In order to enable/disable any of these plugins, you need to add/remove each plugin’s name to/from Roundcube’s configuration file. Here is how it’s done: (For demonstration we will enable the “password” plugin)
1- Open the main config file:
Sometimes you may get login invalid error while trying to login to your cPanel account. But the username and password that you are entering is correct. This will happen because of your IP address is blocked by cphulkd for BruteForce.
What is cPHulk ?
cPhulk is a similar feature like Firewall, with cphulk cPanel will give you and extra measure of protection from attacks like bruteforce. Suppose someone is trying to compromise your server using random failed logins
So from the above description you can see that this is an important feature of cPanel/WHM so disabling this feature will not be a good idea, instead you can white-list your IP address on the BruteForce protection. So it will allow connections from your IP address.
You can see the errors related to blocked connections by cphulkd for BruteForce from the cPanel error log itself,
And the error will be like pasted below,
main::badpass('faillog', 'brute force attempt (user iserversupport) has locked out IP xxx.xxx.xxx.xx...', 'skip_hulk', 1, 'msg_code', 'invalid_login') called at cpsrvd-ssl line 5790
main::connect_cphulkd() called at cpsrvd-ssl line 5255
main::handle_form_login() called at cpsrvd-ssl line 1131
main::handle_one_connection() called at cpsrvd-ssl line 996
You can simply white-list the IP address on cphulkd by using the following script,
This script can be used along with the IP address that you need to white-list. See the sample command below,
CPanel Web host management software provides an intuitive interface for managing a website server. When running complex scripts on the server, you may occasionally need to stop a process from running to prevent a server crash. You can either stop all processes that a certain user is running, or you can stop a specific process by selecting it from a list of live processes.
Type he server IP address followed by a colon and 2087 or follow your hosting server company or co-location center’s directions for accessing CPanel. Enter the administrator user name and password in the text fields when the CPanel login screen appears.
Click System Health on the CPanel WHM home page; if you do not see the icon on your home screen, then locate System Health on the left sidebar menu.
Click Process Manager and wait for the list of processes to appear.
Kill all user processes by selecting the name from the Kill All Processes By User drop-down menu.
Check the list of processes to see which processes might be using an inordinate amount of CPU resources or memory; the percentage of each is listed in the CPU and Memory columns for each process.
Kill any individual processes by clicking the Kill prompt next to its process identification or PID number.
Click the Back prompt that appears after the message “Killed (PID number)” to return to the list of processes. Kill additional processes as necessary.
Test your server to make sure it works correctly. Restart the server if necessary.
Maldet is a malware detector and scanner for Linux based servers a project designed by R-fx networks project. It can be installed on shared hosting servers like cPanel WHM and linux plesk servers which works along with Clamav tool.
1. Download & Install Maldet –
tar -xzvf maldetect-current.tar.gz
2. Go to the maldetect directory and run the installer script ‘install.sh’ as root:
3. Next, make a symlink to the maldet command in the /bin/ directory.
We will use the ClamAV clamscan binary as default scan engine because it provides a high-performance scan on large file sets. If its not installed you can install it using ( yum -y install clamav clamav-devel ) then update using ( freshclam ) command.
7. Change value to ‘1’ on line 114 – scan_clamscan=”1″
8. Next, enable quarantining to move malware to the quarantine automatically during the scan process. Change value to ‘1’ on line 180 – quarantine_hits=”1″
9. Change value to 1 on line 185 to enable clean based malware injections – quarantine_clean=”1″
10. Save and exit.
Use Real-Time Monitoring with Maldet for active monitoring.
The inotify monitoring feature is designed to monitor paths/users in real-time for file creation/modify/move operations. This option requires a kernel that supports inotify_watch (CONFIG_INOTIFY) which is found in kernels 2.6.13+ and CentOS/RHEL 5 by default.
