Thursday, August 29, 2013

Simplest rules to Redirect using .htaccess

Simplest rules to Redirect using .htaccess

How to write rewrite rule (URL rewriting, mod_rewrite)
(1) Redirect site from http to https :
Add the below in .htaccess file in public_html
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

(2) Redirecting a domain to another domain via .htaccess
Example :- redirect to
RewriteEngine on
RewriteCond %{HTTP_HOST} ^shaz\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.shaz\.com$
RewriteRule ^/?$ “http\:\/\/www\.google\.com\/” [R=301,L]
(3) Redirect users to access the site with WWW
example :- redirect to
Add the below in .htaccess file
RewriteEngine on
RewriteCond %{HTTP_HOST} ^shaz\.com$ [NC]
RewriteRule ^(.*)$$1 [L,R=301]

(4) Redirect page to another page within public_html
example :- to redirect home.html to index.php
RewriteEngine on
RewriteRule ^home.html$ index.php

example2 :- rewrite site to
go to kb directory and create a .htaccess file
#cd public_html/kb
#touch .htaccess
#vi .htaccess
RewriteEngine on
RewriteRule ^index.php$ /blog/index.html

Install GeoIP in cPanel serve

To install GeoIP in cPanel server, run the following command as root,

root@server1 [~]# cd /var/cpanel/easy/apache/custom_opt_mods/

root@server1 [~]# wget

root@server1 [~]# tar -zxf custom_opt_mod-mod_geoip.tar.gz

root@server1 [~]# /scripts/easyapache

Next compile it with easyapache,

root@server1 [~]# /scripts/easyapache

Then select the Mod_GeoIP in the Short Options List.

To block a certain country IP range, you do not need to know which IP range it is and what you need is to use the GeoIP feature.

Next, you will need to insert the following command to the .htaccess file,



RewriteEngine on
RewriteRule ^(.*)$ [L]


The command use to redirect China IP to


Tuesday, August 20, 2013

Shell Loop Example

# demoloop.csh - Sample loop script
set j = 1
while ( $j <= 5 )
echo "Welcome $j times"
@ j++



Welcome 1 times
Welcome 2 times
Welcome 3 times
Welcome 4 times
Welcome 5 times



foreach i (*)
if (-f $i) then
echo "$i is a file."
if (-d $i) then
echo "$i is a directory."

---------------------------- is a file.
skl is a directory.
x is a file. is a file.
y is a file.

Find and delete the empty files and directories

The reason why it is important to find and delete the empty files in UNIX / LINUX is that there might be issues with processing the multiple utilities that may also comprise of the rm command.

Here are the steps that will help you to find and delete the empty files and directories:

find . -type d -empty — for directory
find . -type f -empty — for files

Delete the empty directories present under the ‘current directory’ with the use of the following command:

find . -type d -empty -exec rmdir {} \;

In order to check the count of files that are in use by the users, the following command can be used:

wc -l find . -type f -empty | wc -l
For non-empty files count :
find . -type f -not -empty | wc –l

In all the examples mentioned above, replace ‘.-dot’ with the directory absolute path under which you would like to search the files.

Thursday, August 15, 2013

Changing an FTP User’s Path + Cpanel

By default, your main FTP (cPanel) user will have and FTP path to the user’s home folder, and each FTP user you create after that will have a path that you specify with you create the account in cPanel > FTP accounts.

Unfortunately, cPanel’s interface does not currently let you change the FTP paths for your main account or sub-accounts, but you can easily change these in the FTP user configuration files. Each cPanel user has a file in/etc/proftpd (yes, even if you use pure-ftp), which contains the information about the FTP users for that account. A sample FTP user file for the cPanel ‘user1′ may look like this:


If you want to change the FTP root for any of the users, simply make the change in this file and restart your FTP service.

Tuesday, August 13, 2013

Cannot open /var/log/sa/sa07: No such file or directory

After installing sar I cannot run "sar -q" to get the output. I have waited few hours and still the same error.
Below is the error that I receive :

root@server [~]# sar -q
Cannot open /var/log/sa/sa08: No such file or directory
root@server [~]#

Solution :
Most probably its because of the cron.
First check if service cron is running.

