Coders Tent

Syed Ashik Mahmud - Pro System Admin and Malware Cleaner

Author: coderstent (page 1 of 4)

How to activate and using plugins with webmail in WHM

Scala Hosting

In order to enable/disable any of these plugins, you need to add/remove each plugin’s name to/from Roundcube’s configuration file. Here is how it’s done: (For demonstration we will enable the “password” plugin)

1- Open the main config file:

vi /usr/local/cpanel/base/3rdparty/roundcube/config/

2- Find this configuration option:

$config[‘plugins’] = array(‘cpanellogin’,’cpanellogout’,’archive’,’calendar’, ‘return_to_webmail’,’carddav’);

3- Add the name of the plugin that you wish to enable to the array above:

$config[‘plugins’] = array(‘cpanellogin’,’cpanellogout’,’archive’,’calendar’, ‘return_to_webmail’,’carddav’,’password’);

4- Save and exit the file

5- Reload Dovecot:


Change it :


$rcmail_config[‘zipdownload_attachments’] = 1;
// Zip entire folders
$rcmail_config[‘zipdownload_folder’] = true;
// Zip selection of messages
$rcmail_config[‘zipdownload_selection’] = true;

cPanel login invalid while using correct username and password

Scala Hosting

Sometimes you may get login invalid error while trying to login to your cPanel account. But the username and password that you are entering is correct. This will happen because of your IP address is blocked by cphulkd for BruteForce.

What is cPHulk ?

cPhulk is a similar feature like Firewall, with cphulk cPanel will give you and extra measure of protection from attacks like bruteforce.  Suppose someone is trying to compromise your server using random failed logins

So from the above description you can see that this is an important feature of cPanel/WHM so disabling this feature will not be a good idea, instead  you can white-list your IP address on the BruteForce protection. So it will allow connections from your IP address.

You can see the errors related to blocked connections by cphulkd for BruteForce from the cPanel error log itself,


And the error will be like pasted below,

main::badpass('faillog', 'brute force attempt (user iserversupport) has locked out IP', 'skip_hulk', 1, 'msg_code', 'invalid_login') called at cpsrvd-ssl line 5790
        main::connect_cphulkd() called at cpsrvd-ssl line 5255
        main::handle_form_login() called at cpsrvd-ssl line 1131
        main::handle_one_connection() called at cpsrvd-ssl line 996

You can simply white-list the IP address on cphulkd by using the following script,


This script can be used along with the IP address that you need to white-list. See the sample command below,

/scripts/cphulkdwhitelist <IP-Address-for-whitelist>

This will allow your IP address through cphulk and now you will be able to login to the cPanel using correct password.

You can also do this from WHM. For that login to WHM and go to,

Home >> Security Center >> cPHulk Brute Force Protection

There will be options to  White/Black list IP addresses on cPHulk Brute Force Protection.

If you need our help to fix any issues on your server. Please feel free to contact us, simply email to [email protected]


How to See & Kill Processes From CPanel

Scala Hosting

CPanel Web host management software provides an intuitive interface for managing a website server. When running complex scripts on the server, you may occasionally need to stop a process from running to prevent a server crash. You can either stop all processes that a certain user is running, or you can stop a specific process by selecting it from a list of live processes.

Step 1

Type he server IP address followed by a colon and 2087 or follow your hosting server company or co-location center’s directions for accessing CPanel. Enter the administrator user name and password in the text fields when the CPanel login screen appears.

Step 2

Click System Health on the CPanel WHM home page; if you do not see the icon on your home screen, then locate System Health on the left sidebar menu.

Step 3

Click Process Manager and wait for the list of processes to appear.

Step 4

Kill all user processes by selecting the name from the Kill All Processes By User drop-down menu.

Step 5

Check the list of processes to see which processes might be using an inordinate amount of CPU resources or memory; the percentage of each is listed in the CPU and Memory columns for each process.

Step 6

Kill any individual processes by clicking the Kill prompt next to its process identification or PID number.

Step 7

Click the Back prompt that appears after the message “Killed (PID number)” to return to the list of processes. Kill additional processes as necessary.

Step 8

Test your server to make sure it works correctly. Restart the server if necessary.

