If you are the web site owner, it is possible you have reached this page because:
* The IP address has changed.
* There has been a server misconfiguration.
* The site may have been moved to a different server.
If you are the owner of this website and were not expecting to see this page, please contact your hosting provider.
Fix:
In my case there was no content on my apache configuration file
1. take a backup of my apache conf file
#cp httpd.conf httpd.conf_bkp_25June11
2./scripts/updateuserdomains
3./scripts/rebuildhttpdconf
4. Restart your apache service httpd restart OR /scripts/restartsrv_httpd
Saturday, June 25, 2011
Friday, June 24, 2011
Squirrel mail error
ERROR: Connection dropped by IMAP server.
Query: FETCH 1133:1138,1121,1152,1244:1145,1167,1125,1166:1167,1175 (FLAGS UID RFC822.SIZE INTERNALDATE BODY.PEEK[HEADER.FIELDS (Date To Cc From Subject X-Priority Importance Priority Content-Type)])
Jun 24 00:31:52 ajeesh dovecot: IMAP(ajeesh@tuxunited.com): Disconnected: BUG: Unknown internal error bytes=302/1920
#cd /home/tuxunited/mail/ajeesh@tuxunited.com/cur/
i have seen some unwanted folders. Once i removed those folders from that location fixed my issue.
Query: FETCH 1133:1138,1121,1152,1244:1145,1167,1125,1166:1167,1175 (FLAGS UID RFC822.SIZE INTERNALDATE BODY.PEEK[HEADER.FIELDS (Date To Cc From Subject X-Priority Importance Priority Content-Type)])
Jun 24 00:31:52 ajeesh dovecot: IMAP(ajeesh@tuxunited.com): Disconnected: BUG: Unknown internal error bytes=302/1920
#cd /home/tuxunited/mail/ajeesh@tuxunited.com/cur/
i have seen some unwanted folders. Once i removed those folders from that location fixed my issue.
Wednesday, June 22, 2011
Cannot remove email account from cpanel
If we got an error while removing email account from cpanel. So we have to remove it manually.
These steps help us to remove an email account manually.
1st step :
# cd /home//mail//
We can see all email accounts directories in that location.
Just remove the directory of particular email account from there.
If you want to remove test@tuxunited.com
# cd /home/tuxunited/mail/tuxunited.com
# rm -rf test/
2nd step :
# cd /home/tuxunited/etc/tuxunited.com/
# vi passwd
Remove the entry of ” test ” account.
# vi shadow
Remove the entry of ” test ” account.
3rd step:
# cd /home/tuxunited/.cpanel
# vi email_accounts.cache // cpanel cache for email accounts
Clean that file by removing all entries.
# vi email_accounts.yaml
We can see details of all email accounts . We have to remove entries of that particular account.
Eg: test:
diskquota: 104857600
diskused: 224180
mtime: 1273750383
Then restart cpanel
# service cpanel restart
Check the email account from Cpanel –> Email accounts. It will be removed.
These steps help us to remove an email account manually.
1st step :
# cd /home/
We can see all email accounts directories in that location.
Just remove the directory of particular email account from there.
If you want to remove test@tuxunited.com
# cd /home/tuxunited/mail/tuxunited.com
# rm -rf test/
2nd step :
# cd /home/tuxunited/etc/tuxunited.com/
# vi passwd
Remove the entry of ” test ” account.
# vi shadow
Remove the entry of ” test ” account.
3rd step:
# cd /home/tuxunited/.cpanel
# vi email_accounts.cache // cpanel cache for email accounts
Clean that file by removing all entries.
# vi email_accounts.yaml
We can see details of all email accounts . We have to remove entries of that particular account.
Eg: test:
diskquota: 104857600
diskused: 224180
mtime: 1273750383
Then restart cpanel
# service cpanel restart
Check the email account from Cpanel –> Email accounts. It will be removed.
Cannot login all of the email accounts in cpanel
Cannot login all of the email account of a particular domain in cpanel server
We can see the email accounts details of a particular domain under /home//etc//
Eg: ( /home/tom/etc/tuxunited.com )
In that directory we can see all of the email accounts in passwd file. The Passwords are pointed to shadow file .