There are three modes that the monitor can be executed with and they relate to what will be monitored, they are USERS|PATHS|FILES.
e.g: maldet –monitor users
e.g: maldet –monitor /root/monitor_paths
e.g: maldet –monitor /home/mike,/home/ashton
Only find PHP files on an account
maldet –include-regex “.*.php$” -a /home/pronyxco/public_html
maldet –include-regex “.*.php$” -a /home/?/public_html
If you are getting error “WARNING: RESTRICT_SYSLOG is disabled. See SECURITY WARNING in Firewall Configuration” after clicking on “configServer security and firewall” then you have to follow below steps. You just need to change the value of RESTRICT_SYSLOG from 0 to 3 and save changes. This step will remove your error. In this article we are further going to explain the step by step method to remove this error. You can easily solve this problem through WHM or can directly access the csf.conf file and make changes in it. Both ways are explained below:
Login to WHM.
Click on “configServer security and firewall” under plugins or search “firewall” in search box.
A new window will appear with this error “WARNING: RESTRICT_SYSLOG is disabled. See SECURITY WARNING in Firewall Configuration”. To solve this error click on “Firewall Configuration”.
Here set RESTRICT_SYSLOG to 3.
At last SAVE and Restart CSF (ConfigServer Security & Firewall).
You can also directly make changes in csf configuration file through vi editor.
You can open the file though this command :
# vi /etc/cfs/csf.conf
In this file search for “RESTRICT_SYSLOG” and set it to 3.
1) Add cpcalendar, cpcontacts, mail and webmail A records pointing to your sever’s IP. make sure the Procy Status (Cloud) is OFF (DNS only)
2) Once this records are properly set up, back in cPanel we will open SSL/TLS Status, here we will generate an Auto SSL, but before remove any subdomains that are not going to be used.
For example if your domain is hosted somewhere else remove the main domain and the www subdoamin. you might find some weird addresses like www.domain.mailserver.com, you can also Exlude those before running the AutoSSL.
3) Once you have excluded all the unwanted addresses, click Run AutoSSL, this might take a while depending on how many domains you have so, prepare a coffee and sit tight.
If everything went well you will see green locks next to all your addresses:
4) Now we are ready to use the secure connections provided by Cpanel, go to Email Accounts -> and select the desired account and click on Connect Devices. There you will see all the necessary information to connect suing SSL/TSL
Many times we have a website but we are not using our domain to create email addresses. If that is the case the domain main A record is already pointing to a server where the website is hosted.
If you want to setup emails for your domain in a different server, there a few things that need to be done on the DNS. For this tutorial we will use cloudflare as our DNS manager, and a cPanel server as our mail server.
1) Add the doman to your server, in Cpanel this is done in the Domain Addons section. Simply add the domain. assign a subdomain and a path, cPanel will suggest one for you so you can go for that.
2) Identify the IP of your server because we will use it to set up a few records on the DNS, in Cpanel go back to the home page and it will be located on the right side
3) Next we need to add a few records to cloudflare so we can connect our domain to the server and also make to the have the right configuration for email deliverability. (Avoid Spam Box).
We will add 4 A records: mail, cpcontacts, cpcalendars, and webmail, all with the same IP address that we got before, make sure the cloud is turned off if using cloudflare. (cpalendars and cpcontacts are optional and used only if you will synchronize calendars and contacts).
Once all 4 are added it will look like this (plus any other records you might have):
Then we need to go back to Cpanel and get information about the DKIM and SPF records, these are standard records to ensure Email Deliverability and do not end up in the Junk mail.
4) In Cpanel look for Email Deliverability and click on manage next to your domain.
If you notriced Cpanel had a warning “Problems Exist (DKIM and SPF)” this is because we need to install the records on the DNS.
5) Copy the Name and Value for the DKIM TXT record and paste it in Cloudflare as TXT records. Do the same for the SPF record.
Once Both records are installed they will show like this
To make sure that the records were well instaled, we can go back to Cpanel and open again the Email Deliverability, if we have a VALID notification, then we successfully installed the records.
If you got to this point you have successfully setup the records and now you are ready to create new email accunots
6. From Cpanel, go to Email Accounts -> Create and select your domain, then assign a username, a password and a Storage Space. about 5Gb should be enough to start with.