the MySQL server and creates an SQL dump file. The dump file contains the SQL statements necessary to re-create the database. Here is the proper syntax:

# mysqldump --opt -u [uname] -p[pass] [dbname] > [backupfile.sql]

[uname] Your database username

[pass] The password for your database (note there is no space between -p and the password)

[dbname] The name of your database

[backupfile.sql] The filename for your database backup

[--opt] The mysqldump option

For example, to backup a database named 'Tutorials' with the username 'root' and with no password to a file tut_backup.sql, you should accomplish this command:

# mysqldump -u root -p Tutorials > tut_backup.sql

This command will backup the 'Tutorials' database into a file called tut_backup.sql which will contain all the SQL statements needed to re-create the database.

With mysqldump command you can specify certain tables of your database you want to backup. For example, to back up only php_tutorials and asp_tutorials tables from the 'Tutorials' database accomplish the command below. Each table name has to be separated by space.

# mysqldump -u root -p Tutorials php_tutorials asp_tutorials > tut_backup.sql

Sometimes it is necessary to back up more that one database at once. In this case you can use the --database option followed by the list of databases you would like to backup. Each database name has to be separated by space.

#  mysqldump -u root -p --databases Tutorials Articles Comments > content_backup.sql

Back up your MySQL Database with Compress

If your mysql database is very big, you might want to compress the output of mysqldump. Just use the mysql backup command below and pipe the output to gzip, then you will get the output as gzip file.

#  mysqldump -u [uname] -p[pass] [dbname] | gzip -9 > [backupfile.sql.gz]

If you want to extract the .gz file, use the command below:

# gunzip [backupfile.sql.gz]

Backing Up and Restoring using PHPMyAdmin

It is assumed that you have phpMyAdmin installed since a lot of web service providers use it. To backup your MySQL database using PHPMyAdmin just follow a couple of steps:

• Open phpMyAdmin.


• Select your database by clicking the database name in the list on the left of the screen.


• Click the Export link. This should bring up a new screen that says View dump of database (or something similar).


• In the Export area, click the Select All link to choose all of the tables in your database.


• In the SQL options area, click the right options.


• Click on the Save as file option and the corresponding compression option and then click the 'Go' button. A dialog box should appear prompting you to save the file locally.

Restoring your database is easy as well as backing it up. Make the following:

• Open phpMyAdmin.


• Create an appropriately named database and select it by clicking the database name in the list on the left of the screen. If you would like to rewrite the backup over an existing database then click on the database name, select all the check boxes next to the table names and select Drop to delete all existing tables in the database.


• Click the SQL link. This should bring up a new screen where you can either type in SQL commands, or upload your SQL file.


• Use the browse button to find the database file.


• Click Go button. This will upload the backup, execute the SQL commands and re-create your database.

Missing HOST Config Line in /etc/wwwacct.conf, please reconfigure with Edit Setup

Missing HOST Config Line in /etc/wwwacct.conf, please reconfigure with Edit Setup

If you are getting this error during account creation or account transfer

Account Creation Status: failed (Missing HOST Config Line in /etc/wwwacct.conf, please reconfigure with Edit Setup.)
Missing HOST Config Line in /etc/wwwacct.conf, please reconfigure with Edit Setup.

or Missing HOST Config Line in /etc/wwwacct.conf, please reconfigure with Edit Setup.


then this can be solved by editing /etc/wwwacct.conf file. Issue the following commands in ssh:

nano /etc/wwwacct.conf

Enter the server's hostname in HOST field.

Then press Ctrl+X and then Y.

Restoring your MySQL Database

Create an appropriately named database on the target machine
Load the file using the mysql command:

# mysql -u [uname] -p[pass] [db_to_restore] < [backupfile.sql]

Have a look how you can restore your tut_backup.sql file to the Tutorials database.

# mysql -u root -p Tutorials < tut_backup.sql

To restore compressed backup files you can do the following:

# gunzip < [backupfile.sql.gz] | mysql -u [uname] -p[pass] [dbname]

If you need to restore a database that already exists, you'll need to use mysqlimport command. The syntax for mysqlimport is as follows:

# mysqlimport -u [uname] -p[pass] [dbname] [backupfile.sql]

How to backup your MySQL database

Managing Log Files and Log Rotation

Plesk allows managing log files and log rotation settings from the control panel. To access these functions, click the  Log Manager icon on the Domain Administration page. The Log Manager page will open:

• Define the number of log file's lines to be displayed at once. To do that, type in the number of lines in the Lines of log file to be displayed input field prior to selecting a log file for viewing.


• View a log file. To this effect, click on a log file's name in the list. The log file contents will be displayed in a separate Log File Viewer window.


• Save a log file on your local machine. To do that, click on the appropriate  icon. After that you will need to specify the location on your local machine and the file name for the downloaded log file to be saved, and then click Save.


• Delete log files. To this effect, select the corresponding checkboxes, and click Remove Selected.

To configure the log rotation preferences, follow these steps:

1. Click the  Log Rotation icon on the Log Files Management page. The Log Rotation Preferences page will open:


2. Click the  Enable or  Disable icon respectively to enable/disable log rotation.


3. Select the log rotation condition:                                                                                      a)  log file size - enter the size in kilobytes in the appropriate field.


