Linux: /tmp: Read-only file system Error

One of the server that  has problem as below when I want to edit some files in crontab:

$ crontab -e
/tmp/crontab.XXXX1ibTLU: Read-only file system

It shows that the /tmp partition is unwriteable. The read-only has been mounted as read-only because file-system facing some error. To fix this, we need to do file system check (fsck) for /tmp partition. Before we do fsck, we need to unmount the directory but following error occurred:

$ umount /tmp
/tmp: Device or resource busy

It seems like /tmp directory is locked to be unmounted due to some files are already in process/being opened/being executed by some other processes. Using lsof, we can list out all the open files:

$ lsof | grep /tmp
mysqld  2599 mysql    5u   REG    7,0    0 6098 /tmp/ibaqFhew (deleted)
mysqld  2599 mysql    6u   REG    7,0    0 6099 /tmp/ibC7Yfbn (deleted)
mysqld  2599 mysql    7u   REG    7,0    0 6100 /tmp/ibJ8AFbe (deleted)
mysqld  2599 mysql   11u   REG    7,0    0 6101 /tmp/ibrLO9t5 (deleted)

As we can see that mysqld is locking some temporary files in /tmp directory. The 2nd column shows PID of the locking process. We need to stop this process using kill command:

$ kill -9 2599

Only then we are able to unmount the /tmp:

$ umount /tmp

Make sure that there is no error being prompt during the unmounting process. Now we can proceed to do fsck with -f (force) and -y (always accept prompt as Yes) to automate the file system check process:

$ fsck -f -y /tmp
fsck 1.39 (29-May-2006)
e2fsck 1.39 (29-May-2006)
/usr/tmpDSK: recovering journal
Pass 1: Checking inodes, blocks, and sizes
Deleted inode 6097 has zero dtime.  Fix? yes

Inodes that were part of a corrupted orphan linked list found.  Fix? yes

Inode 6098 was part of the orphaned inode list.  FIXED.
Inode 6099 was part of the orphaned inode list.  FIXED.
Inode 6100 was part of the orphaned inode list.  FIXED.
Inode 6101 was part of the orphaned inode list.  FIXED.
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
Inode bitmap differences:  -(6097--6101)
Fix? yes

Free inodes count wrong for group #3 (2025, counted=2030).
Fix? yes

Free inodes count wrong (127695, counted=127700).
Fix? yes

/usr/tmpDSK: ***** FILE SYSTEM WAS MODIFIED *****
/usr/tmpDSK: 316/128016 files (3.2% non-contiguous), 66394/512000 blocks

Now the file system has been modified and fixed. We can remount back the partition using following command:

$ mount -a

You should able to use back the /tmp partition at this time, as well as I can do some changes on the crontab!

How to change mail attachment size

To change mail attachment size, we have to change 3 settings.

To change mail attachment size, we have to change 3 settings.

Change mail size in postfix

Postfix is MTA, so we have to change its setting to make it transfer large mail.

If you want to make it allow to transfer mail which size is less than 100Mb, just change 'message_size_limit' setting:

# ---- Run below command in terminal ---- 
# postconf -e message_size_limit='104857600' 
# ---- Restart postfix to make it work ---- 
# /etc/init.d/postfix restart

Note:

• 104857600 is equal to 100MB x 1024 KB x 1024 Bit.


• Normally, mail will be encoded before transferred, so the actual mail size will be larger than 100MB, you can simplily increase to 110Mb or 120Mb to make it work as expected.

