Plesk 11.x / Linux :: Cannot Connect To Ssh Server Owing To Misconfigured Firewall
Jul 21, 2014
I am having trouble connecting to my ssh server. It responds with a lengthy error message about no network etc. but it is the last message that concerns me:
Sometimes, such troubles can be caused by a misconfigured firewall.
How can I check the firewall if I cannot connect to ssh? I am running plesk 11.5 control panel and CentOS 6. Is this something I can do from plesk?
I can see that the firewall in plesk is set to allow all for ssh, but I cannot see way to disable the firewall to test ssh connection. Can this be done from plesk?
I recently upgraded to 12.0.18 and I am using Roundcube 1.0 from the panel. I read that the "Unable to connect to sieve serve" problem would be solved in version 12.It seems not. What to do?
Since the update I have a problem with my Firewall. I need to set "Allow all incoming connections" under "Server => Firewall" in order to connect over FTP with TLS (explicit). This was working before the update without allowing all incoming connections. How to fix this in the Plesk panel?
Since yesterday I can't connect to any of my ftp clients.For months I could login to my FTP using Coda and Filezilla and everything worked until yesterday.
Coda gives me this message: Error -203: miscellaneous error occurred while trying to login to the host
Filezilla gives me this message: Antwoord:220 ProFTPD 1.3.5 Server (ProFTPD) [MYSERVERIP] Opdracht:USER username (username is my ftp username) Antwoord:550 SSL/TLS required on the control channel
I have not changed anything on my server. Just out of the blue this errors appears and now my customers and I can't login anymore.I tried to restart the server, made a new ftp account..I don't know if I can reinstall the ProFTPD or need to open port 21?
I can not connect to the server with using "Require explicit FTP over TLS"
In /etc/proftpd.conf I have added from here [URL] ....:
<IfModule mod_tls.c> TLSEngine on TLSLog /var/log/tls.log TLSProtocol SSLv23
[Code]....
PS: in Tools & Settings ->SSL Certificates ->I created a new self-signed certificate, set as default. In Tools & Settings ->IP Adress bind new certificate to IP
For each domain is created own certificate, but when try to connect, will be ascked to confirm a default certificate from Plesk I have create a new certificate (using SSH)
Service restarted too with: service sw-cp-server restart
i then used a MD5 generator to input the hash in the password field of the roundcube user in mysql, with no luck...I even tried to delete roundcube user from mysql, then remove psa-roundcube, then go through the plesk update manager and install roundcube again, did not change nothing, it didn't even create the roundcube user.
Is there anyway i can reinstall roundcube from scratch?PPP 11.5 up to date on ubuntu 12.04
Code:
[05-Oct-2013 14:03:54 +0200]: DB Error: _doConnect: [Error message: Access denied for user 'roundcube'@'localhost' (using password: YES)] [Native code: 1045] [Native message: Access denied for user 'roundcube'@'localhost' (using password: YES)]
My fedora server is running apf firewall. When I turn it off, clients can connect.
When I turn it on, it says MSG: Contacting Server.
I have already added ports 6100 and 3784 to /etc/apf/conf.apf by adding the ports to the lines, EG_TCP_CPORTS, EG_UDP_CPORTS, IG_TCP_CPORTS, and IG_UDP_CPORTS
Alright now this is the most intelligent way to send spam I have ever seen. Apparently a guy has made a PHP or Perl script that is acting as an MTA. That's right: He is neither using Sendmail nor Exim but he made a script that acts as an MTA. That means the script itself connects to third party mailservers via port 25 and communicates with the remote mailserver as if it was an MTA itself. This works even if Exim is entirely disbaled...
The spam still get's sent. The script is running only occasionally...not like a daemon.
So it is nearly impossible to locate it. You have no Exim logs to look at. And in the Apache logs any PHP script could be it... You are not able to find that out. Therefore I am unable to stop him unless I manage to block outgoing connections to another host's port 25 for any program but for exim.
How can I configure my firewall (APF) so that only Exim my connect to other servers via port 25? Is that even possible?
How to connect nginx to work with directory web_users for some virtual host?
This directory contains two accounts (user1, user2) with a large amount of static content (files .jpg), the downloaded web users themselves. At the moment they are processed by Apache, which causes an additional load on the server.
In hosting configuration for virtual host "domain.tld" set:
document root: httpdocs. (That is, the "httpdocs" and "web_users" directories are on the same level).
In the web server configuration settings (in additional nginx directives) i can't use the directive "server" (refuses to save), where you can specify the location of the additional "document root" for nginx.
After changing my web hosting (same system : VPS, same version of linux : CentOS 6 , but passage from Plesk 11 to 12), i am now unable to connect remotely via TCP-IP to my mysql databases (with third-party tools like Mysql Workbench, Toad...) ! I never met this problem before.
The only way to connect is to use a "Standard TCP-IP over SSH" connection method ... but i don't want (i did'nt need this method before) !
Though, remote connections are allowed from any host in the settings.
I have over 5 WP installations on my Server and i installed all manual and had never issues.
Now i installed a again a WP Site and after i go to the Wordpress Toolkit to search for the new installation i got the following Message:
PHP Parse error: syntax error, unexpected '?' in /usr/share/plesk-wp-cli/php/wp-cli.php(23) : eval()'d code on line 1 {"err_code":0,"err_message":"
With error cannot connect to DB.
So all WP installations are running fine instead of the new one.... I didn't change any configs files of PHP all is standard, the wp-config.php is correct, the Site is running fine.
From my point of view is this an issue by Plesk due to Parse error message at the files of Plesk, see error message!
