Syed Ashik Mahmud - Pro System Admin and Malware Cleaner

Category: WHM (Page 1 of 2)

Script To Fix Permissions And Ownership, on files and Directories, for cPanel Accounts

Fixing permission for a cpanel account doing manually is a difficult task. We can do it by running a script. For that follow below steps,

→Download the script using below command
wget https://raw.githubusercontent.com/PeachFlame/cPanel-fixperms/master/fixperms.sh

→To make it is executable please give execute permission for it.
chmod +x fixperms.sh

→We can run the script to fix a permission of a particular account by using below command
sh ./fixperms.sh -a USER-NAME

Replace the USER-NAME with the user that we want to fix the permission.

cPanel login invalid while using correct username and password

Sometimes you may get login invalid error while trying to login to your cPanel account. But the username and password that you are entering is correct. This will happen because of your IP address is blocked by cphulkd for BruteForce.

What is cPHulk ?

cPhulk is a similar feature like Firewall, with cphulk cPanel will give you and extra measure of protection from attacks like bruteforce.  Suppose someone is trying to compromise your server using random failed logins

So from the above description you can see that this is an important feature of cPanel/WHM so disabling this feature will not be a good idea, instead  you can white-list your IP address on the BruteForce protection. So it will allow connections from your IP address.

You can see the errors related to blocked connections by cphulkd for BruteForce from the cPanel error log itself,

/usr/local/cpanel/logs/error_log

And the error will be like pasted below,

main::badpass('faillog', 'brute force attempt (user iserversupport) has locked out IP xxx.xxx.xxx.xx...', 'skip_hulk', 1, 'msg_code', 'invalid_login') called at cpsrvd-ssl line 5790
        main::connect_cphulkd() called at cpsrvd-ssl line 5255
        main::handle_form_login() called at cpsrvd-ssl line 1131
        main::handle_one_connection() called at cpsrvd-ssl line 996

You can simply white-list the IP address on cphulkd by using the following script,

/scripts/cphulkdwhitelist

This script can be used along with the IP address that you need to white-list. See the sample command below,

/scripts/cphulkdwhitelist <IP-Address-for-whitelist>

This will allow your IP address through cphulk and now you will be able to login to the cPanel using correct password.

You can also do this from WHM. For that login to WHM and go to,

Home >> Security Center >> cPHulk Brute Force Protection

There will be options to  White/Black list IP addresses on cPHulk Brute Force Protection.

If you need our help to fix any issues on your server. Please feel free to contact us, simply email to [email protected]

 

How to See & Kill Processes From CPanel

CPanel Web host management software provides an intuitive interface for managing a website server. When running complex scripts on the server, you may occasionally need to stop a process from running to prevent a server crash. You can either stop all processes that a certain user is running, or you can stop a specific process by selecting it from a list of live processes.

Step 1

Type he server IP address followed by a colon and 2087 or follow your hosting server company or co-location center’s directions for accessing CPanel. Enter the administrator user name and password in the text fields when the CPanel login screen appears.

Step 2

Click System Health on the CPanel WHM home page; if you do not see the icon on your home screen, then locate System Health on the left sidebar menu.

Step 3

Click Process Manager and wait for the list of processes to appear.

Step 4

Kill all user processes by selecting the name from the Kill All Processes By User drop-down menu.

Step 5

Check the list of processes to see which processes might be using an inordinate amount of CPU resources or memory; the percentage of each is listed in the CPU and Memory columns for each process.

Step 6

Kill any individual processes by clicking the Kill prompt next to its process identification or PID number.

Step 7

Click the Back prompt that appears after the message “Killed (PID number)” to return to the list of processes. Kill additional processes as necessary.

Step 8

Test your server to make sure it works correctly. Restart the server if necessary.

How to enable/disable allow_url_fopen and allow_url_include functions

allow_url_fopen:

For security reason, in shared hosting account allow_url_fopen is disabled by default. If you want to enable this function, you need to modify the custom php.ini file.

allow_url_include:

This functions is also disabled and to use allow_url_fopen you need to turn on this function too in the same way as allow_url_fopen.

 

Steps to enable allow_url _fopen and allow_url_include functions:

Step 1: Create a custom php.ini file in your public_html folder

Step 2: Add these two lines in your php.ini file to enable these functions:

allow_url_fopen = on

allow_url_include = on

Save the file and you are done.

 

Steps to disable allow_url _fopen and allow_url_include functions:

Step 1: Create or open the custom php.ini file in your public_html folder

Step 2: Add these two lines in your php.ini file to disable these functions:

allow_url_fopen = off

allow_url_include = off

Save the file and you are done.


Domain has outgoing email disabled

You can fix this through this command.

