I'm trying to figure out which security measures to apply to my new server. I last tweaked security on a web server four years ago, and it seems like these days cPanel does automatically much that I did manually before. CSF seems to help with a lot of the rest.
I know chrooted BIND was all the rage, for example, four years ago, but now I can hardly find mention of it. Is it still worth it?
also, thoughts on changing the SSH port? Is that really worth it? I presume that means users would manually have to specify the SSH port every time they wished to connect...
I run a web hosting company and one of my servers is a LAMP server running CentOs 5. A user of mine has a Joomla installation running to manage his website and he has run into the following problem that I am puzzled by.
When Joomla adds a component or module to itself, or when a user uses the Joomla upload functionality, Joomla will add the new files under the user name "apache". This makes sense as it is the apache service running PHP that is actually creating the files.
However, when he FTP's into the account to modify these files, he doesn't have the appropriate permissions to do so as he doesn't have a root level login, just permissions on his home directory which is the site. Any help would be much appreciated.
Also, does anyone know how to change the owner/group of a directory and all of its sub directories in Linux without changing the actual permissions? I.e. some of the files in the folder have different permissions (0644 as apposed to 0755) than its parent but if I do a top down user/group change on the folder it will change everything in that folder to 0755.
I recently had Fantastico update issues, my fantistico was giving me errors such as "This feature is currently not availabel, please contact your host." lol
I tried lodging a CRON job to do the update ...but waited 72 hours and nothing ! lol
Later i found our that the Fantastico licensing server was down for a while lol
i just installed rpmforge repo and updated the my vps everything went fine now every thing is fine exept ftp i have tried both pure-ftp and pro-ftp both are not workingh the port 21 is used by xinetd i am not able to find out what to due the ftp installs successfully but after installations is done it give Failed on restarting stopping or starting
WHat can i do to remove this i used the status command to /etc/init.d/pureftpd status Pureftpd is dead this is what i got Pro-ftpd gives error unable to bind ip at port 21
I have just got the new server adn I tried to check bandwidth usage via 'Bandmin' but it seems like not updating because its all 0,
Last updated Fri Feb 2 21:00:04 2007
Ip Possible Domain(s) Transfer in gig Transfer in meg Transfer in kbit/s Transfer in kb/s Transfer in mbit/s Total in 0.000000 0 0.000000 0.000000 0.000000
What exactly is a kernel and when will we need to ask the server management to update it? Read quite a few posts here indicating that kernel's were vulnerable to security issues. Still trying to learn all the to do's for hosting websites on a dedicated server.
root@server [/scripts]# ./runweblogs username Log checker loaded ok.. ==> WARNING: The configured processor count does not match the ==> actual processor count (4)! Running log analysis programs ==> on this system may cause excessive load! You should set "extracpus" ==> to "0" in /var/cpanel/cpanel.config if this is not ok. ==> cPanel Log Daemon version 22.2 ==> Shared RRDTOOL support enabled ==> Starting cpbandwd (bandwidth monitoring for IMAP/POP) cpbandwd is already running. Processing eldred... Run Logs domain: domain.com BW Limit: 262144000000 Domains: [save.domain.com save.info store.domain.com]
Stats are not updating for this account. I ran this twice, keeps getting stuck at this line forever..
im trying to update my php version to 5.2+ so i can run phpmyadmin on my server. Ive tried two different methods both produced same results. First method was to download libxml2-2.7.3 and then do ./configure, make,etc then i download php, ./configure, make install, etc. At first i had to yum install make, then a c complier cause make and ./configure didnt work before that. After everything seemed to work fine until the end when it said you may have found a bug on php would you like to submit it? So obviously the php version didnt update at all.
Next i tried adding a repo that already contained php-5.2.5 and then yum install php since centos only seems to support regular yum install up to php version 5.1.6. i did rpm and installed php and thought sweet ive updated php. Ran php -v and i am still running php version 5.1.6.
We have dedicated server (Cpanel installed) in that I would like to install the mod_evasive for disabling the DOS attack. So that I have followed the below url
[url]
In that httpd-devel asked to update. # up2date install httpd-devel*
When I update the httpd-devel I got message like
The following Packages were marked to be skipped by your configuration:
Name Version Rel Reason ------------------------------------------------------------------------------- httpd-devel 2.0.52 38.ent.2Pkg name/pattern
The following wildcards did not match any packages: httpd-devel*
So that I have removed the pkg-skip list from up2date command
# vi /etc/sysconfig/rhn/up2date
and tryied to update
# up2date install httpd-devel*
Later I am getting the following message.
Fetching Obsoletes list for channel: rhel-i386-es-4...
Fetching Obsoletes list for channel: rhel-i386-es-4-extras...
Due to some DNS problems we couldn't figure out how to resolve, I decided to just go commercial and bought a Dreamhost package.
I updated the nameservers and the DNS has since propagated. At work today, starting with the fresh, new root, I installed vbulletin and started configuring my website checking my progress live.
However, I get home and I go to my URL and it's still the same as it was when my website was hosted on my friend's server. With a DNS and WHOIS check, the nameservers definately propagated correctly. The FTP contents are the way they were at work. I've cleared all my cache and private data. However I STILL see the old "revert" of what my website USED to contain.
I called up a friend to go to my website and he says it's displaying what it should and verified that it's just on my side. How can I resolve this?
I've reset my router and modem and computer and cleared every temp and cache I know about.
I have searched the whole forum for help on this but couldnt find anything.
I have postfix running on a backup mx server for a plesk box. The backup mx does a very good job of reducing spam and virus to my plesk box thanks to mailscanner.
The problem i have now is i have to manually update postfix transport and relay_recipients file everytime a new domain is created in plesk. Do any one know how i can create a custom script that will pull domain information from my plesk box and will update postfix on the backup mx server. Maybe a website with information that can help. i can always set a cron to run the postmap command to update the tables but i will need to update the respective files (transport, relay_recipients) first.
