I'm not sure why but this happen when I try to use SSL on WHM.. it just say "Secure Connection Failed" [url]
Quote:
The certificate is not trusted because it is self signed.
The certificate is only valid for luna.ndx2.com
But when I try [url]it worked fine. My SSL cert is sign by Comodo CA Limited.
From my observation, it looks like my host shared SSL cert is interrupting with WHM.
An error occurred during a connection to site.com.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
The page you are trying to view can not be shown because the authenticity of the received data could not be verified.
I'm not sure on how to fix this. Running CPanel.
I can access WHM/CPanel fine on SSL from the main IP. Just not any of the sites or CPanel from the other IPs.
I'm transitioning from a shared account to a VPS and am trying to run it as securely as practical.
I've been looking at ways of keeping administrative connections to the server secure. So far I've considered VPN technologies like L2TP/IPSec and RAS but they don't seem suitable for what I need.
I just want a simple encypted, tamper-proof, computer-to-server connection in a Windows Server environment.
I'm using plesk with CentOS 6.6 and the postfix/courier mail services...I tried to connect an existing mail account with a mail program like thunderbird. But I'm not able to connect to it, except when I'm using "no connection security"...So I tried, if manually contacting the POP3s Port is working:
Code:
openssl s_client -ssl3 -host mail.domain.de -port 995
with the following result:
Code:
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
[code]....
the same results come for trying to connect to port 465 (ssmtp) and 993 (imaps)port 443 (https) seems to work fine..i already checked if the corresponding certificates exist (e.g. /usr/share/imapd.pem) and filled with the standard certificate informtaion given by plesk checking openssl on the server gives the following result:
Code:
# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
is there anything I have missed to configure?
I have used the patch : [URL] .... to disable ssl v3.
After I applied the patch getting error below when i try to send email via horde webmail:
There was an error sending your message: Could not open secure TLS connection to the server.
Roundcube can send mails well but horde not. Otherwise since applied the parch i can't get mails from gmail and maybe other providers i don't know yet.
I've written a script to send property data to rightmove.co.uk as part of their new automated data feed. However they require a secure connection to their systems when posting the data. They have provided me with a .pem file which is a security certificate. I need to install this on my plesk server but where to start as most certificates require a private key and the actual certificate. The private key I have been provided is only an 8 charter string, like a password.
View 1 Replies View RelatedAfter auto-updates I cannot connect to all my sites in ftp with filezilla.
These are the errors:
Unable to accept TLS connection: received EOF that violates protocol
I have tried this: [URL] .... but with no success.
I have restored permissions with:
/usr/local/psa/bin/repair --restore-vhosts-permissions but also in this case it cannot work for me.
How is it possible?
Firewall is ok. All is ok. I have this issue after updates.
We have a script that run for more day without problem Script connect to port 25
Now we get this:
Warning: fsockopen() [function.fsockopen]: unable to connect to my.domain.com:25 in /home/mydom/public_html/backend/go.php on line 47
Connection refused (111)
Currently having a problem with proftpd on my centos plesk 8.1 server.
During large uploads, lets say around 10 MB the FTP connection fails within 5 minutes or so saying:
"A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond."
I have asked for help from my server provider but they have tried and are now unable to help.
I currently have the APF firewall in my server.
Has anyone experienced this?
Below is the APF config file that i currently have & the proftpd config files that i have, if anyone can help it would be really really appreciated
APF CONFIG:
Code:
#!/bin/sh
#
# APF 0.9.6 [apf@r-fx.org]
#
# NOTE: This file should be edited with word/line wrapping off,
# if your using pico please start it with the -w switch
# (e.g: pico -w filename)
#
##
# [Devel Mode]
# !!! Do not leave set to (1) !!!
# When set to enabled; 5 minute cronjob is set to stop the firewall. Set
# this mode off (0) when firewall determined to be operating as desired.
##
# Set firewall cronjob (devel mode)
# 1 = enabled / 0 = disabled
DEVEL_MODE="0"
##
# [Main]
##
# The installation path of APF; this can be changed but it has not
# been tested what would happen.
INSTALL_PATH="/etc/apf"
