LinuxBabu ………..

Click on the “Show/Edit Reserved IPs” link under “IP Functions”. Check the box of the ip you want to reserve and add a short comment to the Reason section. This ip will no longer be used to setup accounts via WHM/Cpanel.

How to downgrade from apache 2 back to apache 1.3

If you need to go back to apache 1.3 after installing apache 2, you’ll need to do the following: 1) Restore the old httpd.conf file: cp -f /etc/httpd/conf/httpd.conf.1.3.backup /etc/httpd/conf/httpd.conf 2) Get DirectAdmin to use the old httpd.conf files for the users. Edit the /usr/local/directadmin/conf/directadmin.conf file and change apache_ver=2.0 to apache_ver=1.3. Also, if you were using custombuild, and are going back to customapache, the apache_conf value needs to be reset to: apacheconf=/etc/httpd/conf/httpd.conf Then type echo “action=rewrite&value=ips” >> /usr/local/directadmin/data/task.queue echo “action=rewrite&value=httpd” >> /usr/local/directadmin/data/task.queue echo “action=directadmin&value=restart” >> /usr/local/directadmin/data/task.queue 3) Now you can recompile apache 1.3 rm -f /usr/lib/apache/* cd /usr/local/directadmin/customapache ./build clean ./build all 4) Fix the modules link: cd /etc/httpd rm -f modules ln -s /usr/lib/apache modules 5) Restore the old boot script: FreeBSD: cp -f /usr/local/directadmin/customapache/httpd_freebsd /usr/local/etc/rc.d/httpd chmod 755 /usr/local/etc/rc.d/httpd /usr/local/etc/rc.d/httpd restart RedHat: cp -f /usr/local/directadmin/customapache/httpd /etc/init.d/httpd chmod 755 /etc/init.d/httpd /etc/init.d/httpd restart

There are two ways to update your Apache version on cpanel.

The first is from within WHM. Underneath the “Software” section in the menubar is “Apache Update.” Click this link and then follow the on screen directions.

The second option is from the command line. Run “/scripts/easyapache”, which will provide an update interface including a few more options than WHM.

It is highly recommended that you create a backup of your Apache configuration before preforming an update to a newer version.

I have an ip address attacking my server or taking up all my httpd connections so none of my sites work.

In order to correct this you will want to use the netstat -n command to see the ip addresses connected to your server. Once you have the ip address you want to block you can use the following command to block them from accessing your server using iptables

iptables -I INPUT 1 -s IP.ADD.RES.SS -j DROP

-I INPUT 1 means to insert the rule at the top of the INPUT table (which means it will get looked at first)

-s IP.ADD.RES.SS is the source address of the packets we want to deal with

-j DROP means dump the packets into the void, and forget they ever happened.

Log into WHM and click on “Service Manager” under the Service Configuration grouping. Put a checkmark next to “exim on another port” (the default is port 26) then click “Save”.

This means that the cgi script did not execute properly. There are several causes that can generate this error so a few things would need to be checked.

1) check the /var/log/httpd/suexec_log. It contains any errors that would be as a result of not having correct permissions on the file. The file needs to be in a cgi-bin and must have the owner/group as the username who owns the site. If it’s owned by anyone else, it will not run. Also, the script must have execute permission. The most common chmod permission is 755. Go through all directories from the public_html down to the directory the script is in, and make sure they’re all set to 755 (public_html can be 750 *only* if it has a group of apache).

If the suexec_log only shows the script being run, then the cause may be with the script code itself. The easiest way to figure out script coding problems is to first run the script manually from an ssh prompt.

cd /home/username/domains/domain.com/public_html/cgi-bin
./script.cgi

One common error is to use an incorrect interpreter. The 2 most common interpreters are:

#!/usr/bin/perl

and

#!/usr/local/bin/php

This code must appear on the first line of the script. Somtimes a file is uploaded in windows format so the trailing newline (return) character is formed incorrectly and the file would need to be reuploaded in a different format.

