If you perform a Plesk upgrade, you may notice you are unable to unsuspend a domain from the Plesk control panel resulting in the following message:

Warning: The domain is still suspended for the following reason: Domain is temporarily suspended for backing up or restoring.

Looking at the message, it appears that a backup process is running for the domain on the Plesk server but it is not, thus making things look complicated. In such a case, unsuspend the domain on the Plesk server from shell.

SSH to the server as root and execute:

# /usr/local/psa/bin/domain -u domain.tld -status enabled

This will un-suspend/enable the domain.

Sometimes you may see a “Segmentation fault” message while unsuspending the domain from shell. This indicates that there is a problem with plesk binaries and the Plesk upgrade didn’t go through successfully. You now need to install the Plesk base packages again from Plesk –> Updates, section.

Once the update is performed, reconfigure the domain:

# /usr/local/psa/admin/sbin/websrvmng --reconfigure-vhost --vhost-name=domain.tld

and enable it

# /usr/local/psa/bin/domain -u domain.tld -status enabled

This will un-suspend the domain and will leave you with a message “Object successfully enabled”.

After rebuilding Apache in CPanel using easyapache or WHM there are many things that can go wrong even if you use a stable branch of CPanel. For example Tomcat that was installed from CPanel can fail after the build and even if this might look unrelated to the apache build this can happen quite frequently.

If you are running tomcat on a cpanel server here is what you can do to help you from losing your tomcat instance:

• backup; newer cpanel versions backup apache, configs, etc. but they will not care about tomcat. This means it is your job to save the tomcat files. Here are some important folders you should save:
  /usr/local/jdk – this is a link to the real jdk used on the system (jdk1.5.0_05 or jdk1.6.0_02 for ex.); save the real jdk also, just in case…
  /usr/local/jakarta/tomcat - this will contain all your tomcat configs, apps, logs, etc.
  /usr/sbin/starttomcat and /usr/sbin/stoptomcat – scripts used to start and stop tomcat (in case you made local changes, memory tunings, etc.)

The files above can be lost during the rebuild, and it is important to have them on hand to restore tomcat if it fails starting after the apache build. For example last time this happened for us we had to fix the /usr/local/jdk link to point to the proper jdk (we use 1.5 and cpanel changed the link to 1.6) and also the startup scripts that contained various local customizations were obviously overwritten  .

Hopefully this information will be useful for other people, and hopefully you will see it before running easyapache

This article covers a wide range of methods for securing and optimizing your VPS/VDS. We do not provide any warranty for this article, so if you are not sure what you are doing please make sure you research before you do it.

Secure cPanel/WHM and the Root User on VDS:

Checking for formmail:

Form mail is used by hackers to send out spam email, by relay and injection methods. If you are using matts script or a version of it, you may be in jeopardy.

Command to find pesky form mails:

find / -name "[Ff]orm[mM]ai*"

CGIemail is also a security risk:

find / -name "[Cc]giemai*"

Command to disable form mails:

chmod a-rwx /path/to/filename

(a-rwx translates to all types, no read, write or execute permissions).

(this disables all form mail)

If a client or someone on your vps installs form mail, you will have to let them know you are disabling their script and give them an alternative.

Root kit Checker (rkhunter or chkrootkit)

Check for a root kits via a cron job, by doing this you will regularly check if your server is comprised, and you will be sent regular reports.

To install chkrootkit, login to the server as root and on the command line interface type:

cd /root/
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar xvzf chkrootkit.tar.gz
cd chkrootkit-0.47
make sense

To run chkrootkit, type the following on the CLI:

/root/chkrootkit-0.47/chkrootkit

To ensure the highest level of security setup a cronjob which emails you the results on a regular basis.
Setup Email on Root Login (to detect breaches)

If an unauthorized person gains access to root, you want to be notified – you can do so by doing the following while logged into root:

cd /root
vi .bash_profile

Add the following line:

echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | awk '{print $6}'`" your@email.com

Where your@email.com is your email address.