Eg: /home/tom/etc/tuxunited/passwd
/home/tom/etc/tuxunited/shadow
In shadow file the 2nd entry is encrypted password. If there is an entry *LOCKED* with the encrypted password , that email account has been locked.
Eg: # vi /home/tuxunited/etc/tuxunited.com/shadow
===========================================================
ajeesh:*LOCKED*$1$JbPEsgb7$tyQYmQ7MaPmNyvQNyGZ1p1:14734::::::
anuraj:*LOCKED*$1$PZqJn5iW$Z7yLqlJOdfYHp8dV8OdMo/:14741::::::
ratheesh:*LOCKED*$1$DMc67Xil$uwf66mI1TNuiVA5FRp/ZI1:14746::::::
rajesh:*LOCKED*$1$Y839ThXi$oQIPjz563yOJpJxnNZkd11:14755::::::
=============================================================
The encrypted password should starts with $ . So we need to remove this *LOCKED* entry from that file. Before doing that take a backup of that shadow file. Then remove these entry.
# vi /home/tuxunited/etc/tuxunited.com/shadow
:%s/*LOCKED*//g
This will removed all of the locked entries from that file. Save the file and retry to login into any of the email account.
We can see the email accounts details of a particular domain under /home/
Eg: ( /home/tom/etc/tuxunited.com )
In that directory we can see all of the email accounts in passwd file. The Passwords are pointed to shadow file .
Eg: /home/tom/etc/tuxunited/passwd
/home/tom/etc/tuxunited/shadow
In shadow file the 2nd entry is encrypted password. If there is an entry *LOCKED* with the encrypted password , that email account has been locked.
Eg: # vi /home/tuxunited/etc/tuxunited.com/shadow
===========================================================
ajeesh:*LOCKED*$1$JbPEsgb7$tyQYmQ7MaPmNyvQNyGZ1p1:14734::::::
anuraj:*LOCKED*$1$PZqJn5iW$Z7yLqlJOdfYHp8dV8OdMo/:14741::::::
ratheesh:*LOCKED*$1$DMc67Xil$uwf66mI1TNuiVA5FRp/ZI1:14746::::::
rajesh:*LOCKED*$1$Y839ThXi$oQIPjz563yOJpJxnNZkd11:14755::::::
=============================================================
The encrypted password should starts with $ . So we need to remove this *LOCKED* entry from that file. Before doing that take a backup of that shadow file. Then remove these entry.
# vi /home/tuxunited/etc/tuxunited.com/shadow
:%s/*LOCKED*//g
This will removed all of the locked entries from that file. Save the file and retry to login into any of the email account.
Tuesday, June 14, 2011
server Hardening
Linux server/cpanel/VPS Hardening for security
1. Install or compile the missing modules in php & apache , Install or compile the missing modules in php & apache
2. Install Fantastico Deluxe
#cd /usr/local/cpanel/whostmgr/docroot/cgi
#wget -N http://files.betaservant.com/files/free/fantastico_whm_admin.tgz
#tar -xzpf fantastico_whm_admin.tgz
#rm -rf fantastico_whm_admin.tgz
Go to WHM, login as root and click on Tweak Settings, then you should ensure that both the Ioncube loader is selected for the backend copy of PHP. Save changes. >>> not done that time installatiom. i didn't do that time
Now go here:
WHM -> Plugins (orAdd-Ons) -> Fantastico De Luxe WHM Admin (scroll down the left menu).
Upon loading, Fantastico De Luxe WHM Admin will auto-update your existing installation (if existing). All admin files (masterfiles, tarballs, settings etc) will be moved to or created at /var/netenberg.
