How to install ImageMagick on Linux/Plesk server? Follow the below steps to install ImageMagick on a Plesk server. Login to your server as root and execute the following commands:

1. Install “ImageMagick” package via YUM.

yum install ImageMagick

2. Now install “ImageMagick-devel”

yum install ImageMagick-devel

3. Install “php-pear” required for “pecl”. It will install and compile ImageMagick with PHP for you.

yum install php-pear

4. Now, you need to install ImageMagick using pecl

pecl install imagick

A imagick.so file will be created under /usr/lib/php/modules/ directory. Now, edit the php configuration file /etc/php.ini and add the following line after the “extension_dir” directive

extension = “imagick.so”

Save the file and restart the httpd service. That is it. You can verify using the command:

php -i | grep imagick

Sometimes the crond service fails quite often without any clue and it becomes necessary to monitor the cron service and auto-restart it. cPanel offers ‘chkservd’, a monitoring daemon that monitors the services on the server and restart them if found offline. cPanel/WHM do not provide an option to include the ‘crond’ service under the monitoring daemon, so following are the steps you can follow to achieve it:

Create a crond file under the chkservd.d directory where all the services files are placed:

# pico /etc/chkserv.d/crond

Add the following and save the file:

service[crond]=x,x,x,/etc/init.d/crond restart,crond,root

Now you need to edit the chkservd configuration file and enable the crond service for monitoring

# pico /etc/chkserv.d/chkservd.conf

add the following line at the end of the file

crond:1

Now, save the file and restart the chkservd service for the new changes to take affect:

# /scripts/restartsrv chkservd

In order to verify if chkservd auto-restarts the crond service if found offline, stop the service manually

# service crond stop

and watch the logs

# tail -f /var/log/chkservd.log

You will notice that the crond service is restarted automatically within 5 minutes.

Q: I have problem with .Net Framework 4.
i install .net 4. but i cant run .net 4 project.

i change application pool from IIS to .net 4 classic and integrated but i have HTTP Error 500.19 – Internal Server Error.
now how can i fix that problem ?
i need to solve this problem.

A: Grant the httpdocs folder read/list permission for IIS_WPG service. I think .NET 4 is still not supported by Plesk (among many other things they’re lacking behind)

Latest update of the openssl package from CentOS breaks Parallels Panel 9.x. Errors are displayed in the /var/log/sw-cp-server/error_log file when Panel is trying to start.

The problem has been fixed since version 9.5.0.

Download the appropriate package using the wget utility. Example for CentOS 5 x86:

Install the downloaded package. Example for CentOS 5 x86:

Reference : http://kb.parallels.com/

How to make a Plesk server PCI Compliant?

Nowadays many of the Banks And Credit Card companies ask you to implement security standards on your server for client data protection which is known as PCI Compliance. Follow the below steps to achieve security standards on your server.

1 ) To turn off SSLv2 for port 8443 (Plesk port), create a file /usr/local/psa/admin/conf/httpsd.custom.include and insert the following lines:

SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!NULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:+SSLv3:+TLSv1:-SSLv2:+EXP:+eNULL

Once you insert the above lines, restart the ‘psa’ service and run the ‘openssl’ command to test:

service psa stopall
service psa start all
openssl s_client -connect localhost:8443 -ssl2

2) To turn off SSLv2 for port 443 (Apache SSL port), edit the file /etc/httpd/conf.d/ssl.conf and insert the following lines:

SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!NULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:+SSLv3:+TLSv1:-SSLv2:+EXP:+eNULL

Once you insert the lines, restart the ‘httpd’ service and run the ‘openssl’ command to test:

service httpd restart
openssl s_client -connect localhost:443 -ssl2

3) To turn off SSLv2 for 995 (POP3) and 993 (IMAP) ports, edit the following files

vi /etc/courier-imap/imapd-ssl
vi /etc/courier-imap/pop3d-ssl

comment the line which starts with “TLS_CIPHER_LIST” and insert the following line:

TLS_CIPHER_LIST=”ALL:!ADH:RC4+RSA:!SSLv2:!LOW:@STRENGTH”

restart the ‘courier-imap’ service and execute the ‘openssl’ command to test:

service courier-imap restart
openssl s_client -connect localhost:995 -ssl2
openssl s_client -connect localhost:993 -ssl2

4) To turn off SSLv2 for port 465(SMTPS), create the following files:

vi /var/qmail/control/tlsserverciphers
vi /var/qmail/control/tlsclientciphers

and insert the following code:

ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:!SSLv2:RC4+RSA:+HIGH:+MEDIUM

Once done, restart the ‘qmail’ service and test the connection on SSLv2:

service qmail restart
openssl s_client -connect localhost:465 -ssl2

This will disable SSLv2 for all the SSL ports of your server.