# Untrusted Network interface(s); all traffic on defined interface will be
# subject to all firewall rules. This should be your internet exposed
# interfaces. Only one interface is accepted for each value.
# NOTE: The interfacing structure is being worked towards support of MASQ/NAT
IFACE_IN="eth0"
IFACE_OUT="eth0"
# Trusted Network interface(s); all traffic on defined interface(s) will by-pass
# ALL firewall rules, format is white space or comma seperated list.
IFACE_TRUSTED=""
# Enable virtual network subsystem; creats independent policy ruleset for each
# ip on a system (pulls data from 'ip addr list') to /etc/apf/vnet/ip.rules
# Template is located in the vnet/ folder for rule files. This feature can
# reduce apf start/stop performance and is not recommend for systems with more
# than 255 (/24) ip's. [0 = Disabled / 1 = Enabled]
SET_VNET="0"
# Support Monolithic kernel builds [no LKM's]. This mode of operation is
# not really supported and you use at your own risk.
SET_MONOKERN="0"
# Verifies that all inbound traffic is sourced from a defined local gateway MAC
# address. All other traffic that does not match this source MAC address will be
# rejected as untrusted traffic. It is quite trivial to forge a MAC address and as
# such this feature executes NO default accept policy against this MAC address.
VF_LGATE=""
# Verifies that the IF and IFACE_TRUSTED interfaces are actually routed (/sbin/route)
# to something. If not then chances are APF will not start properly if at all.
VF_ROUTE="1"
# Verifies that crond service is running when DEVEL_MODE=1; if not then APF will not
# try to load as if lock-up occures no cron service to flush firewall
VF_CROND="1"
# Verifies that the current system uptime is greater than this value before APF
# can activate. This is to prevent on-boot lockup issues or delays due to excessive
# amount of firewall rules. Value is in seconds; should you wish to disable this
# feature, simply set VF_UTIME to 0 value. !! NOTE: APF WILL NOT START ON IT's OWN;
# IT WILL EXIT WITH FATAL ERROR BELOW SET UPTIME !!
VF_UTIME="0"
##
# [Packet Filtering/Handling]
##
# How to handle TCP packet filtering?
#
# RESET (sends a tcp-reset; TCP/IP default)
# DROP (drop the packet; stealth ?)
# REJECT (reject the packet)
TCP_STOP="DROP"
# How to handle UDP packet filtering?
#
# RESET (sends a icmp-port-unreachable; TCP/IP default)
# DROP (drop the packet; stealth ?)
# REJECT (reject the packet)
# PROHIBIT (send an icmp-host-prohibited)
UDP_STOP="DROP"
# How to handle all other packet filtering? (icmp,arp,igmp)
#
# DROP (drop the packet)
# REJECT (reject the packet)
DSTOP="DROP"
# The sanity options control the way packets are scrutinized as
# they flow through the firewall. The main PKT_SANITY option is a
# top level toggle for all SANITY options and provides general
# packet flag sanity as a pre-scrub for the other sanity options
PKT_SANITY="1"
# Block any packets that do not conform as VALID; this feature
# is safe for most but some may experience protocol issues with
# broken remote clients
PKT_SANITY_INV="0"
i have a vps
and all my site not working!
i got this error:
rndc: connect failed: 127.0.0.1#953: connection refused
i got this error :
rndc: connect failed: 127.0.0.1#953: connection refused
oot@server [/]# rndc status
rndc: connect failed: 127.0.0.1#953: connection refused
root@server [/]# /etc/init.d/named status
rndc: connect failed: 127.0.0.1#953: connection refused
named is stopped
root@server [/]# /scripts/fixndc
Named could not be restarted, any obvious config errors should show up below this line.
No critical problems found, will attempt to regenerate keys regardless.
warn [fixrndc] /usr/sbin/rndc status failed: rndc: connect failed: 127.0.0.1#953: connection refused
Creating rndc.conf
Creating /etc/rndc.key
warn [fixrndc] /usr/sbin/rndc status failed: rndc: connect failed: 127.0.0.1#953: connection refused
Restarting named
warn [fixrndc] /usr/sbin/rndc status failed: rndc: connect failed: 127.0.0.1#953: connection refused
/scripts/fixrndc failed to fix the rndc key (or named is otherwise broken), please investigate manually
and i have try to reload the rndc but i got this error :
root@server [~]# rndc reload
rndc: connect failed: 127.0.0.1#953: connection refused
my vps info : linux os - centos , using cpanel , apache , mysql ....
root@server [~]# uname -r
2.6.18-028stab064.7
WINDOWS SERVER Plesk Panel version 12.0.18
Error: Test the database server connection failed:
mysqlnd cannot connect to MySQL 4.1+ using the old insecure authentication. Please use an administration tool to reset your password with the command SET PASSWORD = PASSWORD('your_existing_password'). This will store a new, and more secure, hash value in mysql.user. If this user is used in other scripts executed by PHP 5.2 or earlier you might need to remove the old-passwords flag from your my.cnf file
I am having the problem that with certain domains when they try to login in to webmail they ares seeing:
Connection to storage server failed.
