 |
|
FREQUENTLY ASKED QUESTIONS
|
cPanel
Can I setup an email only hosting account in cPanel?
Easy. Create an account with the xmail theme. Then provide your client access to it. On the client's part, they need to modify the mail exchanger(MX) record to point to your server.
|
How can I add security to my cPanel?
There are many steps but these should be looked at for sure
Go to Server Setup =>> Tweak Settings
Check the following items...
Under Domains
Prevent users from parking/adding on common internet domains. (ie hotmail.com, aol.com)
Under Mail
Attempt to prevent POP3 connection floods
Default catch-all/default address behavior for new accounts - blackhole
(according to ELIX - set this to FAIL, which is what I am going to do to reduce server load)
Under System
Use jailshell as the default shell for all new accounts and modified accounts
Go to Server Setup =>> Tweak Security
Enable php open_basedir Protection
Enable mod_userdir Protection
Disabled Compilers for unprivileged users.
Go to Server Setup =>> Manage Wheel Group Users
Remove all users except for root and your main account from the wheel group.
Go to Server Setup =>> Shell Fork Bomb Protection
Enable Shell Fork Bomb/Memory Protection
When setting up Feature Limits for resellers in Resellers =>> Reseller Center, under Privileges always disable Allow Creation of Packages with Shell Access and enable Never allow creation of accounts with shell access; under Root Access disable All Features.
Go to Service Configuration =>> FTP Configuration
Disable Anonymous FTP
Go to Account Functions =>> Manage Shell Access
Disable Shell Access for all users (except yourself)
Go to Mysql =>> MySQL Root Password
Change root password for MySQL
Go to Security and run Quick Security Scan and Scan for Trojan Horses often. The following and similar items are not Trojans:
/sbin/depmod
/sbin/insmod
/sbin/insmod.static
/sbin/modinfo
/sbin/modprobe
/sbin/rmmod
|
How can I determine if Apache is rebuilding
Use the following command on the command line as root:
ps auxwww | grep easyapache
Easyapache is still running if you see output other than something similar to: root 22545 0.0 0.0 4192 648 pts/5 S+ 10:11 0:00 grep easyapache
|
How can I see which version of cPanel and WHM is on my server
Log into WebHost Manager (WHM) and look in the top right corner, or execute the following command from the command line as root: /usr/local/cpanel/cpanel -V
|
How can I update the version of cpanel
Using root access (we suggest Putty) run the command "/scripts/upcp". be patient as the update will take 5-10 minutes.
Using WHM, navigate to 'cPanel' -> 'Upgrade to Latest Version'
|
How do I build a new Apache version via SSH
/scripts/easyapache
|
How do I check if my cPanel license is valid
Go to the following url: http://verify.cpanel.net/?ip=__.__.__.__
|
How do I create ftp access to specific folders?
In cpanel you go to ftp accounts, click add ftp account and you will see it create a folder named after the account.
You can change the folder name all you want. It will create the folder and the user will have only ftp access to that folder. If you dont create a folder, that user will have access to the whole public_html folder.
If you want to block people from the web seeing what is in there, then either add an htaccess file or do it from cpanel.
|
How do I create multiple layered subdomains?
It's easy but it MUST be done in this order:
Step 1: create the first subdomain
dd.mydomain.com
Step 2: Create the SECOND subdomain relative to the first
co.dd.mydomain.com
Step 3: create the THIRD subdomain relative to the SECOND
parked.co.dd.mydomain.com
|
How do I remove the old catch-all email
You may want to change the default email address to ':fail:' so that un-routed email (addresses for which there is no email account) will simply be discarded.
Regarding deleting the emails currently in your default account, go to your file manager or better yet your FTP client and delete the files contained in the 'new' directory (mail/new). This will delete all emails, so it's best if you ensure that nothing important is contained within. Then check your 'cur' directory (mail/cur) and delete the contents as desired. The directories are located in your accounts root directory within the 'mail' directory.
|
How do I sync passwords in cPanel?
