WHM locked out – cphulkd

by

cPHulk Brute Force Protection prevents malicious forces from trying to access your server’s services by guessing the login password for that service. BUT sometimes it becomes troublesome when you are accessing the cPanel with incorrect password and cPanel assuming you as attacker blocks you with below message :

—————————————————————————————
This account is currently locked out because a brute force attempt was detected. Please wait 10 minutes and try again. Attempting to login again will only increase this delay. If you frequently experience this problem, we recommend having your username changed to something less generic.
—————————————————————————————

To get out of such situation you can disable cphulkd protection :

login via ssh and disable cphulkd using the command below.

# /usr/local/cpanel/bin/cphulk_pam_ctl –disable

This should allow you to login to WHM and double check your cphulk settings.

You can view IP addresses that have been blocked via the WHM interface: WHM -> Security -> Security Center -> cPHulk Brute Force Protection in the Brutes table. On that screen, you can also customize brute force protection settings.

Flush DB will remove all blocked IPs:

WHM >>  Security Center >> cPHulk Brute Force Protection >> Click on Flush DB

Well the other way to this is to remove the IP’s blocked by cPHulk from its database .

ssh to the server login as root and type the following at the prompt

[root@server:] mysql

mysql> use cphulkd;

mysql>BACKUP TABLE  brutes TO ‘/path/to/backup/directory’;

mysql> SELECT * FROM brutes WHERE `IP`=’xxx.xxx.xxx.xxx’;

mysql> DELETE FROM brutes WHERE `IP`=’xxx.xxx.xxx.xxx’;

mysql>quit

🙂

GRUB start-up password !

by

First, boot the system with the first Linux CD, when you see boot prompt, type linux rescue to switch to rescue mode. Here, you will be asked if similar steps should be followed, which need to be followed in the installation.

At the prompt, type the next command:
# chmod /mnt/sysImage
# locate grub.conf
# nano /path/to/grub.conf (Edit the grub.conf file and remove the passwd line from the file)

cPanel email inconsistent quota !

by

If a cPanel email user quota does not match what is being reported by the system or a mail client run the following to determine how much space has been used for real:

du -hs /home/username/mail/userdomain.com/user/

then compare it with what cPanel reports for the disk usage, if they are different delete:

/home/username/mail/domain.com/user/maildirsize

finally re-login to cPanel and it should be resolved.

OpenVZ : Creating a CentOS 5.0 Template

by

Creating a CentOS 5.0 Template

1.Install a system (virtual or physical) with the default CentOS installation that you wish to package. This could be a minimal distro or the default distro or even something custom.

1. It’s generally quicker to bootstrap a CentOS system on another yum/rpm-based, or Debian based system by following the instructions in [1]

2. Once the OS has been installed, you need to tar the contents of the OS.

1. First, create a file called /tmp/exclude and add the following lines to it:

.bash_history
lost+found
/dev/*
/mnt/*
/tmp/*
/proc/*
/sys/*
/usr/src/*

1. Now, tar the OS file up by typing: tar –czvf /tmp/centos-5.0---image.tar.gz –X /tmp/exclude / where represents the system architecture (i386 or

x86_64) and represents the distribution (default, minimal, etc.).

1. Now transfer the file over to the OpenVZ server into /vz/template/cache folder.

3.On the OpenVZ server create a “dummy” container by creating a folder called /vz/private/50

and copying the /etc/vz/conf/ve-vps.basic.conf-sample to /etc/vz/conf/50.conf.
NOTE: 50 is the CTID for the container. You can choose any unused CTID on the OpenVZ server.

4.Now create a new folder called /vz/template/centos/5//config again where

represents the system architecture.

5.Create a file in the folder called rpm and add the following line:

43
6. Create a file called yum.conf in the folder and add the following lines:

[main]
cachedir=/vz/template/centos/5//yum-cache/
reposdir=/dev/null
installonlypkgs=
[centos5-base]
name=CentOS 5 - - Base
baseurl=http://mirror.centos.org/centos/5/os//
enabled=1
gpgcheck=1
[centos5-updates-released]
name=CentOS 5 - - Released Updates
baseurl=http://mirror.centos.org/centos/5/updates//
enabled=1
gpgcheck=1

7 Copy /etc/vz/dists/centos-4.conf to /etc/vz/dists/centos-5.conf.
8 Copy /vz/template/centos/4/i386/config/minimal.list to /vz/template/centos/5/i386/config/minimal.list.

9.Change to the /vz/private/50 folder and then run the command gunzip –dc /vz/template/cache/centos-5---image.tar.gz | tar –xvf – to unpack the base image to the folder.

10. Make sure you are in the /vz/private/50 folder.
11. Edit etc/shadow and remove the replace the root password with !! instead of the hashed value.
12. Edit the etc/inittab file and comment out the lines that respawn /sbin/mingetty on tty1 through tty6. Just put a # at the beginning of the line.

13.Remove the etc/mtab file and then create a symbolic link by typing ln -s /proc/mounts etc/mtab.

14. Remove all of the lines from etc/fstab except for the line that mounts /dev/pts.

15 Edit etc/rc.d/rc.sysinit and comment out the line that starts /sbin/start_udev by placing a # at the beginning of the line.