4. Specify the maximum number of log files in the appropriate input field, if desired. The maximum number is the number of processed files to be kept for each log file.


5. Select the Compress log files checkbox to enable compression.


6. If desired, in the Send processed log files to e-mail input field, enter the e-mail address, for the processed log files to be delivered to.


7. Click OK to submit changes.

Delete an IP address from linux cPanel dedicated server

Normally, to delete an IP from a cPanel server you can login to WHM and remove the IP using the function “Show or delete current IP address” under “IP functions” or use linux command.

For some reason we were having problems with the datacenter and we were asked to remove the IP using KVM. In this case, we entered the KVM and checked the if the IP was listed on the server by using ifconfig – we found that the IP was listed there. To remove the IP edit the file.

root@server# nano /etc/ips

and now remove the line of the IP and then restart the ipaliases service by the command

root@server# service ipaliases restart

It will show failed, you can ignore those warnings. And you can recheck if the IP has gone by using the command ifconfig. You’ll see the IP is not seen in the ifconfig output. Now, you can ask the datacenter to get the server online and then if you check from the WHM you will see that the IP is not available there.

That’s it!

How to find out Windows uptime?

1.  Go to "Start" -> "Run".

2.  Write "CMD" and press on "Enter" key.

3.  Write the command "net statistics server" and press on "Enter" key.

4.  The line that start with "Statistics since …" provides the time that the server was up from.

• The command "net stats srv" can be use instead.

Fixing Permissions of Valiases

Tthis script a while back to fix the permissions of alias files in /etc/valiases when users were having trouble creating forwarders. You can also download the script in plaintext here.

#!/bin/bash
 # Script to fix permissions of valiases
 # Written by: Vanessa Vasile 5/17/10
 # http://thecpaneladmin.com
 
 for domain in `cat /etc/userdomains |awk '{print $1}' | grep -v "*" | cut -d: -f1`
 do

if ! [ -f /etc/valiases/$domain ]; then
 touch /etc/valiases/$domain
 fi
 
 user=$(egrep "^$domain:" /etc/userdomains |awk '{print $2}');
 chown $user:mail /etc/valiases/$domain
 chown $user:mail /etc/vdomainaliases/$domain
 chmod 644 /etc/valiases/$domain
 chmod 644 /etc/vdomainaliases/$domain
 done

Installing A Wildcard SSL Certificate

A wildcard ssl basically allows you to use unlimited subdomains on a given domain name with one SSL certificate.  A user will need to purchase a wildcard SSL from a vendor that supplies them.

Similar to having multiple certificates installed on a server, each subdomain containing the certificate needs its own IP as well.  Wildcard SSL’s do not work like Wildcard DNS – you really do have to specifically install the certificate on each subdomain. Here are two methods to setting up Wildcard certificates for a domain.

Multiple Accounts

In this scenario, you’d have each subdomain hosted as a separate cPanel account, and each of those cPanel accounts will have its own IP address.

1. Generate the Certificate Signing Request (CSR) in WHM, using *.domain.com


2. Read this article to learn how to assign each account its own IP address


3. When you’re obtained the certificate,go to WHM > Install a SSL Certificate and Setup the Domain and paste in the CRT and CA Bundle for *.domain.com


4. The fields should auto-populate, in which case you need to make sure the IP is correct, then change the SSL hostname from *.domain.com to the target subdomain


5. Click install to install the certificate

One Account

This method may be best for users that are not resellers or that are on shared hosting servers, where having multiple cpanel accounts may not be ideal. In this case, you’d have one cPanel account and assign multiple IPs to its subdomains.

1. Generate the Certificate Signing Request (CSR) in WHM, using *.domain.co


2. Read this article to learn how to assign dedicated IPs to multiple subdomains on the same account


3. When you’re obtained the certificate,go to WHM > Install a SSL Certificate and Setup the Domain and paste in the CRT and CA Bundle for *.domain.com


4. The fields should auto-populate, in which case you need to make sure the IP is correct, then change the SSL hostname from *.domain.com to the target subdomain


5. Click install to install the certificate

How to Rebuild cPanel Bandwidth Graphs

Cpanel 11.25 restructured the way that bandwidth RRD files are being processed, in that each service has two RRD files – one for peak, and one for rate.  The “peak” file is used for long timespans of a month or longer, and the “rate” file covers a timespan of a week or less.  The following is an example of files that would be created for domain.com:

domain
domain.com.5min
domain.com.hour
domain.com
domain.com.5min
domain.com.hour

Re rebuild the RRD databases for a user, run:

/usr/local/cpanel/bin/rebuildbwrrd

To do this for the entire server:

/usr/local/cpanel/bin/rebuildbwrrd –all

Beware though that cPanel 11.25 requires a  bit more disk space for the new bandwidth graphs, so if you have /var on a separate partition and there won’t be enough room, I recommend doing the following:

mv /var/cpanel/bandwidth /home

ln -s /home/bandwidth /var/cpanel/bandwidth

You’re basically moving the bandwidth graphs to another location and linking them to /var/cpanel/bandwidth.