Other errors that would be generated when running the script manually from ssh would be missing perl modules, in which case you’ll need to install them yourself. Cpan is the easiest method to install new perl modules, eg:

perl -e shell -MCPAN
install Bundle::DBD::mysql

Change the IP exim uses to send mail – bypass sorbs (or other useless blacklists)

On shared hosting server’s you’ll probably find yourself blocked by other mail providers because of high mail volume or one of your users spamming. To change your exim IP for outgoing mail, you can edit your /etc/exim.conf file and locate this section:

remote_smtp:
driver = smtp

And below this add:

interface – xxx.xxx.xxx.xxx

Replace the x’s with the backup mail IP. Note that the backup mail IP needs to be added to the server, and should have a valid PTR and A-record.

Note:  On newer versions of cPanel where domainkeys are installed, you will need to add another interface line:

dk_remote_smtp:
driver = smtp
dk_private_key = “/var/cpanel/domain_keys/private/${dk_domain}”
dk_canon = nofws
dk_selector = default
interface = xxx.xxx.xxx.xxx

Now restart exim.

Note: If there is an exim update when you upgrade your cpanel server you will need to re-enter the interface again.

There are several ways to accomplish this task, but the simplest to understand is to use php.

To do this, you need to create the page that will do the forwarding. This can be any page, as long as it ends in “.php”. If you are trying to redirect a domain, you’d create “index.php” inside the public_html directory.

Once you decide which page you will use, then create the file and enter the following text:

<?php
header(“Location: http://whereyouwant.com/to/go.html“);
?>

Where http://whereyouwant.com/to/go.html is the location that you want the page to forward to. You can use local values, ie: /page.html, or full urls as in the above example (http://..etc.)

Showing files in a directory

If you want to list all files in a directory that doesn’t use an index.html (or index.php) file, you can create an .htaccess file with the following contents: Options +Indexes This will tell apache that you want to list all files in the directory.

Running a WHM like Cpanel can sure make hosting easy, but unfortunately running a WHM often makes your server much less secure than it was before!

We do not guaranty that the following steps will make your server hack proof, but it will greatly reduce your chances of compromise. Also note that Layered Technologies does not manage your server and if you do not feel comfortable making system level changes to your server we recommend you open a level2 support ticket (for a fee) or hire a third party sysadmin service to help you.

Basic Steps to Securing CPanel (Linux based OS):

These are items inside of WHM/Cpanel that should be changed to secure your server.

Goto Server Setup =>> Tweak Settings

Check the following items…

Under Domains
Prevent users from parking/adding on common internet domains. (ie hotmail.com, aol.com)

Under Mail
Attempt to prevent pop3 connection floods
Default catch-all/default address behavior for new accounts – blackhole

Under System
Use jailshell as the default shell for all new accounts and modified accounts

Goto Server Setup =>> Tweak Security
Enable php open_basedir Protection
Enable mod_userdir Protection
Disabled Compilers for unprivileged users.

Goto Server Setup =>> Manage Wheel Group Users
Remove all users except for root and your main account from the wheel group.

Goto Server Setup =>> Shell Fork Bomb Protection
Enable Shell Fork Bomb/Memory Protection

When setting up Feature Limits for resellers in Resellers =>> Reseller Center, under Privileges always disable Allow Creation of Packages with Shell Access and enable Never allow creation of accounts with shell access; under Root Access disable All Features.

Goto Service Configuration =>> FTP Configuration
Disable Anonymous FTP

Goto Account Functions =>> Manage Shell Access
Disable Shell Access for all users (except yourself)

Goto Mysql =>> MySQL Root Password
Change root password for MySQL

Goto Security and run Quick Security Scan and Scan for Trojan Horses often. The following and similar items are not Trojans:
/sbin/depmod
/sbin/insmod
/sbin/insmod.static
/sbin/modinfo
/sbin/modprobe
/sbin/rmmod

These are measures that can be taken to secure your server, with SSH access.

Udate OS, Apache and CPanel to the latest stable versions.