/etc/init.d/crond status

If not restart that

/etc/init.d/crond restart
/etc/init.d/syslog restart

Monday, August 12, 2013

DDOS attack measures Sysctl


We can confirm it by checking the result of netstat command:

netstat -an|awk '/tcp/ {print $6}'|sort|uniq -c
This will show the states and number of connections at that time. The different states that are visible mostly in servers are:

1. ESTABLISHED - This will be legitimate connections established to the server
2. SYN_SENT - The client will be actively attempting to establish a connection.
3. SYN_RECV - A connection request has been received from the network.
4. FIN_WAIT - The socket is closed, and the connection is shutting down.
5. TIME_WAIT - The socket is waiting after close to handle packets still in the network.
6. LISTEN - The socket is listening for incoming connections.
7. LAST_ACK - The remote end has shut down, and the socket is closed. Waiting for acknowledgement.
If the number of connections in SYN_SENT, SYN_RECV, TIME_WAIT, FIN_WAIT are very large in the rate of 1000s then the server is surely under attack.

As a first step we can tweak the values set for SYN_SENT, SYN_RECV, TIME_WAIT, FIN_WAIT in the file /etc/sysctl.conf. Reduce the value of net.ipv4.tcp_fin_timeout to 3 or 5. Normally it will be set to 120 as default. Make the following changes in /etc/sysctl.conf

# Enable TCP SYN cookie protection
net.ipv4.tcp_syncookies = 1
# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 3
# Turn off the tcp_window_scaling
net.ipv4.tcp_window_scaling = 0
# Turn off the tcp_sack
net.ipv4.tcp_sack = 0
Then execute the command :

sysctl -p
Then we will have to find out how the attack is being performed, is it from any particular IP or from large number of IP addresses to the server. If it is from any particular IP to the server, then we can fix it by blocking the IP in the firewall. If it is from a large number of IP with one or 2 connections then we will have to find more details to stop it. But will will not be able to completely stop the DDOS attack, we will have to tweak some settings in the server so that the number of connections can be reduced.

Once we reach the result that the server is under attack by checking the number of connections in different state, we need to find to which port the attack is being done. Suppose the number of connections in state SYN_RECV is large. Then we can get the details using the following command:

netstat -lpan | grep SYN_RECV | awk '{print $4}' | cut -d: -f2 | sort | uniq -c | sort -nk 1
The result will be the number of connections and the port open in the server. If the second field is 80 then the attack is to apache port.

In addition to the netstat command, you can use tcpdump command to find out if there is dos attack to a particular port.

tcpdump -nn -tttt -i any port 80
Similarly you can give different ports to find out to which port attack is being done. For example, port 53, 25 etc.

Once you understand the port you need to figure out is the attack done on a particular domain or IP. Suppose the attack is done on port 80, then we can tweak the apache settings as follows:

1. Increase the MaxClients so that we can prevent the condition of apache reaching its limit, since apache could not serve new requests. MaxClients can be set to a max value of the limit set in ServerLimit
2. Set KeepAlive on to set the KeepAliveTimeout
3. KeepAliveTimeout value to be reduced to 3 or 5

So the settings will be as follows:

MaxClients 500
KeepAlive On
KeepAliveTimeout 3
/etc/init.d/httpd restart
In order to narrow down the issue, we need to find out if the attack is on any particular IP in the server. This can be found using the following command:

netstat -lpan | grep SYN_RECV | awk '{print $4}' | cut -d: -f1 | sort | uniq -c | sort -nk 1
After confirming the attack to the IP, we need to find out if the attack is made to a particular domain in that IP or to the IP as a whole. For that, you can check the apache error logs or top command. If in the apache error logs, you are finding the errors for a particular domain, then you will have to perform steps to prevent attack to the domain. For that we can perform the following steps:

1. We can block the connections to the domain using modsecurity. CSF is connected to modsecurity so that if we write rule to block a domain, the IP from whcih connections to the domain are made will be blocked. Since it is DDOS attack, there will be many IPs connecting to the server and blocking high number of IP addresses can cause load in the server and thus server can go down. In order to prevent that, you will have to first block the checking of modsecurity in lfd.