Code:
whmapi1 unsuspend_outgoing_email user=$USER

Ex : whmapi1 unsuspend_outgoing_email user=test

Here test is your cpanel account name

Ref :

https://forums.cpanel.net/threads/domain-has-outgoing-email-disabled.548681/
https://forums.cpanel.net/threads/suspend-sending-outgoing-email.651981/

Changing the SSH port number

To change the port for the SSH server, follow these steps:

  1. Log in to the server as root using SSH.
  2. Open the /etc/ssh/sshd_config file in your preferred text editor (nano, vi, etc.).
  3. Locate the following line:
    Port 7822
    Remember that for security reasons, A2 Hosting uses port 7822 for SSH connections instead of the default port 22.
  4. Change 7822 to the new port number that you want to use.
  5. Save the changes to the /etc/ssh/sshd_config file, and then exit the text editor.
  6. Restart the SSH service using the appropriate command for your Linux distribution:
    • For CentOS and Fedora, type:
      service sshd restart
      
    • For Debian and Ubuntu, type:
      service ssh restart
      
  7. While still logged in as root, in a new terminal window try to log in using the new SSH port number. If the login fails, check your settings. Do not exit your open root session until you are able to log in using the new configuration.

How to to know SSH port on the cPanel server?

Steps to know SSH port of cPanel server –

1. Login to WHM with your login details.
2. Go to restart servicees.
3. Restart SSH server. Once service get restart you will get below information –
Waiting for “sshd” to restart ………waiting for “sshd” to initialize ………finished.
Service Status
sshd (/usr/sbin/sshd) running as root with PID 904715 (process table check method)
Startup Log
Starting sshd: [ OK ]
Log Messages
Apr 6 05:48:40 server sshd[904715]: Server listening on :: port 8872.
Apr 6 05:48:40 server sshd[904715]: Server listening on 0.0.0.0 port 8872.
Apr 6 05:48:39 server sshd[4031]: Received signal 15; terminating.
sshd restarted successfully.
That’s it!

In the above output, you can see 8872 is the SSH port.

Transfer SSL certificate with cPanel/WHM

In this article, we are going to see how we can migrate SSL certificates from one server to another. Before we transfer, you should be aware of the components involved with SSL certificates and how it is stored. Let’s have a detailed look on it.

There will be a certificate file. It will have the extension (.crt). Also, there will be a key and it will have the extension (.key). There will also be a CA bundle. We need to copy the files to new server in order to migrate the SSL certificate.

Steps to transfer SSL certificate

1) Login to your WHM.

You could access the WHM with https://server.hostname.tld:2087. This will lead you to the home page of WHM interface.

Now locate the ‘SSL/TLS’ section in WHM and go to ‘SSL Storage Manager’ as shown in the figure.

You will be lead to the next page. There you could find the certificates and keys with the username. Please locate the certificate you wish to transfer.

2) Copy the key

Please refer to the attached screen shot for any clarification.

Now you need to copy the key and paste it on a text file. To view the full content, please click on the lens icon near the key. The key will be starting with —–BEGIN RSA PRIVATE KEY—– and will end up with —–END RSA PRIVATE KEY—–.

3) Copy the Certificate

Now you need to copy the certificate. This also can be done from the previous window. Please click on the lens icon next to the certificate so that you would be able to view and copy the certificate.

Please copy and paste the certificate on a text file. The certificate will be starting with —–BEGIN CERTIFICATE—– and ending with —–END CERTIFICATE—–.

Now you need to install the certificate on the new server. You could install it from the WHM interface and the cPanel interface.

4) Install the certificate on new server

To install the certificate from the WHM, please locate “Install an SSL Certificate on a Domain” under the “SSL/TLS”. Please refer to the screenshot below in case of any doubts.

You need to use the certificate and key copied and saved on the text files earlier. You also could install it from the cPanel interface. To see how to install SSL certificate from the cPanel interface, please follow the guide in the link below.

If you need any further assistance please contact Syed Ashik Mahmud

Install Let’s Encrypt SSL on Hostname in cPanel/WHM Server

The Let’s Encrypt allows you to install AutoSSL for the hostname. In this tutorial, I will show you how to install Let’s Encrypt SSL to the hostname. Here are the steps to install the same on hostname.

Install Let’s Encrypt Auto SSL Provider.

Run the following command to install Let’s Encrypt provider.

/scripts/install_lets_encrypt_autossl_provider

Once you have installed Let’s Encrypt provider, change auto SSL provider to Let’s Encrypt from Comodo.

Login to WHM >> Manage AutoSSL.

Install Self-Signed Certificate to Hostname.

1) Login to WHM as a root user.

2) Go to “Service Configuration”.

3) Then select the following services and click on “Browse Certificate”.

Calendar, cPanel, WebDisk, Webmail, and WHM Services

Dovecot Mail Server

Exim (SMTP) Server

FTP Server

4) Select hostname and click on “Use Certificates”.

5) Then click on “Install”.

Replace Self Signed Certificates with Valid Let’s Encrypt Certificates.

Once you have installed the self-signed certificate, run the following command to check SSL certificates

/usr/local/cpanel/bin/checkallsslcerts

The Self signed SSL certificates will be replaced with a valid Let’s Encrypt certificate while running above command.

Once it is completed, you can access WHM with the hostname https://hostname:2087

If you need any further assistance please contact Syed Ashik Mahmud

« Older posts

© 2024 Coders Tent

Theme by Anders NorenUp ↑