Save an exit vi: :wq

To change the SSH Legal Message (displayed when you login via SSH), edit /etc/motd to display the message you wish to show.
Securing WHM and cPanel:

By default cPanel/WHM is not setup securely and efficiently, so you will want to optimize the cPanel/WHM settings by doing the following:

Go to: Server Setup -> Tweak Settings

Under Domains tick:
· Prevent users from parking/adding common internet domains (hotmail.com, aol.com, etc)

Under Mail tick:
· Attempt to prevent pop3 connection floods
· Default catch-all/default address behavior for new accounts – set this to FAIL

Under System tick:
· Use jailshell as default on new accounts

Go to: Server Setup -> Tweak Security
· Enable php open_basedir protection
· Enable mod_userdir protection
· Disable compilers for unprivileged users

Go to: Server Setup -> Shell Fork Bomb Protection
· Enable shell bomb/memory protection

When creating reseller packages, be sure to:
· Disallow creation of packages with shell acces
· Disallow creation of packages with full root access

Go to: Service Configuration -> FTP Configuration
· Disable anonymous FTP access

Go to: Account functions -> Manage Shell Acess
· Disable shell access for all users (except yourself)

Go to: MySQL -> Manage Root Password
· Change Root Password for MySQL

Go to: Security -> Quick Security Scan for Trojan Horses, and make sure you don’t have any of the following infected:

· /sbin/depmod
· /sbin/insmod
· /sbin/insmod.static
· /sbin/modinfo
· /sbin/modprobe
· /sbin/rmmod

Update OS and Software:

If you are running cPanel:
· Update cPanel: /scripts/upcp
· Update Apache: /scripts/easyapache

If you are not running cPanel:
· Update OS and software: yum upgrade
General OS Security (do not need to be running cPanel):

Restict SSH access:
For improved security

Parts of this article were obtained from forum postings on WHT.

Q:  i install new directadmin on centos 6.2 x 64 and after install
# cd /usr/local/directadmin/custombuild
# ./build clean
# ./build mod_perl

and…. error

File already exists: mod_perl-2.0.4.tar.gz
MD5 Checksum on mod_perl-2.0.4.tar.gz passed.
Found /usr/local/directadmin/custombuild/mod_perl-2.0.4.tar.gz
Extracting …
Done.
Configuring mod_perl-2.0.4…
Can’t locate ExtUtils/Embed.pm in @INC (@INC contains: lib Apache-Test/lib /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at lib/Apache2/Build.pm line 27.
BEGIN failed–compilation aborted at lib/Apache2/Build.pm line 27.
Compilation failed in require at Makefile.PL line 36.
BEGIN failed–compilation aborted at Makefile.PL line 36.
Done. Making mod_perl-2.0.4…
Trying to make mod_perl…
make: *** No targets specified and no makefile found. Stop.

*** The make has failed, would you like to try to make again? (y,n):

tell me what is wrong. can not figure out where to dig. earlier in this version never set. was put on 5.8 with no problems.

A:

yum install perl-ExtUtils-Embed

and then try to build apache. 

In Parallels Plesk Panel 10.0.1 installed on RedHat 4 OS try upgrading any component through Autoinstaller in Parallels Plesk interface. The following error is shown:

For fixing this issue you can use following workarounds:

Edit /etc/sysconfig/rhn/sources file for use different IDs for sources added by Parallels Installer. Need to edit between component selection and installation process start.

Disable up2date: Edit file /root/.autoinstallerrc

Reference: http://parallels.com/

*** Note: If you’re running a VPS with a “simfs” file system, quotas usually cannot be enabled with normal means.  Contact yoru VPS provider to enable quotas for you.

