Making the CSF temporary block permanent

Temporary to Permanent IP blocking. The following enables this feature to
# permanently block IP addresses that have been temporarily blocked more than
# LF_PERMBLOCK_COUNT times in the last LF_PERMBLOCK_INTERVAL seconds. Set
# LF_PERMBLOCK to "1" to enable this feature
#
# Care needs to be taken when setting LF_PERMBLOCK_INTERVAL as it needs to be
# at least LF_PERMBLOCK_COUNT multiplied by the longest temporary time setting
# (TTL) for blocked IPs, to be effective
#
# Set LF_PERMBLOCK to "0" to disable this feature

LF_PERMBLOCK =  Default: 1 [0-1]

LF_PERMBLOCK_INTERVAL =  Default: 86400 [3600-604800]

LF_PERMBLOCK_COUNT =  Default: 4 [1-20]

LF_PERMBLOCK_ALERT =  Default: 1 [0-1]

# Permanently block IPs by network class. The following enables this feature
# to permanently block classes of IP address where individual IP addresses
# within the same class LF_NETBLOCK_CLASS have already been blocked more than
# LF_NETBLOCK_COUNT times in the last LF_NETBLOCK_INTERVAL seconds. Set
# LF_NETBLOCK to "1" to enable this feature
#
# This can be an affective way of blocking DDOS attacks launched from within
# the same networ class
#
# Valid settings for LF_NETBLOCK_CLASS are "A", "B" and "C", care and
# consideration is required when blocking network classes A or B
#
# Set LF_NETBLOCK to "0" to disable this feature

LF_NETBLOCK =  Default: 0 [0-1]

LF_NETBLOCK_INTERVAL =  Default: 86400 [3600-604800]

LF_NETBLOCK_COUNT =  Default: 4 [1-20]

LF_NETBLOCK_CLASS =  Default: C [A or B or C]

LF_NETBLOCK_ALERT =  Default: 1 [0-1]

################################################################

How do I turn on/off mod_userdir on my cPanel/WHM server?

Apache's mod_userdir allows users to view their sites by entering a tilde(~) and their username as the uri on a specific host. For example http://test.cpanel.net/~fred/ will bring up the user fred's domain. The disadvantage of this feature is that any bandwidth usage used by this site will be put on the domain it is accessed under (in this case test.cpanel.net). mod_userdir protection prevents this from happening. You may however want to disable it on specific virtual hosts (generally shared ssl hosts.)

First you'll need to login to WHM for your server, http://serversip/whm (serversip being the ip address of your dedicated server or vps).

Once you are logged into WHM, you will want to browse over to the following path:

Main >> Security Center >> Apache mod_userdir Tweak

From there, you can select which accounts you want to enable for mod_userdir

creation of cpanel accounts through command line

root@V-6862 [~]# vi /scripts/createacct
root@V-6862 [~]# /usr/local/cpanel/bin/wwwacct
Please use the following syntax:
wwwacct <domain> <user> <pass> <quota> <cpmod[advanced/?]> <ip[y/n]> <cgi[y/n]> <frontpage[y/n]> <maxftp> <maxsql> <maxpop> <maxlst> <maxsub> <bwlimit> <hasshell[y]/[n]> <owner> <plan> <maxpark> <maxaddon> <featurelist> <contactemail> <use_registered_nameservers> <language>

yes | /scripts/createacct keralainindia.asia kerala india

Awstat is not showing correct count for a particular domain

Run the below script for which the domain is affected.

#/usr/local/cpanel/base/awstats.pl -config=domainname.com

mailparse enable on cpanel VPS

Step1:
vi /etc/fstab
none /tmp tmpfs nodev,nosuid,noexec
none /var/tmp tmpfs nodev,nosuid,noexec
--------------------------------------------------------
Change the "noexec" to "exec"

none /tmp tmpfs nodev,nosuid,exec
none /var/tmp tmpfs nodev,nosuid,exec

:wq

Step2: Restart the VPS from node

Step 3:
pecl install mailparse
root@web1 [~]# pecl install mailparse
downloading mailparse-2.1.5.tgz ...
Starting to download mailparse-2.1.5.tgz (37,332 bytes)
..........done: 37,332 bytes
9 source files, building
running: phpize
Configuring for:
PHP Api Version: 20041225
Zend Module Api No: 20060613
Zend Extension Api No: 220060519
building in /var/tmp/pear-build-root/mailparse-2.1.5
running: /root/tmp/pear/mailparse/configure
checking for egrep... grep -E
checking for a sed that does not truncate output... /bin/sed
checking for cc... cc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether cc accepts -g... yes
checking for cc option to accept ANSI C... none needed
checking how to run the C preprocessor... cc -E
checking for icc... no
checking for suncc... no
checking whether cc understands -c and -o together... yes
checking for system library directory... lib
checking if compiler supports -R... no
checking if compiler supports -Wl,-rpath,... yes
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking target system type... i686-pc-linux-gnu
checking for PHP prefix... /usr/local
checking for PHP includes... -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib
checking for PHP extension directory... /usr/local/lib/php/extensions/no-debug-non-zts-20060613
checking for PHP installed headers prefix... /usr/local/include/php
checking if debug is enabled... no
checking if zts is enabled... no
checking for re2c... re2c
checking for re2c version... invalid
configure: WARNING: You will need re2c 0.13.4 or later if you want to regenerate PHP parsers.
checking for gawk... gawk
checking whether to enable mailparse support... yes, shared
checking for ld used by cc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for /usr/bin/ld option to reload object files... -r
checking for BSD-compatible nm... /usr/bin/nm -B
checking whether ln -s works... yes
checking how to recognize dependent libraries... pass_all
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking dlfcn.h usability... yes
checking dlfcn.h presence... yes
checking for dlfcn.h... yes
checking the maximum length of command line arguments... 98304
checking command to parse /usr/bin/nm -B output from cc object... ok
checking for objdir... .libs
checking for ar... ar
checking for ranlib... ranlib
checking for strip... strip
checking if cc supports -fno-rtti -fno-exceptions... no
checking for cc option to produce PIC... -fPIC
checking if cc PIC flag -fPIC works... yes
checking if cc static flag -static works... yes
checking if cc supports -c -o file.o... yes
checking whether the cc linker (/usr/bin/ld) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... no

