Reset root mysql password on Windows server
How to reset the mysql root password on Windows server::::
step 1) Stop the MySQL services if it is running on the Windows server, where you need to reset mysql root password, go to the Services manager:
Start Menu -> Control Panel -> Administrative Tools -> Services
step 2) Then find the MySQL service in the list, and stop it.
step 3) Instead of going to services through control panel, you can use the Task Manager to stop the mysql services forcefully.
Create a text file and place the following command within it on a single line:
SET PASSWORD FOR 'root'@'localhost' = PASSWORD('MyNewPassword');
Save the file with any name. For example, the file will be C:\mysql-init.txt.
step 4) Open a console window to get to the DOS command prompt:
Start Menu -> Run -> cmd
We are assuming that you have installed MySQL to C:\mysql. If you have installed MySQL to another location, adjust the following commands accordingly.
step 5) At the DOS command prompt, execute this command:
C:\> C:\mysql\bin\mysqld-nt --init-file=C:\mysql-init.txt
Installing LSM (Linux Socket Monitor) on Linux server
Definition of LSM (Linux Socket Monitor)LSM is a network socket monitor. It is designed to track changes to Network sockets and Unix domain sockets.
Its a comprehensive alert system, simple program usage & installation make LSM ideal for deployment in any linux environment (geared for web servers). Using a rather simple yet logical structure, LSM identifies changes in both Network Sockets and Unix Domain Sockets. By recording a base set of what sockets should be active then comparing the currently active socket information to that of the base comparison files, we highlight otherwise unknown services.
Definition: LSM is a bash scripted network socket monitor. It is designed to track changes to Network sockets and Unix domain sockets.
LSM will ignore services that are currently holding sockets open. Events are only applicable when a 'new' socket is created, be it UDS Stream Socket or TCP Network Socket, LSM will identify it. Currently LSM does not track DGRAM Unix Domain Sockets, but will in the future.
Download the current release of LSM distributed under the GNU general public license :# wget http://www.r-fx.ca/downloads/lsm-current.tar.gz
# tar -zxvf lsm-current.tar.gz
#cd lsm-current
# ./install.sh
This will install LSM to /usr/local/lsm, and symlink its executable to /usr/local/sbin/lsm
There will be a cron.d entry added to /etc/cron.d/lsm, set to run it once every 10 minutes.
All projects on rfxnetworks.com are free for use and distribution in accordance with the gnu gpl; funding for the continued development and research into this and other projects, is solely dependent on public contributions and donations. If you are using this software first time, we would request you to evaluate it and consider a small donation; for those who are either frequent or continue users of this and other projects. We would also request you to make an occasional small donation to help ensure the future of our public projects.
Applications of LSM:1) A comprehensive alert system, simple program usage & installation make LSM ideal for deployment in any linux environment (geared for web servers). Using a rather simple yet logical structure, LSM identifies changes in both Network Sockets and Unix Domain Sockets. By recording a base set of what sockets should be active then comparing the currently active socket information to that of the base comparison files, we highlight otherwise unknown services.
2) LSM will ignore services that are currently holding sockets open. Events are only applicable when a 'new' socket is created, be it UDS Stream Socket or TCP
Network Socket, LSM will identify it. Currently LSM does not track DGRAM Unix Domain Sockets, but will in the future.
3) UsageLSM has 3 arguments that perform the following operations respectively:
-g Generate base comparision files
-c Compare current socket information to comparision files
-d Delete base comparision files
Upon installation, LSM generates its base comparison files, but we recommend you manualy do so to ensure it has been done.
# /usr/local/sbin/lsm -gThen to check for changes in sockets, use the -c argument. This will compare the current sockets running, with the generated base comparision files. If any changes are found you will be notified, otherwise it will remain as it is.
When changes are found, LSM issues an email alert to the configured addresses in
#/usr/local/lsm/lsm.conf
cPanel 11 updates
Since the release of cPanel 11, we have noticed a number of instances where the cPanel 11 release update failed to complete. The symptoms can vary, including blank pages being drawn from certain features, with the most commonly reported issue being that account creations are existing prematurely, claiming immediately that the account creation is complete.
Additionally, account creation, suspension, unsuspension and removal may fail. This is occurring because /scripts/update now was executed (or run from update system software in whm) without a subsequent call to upcp. As a result, /scripts is updated to the latest available modules available with cPanel 11, while the rest of the system remains configured for the older builds.