In /etc/csf/csf.conf, set the following:

csf -r
Then, in the modsecurity configuration file, you can add the following:

2. You can block the acesses to port 80 of the domain in the firewall using the following command:

iptables -I INPUT -p tcp --dport 80 -m string --string "" --algo bm -j DROP
3. If the connections are still not getting reduced, then you can limit the number of connections to the domain using bandwidth module as follows:

/scripts/setbwlimit --limit=256000
By executing the above command, a file named /usr/local/apache/conf/userdata/std/2/account/ will be created. The content of the file will be :

<IfModule mod_bw.c>
ForceBandWidthModule On
BandWidthModule On
BandWidth all 256000
<IfModule mod_bandwidth.c>
ForceBandWidthModule On
BandWidthModule On
BandWidth all 256000
Add a line “MaxConnection all 1″ such that the number of connections will be limited to 1. So the contents will be as follows:

<IfModule mod_bw.c>
MaxConnection all 1
ForceBandWidthModule On
BandWidthModule On
BandWidth all 256000
<IfModule mod_bandwidth.c>
MaxConnection all 1
ForceBandWidthModule On
BandWidthModule On
BandWidth all 256000
4. If nothing helped, you can nullroute the IP using the command:

iptables -I INPUT -d XX.XX.XX.XX -j DROP
If the domain is having dedicated IP, then there is no need of above steps, you can directly make the IP down, by deleting the IP from the /etc/ips and restarting ipaliases. But in case of main shared IP, this cannot be done. We will have to reduce the TTL of the domains and change all the domains except the domain to which attack is being made to a free IP after 4 hours and then make the IP down after that so that the attack will be there for only 4 hours. But in such cases there will be issue with cpanel license etc. We will also have to make sure of the name server setting of the domain to which attack is being made. If the domain is using remote name servers, then we cant change any DNS setting of the domain in the server.

In order to prevent this in future, you can add the following commands:

iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP

Linux tune the VM subsystem.

Linux allows you to tune the VM subsystem. However, tuning the memory subsystem is a challenging task. Wrong settings can affect the overall performance of your system. I suggest you modify one setting at a time and monitor your system for sometime. If performance increased keep the settings else revert back.

Say Hello To /proc/sys/vm

The files in this directory can be used to tune the operation of the virtual memory (VM) subsystem of the Linux kernel:
cd /proc/sys/vm
ls -l

Sample outputs:

total 0
-rw-r--r-- 1 root root 0 Oct 16 04:21 block_dump
-rw-r--r-- 1 root root 0 Oct 16 04:21 dirty_background_ratio
-rw-r--r-- 1 root root 0 Oct 16 04:21 dirty_expire_centisecs
-rw-r--r-- 1 root root 0 Oct 16 04:21 dirty_ratio
-rw-r--r-- 1 root root 0 Oct 16 04:21 dirty_writeback_centisecs
-rw-r--r-- 1 root root 0 Oct 16 04:21 drop_caches
-rw-r--r-- 1 root root 0 Oct 16 04:21 flush_mmap_pages
-rw-r--r-- 1 root root 0 Oct 16 04:21 hugetlb_shm_group
-rw-r--r-- 1 root root 0 Oct 16 04:21 laptop_mode
-rw-r--r-- 1 root root 0 Oct 16 04:21 legacy_va_layout
-rw-r--r-- 1 root root 0 Oct 16 04:21 lowmem_reserve_ratio
-rw-r--r-- 1 root root 0 Oct 16 04:21 max_map_count
-rw-r--r-- 1 root root 0 Oct 16 04:21 max_writeback_pages
-rw-r--r-- 1 root root 0 Oct 16 04:21 min_free_kbytes
-rw-r--r-- 1 root root 0 Oct 16 04:21 min_slab_ratio
-rw-r--r-- 1 root root 0 Oct 16 04:21 min_unmapped_ratio
-rw-r--r-- 1 root root 0 Oct 16 04:21 mmap_min_addr
-rw-r--r-- 1 root root 0 Oct 16 04:21 nr_hugepages
-r--r--r-- 1 root root 0 Oct 16 04:21 nr_pdflush_threads
-rw-r--r-- 1 root root 0 Oct 16 04:21 overcommit_memory
-rw-r--r-- 1 root root 0 Oct 16 04:21 overcommit_ratio
-rw-r--r-- 1 root root 0 Oct 16 04:21 pagecache
-rw-r--r-- 1 root root 0 Oct 16 04:21 page-cluster
-rw-r--r-- 1 root root 0 Oct 16 04:21 panic_on_oom
-rw-r--r-- 1 root root 0 Oct 16 04:21 percpu_pagelist_fraction
-rw-r--r-- 1 root root 0 Oct 16 04:21 swappiness
-rw-r--r-- 1 root root 0 Oct 16 04:21 swap_token_timeout
-rw-r--r-- 1 root root 0 Oct 16 04:21 vfs_cache_pressure
-rw-r--r-- 1 root root 0 Oct 16 04:21 zone_reclaim_mode

Type the following command to see current wake up time of pdflush:
# sysctl vm.dirty_background_ratio

Sample outputs:

sysctl vm.dirty_background_ratio = 10
vm.dirty_background_ratio contains 10, which is a percentage of total system memory, the number of pages at which the pdflush background writeback daemon will start writing out dirty data. However, for fast RAID based disk system this may cause large flushes of dirty memory pages. If you increase this value from 10 to 20 (a large value) will result into less frequent flushes:
# sysctl -w vm.dirty_background_ratio=20


Type the following command to see current default value:
# sysctl vm.swappiness

Sample outputs:

vm.swappiness = 60
The value 60 defines how aggressively memory pages are swapped to disk. If you do not want swapping, than lower this value. However, if your system process sleeps for a long time you may benefit with an aggressive swapping behavior by increasing this value. For example, you can change swappiness behavior by increasing or decreasing the value:

# sysctl -w vm.swappiness=100

Type the following command:
# sysctl vm.dirty_ratio

Sample outputs:

vm.dirty_ratio = 40
The value 40 is a percentage of total system memory, the number of pages at which a process which is generating disk writes will itself start writing out dirty data. This is nothing but the ratio at which dirty pages created by application disk writes will be flushed out to disk. A value of 40 mean that data will be written into system memory until the file system cache has a size of 40% of the server's RAM. So if you've 12GB ram, data will be written into system memory until the file system cache has a size of 4.8G. You change the dirty ratio as follows:
# sysctl -w vm.dirty_ratio=25


Bash History: Display Date And Time For Each Command

If the HISTTIMEFORMAT is set, the time stamp information associated with each history entry is written to the history file, marked with the history comment character. Defining the environment variable as follows:
$ HISTTIMEFORMAT="%d/%m/%y %T "

$ echo 'export HISTTIMEFORMAT="%d/%m/%y %T "' >> ~/.bash_profile


%d - Day
%m - Month
%y - Year
%T - Time
To see history type
$ history

Sunday, August 11, 2013

Windows Run Command

WINDOWS RUN Commands !!!