----
If you use mail clients such as Outlook, thunderbird to fetch/send mails, it's enough to sent large attachments in mail.
If your users will use webmail as mail client, you have to change two more settings:

Change PHP setting to allow to upload large attachment

You should change 'memory_limit', 'upload_max_filesize' and 'post_max_size' in /etc/php.ini (RHEL/CentOS) or/etc/php5/apache2/php.ini (Debian/Ubuntu).

memory_limit = 200M; 
upload_max_filesize = 100M; 
post_max_size = 100M;

Change Roundcube webmail to allow to upload large attachment

Change same settings in .htaccess which under roundcube root directory, it's /usr/local/cpanel/base/3rdparty/roundcube/ (RHEL/CentOS) or  /usr/share/apache2/roundcube/ (Debian/Ubuntu) by default.

php_value upload_max_filesize 100M 
php_value post_max_size 100M

Restart apache web server

# ---- For RHEL/CentOS users ---- 
# /etc/init.d/httpd restart 
# ---- For Debian/Ubuntu users ---- 
# /etc/init.d/apache2 restart

PCI compliance – Vulnerability SSL Version 2 (v2) Protocol Detection linux

Simple enough to fix on apache.

Load the ssl.conf file and add at the bottom the following:

SSLProtocol -ALL +SSLv3 +TLSv1

then restart apache.

To test the connection on the command line type:

openssl s_client -ssl2 -connect google.com:443

How to assign a dedicated IP to a Sub-domain OR Add-on/Park domain?

By default, cPanel allows one IP per account, however, in case you wish to assign multiple IPs to an account, say for a sub-domain, you can do so by editing a few files. Follow the below steps:

1) The main configuration file of a domain is stored under the /var/cpanel/userdata/<username>/ directory, so edit the subdomain related file under it

# vi /var/cpanel/userdata/<username>/subdomain.domain.tld

Change the value of “IP” to a dedicated IP and save the file. The add-on and Park domains have their related subdomain files in the same directory.

2) Once the above changes are made, you need to rebuild the Apache configuration for the changes to take affect in the respective VirtualHost entry

# /scripts/rebuildhttpconf

3) To mark the dedicated IP as “used”, edit the file /etc/domainips and enter the sub-domain entry

<dedicated ip>: subdomain.domain.tld

Save the file and rebuild the IP pool

# /scripts/rebuildippool

4) Now, edit the DNS zone file of the main domain (i.e. the domain under which the subdomain is created)

# vi /var/named/domain.tld.db

and set the A record of the sub-domain to point to the new IP. Save the file and restart the ‘named’ service

# service named restart

That’s it.

Note: Rebuilding the IP pool will still list the IP as free under the WHM -> IP Function -> ‘Show IP Address Usage’, however WHM wont allow you to assign that IP to another domain.

Increasing the Size of tmpDSK (/tmp)

You may have noticed that cPanel’s default partition size for /tmp is 512 MB, which in some cases can be way too small.  The /tmp partition on cPanel servers, assuming it was the one cPanel created and not one you did yourself, is a file-based partition that can easily be resized.

By default on most servers, /tmp is the temporary dumping place for a lot of things, for example:

• PHP session files


• PHP temporary file uploads


• MySQL temporary files


• Cache files for certain Apache modules

Most software that uses temporary files or sessions will automatically prefer to use /tmp – this folder is usually set to 777  permissions and therefore writeable by every user on the server.

When your /tmp partition fills up, it can cause noticeable problems for your users. If you run a larger server, the /tmp folder can fill up quickly and be very annoying as far as maintenance is concerned. Fortunately there is a very easy way to increase the size of this partition on a standalone server.

1. Stop MySQL, Apache, and cPanel to prevent writing to the /tmp partition


2. Copy the contents of /tmp to another location, such as /home (cp -rfp /tmp /home)


3. Unmount /tmp. If you’re unable to, you can do an lsof (lsof |grep /tmp) to see what processes are still writing to it, and kill them off. Or do a lazy unmount (umount -l /tmp) .


4. Delete /usr/tmpDSK (rm -rf /usr/tmpDSK)

Now open /scripts/securetmp and look for this line:

my $tmpdsksize     = 512000;    # Must be larger than 250000

And change the “512000? value to your desired size in MB, and save the file. Now run the following script to recreate /tmp:

/scripts/securetmp

This will recreate your /tmp (tmpDSK) partition using the size you specified. While the securetmp script may be overwritten in a cPanel update, the size of /tmp will not be affected one you alter its size.