16 Now create device nodes by typing:

mknod dev/ptmx c 5 2
mkdir dev/pts
/sbin/MAKEDEV –d /vz/private/50/dev ttyp ptyp
mknod dev/null c 1 3
mknod -m 644 /dev/random c 1 8
mknod dev/urandom c 1 9

17 Create the var/lock/rpm folder.
18 If you wish to disable IPv6, do the following:

1. Edit etc/sysconfig/network and set NETWORKING_IPV6 to no.
2. Add the following lines to etc/modprobe.d/blacklist:

blacklist ipv6
blacklist net-pf-10

19 Disable any physical NICs by modifying the etc/sysconfig/network-scripts/ifcfg-ethX files (where X is the interface number starting from 0) and setting ONBOOT to no.

20 Now you’re ready to start the template. Type vzctl start 50 and wait for it to start.

21 You can install additional packages into the container by typing vzyum 50 install at the prompt where represents the name of the software package you wish to install.

22 Finally, you should turn off unnecessary services.

1. Enter the container by typing vzctl enter 50.
2. View the services that are set to run at startup by typing chkconfig –list | grep 5:on.
3. Disable any unwanted service by typing chkconfig –levels 2345 off where represents the service to disable.

Services that you can (and should) turn off without harm are acpid, apmd, kudzu, and microcode_ctl.

23 Exit the container by typing exit at the prompt.

24 Stop the container by typing vzctl stop 50.

25 Make sure you are in the /vz/private/50 folder.

26 Finally, package up the new template by typing tar –czvf /vz/template/cache/centos-5--.tar.gz ./.

27. The template is ready for use.

Source : openvz wiki

APF installation error on VPS : unable to load iptables module (ip_tables), aborting.

by

While installing APF on your VPS you get the following error :

# apf -r
apf(28442): {glob} status log not found, created
apf(28463): {glob} flushing & zeroing chain policies
apf(28463): {glob} firewall offline
apf(28500): {glob} activating firewall
apf(28551): {glob} unable to load iptables module (ip_tables), aborting.
apf(28500): {glob} firewall initalized
apf(28500): {glob} !!DEVELOPMENT MODE ENABLED!! – firewall will flush every 5 minutes.

You need to configure the APF for your VPS.

nano -w /etc/apf/conf.apf

modify
SET_MONOKERN=”0″

to
SET_MONOKERN=”1″

Restart APF

apf -r

Now you will be able to complete apf installation fine :)

Mailbox unavailable or not local error messages

by

If you receive this error when adding a domain:

<coder>Unable to send notification: mail() failed: SMTP server response: 550 Requested action not taken: mailbox unavailable or not local

then you need to add a valid mailbox to your Plesk admin setup. To resolve this issue log into Plesk and click on:

Server
Edit (under personal information)
Replace the email address with a valid, working address.

Keep in mind this error shouldn’t prohibit you from creating a site, it is just notifying you that the “site created” email will not be sent.

When I logging into the Plesk CP and creating a user or domain, this error message appears right after creation: “Internal Plesk error occurred: Unable to send notification: mail() failed:”

by

APPLIES TO:

* Plesk 7.5.4 Reloaded
* Plesk 8.x for Linux/Unix

SYMPTOMS

Additionally the following errors may be shown:

Failed to connect to mailserver

SMTP server response: 550

Empty error message from utility.

CAUSE
This error means that Plesk failed to send notification for some reasons.
RESOLUTION

First of all make sure that Plesk SMTP server functioning properly as described in 1387.

Also, check Plesk Notifications configuration on the Server->Notification page in Plesk CP. Make sure that all mail addresses notification are configured to sent to are valid and there are no empty Email fields with enabled notifications checkbox.

PhpMyAdmin :: SQLite failed to open/create session database

by

This is usually a bug in the PhpMyAdmin configuration, whenever you receive the following error when accessing PhpMyAdmin either from WHM or cPanel, follow the steps given below for a fix

Warning: session_write_close() [function.session-write-close]: open(/var/cpanel/userhomes/cpanelphpmyadmin/sessions/sess_uPSQAGVEZx2uuePd7SpsgTHJ6X7, O_RDWR) failed: No such file or directory (2) in /usr/local/cpanel/base/3rdparty/phpMyAdmin/navigation.php on line 85

Manually edit /usr/local/cpanel/3rdparty/etc/phpmyadmin/php.ini file as follow:

1)Login to shell of the server using root login details and open the file “/usr/local/cpanel/3rdparty/etc/phpmyadmin/php.ini” using vi or any other editor.

2) Search for the [Session] variable & underneath it, change the following

Replace:
——————————-
session.save_handler = sqlite
session.save_path =/var/cpanel/userhomes/cpanelphpmyadmin/sessions/phpsess.sdb
——————————-
To:
——————————-
session.save_handler = files
session.save_path = /tmp
——————————-

By default, PhpMyAdmin uses sqlite as as the file handler, but it needs to be changed to files & the location of the session files to be stored needs to be changed to /tmp which is the standard/default place to store temporary files

Authentication token lock busy

by

This usually happens when you are trying to change a password while the root filesystem (or wherever /etc is) is mounted read-only, for example when you booted up using the init trick, or in some maintenance mode (runlevel, usually).

You can mount a filesystem read-write using:

mount -o remount,rw /


(This can also be useful to remember for remounting read-only, using remount,ro, when you want to fsck a filesystem and the relevant fscker requires the filesystem being read-only)