But I'm not sure how much power it actually takes to generate theses MRTG stats... The server is a Celeron D 2.8Ghz, 512Mb ATA soft raid system. Do you think that I should update the stats less frequently to decrease the server usage?
But I'm not sure how much power it actually takes to generate theses MRTG stats... The server is a Celeron D 2.8Ghz, 512Mb ATA soft raid system. Do you think that I should update the stats less frequently to decrease the server usage?
I designed one of my web services so that 'nobody' has to put commands to cron. Unfortunately this thing stops to work from time to time because "someone" is putting 'nobody' back to cron.deny file.
On a cPanel server, running RHEL 4 I got the following error (from cpanel logs) while associating an user with a DB from the cPanel admin:
Fri Apr 11 17:02:47 2008 info [Cpanel::Mysql]: Not updating privileges for user (reseller login and no password specified in ~/.my.cnf) at /usr/local/cpanel/Cpanel/Mysql.pm line 268 Cpanel::Mysql::updateprivs('Cpanel::Mysql=HASH(0xa4a8768)') called at /usr/local/cpanel/bin/mysqladmin line 88 Fri Apr 11 17:02:47 2008 info [Cpanel::Mysql]: Not updating privileges for user (reseller login and no password specified in ~/.my.cnf) at /usr/local/cpanel/Cpanel/Mysql.pm line 268
In fact, from cPanel interface all privileges are added OK, but the MySQL itself is not connecting at all due to this error.
I can't seem to solve, perhaps you could give me some pointers or tips on how to fix this.
All the cPanel stats programs (Awstats etc..) haven't been updated since the 17th June but when I login to WHM it says the stats have been updated (within the past 24 hours).
On the 17th June I moved my hosting operations from the USA to the UK onto a new webserver.
How can I make sure these statistic programs are updated and shown from cPanel, even though I can tell it to update via SSH (completes) and claims in WHM with no problems (updated with in 24 hours), the new stats still fail to appear.
I want to update to PHP5, but I want to make sure I have all the extras I need. I'm also worried that if I install PHP5 that eaccelerator will break. Will that need to be reinstalled?
Could someone walk me through this procedure? I can ask SoftLayer to upgrade PHP5, but I doubt they will touch eaccelerator.
We have change IP from NS server in Plesk.Why can we force refresh named.conf (for all domains) ? Informations stay with old IP.We can force one domain when we change an information in the DNS and we validate. But Hown can we change all domains?
Example: Old > NS server1.com (x.x.x.1) New > NS server1.com (x.x.x.2)
I have attempted to update our plesk panel 10.4.4 to 12.0.18. I left it running overnight and in the morning it is still saying "Waiting . . ." with the progress as follows - has it finished, will it ever finish . . . should I switch off and start again?
Installation started in background Determining the packages that need to be installed. File downloading PANEL-WIN_12.0.18/dist-msi-Microsoft-2003-i386/panel.msi:
My server admin already upgraded my OpenSSL to version 1.0.1m 19 Mar 2015 and he also upgraded Nginx to 1.6. I'm also running CentOS v5.11 and Plesk v11.5.
However, he tells me that he still can't get TLS 1.2 to work because he noticed that my server uses a different version of Nginx (sw-nginx), which he believes is part of Plesk. How we can get TLS 1.2 working on the Plesk copy of Nginx (sw-nginx)?
I am running OS Ubuntu 14.04.1 LTS Plesk version 12.0.18 Update #34, last updated at Feb 10, 2015 01:52 AM
I have created a few websites using plesk and i have the dns acting as the primary . This server acts as a primary nameserver for the DNS zone mywebsite.co.uk
When i add a txt record the dns is updated but it never resolves so my DKIM and SPF records are never found. I have checked my syntax for the records and all are fine. My domains are hosted by stratoservers. Is it there fault or mine. Should i change providers so i have more access to the domains dns or should plesk be doing that for me...
Last week I have updated the apache from 2.4.6 to 2.4.9 version in Win 2008, 64-bit server. There was no openSSL and update was successful. Later I did the update in QA with openSSL and again the updte was successfully completed. Apache services was running fine and everything looked nice.
When I did the same update in the prd where openSSL is also there, it failed to start the service.
steps to update the apache from 2.4.6 to 2.4.9 ---------------------------------------------- 1> stop the apache services 2> Take the backup by copying original Apache installation directory and rename it . (eg I:Program Files (x86)Apache Software FoundationApache2.2 to Apache2.2_old) 3> Unzip the latest binaries to the temp directory 4> Copy the following files apachebin , apachemodules to the Apache Inst Directory ( I:Program Files (x86)Apache Software FoundationApache2.2) 5> start the apache service ----------------------------------------------------
QA and PRD both has enabled openSSL but it was prd where we got the issue , and the apache services couldnt be started. We have had to revert the change. Find the error log in the apache directory
--------------------------
[Tue Jun 24 21:12:12.665632 2014] [ssl:emerg] [pid 3336:tid 320] AH02561: Failed to configure certificate
RGWEB58V.brotherdc.eu:443:0, check G:/Program Files (x86)/Apache Software Foundation/Apache2.2/conf/server.crt [Tue Jun 24 21:12:12.665632 2014] [ssl:emerg] [pid 3336:tid 320] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: CERTIFICATE) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile? [Tue Jun 24 21:12:12.665632 2014] [ssl:emerg] [pid 3336:tid 320] SSL Library Error: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
---------------------------------------
I read somewhere that there is bug in 2.4.9 as this version breaks the openSSL.
Also read on this forum that someone resolved the issu by changing the server certificate from DER to PEM.
