Turn OFF "Spam Box" in WHM -> Tweak Settings -> Mail.
This just allows the user to control it, but I wanted it always on and I want to forward to the ".Junk" folder anyways.
WHM -> Tweak Settings -> Mail -> Enable SpamAssassin Spam Box: OFF
WHM -> Tweak Settings -> Mail -> Enable SpamAssassin spam filter: ON
WHM -> Exim Configuration Editor -> SpamAssassin Options -> SpamAssassin: Forced Global ON: ON
http://forums.cpanel.net/f43/can-you-change-spamassassin-spam-box-folder-223951.html
Sunday, April 21, 2013
Security Update: Atomic Mod Security setup guide for cPanel
As to help our VPS and Dedicated Server customers who might also be effected by this we have designed the following guide to make installing Atmoic Mod Security into cPanel with little to no fuss.
Stage 1: Run the following commands at command line:
mkdir /var/asl
mkdir /var/asl/tmp
mkdir /var/asl/data
mkdir /var/asl/data/msa
mkdir /var/asl/data/audit
mkdir /var/asl/data/suspicious
chown nobody.nobody /var/asl/data/msa
chown nobody.nobody /var/asl/data/audit
chown nobody.nobody /var/asl/data/suspicious
chmod o-rx -R /var/asl/data/*
chmod ug+rwx -R /var/asl/data/*
mkdir /var/asl/updates
mkdir /var/asl/rules/
mkdir /var/asl/rules/clamav
mkdir /etc/asl/
touch /etc/asl/whitelist
cd /usr/local/src/
wget http://updates.atomicorp.com/channels/rules/delayed/modsec-2.7-free-latest.tar.gz
tar zxvf modsec-2.7-free-latest.tar.gz
mkdir /usr/local/apache/conf/modsec_rules/
cp modsec/* /usr/local/apache/conf/modsec_rules/
These command will create the required directory’s and download the latest free version of the Atomic Mod Security rules. It will also directly install them into the location of Apache designed for cPanel and configure the permission.
Stage 2: Configure cPanel to use the Mod Security Rules
In this stage, you can do everything from WHM as long as you have Mod Security already installed as part of your EasyApache build. If you do not, you will need to rebuild apache with Mod Security.
In go to: WHM -> Plugins -> Mod Security and then click: Edit Config
In this section, delete all the current content and then paste in the following configuration:
SecRequestBodyAccess On
SecAuditLogType Concurrent
SecResponseBodyAccess On
SecResponseBodyMimeType (null) text/html text/plain text/xml
SecResponseBodyLimit 2621440
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecServerSignature Apache
SecUploadDir /var/asl/data/suspicious
SecUploadKeepFiles Off
SecAuditLogParts ABIFHZ
SecArgumentSeparator "&"
SecCookieFormat 0
SecRequestBodyInMemoryLimit 131072
SecDataDir /var/asl/data/msa
SecTmpDir /tmp
SecAuditLogStorageDir /var/asl/data/audit
SecResponseBodyLimitAction ProcessPartial
Include /usr/local/apache/conf/modsec_rules/10_asl_antimalware.conf
Include /usr/local/apache/conf/modsec_rules/10_asl_rules.conf
Include /usr/local/apache/conf/modsec_rules/20_asl_useragents.conf
Include /usr/local/apache/conf/modsec_rules/30_asl_antispam.conf
Include /usr/local/apache/conf/modsec_rules/50_asl_rootkits.conf
Include /usr/local/apache/conf/modsec_rules/60_asl_recons.conf
Include /usr/local/apache/conf/modsec_rules/99_asl_jitp.conf
Include /usr/local/apache/conf/modsec2.whitelist.conf
Save this and restart Apache.
This should now have successfully installed the Atomic mod security rules into cPanel which are a much more secure rule base and include extra protection which is important for the latest hacks.
Stage 1: Run the following commands at command line:
mkdir /var/asl
mkdir /var/asl/tmp
mkdir /var/asl/data
mkdir /var/asl/data/msa
mkdir /var/asl/data/audit
mkdir /var/asl/data/suspicious
chown nobody.nobody /var/asl/data/msa
chown nobody.nobody /var/asl/data/audit
chown nobody.nobody /var/asl/data/suspicious
chmod o-rx -R /var/asl/data/*
chmod ug+rwx -R /var/asl/data/*
mkdir /var/asl/updates
mkdir /var/asl/rules/
mkdir /var/asl/rules/clamav
mkdir /etc/asl/
touch /etc/asl/whitelist
cd /usr/local/src/
wget http://updates.atomicorp.com/channels/rules/delayed/modsec-2.7-free-latest.tar.gz
tar zxvf modsec-2.7-free-latest.tar.gz
mkdir /usr/local/apache/conf/modsec_rules/
cp modsec/* /usr/local/apache/conf/modsec_rules/
These command will create the required directory’s and download the latest free version of the Atomic Mod Security rules. It will also directly install them into the location of Apache designed for cPanel and configure the permission.