creating libtool
appending configuration tag "CXX" to libtool
configure: creating ./config.status
config.status: creating config.h
running: make
/bin/sh /var/tmp/pear-build-root/mailparse-2.1.5/libtool --mode=compile cc -I. -I/root/tmp/pear/mailparse -DPHP_ATOM_INC -I/var/tmp/pear-build-root/mailparse-2.1.5/include -I/var/tmp/pear-build-root/mailparse-2.1.5/main -I/root/tmp/pear/mailparse -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib -DHAVE_CONFIG_H -g -O2 -c /root/tmp/pear/mailparse/mailparse.c -o mailparse.lo
mkdir .libs
cc -I. -I/root/tmp/pear/mailparse -DPHP_ATOM_INC -I/var/tmp/pear-build-root/mailparse-2.1.5/include -I/var/tmp/pear-build-root/mailparse-2.1.5/main -I/root/tmp/pear/mailparse -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib -DHAVE_CONFIG_H -g -O2 -c /root/tmp/pear/mailparse/mailparse.c -fPIC -DPIC -o .libs/mailparse.o
/bin/sh /var/tmp/pear-build-root/mailparse-2.1.5/libtool --mode=compile cc -I. -I/root/tmp/pear/mailparse -DPHP_ATOM_INC -I/var/tmp/pear-build-root/mailparse-2.1.5/include -I/var/tmp/pear-build-root/mailparse-2.1.5/main -I/root/tmp/pear/mailparse -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib -DHAVE_CONFIG_H -g -O2 -c /root/tmp/pear/mailparse/php_mailparse_mime.c -o php_mailparse_mime.lo
cc -I. -I/root/tmp/pear/mailparse -DPHP_ATOM_INC -I/var/tmp/pear-build-root/mailparse-2.1.5/include -I/var/tmp/pear-build-root/mailparse-2.1.5/main -I/root/tmp/pear/mailparse -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib -DHAVE_CONFIG_H -g -O2 -c /root/tmp/pear/mailparse/php_mailparse_mime.c -fPIC -DPIC -o .libs/php_mailparse_mime.o
re2c -b /root/tmp/pear/mailparse/php_mailparse_rfc822.re > /root/tmp/pear/mailparse/php_mailparse_rfc822.c
/bin/sh /var/tmp/pear-build-root/mailparse-2.1.5/libtool --mode=compile cc -I. -I/root/tmp/pear/mailparse -DPHP_ATOM_INC -I/var/tmp/pear-build-root/mailparse-2.1.5/include -I/var/tmp/pear-build-root/mailparse-2.1.5/main -I/root/tmp/pear/mailparse -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib -DHAVE_CONFIG_H -g -O2 -c /root/tmp/pear/mailparse/php_mailparse_rfc822.c -o php_mailparse_rfc822.lo
cc -I. -I/root/tmp/pear/mailparse -DPHP_ATOM_INC -I/var/tmp/pear-build-root/mailparse-2.1.5/include -I/var/tmp/pear-build-root/mailparse-2.1.5/main -I/root/tmp/pear/mailparse -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib -DHAVE_CONFIG_H -g -O2 -c /root/tmp/pear/mailparse/php_mailparse_rfc822.c -fPIC -DPIC -o .libs/php_mailparse_rfc822.o
/bin/sh /var/tmp/pear-build-root/mailparse-2.1.5/libtool --mode=link cc -DPHP_ATOM_INC -I/var/tmp/pear-build-root/mailparse-2.1.5/include -I/var/tmp/pear-build-root/mailparse-2.1.5/main -I/root/tmp/pear/mailparse -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib -DHAVE_CONFIG_H -g -O2 -o mailparse.la -export-dynamic -avoid-version -prefer-pic -module -rpath /var/tmp/pear-build-root/mailparse-2.1.5/modules mailparse.lo php_mailparse_mime.lo php_mailparse_rfc822.lo
cc -shared .libs/mailparse.o .libs/php_mailparse_mime.o .libs/php_mailparse_rfc822.o -Wl,-soname -Wl,mailparse.so -o .libs/mailparse.so
creating mailparse.la
(cd .libs && rm -f mailparse.la && ln -s ../mailparse.la mailparse.la)
/bin/sh /var/tmp/pear-build-root/mailparse-2.1.5/libtool --mode=install cp ./mailparse.la /var/tmp/pear-build-root/mailparse-2.1.5/modules
cp ./.libs/mailparse.so /var/tmp/pear-build-root/mailparse-2.1.5/modules/mailparse.so
cp ./.libs/mailparse.lai /var/tmp/pear-build-root/mailparse-2.1.5/modules/mailparse.la
PATH="$PATH:/sbin" ldconfig -n /var/tmp/pear-build-root/mailparse-2.1.5/modules
----------------------------------------------------------------------
Libraries have been installed in:
/var/tmp/pear-build-root/mailparse-2.1.5/modules

If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
- add LIBDIR to the `LD_LIBRARY_PATH' environment variable
during execution
- add LIBDIR to the `LD_RUN_PATH' environment variable
during linking
- use the `-Wl,--rpath -Wl,LIBDIR' linker flag
- have your system administrator add LIBDIR to `/etc/ld.so.conf'