DirectAdmin relies on the system quotas to return a value for how much space is being used.  DirectAdmin will run

/usr/sbin/repquota /home

Where /homeis the quota_partition value set in the /usr/local/directadmin/conf/directadmin.conf file (eg, /home, / or /usr).  The command should output a large list of numbers, eg

[root@server]# /usr/sbin/repquota /home
*** Report for user quotas on device /dev/hda3
Block grace time: 7days; Inode grace time: 7days
Block limits                File limits
User            used    soft    hard  grace    used  soft  hard  grace
———————————————————————-
root      –  417796       0       0           7446     0     0
nobody    –       4       0       0              1     0     0
bin       —   56880       0       0            510     0     0
majordomo —       8       0       0              2     0     0
diradmin  –       8       0       0              2     0     0
admin     —     200       0       0             44     0     0
user123   —     100       0       0             22     0     0
user456   —     100       0       0             22     0     0

If the “used” column is not showing anything, or users are not in the list, then you’ll need to run the quotacheck program:

Redhat:

/sbin/quotaoff -a; /sbin/quotacheck -avugm; /sbin/quotaon -a;

FreeBSD:

/usr/sbin/quotaoff -a; /sbin/quotacheck -avug; /usr/sbin/quotaon -a;

If are getting errors and no output is displayed for the repquota command, you’ll need to check your /etc/fstab file to make sure that it contains the rw,userquota,groupquota line beside the partition that is using the quotas.
*Important:  On Linux (Redhat/Debian), it’s usrquota,grpquota, and on FreeBSD it’s userquota,groupquota.

Sample /etc/fstab (do not make your’s look identical if it’s different, this is one example from a specific OS):

# Device                Mountpoint      FStype  Options         Dump    Pass#
/dev/ad0s1a                     /                       ufs     rw,userquota,groupquota 1       1
/dev/ad0s1e             /tmp            ufs     rw              2       2
proc                    /proc           procfs  rw              0       0

In this case, the quota_partition is /.  The quota partition should be the partition that holds your users.  Generally, this will be one of /home, / or /usr.

Once the repquota program is returning a normal value, then you can run the tally to get the correct usage to show up in DirectAdmin:

echo "action=tally&value=all" >> /usr/local/directadmin/data/task.queue

This task.queue command will get picked up by the dataskq binary.   It calls the repquota command and dumps it into /home/tmp/quota-dump.
Check /var/log/directadmin/errortaskq.log for any errors with this.
Running the tally manually for a User can also help with debugging these issues.

You suddenly realize that the emails on your server are not working and the mail logs shows the following messages:

1MnfEt-0007pQ-Tn == xyz@abc.com R=defer_router defer (-1): All deliveries are handled by MailScanner
1MnfBw-00037y-9h == abc@xyz.com R=defer_router defer (-1): All deliveries are handled by MailScanner

This mostly happens when Mailscanner is not working properly as all deliveries are handled by MailScanner. To fix the issue, restart your mail service first i.e.

service exim restart

then, start the Mailscanner executing the following command:

/usr/mailscanner/bin/check_mailscanner

If it displays any PIDs, kill them and execute the command again. This will start your MTA and MailScanner which will make sure your emails start working again.

Q: I have Reinstall DA in my Server, but I login squirrelmail with some error, “ERROR: Connection dropped by IMAP server.”, Please help me fixed this error

A:

cd /usr/local/directadmin/custombuild
./build to dovecot  

/usr/local/directadmin/directadmin c | grep dovecot  

You should see dovecot=1. Once that’s good, then restart DA.

Next, you’ll want to reconvert the passwd files. Type

 echo "action=convert&value=todovecot" >> /usr/local/directadmin/data/task.queue
/usr/local/directadmin/dataskq d400

If you receive “virtual.db: No such file or directory” error message while adding a domain in Plesk control panel, you need to create the virtual.db file and place it in the proper location. The complete error message looks like:

Failed domain creation: Unable to update domain data: mailmng failed: Fatal error: plesk::mail::postfix::PostfixConfigurationError(postmap:fatal:open database /var/spool/postfix/plesk/virtual.db: No such file or directory)

You need to manually fix the problem:
#Create the virtual.db file
postmap /etc/postfix/virtual

#Copy the .db file to the location you see in the error message:
cp /etc/postfix/virtual.db /var/spool/postfix/plesk/virtual.db

This will allow you to add domains on your server.