How to install Subversion and Java

Install Subversion and Java

yum -y install java-1.6.0-openjdk java-1.6.0-openjdk-devel
yum -y install subversion

Install Ant

cd /opt
wget http://mirrors.kahuki.com/apache/ant/binaries/apache-ant-1.8.1-bin.tar.bz2
tar jxvf apache-ant-1.8.1-bin.tar.bz2
mv apache-ant-1.8.1 ant
ln -s /opt/ant/bin/ant /usr/bin/ant

Result: /opt/ant

Export some variables and add to bashrc:

export ANT_HOME=/opt/ant
export JAVA_HOME=/usr/lib/jvm/java
export PATH=$PATH:/opt/ant/bin
export CLASSPATH=.:$JAVA_HOME/lib/classes.zip

echo 'export ANT_HOME=/opt/ant' >> /etc/bashrc
echo 'export JAVA_HOME=/usr/lib/jvm/java' >> /etc/bashrc
echo 'export PATH=$PATH:/opt/ant/bin' >> /etc/bashrc
echo 'export CLASSPATH=.:$JAVA_HOME/lib/classes.zip' >> /etc/bashrc


Install Red5:

cd /opt
svn co http://red5.googlecode.com/svn/java/server/trunk red5
cd red5
ant prepare
ant dist


Create an init script

By default you have to use red5?s inherent scripts to start/stop, which can be a bit annoying. Create a file called /etc/init.d/red5 and past int he following:

#!/bin/sh
# For RedHat servers
# description: Red5 flash media server
# processname: red5
PROG=red5
RED5_HOME=/opt/red5
DAEMON=$RED5_HOME/$PROG.sh
PIDFILE=/var/run/$PROG.pid
# Source function library
. /etc/rc.d/init.d/functions
[ -r /etc/sysconfig/red5 ] && . /etc/sysconfig/red5
RETVAL=0
case "$1" in
start)
echo -n $"Starting $PROG: "
cd $RED5_HOME
$DAEMON >/dev/null 2>/dev/null &
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
echo $! > $PIDFILE
touch /var/lock/subsys/$PROG
fi
[ $RETVAL -eq 0 ] && success $"$PROG startup" || failure $"$PROG startup"
echo
;;
stop)
echo -n $"Shutting down $PROG: "
killproc -p $PIDFILE
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$PROG
;;
restart)
$0 stop
$0 start
;;
status)
status $PROG -p $PIDFILE
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|restart|status}"
RETVAL=1
esac
exit $RETVAL

*Note that WordPress has a strange way of outputting double quotes, so make sure you address those in the script!
Now, chmod 755 /etc/init.d/red5 and run:

chkconfig red5 on

This will run Red5 on startup. With the init script, you can now start, stop, and restart red5 as needed, ex:

service red5 restart

red5 should now run port 5080 and rtmp service on port 1935. You may need to open these ports in your server’s firewall.

Test:

http://hostname:5080/demos/port_tester.swf

Introduction about, CPHulk, mod_userdir, open_basedir

cPHulk

cPHulk is a brute force protection system developped by the cPanel team and is exclusive to cPanel / WHM control panels. It has been integrated with cPanel version 11. With cPHulk, you can set a threshold for authentication attempts on services like POP3, cPanel, WHM, FTP, etc. After a certain amount of attempts, the attacker will no longer be able to authenticate

Enabling cPHulk is pretty easy. Simply log into your WHM control panel as root. From the main menu on the left, click on Security Center from the Security section. When you’re done, simply click on the Enable button at the top.

Click on the cPHulk Brute Force Detection link at the top of the page. Now you may want to configure cPHulk before you enable it. The configuration parameters are pretty much self-explanatory. Basically you set the number of failed attempts before an IP or an account is blocked and you set how long you want it to be blocked.

cPanel 11 marks the debut for the much anticipated cPHulk Protection system. cPHulk protects your vital services by disabling authentication to those services after a brute force attack is detected.

It protects:

Cpanel

WHM

SSH

FTP

IMAP, and POP3

from brute force authentication attacks. cPHulk will remain transparent to the attacker whose authentication attempts will feel normal, even while authentication is disabled. Thus, you can get substantial information about the attack.

You can even customize authentication thresholds and lock out times!
mod_userdir

It is an Apache module that allows you to create a separate website for each user on a server. These sites can all be accessed by going to,

http://servername.com/~username

Eg:- http://example.com/~user/

The module is installed on most Apache setups by default, but isn’t necessarily always enabled. Most mass-hosted cPanel servers make extensive use of it for a variety of reasons.

Apache’s mod_userdir allows users to view their sites by entering a tilde(~) and their username as the URL on a specific host. For example http://test.cpanel.net/~test will bring up the user Test’s domain

How To Enable

1. To access the Server Setup Menu, click on Server Setup, on the main screen of your WebHost Manager interface. Then, click on Tweak Security.

2. Click on Configure in the mod_userdir Tweak section.

3. Click on the Checkbox next to Enable mod_userdir Protection to enable mod_userdir Protection.

4. Click on a checkbox next to a domain’s name to allow them to access their domain using ~username, if necessary.

5. Enter the name of any user you wish to be able access the domain using ~username, other than the domain’s owner, in the blank field next to the domain’s name, if necessary.

6. Click on Save.

Disadvantage

The disadvantage of this feature is that any bandwidth usage used by the site will be put on the domain it is accessed under .

Mod_userdir protection prevents access to a domain through domain.com/~user. You may however want to disable it on specific virtual hosts (generally shared SSL hosts).

open_basedir

Enable open_basedir

Set open_basedir to only allow access to required portions of the filesystem, like your web site’s documents and any shared libraries.