See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------

Build complete.
Don't forget to run 'make test'.

running: make INSTALL_ROOT="/var/tmp/pear-build-root/install-mailparse-2.1.5" install
Installing shared extensions: /var/tmp/pear-build-root/install-mailparse-2.1.5/usr/local/lib/php/extensions/no-debug-non-zts-20060613/
running: find "/var/tmp/pear-build-root/install-mailparse-2.1.5" | xargs ls -dils
317095524 0 drwxr-xr-x 3 root root 60 Apr 3 21:09 /var/tmp/pear-build-root/install-mailparse-2.1.5
317102717 0 drwxr-xr-x 3 root root 60 Apr 3 21:09 /var/tmp/pear-build-root/install-mailparse-2.1.5/usr
317102720 0 drwxr-xr-x 3 root root 60 Apr 3 21:09 /var/tmp/pear-build-root/install-mailparse-2.1.5/usr/local
317102723 0 drwxr-xr-x 3 root root 60 Apr 3 21:09 /var/tmp/pear-build-root/install-mailparse-2.1.5/usr/local/lib
317102726 0 drwxr-xr-x 3 root root 60 Apr 3 21:09 /var/tmp/pear-build-root/install-mailparse-2.1.5/usr/local/lib/php
317102729 0 drwxr-xr-x 3 root root 60 Apr 3 21:09 /var/tmp/pear-build-root/install-mailparse-2.1.5/usr/local/lib/php/extensions
317102732 0 drwxr-xr-x 2 root root 60 Apr 3 21:09 /var/tmp/pear-build-root/install-mailparse-2.1.5/usr/local/lib/php/extensions/no-debug-non-zts-20060613
317102772 156 -rwxr-xr-x 1 root root 150203 Apr 3 21:09 /var/tmp/pear-build-root/install-mailparse-2.1.5/usr/local/lib/php/extensions/no-debug-non-zts-20060613/mailparse.so

Build process completed successfully
Installing '/usr/local/lib/php/extensions/no-debug-non-zts-20060613/mailparse.so'
install ok: channel://pecl.php.net/mailparse-2.1.5
Extension mailparse enabled in php.ini
=================================================
Step 4:

Revert the changes in /etc/fstab
none /tmp tmpfs nodev,nosuid,noexec
none /var/tmp tmpfs nodev,nosuid,noexec

:wq

Step 5: Again restart the VPS from main node

You are done with installation......

Cpanel : JailShell : Virtfs Unmount

Cpanel : JailShell : Virtfs Unmount

If you’re a sysadmin of Cpanel server, you might be aware of the JailShell. Its nothing but a User Shell with limited privileges. Users requesting for shell access to the webhosting server are provided with such shell instead of bash (Which provides root level privileges to users) .

Jailshell limits the users access to their home directory and keeps rest of the file system safe. Still there are chances of such users breaking into your system, so be sure of providing shell access to your servers. Jailshell mounts the filesystems of the users, who login via SSH under a directory called /home/virtfs. This contains users home directory and a false file system which links back to system directories like /bin, /usr etc.

NOTE: Be careful! Don’t remove any folder which is inside /home/virtfs,NEVER. As I said earlier, this folder links back to your systems root file system. You might end up screwing up your server if you attempt it.

So, we got to know that the Jailshell provides a restricted shell access to users and mounts the home directory temporarily at /home/virtfs.

Now, what if you still see the directories of different users mounted under /home/virtfs?

Right, this normally happens when users forget to logout properly from their SSH sessions. As a system admin, you’re responsible to unmount these directories safely.

How do I do that?

You can find all the virtfs mounts in /proc/mounts. Run cat /proc/mounts.

Now, its time to unmount them one by one. For that you have to take the second column of the output. Or write a simple for loop as follows.

for i in `cat /proc/mounts | grep /home/virtfs | cut -d ‘ ‘ -f 2 ` ; do umount $i ; done

If you want to unmount the virtfs of a perticular user, you can simply add an another pipe to for condition with grep username.

Now, you’re done with cleaning of your virtfs.

Installing Google apps, configserver,whmphp,cloudflare,attractaseo,cagefs,config server mail queue ,file explorer

http://gaw.gk-root.com/
http://configserver.com/cp/cse.html
http://www.whmphp.com/installation.php
http://www.cloudflare.com/resources-downloads
http://www.attractaseo.com/partner_kit/plugin.html
http://docs.cloudlinux.com/index.html?installation2.html
http://configserver.com/cp/cmq.html

1003 cd /usr/local/src/
1004 ls
1005 wget http://www.configserver.com/free/cse.tgz
1006 ls
1007 tar -xzf cse.tgz
1008 ls
1009 cd cse
1010 sh install.sh
1011 cd ..
1012 rm -Rfv cse/ cse.tgz
1013 ls
1014 locate config server
1015 ls

================

1016 yum install cagefs
1017 /usr/sbin/cagefsctl --init
1018 ls
1019 mkdir /home/cagefs-skeleton
1020 ln -s /home/cagefs-skeleton /usr/share/cagefs-skeleton
1022 cd /home/
1023 ls
1024 cd cagefs-skeleton/
1025 ls

=================
1026 cd /usr/local/src/
1027 wget http://whmphp.com/download/install.sh;
1028 ls
1029 sh install.sh

=================
1030 cd /usr/local/cpanel
1031 curl -k -L https://github.com/cloudflare/CloudFlare-CPanel/tarball/master > cloudflare.tar.gz
1032 LS
1033 ls
1034 tar -zxvf cloudflare.tar.gz
1035 ls
1036 cd cloudflare-CloudFlare-CPanel-UNIQUE ID/cloudflare/
1037 cd cloudflare-CloudFlare-CPanel-1a7b202/
1038 ls
1039 cd cloudflare/
1040 ls

================
1041 cd /usr/local/src/
1042 ls
1043 wget http://google-apps-wizard-cpanel-plugin.googlecode.com/files/gaw-2.0.tar
1044 ls
1045 tar -xf gaw-2.0.tar
1046 cd gaw-2.0
1047 ./gawupdate.sh

================
1048 cd ..
1011 ll
1012 wget http://configserver.com/free/cmq.tgz
1013 ll
1014 tar -xzf cmq.tgz
1015 cd cmq
1016 ll
1017 sh install.sh

How to Install Softaculous on VPS or Dedicated Server with cPanel/WHM?

