Coders Tent

Syed Ashik Mahmud - Pro System Admin and Malware Cleaner

Author: coderstent (page 1 of 4)

How to check Inode usage from cPanel and Command line?

Scala Hosting

Check from SSH Login.

Login to the server using ssh command.

Ensure that you are at the home directory with the following command.

cd ~

Following is the command to check the total Inodes on your server.

find . | wc -l

Hit the following command if you are looking to view the inode values directory wise.

find . -printf “%h\n” | cut -d/ -f-2 | sort | uniq -c | sort -rn

Database Error Connection Failed in RoundCube cPanel

Scala Hosting

RoundCube is a client based on Web IMAP and that is very easy to install & configure. RoundCube is open-source and free software that is subject to General Public License that except plugins and skins. The main feature of Roundcube is that all data are stored in the database and it does have the interface of the desktop. RoundCube has the well-known feature of the prevalent usage of Ajax technology.

Occasionally we might receive an error message, whenever RoundCube webmail tries to connect with its database. And the error occurs in cPanel server like “database error failed, unable to connect to the database. Please contact your server-administrator”.One of the main reasons for such an error is that the mailbox could have been getting corrected.

Here in this section, we are going to show how to overcome RoundCube database errors and how to fix the issues as well.

Fixing Database Error – RoundCube Webmail:

It is always advisable to check the database, server status and assure it is running and active. We can use various methods to resolve the problems. They are as follows,

Method 1: Restoring with the previous version of the mailbox database is one of the recommended and easiest ways to solve the issues.

Below mentioned the process to fix and restore the previous version of the mailbox database:

  • Either go to the folder of cPanel ‘/home/<cpanel_user>/etc/<domain>/’ and change the name of the file from <email_user>.rcube.db to <email_user>.rcube.db.bakor moving it out of that folder.

Change the name of the file from<email_user>.rcube.db.<number_stamp> (make use of the most recent copy based on the timestamp) to <email_user>.rcube.db.And now here we go, try to access your RoundCube.

Method 2: Another method of fixing an issue without restoring the previous settings is to restart the RoundCube from the beginning.

The following procedure shows how to fix this issue:

  • Either change the name of the file from <email_user>.rcube.db to <email_user>.rcube.db.bak or moving it out of that folder.

And now you can try to access the RoundCube again.

Normally for database storage like contacts, information, and other details, RoundCube makes use of SQLite or MySQL. Due to this, it is mandatory to RoundCube needs to be connected to its database in order to pick up the information. And in case of failure on the database connectivity may cause a “database error connection failed” error message displayed in the cPanel server. Using the different methods mentioned above we can overcome these kinds of issues.

How to Disable All cPanel LFD Alerts?

Scala Hosting

Clients are getting so many emails regarding all LFD alerts, “so if they wish to disable the alert please follow the below steps.

Steps to disable all LFD email Alerts.

1) Login to WHM.

2) Navigate to “ConfigServer Security & Firewall” under “Plugin” section.
3) Click on “Firewall Configuration” button to edit the CSF configuration file.
4) Search for “LF_EMAIL_ALERT” on the configuration file and change it from “On” to “Off” button.
5) Click on “Change” button to save the changes.

We need to restart csf and lfd services to enable all changes that we made in the above steps. So click on “Restart csf+lfd” button to restart both the services.

How to activate and using plugins with webmail in WHM

Scala Hosting

In order to enable/disable any of these plugins, you need to add/remove each plugin’s name to/from Roundcube’s configuration file. Here is how it’s done: (For demonstration we will enable the “password” plugin)

1- Open the main config file:

vi /usr/local/cpanel/base/3rdparty/roundcube/config/config.inc.php

2- Find this configuration option:

$config[‘plugins’] = array(‘cpanellogin’,’cpanellogout’,’archive’,’calendar’, ‘return_to_webmail’,’carddav’);

3- Add the name of the plugin that you wish to enable to the array above:

$config[‘plugins’] = array(‘cpanellogin’,’cpanellogout’,’archive’,’calendar’, ‘return_to_webmail’,’carddav’,’password’);

4- Save and exit the file

5- Reload Dovecot:

/scripts/restartsrv_dovecot

Change it :

zipdownload/config.ini.php

$rcmail_config[‘zipdownload_attachments’] = 1;
// Zip entire folders
$rcmail_config[‘zipdownload_folder’] = true;
// Zip selection of messages
$rcmail_config[‘zipdownload_selection’] = true;

https://support.cpanel.net/hc/en-us/articles/1500005353841-How-To-Enable-Disable-Roundcube-Plugins-

cPanel login invalid while using correct username and password

Scala Hosting

Sometimes you may get login invalid error while trying to login to your cPanel account. But the username and password that you are entering is correct. This will happen because of your IP address is blocked by cphulkd for BruteForce.