You can set open_basedir in the php.ini file:

; Set open_basedir to the

open_basedir = “/var/www/foo.bar/:/usr/local/php/“

The setting can also be applied in apache’s httpd.conf file, or an .htaccess file:

# Set open_basedir to a safe location

php_value open_basedir /var/www/foo.bar/:/usr/local/php

WHM

Steps

1. To access the PHP open_basedir Tweak feature, click on Security, on the main screen of your WebHost Manager interface.

2. Then click on Security Center.

3. Then click on PHP open_basedir Tweak.

4. Click on Configure in the PHP’s open_basedir section.

5. Click on the check box next to Enable PHP open_basedir Protection to enable Enable PHP open_basedir Protection.

6. Click on a check box next to a domain name to allow them to open files outside of their home directory with PHP, if necessary.

7. Click on Save.
Plesk : If you’re using Plesk hosting control panel, you may need to manually edit Apache configuration file of vhost.conf and vhost_ssl.conf, and add in or edit the following php_admin_value open_basedir lines to the following:

php_admin_value open_basedir none

php_admin_value open_basedir /full/path/to/dir:/full/path/to/directory/httpdocs:/tmp

Note: For SSL hosts in the vhost_ssl.conf file, the Directory path will end with “httpsdocs” instead of “httpdocs”

Disable Manually

Open up the httpd.conf file, and search for the lines that starts with the following characters:

php_admin_value open_basedir …..

Replace the whole line under the virtual host for the domain user account

php_admin_value open_basedir none.

Add Additional Directories
You can also opt to allow your PHP scripts to access additional directory instead without disabling the protection.For example, to add /new_directory to the allow list.

php_admin_value open_basedir “/home/user_account/:/usr/lib/php:/usr/local/lib/php:/tmp”

php_admin_value open_basedir “/home/user_account/:/usr/lib/php:/usr/local/lib/php:/tmp:/new_directory”

Restart the Apache after finished editing

How to add SPF record from WHM on a Linux Cpanel Server

Identifying Open Ports/Services on Linux

Many tools are available to map open network ports to actual processes and files in

Linux. We will take a look at just one example

.

First, we need to look at our listening network ports. We will utilize the ‘-anp –tcp’ flags to the netstat command to list all processes (-a), don’t map port numbers to friendly name (-n), list the process ID associated with the network port (-p) and for this example, wewill limit the output to only TCP listeners (--tcp):

[jklemenc]# netstat -anp --tcp

Active Internet connections (servers and established)

Proto   Recv-Q  Send-Q  Local Address Foreign Address State

PID/Program name

tcp      0 0 0.0.0.0:544 0.0.0.0:* LISTEN          1826/xinetd

tcp      0 0 0.0.0.0:3306 0.0.0.0:* LISTEN           4677/mysqld

tcp      0 0 0.0.0.0:22 0.0.0.0:* LISTEN           16446/sshd

tcp 0 0 0.0.0.0:2105 0.0.0.0:*                                       LISTEN           1826/xinetd

tcp 0 0 127.0.0.1:601 0 0.0.0.0:*                                    LISTEN            841/sshd

tcp 0 0 0.0.0.0:443 0.0.0.0:*                                         LISTEN            1925/httpd

In this example, we are interested in the TCP/443 network listener. The output indicates that httpd is running as process ID 1925 and has TCP/443 open. A quick check using the‘ps’ command with the PID (-p) parameter to display only the PID returned above along with a parameter to display the full path of the file (-f):

[jklemenc]# ps -p 1925 -f

UID PID   PPID C STIME TTY TIME CMD

root                 1925 1 0 2004 ? 00:03:36 /usr/sbin/httpd

We see from above that /usr/sbin/http is running as PID 1925 as user root.

How to check whether FTP port 21 is blocked?

The default TCP port for FTP connection is port 21. Sometimes the local Internet Service Provider blocks this port and this will result in FTP connection issues.

Here's how to, depending on your OS, check whether your ISP blocks port 21:

• Check port 21 with a Windows OS

Click on the Start menu button, usually located on the left low corner of the screen. There is a tab called "Run". You have to click on it, in order to proceed further. You will notice the appearance of a new small window on the screen. In the text field of this window you need to type "cmd" and then press the "Enter" key. Another window will open. It is the so called "MS-DOS prompt" or "command prompt". Just type the following command in the command prompt window and press "Enter":

telnet my-domain-name.com 21

• Check port 21 with Apple/Mac

Each Mac OS is delivered with a preinstalled terminal emulator. The terminal is a tool which allows you to execute commands from the command line. Usually, the terminal is located under your Mac HD -> "Applications" directory -> Utilities sub-directory. When the window opens, you will see a command line with a flashing cursor on it so you can start typing right away. Just type the following command and press "Enter":

telnet my-domain-name.com 21

• Check port 21 with Linux

Open your favorite terminal emulator and execute the following command in order to telnet your website:

telnet my-domain-name.com 21

Results from the 21 port check

If the test is successful, you should receive a message like this:
220---------- Welcome to Pure-FTPd [TLS] ----------
220-You are user number 2 of 50 allowed.
220-<<
220-#########################################################
220-Please upload your web files to the public_html directory.
220-Note that letters are case sensitive.
220-#########################################################
220->>
220-Local time is now 03:35. Server port: 21.
220-This is a private system - No anonymous login
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
If the welcome message above does not appear, you should contact your local ISP and ask them to unblock this port for you.