1. Accessibility Controls -
2. Accessibility Wizard - accwiz
3. Add Hardware Wizard -
4. Add/Remove Programs -
5. Administrative Tools - control
6. Automatic Updates -
7. Bluetooth Transfer Wizard -
8. Calculator - calc
9. Certificate Manager -
10. Character Map - charmap
11. Check Disk Utility - chkdsk
12. Clipboard Viewer - clipbrd
13. Command Prompt - cmd
14. Component Services -
15. Computer Management -
16. Control Panel - control
17. Date and Time Properties -
18. DDE Shares - ddeshare
19. Device Manager -
20. Direct X Troubleshooter -
21. Disk Cleanup Utility - cleanmgr
22. Disk Defragment - dfrg.msc
23. Disk Management -
24. Disk Partition Manager -
25. Display Properties - control
26. Display Properties - desk.cpl
27. Dr. Watson System
Troubleshooting Utility -
28. Driver Verifier Utility - verifier
29. Event Viewer - eventvwr.msc
30. Files and Settings Transfer
Tool - migwiz
31. File Signature Verification
Tool- sigverif
32. Findfast - findfast.cpl
33. Firefox - firefox
34. Folders Properties - control
35. Fonts - control fonts
36. Fonts Folder - fonts
37. Free Cell Card Game - freecell
38. Game Controllers - joy.cpl
39. Group Policy Editor (for xp
professional) -
40. Hearts Card Game - mshearts
41. Help and Support - helpctr
42. HyperTerminal - hypertrm
43. Iexpress Wizard - iexpress
44. Indexing Service - ciadv.msc
45. Internet Connection Wizard -
46. Internet Explorer - iexplore
47. Internet Properties - inetcpl.cpl
48. Keyboard Properties - control
49. Local Security Settings -
50. Local Users and Groups -
51. Logs You Out Of Windows -
52. Malicious Software Removal
Tool - mrt
53. Microsoft Chat - winchat
54. Microsoft Movie Maker -
55. Microsoft Paint - mspaint
56. Microsoft Syncronization Tool -
57. Minesweeper Game - winmine
58. Mouse Properties - control
59. Mouse Properties - main.cpl
60. Netmeeting - conf
61. Network Connections -
controlnetconne ctions
62. Network Connections -
63. Network Setup Wizard -
64. Notepad - notepad
65. Object Packager - packager
66. ODBC Data Source
Administrator -
67. On Screen Keyboard - osk
68. Outlook Express - msimn
69. Paint - pbrush
70. Password Properties -
71. Performance Monitor -
72. Performance Monitor -
73. Phone and Modem Options -
74. Phone Dialer - dialer
75. Pinball Game - pinball
76. Power Configuration -
77. Printers and Faxes - control
78. Printers Folder - printers
79. Regional Settings - intl.cpl
80. Registry Editor - regedit
81. Registry Editor - regedit32
82. Remote Access Phonebook -
83. Remote Desktop - mstsc
84. Removable Storage -
85. Removable Storage Operator
Requests -
86. Resultant Set of Policy (for xp
professional) -
87. Scanners and Cameras -
88. Scheduled Tasks - control
89. Security Center - wscui.cpl
90. Services - services.msc
91. Shared Folders - fsmgmt.msc
92. Shuts Down Windows -
93. Sounds and Audio - mmsys.cpl
94. Spider Solitare Card Game -
95. SQL Client Configuration -
96. System Configuration Editor -
97. System Configuration Utility -
98. System Information -
99. System Properties - sysdm.cpl
100. Task Manager - taskmgr
101. TCP Tester - tcptest
102. Telnet Client - telnet
103. User Account Management -
104. Utility Manager - utilman
105. Windows Address Book -

Thursday, August 8, 2013

Cpanel error-sorry-that-domain-is-already-setup-remove-it-from-httpd-conf/

It may be possible that you may come across an issue of adding a domain via WHM create account function and get the following error:

Sorry, that domain is already setup (remove it from httpd.conf)

Getting the above error simply means that the domain still exists in the virtualhost in apache configuration file known as httpd.conf . There are two main reasons why it has shown you this error.

Reason One:

It might be possible that the domain you are trying to create is being used as a primary domain for one of the accounts or may be it has been used as an addon domain or parked for other domains and accounts.

Reason Two:

Or it may be possible that you are facing some technical issues such as the addon, parked or the primary domain is not removed completely from the system after using the removing function.