After the installation complete go to settings
PHPsuexec (*): VERY ESSENTIAL!!! Changing this value will not install or de-install phpsuexec for you.
we have to check phpsuexec is installed or not on the server
# httpd -V
-D SUEXEC_BIN="/usr/local/apache/bin/suexec" >>> so we can put PHPsuexec : as INSTALLED
3. Install CSF
cd /usr/src
wget http://www.configserver.com/free/csf.tgz
tar -xvf csf.tgz
cd csf
sh install.sh
sh remove_apf_bfd.sh
vi /etc/csf/csf.conf change testing mode to "0"
service csf restart
4. Check /tmp, /usr/tmp and /var/tmp permissions. Should be chmod 1777
Check /tmp, /usr/tmp and /var/tmp ownership . Should be owned by root:root
5. Check /etc/resolv.conf for localhost entry. You should not specify 127.0.0.1 or localhost as a nameserver
6. Check php for enable_dl. You should modify /usr/local/lib/php.ini and set:
enable_dl = off This prevents users from loading php modules that affect everyone on the server.
7. Add the following disable_functions to the PHP.INI
disable_functions = ini_alter,system,passthru,shell_exec,leak,listen,chgrp,apache_setenv,define_syslog_variables,openlog,syslog,ftp_exec,
posix_getpwuid,posix_getpwnam
8. Set the following for the open_basedir via PHP configuration:
/home:/tmp:/usr
9. To stop the /tmp directory filling up, you can set the following cron job to have files older than x hours deleted:
0 0 * * * /usr/sbin/tmpwatch --mtime --all 48 /tmp
10. Turn off unwanted services from startup
11. install chkrootkit
cd /usr/src/
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar zxvf chkrootkit.tar.gz
cd chkrootkit-0.49/
make sense
cd /etc/cron.daily
vi chkrootkit.sh
chmod 755 chkrootkit.sh
content :
#!/bin/bash
cd /usr/src/chkrootkit-0.49/
./chkrootkit | mail -s "Daily chkrootkit from server1.tuxunited.com" ajeesh@tuxunited.com
12. INstall rkhunter
1. Install or compile the missing modules in php & apache , Install or compile the missing modules in php & apache
2. Install Fantastico Deluxe
#cd /usr/local/cpanel/whostmgr/docroot/cgi
#wget -N http://files.betaservant.com/files/free/fantastico_whm_admin.tgz
#tar -xzpf fantastico_whm_admin.tgz
#rm -rf fantastico_whm_admin.tgz
Go to WHM, login as root and click on Tweak Settings, then you should ensure that both the Ioncube loader is selected for the backend copy of PHP. Save changes. >>> not done that time installatiom. i didn't do that time
Now go here:
WHM -> Plugins (orAdd-Ons) -> Fantastico De Luxe WHM Admin (scroll down the left menu).
Upon loading, Fantastico De Luxe WHM Admin will auto-update your existing installation (if existing). All admin files (masterfiles, tarballs, settings etc) will be moved to or created at /var/netenberg.
After the installation complete go to settings
PHPsuexec (*): VERY ESSENTIAL!!! Changing this value will not install or de-install phpsuexec for you.
we have to check phpsuexec is installed or not on the server
# httpd -V
-D SUEXEC_BIN="/usr/local/apache/bin/suexec" >>> so we can put PHPsuexec : as INSTALLED
3. Install CSF
cd /usr/src
wget http://www.configserver.com/free/csf.tgz
tar -xvf csf.tgz
cd csf
sh install.sh
sh remove_apf_bfd.sh
vi /etc/csf/csf.conf change testing mode to "0"
service csf restart
4. Check /tmp, /usr/tmp and /var/tmp permissions. Should be chmod 1777
Check /tmp, /usr/tmp and /var/tmp ownership . Should be owned by root:root
5. Check /etc/resolv.conf for localhost entry. You should not specify 127.0.0.1 or localhost as a nameserver
6. Check php for enable_dl. You should modify /usr/local/lib/php.ini and set:
enable_dl = off This prevents users from loading php modules that affect everyone on the server.