Get the list of open ports using command prompt

Step 1

1. Start->Run->cmd ( Go to command prompt)

2. Use command as follows to get a list of listening ports in your system.

C:>netstat -an |find /i “listening”

Step 2

So you have the list of listening ports. Now if you wish to have a hard copy of the list or you wish to Store it as a list. Of course you can copy from the windows displayed but that doesn’t seem neat. There is a small command which can help you store this list as a .txt file.

C:>netstat -an |find /i “listening” > c:’openports.txt

Step 3

You can also get a list of established connections by replacing the ‘listening’ by ‘established’ in the earlier command.

C:>netstat -an |find /i “established”

HOW-TO Setup a PLESK Dedicated Server

view source

http://www.grafxsoftware.com/javascript/dp.SyntaxHighlighter/Scripts/clipboard.swf

print?

1.lynx -source http://www.atomicorp.com/installers/atomic.sh | sh

Enable FastCGI Support in IIS 7

Windows Server 2008 - Ruslan Yakushev

Go to Server Manager -> Roles -> Add Role Services. On the Select Role Services page, select the CGI check box. This enables both the CGI and FastCGI services.

Windows Vista SP1

Go to Control Panel -> Programs and Features -> Turn Windows features on or off. In the Windows Featuresdialog box, select the CGI check box. This enables both the CGI and FastCGI services.

IMPORTANT: Install the Update for the FastCGI Module

The update for the IIS 7 FastCGI module fixes several known compatibility issues with popular PHP applications. Install the update from one of the following locations:

• Update for Windows Server 2008


• Update for Windows Server 2008 x64 Edition


• Update for Windows Server 2008 for Itanium-based Systems


• Update for Windows Vista SP1


• Update for Windows Vista SP1 for x64 based Systems

Install the Administration Pack for IIS 7

NOTE: This step is optional.

Among other useful features, the Administration Pack for IIS 7 has a convenient user interface for configuring FastCGI settings. The Administration Pack can be installed from the following locations:

• Administration Pack for IIS 7 - x86


• Administration Pack for IIS 7 - x64

Install and Configure PHP

It is recommended that you use a non-thread safe build of PHP with IIS 7 FastCGI. A non-thread safe build of PHP provides significant performance gains over the standard build by not doing any thread-safety checks, which are not necessary, since FastCGI ensures a single threaded execution environment.

To install PHP:

1. Download the latest non-thread safe zip package with binaries of PHP: http://www.php.net/downloads.php.


2. Unpack the files to the directory of your choice (e.g. C:PHP). Rename the php.ini-recommended file to php.ini.


3. Open the php.ini file. Uncomment and modify the settings as follows:
   
   
   
   • Set fastcgi.impersonate = 1. FastCGI under IIS supports the ability to impersonate security tokens of the calling client. This allows IIS to define the security context that the request runs under.
   
   
   • Set cgi.fix_pathinfo=1. cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. Previously, PHP behavior was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not define PATH_INFO. For more information about PATH_INFO, see the cgi specifications. Setting this value to 1 will cause PHP CGI to fix its paths to conform to the specifications.
   
   
   • Set cgi.force_redirect = 0.
   
   
   • Set open_basedir to point to the folder or network path where the content of the Web site(s) is located.
   
   
   • Set extension_dir to point to the location where the PHP extensions are located. Typically, for PHP 5.2.X the value would be set as extension_dir = "./ext"
   
   
   • Enable the required PHP extension by un-commenting the corresponding lines, for example:extension=php_mssql.dll
     extension=php_mysql.dll
   
   
   
   


4. Open a command prompt, and run the following command to verify that PHP installed successfully:

C:PHP>php –info

If PHP installed correctly and all its dependencies are available on the machine, this command will output the current PHP configuration information.

Configure IIS 7 to Handle PHP Requests

For IIS 7 to host PHP applications, you must add a handler mapping that tells IIS to pass all PHP-specific requests to the PHP application framework by using the FastCGI protocol.

Configure IIS 7 to handle PHP requests by using IIS Manager

1. Open IIS Manager. At the server level, double-click Handler Mappings.


2. In the Actions pane, click Add Module Mapping.... In the Add Module Mapping dialog box, specify the configuration settings as follows:

Request path: *.php

Module: FastCgiModule

Executable: "C:[Path to your PHP installation]php-cgi.exe"

Name: PHP via FastCGI

3. Click OK.



4. In the Add Module Mapping confirmation dialog box that asks if you want to create a FastCGI application for this executable, click Yes.



5. Test that the handler mapping works correctly by creating a phpinfo.php file in the C:inetpubwwwroot folder that contains the following code:

6. Open a browser and navigate to http://localhost/phpinfo.php. If everything was setup correctly, you will see the standard PHP information page.



NOTE: If you do not see FastCgiModule in the Modules: list, the module is either not registered or not enabled. To check if the FastCGI module is registered, open the IIS configuration file that is located at %windir%windowssystem32configapplicationHost.config and check that the following line is present in the  section:

In the same file, also check that the FastCGI module is added to the section:

Configure IIS 7 to handle PHP requests by using the command line

Alternatively, you can complete the steps above by using the command line tool AppCmd.