5) To disable TRACE and TRACE for Apache, place the following lines in the Apache configuration file + in the VirtualHost of each domain:

 

    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^TRACE|TRACK
    RewriteRule .* – [F]

    TraceEnable off

 

Save the file and restart the ‘httpd’ service.

6) I would recommend to use the secure port 8443 to access Plesk and block the non-secure one 8880.

    iptables -A INPUT -p tcp -s 0/0 -–dport 8880 -j DROP
    service iptables save
    service iptables restart

7) In order to upgrade the PHP version, refer the post:

http://thegioinguonmo.com/how-to-upgrade-php-on-a-plesk-server/

8 ) To turn off recursion for the bind service, edit the named configuration file:

vi /etc/named.conf

add the following line in the “options” section:

recursion no;

Save the file and restart the ‘named’ service.

The way to enable allow_url_fopen on a phpsuexec and a non-phpsuexec server is different. For security reasons the option is mostly disabled server wide, however, you can turn it ON for a single domain/account incase it is required.

Here how it needs to be done.

• On a non phpsuexec server:

Goto the /usr/local/apache/conf/ directory,

# cd /usr/local/apache/conf/

see if you have a “userdata” directory there? If not, create the “userdata/<username>” directory and then the file allowurl.conf inside it. So the complete path should look like:

# pico /usr/local/apache/conf/userdata/<username>/allowurl.conf

and add the following to the file

<IfModule mod_php5.c>
 php_admin_value allow_url_fopen On
 php_admin_value allow_url_include On
 </IfModule>

Now, edit the Apache configuration file and scroll down to the VirtualHost entry of the domain. Include the path of the above created file in it, as shown below:

Include "/usr/local/apache/conf/userdata/<username>/allowurl.conf"

Save the file and rebuild the apache configuration

# /usr/local/cpanel/bin/apache_conf_distiller --update
# /usr/local/cpanel/bin/build_apache_conf
# /scripts/restartsrv httpd

This will enable allow_url_fopen for that domain.

• On a PhpSuExec Or SuPHP server:

On a SuPHP enabled server, turning ON allow_url_fopen in the VirtualHost entry won’t work since PHP is not working as a Apache Handler anymore.

In such a case, copy the global php.ini of the server under directory of the domain, say public_html (you need to copy php.ini to the directory, where your script with allow_url_fopen resides)

# cp /usr/local/lib/php.ini /home/<username>/public_html/

Edit the new php.ini file and enable allow_url_fopen in it

allow_url_fopen = On

Save the file. Thats it.

BTW, replace “<username>” with the actual username of the domain wherever stated above.

“phpMyAdmin: Cannot start session without errors” is a common error while accessing phpmyadmin on a cPanel server. The problem relates to either of the following listed issues OR both

a) session.save_path parameter is not set properly in the phpMyAdmin configuration.
b) Ownership of the ‘phpmyadmin’ directory is incorrect.

1) To set “session.save_path”,  edit the phpMyAdmin configuration file

# pico /usr/local/cpanel/base/3rdparty/phpMyAdmin/config.inc.php

Search for the parameter and set the value to /tmp

session.save_path =  /tmp

2) To correct the ownership of the directory, goto /var/cpanel/userhomes directory and execute

# chown cpanelphpmyadmin.cpanelphpmyadmin cpanelphpmyadmin -R

Once the issues are corrected, open phpMyAdmin in a different window ( to eliminate cache problem) and it should work fine.

How to configure alternate SMTP port OR change the SMTP port on a Plesk server? Sometimes some ISPs block port 25 for security reasons in which case, you need to open an alternate SMTP port on your server for your clients. Plesk do not offer a straight forward method of configuring an alternate SMTP port, instead you have to configure it manually.

