I have a list of bad Ips and would like to add it into iptables, but I don't went to enter one-by-one or by command line, I would like to insert into list file of iptables editing a file or something like that, where and how I can procedure to do this?
View 5 Replies
I have two domains as virtual hosts on same IP address.
I am getting certificate error for the second domain when I try to check email (using MS Outlook). I can't permanently "accept" certificate, it complains again and again. Certuficate I created and self signed for imap.domain1.com, but the second email server is imap.domain2.com, so it complains.
How do I set separate email certificates for two domains? Is it possible at all?
I temporarily enabled and activated Plesk firewall module (which I wish I didn't the first time) and for some reason it seems to have overwritten the default iptables configuration that was set, leaving my ftp unable to be logged into. I tried to disable the firewall module and reboot the server. It didn't work.
I also noticed that it somehow seem to have changed my hostname to my previous server hostname as well
Is there any way to completely revert back to original iptables settings before enabling the Firewall module?
I have a strange issue on a Plesk 12 VPS. Sometimes the sites result in a "502 Bad Gateway (nginx)". This happens 1 or 2 times a day on different times.
In the httpd log I see a record "can't apply process slot" and in nginx log I see "connect() failed (111: Connection refused) while connecting to upstream" but restarting apache and/or nginx will not always result in a working site.
When I restart iptables everything is working fine again.
I tryed install multiple-php version in my Plesk 12 on CentOS 6.5 using Plesk KB but it doesn't work very well so I installed php-panda and it works fine but I want uninstall the php 5.4.31 version that fail but leaving the no-atomic old version. How can I do that? I know that is installed in other directory.
View 1 Replies View RelatedI have plesk running on virtual machine on SSD drive but some web pages required large storage therefore I added second spinning hdd and mounted it into the file system.
How this could be used within plesk? I was trying symlink but that was not supported by FTP and apache.
I am running Plesk 12.0.18 on Centos 6.4
I have noticed that the CPU on my VPS maxes out. This occurs when there are many concurrent visitors to any of the 7 domains. 6 of the domains run Wordpress and 1 runs php-bb forum. When I run top during high cpu I see multiple "php-cgi":
32664 xxxx 30 10 211m 38m 8228 S 21.0 0.9 0:03.70 php-cgi
32675 xxxx 30 10 209m 38m 7992 S 25.8 0.9 0:02.08 php-cgi
30809 apache 30 10 422m 98m 2492 S 8.8 2.2 0:18.07 httpd
Looking at the process
PID TTY STAT TIME COMMAND
32664 ? SN 0:01 /usr/bin/php-cgi -c /var/www/vhosts/system/websitex.com/etc/php.ini
The net result is CPU hits 100% and visitors are greeted with Service Unavailable ...
Output from /usr/local/psa/bin/php_handler --list
id: display name: full version: version: type: cgi-bin: php-cli: php.ini: custom:
cgi 5.3.3 5.3.3 5.3 cgi /usr/bin/php-cgi /etc/php.ini false
fastcgi 5.3.3 5.3.3 5.3 fastcgi /usr/bin/php-cgi /etc/php.ini false
module 5.3.3 5.3.3 5.3 module /usr/bin/php-cgi /etc/php.ini false
On a plesk11 server (migrated from plesk9) I see multiple locations for the logfiles:
/var/www/vhosts/<DOMAIN>/logs
/var/www/vhosts/system/<DOMAIN>/logs
They don't seem to be (hard)linked. Why store logfiles on 2 different locations? Is there a way to make this more efficient?
Where I can find option for enable multiple log in for admin account?
View 6 Replies View RelatedI installed Nginx and PHP-FPM through the Plesk Autoinstaller.It works well with the default PHP version installed originally with the CentOS 6 system (5.3.3). I also installed manually following your KB [URL] .... additional versions of PHP. It works well, and I can use those additional versions through the Plesk UI.
Therefore, I was wondering how to use them with PHP-FPM? As when I activate a domain for Nginx with PHP process (PHP-FPM), it switches the PHP version to 5.3.3 and I can't change this parameter.
I've enabled one more php using this guide: [URL] .... but mysql is not working with the new php installation, how to get it working?