1. Create the FastCGI application process pool by running the following command:

C:>%windir%system32inetsrvappcmd set config /section:system.webServer/fastCGI /+[fullPath='c:{php_folder}php-cgi.exe']2. Create the handler mapping by running the following command:

C:>%windir%system32inetsrvappcmd set config /section:system.webServer/handlers /+[name='PHP_via_FastCGI',path='*.php',verb='*',modules='FastCgiModule',scriptProcessor='c:{php_folder}php-cgi.exe',resourceType='Unspecified']Note: If you are using PHP version 4.X, you can use php.exe instead of php-cgi.exe.

Best Practices for Configuring FastCGI and PHP

This download contains a summary presentation on Best Practices for hosting PHP in a shared hosting environment.

Security Isolation for PHP Web Sites

The recommendation for isolating PHP Web sites in a shared hosting environment is consistent with all general security isolation recommendations for IIS 7. In particular, it is recommended to:

• Use one application pool per Web site


• Use a dedicated user account as an identity for the application pool


• Configure an anonymous user identity to use the application pool identity


• Ensure that FastCGI impersonation is enabled in the php.ini file (fastcgi.impersonate=1)

For more details about security isolation in a shared hosting environment, see Ensure Security Isolation for Web Sites.

PHP Process Recycling Behavior

Ensure that FastCGI always recycles the php-cgi.exe processes before the native PHP recycling kicks in. The FastCGI process recycling behavior is controlled by the configuration property instanceMaxRequests. This property specifies how many requests the FastCGI process will process before recycling. PHP also has a similar process recycling functionality that is controlled by the environment variable PHP_FCGI_MAX_REQUESTS. By setting instanceMaxRequests to be less than or equal to PHP_FCGI_MAX_REQUESTS, you can ensure that the native PHP process recycling logic will never kick in.

The FastCGI settings can be configured either by using IIS Manager or by using the command line tool AppCmd.

Configure FastCGI recycling settings by using IIS Manager

1. Ensure that the Administration Pack for IIS 7 is installed on your server. Open IIS Manager. On the server level, double-click FastCGI Settings.





2. Select the FastCGI application that you want to configure. In the Actions pane, click Edit....





3. In the Edit FastCGI Application dialog box, set the InstanceMaxRequests to 10000. Next to theEnvironmentVariables setting, click the Browse (...) button.



4. In the EnvironmentVariables Collection Editor dialog box, add the PHP_FCGI_MAX_REQUESTS environment variable and set its value to 10000.



Note: If you do not configure these settings, the following default settings will be used: instanceMaxRequests = 200,PHP_FCGI_MAX_REQUESTS = 500 (on most PHP builds).

Configure FastCGI recycling settings by using the command line

Configure the recycling behavior of FastCGI and PHP by using AppCmd by running the following commands:

C:>%windir%system32inetsrvappcmd set config -section:system.webServer/fastCgi /[fullPath='c:{php_folder}php-cgi.exe'].instanceMaxRequests:10000

C:>%windir%system32inetsrvappcmd.exe set config -section:system.webServer/fastCgi /+"[fullPath='C:{php_folder}php-cgi.exe'].environmentVariables.[name='PHP_FCGI_MAX_REQUESTS',value='10000']"

PHP Versioning

Many PHP applications rely on functions or features that are available only in certain versions of PHP. If these types of applications are to be hosted on the same server, different PHP versions must be enabled and running side-by-side. The IIS 7 FastCGI handler fully supports running multiple versions of PHP on the same Web server.

For example, assume that on your Web server you plan to support PHP 4.4.8, PHP 5.2.1, and PHP 5.2.5 non-thread safe. To enable that configuration, you must place corresponding PHP binaries in separate folders on the file system (e.g. C:php448, C:php521 and C:php525nts) and then create FastCGI application process pools for each version:

C:>%windir%system32inetsrvappcmd set config /section:system.webServer/fastCGI /+[fullPath='c:php448php.exe']

C:>%windir%system32inetsrvappcmd set config /section:system.webServer/fastCGI /+[fullPath='c:php521php-cgi.exe']

C:>%windir%system32inetsrvappcmd set config /section:system.webServer/fastCGI /+[fullPath='c:php525ntsphp-cgi.exe']If you have three Web sites (site1, site2, site3) and each site must use a different PHP version, you can now define handler mappings on each of those sites to reference a corresponding FastCGI application process pool.

Note: Each FastCGI process pool is uniquely identified by a combination of fullPath and arguments properties.