SMTP on Plesk servers runs under xinetd service and the file resides under /etc/xinetd.d directory. The file for SMTP port 25 is /etc/xinetd.d/smtp_psa. In order to configure an alternate port say for example 2525, follow the below steps:

1. Make a copy of smtp_psa as smtp_psa_new under /etc/xinetd.d/ directory

cp -p smtp_psa smtp_psa_new

2. Edit the smtp_psa_new file and replace the line

service smtp
with
service smtp_new

3. You now need to edit the /etc/services file and make sure the lines with port 2525 should look as follows:

smtp_new      2525/tcp        #alternate SMTP port
smtp_new      2525/udp      #alternate SMTP port

4. Save the file and restart the xinetd service.

/etc/init.d/xinetd restart

SMTP service will now listen on port 2525 as well which you can verify using the ‘telnet’ command:

telnet yourserverip 2525

Issue: Hosting account do not show up in WHM

Cause: /etc/trueuserdomains file which holds a list of account on the server is empty
Solution: restore contents of /etc/trueuserdomains and update cpanel with /scripts/upcp

this script to help install ruby on rails

cd /usr/src
wget ftp://ftp.ruby-lang.org/pub/ruby/ruby-1.8.5.tar.gz
tar -xzvf ruby-1.8.5.tar.gz
cd ruby-1.8.5/
./configure
make
make test
make install
cd /usr/src
wget http://rubyforge.org/frs/download.php/5207/rubygems-0.8.11.tgz
tar -zxvf rubygems-0.8.11.tgz
cd rubygems-0.8.11
ruby setup.rb
gem update
gem install rails –include-dependencies
rails /usr/local/rails
mv /usr/local/rails/public/.htaccess /usr/local/rails/public/.htaccessfile
echo “RewriteBase /rails” > /usr/local/rails/public/.htaccess
cat /usr/local/rails/public/.htaccessfile >> /usr/local/rails/public/.htaccess
mv /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conffile
echo “Alias /rails /usr/local/rails/public” > /usr/local/apache/conf/httpd.conf
cat /usr/local/apache/conf/httpd.conffile >> /usr/local/apache/conf/httpd.conf
cd /usr/local/cpanel/apache
/usr/local/apache/bin/apxs -iac mod_log_bytes.c
/usr/local/apache/bin/apxs -iac mod_bwlimited.c
/usr/local/apache/bin/apxs -iac mod_bandwidth.c
/etc/rc.d/init.d/httpd restart

In order to increase memory limit for Java, perform the following steps, edit the file:

/var/cpanel/tomcat.options

Insert the following 2 lines:

Xmx200M
Xms100M

where, Xmx is the upper limit and Xms is the lower limit. You have to replace the values as per your requirement. Save the file and restart the tomcat service:

root@server [~]#/scripts/restartsrv tomcat

I am trying to ‘make’ mod_security on server with DA but keep getting this error:

yum install expat-devel 

How to install SuPHP/phpSuExec on a Plesk server?

SuPHP Or PHPSuExec is a module that increases the security of the server and executes PHP files under the ownership of the owner of the file instead of the Apache user i.e. “apache”.

The advantages of having suPHP are:

1. Files and Directories those need 777 permissions to write into, via the browser will now need a maximum of 755 permissions. The files/directories with 777 permissions will result in an “Internal Server Error”.

2. If you need to manipulate the value of a php directive for a domain, for ex. register_globals, it needs to be placed in the php.ini of a domain instead of the .htaccess file as it will result in an “Internal Server Error”.

3. All the files and directories uploaded using a script will have the ownership of the user instead of user ‘apache’ (i.e. the Apache user).

4. A user can edit/remove the files using Ftp that are uploaded via the browser.

In order to install SuPHP on the server, download and install the atomic script

# wget -q -O - http://www.atomicorp.com/installers/atomic | sh

Once the script is installed, install SuPHP module using yum

# yum install mod_suphp

The next step is to load the SuPHP module with Apache. The suphp installation automatically creates a “suphp.conf” file under the Apache configuration directory, if not create it.

# vi /etc/httpd/conf.d/suphp.conf

and insert the following lines:

#Load the Mod_SuPHP module
LoadModule suphp_module modules/mod_suphp.so php_admin_value engine off 
# Enable handlers
suPHP_AddHandler x-httpd-php AddHandler x-httpd-php .php .php3 .php4 .php5
#Enable the SuPHP engine
suPHP_Engine on

Apache calls all the configuration files from the /etc/httpd/conf.d directory by default so there is no need to include the module in the httpd.conf file separately.