Step one: cd /usr/local/cpanel/whostmgr/docroot/cgi
Step two: wget -N http://www.softaculous.com/ins/addon_softaculous.php

Step three: chmod 755 addon_softaculous.php
Now go to : WHM > Plugins > Softaculous - Instant Installs and there you go

T=remote_smtp defer (-53): retry time not reached for any host

chech your logs

cd /var/logs

then  more exim_mailing / grep email

you will get the error ,,,,,,,,,,,,,

then try to use the code below to fix the problem

This can be caused by multiple things, however if it happens for each email, it’s likely your exim databases are corrupt; to resolve this you should:

/usr/sbin/exim_tidydb -t 1d /var/spool/exim retry > /dev/null
/usr/sbin/exim_tidydb -t 1d /var/spool/exim reject > /dev/null
/usr/sbin/exim_tidydb -t 1d /var/spool/exim wait-remote_smtp > /dev/null

/scripts/courierup — force
/scripts/eximup –force

If you did that, yet the problem persists, you can either seek professional help, or contact the cPanel support.

References

http://forums.cpanel.net/f43/t-remote_smtp-defer-53-retry-time-not-reached-any-host-72383.html

OR  use below solutions

To solve this issue, you need to

1. Login to http://gmail.com with the account you use with exim4. It will ask you to login a second time with a captcha… do so


2. login on all of your machine that use this technique and issue the following command :sudo exim -qff

References

http://blog.mansonthomas.com/2009/04/send-mail-through-gmail-smtp-server.html

 

our ISP is likely blocking your connection via port 25:

[19:25:19 ns313489 root@4396451 ~]cPs# telnet mx1.cpanel.net 25
Trying 208.74.121.68...
telnet: connect to address 208.74.121.68: Connection timed out
[19:34:17 ns313489 root@4396451 ~]cPs# telnet mx2.cpanel.net 25
Trying 208.74.125.122...

[19:40:18 ns313489 root@4396451 ~]cPs# telnet mx1.hotmail.com 25
Trying 65.55.37.120...
telnet: connect to address 65.55.37.120: Connection timed out
Trying 65.55.92.152...
telnet: connect to address 65.55.92.152: Connection timed out


Whereas, it would normally work as such:

~ » telnet mx1.cpanel.net 25
Trying 208.74.121.68...
Connected to mx1.cpanel.net.
Escape character is '^]'.
220-mx1.cpanel.net ESMTP Exim 4.82 #2 Fri, 15 Nov 2013 12:33:33 -0600
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
^]
telnet> quit
Connection closed.

~ » telnet mx1.hotmail.com 25
Trying 65.54.188.94...
Connected to mx1.hotmail.com.
Escape character is '^]'.
220 BAY0-MC2-F9.Bay0.hotmail.com Sending unsolicited commercial or bulk e-mail to Microsoft's computer network is prohibited. Other restrictions are found athttp://privacy.microsoft.com/en-us/anti-spam.mspx. Fri, 15 Nov 2013 10:47:53 -0800
^]
telnet> quit
Connection closed.

I would suggest contacting your provider to see if they have any restrictions on port 25.