Generally, this isn’t the best thing to have happen because all of the data is stored there.  You’ll need to recreate all of the directory structures, as well as a few files required for DA to run:

1) Create the DA tmp directory so you can log into DA again:

mkdir -p /home/tmp
chmod 1777 /home/tmp

2) Create the /home/username directories and subdirectories:

cd /home
vi make_dirs.sh

press ‘i’ to go into “insert mode” then paste the following script (right click)

#!/bin/sh
for i in `ls /usr/local/directadmin/data/users`; do
{
 for d in `cat /usr/local/directadmin/data/users/${i}/domains.list`; do
 {
  mkdir -p /home/${i}/domains/${d}/public_html/cgi-bin
  mkdir -p /home/${i}/domains/${d}/private_html
  mkdir -p /home/${i}/domains/${d}/public_ftp
  mkdir -p /home/${i}/domains/${d}/stats
  mkdir -p /home/${i}/domains/${d}/logs
 };
 done;
 mkdir -p /home/${i}/backups    

 chown -R $i:$i /home/${i}
 chmod -R 755 /home/${i}
};
done;
exit 0;

Press “ctrl-c” to exit “insert mode”, then press “shift-Z” twice to save and exit.  Once the file is saved, type:

chmod 755 make_dirs.sh
./make_dirs.sh

While adding a cron job from cPanel, you may see an error message as

/usr/bin/crontab permissions are wrong (6755). Please set to 4755.

The reason is quite simple, the “crontab” executable have incorrect permissions as stated in the error message. The permissions of /usr/bin/crontab should be 4755.

root@server [~]# ls -la /usr/bin/crontab

-rwsr-xr-x 1 root root 208810 Jun 1 12:24 /usr/bin/crontab*

In order to set the required permissions, ssh to your server as user ‘root’ and use the the ‘chmod’ command to correct the permissions:

chmod 4755 /usr/bin/crontab
OR
chmod u+s /usr/bin/crontab

Once the permissions are corrected, you will be able to add the cronjobs from cPanel.

After the recent cPanel update your mailbox may be filling up with the “queueprocd service failed” emails. For example:

( queueprocd failed @ Fri Jan 1 00:00:00 2010. A restart was attempted automagically. Service Check Method: [check command] ) .

This look like a small bug with the latest cPanel version where it adds the “queueprocd” service to the cPanel monitoring service “chkservd” but does not install the service. If you try to restart the “queueprocd” service, you will realize that the service is not installed.

root@server [~]# /scripts/restartsrv queueprocd Sorry I don't know about queueprocd root@server [~]# 

To remove or disable the service from the chkservd monitoring, either uncheck queueprocd from

WHM >> Service Manager

Or edit the file chkservd.conf

# pico /etc/chkserv.d/chkservd.conf

and remove the “queueprocd” entry. Restart the “cpanel” and the ‘chkservd’ service once you save the file.

# service cpanel restart

# /scripts/restartsrv chkservd

Past that, I’d use a script, similar to what Peter mentioned. I tend to just write simple perl regex’s to work right on the user.conf files.
eg: disable spam:

cd /usr/local/directadmin/data/users
perl -pi -e 's/spam=ON/spam=OFF/' *.user.conf

for example (of course, that’s just a setting and hasn’t actually “done” anything.. to really disable spam, you must delete the users user_prefs file. If you want to delete everyone’s user_prefs file, type:

rm -f /home/*/.spamassassin/user_prefs

Each option in the user.conf may require some sort of action, which is why doing it through DA itself is usually better.. since DA does the action for you, as well as setting the user.conf file.

You may see an “Unable to exec utility packagemng” error message while accessing the Plesk control panel. The error generally occurs after performing a Plesk control panel upgrade and the complete error message looks like follows:

Components::componentUpdate() failed: Unable to exec utility packagemng: file does not exist or is not executable: /usr/local/psa/admin/bin/packagemng 0: auth.php3:551

This is due to the “packagemng” file is symlinked to the “wrapper” file and the ‘wrapper’ file don’t have the executable permissions for it’s group user “psaadm”.