What is cPHulk ?

cPhulk is a similar feature like Firewall, with cphulk cPanel will give you and extra measure of protection from attacks like bruteforce.  Suppose someone is trying to compromise your server using random failed logins

So from the above description you can see that this is an important feature of cPanel/WHM so disabling this feature will not be a good idea, instead  you can white-list your IP address on the BruteForce protection. So it will allow connections from your IP address.

You can see the errors related to blocked connections by cphulkd for BruteForce from the cPanel error log itself,

/usr/local/cpanel/logs/error_log

And the error will be like pasted below,

main::badpass('faillog', 'brute force attempt (user iserversupport) has locked out IP xxx.xxx.xxx.xx...', 'skip_hulk', 1, 'msg_code', 'invalid_login') called at cpsrvd-ssl line 5790
        main::connect_cphulkd() called at cpsrvd-ssl line 5255
        main::handle_form_login() called at cpsrvd-ssl line 1131
        main::handle_one_connection() called at cpsrvd-ssl line 996

You can simply white-list the IP address on cphulkd by using the following script,

/scripts/cphulkdwhitelist

This script can be used along with the IP address that you need to white-list. See the sample command below,

/scripts/cphulkdwhitelist <IP-Address-for-whitelist>

This will allow your IP address through cphulk and now you will be able to login to the cPanel using correct password.

You can also do this from WHM. For that login to WHM and go to,

Home >> Security Center >> cPHulk Brute Force Protection

There will be options to  White/Black list IP addresses on cPHulk Brute Force Protection.

If you need our help to fix any issues on your server. Please feel free to contact us, simply email to [email protected]

 

How to See & Kill Processes From CPanel

Scala Hosting

CPanel Web host management software provides an intuitive interface for managing a website server. When running complex scripts on the server, you may occasionally need to stop a process from running to prevent a server crash. You can either stop all processes that a certain user is running, or you can stop a specific process by selecting it from a list of live processes.

Step 1

Type he server IP address followed by a colon and 2087 or follow your hosting server company or co-location center’s directions for accessing CPanel. Enter the administrator user name and password in the text fields when the CPanel login screen appears.

Step 2

Click System Health on the CPanel WHM home page; if you do not see the icon on your home screen, then locate System Health on the left sidebar menu.

Step 3

Click Process Manager and wait for the list of processes to appear.

Step 4

Kill all user processes by selecting the name from the Kill All Processes By User drop-down menu.

Step 5

Check the list of processes to see which processes might be using an inordinate amount of CPU resources or memory; the percentage of each is listed in the CPU and Memory columns for each process.

Step 6

Kill any individual processes by clicking the Kill prompt next to its process identification or PID number.

Step 7

Click the Back prompt that appears after the message “Killed (PID number)” to return to the list of processes. Kill additional processes as necessary.

Step 8

Test your server to make sure it works correctly. Restart the server if necessary.

How to Backup and Restore cPanel Accounts via SSH

Scala Hosting

Creating a cPanel Backup via SSH

To create a backup of your individual cPanel account using SSH, just follow these steps:

  1. First, log in to SSH as the Root user.
  2. Next, enter the following command string on the command line interface:

    /scripts/pkgacct username

  3. A backup of your account will be created and stored in the directory you are currently in.

 

Restoring a cPanel Backup via SSH

To restore a previously created backup of your cPanel account, just follow these steps:

  1. First, if you haven’t already, log in to SSH as the Root user.
  2. Navigate to the directory containing your backup file. *Note: In order to restore your data, you must be in the correct directory.
  3. Next, to restore your cPanel backup, enter the following command into the command line:

    /scripts/restorepkg username

And there you have it!

How to install MALDET Linux Malware Detect on cPanel Server?

Scala Hosting

Maldet is a malware detector and scanner for Linux based servers a project designed by R-fx networks project. It can be installed on shared hosting servers like cPanel WHM and linux plesk servers which works along with Clamav tool.

