buy tb500

Archive for August, 2010

Where is the PureFTPd configuration file? WHM

Thursday, August 26th, 2010

/etc/sysconfig/pure-ftpd

thank you.

How can I fix “ndc connection refused” errors? WHM

Thursday, August 26th, 2010

Run the following scripts:

  1. /scripts/updatenow
  2. /scripts/fixndc
  3. /scripts/fixndc
    • The fixndc script needs to be run twice.

How do I reinstall FrontPage extensions for the entire server? WHM

Thursday, August 26th, 2010

Issue the following commands in a terminal session:

  • rpm -Uvh http://httpupdate.cpanel.net/fp-5.0-upgrade/frontpage/frontpage-5.0-0.i386.rpm

How do I reinstall Interchange?

Thursday, August 26th, 2010

Issue the following commands in a terminal session:

  1. /scripts/rebuildinterchangecfg
  2. /usr/local/cpanel/bin/startinterchange

How do I fix WHM News if it’s broken?

Thursday, August 26th, 2010

Issue the following command in a terminal session:

  • rm -f /var/cpanel/objcache/whmnews

How do I restart a daemon ? Services

Thursday, August 26th, 2010

Most of the services can be restarted from WHM; however, you may need to restart them from the shell. You must be logged in as root to do this. All standard Linux services, such as HTTP, FTP, exim, cPanel/WHM, Interchange, MySQL, etc, have init scripts in /etc/rc.d/init.d/

root@host [~]# ls /etc/rc.d/init.d/
./ atd* exim* httpd.tmpeditlib kdcrotate* named* nscd* rawdevices* snmpd* yppasswdd*
../ autofs* filelimits* identd* keytable* netfs* portmap* rstatd* sshd* ypserv* 
anacron* bandmin* functions* ipaliases* killall* network* portsentry* rusersd* syslog* ypxfrd*
antirelayd* chkservd* gpm* ipchains* kudzu* nfs* proftpd* rwalld* xfs* 
apmd* cpanel3* halt* iptables* lpd* nfslock* radvd* rwhod* xinetd* 
arpwatch* crond* httpd@ isdn* mysql* nofsck* random* single* ypbind*

This is typical of what you will find in this directory. The main ones you should be concerned with are:

  • cpanel3 — starts/stops cPanel and WHM. This includes Interchange, cppop, and cluster management services as well.
  • exim — starts/stops the exim mail server.
  • httpd — starts/stops the Apache web server.
  • mysql — starts/stops the MySQL database server.
  • named — Starts/stops the BIND DNS server.
  • proftpd — Starts/stop the ProFTPd or Pure-FTPd (depending on which is enabled) FTP server.

Using these scripts is very easy. Let’s say that named/BIND is down and we need to restart it. As root, type:

  • /etc/rc.d/init.d/named start

You should see it start up, with a green [OK] message on the left side of the shell/terminal window.

If you see a red [FAILED] message, check the message log.

  • tail /var/log/messages

You should be able to see the error. If you cannot fix it yourself, contact tech support. Some of these services have more options than just “start” and “stop,” and other ways to do them.

Let’s say you have a lot of domains using your DNS server and you don’t want to stop and restart named just because you edited one domain. Type:

  • ndc reload

If you make a minor change to the /usr/local/apache/conf/httpd.conf, but don’t want to restart it, type:

  • /etc/rc.d/init.d/httpd graceful to do a graceful restart. A graceful restart finishes current requests before killing the child processes.

If you want to learn more about the commands a script offers, you can simply run the script without passing any arguments to it.

root@saturn [~]# /etc/rc.d/init.d/cpanel3 <br />Usage: /etc/rc.d/init.d/cpanel3 {start|stop|status|restart}

This lets us know we can start, stop, check the running status of the service(s), or restart it. If you can’t get a service to start, and don’t know how to fix it, contact tech support for assistance.

References

http://docs.cpanel.net/twiki/bin/view/AllDocumentation/AllFAQ/WHMsFAQ

How do I clear a full partition? or logs

Thursday, August 26th, 2010

There are a few possible solutions.

Usually, /var is what fills up first. This is because /var holds all the system logs.