Through shell run "/scripts/ftpupdate"
|
I am denied access to PHPMyAdmin
You can resolve this by resetting the MySQL root password to the Primary root password.
|
On my VPS should I use VPS Optimized?
cPanel VPS Optimized is a new version of cPanel / WHM specifically designed to run on Virtual Private Servers.
cPanel VPS Optimized provides the feature rich functionality of cPanel / WHM while reducing memory usage by up to 60% on VPS instances.
|
What if my cPanel license stops working
Sometimes you need to restart the license through SSH. Run command: /usr/local/cpanel/cpkeyclt
|
What Shell command do I use to stop an update process from running
--force
|
What url (website address) do I use to access my cPanel
Go to http://yourdomain:2082
Example: http://mydomain.com:2082
Enter your User Name & Password as assigned
|
Hosting
Can I get my own IP Address even on a Shared server
Sure. All Barak Hosting clients can be on a Dedicated IP Address, no matter what platform of hosting they are on, including Shared.
|
RAID
What is a RAID array
Arrays are devices that combine multiple physical disks into a single logical volume. RAID, or Redundant Array of Inexpensive (or Independent) Disks, is a method of combining multiple disks for data redundancy in case of a disk failure.
|
Virtuozzo
Can you provide some common Virtuozzo formulas
Guaranteed memory = barrier of vmguarpages / 1024 * 4
Burstable memory = privvmpages / 1024 x 4
Current Memory Usage= physpages held value /1024 * 4
Current Usage (RAM + SWAP)= oomguarpages held value /1024 * 4
Disk Inodes = Number of total disk inodes. Essentially this is a total number of files and directories which can be created.
Disk Space = Total size of disk space
Numproc = Number of Processes a vps can run
Numpitent = Number of firewall rules the vps may contain
|
How do I restart vzagent service inside a Virtual Environment?
Run the following command: vzagent_ctl restart
|
How do I update Virtuozzo
Through Shell (SSH) run the following command "vzup2date"
|
I installed CSF Firewall on my VE and lost access to the domain
Find the CSF firewall installed on the node. Disable it from starting automatically ("chkconfig csf off") and manually stop it ("service csf stop").
If cPanel is automatically restarting CSF, short circuit this by renaming /usr/sbin/csf to /usr/sbin/csf.back
cPanel will restart the process via a startup script. If you run it with the "-x" switch it disables it, so run /usr/sbin/csf.back -x and it will stop and disable it.
|
Barak Flip Online Magazine
What specs do I need for the magazine full page
400W x 518H @ 300dpi will result in the best view of the Barak Flip Online Magazine
|
Word Press
How do I upload Manual Wordpress
1. Create a database
2. Create a database user
3. Add the user to the database
4. Download the word press archive to your PC
5. Uncompress the archive
6. Edit the wp-config.php file to match your database settings
7. Upload the archive to your web space
8. Navigate to the installation file
9. Done
|
Security
How can I install BFD (Brute Force Detection)
To install BFD, SSH into server and login as root.
At command prompt type:
cd /root/
wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz
tar -xvzf bfd-current.tar.gz
cd bfd-0.4
./install.sh
After BFD has been installed, you need to edit the configuration file.
At command prompt type:
pico /usr/local/bfd/conf.bfd
Under Enable brute force hack attempt alerts:
Find
ALERT_USR="0"
and change it to
ALERT_USR="1"
Find
EMAIL_USR="root"
and change it to
EMAIL_USR="your@email.com"
Save the changes then exit.
To start BFD
At command prompt type:
/usr/local/sbin/bfd -s
Modify LogWatch
Logwatch is a customizable log analysis system. It parses through your system's logs for a given period of time and creates a report analyzing areas that you specify, in as much detail as you require. Logwatch is already installed on most CPanel servers.
To modify LogWatch, SSH into server and login as root.
At command prompt type:
pico -w /etc/log.d/conf/logwatch.conf
Scroll down to
MailTo = root
and change to
Mailto = your@email.com
Note: Set the e-mail address to an offsite account incase you get hacked.
Now scroll down to
Detail = Low
Change that to Medium, or High...
Detail = 5 or Detail = 10
Note: High will give you more detailed logs with all actions.
Save and exit.
A number of suggestions to improve system security. Some of this is specific to CPanel, but much can be applied to most Linux systems.
--------------------------------------------------
Use The Latest Software
Keep the OS and 3rd party software up to date. Always!
CPanel itself can be updated from the root WHM.
--------------------------------------------------
Change Passwords
Change the root passwords at least once a month and try to make them hard to guess. Yes it's a pain to have to keep remembering them, but it's better than being hacked.
--------------------------------------------------
Set Up A More Secure SSH Environment As described here.
--------------------------------------------------
Disable Telnet
1. Type: pico -w /etc/xinetd.d/telnet
2. Change the disable = no line to disable = yes.
3. Hit CTRL+X press y and then enter to save the file.
4. Restart xinted with: /etc/rc.d/init.d/xinetd restart
Also, add the following line to /etc/deny.hosts to flag Telnet access attempts as 'emergency' messages.
in.telnetd : ALL : severity emerg
--------------------------------------------------
Disable Unnecessary Ports (optional)
First backup the file that contains your list of ports with:
cp /etc/services /etc/services.original
Now configure /etc/services so that it only has the ports you need in it. This will match the ports enabled in your firewall.