Under the login windows and they are now allowed access.
I freshly installed Plesk 12.0 on Ubuntu 14.04. Everything works accept the MySQL database creation.
When I try to create one, i get this error :
error: the test connection to the database server has failed because of network problems: connection refused...
I have ftp server (pure-ftp). with firewall.
i allowed 20 and 21 port in "CSF" firewall
now when i or our client connect to the server connection done.
and the they fire dir or ls command they will receive error
"425 Could not open data connection to port 2535: Connection timed out"
what is the problem.i have already allowed passive port 2500:3500 then why i received this types of error
how can i secure my tmp on vps?
mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp
it isnt work on vps and i have this error:
[root@ dev]# mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp
mount: could not find any device /dev/loop#
i want to secure my /tmp and do this:
so i try this link
[url]
so:
cd /dev
dd if=/dev/zero of=tmpMnt bs=1024 count=150000
/sbin/mke2fs /dev/tmpMnt
cd /
cp -R /tmp /tmp_backup
mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp
but i have this error:
root@server [/]# mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp
mount: no permission to look at /dev/loop#
when I get a dedi server for shared hosting. I secure it as much as i can and then just incase I miss stuff etc I hire 2 other companys to check over everything. Since I bought a vps from fsckvps are there any guides to secure and optimize a vps other then the one located in the vps section? thanks. I Dont feel like spending 50+ dollars on securing a vps that costs less then 15 a month.
View 14 Replies View Relatedvbulletin.com/forum/showthread.php?t=281011
How secure is my VPS? Anyone who has some free time and is reading this thread could please try to do some penetration-testing or something related (I really do not know much about network security) in order to know if my server configuration could be the problem?
Do you find any way to download the full database without login on the system (cPanel or phpMyAdmin)?
i'v been Installed all these In my VPS server
1)Disable Functions:
system,system_exec,shell,shell_exec,exec,passthru,escapeshellarg, escapeshellcmd,proc_close,proc_open,ini_alter,dl, popen,parse_ini_file,show_source
and Enable The Safe_Mode.
---------------------------------------
2)Hide_your_apache_Version
---------------------------------------
3)Install LogWatch in a Server
---------------------------------------
4)Mod-Security-Install
---------------------------------------
5)Root-Login (IP Sent).
---------------------------------------
6)Disable Login Root and Change SSH Port .
---------------------------------------
7)Installing eAccelerator .
---------------------------------------
8)Install Nobody Check
---------------------------------------
9)Updateing All of
/scripts/upcp
/scripts/updatenow
/scripts/sysup
/scripts/fixeverything
/scripts/exim4
/scripts/easyapache
/scripts/securetmp
----------------------------------------
but doesnt know yet what the better to secure my vps ..
and about Firewall two .. wich firewall better
CSF or APF+BFD ..
I have an application that requires a Secure FTP connection to a server to work. I am having trouble connecting to one server, a windows based server, while the CentOS Linux server is working fine.
Does anyone know where I can find test Secure FTP locations so I can determine if the issue is with misconfiguration or with an incompatibility of the program with windows Secure FTP sites?
I am able to connect to both sites using WinSCP and choosing Secure FTP.
Check out this blog and suggest what thing more can be added to secure the vps and i think this information database can be helpful for newbies and intermediate users which like to secure the VPS.. which sometimes exploited due to bad scripts.
[url]
Ive been using Dreamhost for years and there great however, One of my clients needs has drastically changed and they are now required to comply with the Data Protection Act.
In particular this bit make Dreamhost a bit of a no go due to them being in California:
"Personal information may not be transmitted outside the EEA unless the individual whom it is about has consented or adequate protection is in place, for example by the use of a prescribed form of contract to govern the transmission of the data."
Unless my client goes and asks all 1000+ customers they are kinda in a bit of a quandary. So here's what im looking for:
Secure UK Datacenter, eg Easynet, Blue Square etc
128mb RAM, 256mb Burstable, 20GB storage, 500GB transfer
LAMP Environment
Support within Business Hours
Control Panel