Directory Structure of Cpanel

Directory Structure of Cpanel

=> Apache
==========
Quote:
/usr/local/apache
+ bin- apache binaries are stored here – httpd, apachectl, apxs
+ conf – configuration files – httpd.conf
+ cgi-bin
+ domlogs – domain log files are stored here
+ htdocs
+ include – header files
+ libexec – shared object (.so) files are stored here – libphp4.so,mod_rewrite.so
+ logs – apache logs – access_log, error_log, suexec_log
+ man – apache manual pages
+ proxy -
+ icons -
Init Script :/etc/rc.d/init.d/httpd – apache start script
Cpanel script to restart apache – /scripts/restartsrv_httpd
==========================================================
=> Exim
=========
Quote:
Conf : /etc/exim.conf – exim main configuration file
/etc/localdomains – list of domains allowed to relay mail
Log : /var/log/exim_mainlog – incoming/outgoing mails are logged here
/var/log/exim_rejectlog – exim rejected mails are reported here
/var/log/exim_paniclog – exim errors are logged here
Mail queue: /var/spool/exim/input
Cpanel script to restart exim – /scripts/restartsrv_exim
Email forwarders and catchall address file – /etc/valiases/domainname.com
Email filters file – /etc/vfilters/domainname.com
POP user authentication file – /home/username/etc/domainname/passwd
catchall inbox – /home/username/mail/inbox
POP user inbox – /home/username/mail/domainname/popusername/inbox
POP user spambox – /home/username/mail/domainname/popusername/spam
Program : /usr/sbin/exim (suid – -rwsr-xr-x 1 root root )
Init Script: /etc/rc.d/init.d/exim
==========================================================
=> ProFTPD
============
Quote:
Program :/usr/sbin/proftpd
Init Script :/etc/rc.d/init.d/proftpd
Conf: /etc/proftpd.conf
Log: /var/log/messages, /var/log/xferlog
FTP accounts file – /etc/proftpd/username – all ftp accounts for the domain are listed here
==========================================================
=> Pure-FTPD
=============
Quote:
Program : /usr/sbin/pure-ftpd
Init Script :/etc/rc.d/init.d/pure-ftpd
Conf: /etc/pure-ftpd.conf
Anonymous ftp document root – /etc/pure-ftpd/ip-address
==========================================================
=> Frontpage Extensions
=========================
Quote:
Program – (Install): /usr/local/frontpage/version5.0/bin/owsadm.exe
Uninstall and then install for re-installations
FP files are found as _vti-bin, _vti-pvt, _vti-cnf, vti-log inside the public_html
==========================================================
=> Mysql
===========
Quote:
Program : /usr/bin/mysql
Init Script : /etc/rc.d/init.d/mysql
Conf : /etc/my.cnf, /root/.my.cnf
Data directory – /var/lib/mysql – Where all databases are stored.
Database naming convention – username_dbname (eg: john_sales)
Permissions on databases – drwx 2 mysql mysql
Socket file – /var/lib/mysql/mysql.sock, /tmp/ mysql.sock
==========================================================
=> SSHD
===========
Quote:
Program :/usr/local/sbin/sshd
Init Script :/etc/rc.d/init.d/sshd
/etc/ssh/sshd_config
Log: /var/log/messages
==========================================================
=> Perl
===========
Quote:
Program :/usr/bin/perl
Directory :/usr/lib/perl5/5.8.8/
==========================================================
=> PHP
==========
Quote:
Program :/usr/local/bin/php, /usr/bin/php
ini file: /usr/local/lib/php.ini – apache must be restarted after any change to this file
php can be recomplied using /scripts/easyapache
==========================================================
=> Named(BIND)
================
Quote:
Program: /usr/sbin/named
Init Script: /etc/rc.d/init.d/named
/etc/named.conf
db records:/var/named/
/var/log/messages
==============================================
==>> Cpanel installation directory structure
==============================================
Quote:
/usr/local/cpanel
+ 3rdparty/ – tools like fantastico, mailman files are located here
+ addons/ – AdvancedGuestBook, phpBB etc
+ base/ – phpmyadmin, squirrelmail, skins, webmail etc
+ bin/ – cpanel binaries
+ cgi-sys/ – cgi files like cgiemail, formmail.cgi, formmail.pl etc
+ logs/ – cpanel access log and error log
+ whostmgr/ – whm related files
==========================================================
=> WHM related files
=======================
Quote:
/var/cpanel – whm files
+ bandwidth/ – rrd files of domains
+ username.accts – reseller accounts are listed in this files
+ packages – hosting packages are listed here
+ root.accts – root owned domains are listed here
+ suspended – suspended accounts are listed here
+ users/ – cpanel user file – theme, bwlimit, addon, parked, sub-domains all are listed in this files
+ zonetemplates/ – dns zone template files are taken from here
==========================================================
=> Common CPanel scripts
==========================
Quote:
cpanel/whm Scripts are located in /scripts/
+ addns – add a dns zone
+ addfpmail – Add frontpage mail extensions to all domains without them
+ addfpmail2 -Add frontpage mail extensions to all domains without them
+ addnetmaskips – Add the netmask 255.255.255.0 to all IPs that have no netmask
+ addnobodygrp – Adds the gorup nobody and activates security
+ addpop – add a pop account
+ addservlets – Add JSP support to an account (requires tomcat)
+ addstatus – (Internal use never called by user)
+ adduser – Add a user to the system
+ bandwidth – (OLD)
+ betaexim – Installs the latest version of exim
+ biglogcheck – looks for logs nearing 2 gigabytes in size
+ bsdcryptoinstall – Installs crypto on FreeBSD
+ bsdldconfig – Configures the proper lib directories in FreeBSD
+ bsdpkgpingtest – Tests the connection speed for downloading FreeBSD packages
+ buildbsdexpect – Install expect on FreeBSD
+ builddomainaddr – (OLD)
+ buildeximconf – Rebuilds exim.conf
+ buildpostgrebsd-dev – Installs postgresql on FreeBSD.
+ chcpass – change cpanel passwords
+ easyapache – recompile/upgrade apache and/or php
+ exim4 – reinstall exim and fix permissions
+ fixcommonproblems – fixes most common problems
+ fixfrontpageperm – fixes permission issues with Front Page
+ fixmailman – fixes common mailman issues
+ fixnamed – fixes common named issues
+ fixndc – fixes rndc errors with named
+ fixquotas – fixes quota problems
+ fullhordereset – resets horde database to a fresh one – all previous user data are lost
+ initquotas – initializes quotas
+ installzendopt – installs zend optimizer
+ killacct – terminate an account – make sure you take a backup of the account first
+ mailperm – fixes permission problems with inboxes
+ park – to park a domain
+ pkgacct – used to backup an account
+ restartsrv – restart script for services
+ restorepkg – restores an account from a backup file ( pkgacct file)
+ runlogsnow – update logs of all users
+ runweblogs – update stats for a particular user
+ securetmp – secures /tmp partition with options nosuexec and nosuid
+ suspendacct – suspends an account
+ unsuspendacct – unsuspends a suspended account
+ upcp – updates cpanel to the latest version
+ updatenow – updates the cpanel scripts
+ updateuserdomains – updates userdomain entries
==========================================================
=> Important cpanel/whm files
================================
Quote:
/etc/httpd/conf/httpd.conf – apache configuration file
/etc/exim.conf – mail server configuration file
/etc/named.conf – name server (named) configuration file
/etc/proftpd.conf – proftpd server configuration file
/etc/pure-ftpd.conf – pure-ftpd server configuration file
/etc/valiases/domainname – catchall and forwarders are set here
/etc/vfilters/domainname – email filters are set here
/etc/userdomains – all domains are listed here – addons, parked,subdomains along with their usernames
/etc/localdomains – exim related file – all domains should be listed here to be able to send mails
/var/cpanel/users/username – cpanel user file
/var/cpanel/cpanel.config – cpanel configuration file ( Tweak Settings )*
/etc/cpbackup-userskip.conf -
/etc/sysconfig/network – Networking Setup*
/etc/hosts -
/var/spool/exim -
/var/spool/cron -
/etc/resolv.conf – Networking Setup–> Resolver Configuration
/etc/nameserverips – Networking Setup–> Nameserver IPs ( FOr resellers to give their nameservers )
/var/cpanel/resellers – For addpkg, etc permissions for resellers.
/etc/chkserv.d – Main >> Service Configuration >> Service Manager *
/var/run/chkservd – Main >> Server Status >> Service Status *
/var/log/dcpumon – top log process
/root/cpanel3-skel – skel directory. Eg: public_ftp, public_html. (Account Functions–>Skeleton Directory )*
/etc/wwwacct.conf – account creation defaults file in WHM (Basic cPanel/WHM Setup)*
/etc/cpupdate.conf – Update Config *
/etc/cpbackup.conf – Configure Backup*
/etc/clamav.conf – clamav (antivirus configuration file )
/etc/my.cnf – mysql configuration file
/usr/local/Zend/etc/php.ini OR /usr/local/lib/php.ini – php configuration file
/etc/ips – ip addresses on the server (except the shared ip) (IP Functions–>Show IP Address Usage )*
/etc/ipaddrpool – ip addresses which are free
/etc/ips.dnsmaster – name server ips
/var/cpanel/Counters – To get the counter of each users.
/var/cpanel/bandwidth – To get bandwith usage of domains