# You can confirm whether the case is this on your system by executing below command from the commend line:
perl -c /scripts/wwwacct# If this command returns errors, then you will need to update. Here is what you can expect to see if a problem exists:
root@localhost [~]# perl -c /scripts/wwwacctCan't locate Whostmgr/Accounts/Create.pm in @INC (@INC contains:
/usr/local/cpanel /scripts /usr/lib/perl5/5.8.7/i686-linux /usr/lib/perl5/5.8.7 /usr/lib/perl5/site_perl/5.8.7/i686-linux /usr/lib/perl5/site_perl/5.8.7 /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl .) at /scripts/wwwacct line 10.BEGIN failed--compilation aborted at /scripts/wwwacct line 10.
root@localhost [~]#Here are the Suggested Fixes:
# If you wish to stay with cPanel 10.x, you will need to execute the following commands from the command line:
/usr/local/cpanel/bin/checkperlmodules echo "CPANEL=stable" >> /etc/cpupdate.conf /scripts/upcp --force# If you would like to continue with the cPanel 11 updates (recommended), you will need to execute the following commands from the command line:
/usr/local/cpanel/bin/checkperlmodules /scripts/upcp –forceThere is also recently released a new installer (for fresh installs only) that solves many of the cPanel 11 installation problems that have been recently reported.
You can download the installer at: http://layer2.cpanel.net
For those customers who still wish to deploy new 10.x installs, you can easily force the installer to install stable by running:
echo "CPANEL=stable" >> /etc/cpupdate.confBefore you run the cpanel-universal-install.sea (latest) installer.
cPanel 11 Upgrade checklist
When you are upgrading the cpanel from version 10.0 to 11.1.0
Here is a checklist of items when upgrading to cPanel 11:
1) Make sure you're running Perl 5.8.8:
a) check perl -v to make sure it says 5.8.8
b) if you see 5.8.7 or something else, follow these steps:
1) wget http://layer1.cpanel.net/perl588installer.tar.gz
2) tar xfvz perl588installer.tar.gz
3) cd perl588installer
4) ./install
5) /usr/local/cpanel/bin/checkperlmodules
2) Upgrade YAML::Syck and File::Copy::Recursive:
1) /scripts/realperlinstaller YAML::Syck
2) /scripts/realperlinstaller File::Copy::Recursive
3) Remove any SARE/openprotect spamassassin rules
These seem to be not compatible with SpamAssassin v3.2
4) Upgrade from mbox to maildir.
This can be done by running /scripts/convert2maildir.
WARNING: Make sure to run the option to back up your mail first. IMAP must be enabled in the Service Manager before running this script!!
When running the conversion, you should watch out for the following:
It will take a long time. Don't kill the process or you'll be left with a lot of half-converted mailboxes and angry clients who aren't getting mail.
Mail will not be delivered during the conversion, it will be instead queued until the conversion is complete and then delivered.
Make sure your mailbox permissions are ok before converting and make sure your clients aren't currently using mailboxes called /cur /new or /tmp
NOTE: For users using POP accounts, converted messages will appear as new and will download twice. Users should re-download their messages after the conversion completes.
Backup in cpanel and moving it from server 1 to server 2
How to take backup in cpanel and moving big accounts :Following are the steps:1) Moving sites between Cpanel servers are easy with the WHM Transfer feature. But some BIG accounts fails/time out when moving with WHM Transfer feature.
To move such accounts, you have to take backup and move it to new server and restore. Cpanel provides some tools which allows site backup and restore easy.
Here are the stpes how to move a site from server 1 to server 2 :
On server 1 (source) do the following:
1. Create BackupTake backup of the web site with pkgacct
#grep
/etc/userdomains
This command will give you the username of that particular domain.
/scripts/pkgacct
Where username is the (cpanel account username) of the site which you want to move. This will create backup file in /home folder.
/home/cpmove-username.tar.gz
root@server [~]# /scripts/pkgacct raman
pkgacct started.
pkgacct version 2.9 - running with uid 0
Copying Reseller Config...Done
Copying SSL Certificates, CSRS, and Keys...Done
Copying Mail files....Done
Copying frontpage files....Done
Copying proftpd file....Done
Copying www logs.............
.........
.........
.........
.........
Copying shell.......Done
pkgacctfile is: /home/cpmove-raman.tar.gz
Creating Archive .............
.........
Done
md5sum is: 4e77ff26c08094c5df1af9a1e4b88f37
2. Move the Backup to New Server
This can be done several ways, FTP, SCP, RSYNC, etc...