If the error is due to the first reason, you can easily remove the domain name from the cPanel account and even if it is not removed and come up with the following error:

Error from park wrapper: Sorry, you do not control the domain

Follow the steps given below:

First you should find out who owns the domain, enter the following command:


Even if it didn’t show any results, enter the following command string:

grep /var/cpanel/users/*

You will get the result something like the following:

root@server [~]# grep /var/cpanel/users/*

As you can see, we could easily find the owner of the domain (, the next step is to edit the following files with the corresponding user and remove the lines associated with the domain ( you have problem with.

Remove the virtualhost for from /etc/httpd/conf/httpd.conf
/var/cpanel/users/username [remove entries related to domain]
vim /etc/named.conf [remove entries related to domain]
Remove DNS entry in WHM
Run /scripts/updateuserdomains as root on the server

That’s it!


In this case you may find the databases under /var/lib/mysql directory via shell, but missing in cPanel interface.


Increase max emails per hour for a single domain in cPanel

You can change the maximum number of emails allowed for a particular domain to a different number than the system default using the following backend file.

vi /var/cpanel/maxemails

Just add the entry “ = 100″ . Now 100 is the maximum email per hour limit for

Also make sure to execute the following script after updating /var/cpanel/maxemails.


Monday, August 5, 2013

Some Open Vz Commands and Configuration files

Some Open Vz Commands and Configuration files

Following are some important commands which are normally used while working on a Hardware Node.
1) vzlist -a : Shows list of all the VPS’s hosted on the Node.
2) vzctl start VPS_ID: To start the VPS.
3) vzctl stop VPS_ID : To stop (Shut Down) the VPS
4) vzctl status VPS_ID : To view the status of the particular VPS
5) vzctl stop VPS_ID –fast : to stop the VPS quickly and forcefully
6) vzctl enter VPS_ID : To enter in a particular VPS
Configuration Commands
1) vzctl set VPS_ID –hostname –save: To set the Hostname of a VPS.
2) vzctl set VPS_ID –ipadd –save : To add a new IP to the hosting VPS.
3) vzctl set VPS_ID –ipdel –save : To delete the IP from VPS.
4) vzctl set VPS_ID –userpasswd root:new_password –save : to reset root password of a VPS.
5) vzctl set VPS_ID –nameserver –save : To add the nameserver IP’s to the VPS.
6) vzctl exec VPS_ID command : To run any command on a VPS from Node.
7) vzyum VPS_ID install package_name : To install any package/Software on a VPS from Node.
Here VPS_ID refers to the ID of the Particular VPS.
8)vzctl destroy VPS_ID-To destroy particular vps
9)vzcalc -v VPS_ID-To show resources used by a VPS
10)vzcpucheck-To check CPU usage by OpenVZ
11)vzcpucheck -v-To get CPU usage per VPS
12)vzctl exec 103 df-to Execute commands inside particular vps container.
Default Locations

/vz - Main directory for OpenVZ.
/vz/private - Each VPS is stored here i.e. container's private directories
/vz/template/cache - You must download and store each Linux distribution template here.
/etc/vz/ - OpenVZ configuration directory.
/etc/vz/vz.conf - Main OpenVZ configuration file.
/etc/vz/conf - Softlinked directory for each VPS configuration.
Network port - No network ports are opened by OpenVZ kernel.

If /home is full on a cpanel server, how do we configure the /home on another partition?

add a new hard drive, format and mount it as /home2 after this is done, we have two options to tell cpanel to utilize /home2. Edit /etc/wwwacct.conf and set HOMEDIR as /home2. All new accounts will be created in /home2   or Edit /etc/wwwacct.conf and set HOMEMATCH as /home*. All new accounts will be created in /home or /home2 depending upon the amount of free space in /home or /home2

Remove IP from brute force

To unblock the IP please doe the following steps .