Nginx compilation : PCRE Library Not Found

The HTTP rewrite module requires the PCRE library during the Nginx compilation. The PCRE package contains Perl Compatible Regular Expression libraries useful for implementing regular expression pattern matching.

If PCRE is not installed on the server, it will result in the following error message during the Nginx compliation

checking for PCRE library ... not found
checking for PCRE library in /usr/local/ ... not found
checking for PCRE library in /usr/include/pcre/ ... not found
./configure: error: the HTTP rewrite module requires the PCRE library.
You can either disable the module by using --without-http_rewrite_module
option, or install the PCRE library into the system, or build the PCRE library
statically from the source with nginx by using --with-pcre=<path> option.

How to Install the PCRE library? SSH to the server as user ‘root’

1) First, goto a temporary directory

 # cd /usr/local/src

2) Download PCRE:

 # wget http://downloads.sourceforge.net/pcre/pcre-8.10.tar.bz2

3) Unpack and change to the pcre directory

 # tar -jxf pcre-8.10.tar.bz2 # cd pcre-8.10

4) Confiure PCRE:

 # ./configure

5) Create the installation files and install PCRE

 # make # make install

Once done, you should be able to install Nginx with the HTTP rewrite module.

How to reset Litespeed password in Linux system

What if you forgot litespeed admin pass? Don’t worry here are the simple steps to reset it on Linux machine.

Login to the server already installed LiteSpeed via SSH access. Go to the directory /admin/misc/; where LiteSpeed installed. If you install LiteSpeed in /usr/local/ then you will find it in /usr/local/admin/misc/

server:~# cd /usr/local/lsws/admin/misc

server:/usr/local/lsws/admin/misc# pwd

/usr/local/lsws/admin/misc
server:/usr/local/lsws/admin/misc#
Change your password by running admpass.sh file which works to change the Litespeed admin password.

 

Then follow the steps and you’re done.

server:/usr/local/lsws/admin/misc# ./admpass.sh
Please specify the user name of administrator.
This is the user name required to login the administration Web interface. 

User name [admin]: admin

Please specify the administrator’s password.
This is the password required to login the administration Web interface.

Password:
Retype password:
Administrator’s username/password is updated successfully!
Done. Now you can log into Litespeed with user and password that you change.

Is it possible to change TTL SOA records in all domain zone files?

Yes, it is possible to change the

- TTL
- Refresh
- Retry
- Expire
- Minimum

records by updating the `dns_recs` table in the psa database:

If these parameters are absent, the default settings are be used.

Example:

UPDATE dns_recs SET val=”900? WHERE type=”SOA” AND host=”TTL”;

After updating the records you will need to rebuild all of the domain zone files by running the following command:

“%plesk_bin%dnsmng” update *
Keywords: SOA TTL DNS records change

DNSmng.exe fails during domain creation

DNSmng.exe fails during domain creation.

DNSmng.exe fails during domain creation

[FIX] DNSmng.exe fails during domain creation
SYMPTOMS
When creating a new domain Plesk returns the following error:

dnsmng::update() failed: dnsmng failed: Empty error message from utility.
CAUSE
Most probably configuration files of DNS server are corrupted.
RESOLUTION
You can try fixing it using Plesk command line tool:

“%plesk_bin%defpackagemng.exe” –fix –type=dnsserver

“%plesk_bin%DNSMng.exe” update *

Note: One more possible reason is the memory shortage, so please check server resources as well.

Speed up your site with Caching and cache-control

Caching with .htaccess and Apache will take your website and your web skills to the next level. This is some technical and advanced methods condensed to simple htaccess code examples for you. But you must take the time to understand caching with cache-control and other headers and HTTP options before you implement on a production server.

NOTE: Stay tuned I'm working on the update!

