Sunday, 10 June 2012

Stop drweb mails in plesk

If you are receiving error maila regarding drweb
Hi. This is the qmail-send program at domain
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

./Maildir: No such file or directory
I'm not going to try again; this message has been in the queue too long.

--- Below this line is a copy of the message.

Solution :

Edit /var/drweb/.qmail and add &root

[root@server ~]# vi /var/drweb/.qmail 


#save and exit the editor

Now you will receive mails regarding drweb 
 Dr.Web (R) update details:
Update server:
Update has begun at Sun Jun  3 16:30:03 2010
Update has finished at Sun Jun  3 16:30:19 2010

Following files has been updated:

If you want to stop receiving such mails, edit  /etc/cron.d/drweb-update and redirect the cron result to a log file

[root@server ~]# vi /etc/cron.d/drweb-update
*/30 * * * * drweb /opt/drweb/ >>  /var/log/drwebupdate.log

#save and exit the editor

Increase php upload size for a plesk user

Edit your domain conf file from 

[root@server ~]# vi /var/www/vhosts/

    php_admin_value post_max_size 60M
    php_admin_value upload_max_filesize 60M


<Directory /var/www/vhosts/>

just like this,

    <Directory /var/www/vhosts/>
    php_admin_value post_max_size 60M
    php_admin_value upload_max_filesize 60M

save and exit the editor

Run the command to reconfigure your vhost

[root@server ~]# /usr/local/psa/admin/sbin/websrvmng --reconfigure-vhost

Force qmail to process the outbound queue in plesk

Check the queue stats
[root@server ~]# /var/qmail/bin/qmail-qstat

Try to send queued messages now (qmail must be running)

[root@server ~]# /usr/local/psa/admin/sbin/mailqueuemng -a

If the queue stats shows the same value
[root@server ~]# /var/qmail/bin/qmail-qstat

Issue this command to force qmail to process the outbound mail

[root@server ~]# kill -ALRM `ps ax | grep qmail-send | grep -v grep | awk '{print $1}'`

Just repeat this command and see the queue stats.

Tuesday, 24 April 2012

Install postgresql in cpanel server

Run the install script
# /scripts/installpostgres

Then under WHM
 SQL Services >> Postgres Config Select Install config

Once the configuration has been installed, set password for postgresql and open port 5432 if you have firewall.

Now postgresql is installed now and php is not compiled to it. So run easyapache and enable pgsql support.

When you login into the cpanel, you will see phpPgadmin which is a database management tool for postgresql. If not, enable it in WHM >> Feature Manager

Now edit /var/lib/pgsql/data/postgresql.conf and edit some settings:
port = 5432

tcpip_socket = true

listen_address = '*'

Now restart the postgres service:
# service postgres restart

Note that if postgresql is installed on a server that already has users on it, privileges will not be added default for the existing users. Run the below script to add privileges.

# for user in `ls /var/cpanel/users` ; do su $user -c “createuser -S -D -R $i” postgres; done

Thursday, 12 April 2012

Secure and optimize cPanel server

1. Main >> Server Configuration >> Tweak Settings

* Under Mail:
- Initial default/catch-all forwarder destination >> "fail" is usually the best choice if you are getting mail attacks. - set this to FAIL
The maximum each domain can send out per hour - set to 300

- Enable Mailman:
If none of the cpanel users aren't running any mail listings through cPanel, it would be a good idea to disable Mailman.

* Under System:
- enable default shell jailed

* Under Security
- enable security token
Require security tokens for all interfaces. This will greatly improve the security of cPanel and WHM against XSRF attacks, but may break integration with other systems, login applications, billing software, and third party themes.

2. Main >> Account functions >> Manage Shell Access
* Disable shell access for all users

3. Main >> SQL Services >> MySQL Root Password
* MySQL Root Password - Change Root Password for MySQL
Notes: By default, no mysql root password is set.

4. Main >> Service Configuration >> FTP Server Configuration
* Allow Anonymous Logins - Select 'NO'
* Allow Anonymous Uploads - Select 'NO'

5. Main >> Service Configuration >> Configure PHP and SuExec
* Enable suEXEC
This module will cause PHP scripts to run as the user who owns the script versus the system user known as nobody

6. Main >> System Health >> Background Process Killer
Check all of them and save

7. Main >> Security Center

* Enable PHP open_basedir Tweak
PHP's open_basedir protection prevents users from opening files outside of their home directory with PHP.

* Enable Shell Fork Bomb Protection
Fork Bomb Protection will prevent users with terminal access (ssh/telnet) from using up all the resources on the server. Unchecked resource allocation can potentially lead to a server crash.

* Disable Compilers Access
Many common exploits require a working C compiler on the system. This tweak allows you to deny compiler access to unprivileged users; you can also choose to allow some users to use the compilers while they remain disabled by default.

* Enable cPHulk Brute Force Protection
cPHulk Brute Force Protection prevents malicious forces from trying to access your server’s services by guessing the login password for that service.

* Manage Wheel Group Users
Remove all users except root

* Quick Security Scan for Trojan Horses

8. Update Apache: /scripts/easyapache Or from WHM >> Software >> Apache Update
* Enable Mod_Evasive
mod_evasive module is used to secure Apache Web Server from DDoS and brute force attacks by implementing web application firewall

* Enable Suhosin
This module is an advanced protection system for PHP installations

9. Update cPanel
[root@server ]# /scripts/upcp

10. Securing the /tmp Partition
[root@server ]# /scripts/securetmp

In case of cpanel vps, the above script doesn't work. Please add the following line in /etc/fstab
none /tmp tmpfs nodev,nosuid,noexec 0 0

11. php.ini & disabled functions
Edit php.ini

[root@server ]# nano /usr/local/lib/php.ini
safe_mode = On
allow_url_fopen = off
expose_php = Off
Enable_dl= Off
magic_quotes = On
register_globals = off
display errors = off
disable_functions = system, show_source, symlink, exec, dl,shell_exec, passthru, phpinfo, escapeshellarg,escapeshellcmd, popen, proc_open, allow_url_fopen, ini_set

12. Install csf
[root@server ]# cd /usr/local/src
[root@server ]# wget
[root@server ]# tar -xzf csf.tgz
[root@server ]# cd csf
[root@server ]# ./

[root@server ]# nano /etc/csf/csf.conf
#To disable testing mode
Testing = "0"

#If you are using any ports, you have to enable it here. Suppose ssh port is changed, add the port here.

# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,207 7,2078,2082,2083,2086,2087,2095,2096"
# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873,2087, 2089,2703"
#CSF Connection Limit
CT_LIMIT = "200"
#It means every IP with more than 200 connections are blocked.
#IP will be blocked permanenty
CT_BLOCK_TIME = "1800"
#IP will be blocked 1800 secs(1800 secs = 30 mins)

13. Enable TCP SYN Cookie Protection
[root@server ]# nano /etc/sysctl.conf
net.ipv4.tcp_syncookies = 1

14. Main >> cPanel >> Manage Plugins
* Install clamav
Tick ClamAV

* Run the scan
[root@server ]# clamscan -r /home

15. Install RootKit Hunter - scanning tool to ensure your system does not have any backdoors or exploits
[root@server ]# cd /usr/local/src
[root@server ]# wget
[root@server ]# tar -xzvf rkhunter-1.3.8.tar.gz
[root@server ]# cd rkhunter-1.3.8
[root@server ]# ./

* Run the scan
[root@server ]# rkhunter -c

16. Securing and Upgrading of SSH Server:
open ssh configuration /etc/ssh/sshd_config and change ssh port 22 to some other like 2211