We use another way here, that is we just move the backup to public_html folder of a web site, then download it from server2 with wget command.
# mv /home/cpmove-username.tar.gz /home/username_of_any_site/public_html/
Now make the file accessible by public
#chmod 777 /home/username_of_any_site/public_html/
One more way is to put this cpmove file in server htdocs folder as follows:
# mv /home/cpmove-username.tar.gz /usr/local/apache/htdocs
chmod 644 cpmove-username.tar.gz
on server 2 (destination server) :
1. Downloading the Backup
# cd /home
# wget http://websiteonserver1/cpmove-username.tar.gz
and if the backup is under the htdocs folder then
http://hostnameofserver1/cpmove-username.tar.gz or http://ipofserver1/cpmove-username.tar.gz
Download it on your local machine.
2. Restore the Account
# scripts/restorepkg username
Now you can edit DNS on server 1 and point it to server 2.
IMP steps to optimize the new plain server
There is not really a default package we use, since every system has different needs.
With a new system we couldn't know what it'll be used for though, so in that case we just ask the client a couple of questions what he will use the server for, so we can optimize the server for that purpose. For instance if a server uses a lot of PHP and MySQL, it's a good idea to setup a PHP accelerator and MySQL query caching, since that improves performance a lot. Same goes for CGI.
And if it is a regular cPanel server, then the things are quite easy as follows:- In the main configuration we did the initial setup of the cPanel server, nothing unusual, same goes for basic security.
- SSH configuration: just disabling direct root access and things like that, speaks for itself.
Firewall configuration: we use APF from rfxnetworks.net and just configure it.
http://www.eth0.us/?q=apf.
Furthermost some other scripts from rfxnetworks.net were installed like bfd and lsm
- System integrity is also from rfxnetworks.net and the installation all speaks for itself.
Make sure to not enable monitoring SMTP and FTP though since that very often leads to false positives - Environmental security: simply securing the tmp partition and things like that.
For sysctl use the ruleset here:http://www.eth0.us/?q=sysctl -
For mod_security use the steps
http://www.eth0.us/?q=mod_security-
For Apache compilations in cPanel use /scripts/easyapache and by default we enable things like GD, curl, curl ssl- ssh security is just a matter of installing the latest versions - rkhunter can be found on
http://www.rootkit.nl/.
If it returns false positives make sure to run rkhunter --update (or something like that, don't recall the exact command)
- For the email scanning thing. use this tutorial:
http://www.rvskin.com/index.php?page=public/antispamFurthermost take care of things, such as kernel upgrades, security patches, software upgrades, setup eaccelerator and anything else that may be useful like disabling the following apps for unauthorized users:
chmod 750 /usr/bin/rcp
chmod 750 /usr/bin/wget
chmod 750 /usr/bin/lynx
chmod 750 /usr/bin/links
chmod 750 /usr/bin/scp
If you use the above securities on your server then it is more secure.
Tomcat server listens on the network interface
Issue: Installed tomcat under linux server
(/usr/local/java/tomcat/jakarta-tomcat-5.0.25-src/jakarta-tomcat-5/build/).
If run the tomcat under
( /usr/local/java/tomcat/jakarta-tomcat-5.0.25-src/jakarta-tomcat-5/build/bin/ sh startup.sh), getting the message as
[root@server bin]# sh startup.sh
Using CATALINA_BASE: /usr/local/java/tomcat/jakarta-tomcat-5.0.25-src/jakarta-tomcat-5/build
Using CATALINA_HOME: /usr/local/java/tomcat/jakarta-tomcat-5.0.25-src/jakarta-tomcat-5/build
Using CATALINA_TMPDIR: /usr/local/java/tomcat/jakarta-tomcat-5.0.25-src/jakarta-tomcat-5/build/temp
Using JAVA_HOME: /usr/local/java
And http://localhost:8080 is also not getting through............
Solution: The Tomcat is running on a Linux server, but trying to reach it on the localhost of a windows machine (using Internet Explorer)
1) We will need to find the right hostname to reach to the tomcat server.
2) Then check the log files for error.
Tomcat logs in a "logs" directory under the main tomcat directory. The first thing to look at is "catalina.out" which is where stdout and stderr messages from tomcat are sent.
3) # netstat -na|grep 8080 |grep -i listen
will reveal on the Linux box whether the port 8080 is listened on.
4) If you are using 8888 port number, then use the command as
# netstat -na|grep 8888 |grep -i listen
5) Looks like the server is starting so the next most likely problem is with your network setup.