View 7 Replies View RelatedI am looking for a replacement to my existing ISPConfig 3.x installation and have heard a lot of good things about Plesk, so I decided to put up a test server with a trial version of Plesk 12.The server is running Centos 6.5 64-bit minimal install with all system updates applied before installing Plesk. After installing Plesk I used the commands from the attached text-file.After compiling PHP 5.5.20 with no errors displayed on screen I created a new subscription plan as a copy of the #default domain" plan and changed the name to "PHP 5.5 website" and in the Hosting Parameters I changed PHP to run still run as a FastCGI application but use my compiled PHP 5.5.20 instead of the OS vendors PHP 5.3.3.The configure options used are the same as I did use for my ISPConfig 3.x servers.I also tried the configure options shown here: [URL]... But the command ends with a "configure: WARNING: unrecopgnized options: --enable-fastcgi"
If I compile with the attached script I get a HTTP 500 error when visiting the selected website (which is a clean installation of Drupal 7.34) and in the error_log for my test site I get this:
"
[Sun Dec 28 18:51:48 2014] [warn] [client x.x.x.x] (104)Connection reset by peer: mod_fcgid: error reading data from FastCGI server
[Sun Dec 28 18:51:48 2014] [error] [client x.x.x.x] Premature end of script headers: index.php
"
x.x.x.x is the internal IP of my router/firewall.I have also looked in the Plesk Administrator GuideIs there a known issue with Plesk 12 and CentOS 6.5 64-bit when wanting to use multiple versions of PHP, since both the version compiled using the KB article above and my own attached script worked fine on my ISPConfig 3.x servers.
I have installed PHP5.5.12 as the secondary php version. The primary version (installed with plesk) is php5.4 .
Now when I try to install extensions, every time they are installing to the primary version.
How can I install extensions special for the other version?
I have Debian 7 x64 and parallels plesk 11.5
Is Plesk capable of managing different servers from one interface?
View 2 Replies View RelatedI have tried to install multiple versions of PHP as described here: [URL] The option "Add/Remove Components" > "Web hosting features" > "Different PHP interpreters versions" is not available in the Parallels Installer. I am using Plesk 12.0.18 on CentOS release 6.6 (Final)
View 2 Replies View RelatedI am running a VPS through 123-REG, Plesk version 11.0.9 with CentOS 6.4
I host 3 websites of my own (with 14 mail accounts)
4 websites for clients (with 10 mail accounts)
7 websites for clients (with 0 mail accounts)
The problem I have had in the last 2 weeks is that the server has been compromised once again by spammers.
2 weeks ago we had another instance and the support was even worse than before, I decided that the best way forward after irradicating the problem and correcting the source, and in the interest of each of my clients I decided to asign each client with their own IP address in the vain hope that if one client account is compromised the others will not be affected, 123-REG agreed that this is a solid solution so I purchased 5 additional IP addresses for the clients I host mail accounts for, (all of the said addresses were blacklisted when I was given them!!!) the reverse DNS was not set up correctly, and couldn't be through their control panel and some didn't match the SMTP banners, then I found out through them that the mail was still sent out through the Primary IP address anyway so if one client gets blacklisted they all still do.
Now they tell me that I can in fact configure Plesk to use each IP address for each client exclusively and they sent me a link to a support article that doesn't actually tell me how to do it.
I can do the following so far:
Log into puTTY and use the command: nano /etc/postfix/master.cf
Find the "smtp" record referenced in the article [URL]
1.1.1.1- unix - n n - - smtp -o smtp_bind_address=1.1.1.1 -o smtp_bind_address6= -o smtp_address_preference=ipv4
2.2.2.2- unix - n n - - smtp -o smtp_bind_address=2.2.2.2 -o smtp_bind_address6= -o smtp_address_preference=ipv4
although mine looks like the one below:
1.1.1.1- unix - n n - - smtp -o smtp_bind_address=1.1.1.1 -o smtp_b$
Is there something missing from the entry I have?
Assuming that 1.1.1.1 = the relevant IP Address for the client do I need to create an entry for each of my IP addresses?
Do I need to do anything with SMTP banners? If so how do I do it, and what do I need to do?
The article also mentions the default settings being restored each time you reconfigure mail settings and to consider a scheduled task, does that mean each time I set up a new mail account or a new client as I assume that I will need to repeat these steps in that case anyway, mainly because they will have a unique IP address that needs to be set up.
A really nice feature has been brought to plesk with the native support for multiple PHP versions now.I tried it out, but there seems to be an error in the session.save_path of PHP 5.5.23 (the one I tested).sessions.save_path points to /var/lib/php/sessions but the default before seems to be /var/lib/php/session so the folder does not exist.For now I simply worked with a symlink to solve the problem:
cd /var/lib/php/
ln -s session sessions
Not sure if other PHP version or other OSes (besides PHP 5.5.23 and CentOS 6.6 are affected).