1. Download & Install Maldet –

cd /usr/local/src
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xzvf maldetect-current.tar.gz

2. Go to the maldetect directory and run the installer script ‘install.sh’ as root:

cd maldetect-1.5
./install.sh

3. Next, make a symlink to the maldet command in the /bin/ directory.

ln -s /usr/local/maldetect/maldet /bin/maldet
hash -r

4. Configure Maldet, Install Nano editor if its not installed ( yum install nano ) –

cd /usr/local/maldetect/
nano conf.maldet

5. Enable email alert by changing the value to ‘1’.

email_alert=”1″

6. Set your email address .

email_addr=”[email protected]

We will use the ClamAV clamscan binary as default scan engine because it provides a high-performance scan on large file sets. If its not installed you can install it using ( yum -y install clamav clamav-devel ) then update using ( freshclam ) command.

7. Change value to ‘1’ on line 114 – scan_clamscan=”1″

8. Next, enable quarantining to move malware to the quarantine automatically during the scan process. Change value to ‘1’ on line 180 – quarantine_hits=”1″

9. Change value to 1 on line 185 to enable clean based malware injections – quarantine_clean=”1″

10. Save and exit.

Use Real-Time Monitoring with Maldet for active monitoring.

The inotify monitoring feature is designed to monitor paths/users in real-time for file creation/modify/move operations. This option requires a kernel that supports inotify_watch (CONFIG_INOTIFY) which is found in kernels 2.6.13+ and CentOS/RHEL 5 by default.

There are three modes that the monitor can be executed with and they relate to what will be monitored, they are USERS|PATHS|FILES.
e.g: maldet –monitor users
e.g: maldet –monitor /root/monitor_paths
e.g: maldet –monitor /home/mike,/home/ashton

Only find PHP files on an account

maldet –include-regex “.*.php$” -a /home/pronyxco/public_html

Full account
maldet –include-regex “.*.php$” -a /home/?/public_html

maldet -a /home/?

Reference :

How to install Linux Malware Detect


https://www.linuxcapable.com/how-to-install-maldet-linux-malware-detect-on-debian-11-bullseye/
https://dade2.net/kb/how-to-install-and-configuration-maldet-and-run-a-scan/
https://lionhost.gr/billing/knowledgebase/185/Maldet-Scan.html

Error: “WARNING: RESTRICT_SYSLOG is disabled. See SECURITY WARNING in Firewall Configuration”

Scala Hosting

If you are getting error “WARNING: RESTRICT_SYSLOG is disabled. See SECURITY WARNING in Firewall Configuration” after clicking on “configServer security and firewall” then you have to follow below steps. You just need to change the value of RESTRICT_SYSLOG from 0 to 3 and save changes. This step will remove your error. In this article we are further going to explain the step by step method to remove this error. You can easily solve this problem through WHM or can directly access the csf.conf file and make changes in it. Both ways are explained below:

Login to WHM.

Click on “configServer security and firewall” under plugins or search “firewall” in search box.

A new window will appear with this error “WARNING: RESTRICT_SYSLOG is disabled. See SECURITY WARNING in Firewall Configuration”. To solve this error click on “Firewall Configuration”.

Here set RESTRICT_SYSLOG to 3.

At last SAVE and Restart CSF (ConfigServer Security & Firewall).

You can also directly make changes in csf configuration file through vi editor.

You can open the file though this command :

Code:

# vi /etc/cfs/csf.conf

In this file search for “RESTRICT_SYSLOG” and set it to 3.

Change it to 3.

Code:

RESTRICT_SYSLOG = “3”

At last restart csf with this command :

Code:

# /etc/init.d/csf restart

How to enable/disable allow_url_fopen and allow_url_include functions

Scala Hosting

allow_url_fopen:

For security reason, in shared hosting account allow_url_fopen is disabled by default. If you want to enable this function, you need to modify the custom php.ini file.

allow_url_include:

This functions is also disabled and to use allow_url_fopen you need to turn on this function too in the same way as allow_url_fopen.

 

Steps to enable allow_url _fopen and allow_url_include functions:

Step 1: Create a custom php.ini file in your public_html folder

Step 2: Add these two lines in your php.ini file to enable these functions:

allow_url_fopen = on

allow_url_include = on

Save the file and you are done.

 

Steps to disable allow_url _fopen and allow_url_include functions:

Step 1: Create or open the custom php.ini file in your public_html folder

Step 2: Add these two lines in your php.ini file to disable these functions:

allow_url_fopen = off

allow_url_include = off

Save the file and you are done.


« Older posts