NB: Please replace the [email protected] with your actual email address – and change the last part of the command to theuser directory you need to scan.
To use this command:
1) Open an SSH/putty session to your server
2) Login as root
3) type in and hit enter: freshclam
4) type in: screen -S Scan
5) copy and paste (right mouse in putty) the above command (but with your email address)
RoundCube is a client based on Web IMAP and that is very easy to install & configure. RoundCube is open-source and free software that is subject to General Public License that except plugins and skins. The main feature of Roundcube is that all data are stored in the database and it does have the interface of the desktop. RoundCube has the well-known feature of the prevalent usage of Ajax technology.
Occasionally we might receive an error message, whenever RoundCube webmail tries to connect with its database. And the error occurs in cPanel server like “database error failed, unable to connect to the database. Please contact your server-administrator”.One of the main reasons for such an error is that the mailbox could have been getting corrected.
Here in this section, we are going to show how to overcome RoundCube database errors and how to fix the issues as well.
Fixing Database Error – RoundCube Webmail:
It is always advisable to check the database, server status and assure it is running and active. We can use various methods to resolve the problems. They are as follows,
Method 1: Restoring with the previous version of the mailbox database is one of the recommended and easiest ways to solve the issues.
Below mentioned the process to fix and restore the previous version of the mailbox database:
Either go to the folder of cPanel ‘/home/<cpanel_user>/etc/<domain>/’ and change the name of the file from <email_user>.rcube.db to <email_user>.rcube.db.bakor moving it out of that folder.
Change the name of the file from<email_user>.rcube.db.<number_stamp> (make use of the most recent copy based on the timestamp) to <email_user>.rcube.db.And now here we go, try to access your RoundCube.
Method 2: Another method of fixing an issue without restoring the previous settings is to restart the RoundCube from the beginning.
The following procedure shows how to fix this issue:
Either change the name of the file from <email_user>.rcube.db to <email_user>.rcube.db.bak or moving it out of that folder.
And now you can try to access the RoundCube again.
Normally for database storage like contacts, information, and other details, RoundCube makes use of SQLite or MySQL. Due to this, it is mandatory to RoundCube needs to be connected to its database in order to pick up the information. And in case of failure on the database connectivity may cause a “database error connection failed” error message displayed in the cPanel server. Using the different methods mentioned above we can overcome these kinds of issues.
Clients are getting so many emails regarding all LFD alerts, “so if they wish to disable the alert please follow the below steps.
Steps to disable all LFD email Alerts.
1) Login to WHM.
2) Navigate to “ConfigServer Security & Firewall” under “Plugin” section. 3) Click on “Firewall Configuration” button to edit the CSF configuration file. 4) Search for “LF_EMAIL_ALERT” on the configuration file and change it from “On” to “Off” button. 5) Click on “Change” button to save the changes.
We need to restart csf and lfd services to enable all changes that we made in the above steps. So click on “Restart csf+lfd” button to restart both the services.
In order to enable/disable any of these plugins, you need to add/remove each plugin’s name to/from Roundcube’s configuration file. Here is how it’s done: (For demonstration we will enable the “password” plugin)
1- Open the main config file:
vi /usr/local/cpanel/base/3rdparty/roundcube/config/config.inc.php
Sometimes you may get login invalid error while trying to login to your cPanel account. But the username and password that you are entering is correct. This will happen because of your IP address is blocked by cphulkd for BruteForce.
What is cPHulk ?
cPhulk is a similar feature like Firewall, with cphulk cPanel will give you and extra measure of protection from attacks like bruteforce. Suppose someone is trying to compromise your server using random failed logins
So from the above description you can see that this is an important feature of cPanel/WHM so disabling this feature will not be a good idea, instead you can white-list your IP address on the BruteForce protection. So it will allow connections from your IP address.
You can see the errors related to blocked connections by cphulkd for BruteForce from the cPanel error log itself,
/usr/local/cpanel/logs/error_log
And the error will be like pasted below,
main::badpass('faillog', 'brute force attempt (user iserversupport) has locked out IP xxx.xxx.xxx.xx...', 'skip_hulk', 1, 'msg_code', 'invalid_login') called at cpsrvd-ssl line 5790
main::connect_cphulkd() called at cpsrvd-ssl line 5255
main::handle_form_login() called at cpsrvd-ssl line 1131
main::handle_one_connection() called at cpsrvd-ssl line 996
You can simply white-list the IP address on cphulkd by using the following script,
/scripts/cphulkdwhitelist
This script can be used along with the IP address that you need to white-list. See the sample command below,
CPanel Web host management software provides an intuitive interface for managing a website server. When running complex scripts on the server, you may occasionally need to stop a process from running to prevent a server crash. You can either stop all processes that a certain user is running, or you can stop a specific process by selecting it from a list of live processes.
Step 1
Type he server IP address followed by a colon and 2087 or follow your hosting server company or co-location center’s directions for accessing CPanel. Enter the administrator user name and password in the text fields when the CPanel login screen appears.
Step 2
Click System Health on the CPanel WHM home page; if you do not see the icon on your home screen, then locate System Health on the left sidebar menu.
Step 3
Click Process Manager and wait for the list of processes to appear.
Step 4
Kill all user processes by selecting the name from the Kill All Processes By User drop-down menu.
Step 5
Check the list of processes to see which processes might be using an inordinate amount of CPU resources or memory; the percentage of each is listed in the CPU and Memory columns for each process.
Step 6
Kill any individual processes by clicking the Kill prompt next to its process identification or PID number.
Step 7
Click the Back prompt that appears after the message “Killed (PID number)” to return to the list of processes. Kill additional processes as necessary.
Step 8
Test your server to make sure it works correctly. Restart the server if necessary.
Maldet is a malware detector and scanner for Linux based servers a project designed by R-fx networks project. It can be installed on shared hosting servers like cPanel WHM and linux plesk servers which works along with Clamav tool.
1. Download & Install Maldet –
cd /usr/local/src wget http://www.rfxn.com/downloads/maldetect-current.tar.gz tar -xzvf maldetect-current.tar.gz
2. Go to the maldetect directory and run the installer script ‘install.sh’ as root:
cd maldetect-1.5 ./install.sh
3. Next, make a symlink to the maldet command in the /bin/ directory.
We will use the ClamAV clamscan binary as default scan engine because it provides a high-performance scan on large file sets. If its not installed you can install it using ( yum -y install clamav clamav-devel ) then update using ( freshclam ) command.
7. Change value to ‘1’ on line 114 – scan_clamscan=”1″
8. Next, enable quarantining to move malware to the quarantine automatically during the scan process. Change value to ‘1’ on line 180 – quarantine_hits=”1″
9. Change value to 1 on line 185 to enable clean based malware injections – quarantine_clean=”1″
10. Save and exit.
Use Real-Time Monitoring with Maldet for active monitoring.
The inotify monitoring feature is designed to monitor paths/users in real-time for file creation/modify/move operations. This option requires a kernel that supports inotify_watch (CONFIG_INOTIFY) which is found in kernels 2.6.13+ and CentOS/RHEL 5 by default.
There are three modes that the monitor can be executed with and they relate to what will be monitored, they are USERS|PATHS|FILES. e.g: maldet –monitor users e.g: maldet –monitor /root/monitor_paths e.g: maldet –monitor /home/mike,/home/ashton
Only find PHP files on an account
maldet –include-regex “.*.php$” -a /home/pronyxco/public_html
Full account maldet –include-regex “.*.php$” -a /home/?/public_html