Try accessing the server from the machine it's running on. If you can't run a browser just try
telnet localhost 8888
and, if you get a connection, type
GET /
If that works try a telnet from the windows machine.
You could have DNS or firewall problems.
6) If you get something like .....
[root@server bin]# telnet localhost 8888
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
"Connection refused" means that there's nothing listening on that port. Use the ps command to check that the tomcat instance is still running.
7) # netstat -na|egrep -i 'Proto|8888'
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN
8)TELNET LOCALHOST 9876
Connecting To LOCALHOST...Could not open a connection to host on port 9876 : Connect failed
TELNET 127.0.0.1 9876
Connecting To 127.0.0.1...Could not open a connection to host on port 9876 : Connect failed
9) Looks like the tomcat server listens on the network interface.
How to optimize cPanel server
Basic steps to secure the server in regards to hack attemptsSteps for optimization : 1) First make sure the server is setup properly in WHM and that the proper features are selected (open_basedir turned on, things like that).
2) In WHM setup a user with username admin (and some random password). Then turn off direct root login in the SSHD configuration, and add the username admin to the wheel group in /etc/wheel. In the SSHD configuration also make sure to select a different port as port 22 and make sure to only use protocol 2. Afterwards restart SSHD.
service sshd restart
3)Proceed by setting up APF. Make sure to enable features such as USE_AD. With most servers egress filtering is not necessary. Ingress filtering should be configured with ports that are necessary for cPanel, and nothing else. Make sure to close port 22, and open a new port for SSH instead (whichever port you used in the ssh configuration). It's quite good to use this tutorial;
http://www.eth0.us/?q=apf (don't forget to take out port 22).
4) Install BFD from rfxnetworks.net
5) Install LSM from rfxnetworks.net
6) Install SIM from rfxnetworks.net and use the configuration wizard to configure it. I assume you know what needs to be monitored. Make sure to
set it up so that it monitors the right services (make sure to leave FTP and SMTP disabled) and make sure you enter the email address of the client
when it asks for the email address (you can find the client's email address in their ticket).
7) Secure the tmp partitions (/tmp and /dev/shm). I assume you know how to do this (fstab, noexec, nosuid and such).
8) Run /scripts/compilers off
9) Use this tutorial to secure sysctl: http://www.eth0.us/?q=sysctl
10) Use /scripts/easyapache (option 6) to recompile Apache. Right now make sure to use PHP4.3.11 (unless stated otherwise by the client) and enable modules such as GD, curl, curl ssl, mcrypt.
11) Use /scripts/installzendopt to install zend optimizer
12) Use this tutorial to further secure PHP: http://www.eth0.us/?q=php
13) Setup eaccelerator using the attached RPM (which will only work for 4.3.11 - do NOT use it if you have setup a different PHP version). Just run the RPM, and afterwards do this:
- pico /usr/lib/php.ini
- enter "ctrl + w" to search in the document and search for zend_extension - then insert this under that line: zend_extension="/usr/lib/php4/eaccelerator.so" -
then save the file and exit
- now create a directory called /tmp/eaccelerator and chmod it to
0777. - now restart apache. If the server is active and PHP scripts
are running you'll see that /tmp/eaccelerator directory filling up
with cached requests - It's important that you verify apache is
running after this is done. If not, make sure to take out the line
that you inserted in the php.ini and then restart apache again (then
eaccelerator is disabled). If this ever happens let me know.
14) Lastly an important note about eaccelerator: if eaccelerator is running and you upgrade apache to a different version, Apache will keep on failing
until eaccelerator is disabled. The proper procedure is: first disable eaccelerator, then upgrade apache, then upgrade eaccelerator to the right version.
15) use this guide to install mod_security: http://www.eth0.us/?q=mod_security
16) - Run the following commands:
chmod 750 /usr/bin/rcp
chmod 750 /usr/bin/wget
chmod 750 /usr/bin/lynx
chmod 750 /usr/bin/links
chmod 750 /usr/bin/scp
chmod 000 /etc/httpd/proxy/
17) Make sure the kernel is up to date, and if not make sure to upgrade it to the latest version. Same goes for all other system software.
18) Enable mysql query cache by inserting the following two lines in /etc/my.cnf (at the right place):
query-cache-type = 1
query-cache-size = 100M
You can adjust that 100M to whatever number you see fit. Make sure to restart mysql afterwards.
/etc/init.d/mysql restart
19) install rkhunter and run it (if it shows errors make sure to run rkhunter --update and try again when it's done).