Now,  configuration file under /etc should be present (if not create it)

vi /etc/suphp.conf

copy/paste the following contents as it is:

[global] logfile=/var/log/suphp.log loglevel=info webserver_user=apache docroot=/var/www/vhosts allow_file_group_writeable=false allow_file_others_writeable=false allow_directory_group_writeable=false allow_directory_others_writeable=false check_vhost_docroot=false errors_to_browser=false env_path=/bin:/usr/bin umask=0022 min_uid=500 min_gid=500 [handlers] x-httpd-php="php:/usr/bin/php-cgi" x-suphp-cgi="execute:!self"

Make sure the “handle_userdir” directive is commented or removed from the file since it is deprecated from the latest version.

At the end, we have to restart the httpd service for all these changes to take effect

# service httpd restart

Test the SuPHP installation: Create a phpinfo.php file with 777 permission and it should show you an “Internal Server Error” on browsing.

Related Links:
How to install/enable SuPHP on a cPanel server?

The following is a guide to installing ConfigServer Services‘ firewall and login failure daemon.

Warning: The Latest version of CSF does not work properly with DirectAdmin on CentOS 5 machines with Apache 2+

CSF + LFD is a full security suite. I have provided a list of the features that I have personally tested and have made work on a DirectAdmin server. I will include this list at the bottom of this post.

CSF + LFD have most of the functions APF provides, and more security features and brute force detection tools than BFD provides. It provides protection for small-scale DDoS attacks and SYN flood protection. A script to uninstall APF and BFD is included.

To install:

First, check to make sure there are no existing copies of csf in the folder:

rm -fv csf.tgz

Then:


wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh


CSF has now been installed at etc/csf

If you have APF and BFD installed you must remove them:

sh /etc/csf/remove_apf_bfd.sh

By default, the firewall is set to testing mode and many of the features are turned off. To turn your firewall on and modify the settings edit up your csf.conf file located in:

cd /etc/csf

I’ve created a generic csf.conf file that you may download from our server. This file will work on most DirectAdmin installations. I have only checked it on CentOS. Delete your current csf.conf file and:


cd etc/csf
wget http://oakdns.net/downloads/csf.conf


Be sure to chmod the conf file to 600 once you have downloaded it and change the following line:

TESTING = “1″

to

TESTING = “0″

Finally, turn the firewall on:

/usr/sbin/csf -s

——
At this point you are done. Your firewall is configured, your logins are being monitored, and you have basic DDoS protection. Read on if you are ready for more advanced configurations.
—–

In my generic the root user will receive email alerts, the Spamhaus filter is turned ON, connection monitoring will drop anyone that attempts to open 200 or more connections per second, and any user that uses the wrong password 20 times in a row is banned permanently.

I highly recommend you modify this file to suit your needs. I will provide a little guidance in this post, but it is your responsibility to learn what each feature does and decide whether to use it.

Key features that you may want to change:

Set the firewall to autoupdate. I recommend you do NOT do this, but the feature does exist:

AUTO_UPDATES = “1″

Raise the limit on the number of IP addresses you keep permanently banned. Replace 100 with the number of your choice. Remember, iptables will create 4 rules per IP address so this may slow down your server if you set it too high. If you set this value to 0 there will be no limit. I recommend you do NOT set the value to 0 as your list of blocked IP addresses will grow indefinitely and slow your server to a halt.

DENY_IP_LIMIT = “100″

Raise the limit on the number of IP addresses you keep temporarily banned. Replace 100 with your new limit. Again, it is highly recommended that you do not set it to 0.

DENY_TEMP_IP_LIMIT = “100″

Temporarily ban offenders rather than permanently banning them. This is a recommended change. Change 1 to a value in seconds. I recommend 3600, or an hour ban.

LF_TRIGGER_PERM = “3600″

Configure the system integrity monitor to check more or less often. I’ve set it to check once every hour in my generic file. Change the value in seconds. I would not make it less than 3600 seconds or you’ll create a high I/O load on the server.

LF_INTEGRITY = “3600″

Turn DShield, Spamhaus, or Bognos IP blocking on or off. I keep Spamhaus on as they run a tight ship and only block IP addresses that are known spammers beyond any doubt. I have no experience with DShield or Bogon. Set the value to 0 to disable, 1 to enable.