The permissions of ‘packagemng’ file are (symlink):

# ls -la /usr/local/psa/admin/bin/packagemng lrwxrwxrwx 1 psaadm psaadm 15 Jan 01 01:01 /usr/local/psa/admin/bin/packagemng  -> ../sbin/wrapper

In my case the permissions of wrapper file were ( there was no executable permission)

# ls -la /usr/local/psa/admin/sbin/wrapper ---s------ 1 root psaadm 19760 Jan 01 05:20 /usr/local/psa/admin/sbin/wrapper

The correct permissions of the wrapper files are ( —s–x— ) which can be set using the following command:

# chmod 4110 /usr/local/psa/admin/sbin/wrapper

so it should look like

---s--x--- 1 root psaadm 19760 Jan 01 05:20 /usr/local/psa/admin/sbin/wrapper

Once done, you should be able to access the Plesk control panel.

If you feel emails are saturated in the Plesk Qmail mail queue, there is a possibility that your Plesk server is been used for sending spam emails.

On a Plesk server relaying is not allowed by default so following are the ways spamming is mostly done

1) using CGI by a user as explained in Section 1 below
2) PHP scripts as explained in Section 2 below. Also refer article to locate PHP scripts sending emails
3) by a compromised email account

First, lets look at the the mail queue

# /var/qmail/bin/qmail-qstat
messages in queue: 22507
messages in queue but not yet preprocessed: 0

As you can see above, there are a large amount of emails in the mail queue. The source of these emails could either be a PHP/CGI script OR an authorized email account on the server.

Let’s start with reading the message headers with ‘qmail-qread’

# /var/qmail/bin/qmail-qread
5 Nov 2012 11:50:17 GMT #768752 1231
remote user1@domain1.com
remote user2@domain1.com
remote user1@domain2.com

This will list the sender and recipient of all the emails in the mail queue.

In the above example #768752 is the message ID, now find out the location of this email to read the complete header

# find /var/qmail/queue/mess/ -name 768752
/var/qmail/queue/mess/0/768752

Above is the complete path to the mail file, now open the file and look for the “Received” line.

# cat /var/qmail/queue/mess/0/768752 | more

The “Received” line indicates from where the message was received OR invoked.

1) If the message is sent via CGI by a user, it will display the UID of the user as below:

Received: (qmail 26193 invoked by uid 10001); 5 Nov 2012 11:50:17

Now, search the UID 10001 in the passwd file to find the domain name

# grep 10001 /etc/passwd

This will display the domain name the UID 10001 belongs to.

2) The “Received” line indicates the UID of user Apache (i.e. 48)  if email is sent via a PHP script

Received: (qmail 26193 invoked by uid 48); 5 Nov 2012 11:50:17 +000

In such a case, you have to monitor the PHP scripts in real-time i.e. scripts that are running when emails are been sent.

Execute the below command as it is when the mail queue is growing rapidly

# lsof +r 1 -p `ps axww | grep httpd | grep -v grep | \
awk ' { if(!str) { str=$1 } else { str=str","$1}}END{print str}'` \
| grep vhosts | grep php

The above command won’t display the location of the php scripts, so please refer the article to locate the folders of the PHP scripts that are sending emails.

3) Many a time email accounts are compromised and used for sending bulk/spam emails from other locations. In such a case, “Received” line contains “invoked from network”

Received: (qmail 26193 invoked from network); 5 Nov 2012 11:50:17

Refer the article to find the compromised email accounts on a Plesk server.

Although PHP 5.2 is becoming outdated, still a lot of applications and custom scripts still works on PHP 5.2. However, as per cPanel PHP 5.2 is “End of Life” and may stop offering it soon. So here is the guide for people who want PHP 5.2 along side PHP 5.3 on a cPanel server and make use of both the PHP versions at the same time.

We are assuming the default PHP version installed on your sever is 5.3.x.