On a typical CPanel system it would look something like this:
tcpmux 1/tcp # TCP port service multiplexer
echo 7/tcp
echo 7/udp
ftp-data 20/tcp
ftp 21/tcp
ssh 22/tcp # SSH Remote Login Protocol
smtp 25/tcp mail
domain 53/tcp # name-domain server
domain 53/udp
http 80/tcp www www-http # WorldWideWeb HTTP
pop3 110/tcp pop-3 # POP version 3
imap 143/tcp imap2 # Interim Mail Access Proto v2
https 443/tcp # MCom
smtps 465/tcp # SMTP over SSL (TLS)
syslog 514/udp
rndc 953/tcp # rndc control sockets (BIND 9)
rndc 953/udp # rndc control sockets (BIND 9)
imaps 993/tcp # IMAP over SSL
pop3s 995/tcp # POP-3 over SSL
cpanel 2082/tcp
cpanels 2083/tcp
whm 2086/tcp
whms 2087/tcp
webmail 2095/tcp
webmails 2096/tcp
mysql 3306/tcp # MySQL
?>
Additional ports are controlled by /etc/rpc. These aren't generally needed, so get shot of that file with: mv /etc/rpc /etc/rpc-moved
--------------------------------------------------
Watch The Logs
Install something like logwatch to keep an eye on your system logs. This will extract anything 'interesting' from the logs and e-mail to you on a daily basis.
Logwatch can be found at: http://www.logwatch.org
Install instructions here.
--------------------------------------------------
Avoid CPanel Demo Mode
Switch it off via WHM Account Functions => Disable or Enable Demo Mode.
--------------------------------------------------
Jail All Users
Via WHM Account Functions => Manage Shell Access => Jail All Users.
Better still never allow shell access to anyone - no exceptions.
--------------------------------------------------
Immediate Notification Of Specific Attackers
If you need immediate notification of a specific attacker (TCPWrapped services only), add the following to /etc/hosts.deny
ALL : nnn.nnn.nnn.nnn : spawn /bin/ 'date' %c %d | mail -s"Access attempt by nnn.nnn.nnn.nnn on for hostname" notify@mydomain.com
Replacing nnn.nnn.nnn.nnn with the attacker's IP address.
Replacing hostname with your hostname.
Replacing notify@mydomain.com with your e-mail address.
This will deny access to the attacker and e-mail the sysadmin about the access attempt.
--------------------------------------------------
Check Open Ports
From time to time it's worth checking which ports are open to the outside world. This can be done with:
nmap -sT -O localhost
If nmap isn't installed, it can be selected from root WHM's Install an RPM option.
--------------------------------------------------
Set The MySQL Root Password
This can be done in CPanel from the root WHM Server Setup -> Set MySQL Root Password.
Make it different to your root password!
--------------------------------------------------
Tweak Security (CPanel)
From the root WHM, Server Setup -> Tweak Security, you will most likely want to enable:
- php open_basedir Tweak.
- SMTP tweak.
You may want to enable:
- mod_userdir Tweak. But that will disable domain preview.
--------------------------------------------------
Use SuExec (CPanel)
From root WHM, Server Setup -> Enable/Disable SuExec. This is CPanel's decription of what it does:
"suexec allows cgi scripts to run with the user's id. It will also make it easier to track which user has sent out an email. If suexec is not enabled, all cgi scripts will run as nobody. "
Even if you don't use phpsuexec (which often causes more problems), SuExec should be considered.
--------------------------------------------------
Use PHPSuExec (CPanel)
This needs to built into Apache (Software -> Update Apache from the root WHM) and does the same as SuExec but for PHP scripts.
Wisth PHPSuExec enabled, you users will have to make sure that all their PHP files have permissions no greater than 0755 and that their htaccess files contain no PHP directives.
--------------------------------------------------
Disable Compilers
This will prevent hackers from compiling worms, root kits and the like on your machine.
