Ayad knowledge base

In web hosting account that are using cPanel web hosting control panel, users can create as many email accounts as they like with different aliases, and then forward the mails received to any address, inside or outside of domain. There are two ways to do email forwarding, that’s by Default Email Account which is not recommended as it acts as Catch All email account, where any email messages sent to an non-existence account on domain will automatically forward to this address, including all spam. Another way is by adding forwards for email address.

When a forwarder is added for a domain email address, all email received will be forwarded to the specified email address. However, if users have created an email account first before setting up a forwarder, the forwarder may not function properly and worse, the email account will still receive a copy of the email message, wasting precious storage space on the hosting server. The emails stored won’t be auto deleted or removed.

The workaround to this issue so that the emails as are ‘auto delete’ is to setup a forwarder without creating any email account. For example, if you want to forward all email messages that going to webmaster@domain.com to another email address, do not create an email account for webmaster@domain.com. When a forwarder is setup, it will handle the forwarding process properly, even though no email account for it exists.

How to add an email forwarder:

Click on Forwarders.
Click on Add Forwarder.
Then type the email address with the intended account name in the first column, and the destination forwarding email address that you want the mail forwarded to in the second field. The email address can be any, including external email address such as gmail, hotmail and etc. In the case the emails are been forwarded to another email on domain, care has to be taken so that the forwarding does not accidentally create an indefinite loop that can cause all email accounts to stop working on your domain.
Click on Add Forward button and the new forwarder will be activated immediately, without leaving any emails on the server, which is similar to auto deletion of mails from email accounts.

Hi
below the redirection

RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

thank you.

check the directory size

go the the direcotry that you want to check

then run this command
du > /root/anyname

after that

cat /root/anyname |sort -nr |more

will view the size from the biger to the smaller

the solutions is below

Log into your WordPress Admin account.
Go to ‘Miscellaneous’ Settings options from the ‘Settings’ menu.
In the Miscellaneous Settings put wp-content/uploads in the “Store uploads in this folder” text box.
Save the Changes by hitting the “Save Changes” button and you are done.

Thank you.

first you need to make sure that ionCube already installed, you just run this command to verify if
installed php -v

if ionCube installed then you need to follow the below commands
cd /usr/local/cpanel/whostmgr/docroot/cgi
wget -N http://www.softaculous.com/ins/addon_softaculous.php
chmod 755 addon_softaculous.php

Now go to : WHM > Plugins (Add-Ons on older versions than 11) > Softaculous – Instant Installs

then few seconds and will see the installation already done successfully

Thank you

if you got suhosin issue, to increase the value , ,, the solutions is below

suhosin.post.max_vars = 4000
max_input_vars = 4000
suhosin.request.max_vars = 4000
post_max_size = 8M

then restart httpd

How to change mail server ip address in PLESK ?

Ans :

If primary mail server ip address is blocked in any spam checker sites ( eg BARRACUDA,SORBS-SPAM etc) then there is only one solution, that is change the mail server ip address on the server.

You can easily change the mail server ip address in cpanel by using /etc/mailips file. The same as in PLESK you can also change the outgoing mail server ip address by using “/var/qmail/control/smtproutes” file.
1) first check the domain name which is hosted on the server by using following file

cat /var/qmail/control/rcpthosts
domain1.com
domain2.com
domain3.com
domain4.com
domain5.com

2) By default the “/var/qmail/control/smtproutes” file is not present on PLESK server, you need to create it.

vi /var/qmail/control/smtproutes

3) Then add the new ip address in the following format.

domain1.com:192.168.0.2
domain2.com:192.168.0.2

4) Save the file and restart qmail

/etc/init.d/qmail restart

Note: Please replace the “192.168.0.2” to original ip address and the “domain.com” equal the original domain name

Simply change both of these options below to “On”, and then click the “Save” button in Tweak Settings area.

Allow Remote Domains [?]
Allow unregistered domains [?]

Reference
http://forums.cpanel.net/f34/addon-domain-problems-190192.html

The other day I helped a client deal with a SYN flood denial of service attack. This article describes the symptoms, diagnosis and solution from a Linux server point of view.

Definition

A SYN flood attack exploits one of the properties of the TCP/IP protocol: by sending SYN requests, and then never following up with an ACK, this leaves the server using one network “slot” and waiting for the other side for some time. Doing this many times ties up network resources and the server becomes unresponsive.

Symptom: web site visitor

The symptom to an end user, a web site visitor, is that a site takes a long time to load, or loads some elements of a page but not others. The general impression is that the site is slow or down.

Symptom: on the server

From a server administrator perspective, you will not see high CPU utilization, nor memory utilization. The server will be lightly loaded when this happens.

In order to check whether your server is under a SYN flood attack, you use the wget command times how much it takes for your site to load, from the same box (to eliminate the network as a cause).