1. Download and untar PHP 5.2:

# mkdir /usr/local/buildphp52
# cd /usr/local/buildphp52
# wget http://museum.php.net/php5/php-5.2.9.tar.gz
# tar --strip-components=1 -zxvf php-5.2.*

2. Configure and install PHP

# ./configure --prefix=/usr/local/php52 --enable-cgi --enable-bcmath\
 --enable-calendar --with-mysql=/usr/bin -with-libdir=lib64\ --with-gd\
 --enable-mbstring   (you can add more modules per your wish)
 # make
 # make install

3. Now add the PHP 5.2 handlers to Apache

# pico  /usr/local/apache/conf/includes/pre_virtualhost_global.conf

add the following:

Action application/x-httpd-php52 /cgi-sys/php52
AddType application/x-httpd-php52 .php52

4. Use Apache distiller for the above changes to take affect and make cPanel skip .htaccess scan and remove the mime types:

# /usr/local/cpanel/bin/apache_conf_distiller --update
# touch /var/cpanel/easy_skip_update_php_mime_types

5. Now create a file under the cgi-sys directory of cPanel so it detects PHP 5.2

# pico /usr/local/cpanel/cgi-sys/php52

and add the following to it

#!/bin/sh
exec /usr/local/php52/bin/php-cgi

6. Set the proper ownership/permission

# chown root:wheel /usr/local/cpanel/cgi-sys/php52
# chmod +x /usr/local/cpanel/cgi-sys/php52

7. Now copy the php configuration from the build directory of PHP 5.2

# cp /usr/local/buildphp52/php.ini-production /usr/local/php52/lib/php.ini

8. Create a symlink for the PHP 5.2 executable to use from the command line:

# ln -s /usr/local/php52/bin/php-cgi /usr/local/bin/php52

9. Once done, restart Apache for changes to take affect

# service httpd restart

10. Now, PHP 5.3 will work by default and to make PHP 5.2 work for a specific account OR a folder, create a .htaccess file inside it and add the PHP 5.2 Handler

AddHandler application/x-httpd-php52 .php

That’s it. Create a phpinfo page inside the folder and browse it to see if PHP 5.2 is in effect for that folder.

Things to note is:  If you want to install OR compile a module with PHP 5.2, use appropriate php-config and phpize file, i.e.

phpize: /usr/local/php52/bin/phpize
php-config: ./configure --with-php-config=/usr/local/php52/bin/php-config

You may see error “Fatal! Write failure” error message while adding email forwarders OR setting a catchall email address from cPanel >> “Email Accounts” section. The error is:

Fatal! Write Failure: /etc/valiases/domainname.tld. Ignore any messages of success this can only result in failure!

The reason is the /etc/valiases/domainname.tld file is missing OR having incorrect permissions. In order to correct the valiases file, ssh to your server as root and create the file with the appropriate permissions:

# cd /etc/valiases/

# touch domainname.tld

# chown user.mail domainname.tld

# chmod 644 domainname.tld

Once the valiases file is created for the user with appropriate permissions, you will be able to add email forwarders and catchall email address from cPanel again.

If you mess up with the ownership of all the users on a cPanel server, following script will help you to correct the ownership:

for i in `cat /etc/trueuserdomains | awk ‘{print $2}’`
do {
/bin/chown $i.$i /home/$i -R ;
/bin/chown $i.mail /home/$i/etc -R ;
/bin/chown $i.nobody /home/$i/public_html ;
}
done;

The ownership of the home directory of a user, etc and public_tml will be corrected in a one go.

This task is very simple and can be done in two steps:
1.)  Login as root and change your server hostname:

hostname newhos.name.tld

Note: Don’t forget to create an A entry for your new hostname, otherwise you will get a popup message during WHM login.

2.)  Issue /usr/local/cpanel/cpkeyclt to update your Cpanel License Key, otherwise you will get Invalid License when you login to WHM/Cpanel interface.

The e-mail address postmaster@mydomain.com deleted successfully.
Sorry, you do not have access to the domain mydomain.com

The error message is displayed when you delete an email account of a domain from cPanel >> ‘Email Accounts’ that is either shifted under another users account OR usually happens when a domain is swapped from add-on domain to main domain OR vice-versa. You cannot delete an email account from cPanel, and in this case, you have to manually remove the email account entries for domain from the existing account.

The files you need to remove the entries from are

/home/user/etc/domainname.tld/passwd
/home/user/etc/domainname.tld/shadow
/home/user/.cpanel/email_accounts.yaml

The directory that need to be removed is

/home/user/mail/mydomain.com

where, ‘user’ is the one under who’s account the email address of ‘mydomain.com’ exist.