How to Backup and Restore cPanel Accounts via SSH

Scala Hosting

Creating a cPanel Backup via SSH

To create a backup of your individual cPanel account using SSH, just follow these steps:

  1. First, log in to SSH as the Root user.
  2. Next, enter the following command string on the command line interface:

    /scripts/pkgacct username

  3. A backup of your account will be created and stored in the directory you are currently in.


Restoring a cPanel Backup via SSH

To restore a previously created backup of your cPanel account, just follow these steps:

  1. First, if you haven’t already, log in to SSH as the Root user.
  2. Navigate to the directory containing your backup file. *Note: In order to restore your data, you must be in the correct directory.
  3. Next, to restore your cPanel backup, enter the following command into the command line:

    /scripts/restorepkg username

And there you have it!

How to install MALDET Linux Malware Detect on cPanel Server?

Scala Hosting

Maldet is a malware detector and scanner for Linux based servers a project designed by R-fx networks project. It can be installed on shared hosting servers like cPanel WHM and linux plesk servers which works along with Clamav tool.

1. Download & Install Maldet –

cd /usr/local/src
tar -xzvf maldetect-current.tar.gz

2. Go to the maldetect directory and run the installer script ‘’ as root:

cd maldetect-1.5

3. Next, make a symlink to the maldet command in the /bin/ directory.

ln -s /usr/local/maldetect/maldet /bin/maldet
hash -r

4. Configure Maldet, Install Nano editor if its not installed ( yum install nano ) –

cd /usr/local/maldetect/
nano conf.maldet

5. Enable email alert by changing the value to ‘1’.


6. Set your email address .

email_addr=”[email protected]

We will use the ClamAV clamscan binary as default scan engine because it provides a high-performance scan on large file sets. If its not installed you can install it using ( yum -y install clamav clamav-devel ) then update using ( freshclam ) command.

7. Change value to ‘1’ on line 114 – scan_clamscan=”1″

8. Next, enable quarantining to move malware to the quarantine automatically during the scan process. Change value to ‘1’ on line 180 – quarantine_hits=”1″

9. Change value to 1 on line 185 to enable clean based malware injections – quarantine_clean=”1″

10. Save and exit.

Use Real-Time Monitoring with Maldet for active monitoring.

The inotify monitoring feature is designed to monitor paths/users in real-time for file creation/modify/move operations. This option requires a kernel that supports inotify_watch (CONFIG_INOTIFY) which is found in kernels 2.6.13+ and CentOS/RHEL 5 by default.

There are three modes that the monitor can be executed with and they relate to what will be monitored, they are USERS|PATHS|FILES.
e.g: maldet –monitor users
e.g: maldet –monitor /root/monitor_paths
e.g: maldet –monitor /home/mike,/home/ashton

Only find PHP files on an account

maldet –include-regex “.*.php$” -a /home/pronyxco/public_html

Full account
maldet –include-regex “.*.php$” -a /home/?/public_html

maldet -a /home/?

Reference :

How to install Linux Malware Detect

Error: “WARNING: RESTRICT_SYSLOG is disabled. See SECURITY WARNING in Firewall Configuration”

Scala Hosting

If you are getting error “WARNING: RESTRICT_SYSLOG is disabled. See SECURITY WARNING in Firewall Configuration” after clicking on “configServer security and firewall” then you have to follow below steps. You just need to change the value of RESTRICT_SYSLOG from 0 to 3 and save changes. This step will remove your error. In this article we are further going to explain the step by step method to remove this error. You can easily solve this problem through WHM or can directly access the csf.conf file and make changes in it. Both ways are explained below:

Login to WHM.

Click on “configServer security and firewall” under plugins or search “firewall” in search box.

A new window will appear with this error “WARNING: RESTRICT_SYSLOG is disabled. See SECURITY WARNING in Firewall Configuration”. To solve this error click on “Firewall Configuration”.

Here set RESTRICT_SYSLOG to 3.

At last SAVE and Restart CSF (ConfigServer Security & Firewall).

You can also directly make changes in csf configuration file through vi editor.

You can open the file though this command :


# vi /etc/cfs/csf.conf

In this file search for “RESTRICT_SYSLOG” and set it to 3.

Change it to 3.