Caching with both mod_expires + mod_headers

# Turn on Expires and set default to 0
ExpiresActive On
ExpiresDefault A0

# Set up caching on media files for 1 year (forever?)
<FilesMatch ".(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav)$">
ExpiresDefault A29030400
Header append Cache-Control "public"
</FilesMatch>

# Set up caching on media files for 1 week
<FilesMatch ".(gif|jpg|jpeg|png|swf)$">
ExpiresDefault A604800
Header append Cache-Control "public"
</FilesMatch>

# Set up 2 Hour caching on commonly updated files
<FilesMatch ".(xml|txt|html|js|css)$">
ExpiresDefault A7200
Header append Cache-Control "proxy-revalidate"
</FilesMatch>

# Force no caching for dynamic files
<FilesMatch ".(php|cgi|pl|htm)$">
ExpiresActive Off
Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
Header set Pragma "no-cache"
</FilesMatch>

Caching with mod_headers

# 1 YEAR
<FilesMatch ".(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav)$">
Header set Cache-Control "max-age=29030400, public"
</FilesMatch>

# 1 WEEK
<FilesMatch ".(jpg|jpeg|png|gif|swf)$">
Header set Cache-Control "max-age=604800, public"
</FilesMatch>

# 3 HOUR
<FilesMatch ".(txt|xml|js|css)$">
Header set Cache-Control "max-age=10800"
</FilesMatch>

# NEVER CACHE
<FilesMatch ".(html|htm|php|cgi|pl)$">
Header set Cache-Control "max-age=0, private, no-store, no-cache, must-revalidate"
</FilesMatch>

Caching with mod_expires

ExpiresActive On
ExpiresDefault A0

# 1 YEAR
<FilesMatch ".(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav)$">
ExpiresDefault A29030400
</FilesMatch>

# 1 WEEK
<FilesMatch ".(jpg|jpeg|png|gif|swf)$">
ExpiresDefault A604800
</FilesMatch>

# 3 HOUR
<FilesMatch ".(txt|xml|js|css)$">
ExpiresDefault A10800"
</FilesMatch>

Display Number of Processors on Linux

Display Number of Processors on Linux.

Display Number of Processors on Linux

If you’ve just upgraded your Linux box, or you are wondering how many processors a remote server has, there’s a quick and dirty command you can use to display the number of processors.

On Linux, /proc/cpuinfo contains all of the processor information for all current processors in your computer. This will include the speed, the amount of on-chip cache, processor type, and how many cores.

Here’s the command:

cat /proc/cpuinfo | grep processor | wc -l

The command just looks in the /proc/cpuinfo file, pulls out the number of lines containing the word “processor” and passes them into wc (word count), which returns a count of the CPUs in the system.

Here’s what it returned on my remote server:

[root@root]# cat /proc/cpuinfo | grep processor | wc -l

16

Note that if you have a dual-core processor, it will return each core as a separate processor. You can look at the full output of cat /proc/cpuinfo to see if the chips are dual-core.

OR

You can get a lot of information by typing “cat /proc/cpuinfo”.
[root@root ~]# cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 44
model name : Intel(R) Xeon(R) CPU E5620 @ 2.40GHzstepping : 2
cpu MHz : 2394.063
cache size : 12288 KB
physical id : 1
siblings : 8
core id : 0
cpu cores : 4
apicid : 32
fpu : yes
fpu_exception : yes
cpuid level : 11
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx pdpe1gb rdtscp lm constant_tsc ida nonstop_tsc arat pni monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr sse4_1 sse4_2 popcnt lahf_lm
bogomips : 4788.12
clflush size : 64
cache_alignment : 64
address sizes : 40 bits physical, 48 bits virtual
power management: [8]

If that’s the entire output then you only have a single processor/core. With multiple processors/cores you should see something like (4 processor/core box):

processor : 0
vendor_id : GenuineIntel
<—SNIP—>
processor : 1
vendor_id : GenuineIntel
<—SNIP—>
processor : 2
vendor_id : GenuineIntel
<—SNIP—>
processor : 3
<—SNIP—>