To disable them, do the following:
chmod 000 /usr/bin/perlcc
chmod 000 /usr/bin/byacc
chmod 000 /usr/bin/yacc
chmod 000 /usr/bin/bcc
chmod 000 /usr/bin/kgcc
chmod 000 /usr/bin/cc
chmod 000 /usr/bin/gcc
chmod 000 /usr/bin/i386*cc
chmod 000 /usr/bin/*c++
chmod 000 /usr/bin/*g++
chmod 000 /usr/lib/bcc /usr/lib/bcc/bcc-cc1
chmod 000 /usr/i386-glibc21-linux/lib/gcc-lib/i386-redhat-linux/2.96/cc1
You will need to enable them again when you need to perform system updates. To do this, run:
chmod 755 /usr/bin/perlcc
chmod 755 /usr/bin/byacc
chmod 755 /usr/bin/yacc
chmod 755 /usr/bin/bcc
chmod 755 /usr/bin/kgcc
chmod 755 /usr/bin/cc
chmod 755 /usr/bin/gcc
chmod 755 /usr/bin/i386*cc
chmod 755 /usr/bin/*c++
chmod 755 /usr/bin/*g++
chmod 755 /usr/lib/bcc /usr/lib/bcc/bcc-cc1
chmod 755 /usr/i386-glibc21-linux/lib/gcc-lib/i386-redhat-linux/2.96/cc1
--------------------------------------------------
Obfuscate The Apache Version Number
1. Type: pico /etc/httpd/conf/httpd.conf
2. Change the line that begins ServerSignature to:
ServerSignature Off
3. Add a line underneath that which reads:
ServerTokens ProductOnly
4. Hit CTRL+X, they y, the enter to save the file.
5. Restart Apache with: /etc/rc.d/init.d/httpd restart
--------------------
COMMON COMMANDS I USE
System Information
who
List the users logged in on the machine. --
rwho -a
List all users logged in on your network. The rwho service must be enabled for this command to work.
finger user_name
System info about a user. Try: finger root last. This lists the users last logged-in on your system.
history | more
Show the last (1000 or so) commands executed from the command line on the current account. The | more causes the display to stop after each screen fill.
pwd
Print working directory, i.e. display the name of your current directory on the screen.
hostname
Print the name of the local host (the machine on which you are working).
whoami
Print your login name.
id username
Print user id (uid) and his/her group id (gid), effective id (if different than the real id) and the supplementary groups.
date
Print or change the operating system date and time. E.g., change the date and time to 2000-12-31 23:57 using this command
date 123123572000
To set the hardware clock from the system clock, use the command (as root)
setclock
time
Determine the amount of time that it takes for a process to complete+ other info. Don’t confuse it with date command. For e.g. we can find out how long it takes to display a directory content using time ls
uptime
Amount of time since the last reboot
ps
List the processes that are have been run by the current user.
ps aux | more
List all the processes currently running, even those without the controlling terminal, together with the name of the user that owns each process.
top
Keep listing the currently running processes, sorted by cpu usage (top users first).
uname -a
Info on your server.
free
Memory info (in kilobytes).
df -h
Print disk info about all the file systems in a human-readable form.
du / -bh | more
Print detailed disk usage for each subdirectory starting at root (in a human readable form).
lsmod
(as root. Use /sbin/lsmod to execute this command when you are a non-root user.) Show the kernel modules currently loaded.
set|more
Show the current user environment.
echo $PATH
Show the content of the environment variable PATH. This command can be used to show other environment variables as well. Use set to see the full environment.
dmesg | less
Print kernel messages (the current content of the so-called kernel ring buffer). Press q to quit less. Use less /var/log/dmesg to see what dmesg dumped into the file right after bootup. - only works on dedciated systems
Commands for Process control
ps
Display the list of currently running processes with their process IDs (PID) numbers. Use ps aux to see all processes currently running on your system (also those of other users or without a controlling terminal),
each with the name of the owner. Use top to keep listing the processes currently running.
fg
PID Bring a background or stopped process to the foreground.
bg
PID Send the process to the background. This is the opposite of fg. The same can be accomplished with Ctrl z
any_command &
Run any command in the background (the symbol ‘&’ means run the command in the background?).
kill PID
Force a process shutdown. First determine the PID of the process to kill using ps.
killall -9 program_name
Kill program(s) by name.
xkill
(in an xwindow terminal) Kill a GUI-based program with mouse. (Point with your mouse cursor at the window of the process you want to kill and click.)
lpc
(as root) Check and control the printer(s). Type ??? to see the list of available commands.
lpq
Show the content of the printer queue.
lprm job_number
Remove a printing job job_number from the queue.
nice program_name
Run program_name adjusting its priority. Since the priority is not specified in this example, it will be adjusted by 10 (the process will run slower), from the default value (usually 0). The lower the number (of niceness to other users on the system), the higher the priority. The priority value may be in the range -20 to 19. Only root may specify negative values. Use top to display the priorities of the running processes.
renice -1 PID
(as root) Change the priority of a running process to -1. Normal users can only adjust processes they own, and only up from the current value (make them run slower).
Optimizing your VPS server (help it run more efficiently)
|
What can I do via Shell (SSH) for even greater security?