7. Add the following disable_functions to the PHP.INI
disable_functions = ini_alter,system,passthru,shell_exec,leak,listen,chgrp,apache_setenv,define_syslog_variables,openlog,syslog,ftp_exec,
posix_getpwuid,posix_getpwnam
8. Set the following for the open_basedir via PHP configuration:
/home:/tmp:/usr
9. To stop the /tmp directory filling up, you can set the following cron job to have files older than x hours deleted:
0 0 * * * /usr/sbin/tmpwatch --mtime --all 48 /tmp
10. Turn off unwanted services from startup
11. install chkrootkit
cd /usr/src/
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar zxvf chkrootkit.tar.gz
cd chkrootkit-0.49/
make sense
cd /etc/cron.daily
vi chkrootkit.sh
chmod 755 chkrootkit.sh
content :
#!/bin/bash
cd /usr/src/chkrootkit-0.49/
./chkrootkit | mail -s "Daily chkrootkit from server1.tuxunited.com" ajeesh@tuxunited.com
12. INstall rkhunter
Tuesday, June 7, 2011
exim update
In cpanel it is very easy to update Exim mail server
just execute the script : /scripts/eximup
Error:
#While sending emails through squirrel mail
Connection refused 111 Can't open SMTP stream. in exim
#service exim restart
Shutting down exim: [FAILED]
Shutting down spamd: [FAILED]
#service exim status
exim dead but subsys locked
Solution:-
First remove /etc/eximdisable
then /scripts/eximup --force this fixed my issue.
just execute the script : /scripts/eximup
Error:
#While sending emails through squirrel mail
Connection refused 111 Can't open SMTP stream. in exim
#service exim restart
Shutting down exim: [FAILED]
Shutting down spamd: [FAILED]
#service exim status
exim dead but subsys locked
Solution:-
First remove /etc/eximdisable
then /scripts/eximup --force this fixed my issue.
Sunday, June 5, 2011
ssh login failed
[root@ajeesh ~]# ssh root@192.16.15.18
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
a3:d6:34:8d:81:74:aj:ee:sh:B:ka:nn:an:2a:2d:95.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:18
RSA host key for 192.16.15.18 has changed and you have requested strict checking.
Host key verification failed.
Solution:
[root@ajeesh ~]# ssh-keygen -R 192.16.15.18
/root/.ssh/known_hosts updated.
Original contents retained as /root/.ssh/known_hosts.old
suppose you are trying to connect to the server using hostname
Solution:-
[root@ajeesh ~]# ssh-keygen -R server1.ajeesh.com
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
a3:d6:34:8d:81:74:aj:ee:sh:B:ka:nn:an:2a:2d:95.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:18
RSA host key for 192.16.15.18 has changed and you have requested strict checking.
Host key verification failed.
Solution:
[root@ajeesh ~]# ssh-keygen -R 192.16.15.18
/root/.ssh/known_hosts updated.
Original contents retained as /root/.ssh/known_hosts.old
suppose you are trying to connect to the server using hostname
Solution:-
[root@ajeesh ~]# ssh-keygen -R server1.ajeesh.com
Saturday, June 4, 2011
ssl login for cpanel
SSL encryption is required for access to this server.
# vi /var/cpanel/cpanel.config
change following
requiressl=1 to requiressl=0
alwaysredirecttossl=1 alwaysredirecttossl=1
finally run the following
# /usr/local/cpanel/whostmgr/bin/whostmgr2 --updatetweaksettings
# vi /var/cpanel/cpanel.config
change following
requiressl=1 to requiressl=0
alwaysredirecttossl=1 alwaysredirecttossl=1
finally run the following
# /usr/local/cpanel/whostmgr/bin/whostmgr2 --updatetweaksettings
Wednesday, June 1, 2011
DNS only cpanel installation
Root login to your server
# cd /usr/src/
# wget http://layer1.cpanel.net/cpanel-dnsonly-install.sea
# chmod 755 cpanel-dnsonly-install.sea
# sh cpanel-dnsonly-install.sea
# cd /usr/src/
# wget http://layer1.cpanel.net/cpanel-dnsonly-install.sea
# chmod 755 cpanel-dnsonly-install.sea
# sh cpanel-dnsonly-install.sea
Subscribe to:
Posts (Atom)