At last restart csf with this command :


# /etc/init.d/csf restart

How to enable/disable allow_url_fopen and allow_url_include functions

Scala Hosting


For security reason, in shared hosting account allow_url_fopen is disabled by default. If you want to enable this function, you need to modify the custom php.ini file.


This functions is also disabled and to use allow_url_fopen you need to turn on this function too in the same way as allow_url_fopen.


Steps to enable allow_url _fopen and allow_url_include functions:

Step 1: Create a custom php.ini file in your public_html folder

Step 2: Add these two lines in your php.ini file to enable these functions:

allow_url_fopen = on

allow_url_include = on

Save the file and you are done.


Steps to disable allow_url _fopen and allow_url_include functions:

Step 1: Create or open the custom php.ini file in your public_html folder

Step 2: Add these two lines in your php.ini file to disable these functions:

allow_url_fopen = off

allow_url_include = off

Save the file and you are done.

How to genearte a secure mail server addesses with SSL /TLS in cPanel and Cloudflare

Scala Hosting

1) Add cpcalendar, cpcontacts, mail and webmail A records pointing to your sever’s IP. make sure the Procy Status (Cloud) is OFF (DNS only)

2) Once this records are properly set up, back in cPanel we will open SSL/TLS Status, here we will generate an Auto SSL, but before remove any subdomains that are not going to be used.

For example if your domain is hosted somewhere else remove the main domain and the www subdoamin. you might find some weird addresses like, you can also Exlude those before running the AutoSSL.

3) Once you have excluded all the unwanted addresses, click Run AutoSSL, this might take a while depending on how many domains you have so, prepare a coffee and sit tight.

If everything went well you will see green locks next to all your addresses:

4) Now we are ready to use the secure connections provided by Cpanel, go to Email Accounts -> and select the desired account and click on Connect Devices. There you will see all the necessary information to connect suing SSL/TSL

How to setup mail server’s records in cloudflare and cpanel (DKIM and SPF) ?

Scala Hosting

Many times we have a website but we are not using our domain to create email addresses. If that is the case the domain main A record is already pointing to a server where the website is hosted.

If you want to setup emails for your domain in a different server, there a few things that need to be done on the DNS. For this tutorial we will use cloudflare as our DNS manager, and a cPanel server as our mail server.

1) Add the doman to your server, in Cpanel this is done in the Domain Addons section. Simply add the domain. assign a subdomain and a path, cPanel will suggest one for you so you can go for that.

2) Identify the IP of your server because we will use it to set up a few records on the DNS, in Cpanel go back to the home page and it will be located on the right side

3) Next we need to add a few records to cloudflare so we can connect our domain to the server and also make to the have the right configuration for email deliverability. (Avoid Spam Box).

We will add 4 A records: mail, cpcontacts, cpcalendars, and webmail, all with the same IP address that we got before, make sure the cloud is turned off if using cloudflare. (cpalendars and cpcontacts are optional and used only if you will synchronize calendars and contacts).

Once all 4 are added it will look like this (plus any other records you might have):

Then we need to go back to Cpanel and get information about the DKIM and SPF records, these are standard records to ensure Email Deliverability and do not end up in the Junk mail.

4) In Cpanel look for Email Deliverability and click on manage next to your domain.

If you notriced Cpanel had a warning “Problems Exist (DKIM and SPF)” this is because we need to install the records on the DNS.

5) Copy the Name and Value for the DKIM TXT record and paste it in Cloudflare as TXT records. Do the same for the SPF record.

In Cloudfalre:

Once Both records are installed they will show like this

To make sure that the records were well instaled, we can go back to Cpanel and open again the Email Deliverability, if we have a VALID notification, then we successfully installed the records.

If you got to this point you have successfully setup the records and now you are ready to create new email accunots

6. From Cpanel, go to Email Accounts -> Create and select your domain, then assign a username, a password and a Storage Space. about 5Gb should be enough to start with.

Finding which hosting account/reseller a domain belongs by ssh

Scala Hosting

You can find the account ownership of a domain name with a command such as:


/scripts/whoowns $domain

Or via:


grep $domain /etc/userdomains

You can then search for the username in /etc/trueuserowners to see which reseller owns the account. EX:


grep $username /etc/trueuserowners

Thank you.

« Older posts