According to: URL....I tried to install php 5.3...Before able to .configure php source, i must install several dependencies. I resolved most of them but installing libmcrypt-devel gives the following error:
---> Package libmcrypt-devel.x86_64 0:2.5.7-5.el6.art will be installed
--> Processing Dependency: libmcrypt = 2.5.7-5.el6.art for package: libmcrypt-devel-2.5.7-5.el6.art.x86_64
--> Finished Dependency Resolution
Error: Package: libmcrypt-devel-2.5.7-5.el6.art.x86_64 (atomic)
Requires: libmcrypt = 2.5.7-5.el6.art
Installed: libmcrypt-2.5.8-9.el6.x86_64 (@PSA_10_4_4-thirdparty)
libmcrypt = 2.5.8-9.el6
Available: libmcrypt-2.5.7-5.el6.art.x86_64 (atomic)
libmcrypt = 2.5.7-5.el6.art
You could try using --skip-broken to work around the problem...You could try running: rpm -Va --nofiles --nodiges.
Plesk 12 is used, latest #MU on CentOS 6.5 final.
Maillog is full of messages like:
Mar 31 14:56:52 hosting plesk sendmail[1177]: _mh_fork(): Error occured during waiting the child process with pid: 1178: No child processes
Mar 31 14:56:52 hosting plesk sendmail[1177]: Error during 'check-quota' handler
Mar 31 14:56:52 hosting plesk sendmail[1177]: Unable to get sender domain by sender mailname
[Code]....
The VPS has 16 domains running on it, all with different web addresses and their own email accounts etc.
It's a Linux server and is running postfix for the mail. The main website on this domain has the mail service disabled because we have an exchange service on our own server here in the building where we work. Now when anyone on any of our domains on the VPS try to email us at 'maincompany.com' they get the following error message:
This is the mail system at host <vps address>.
Your message could not be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can delete your own text from the attached returned message.
The mail system
<stevew@maincompany.com>: mail for maincompany.com loops back to myself...
I've run into a problem with my Plesk install with Amazon Route 53. I have the latest extension installed (version 1.2 release 2) on Parallels Plesk v12.0.18_build1200140811.16 os_CentOS 7.
The extension has been working perfectly well for me for months. I was adding new domains to Plesk and discovered that as I was making changes to DNS records that a new zone file was created on Route 53 instead of updating the original one.
I did notice that this started happening when I surpassed the 100 domain limit and seems to only happen on domains created at #101 and on. (in other words, I can edit a domain that was created before I got to domain #100 [ie domain #1] and it does not create a duplicate zone file).
I turned on debug mode for plesk and am seeing the json calls with the correct commands coming through.
Redacted sample of an update of Domain #104
[2015-06-10 16:42:43] INFO [panel] The domain alias <b>mydomain.test</b> was created.
[2015-06-10 16:42:43] DEBUG [util_exec] [5578bd6355bc3] Starting: dnsmng /usr/local/psa/admin/bin/dnsmng '--update' 'mydomain.test'
[2015-06-10 16:42:43] DEBUG [util_exec] [5578bd6355bc3] Finished in 0.06322s, Result: TRUE
[Code] .....
So from what I can see the domain +100 is re-creating the domain whereas domain 1 is not - it's just updating it, even though both json commands show the update statement coming through.
We are looking for a solution to support multible IP's for different domains in one subscription/cusomer Account. Current, we have 4 IP's as shared. the Customer can choose under "Web Hosting Access" , which IP he wants to use.
This setting effect all domains in his Account. So it is not possible to set domain1.tld to e.g. IP 1.1.1.1 and domain2.tld e.g. to 2.2.2.2
We like to offer the cusomers one cusomer account with multible IP's
We recently started migrating some cPanel accounts to Plesk. Besides the obvious that it doesn't create customer accounts it contains a pretty frustrating bug:
When an mail forward in cPanel has multiple addresses, only one the first mail forward address is migrated to Plesk.
so, E.g.
on cPanel: test@example.com is forwarded to john.doe@something.com, jane.doe@else.com, foo@bar.com
after migration to Plesk:
test@example.com is forwarded to john.doe@something.com only. The other addresses are not migrated.