Assign/change a wesite’s IP address on a cPanel cmd

Assign/change a wesite’s IP address on a cPanel server via cmd:

# /usr/local/cpanel/bin/setsiteip -u $user $ip
$user will be the Cpanel username and the $ip will be the Dedicated/Shared IP

e.g: # /usr/local/cpanel/bin/setsiteip -u linucha 76.74.254.123

Change cPanel password from Cmd:

1) You can change the Cpanel password using below cmd as well as you need to Synchronize the password with your default FTP user, if you are unable to use the new password to connect to ftp account.# /scripts/chpass Username Password

Username : cPanel account username
Password : New password that to be set

Note: Your password should not contain special characters

2) Synchronize the new password with the default FTP user

# /scripts/ftpupdate

Account Creation Status: failed (Unable to validate setting for cpmod...) ==cpanel /script/restorepkg error

Extracting tarball................... ............... ............... Done
Extracting Domain....Done
Generating Account....

Account Creation Status: failed (Unable to validate setting for cpmod...)

Extract Failed
Invalid Account

Solution:

1) In order to get this issue resolved first of all you need to extract the backup file in test directory:

2) then go to the the directory which you just extracted then go to cp directory

3) there you will get the file with cpanel username you need to edit that file and check for

FEATURELIST and RS

if these values are something custom then you need to set them as :

FEATURELIST=default
RS=x3

save this file and now compress the backup again and try to restore it.

It should get restored without any issues.

How to enable/Disable cPanel webmail interface for a user account or in server.

How to enable/Disable cPanel webmail interface for a user account or in server.

Customer wants to enable only the HORDE webmail interface for his domain and disable the rest. Usually there are three (3) webmail clients (horde, squirrel mail, roundcube). However, I was advised to make sure that a specific customer does not see more than one specified. I enabled “AUTOLOAD” option in the webmail interface but he is not satisfied. He came back asking to allow only HORDE interface for his webmail. How should i do that?

Solution: Consider my domain name is “hemanth.com” and my account name is “hemanth“. Now follow the steps below.

====================This option for that particular user account:
1) SSH to your server
2) Go to “cd /var/cpanel/users/”
3) vi hemanth
4) Paste the following lines
skiphorde=0
skipsqmail=1
skiprcmail=1

Note: The option 0 is enable and 1 is disable. in above line only HORDE is enabled in the webmail and Roundcube and squirrel  is disabled.

5) Then restart the cpanel service
/etc/init.d/cpanel restart

Now login to your webmail and check for the option.

This will change the server wide for all the domains in the server:
1) Login to your WHM
2) Go to “Server Configuration”
3) Click on “Tweak Settings”
4) Select mail option.
5) Turn off “Round Cube and Squirrel”
6) Save it.====================Redirections

http://your-domain.com:2095/3rdparty/roundcube/index.php
http://your-domain.com:2095/horde/login.php

http://your-domain.com:2095/3rdparty/squirrelmail/src/login.php

Note: You must replace your-domain.com with your actual domain name in the above examples.

Easy cpanel WHM or linux remote backup – SSH pull rsync backups for security and integrity using incremental

$ sudo useradd -d /home/backup -m backup
$ sudo su - backup
$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/backup/.ssh/id_rsa):
Created directory '/home/backup/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/backup/.ssh/id_rsa.
Your public key has been saved in /home/backup/.ssh/id_rsa.pub.
The key fingerprint is:
05:8c:df:24:18:a9:9e:22:87:08:49:5b:11:7c:2f:f1 backup@host

You now need to put the public key onto your server for the root user (or if you want, a user with sudo role – its more secure though you will need to change your rsync commands to take account of that)

$ scp .ssh/id_rsa.pub root@your.cpanel.server.com:/root/.ssh/authorized_keys

Now once that done you can test out the key is working by SSH’ing in. If you dont get asked for a password, your SSH key is setup:

$ ssh root@your.cpanel.server.com
root@your.cpanel.server.com:$

Configuring the backup
So now you have SSH key access from your backup machine to the Cpanel/WHM server(s) its just a case of setting up a cron job to grab your data!