OR

[root@root~]# cat /proc/cpuinfo | grep ‘model name’ | cut -d: -f2
Intel(R) Xeon(R) CPU E5620 @ 2.40GHz
Intel(R) Xeon(R) CPU E5620 @ 2.40GHz
Intel(R) Xeon(R) CPU E5620 @ 2.40GHz
Intel(R) Xeon(R) CPU E5620 @ 2.40GHz
Intel(R) Xeon(R) CPU E5620 @ 2.40GHz
Intel(R) Xeon(R) CPU E5620 @ 2.40GHz
Intel(R) Xeon(R) CPU E5620 @ 2.40GHz
Intel(R) Xeon(R) CPU E5620 @ 2.40GHz
Intel(R) Xeon(R) CPU E5620 @ 2.40GHz
Intel(R) Xeon(R) CPU E5620 @ 2.40GHz
Intel(R) Xeon(R) CPU E5620 @ 2.40GHz
Intel(R) Xeon(R) CPU E5620 @ 2.40GHz
Intel(R) Xeon(R) CPU E5620 @ 2.40GHz
Intel(R) Xeon(R) CPU E5620 @ 2.40GHz
Intel(R) Xeon(R) CPU E5620 @ 2.40GHz
Intel(R) Xeon(R) CPU E5620 @ 2.40GHz

how to Secure Linux server

This article contains configuration information and tips on how to protect your machine. The article is applicable to all popular Linux distributions.

General

Configure and Enable Firewall

The firewall is the front-line defense against remote attacks. It's highly recommended that you enable and configure it. Linux firewall infrastructure is called netfilter/iptables. To configure it, check this Iptables howto, or use a configuration frontend such asm0n0wall (CLI), shorewall (CLI), or FireStarter (GUI).

I suggest that you drop all incoming connections, and then open the ports you need, like SSH or BitTorrent.

Avoid Easy-to-compromise User Accounts

Your machine must not have user accounts with easy-to-guess passwords, especially accounts like test/test or guest/guest. Many Linux worms try to exploit such accounts over SSH. open/etc/passwd and make sure there are no such accounts, if you do have an account like this, delete it:

$ sudo userdel <username>

If you really need such an account for some odd reason, change its shell to /bin/false, so that an attacker cannot login using it:

$ sudo chsh -s /bin/false <username>

Mount /tmp as noexec

Many script kiddies rely on downloading scripts to /tmp and executing them. By mounting /tmp as noexec, scripts located in/tmp will not be executable. This effectively disables exploits that rely on /tmp. Here is the /tmp config line from my /etc/fstab:

/dev/hda5               /tmp            ext2            noatime,noexec 0 0

Protect against Fork Bombs

Fork bombs are programs that keep creating child processes until system resources are all used. They actually aren't remote exploits because they require a local user to execute the bomb; however, users may be tricked into running a fork bomb. For example, the following example may look innocent, but running it on an unprotected system may take the whole system down:

:(){ :|:& }; :

Do not run the above code on an unprotected system!

The above shell script will actually keep forking at an exponential rate until system resources are exhausted.

To protect a system against such attacks, there is a file for limiting the number of processes per user. It is/etc/security/limits.conf. Add the following two lines to it:

@users          soft    nproc  100
@users          hard    nproc  150

These lines prevent anyone in the users group from having more than 150 processes, and issue a warning at 100 processes.

Your system may not have a users group, so you may want to edit the lines to match your needs.

Limit Usage of su/sudo

su lets normal users switch to the root account, and sudo enables granting more privileges to users. It's always better to grant only the absolutely necessary privileges to specific users, and limit the usage of su to a specific group.

When the usage of su/sudo is limited, even if the system is compromised through a dummy account (like test as username and password), the attacker will have less options to play with.

Linux Daemons

OpenSSH

Users of machines with broadband connections usually need to remotely connect to their machines through SSH. So even if the workstation is protected by a firewall, the port of SSH needs to be open for inbound connections. Therefore, SSH is a common target for remote attacks.

Here is a list of OpenSSH configuration settings that make it more secure against attacks. SSH settings are usually located in/etc/ssh/sshd_config:

SSH default port is 22, change it through the line below. This will stop many automated attacks.