Stage 2: Configure cPanel to use the Mod Security Rules
In this stage, you can do everything from WHM as long as you have Mod Security already installed as part of your EasyApache build. If you do not, you will need to rebuild apache with Mod Security.
In go to: WHM -> Plugins -> Mod Security and then click: Edit Config
In this section, delete all the current content and then paste in the following configuration:
SecRequestBodyAccess On
SecAuditLogType Concurrent
SecResponseBodyAccess On
SecResponseBodyMimeType (null) text/html text/plain text/xml
SecResponseBodyLimit 2621440
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecServerSignature Apache
SecUploadDir /var/asl/data/suspicious
SecUploadKeepFiles Off
SecAuditLogParts ABIFHZ
SecArgumentSeparator "&"
SecCookieFormat 0
SecRequestBodyInMemoryLimit 131072
SecDataDir /var/asl/data/msa
SecTmpDir /tmp
SecAuditLogStorageDir /var/asl/data/audit
SecResponseBodyLimitAction ProcessPartial
Include /usr/local/apache/conf/modsec_rules/10_asl_antimalware.conf
Include /usr/local/apache/conf/modsec_rules/10_asl_rules.conf
Include /usr/local/apache/conf/modsec_rules/20_asl_useragents.conf
Include /usr/local/apache/conf/modsec_rules/30_asl_antispam.conf
Include /usr/local/apache/conf/modsec_rules/50_asl_rootkits.conf
Include /usr/local/apache/conf/modsec_rules/60_asl_recons.conf
Include /usr/local/apache/conf/modsec_rules/99_asl_jitp.conf
Include /usr/local/apache/conf/modsec2.whitelist.conf
Save this and restart Apache.
This should now have successfully installed the Atomic mod security rules into cPanel which are a much more secure rule base and include extra protection which is important for the latest hacks.
Saturday, April 20, 2013
Fixing su: cannot set user id: Resources temporarily
#su -
su: cannot set user id: Resource temporarily unavailable
#
After searching and googling few minutes, i found a quick resolution to fixing this issue.
This is all about VPS limit.
Edit limit.conf below or change if needed.
#vi /etc/security/limit.conf
#### add/change on these line below:
* soft nproc 2047
* hard nproc 16384
* soft nofile 2048
* hard nofile 65536
After that try to relogin using a normal access user and then try to get su -
this should fixed your issue.
su: cannot set user id: Resource temporarily unavailable
#
After searching and googling few minutes, i found a quick resolution to fixing this issue.
This is all about VPS limit.
Edit limit.conf below or change if needed.
#vi /etc/security/limit.conf
#### add/change on these line below:
* soft nproc 2047
* hard nproc 16384
* soft nofile 2048
* hard nofile 65536
After that try to relogin using a normal access user and then try to get su -
this should fixed your issue.
Friday, April 19, 2013
Conver Putty ppk key to SSH key
In many occasions I needed to convert a Putty ppk private key nack to open ssh key to be able to use it directly from a linux box command line. It is fairly simple to do but I always need to look it up so here it is for easy reference :
Install putty using yum in Fedora.
If you are using Ubuntu you need to install putty-tools as well
From the command line give
puttygen xxxxx2.ppk -O private-openssh -o key.ssh
Enter passphrase to load key:
Then log onto your system using
ssh root@84.200.82.6 -p 8057 -i key.ssh
Install putty using yum in Fedora.