LF_DSHIELD = “0″
LF_SPAMHAUS = “1″
LF_BOGON = “0″

Change the connection tracking limit. Connection tracking checks how many connections a visitor is opening to your server. It’s effective in blocking small attacks. I’ve set my file to block any IP using more than 200 connections per second. You may make the value higher or lower, but if you set it too low it will block legitimate visitors, and if you set it too high it won’t catch small DOS attacks.

CT_LIMIT = “200″

Warn you if your server load goes over X. I’ve set it to 6 in my file.

PT_LOAD_LEVEL = “6″

Features that are known to work with DirectAdmin:

SPI iptables firewall

Daemon process that checks for login authentication failures for:
ssh
password protected web pages (htpasswd)
mod_security failures
suhosin failures

SSH login notification
SU login notification

Some DDoS protection:
Excessive connection blocking

A built in integrity checker:

Suspicious process reporting – reports potential exploits running on the server
Excessive user processes reporting
Excessive user process usage reporting and optional termination
Suspicious file reporting – reports potential exploit files in /tmp and similar directories
Alert sent if server load average remains high for a specified length of time
Directory and file watching – reports if a watched directory or a file changes
Block traffic on the DShield Block List and the Spamhaus DROP List
BOGON packet protection

IDS (Intrusion Detection System) – the last line of detection alerts you to changes to system and application binaries
SYN Flood protection
Ping of death protection
Port Scan tracking and blocking
Permanent and Temporary (with TTL) IP blocking
Exploit checks
Account modification tracking

Copy http://directadmin.com/forum/showthread.php?t=27315

Quite often you see the “lowest numbered MX record points to localhost: rejected RCPT error” error message in ‘exim_mainlog’ on a cPanel server. The error message appears while sending/receiving emails and it looks something like:

temporarily rejected RCPT <email@domainname.tld>: lowest numbered MX record points to local host

The reason for the error message is the domain “domainname.tld” is missing from the /etc/localdomains file of your server. The difference between the /etc/localdomains and /etc/remotedomains  files is that, they decide whether the email has to be delivered locally OR to a remote server respectively and is checked by the exim mail server.

To fix the issue, edit the file:

# pico /etc/localdomains

and place the domain name entry there. There is no need to restart the ‘exim’ service.

Error Message:

Remote host said: 553 sorry, that domain isn’t in my list of allowed rcpthosts

You may see the above error message in the mail logs of Qmail. Follow the below steps:

1. Make sure the domain name is present in the file “/var/qmail/control/rcpthosts”, if it doesn’t, turn off mail for that domain and then turn it back on.

You can turn Off/On mails for a domain from Plesk >> Domains >> domainname.tld  >>  “Web Hosting Settings” >> Enable/Disable button at the top.

2. If it doesn’t, then run,

/usr/local/psa/admin/bin/mchk -a

It will look like it finishes quickly, but it will actually run in the background. It rebuilds direcories, files, permissions on all mail accounts based on the information in the plesk db.

There are 2 Mail servers supported by Plesk and they are Qmail and Postfix, however, only one MTA (Message Transfer Agents) can be installed and used at a time. To check the current MTA in use, look at

Plesk -> Settings -> Services Management

OR you can execute the following command from SSH

# /usr/local/psa/admin/bin/mailmng --features | grep SMTP_Server $features['SMTP_Server'] = "QMail"; $features['SMTP_Server_package'] = "psa-qmail";

Plesk offers an ‘autoinstaller’ script to install/upgrade various components, using which you can switch from Qmail to Postfix OR vice-versa.

Before you switch, make sure you stop the SMTP service, to avoid accepting of new emails and deliver the emails that are in the mail queue.

Stop the SMTP service:

# /usr/local/psa/admin/sbin/mailmng --stop-smtpd

Switch MTA from Qmail to Postfix:

# /usr/local/psa/admin/sbin/autoinstaller --select-release-current \ --install-component postfix

OR switch MTA from PostFix to Qmail:

# /usr/local/psa/admin/sbin/autoinstaller --select-release-current \ --install-component qmail

That’s it.

One thing to note here is that, the change of mail server won’t change the mail format and the directory location where the messages are stored. However, the emails in the mail queue will be removed since the MTA is reconfigured.

Here are Various ways to find a Spammer on a Plesk server.

If emails are sent using a PHP script on a Plesk server, there are following 2 ways to determine the PHP script.

1) The following command will display the PHP scripts running in real-time. You have to execute the below script at the time the emails are been sent from your server rapidly.