Our server : [URL] .....
plesk v11 (64BITS)
PROBLEM DESCRIPTION
We found 502 Bad Gateway error Nginx on multiple domain "currently troissoeursetunfrere.com is a wordpress site e-commerce" and also malittleboutique.com ecommerce wordpress, possibly to fix this problem we have followed this tutorial " [URL] ....
we perform the following operations:
sudo apt-get remove php5 php5-cgi php5-fpm
sudo apt-get install php5 php5-cgi php5-fpm
Following these operations we lost access to cpanel.
I'm getting multiple smtp mass mail attack, using weak passwords.
Is there a command, a part from
/usr/local/psa/admin/sbin/mail_auth_view
to list only unsecure password?
I'm trying to add multiple PHP version (current version installed: 5.5.13), using the official documentation. I always get 500 Internal Server Error after switching to the new version, with the following error_log content:
Code:
[Sat Jun 07 00:49:35 2014] [warn] [client XXX.XXX.XXX.XXX] (104)Connection reset by peer: mod_fcgid: error reading data from FastCGI server
[Sat Jun 07 00:49:35 2014] [error] [client XXX.XXX.XXX.XXX] Premature end of script headers: index.php
Here you can view phpinfo() obtained running php54-cgi index.php from the command line. Same script doesn't work as FastCGI.
I'm trying to add PHP 5.4.29. Here is how I compiled it:
Code:
./configure
--prefix=/usr/local/php54
--with-bz2
--with-config-file-path=/usr/local/php54/etc
--with-config-file-scan-dir=/usr/local/php54/etc/php.d
--with-curl
[code]....
Switching back to PHP 5.5.13 and the script works fine (a simple phpinfo() output).How can I try to understand/debug what's wrong with the installation?
IPTABLES(Linux Firewalls)
Use Of Iptables?
Filtering packets based on a MAC address and the values of the flags in the TCP header. This is helpful in preventing attacks using malformed packets and in restricting access from locally attached servers to other networks in spite of their IP addresses.
Firewall also keeps track of each connection passing through it and in certaincases will view the contents of data flows in an attempt to anticipate the next action of certain protocols. This is an important feature in the support of active FTP and DNS, as well as many other network services.
How IP Tables works?
All packets inspected by iptables pass through a sequence of built-in tables (queues) for processing. Each of these queues is dedicated to a particular type of packet activity and is controlled by an associated packet transformation/filtering chain.
There are three tables in total. The first is the mangle table which is responsible for the alteration of quality of service bits in the TCP header. This is hardly used in a home or SOHO environment.
The second table is the filter queue which is responsible for packet filtering. It has three built-in chains in which you can place your firewall policy rules.
a) INPUT Table b) OUTPUT Table c) FORWARD Table
General Syntax of the iptables is as follows:
IPTABLES -A {INPUT,OUTPUT,FORWARD} -p {tcp,udp} --sport(dport) -s {ip} -j {DROP,REJECT,ACCEPT}
To Block the incomming ip:
IPTABLES -A OUTPUT -p tcp --sport{1..65535} -s {ipaddress} -j DROP {REJECT}
To Block the outcomming ip:
IPTABLES -A INPUT -p tcp --sport{1..65535} -s {ipaddress} -j DROP {REJECT}
You can also use --dport instead of --sport & you can use -d instead of -s which specifies source or destination respectively.
commands to log packets temporarily for a certain udp port with the IP information ect.
Any help would be appreciated. As for what I am doing, I am trying to find anything wierd or something that stands out from the packets sent from external IP's to my server.
I execute the following commands, in the following order:
iptables --flush
iptables --zero
iptables -A INPUT -s 218.65.12.161 -j DROP
will that last command successfully ban that IP until reboot?
If not, what needs to be done? I can't access my site if I don't flush + zero iptables first but I need to be able to ban with iptables.
I'm in the process of installing PPA on infrastructure running Parallels Cloud Server. Each container has 2 interfaces, one public facing and a private interface for inter-server communication.
No problems installing PPA 11.5 (specifying IP's on commandline) or adding service nodes however, the firewall rules the documentation speaks of are nowhere to be seen? i.e.:
Important: After the installation, PPA creates the special firewall chain PPA-SN-Rules-INPUT used for communication with service nodes. Do not change it, otherwise, you will not be able to add service nodes to PPA.Click to expand...
Has this been dropped from PPA 11.5 ? (I recall seeing the firewall settings in 11.1) There is also no sign of the ppa.firewall tool that is also mentioned.
The only rule I see inserted is for Postgres on the management node, and 2 for pleskd on all of the nodes (open to world!).