C:>%windir%system32inetsrvappcmd set config site1 –section:system.webServer/handlers /+”..[name=’PHP448_via_FastCGI’,path=’*.php’,verb=’*’,modules=’FastCgiModule’,scriptProcessor=’c:php448php.exe’,resourceType=’Either’]

C:>%windir%system32inetsrvappcmd set config site2 –section:system.webServer/handlers /+”..[name=’PHP521_via_FastCGI’,path=’*.php’,verb=’*’,modules=’FastCgiModule’,scriptProcessor=’c:php521php-cgi.exe’,resourceType=’Either’]

C:>%windir%system32inetsrvappcmd set config site3 –section:system.webServer/handlers /+”..[name=’PHP525nts_via_FastCGI’,path=’*.php’,verb=’*’,modules=’FastCgiModule’,scriptProcessor=’c:php525ntsphp-cgi.exe’,resourceType=’Either’]

PHP Security Recommendations

The following settings can be used to tighten the security of a PHP installation. To make the recommended changes, locate and open the php.ini file and edit the configuration settings as described below:

Setting	Description
allow_url_fopen=Off allow_url_include=Off	Disable remote URLs for file handling functions, which may cause code injection vulnerabilities.
register_globals=Off	Disable register_globals.
open_basedir="c:inetpub"	Restrict where PHP processes can read and write on a file system.
safe_mode=Off safe_mode_gid=Off	Disable safe mode.
max_execution_time=30 max_input_time=60	Limit script execution time.
memory_limit=16M upload_max_filesize=2M post_max_size=8M max_input_nesting_levels=64	Limit memory usage and file sizes.
display_errors=Off log_errors=On error_log="C:pathofyourchoice"	Configure error messages and logging.
fastcgi.logging=0	The IIS FastCGI module will fail the request when PHP sends any data on stderr by using the FastCGI protocol. Disable FastCGI logging to prevent PHP from sending error information over stderr and generating 500 response codes for the client.
expose_php=Off	Hide the presence of PHP.

Enabling per-site PHP configuration

This section describes the recommended way of enabling per-site PHP configuration. This recommendation was discovered and validated by Radney Jasmin with hosting provider GoDaddy.com who now offers PHP hosting on Windows Server 2008 by using FastCGI.

Per-site PHP Process Pools

When each Web site has its own application pool, which is a recommended practice on IIS 7, it is possible to associate a dedicated FastCGI process pool with each Web site. A FastCGI process pool is uniquely identified by the combination offullPath and arguments attributes. If you need to create several FastCGI process pools for the same process executable, such as php-cgi.exe, you can use the arguments attribute to distinguish the process pool definitions. With php-cgi.exe processes, you can also use the command line switch "-d" to define an INI entry for a PHP process. You can use this switch to set a PHP setting that makes the arguments string unique.

For example, if there are two Web sites "website1" and "website2" that must have their own set of PHP settings, the FastCGI process pools can be defined as follows:


<application fullPath="C:PHPphp-cgi.exe" arguments="-d open_basedir=C:WebsitesWebsite1" />
<application fullPath="C:PHPphp-cgi.exe" arguments="-d open_basedir=C:WebsitesWebsite2" />
In this example the PHP setting open_basedir is used to distinguish between the process pool definitions. The setting also enforces that the PHP executable for each process pool can perform file operations only within the root folder of the corresponding Web site.

Then website1 can have the PHP handler mapping as follows:



<add name="PHP via FastCGI" path="*.php" verb="*" modules="FastCgiModule" scriptProcessor="C:PHPphp-cgi.exe|-dopen_basedir=C:WebsitesWebsite1" resourceType="Unspecified" requireAccess="Script" />

and website2 can have the PHP handler mapping as follows:



<add name="PHP via FastCGI" path="*.php" verb="*" modules="FastCgiModule" scriptProcessor="C:PHPphp-cgi.exe|-dopen_basedir=C:WebsitesWebsite2" resourceType="Unspecified" requireAccess="Script" />

Specifying php.ini location

When the PHP process starts, it determines the location of the configuration php.ini file by using various settings. The PHP documentation provides a detailed description of the PHP startup process. One of the places where the PHP process searches for the php.ini location is the PHPRC environment variable. If the PHP process finds a php.ini file in the path that is specified in this environment variable, it will use it; otherwise, the PHP process will revert to using the default location of the php.ini file. This environment variable can be used to allow hosting customers to use their own versions of php.ini files.

For example if there are two Web sites "website1" and "website2" that are located at the following file paths: C:WebSiteswebsite1 and C:WebSiteswebsite2, you can configure the php-cgi.exe process pools in the section of the applicationHost.config file as follows:












This way website1 can have its own version of the php.ini file that is located in the C:WebSiteswebsite1, while website2 can have its own version of the php.ini file that is located in C:WebSiteswebsite2. This configuration also ensures that if a php.ini file cannot be found in the location that is specified by the PHPRC environment variable, then PHP will use the default php.ini file that is located in the same folder where the php-cgi.exe is located.

Provide URL Rewriting Functionality for PHP Applications

The majority of popular PHP applications rely on the URL rewriting functionality in Web servers to enable user-friendly and search engine-friendly URLs. IIS 7 provides URL rewriting capabilities by using the URL rewrite module.

For more information about how to use the URL Rewrite module, see the following articles:

• Microsoft URL Rewrite Module Walkthroughs. Describes how to use the URL Rewrite module.


• Microsoft URL Rewrite Module configuration reference. Explains the functionality of the module and provides descriptions of all the configuration options.


• Configuring popular PHP applications to work with the URL Rewrite module:
  
  
  
  • WordPress
  
  
  • MediaWiki
  
  
  • b2Evolution
  
  
  • Mambo
  
  
  • Drupal
  
  
  
  

Simple Bash Script to Fix Account Permissions

This is a simple bash script I wrote to fix the permissions and ownership of files within a cpanel account. To use, simply copy the script your server, chmod 755, and pass the usernames as arguments:

./fixperms user1 user2 user3

You can also run a server-wide loop like this:

for i in `ls -A /var/cpanel/users` ; do ./fixperms $i ; done

Below is the script, but I recommend downloading it from here to ensure that the formatting is correct.