$ mkdir /home/backup/server1
$ crontab -e

In crontab, add the following entry (adjust the time the job runs to ensure that your Cpanel/WHM server(s) have enough time to do thier backups. for example, i know my cpanel backups finish around 3:30 am, so I set my rsync to run at 4.30 am). You can adjust bwlimit to something you prefer. I set it to 5000KB/sec (just under 50 mbps, so 50% of my available bandwdith) to ensure my regular users aren’t inconvenienced because something is chewing up all of the servers bandwidth. I also dont backup the spamassasin bloat. This should all be on one line:

30 4 * * * rsync -av --bwlimit=5000 --progress -e ssh --exclude '*spamass*' root@your.cpanel.server.com:/backup/cpbackup /home/backup/server1/ > /home/backup/server1.results.txt 2>&1

Finishing up
That should be all you need. Check back the following day and look look in the /home/backup/server1.results.txt file, it should look something like this:

backup@host:~$ tail server1.results.txt
up 8 100% 0.04kB/s 0:00:00 (xfer#2755, to-check=32/437710)
cpbackup/daily/user/mysql/horde.sql
3156258 100% 4.47MB/s 0:00:00 (xfer#2756, to-check=24/437710)
cpbackup/daily/user/resellerconfig/resellers
0 100% 0.00kB/s 0:00:00 (xfer#2757, to-check=20/437710)
cpbackup/daily/user/resellerconfig/resellers-nameservers
0 100% 0.00kB/s 0:00:00 (xfer#2758, to-check=19/437710)
sent 3351898 bytes received 329706615 bytes 476137.97 bytes/sec
total size is 34722766009 speedup is 104.25

How to make automatic backup in cPanel

Using the script* provided below you will be able to make automatic backup of your hosting account (domains and MySQL databases). This backup script includes SSL support. This is not necessary if you run the script on the server for which you are generating the backup; but the SSL support could be important if you are running the script somewhere else to connect to your cPanel hosting account.
<?php// PHP script to allow periodic cPanel backups automatically, optionally to a remote FTP server.

// This script contains passwords. It is important to keep access to this file secure (we would suggest you to place it in your home directory, not public_html)

// You need create 'backups' folder in your home directory ( or any other folder that you would like to store your backups in ).

// ********* THE FOLLOWING ITEMS NEED TO BE CONFIGURED *********

// Information required for cPanel access

$cpuser = "username"; // Username used to login to cPanel

$cppass = "password"; // Password used to login to cPanel

$domain = "example.com";// Your main domain name

$skin = "x"; // Set to cPanel skin you use (script will not work if it does not match). Most people run the default "x" theme or "x3" theme

// Information required for FTP host

$ftpuser = "ftpusername"; // Username for FTP account

$ftppass = "ftppassword"; // Password for FTP account

$ftphost = "ip_address"; // IP address of your hosting account

$ftpmode = "passiveftp"; // FTP mode

// Notification information $notifyemail = "any@example.com"; // Email address to send results

// Secure or non-secure mode $secure = 0; // Set to 1 for SSL (requires SSL support), otherwise will use standard HTTP

// Set to 1 to have web page result appear in your cron log $debug = 0;

// *********** NO CONFIGURATION ITEMS BELOW THIS LINE *********

$ftpport = "21";

$ftpdir = "/backups/"; // Directory where backups stored (make it in your /home/ directory). Or you can change 'backups' to the name of any other folder created for the backups;

if ($secure) {

$url = "ssl://".$domain;

$port = 2083;

} else {

$url = $domain;

$port = 2082;

}

$socket = fsockopen($url,$port);

if (!$socket) { echo "Failed to open socket connection... Bailing out!n"; exit; }

// Encode authentication string

$authstr = $cpuser.":".$cppass;

$pass = base64_encode($authstr);

$params = "dest=$ftpmode&email=$notifyemail&server=$ftphost&user=$ftpuser&pass=$ftppass&port=$ftpport&rdir=$ftpdir&submit=Generate Backup";

// Make POST to cPanel

fputs($socket,"POST /frontend/".$skin."/backup/dofullbackup.html?".$params." HTTP/1.0\r\n");

fputs($socket,"Host: $domain\r\n");

fputs($socket,"Authorization: Basic $pass\r\n");

fputs($socket,"Connection: Close\r\n");

fputs($socket,"\r\n");

// Grab response even if we do not do anything with it.

while (!feof($socket)) {

$response = fgets($socket,4096); if ($debug) echo $response;

}

fclose($socket);

?>

To schedule the script to run regularly, save it as fullbackup.php in your home directory and enter a new cron job** like the following:

00 2 * * 1 /usr/local/bin/php /home/youraccount/fullbackup.php

(Runs every Sunday night at 2:00 a.m.)

Cpanel /scripts/restorepkg in detail

restorepkg [--force] [--skipres] [--override] [--ip=(y|n|Custom IP)] -- [cpuser|/path/to/cpuser-file]

/scripts/restorepkg --force xxxxxxx

--force
If there's one thing I advise, it's to never use this flag unless you've exhausted normal means of restoring the account. Even then, I'd prefer you contact cPanel support instead so we can figure out what's going on. This option essentially instructs restorepkg to disregard all logic that we put in place to prevent conflicts when an account is being restored.

If the backup you're restoring does contain actual conflicts (domains owned by other users for example), then this sets you up for a world of hurt and unexpected behavior. I see all too often where a sysadmin has forced an account to be restored that conflicts with already existing accounts onto a box.

It does not terminate the account first; it just "shoe horn" restores it on top. The intention of this feature is if you're trying to reduce downtime or are trying to keep 'new' files (like email) that otherwise don't exist in the backup you're restoring from.

But, personally, I would never use --force on my own personal box just for the peace of mind. I'd perform a clean terminate/restore of an account and rest assured that our restorepkg logic has guaranteed me that there are no conflicts.