To see what directory or log is taking up all the room, start at the base. Issue the following commands from a terminal session:

  1. cd /var
  2. du -sh *

This will show how much space is used and available in each directory, as well as the file sizes of each file in the current directory. Examine the command’s output. Once you see what directory is taking up all the space, cd to it and type the same command again. Follow this searching pattern until you find the files taking up the space.

Once found, you can either delete the files or, if you’d like to save some of the most recent entries to it, you can type this:

  1. tail -5000 filename > filename.new
  2. mv filename.new filename
  3. sync

This will copy the last 5000 lines from the file to a temporary file. Now you probably want to restart whatever service it is that created the file, to release its file lock.

The /usr directory also fills up sometimes, because of Apache. The first thing you should look at is usually the Apache logs.

  1. cd /usr/local/apache
  2. du -sh *

You will likely find that the logs/error_log or logs/access_log files are very large. At this point, you are free to delete them or use the tail trick above.

references

http://docs.cpanel.net/twiki/bin/view/AllDocumentation/AllFAQ/WHMsFAQ

How do I block an IP address from my server?

Thursday, August 26th, 2010

If you want to block access to your server for whatever reason, you will need to log into the shell as root. Your server should either have ipchains or iptables to help accomplish this. In this example, the attacking IP is 192.168.56.210.

Issue the appropriate command in a terminal session:

  • If you are using ipchains: ipchains -A input -j DENY -p all -l -s 192.168.56.210/32
  • If you are using iptables: iptables -A INPUT -s 192.168.56.210/32 -j DROP

If you just want to block access to one port from an IP :

  • iptables -A INPUT -s 192.168.56.210/32 -p tcp –destination-port 23 -j DROP

The above would drop all packets from 192.168.56.210/32 to port 23 (Telnet) on the server.

There are many in-depth tutorials available on the Internet. Consult your favorite search engine for more information.

refereces

http://docs.cpanel.net/twiki/bin/view/AllDocumentation/AllFAQ/WHMsFAQ

fatal error or timeout occurred while processing this directive

Thursday, August 26th, 2010

Seems there problem with ownership of the files.
How to fix.

Go to /home
Let assume cPanel username sagar

execute following commands in /home
chown sagar.sagar sagar -R
chown sagar.mail sagar/etc -R
chown sagar.nobody sagar/public_html
rm -rf sagar/.cpanel

This is should fix the issue.

DDos attack

Thursday, August 26th, 2010

DOS Attack (Denial Of Service)

By the name alone, we know what this means: denial of services like httpd, exim, ftp, etc. Mostly we deal with DOS attacks on Apache services, which causes sites to slow down or not load at all.

A DOS attack means high connections from certain an IP address or IPs. We can easily find the high-connection IP using the ‘netstat’ command and block those IP’s using firewalls.

The command for listing IPs and number of connections is:

 netstat -plan |grep :80|awk '{print $5}' |cut -d: -f1 |sort |uniq -c |sort -n

The command for finding the total connections is:

 netstat -plan |grep :80 |wc -l

If you do find any IP address having excessive connections (more than 50), then you have to block it either by using iptables, APF, or CSF.

Using iptables, you can block an IP by issuing the command:

iptables -A  INPUT -s  --dport 80 -p tcp -j DROP
/etc/rc.d/init.d/iptables save

Using APF, this command is used:

apf -d IP

Using CSF:

csf -d IP

DDOS is distributed denial of service, which is an advanced DOS attack. The number of connections from an indvidual IP might be low, but the connections will be from many IPs or range of IPs.

Most of times attack will be concentrated to one domain. In such cases kill the dns of domain to reduce the attack.

Preventive measures for DDOS attacks include:

  • Install firewalls like APF or CSF and configure them to block the high connection IPs.
  • Install mod_dosevasive module (only during the DOS attack)

Conclusion

As we all know, “prevention is better than cure,” so always take necessary preventive measures and keep auditing and monitoring your servers.

  • Install  System Integrity Monitor (SIM) or CSF and configure it to get alerts on load spikes.
  • Update your old and vulnerable software.
  • Take the necessary preventive measures to avoid load spiking.
  • Secure your servers and tweak your software like apache, exim, etc for better performanc