#!/bin/bash
# Script to fix permissions of accounts
# Written by: Vanessa Vasile 5/13/10
# http://thecpaneladmin.com

if [ "$#" -lt "1" ];then
echo "Must specify user"
exit;
fi

USER=$@

for user in $USER
do

HOMEDIR=$(grep $user /etc/passwd | cut -d: -f6)

if [ ! -f /var/cpanel/users/$user ]; then
echo "$user user file missing, likely an invalid user"

elif [ "$HOMEDIR" == "" ];then
echo "Couldn't determine home directory for $user"

else

echo "Setting ownership for user $user"

chown -R $user:$user $HOMEDIR
chmod 711 $HOMEDIR
chown $user:nobody $HOMEDIR/public_html $HOMEDIR/.htpasswds
chown $user:mail $HOMEDIR/etc $HOMEDIR/etc/*/shadow $HOMEDIR/etc/*/passwd

echo "Setting permissions for user $USER"

find $HOMEDIR -type f -exec chmod 644 {} ; -print
find $HOMEDIR -type d -exec chmod 755 {} ; -print
find $HOMEDIR -type d -name cgi-bin -exec chmod 755 {} ; -print
find $HOMEDIR -type f ( -name "*.pl" -o -name "*.perl" ) -exec chmod 755 {} ; -print
fi
done

Localdomains vs. Remotedomains

Have you ever dealt with a user that pointed their MX records to another server but email from their website or other users on the same server isn’t going there?  This is because Exim on is configured to use files called localdomains and remotedomains, which tell Exim whether a domain’s email is hosted locally or remotely.

The most common symptoms of a mis-configured local/remote domain setup are:-

• Errors such as “lowest numbers MX record points to localhost” – you need to add the domain to localdomains


• Email bouncing stating the user does not exist (this may also mean that the user really does not exist!) – you need to add the domain to remotedomains


• Email from the user’s site (such as a contact form) is not being delivered to their outside mail server, but external email is – you need to add the domain to remotedomains

The files controlling these actions are:

/etc/localdomains: Contain a list of domains that have email hosted locally

/etc/remotedomains: Contain a list of domains that have email hosted remotely

The remotedomains file takes precedence, so if a domain is located in both files, the mail server should use remotedomains. However, I’ve heard that on some servers, Exim will do a DNS lookup anyway and make the decision based on where the domain is actually pointed. I haven’t personally reproduced that situation, so assume the former – remotedomains takes preference over localdomains if a domain is listed in both files.

When editing zones in cPanel or WHM, there is an option to select local/remote mail delivery or to have cPanel choose for you. Checking the corresponding boxes will update the local and remote domain files.

Never users error list for email

When having trouble with email I got the following error in the exim_paniclog on a cpanel server:

User 0 set for local_delivery transport is on the never_users list

The issue appears to be with some of the libraries the following commands should fix it:

ln -s libdb2.so.3 libdb.so.3
/scripts/eximup --force
/etc/rc.d/init.d/exim restart

How to set email attachment max size

I think there are many ways to achieve that setting, two of those methods which I am aware of at this moment are:

1. Add this in the first part of your exim.conf file

message_size_limit = 10M

AFAIK this setting would restrict incoming as well as outgoing at 10MB.

2. If you want to restrict size of message per domain basis, you could follow the given steps as below:

:CAUTION: The following solution has NOT BEEN TESTED in a real environment

a. Create a file to store the size limits for each domain that you wish to limit the message size. Use wildcard (*) for limiting the message size for all the domains not contained in the file.

Code:

root@srv [~]# cat > /etc/mail/msg-size-limits
domain1.tld: 10M
domain2.tld: 20M
*: 5M

As per the above, we are restricting domain1 at 10MB, domain2 at 20MB and all other domains at 5MB

b. Create another file and store the messages which should return to the sender of the large message.

Code:

root@srv [~]# cat > /etc/mail/msg-size-limit-messages
domain2.tld: You are trying to send a message which is $message_size 
             in size. This is larger than your maximum message size limit 
             of ${expand:${lookup{$domain}lsearch*@{/etc/mail/msg-size-limits}}}.
*: The largest acceptable message size for $domain is 
   ${expand:${lookup{$domain}lsearch*@{/etc/mail/msg-size-limits}}}.
   Your message size was $message_size. Please revise your message so it 
   does not exceed this maximum file size and resend. If this is not 
   possible, contact the recipient in another way.

Note that domain names contained in first file maybe omitted in the second file and vice-versa. The omitted domains will be taken care by the wildcard (*) entry.

c. Add the following code in the Routers section of your Exim configuration file.
(Please note that ORDER in which you place your routers in this section DOES matter and that is exactly what needs to be tested practically and thoroughly even). I think it will go in the 7th box in the WHM editor of Exim config file.

Code:

large_messages:
driver = redirect
domains = +local_domains : 
          +relay_domains
condition = ${if >{$message_size}{${expand:${lookup{$domain}lsearch*@{/etc/mail/msg-size-limits}}}} {yes}{no}}
data = :fail: 
${expand:${lookup{$domain}lsearch*@{/etc/mail/msg-size-limit-messages}}}

Hope that works