20) Also setup the following in the crontab:
10 0 * * * /usr/local/bin/rkhunter --update > /dev/null 2>&1
25 0 * * * /usr/local/bin/rkhunter -c --nocolors --cronjob --report-mode --createlogfile --skip-keypress --quiet
- enter this in /root/.bash_profile all the way at the bottom and replace email@address.com by the email address of the client:
echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | awk '{print $6}'`" email@address.com
21) Enter this in /etc/motd:
This computer system is for authorized users only. All activity is logged and regulary checked by systems personal. Individuals using this system without authority or in excess of their authority are subject to having all their services revoked. Any illegal services run by user or attempts to take down this server or its services will be reported to local law enforcement, and said user will be punished to the full extent of the law.
Anyone using this system consents to these terms.
22) Tweak the httpd.conf. Mainly just look at how active Apache is and increase the number of allowed connections to whatever it needs. Never decrease this number.
23) Furthermore it's important to look at the specific purpose of the server (if the server is already in use that shouldn't be too hard to see, and if the server isn't in use yet just ask the client). If you see a specific resource hog it's important to focus on that and improve the server's performance as you see fit.
If you did all the above securities with treaks on your server then I am sure it is really hard for a hacker to get the server ....... lol
How to disable mod_security on Linux server
Problems with mod_security - getting 403 Forbidden / Not Acceptable?Recently, there have been many reports on this forum regarding problems with mod_security, one of the modules loaded into Apache. If you are having problems with 403 Forbidden or other problems that happen once in a while for quite mysterious reasons, read on and see if mod_security is your problem.
The apparent error that is generated is normally a page saying: * 403 Forbidden: You don't have permission to access
on this server.
* Not Acceptable: An appropriate representation of the requested resource could not be found on this server.
In the server error log, an error similar to the one below may show up:
[Sat Oct 8 16:33:45 2005] [error] [client 143.126.829.678] mod_security: Access denied with code 403.
Here are a list of known symptoms
* Admin CP - Templates Manager - Cannot expand the usercp template group
* Front end - Posting/Editing posts - Message with content similar to harmful commands (example: uname -a)
* The above errors occur when specific data is being requested from the server (example: all the other template-groups work except for usercp templates, and other messages are able to be posted)
Confirm that mod_security is installed on your server:
To confirm that the mod_security module is installed on your server, open your PHP Info page (there is one in your forum's Admin CP). Scroll down and find the heading "Loaded Modules" and see if "mod_security" is in the list.
The Solution is as follows :
Place this code in a .htaccess file in your MyBB folder on the server.
Code:
SecFilterEngine Off
Note, this will disable the security function of the mod_security module for the files inside the MyBB folder. This solution is a tradeoff: security vs usability. Use this solution at your own risk.
It is an Apache modification, designed like a firewall, its purpose 'is to increase web application security, protecting web applications from known and unknown attacks'.
please refer below url:
http://www.modsecurity.org/
You can always just upload the .htaccess file when you need to edit the User CP templates (if that is the only problem you are having), and then delete it when you no longer need to use it.
As ModSecurity is an open source intrusion detection and prevention engine for web applications but sometimes it is configured in wrong format. It is better to disable it at this time .....Enjoy
How to install mod_security on Linux server
Definition of mod_security or modsecurity : ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful applications from attacks. ModSecurity supports both branches of the Apache web server.
Requirements:Apache Web Server 1.3x or 2.x
Note: We have confirmed this security addon works with Cpanel based servers.
Installation : 1. Login to your server through SSH and su to the root user.
2. First your going to start out by grabbing the latest version of mod_security
# wget http://www.modsecurity.org/download/mod_security-1.7.4.tar.gz
3. Next we untar the archive and cd into the directory:
# tar zxvf mod_security-1.7.4.tar.gz
# cd mod_security-1.7.4/
4. Now you need to determine which version of apache you use:APACHE 1.3.x users
cd apache1/
APACHE 2.x users
cd apache2/
5. Lets Compile the module now:# /usr/local/apache/bin/apxs -cia mod_security.c
6. Ok, now its time to edit the httpd conf file. First we will make a backup just incase something goes wrong:
# cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.backup
7. Now that we have backed it all up, we can edit the httpd.conf. Replace pico with nano depending on what you have
pico /usr/local/apache/conf/httpd.conf
8. Lets look for something in the config, do this by holding control and pressing W and you are going to search for
(altho any of the IfModules would work fine)
9. Now add this
# Turn the filtering engine On or Off
SecFilterEngine On
# Change Server: string
SecServerSignature " "