--skipres
This stands for "Skip Reseller Privileges". Pretty self-explanatory. Using this option will ensure that reseller privileges are NOT restored (if the account had them, that is). If it's not a reseller, this argument effectively does nothing.

--override
This allows you to override the stock cPanel restorepkg code with your own custom written restorepkg logic if you've written some.
Stock Code: /usr/local/cpanel/Whostmgr/Transfers.pm

If you desire to create your own customized version, you would place it at:
Override location: /var/cpanel/lib/Whostmgr/Transfers.pm

Then, when you use "--override" it will call upon the override location code in lieu of the stock code. Note that if you don't have an override setup at that location, the "--override" argument effectively does nothing at all.

--ip=(y|n|Custom IP)
Pretty much self-explanatory.
--ip=y
^-- Allocates the next available IP in the IP Pool to the account upon restore. If none available, uses shared IP.
--ip=n
^-- The same as leaving this flag absent. The account will restore using the shared IP of the box.
--ip=123.123.123.123 (Or any other valid IP)
^-- Attempts to allocate the specified IP to the account upon restore. If not available/does not exist, uses shared IP

cpuser|/path/to/cpuser-file
Self-explanitory again.
cpuser
Will search for archive in various common locations to try and automatically identify the backup you're requesting it to restore. If it cannot find it, it will instruct you where it looked and what it was trying to find.
/path/to/cpuser-file
Simply attempts to restore using the archive that the path specifies.

Backup cPanel Account SSH using rsync

#!/bin/bash
#! Script to Backup cPanel Accounts

for x in `awk '{print $2}' /etc/userdomains | sed -e '/nobody/d'`

do
ssh root@xx.xx.xx.xx mkdir -p /backup/$x

rsync -arv /home/$x/* root@xx.xx.xx.xx:/backup/$x/.
done

Creating the Cpanel account with WHM

Log into your WHMIn the left menu under "Account Functions", click "Create a New Account"
Fill in the details for the new account. Here's a brief outline of the settings you'll be putting in:

• Domain Information
  
  
  
  • Enter the main domain name on the account, set a cPanel username and password for it, and then enter the email address to be associated with the account.
  
  
  
  


• Package
  
  
  
  • WHM allows you to create packages, which make it easier to manage cPanel accounts. For Example, you may have a "Power Plan" package like InMotion Hosting offers. Within that package you could set limits such as the number of addon domains to associate to the account. If you don't have any packages set, select the "Select Options Manually" option and set those limitations now.
  
  
  
  


• Settings
  
  
  
  • Choose the cPanel theme to assign the user (InMotion Hosting currently uses x3) and select the appropriate language for the user.
  
  
  
  


• Reseller Settings
  
  
  
  • If you have the access to create a cPanel account, it means that you have reseller permissions. Decide here if this new account you're creating should have WHM access and be able to create accounts themselves.
  
  
  
  


• DNS Settings
  
  
  
  • Decide how the domain's nameservers should be configured on the server. If the nameservers specified for this domain name are going to be on another server, choose the option "Use the nameservers specified at the Domain's Regsitrar"
  
  
  
  


• Mail Routing Settings
  
  
  
  • Decide how the server handles email for this specific domain. For example, should it attempt to deliver the email locally or should it look at the external MX records and decide? It's recommended to use "Automatically Detect Configuration" if you're not sure about this setting
  
  
  • .
  
  
  
  

After you have filled in all of the details above, click the "Create" button at the bottom of the page.

Congratulations, you have just created a new cPanel account!

Installing cPanel manually

In order to install cpanel/WHM on your VPS ,  you will need to log into your server as root first.

ssh root@server-ip

In above server-ip should be your server's  ip. We should install cpanel/whm only in a fresh system ,configured with a proper yum or apt-get system .

From a windows machine we can use putty to log into the server ...

Minimum Requirements as per cpanel's original site

Processor	266 MHz
Memory	512 MB RAM (1 GB recommended when hosting many accounts)
Disk Space	10 GB hard disk

Removing YUM groups

To obtain a list of yum groups, run the command:

yum grouplist

You should make sure these yum groups are not installed:

• FTP Server


• GNOME Desktop Environment


• KDE (K Desktop Environment)


• Mail Server


• Mono


• Web Server


• X Window System

To remove a yum group, run the command yum groupremove. For example, if you wish to remove Mono and Mail Server, enter:

yum groupremove "Mono" "Mail Server"

Disabling SELinux security features

You should disable SELinux after installing Red Hat Enterprise Linux, CentOS, or CloudLinux. To disable SELinux, you can either:

• Use the graphical interface while configuring your operating system, or


• Edit /etc/selinux/config from the command line and set the SELINUX parameter to disabled using a text editor, such as nano or vi.

If you disable SELinux from the command line, the contents of /etc/selinux/config should resemble:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted

Deactivating default firewall and checking for updates

If you are installing a CentOS, Red Hat Enterprise Linux, CloudLinux operating system, you should deactivate the default firewall and check for updates.

To deactivate the firewall, run the commands:

chkconfig iptables off
service iptables stop

To check for updates, run the command:

yum update

change the hostname of the VPS to a valid hostname like "server.domain.com".

Installing cpanel

The installation of cPanel can take a long time and it is better if you install "screen". Depending on your operating system you can install screen running yum or apt-get (yum install screen or apt-get install screen).

Now you will want to download and install cPanel:

screen -S cpanel
cd /home
wget http://layer1.cpanel.net/latest
sh latest

ctrl -A-D ...to detach from screen

screen -ls will list the screens

If you get disconnected, you can ssh back into your server as root, and run: 
screen -r cpanel

After everything is complete, and there are no errors, you should be able to access the WHM control panel by visiting

https://your_ip:2087