These are measures that can be taken to secure your server, with SSH access.
Update OS, Apache and cPanel to the latest stable versions.
This can be done from WHM/cPanel.
Restrict SSH Access
To restrict and secure SSH access, bind sshd to a single IP that is different than the main IP to the server, and on a different port than port 22.
SSH into server and login as root.
Note: You can download Putty by Clicking Here (http://www.chiark.greenend.org.uk/~s.../download.html). It's a clean running application that will not require installation on Windows-boxes.
At command prompt type:
pico /etc/ssh/sshd_config
Scroll down to the section of the file that looks like this:
#Port 22
#Protocol 2, 1
#ListenAddress 0.0.0.0
#ListenAddress ::
Uncomment and change
#Port 22
to look like
Port 5678 (choose your own 4 to 5 digit port number (49151 is the highest port number AND do not use 5678 lol )
Uncomment and change
#Protocol 2, 1
to look like
Protocol 2
Uncomment and change
#ListenAddress 0.0.0.0
to look like
ListenAddress 123.123.123.15 (use one of your own IP Addresses that has been assigned to your server)
Note 1: If you would like to disable direct Root Login, scroll down until you find
#PermitRootLogin yes
and uncomment it and make it look like
PermitRootLogin no
Save by pressing Ctrl o on your keyboard, and then exit by pressing Ctrl x on your keyboard.
Note 2: You can also create a custom nameserver specifically for your new SSH IP address. Just create one called something like ssh.xyz.com or whatever. Be sure to add an A address to your zone file for the new nameserver.
Now restart SSH
At command prompt type:
/etc/rc.d/init.d/sshd restart
Exit out of SSH, and then re-login to SSH using the new IP or nameserver, and the new port.
Note: If you should have any problems, just Telnet into your server, fix the problem, then SSH in again. Telnet is a very unsecure protocol, so change your root password after you use it.
After SSH has been redirected, disable telnet.
Disable Telnet
To disable telnet, SSH into server and login as root.
At command prompt type: pico -w /etc/xinetd.d/telnet
change disable = no to disable = yes
Save and Exit
At command prompt type: /etc/init.d/xinetd restart
Disable Shell Accounts
To disable any shell accounts hosted on your server SSH into server and login as root.
At command prompt type: locate shell.php
Also check for:
locate irc
locate eggdrop
locate bnc
locate BNC
locate ptlink
locate BitchX
locate guardservices
locate psyBNC
locate .rhosts
Note: There will be several listings that will be OS/cPanel related. Examples are
/home/cpapachebuild/buildapache/php-4.3.1/ext/ircg
/usr/local/cpanel/etc/sym/eggdrop.sym
/usr/local/cpanel/etc/sym/bnc.sym
/usr/local/cpanel/etc/sym/psyBNC.sym
/usr/local/cpanel/etc/sym/ptlink.sym
/usr/lib/libncurses.so
/usr/lib/libncurses.a
etc.
Disable identification output for Apache
(do this to hide version numbers from potential hackers)
To disable the version output for proftp, SSH into server and login as root.
At command prompt type: pico /etc/httpd/conf/httpd.conf
Scroll (way) down and change the following line to
ServerSignature Off
Restart Apache
At command prompt type: /etc/rc.d/init.d/httpd restart
|
Domains
Can I renew a domain name before the registration is up?
Yes. You can renew your domain name anytime after the initial 60-day waiting period during its term of registration. The maximum number of years a domain may be registered is TEN.
|
How much does it cost to renew a domain?
The cost to renew a domain is $12.95 per year for standard domains (.com, .net, .org, .us, .biz, info).
|
My domain name has expired, can I still renew it?
Once a domain name expires, there is a renewal grace period, during which the domain name may still be renewed. For .com, .net, .org, .info, .biz, .us, and .name, it is 30 days.
For .com, .net, .org, .info, .biz, and .us, there is a Redemption Grace Period (RGP) after the renewal grace period. During this 30-day RGP, domain names can be restored. Restore fee is higher than renewal fee. Please contact support@BarakHosting.com for information.
After RGP, the expired domain name can not be renewed/restored.
|
What type of payment methods are accepted for domain renewal?
We accept Visa, MasterCard & PayPal
|
Will Barak Hosting remind me when my domain name needs to be renewed?
Yes, we will let you know 60 days before the expiration date.
|
SSL Certificates
What type of SSL Certificate do I need for cpanel running Apache?
"mod_ssl" is the apache module which gets built using openssl libraries to enable the ssl functionality. All certificates should be built for mod_ssl.
|
| |
|
| |
|
|