For Cphulkd

Login to mysql on the server as root user and connect to the cphulkd database.

mysql> use cphulkd;

You will now connect to database cphulkd. Now type in sql query
just to confirm if your IP is really blocked there.

mysql> SELECT * FROM `brutes` WHERE `IP`=’x.x.x.x’;

It will list your IP if it got blocked . The next step is to unblock the IP using the below command.

mysql> DELETE FROM `brutes` WHERE `IP`=’x.x.x.x’;

once it done quit the mysql by typing

mysql> quit

In this way your IP will be removed from brute force

[ERROR] /usr/sbin/mysqld: Can't open file: (errno: 24)

[ERROR] /usr/sbin/mysqld: Can't open file: (errno: 24)
Upon checking the mysql logs in /var/lib/mysql/HOSTNAME.err, I got error as :

[ERROR] /usr/sbin/mysqld: Can't open file: './database/table.frm' (errno: 24)

errno: 24 simply means that too many files are open for the given process. There is a read-only mysql variable called open_files_limit that will show how many open files are allowed by the mysqld. A lot systems set this to something very low, like 1024. When creating a large number of partitions or tables, MySQL may mysteriously stop working and will generate this eeror.
Add the following parameter in /etc/my.cnf file and restart mysql service.
[mysqld]open_files_limit = 100000

How to fix incorrect disk usage showing for a user in Cpanel

A customer complains that their reported disk usage is too high, that they are not using so much space. What do you do?

1. Get their username and login to WHM to see if WHM is actually reporting the amount of space usage they say. If WHM does show extreme disk usage....

2. Login to SSH and cd to their home directory
cd /home/theirusername

du -h

This will give a human readable display of folder by folder listing and space usage, with a total at the end. THIS WILL BE ACCURATE.

3. So, du -h shows a lower number than WHM? Then their is probably a backup file somewhere on the server with the same UID as this user.

4. Now, you need to locate the uid of the customer. You will need to know their username.

vi /etc/passwd

5. Once that file is open, run a search on their username


That will show a 5 digit number and a smaller number. The larger number should be the UID.

6. Now, go to shell and run the following command (where, in this example, 33025 is the UID of the user)

find / -uid 32025

A folder by folder listing will be displayed. It may take some time to process. When completed, you should scroll back through the output to find the files. Files in /home/username are fine as well as /etc/valiases, etc. LOOK for files in your backup directory that may have the same UID as your user. If found, that is usually the culprit.

CURL Error: 7 - couldn't connect to host WHMCS

WHMCS ResellerClub Issue with API Access

1.) Check that your IP is whitelisted in WHMCS
---> Login to WHMCS go to -->Setup-->General Settings-->API IP Access Restriction
Add your Primary Server IP or your Static IP here see what your whmcs use...

2.) Next make sure you have the correct setting under
--->Setup-->Products/Services-->Domain Registrars-->Choose Registrar Module: Resellerclub --> Add the correct ResellerID and Password here.

You can find the resellerID once you login to your ResellerClub account on the right you will see an human image next to feedback select "Manage Profile" from the dropdown and grab your Reseller Id:

3.) Next you would want to add your IP address to the API on the account.
Login to your resellerclub account go to -->Settings-->API and under section:
Accessing the API - Specify the IP addresses from where you will make API requests. (IP ranges and netblocks are not accepted.)
Include your IP address and select --> Allow API Access

That should get you in and resolve your issues if not check whether PHP is compiled with curl (On cpanel you can go to SSH and run --> /scripts/easyapache configure easyapache with Curl options enabled.

Webmail mail login error

Log to be checked if using roundcube


tail -fn0 /var/cpanel/roundcube/log/errors


That's the error - "[04-Jun-2011 02:51:01 +0400]: IMAP Error: Login failed for contact @ from AUTHENTICATE PLAIN: Authentication failed. in /usr/local/cpanel/base/3rdparty/roundcube/program/include/rcube_imap.php on line 192 (GET /cpsess7117936613/3rdparty/roundcube/index.php)"


Please go to WHM > Change Hostname and ensure to re-save the new hostname. After doing that, move these files:

cd /etc
mv userdomains userdomains.bak110603
mv trueuserdomains trueuserdomains.bak110603
mv domainusers domainusers.bak110603
After moving those files, then run this command:

You will get messages about the files you've moved no longer existing. Those files will be recreated by the command.