# Make sure that URL encoding is valid
SecFilterCheckURLEncoding On
# This setting should be set to On only if the Web site is
# using the Unicode encoding. Otherwise it may interfere with
# the normal Web site operation.
SecFilterCheckUnicodeEncoding Off
# Only allow bytes from this range
SecFilterForceByteRange 1 255
# The audit engine works independently and
# can be turned On or Off on the per-server or
# on the per-directory basis. "On" will log everything,
# "DynamicOrRelevant" will log dynamic requests or violations,
# and "RelevantOnly" will only log policy violations
SecAuditEngine RelevantOnly
# The name of the audit log file
SecAuditLog /var/log/httpd/audit_log
# Should mod_security inspect POST payloads
SecFilterScanPOST On
# Action to take by default
SecFilterDefaultAction "deny,log,status:500"
# Require HTTP_USER_AGENT and HTTP_HOST in all requests
SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
# Prevent path traversal (..) attacks
SecFilter "../"
# Weaker XSS protection but allows common HTML tags
SecFilter "<[[:space:]]*script" # Prevent XSS attacks (HTML/Javascript injection) SecFilter "<(.|n)+>"
# Very crude filters to prevent SQL injection attacks
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"
SecFilter "select.+from"
# Protecting from XSS attacks through the PHP session cookie
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"
10. Save the file Ctrl + X then Y
11. Restart Apache
/etc/rc.d/init.d/httpd stop
/etc/rc.d/init.d/httpd start
You've successfully installed mod_security!
Quick fixes for issues on Linux and Windows server : part B)
Following are the useful commands and tweaks used on Linux and Windows server : H) Mails are not delivering from Mail Queue Manger.: 1) Go to shell.
2) service iptables save
3) service iptables stop
4) iptables -A INPUT -p tcp --dport 953 -j ACCEPT
5) iptables -A INPUT -p tcp --dport 53 -j ACCEPT
6) iptables -A INPUT -p udp --dport 53 -j ACCEPT
7) iptables -A INPUT -p udp --dport 953 -j ACCEPT
===================================================
I) Steps to change the Hostname of Linux server: 1) login to your server via ssh
2) su -
3) wget http://ezsm.net/hostname.sh
5) sh hostname.sh
6) answer the questions
7) done.
===================================================
J) How to install ssl from existing or from backup folder :1) check if the domain has dedicated IP
2) cp /backup/new/cpbackup/weekly/user.tar.gz
3) un-tar the file
4) cd user/sslkeys/
5) copy .key file to /usr/share/ssl/private
6) cd sslcerts/
7) cp .cabundle to /usr/share/ssl/certs
8) cp .crt to /usr/share/ssl/certs
9) in whm Install a SSL Certificate and Setup the Domain
===================================================
K) How to configure php through command line : ./configure --with-apxs=/usr/local/apache/bin/apxs --prefix=/usr/local
--with-xml --enable-bcmath --enable-calendar --with-curl --enable-exif
--enable-ftp --with-gd --with-jpeg-dir=/usr/local --with-png-dir=/usr
--with-xpm-dir=/usr/X11R6 --with-gettext --enable-mbstring
--enable-mbstr-enc-trans --enable-mbregex --with-mcrypt --with-mhash
--with-ming=../ming-0.2a --enable-magic-quotes --with-mysqli
--with-mysql=/usr --with-openssl --enable-discard-path --with-pear
--enable-xslt --with-xslt-sablot --enable-sockets --enable-track-vars
--with-ttf --with-freetype-dir=/usr --enable-gd-native-ttf
--enable-versioning --enable-wddx --with-xmlrpc --with-zip --with-zlib
===================================================
L)How to Reset password for root in Mysql (Linux / Windows)For Linux1) mysqld --skip-grant-tables -u mysql &
2) mysql
For Windows1) Go to mysql directory bin/
2) mysqld-nt --skip-grant-tables
2) Open new command prompt.
3) Go to mysql directory bin/
4) mysql -uroot/admin
Comman commands
5) flush privileges;
6) UPDATE user SET password=password("your root password") WHERE
user="root/admin"; #to reset password
7) GRANT ALL PRIVILEGES ON *.* TO root/admin@localhost IDENTIFIED BY
'password' WITH GRANT OPTION; # grant all privilege
8) flush privileges;
9) \q
==================================================
M) How to delete footer in Horde + pleskTwo options:Option 1 -
If you want to disable it entirely, edit
/home/httpd/vhosts/webmail/horde/imp/config/config.php and look for this
portion of the configuration:
1) Search for: $conf['msg']['append_trailer'] = true;
2) change from true to false.