System: OS Debian 7.8 Plesk Version 12.0.18 Update #43, zuletzt aktualisiert: 20. April 2015 13:17:36
I know with an older Version of Plesk 12.0.18 it was working fine too, so the bug was implemented with a MU.
I checked the file as well and find out that at all PHP files the code is not closed at the end so the "?>" is always missing.
I had Plesk 10 installed on my openSUSE system (was a low version, maybe 11 or less) and then decided to upgrade to 11.5. So I did distribution upgrades to openSUSE 12.3 and everything went smoothly, except for some services like mysql and php. So I used Plesk autoinstaller to fix the php error and edited an outdated line in mysql configuration and both services ran smoothly!
Then I downloaded Plesk autoinstaller and ran the autoinstaller, but was surprised by this error message:
===> Checking for previous installation ... found. ERR (3) [panel]: Error during product key mode determination, details: Unable to connect to database: ; trace: #0 /usr/local/psa/admin/plib/functions.php(2821): isPpaKeyRequired() #1 /usr/local/psa/admin/plib/common_func.php3(11): require_once('/usr/local/psa/...') #2 /usr/local/psa/admin/plib/api-common/cu.php(5): require_once('/usr/local/psa/...') #3 /usr/local/psa/admin/sbin/httpdmng(8): include_once('/usr/local/psa/...') #4 (main)
Unable to connect to database:
- My MySQL version is: 5.5.33 openSUSE package - I did run mysql_upgrade with my admin username and password (password from: /etc/psa/.psa.shadow) and it worked successfully and fixed all of the errors, I did so after running the auto installer first, but then ran the installer again and the problem was still there - I can access my web page, but it still doesn't connect to MySQL either.
I believe this is a problem with MySQL, but how can I make sure or detect what exactly the problem is
I cant connect to the Database WebAdmin. If I click the icon, i got an "File not found." in the opening tab. Back in Plesk I get the following:
ERROR: PlexkFatalException Server id is undefined?
I even cant connect via ssh to the mysql part of my server. But the server is running and both of my two wordpress pages run smoothly. I know this page: [URL] .... – but as I sad, cant enter die mysql.
It seems something is wrong with the permissions. I'm on the point where I just want to reset everything database related. But how?
My Plesk 11.5 server will not connect to my SQL 2008 server. It runs on a Windows 2008 server. I have turned the Windows firewall off. The servers are on the same IP subnet. I can ping the SQL server by name and address, remotely Login successfully using SQL management studio, and map a share to a drive.
The SQL server is in Mixed Mode. I can telnet to port 1433 and login. The SQL server has TCP/IP enabled. Connections made by web sites - mostly ASP driven - connect normally. The Plesk console fails to connect with the following error -
Error: Test connection to the database server has failed because of network problems:
Get database server version failed: Login failed for user '????'.
I have these problems since version 11.5. Now I have installed version 12 on centos . FTP works fine and is super fast and speedy until i enable PLEK FIREWALL, I also tried to add passive port range 60000-65534 to Plesk Firewall rules.
But nothing works.
It takes like 10 times longer to Login + List Files + Make changes using FTP. We applying changes via FTp and its very slow. We can use plesk file manager but its very inconvenient way for quick file uploads and changes.
# ll /opt/psa/var/modules/firewall/active.flag ls: cannot access /opt/psa/var/modules/firewall/active.flag: No such file or directory
# /etc/init.d/psa-firewall start psa-firewall: service is disabled
You then have to manually "touch" the active.flag to be able to start the firewall again. A workaround is to remove the line:
Code: sed -i 's:rm -f /opt/psa/var/modules/firewall/active.flag::' /opt/psa/var/modules/firewall/firewall-emergency.sh'
I really hope that Parallels fixes this asap, as normally you won't notice that the firewall is not active when every works fine (nothing is blocked) and Plesk still shows all the rules.
I currently have the Web Application Firewall (ModSecurity) installed but would like a visual interface to block IP's, subnets etc.. Can I install the Plesk firewall as well without any conflict with the Web Application Firewall?
I am writing today regarding the Plesk Firewall. It seemed to be pretty handy for quickly blocking troublesome users from *replace-with-whatever-IP-block-is-giving-you-trouble*. Yet I am unable to block IPv6 addresses, and the fire wall seems to let some blocked IPv4s right in. I did not see any distinction as to v4 or v6 in the Firewall dialog for adding custom rules, so...
The question is...
(1) Is the Plesk Firewall *supposed* to apply rules to IPv6 by default?
If yes...
(2) Is there a setting or a switch that has to be configured for this to work?
If yes...
(3) Where are said configuration options located?
Okay, when I run /sbin/ip6tables -L (CentOS) I get output that resembles the iptables (no 6) output, only... what, converted to IP6? Not sure. Example output:
DROP tcp ::ffff:31.0.0.0/104 ::/0 tcp dpts:1:10000
In that particular instance I added a drop for the 31.0.0.0/8 block (using the Plesk Firewall interface), in order to create the script that's loaded into iptables (and ip6tables as well, apparently) when one elects to "Apply Configuration". It worked great, executed perfectly, and the iptables output list output looked to be (and remember, I have grossly insufficient background knowledge in this area) accurate.
Yet at the time of this writing I can see via live traffic monitor that an address in the 31.0.0.0/8 block (IPv4) is pounding away at a website. This is curious, as the live traffic monitor indicates an IPv4 address. So... can an IPv4 address be detected and recorded from a host that is only able to connect via IPv6? While an interesting question, I was more concerned with just blocking the IPv6 address and get more academic with it later.
But this raises another question; why would Plesk populate ip6tables and not provide an interface to actually submit IPv6 addresses.