Execute the below command as it is:

# lsof +r 1 -p `ps axww | grep httpd | grep -v grep | awk \
 ' { if(!str) { str=$1 } else { str=str","$1}}END{print str}'` \
 | grep vhosts | grep php

This will continuously display the path to the PHP files as they will be accessed and executed.

2) This method is used when you are not around and still wanted to trace the folder or the domain of the PHP script that is sending emails is running from.

a) Create a /var/qmail/bin/sendmail-wrapper file with the following contents

#!/bin/sh
 (echo X-Additional-Header: $PWD ;cat) | tee -a /var/tmp/mail.send \
|/var/qmail/bin/sendmail-qmail "$@"

Grant executable permission on the sendmail wrapper and replace it with the old sendmail file of Qmail as stated below:

# chmod a+x /var/qmail/bin/sendmail-wrapper
# mv /var/qmail/bin/sendmail /var/qmail/bin/sendmail-qmail
# ln -s /var/qmail/bin/sendmail-wrapper /var/qmail/bin/sendmail

b) Create a log file /tmp/mail.send and grant read/write permissions to all.

# touch /tmp/mail.send
# chmod a+rw /tmp/mail.send

c) Wait for a few hours and revert back the sendmail files

# rm -f /var/qmail/bin/sendmail
# ln -s /var/qmail/bin/sendmail-qmail /var/qmail/bin/sendmail

then go through the log file /tmp/mail.send. The log file contains “X-Additional-Header” lines that will display the path to the folder name the PHP scripts are residing in. Example:

X-Additional-Header: /home/vhosts/domain1.com

To locate all the domains the PHP scripts that are sending emails are residing in, execute:

# grep X-Additional /var/tmp/mail.send | grep \
 `cat /etc/psa/psa.conf | grep HTTPD_VHOSTS_D \
 | sed -e 's/HTTPD_VHOSTS_D//' `

If no script is listed, it means mail() php function was not used to send emails.

cPanel, WHM and even Webmail uses non-common ports which some Internet Server Providers (ISP) do not allow and makes it impossible for people to access any of these. cPanel works on 2082/2083, WHM 2086/2087 and Webmail 2095/2096.

The workaround is to install cPanel Proxy which works as a proxy gateway for Apache and the requests to cPanel/WHM/Webmail are then served through port 80 instead of their respective ports which are blocked by the ISP.

Here’s how to Install cPanel Proxy:
——————————————————————————–
1. You have to recompile Apache with the cPanel proxy module.
a) You can either execute ‘/scripts/easyapache’ script via SSH
OR
use WHM -> Software -> ‘EasyApache (Apache Update)’ option.

b) On the next step, leave the current profile as it is and click ‘Start Customizing Based on Profile’

c) Click ‘Next Step’ in the Apache/PHP selection pages and goto the 5th step

d) On the Short Options List, click ‘Exhaustive Options List’ button to list all the Apache/PHP modules.

e) Scroll down a bit and select the “Proxy” module

f) Click ‘Save and Build‘ and proceed to build Apache with the Proxy module.

It may take around 30 minutes for the process to complete. Once the module is compiled, a VirtualHost entry for the cPanel/WHM/Webmail sub-domains is added in the Apache configuration file.

Here’s how to Enable cPanel Proxy for an Existing account:
——————————————————————————————————————————–

2)  The next step is to add ‘A’ records for cPanel/WHM/Webmail for the domain you need to enable proxy access on. To add the records, goto

a) Goto WHM ->  DNS Functions.

b) Click ‘Edit a DNS Zone’ option and select the domain to edit and click Edit.

c) Scroll down to the empty boxes and add the following records

cpanel 14400 IN A ServerIP
whm 14400 IN A ServerIP
webmail 14400 IN A ServerIP

where, ‘ServerIP’ is the actual IP of the server.

d) Click ‘Save’.

Once the records are added, allow sometime to propagate and then you should be able to access cPanel at, http://cpanel.yourdomain.tld. You will be able to access WHM/Webmail the same way.

To change the SSH port number login as root, and edit /etc/ssh/sshd_config

Find the line that says Port 22 and change 22 to any number between 1024->65535 (above 30000 is best) and save the file.

Once done, run:

/etc/init.d/sshd restart

Now start a new SSH session (don’t close your existing one), to make sure that you can get in