Option 2 -
1) edit /home/httpd/vhosts/webmail/horde/imp/config/trailer.txt
===================================================
N) How to create a service in windows plesk ( sw-soft) :sc create "DrWebCom" binPath= "C:\Program
Files\SWsoft\Plesk\DrWeb\drwebcom.exe" DisplayName= "DrWebCom"
sc create "service name" binPath= "path of service" DisplayName="Displayname"
===================================================
O) How to reset password of mysql in Linux + plesk : 1) Load MySQL with the 'skip-grant-tables' in /etc/my.cnf like below.
[mysqld]
default-character-set=latin1
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
set-variable=max_connections=500
skip-grant-tables
2) Log on the MySQL server and set an empty password for root.3) Comment out or remove string 'skip-grant-tables' like below.
[mysqld]
default-character-set=latin1
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
set-variable=max_connections=500
#skip-grant-tables
4) Then restart mysqld service with command
/sbin/service mysqld restart
==================================================
P) Adding spf record in dns Zone: ( cPanel)1) go to the db file of the domain vi /var/named/domainname.com.db
2) add this line <> 14400 IN TXT "v=spf1 a mx ptr ~all"
Thats all
===================================================
Q) How to find out from where the files are uploading in /tmp folder : 1) go to cd /usr/local/apache/domlogs/
2) type cmd grep GET * |grep /tmp *
===================================================
R) How to find DDos attack on a server : netstat -autpn | grep :80 | wc -l
netstat -tn | grep :80 | grep 65.254.51.82 | cut -c 45-65 | sort -n | less7
route add
reject
===================================================
S) How to trace spam on a server :
open exim.conf file by vi /etc/exim.conf and paste following lines in third line of file
log_selector = +address_rewrite +all_parents +arguments +connection_reject
+delay_delivery +delivery_size +dnslist_defer +incoming_interface
+incoming_port +lost_incoming_connection +queue_run +received_sender
+received_recipients +retry_defer +sender_on_delivery +size_reject
+skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error
+smtp_syntax_error +subject +tls_cipher +tls_peerdn \
====================================================
T) How to add ports in iptables:
# iptables -A INPUT -p tcp -m tcp --dport -j ACCEPT
# iptables -A INPUT -p tcp -m tcp --dport 2086 -j ACCEPT
====================================================
U) Kill all pocesses running by Nobody :
ipcs -s | grep nobody | perl -e 'while () {@a=split(/\s+/); print
`ipcrm sem $a[1]`}'
====================================================
Quick fixes for issues on Linux and Windows server
part A) Quick fixes for issues on Linux and Windows server :
Following are the useful commands and tweaks used on Linux and Windows servers :
A) To Upgrade php on Cpanel:1) first login as :For Linux server:
server ip address
root /
OR
For Windows server:
server ip address
Username: Administrator /
2) ssh rootpasswd
commands:
# /scripts/easyapache >> select 7 >> enter >> select most comman options >>
exit >> exit >> do you want to save >> yes. >> enter.
type: # php -m> to view the installed component.
type: # php -v> to view the version of php.
===========================================
B) To Rrestore an account from another server (ssh)
1) ssh root (Old)
passwd (old)
2) ssh
root (New)
passwd (New)
In old:
# /usr/local/cpanel/cpkeyclt : to upload the license
===============================================
C) How to change the Hostname :
Files to change the hostname
# /etc/hosts
# /etc/sysconffig/network
# /etc/httpd/conf/httpd.conf
# /proc/sys/kernel/hostname
================================================
D) How to solve the problem of Fantastico De Luxe WHM Admin.
1) login to client server via ssh.
2) check permissions of /etc/httpd/conf/httpd.conf file it should be 644.
3) if problem doesn't solves then run command : # /scripts/upcp --force
4) if then also problem doesn't solve then go to the link:
http://netenberg.com/forum/viewtopic.php?t=950)
Copy the following lines from the site:
# cd /usr/local/cpanel/whostmgr/docroot/cgi
# wget -N http://www.netenberg.com/files/free/fantastico_whm_admin.tgz
# tar -xzpf fantastico_whm_admin.tgz
# rm -rf fantastico_whm_admin.tgz.
6)Paste it in the shell and press enter.
7) Now go to the WHM>>addon>>fantisco>>install>>install (clickhere)
=================================================
E) How to update the stats of a particular User.