Port 22

(change the port number)

Notice that when remotely connecting to your machine, the new port number needs to be specified to the SSH client, for example:

$ ssh -p <new-port> <username>@<host>

Make sure the protocol is set to 2. Version 1 is not secure.

Protocol 2

The following config lines protect against brute force attacks.

LoginGraceTime 2m
MaxAuthTries 6

Random attackers will usually try random usernames when trying to break through SSH, and since the root account exists on every machine, it will be on the attack list. The following config line disables root login over SSH and stops such attackers. If root access to a remote machine is needed, login using your regular account and use sudo:

PermitRootLogin no

A username with blank password may be added accidentally. The following config line disables SSH for such accounts.

PermitEmptyPasswords no

In addition to the configuration lines I listed, and in case you login to your machine from the same IP address or range, limit IP addresses that can connect to SSH using /etc/hosts.allow. Use the following format:

sshd : 127.0.0.1 : allow
sshd : IP address here : allow
sshd : IP address here : allow
sshd : ALL : deny

MySQL

if you use MySQL for local development, then it's safer to limit its connections to localhost (among the other things). To do so, run the mysql_secure_installation script, and it will take care of things for you.

Samba

Many need Samba for sharing files over the local network. Here is a list of config lines to secure it. The configuration file is usually located at /etc/samba/smb.conf or /etc/smb.conf:

hosts allow = 127.0.0.1 192.168.0.0/24
hosts deny = 0.0.0.0/0

These config lines limit the hosts that can connect to Samba to localhost and local IP ranges; modify to suit your needs.

security = user

Set security to user. In this case, users connecting to Samba will need to login before continuing. To add Samba user accounts, use the following command:

$ sudo smbpasswd -a <username>

You will be asked to provide a password for the new account.

If you login to your Samba share from a MS Windows machine, you may set your Samba username/password to match those on Windows, and avoid having to enter them every time you connect to the share.

As a final Samba tip, do not share your home directory. If you do so, you are just asking for trouble. Create a directory for sharing, and drop files there when necessary.

General Tips

• Keep your system up-to-date, especially when security vulnerabilities appear in packages you use. All major Linux distros have security mailing lists, subscribe to your distro's.


• Disable services you don't need. Every open service makes your system more open to attacks.


• Regularly monitor the output of the following command for odd entries:
  
  
  

  $ sudo less /var/log/messages  # System log.
  $ sudo ps aux  # Running processes.
  $ sudo netstat -anp  # Active connections.

  
  

Manually Override Cache-Control Directives Using ARR

Configure Cache Control Rules

ARR allows for multiple cache control rules, including rules to only cache content based on URL patterns or host names, or to not cache certain content. The cache control rules are processed in the list from top to bottom.

To configure cache control rules

1. Open IIS Manager.


2. In the Connections pane, expand the server node.


3. In the Server pane, double-click Application Request Routing Cache.


4. On the Application Request Routing Cache page, in the Actions pane, click Cache Control Rules….


5. On the Cache Control Rules page, in the Actions pane, click Add….


6. In the Add Cache Control Rule dialog box, follow these steps:
   
   
   
   • In the Apply rule list, select when you want to apply the cache control rule:When no cache control directive exists or Always.
   
   
   • Select Do not cache or Cache.
   
   
   • If you selected Cache, enter the duration in the Cache duration (minutes) box.
   
   
   • In the Host name box, optionally enter the name of your host site.
   
   
   • In the URL box, optionally enter the URL.
   