This can be done from WHM/CPanel.

Restrict SSH Access

To restrict and secure SSH access, bind sshd to a single IP that is different than the main IP to the server, and on a different port than port 22.

SSH into server and login as root.

Note: You can download Putty by Clicking Here. It’s a clean running application that will not require installation on Windows-boxes.

At command prompt type: pico /etc/ssh/sshd_config

Scroll down to the section of the file that looks like this:
Code:

#Port 22
#Protocol 2, 1
#ListenAddress 0.0.0.0
#ListenAddress ::

Uncomment and change

#Port 22

to look like

Port 5678 (choose your own 4 to 5 digit port number (49151 is the highest port number)

Uncomment and change

#Protocol 2, 1

to look like

Protocol 2

Uncomment and change

#ListenAddress 0.0.0.0

to look like

ListenAddress 123.123.123.15 (use one of your own IP Addresses that has been assigned to your server)

Note 1: If you would like to disable direct Root Login, scroll down until you find

#PermitRootLogin yes

and uncomment it and make it look like

PermitRootLogin no

Save by pressing Ctrl o on your keyboard, and then exit by pressing Ctrl x on your keyboard.

Now restart SSH

At command prompt type: /etc/rc.d/init.d/sshd restart

Exit out of SSH, and then re-login to SSH using the new IP or nameserver, and the new port.

Disable Telnet

To disable telnet, SSH into server and login as root.

At command prompt type: pico -w /etc/xinetd.d/telnet

change disable = no to disable = yes

Save and Exit

At command prompt type: /etc/init.d/xinetd restart

Server e-mail everytime someone logs in as root

To have the server e-mail you everytime someone logs in as root, SSH into server and login as root.

At command prompt type: pico .bash_profile

Scroll down to the end of the file and add the following line:

echo ‘ALERT – Root Shell Access on:’ `date` `who` | mail -s “Alert: Root Access from `who | awk ‘{print $6}’`” your@email.com

Save and exit.

Set an SSH Legal Message

To an SSH legal message, SSH into server and login as root.

At command prompt type: pico /etc/motd

Enter your message, save and exit.

Note: I use the following message…
Code:

ALERT! You are entering a secured area! Your IP and login information
have been recorded. System administration has been notified.

This system is restricted to authorized access only. All activities on
this system are recorded and logged. Unauthorized access will be fully
investigated and reported to the appropriate law enforcement agencies.

Now everytime someone logs in, they will see this message… go ahead a try it.

Disable Shell Accounts

To disable any shell accounts hosted on your server SSH into server and login as root.

At command prompt type: locate shell.php

Also check for:

locate irc
locate eggdrop
locate bnc
locate BNC
locate ptlink
locate BitchX
locate guardservices
locate psyBNC
locate .rhosts

Note: There will be several listings that will be OS/CPanel related. Examples are

/home/cpapachebuild/buildapache/php-4.3.1/ext/ircg
/usr/local/cpanel/etc/sym/eggdrop.sym
/usr/local/cpanel/etc/sym/bnc.sym
/usr/local/cpanel/etc/sym/psyBNC.sym
/usr/local/cpanel/etc/sym/ptlink.sym
/usr/lib/libncurses.so
/usr/lib/libncurses.a
etc.

Disable identification output for Apache

To disable the version output for proftp, SSH into server and login as root.

At command prompt type: pico /etc/httpd/conf/httpd.conf

Scroll (way) down and change the following line to

ServerSignature Off

Restart Apache

At command prompt type: /etc/rc.d/init.d/httpd restart

These are applications that will help to secure your server.

Install chkrootkit

To install chrootkit, SSH into server and login as root.

At command prompt type: cd /root/

At command prompt type: wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

At command prompt type: tar xvzf chkrootkit.tar.gz

At command prompt type: cd chkrootkit-0.44

At command prompt type: make sense

To run chkrootkit

At command prompt type: /root/chkrootkit-0.44/chkrootkit

Make sure you run it on a regular basis, perhaps including it in a cron job.