1) login to server via ssh.
2) # grep /etc/userdomains to know the username.
OR
# cat /etc/userdomains | grep
3) copy the username.
4) type command
# /scripts/runweblogs >>enter
This will update the stats of the user.
==================================================
F) How to deleted unwanted things from /usr partion.
1) Login to client machine via ssh.
# df -h
3) then go to :
# cd /usr/local/apache/logs
# ls -ihS
# echo > error_log
# echo > suexec_log
# cd ../domlogs/
# ls -lhS | head -n 20
# echo > anyone from the list.
===================================================
Upgrading PHP from shell:
http://layer1.cpanel.net/buildapache/1/libmcrypt-2.5.7.tar.gz
http://layer1.cpanel.net/buildapache/1/mhash-0.8.18.tar.gz
http://layer1.cpanel.net/buildapache/1/curl-7.12.0.tar.gz
http://layer1.cpanel.net/buildapache/1/php-4.4.1.tar.gz
./configure --prefix=/usr/local --with-xml --enable-bcmath
--enable-calendar --with-curl --enable-exif --enable-ftp --with-gd
--with-jpeg-dir=/usr/local --with-png-dir=/usr --with-xpm-dir=/usr/X11R6
--enable-mbstring --enable-mbstr-enc-trans --enable-mbregex --with-mcrypt
--with-mhash --enable-magic-quotes --with-mysqli --with-mysql=/usr
--with-openssl --enable-discard-path --with-pear --enable-so
# wget http://layer1.cpanel.net/buildapache/1/libmcrypt-2.5.7.tar.gz
# tar -zxvf libmcrypt-2.5.7.tar.gz
# cd libmcrypt-2.5.7
# ./configure
# make
# make install
Installing Postgresql on Linux server
Installing Postgresql on Linux server Requirements : cPanel requires Postgresql 7.3.x or later. As the 7.2.x will not work.
Installation:Step 1: Upgrade to cPanel 7.4.0 build 45 or later
Step 1:a (If you do not have 7.2.x or earlier installed skip this step)
Login to a root shell via ssh or the console.
If you have Postgres 7.2.x installed, backup your databases using pg_dumpall or some other method.
Move the postgres data directory somewhere else. ie
mv /var/lib/pgsql /var/lib/pgsql.old
Step 2 : Login to a root shell via ssh or the console and run
# /scripts/installpostgres
Step 2:a (skip this step if you are not upgrading from postgres 7.2 or earlier
Restore your sql dump created with pg_dumpall or by some other method using psql or some other method
Step 3: Login to Web Host Manager and choose "Postgres Config" under Server Setup.
Set a postgres password to anything of your choosing. You should avoid using any non-alpha numeric charaters as these cause problems.
Step 4 : Use the "Postgres Config" option in WHM to install a postgres pg_hba.conf file. You can skip this step if you would like to setup your pg_hba.conf file manually.
cPanel should work fine with md5 passwords or plaintext passwords
Step 5 : Login to cPanel and click on Postgres ..... Enjoy!
Installing Zend optimizer
How to install Zend optimizer on Linux server with any control panel : 1) First off you’ll need to grab a copy of the optimizer depending on what platform you would like to install it on. you can find it at zend dot com
Linux users should grab the Linux glibc2.1
2) Once you have downloaded the file locally you’ll need to upload it to your web server. FTP to your server and upload it to a directory of your choice. It’s to bad that Zend had to make it so they couldn’t provide us with a direct download so you can’t wget the file directly from the server… a bit of a pain.
3) Uncompress/extract the file
# tar zvfx ZendOptimizer*.tar.gz
# cd ZendOptimizer-2.5.3-linux-glibc21-i386/
4) Now run the installer,
# ./install.sh
5) Now follow the instrustions on the screen.
6) Ensure that Zend Optimizer is working you can do the following in the shell.
# php -v
You should see something like this for output:
PHP 4.3.8 (cgi) (built: Sep 1 2004 17:00:35)
Copyright (c) 1997-2004 The PHP Group
Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies
with Zend Optimizer v2.1.0, Copyright (c) 1998-2003, by Zend Technologies
7) After the installation is complete you can remove the directory.
cd to where the extracted Zend first.
# rm –rf ZendOptimizer-2.5.3-linux-glibc21-i386
For cpanel :
If you are on a cpanel server, its even simpler -
# /scripts/installzendopt
Thats it..... the zend optimizer has been installed on your server.