   
   
   


7. Click OK.

How to fix yum install perl-DBI No package perl-DBI available. Nothing to do

I wanted to install perl-DBI which is a dependency of git-1.7.3.4-1.el5.rf.i386.rpm

when I wanted to install git-1.7.3.4-1.el5.rf.i386.rpm by running

yum install git-core
or even running
rpm -i git-1.7.3.4-1.el5.rf.i386.rpm
it prompted me with a notice that

Error: Missing Dependency: perl(DBI) is needed by package git-1.7.3-1.el4.rf.i386 (rpmforge)

THe fix is so easy
just go to the file /etc/yum.conf using a text editor such as nano

nano /etc/yum.conf

then remove perl*
save the file by existing using CTRL+x and confirming to save changes
run yum install git-core again

finally you should see this notification

Total download size: 6.1 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): perl-Git-1.7.3.4-1.el5.rf.i386.rpm                                                                                                        |  24 kB     00:00
(2/2): git-1.7.3.4-1.el5.rf.i386.rpm                                                                                                             | 6.1 MB     00:01
---------------------------------------------------------------------------------------------------------------
Total                                                                                                                                   2.3 MB/s | 6.1 MB     00:02
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing     : git                                                                                                                                              1/2
Installing     : perl-Git                                                                                                                                         2/2

Installed:
git.i386 0:1.7.3.4-1.el5.rf

Dependency Installed:
perl-Git.i386 0:1.7.3.4-1.el5.rf

Complete!

Email protocols

What is POP3?

Post Office Protocol version 3 (POP3) is a standard mail protocol used to receive emails from a remote server to a local email client. POP3 allows you to download email messages on your local computer and read them even when you are offline.

What is IMAP?

The Internet Message Access Protocol (IMAP) is a mail protocol used for accessing email on a remote web server from a local client. IMAP and POP3 are the two most commonly used Internet mail protocols for retrieving emails. Both protocols are supported by all modern email clients and web servers.

Main difference between IMAP and POP3:

The POP3 protocol assumes that there is only one client connected to the mailbox. In contrast, the IMAP protocol allows simultaneous access by multiple clients. IMAP is suitable for you if your mailbox is about to be managed by multiple users.

What is SMTP?

Simple Mail Transfer Protocol (SMTP) is the standard protocol for sending emails across the Internet. SMTP uses TCP port 25 or 2525 and sometimes you can have problems to send your messages in case your ISP has closed port 25 (How to check if port 25 is open?). To determine the SMTP server for a given domain name, the MX (Mail eXchange) DNS record is used.

How to change my MX record?

How to change my MX record?

It is possible to change the MX records for your domain. For this purpose you should log in cPanel and click on MX Entry.

How to check whether the email ports are open?

You may experience issues with the non-standard http ports Webmail works with. Usually Webmail can be opened from:

• https://mydomain.com:2096


• http://mydomain.com:2095


• http://webmail.servername.com

You may check the name of your server via your Customers Area. Please review the DNS Change article - the server name is the DNS server name without the ns1 infront of it.

Sometimes local firewalls allow access only to sites on port 80. In such cases, please use the 3rd URL. Note that the address "3" is a web based proxy which provides you with the option to access your cPanel via the default http port 80. We have set this extra service for our Customers whose Internet Service Providers have blocked ports 2096 and 2095.

You may check if the ports are blocked executing the following commands:

If you are running Windows do the following:

• Click Start


• Click Run


• Type cmd


• Type telnet mydomain.com 2095


• Type telnet mydomain.com 2096

If you are running Linux do the following:

• Start your Linux/Mac OS console terminal


• Type telnet mydomain.com 2095


• Type telnet mydomain.com 2096

If the port is not blocked the results should look like the above Trying IP_of_the_server ( 10.10.10.10 for an example )...

Connected to servername.com.
Escape character is '^]'.

Different result will means that the port is blocked and you should use the web proxy link provided above.

Please, find the default POP3, IMAP and SMTP ports values at the POP3, IMAP, SMTP and Email clients article.

How to configure email clients

You can use either the webmail interface or an email client. Check our tutorial on how to use cPanel webmail. If you decide to use an email client, such as Microsoft Outlook Express, MS Outlook, Mozilla Thunderbird and Eudora, here are the settings you need:

Incoming mail server (POP3/IMAP server): mail.yourdomain.com
Outgoing mail server (SMTP server): mail.yourdomain.com Or Host: mail.yourdomain.com
Username: the full e-mail address. Example: you@yourdomain.com instead of you.
Password: Assigned in cPanel -> Email -> Manage/Add/Remove Accounts.
SMTP authentication must be enabled for the login to be successful.*

If you have your domain pointed to an external server and the MX record is resolving to one of the SiteGround servers use the server name as  the Incoming/Outgoing mail server.