For a normal site, you get something like this instantly:

$ time wget -O /dev/null www.example.com
Resolving www.example.com… 1.1.1.1
Connecting to www.example.com|1.1.1.1|:80… connected.
HTTP request sent, awaiting response… 200 OK
…
real 0m0.018s
The request takes just 18 milliseconds, which is quite normal for a well configured server.

Compare that to when a SYN flood attack was active:

$ time wget -O /dev/null www.example.com
Resolving www.example.com… 1.1.1.1
Connecting to www.example.com|1.1.1.1|:80… connected.
And this is where things hang for a long time … The server takes a very long time to open a network socket.

Then after a long time, you would get this:

HTTP request sent, awaiting response… 200 OK
…
real 0m45.002s
Ouch! 45 millisconds for the home page to load locally!

This can vary from a few seconds, to several minutes, and running it several times will give different results, but all or most of them will be over 1 or 2 seconds.

Diagnosis

Then when you look at netstat’s output, you find that there are lots of connections in the SYN_RECV state:

netstat -tuna | grep :80 | grep SYN_RECV
The output will look like this:

tcp 0 0 1.1.1.1:80 70.56.83.204:1609 SYN_RECV
tcp 0 0 1.1.1.1:80 2.2.2.2:1723 SYN_RECV
tcp 0 0 1.1.1.1:80 209.112.192.126:4988 SYN_RECV
tcp 0 0 1.1.1.1:80 2.2.2.2:1724 SYN_RECV
tcp 0 0 1.1.1.1:80 2.2.2.2:1727 SYN_RECV
tcp 0 0 1.1.1.1:80 2.2.2.2:1733 SYN_RECV
tcp 0 0 1.1.1.1:80 24.158.121.0:3337 SYN_RECV
tcp 0 0 1.1.1.1:80 2.2.2.2:1753 SYN_RECV
tcp 0 0 1.1.1.1:80 2.2.2.2:1811 SYN_RECV
tcp 0 0 1.1.1.1:80 2.2.2.2:1821 SYN_RECV
tcp 0 0 1.1.1.1:80 2.2.2.2:1831 SYN_RECV
tcp 0 0 1.1.1.1:80 24.7.27.61:52142 SYN_RECV
tcp 0 0 1.1.1.1:80 207.118.0.58:50819 SYN_RECV
tcp 0 0 1.1.1.1:80 115.64.40.38:52865 SYN_RECV
You will see a lot of SYN requests from the same addresses. Do not bother with tracing what this address is, because it is easily faked, and the attacker is probably using fake addresses.

Solution

So, how do you solve this?

The solution varies, but the best one is to enable SYN cookies on your load balancer or the server itself.

To enable that on a current Linux kernel, you enter the following command:

sysctl -w net.ipv4.tcp_syncookies=1
And then add the following line to the /etc/sysctl.conf file to make make it persist across reboots:

net.ipv4.tcp_syncookies = 1
You may optionally want to increase the size of the SYN backlog queue as well, from a default of 1024, to 2048, using the following command:

sysctl -w net.ipv4.tcp_max_syn_backlog=2048
And you add this to /etc/sysctl.conf:

net.ipv4.tcp_max_syn_backlog = 2048
Results

After you do the above, SYN Flood attacks will continue, but it will not affect the server negatively. You will see a message like this in your logs:

[1116377.589736] possible SYN flooding on port 80. Sending cookies.
[1116439.567828] possible SYN flooding on port 80. Sending cookies.
[1116500.631623] possible SYN flooding on port 80. Sending cookies.
But there will be no ill effect from it …

And there you have it, attackers will still send SYN requests, but the server will remain responsive …

Resources

For more reading on this issue, check the following links:

RFC 4987: TCP SYN Flooding Attacks and Common Mitigations
http://www.securityfocus.com/infocus/1729
http://www.iss.net/security_center/advice/Exploits/TCP/SYN_flood/default.htm
http://www.usenix.org/events/sec01/invitedtalks/oliver.pdf, dated, and hence doesn’t cover SYN cookies, but describes the problem well.
http://www.networkcomputing.com/unixworld/security/004/004.txt.html, dated as well.

First a new entry will need to be created in xinetd for the alternate port:

cd /etc/xinetd.d
cp smtp_psa smtp_psa_p26

Next the entry that was just created needs to be modified:

vi smtp_psa_p26

Make the first line say “service smtp_p26” and save the file.

Next edit the services for the system to include the newly created one:

vi /etc/services
smtp_p26 26/tcp mail
smtp_p26 26/udp mail

After editing this, just restart xinetd and the server should be listening on port 26. A quick way to verify the changes took effect can be done using this command:

netstat -lpn|grep 26

NOTE: Don’t forget to make sure port 26 is open in the firewall. A walk through on how to do this can be found here: http://www.liquidweb.com/kb/apf-firewall/