If you are using Ubuntu you need to install putty-tools as well
From the command line give
puttygen xxxxx2.ppk -O private-openssh -o key.ssh
Enter passphrase to load key:
Then log onto your system using
ssh root@84.200.82.6 -p 8057 -i key.ssh
Tuesday, April 16, 2013
Troubleshooting apache
check httpd service is running or not
• if its not starting the check the syntax of the config file
#httpd -S (display the all files and its location )
#httpd -t or apachectl configtest
if syntax is ok the config file is correct
• check the error logs of apache
/var/log/httpd/error_log
• apache also requires working dsn client support via /etc/resolv.conf and make sure dns is working fine
• check httpd.conf file there is correct entry of server name is there or not and check the port no
• check the size of the log file if it is full then it ll cause error 500 so make sure that log files are under limit and we can us e tool called logrotate in /etc/logrorate.d/httpd create configuration file for httpd log files
• It is possible that some other process may be using port 80 or 443. Use netstat command to list open port and their owners:
#nestat -tulpn
#netstat -tulpn |grep ‘:80′
If other process using port 80 / 443, you need to stop them or assign another port to Apache
• if its not starting the check the syntax of the config file
#httpd -S (display the all files and its location )
#httpd -t or apachectl configtest
if syntax is ok the config file is correct
• check the error logs of apache
/var/log/httpd/error_log
• apache also requires working dsn client support via /etc/resolv.conf and make sure dns is working fine
• check httpd.conf file there is correct entry of server name is there or not and check the port no
• check the size of the log file if it is full then it ll cause error 500 so make sure that log files are under limit and we can us e tool called logrotate in /etc/logrorate.d/httpd create configuration file for httpd log files
• It is possible that some other process may be using port 80 or 443. Use netstat command to list open port and their owners:
#nestat -tulpn
#netstat -tulpn |grep ‘:80′
If other process using port 80 / 443, you need to stop them or assign another port to Apache
What is SPF records and How to setup?
Why Is My Emails Getting As Spam?
Check above things.
First we need to check Email Headers.
1. Return Path
2. To
3. From
4. We should not use CAPS because not only being unprofessional, but it
also triggers spam filters. To land in the Spam folder consistently,
please do not USE ALL CAPS IN THE SUBJECT LINE AND THE BODY FROM TO and
Excessive punctuation (e.g. -/, ;^%#$@+ * "').
E.g. as follows.
1. Email "From : ADMIN ENROLL <noreply@exmaple.com>" getting
spam in gmail.com sometimes and if we not change it will increasing
count.
2. Email "From: noreply@exmaple.com" it
getting in mailbox, check the CAPS deference.
http://php.net/manual/en/function.mail.php
http://www.niso.org/khelp/kmlm/user_help/html/examine_mail_headers.html
Please check this too. It can be understand better. :)
http://www.infusionblog.com/email-marketing/7-ways-for-your-email-to-land-in-the-spam-folder/
Check SPF for Domain.:
http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
What is SPF records and How to setup?
http://www.kazeli.com/help/index.cfm?pageloc=quest&questid=435&catid=337,338
To diagnose the mail. Why its going in Spam.
Check tool:
http://mxtoolbox.com/
Here you can check following points
1. Mxlookup : For your domain and ip
2. Blacklist : For your IP
3. Diagnostics : SMTP Diagnostics, check your mail server
4. Analyze Headers : Check your mail headers.
5. SPF Records : Check your Sender Policy Framework
7. DNS Lookup : Check your Domain lookup.
If you check above all things your mail will not go in Spam.!
Check above things.
First we need to check Email Headers.
1. Return Path
2. To
3. From
4. We should not use CAPS because not only being unprofessional, but it
also triggers spam filters. To land in the Spam folder consistently,
please do not USE ALL CAPS IN THE SUBJECT LINE AND THE BODY FROM TO and
Excessive punctuation (e.g. -/, ;^%#$@+ * "').
E.g. as follows.
1. Email "From : ADMIN ENROLL <noreply@exmaple.com>" getting
spam in gmail.com sometimes and if we not change it will increasing
count.
2. Email "From: noreply@exmaple.com" it
getting in mailbox, check the CAPS deference.
http://php.net/manual/en/function.mail.php
http://www.niso.org/khelp/kmlm/user_help/html/examine_mail_headers.html
Please check this too. It can be understand better. :)
http://www.infusionblog.com/email-marketing/7-ways-for-your-email-to-land-in-the-spam-folder/
Check SPF for Domain.:
http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
What is SPF records and How to setup?
http://www.kazeli.com/help/index.cfm?pageloc=quest&questid=435&catid=337,338
To diagnose the mail. Why its going in Spam.
Check tool:
http://mxtoolbox.com/
Here you can check following points
1. Mxlookup : For your domain and ip
2. Blacklist : For your IP
3. Diagnostics : SMTP Diagnostics, check your mail server
4. Analyze Headers : Check your mail headers.
5. SPF Records : Check your Sender Policy Framework
7. DNS Lookup : Check your Domain lookup.
If you check above all things your mail will not go in Spam.!