You can also use secure authentication to your mail server.

Email ports

• The POP3 port for inbound emails is 110 (995 if you want to use secured POP3)


• And the IMAP port for inbound emails is 143 (993 if you want to use secured IMAP)


• The SMTP port for outbound emails is 25 or 2525 (465 if you want to use secured SMTP)

 

Protect your /tmp Directory - Tutorial

lately there has been a lot of DOS (Denial of Services) Attacks happening, and one of the main causes of these attacks of because of insecure /tmp directories.

Your /tmp directory is very dangerious, since it allows every single user the ability to write to it, so should you have an upload script on your site that may be exploitable, or even if there is an vulnerability in a program which allows for remote code execution, it will allow the person to upload a file into your /tmp directory or even use remote code execution to take control of something like wget and download something into your /tmp directory (this is usually how DOS trojans and rootkits end up on your server)

But there something you can do to help protect your /tmp directory:
===============================================

Firstly you need to stop all processes that are using your /tmp so you can work with it.

# lsof | grep /tmp

you should see something like this:

root@carine [/]# lsof | grep /tmp
screen     2599      root  cwd       DIR                8,8    2863104          2 /tmp
php        7577  greatpho    3u      REG                8,8          0       1194 /tmp/session_mm_cgi759.sem (deleted)
php        7577  greatpho    5u      REG                8,8          0         59 /tmp/sess_658bbc19e47f720c2210f3f0339ec6dd (deleted)
mysqld    22603     mysql    5u      REG                7,0          0         87 /tmp/ibQZkUsh (deleted)
mysqld    22603     mysql    6u      REG                7,0       1017         90 /tmp/ibE6blca (deleted)
mysqld    22603     mysql    7u      REG                7,0          0         91 /tmp/ibXQhMV2 (deleted)
mysqld    22603     mysql    8u      REG                7,0       8602         92 /tmp/ibbZcCFV (deleted)
mysqld    22603     mysql   12u      REG                7,0          0         93 /tmp/ibvUZEqO (deleted)
php       29509  greatpho    3u      REG                8,8          0         95 /tmp/session_mm_cgi759.sem (deleted)
php       29509  greatpho    5uW     REG                8,8          0         59 /tmp/sess_658bbc19e47f720c2210f3f0339ec6dd (deleted)
php       32685  aclubber    3u      REG                7,0          0      17861 /tmp/session_mm_cgi533.sem
php       32692  salesdna    3u      REG                7,0          0      17858 /tmp/session_mm_cgi3098.sem
php       32692  salesdna    5uW     REG                7,0          0      17918 /tmp/sess_dbc01a315bbdad2eba7d761b94fb3f04
stop those processes which are using your /tmp directory,
then copy and paste the following this into your terminal window:
cd /
dd if=/dev/zero of=/tmpdir bs=1024 count=200000
mkfs.ext3 -F /tmpdir
mv /tmp /tmp.backup
mkdir /tmp
mount -o loop,noexec,nosuid,rw /tmpdir /tmp
chmod 0777 /tmp
if ! grep -qai tmpdir /etc/fstab ; then
echo "/tmpdir /tmp ext3 loop,noexec,nosuid,rw 0 0" >> /etc/fstab
fi
mount -a
cp /bin/ls /tmp/
/tmp/ls
it should return something like this:
-bash: /tmp/ls: Permission denied
If you see that, then you know everything has gone according to plan.

What the above will do, is create a storage medium (so call it) on /tmpdir, and then mount /tmpdir to /tmp, but it will mount it with loop,noexec,nosuid,rw

Still won't stop the rootkits or DOS files from being uploaded or downloaded into ur /tmp directory, but I will sure as hell stop them from being executed.

Hope this helps