Fast up Httpd
The Apache’s configuration file is located at “/usr/local/apache/conf/httpd.conf” in a cPanel server
Timeout
This directive “Timeout” is used to define the amount of time Apache will wait for a GET, POST, PUT request and ACKs on transmissions before automatically disconnect when idle time exceeds this value. The ideal value will be 120 in heavily loaded servers. It is recommended to set this value lower if your clients have low latencies. Some time, setting this directive to a low value may pause problem, this highly depend on your network and server setup. The best is to experiment with different values to find the one that fit your need.
KeepAlive
This directive “KeepAlive” if set to “On”, enables persistent connections on the web server. For better performance, it’s recommended to set this option to “On” and allow more than one request per connection.
MaxKeepAliveRequests
This directive is used to define the number of requests allowed per connection when the KeepAlive option above is set to “On”. When the value of this option is set to “0″ then unlimited requests are allowed on the server. For server performance, it’s recommended to allow unlimited requests.
KeepAliveTimeout
This directive is used to define how much time, in seconds, Apache will wait for a subsequent request before closing the connection. Once a request has been received, the timeout value specified by the “Timeout” directive applies. The value of “10″ seconds is a good average for server performance. This value should be kept low as the socket will be idle for extended periods otherwise.
MaxClients
This directive is used to define the limit on the number of child processes that will be created to serve requests. The default means that up to 512 HTTP requests can be handled concurrently. This is an important tuning parameter regarding the performance of the Apache web server. For high load operation, a value of “512″ is recommended. For standard use, you can set the value to “256″.
MinSpareServers
This directive is used to define the minimum number of idle child server processes that should be created. An idle process is one which is not handling a request. If there are fewer than “MinSpareServers” idle, then the parent process creates new children at a maximum rate of 1 per second. The idle value is 10
MaxSpareServer
This directive is used to define the maximum number of idle child server processes that should be created. If there are more than “MaxSpareServers” idle child processes, then the parent process will kill off the excess processes and these extra processes will be terminated.The idle value is 15.
MaxRequestsPerChild
This option “MaxRequestsPerChild” is used to define the number of requests that an individual child server process will handle. Set this directive to “0″ to get the maximum performance and scalability for the server.
HostnameLookups
This directive if set to “Off”, specifies to disable DNS lookups. It’s recommended to set this option to “Off” in order to avoid latency to every request, to save the network traffic time, and to improve the performance of your Apache web server.
Timeout
This directive “Timeout” is used to define the amount of time Apache will wait for a GET, POST, PUT request and ACKs on transmissions before automatically disconnect when idle time exceeds this value. The ideal value will be 120 in heavily loaded servers. It is recommended to set this value lower if your clients have low latencies. Some time, setting this directive to a low value may pause problem, this highly depend on your network and server setup. The best is to experiment with different values to find the one that fit your need.
KeepAlive
This directive “KeepAlive” if set to “On”, enables persistent connections on the web server. For better performance, it’s recommended to set this option to “On” and allow more than one request per connection.
MaxKeepAliveRequests
This directive is used to define the number of requests allowed per connection when the KeepAlive option above is set to “On”. When the value of this option is set to “0″ then unlimited requests are allowed on the server. For server performance, it’s recommended to allow unlimited requests.
KeepAliveTimeout
This directive is used to define how much time, in seconds, Apache will wait for a subsequent request before closing the connection. Once a request has been received, the timeout value specified by the “Timeout” directive applies. The value of “10″ seconds is a good average for server performance. This value should be kept low as the socket will be idle for extended periods otherwise.
MaxClients
This directive is used to define the limit on the number of child processes that will be created to serve requests. The default means that up to 512 HTTP requests can be handled concurrently. This is an important tuning parameter regarding the performance of the Apache web server. For high load operation, a value of “512″ is recommended. For standard use, you can set the value to “256″.
MinSpareServers
This directive is used to define the minimum number of idle child server processes that should be created. An idle process is one which is not handling a request. If there are fewer than “MinSpareServers” idle, then the parent process creates new children at a maximum rate of 1 per second. The idle value is 10
MaxSpareServer
This directive is used to define the maximum number of idle child server processes that should be created. If there are more than “MaxSpareServers” idle child processes, then the parent process will kill off the excess processes and these extra processes will be terminated.The idle value is 15.
MaxRequestsPerChild
This option “MaxRequestsPerChild” is used to define the number of requests that an individual child server process will handle. Set this directive to “0″ to get the maximum performance and scalability for the server.
HostnameLookups
This directive if set to “Off”, specifies to disable DNS lookups. It’s recommended to set this option to “Off” in order to avoid latency to every request, to save the network traffic time, and to improve the performance of your Apache web server.
Subscribe to:
Posts (Atom)