Click on the "Tweak Security" link under "Security". In the right frameof your browser, will be a section called Traceroute Tweak.
Click on the "Configure" link for this section, to go to the next page,and then click "Disable".
Friday, March 14, 2008
How do I recover(undelete) a file I have accidentally removed on my Linux server?
The only recommended way to recover files that have been deleted, will be torestore from your most recent backup. Unfortunately, the default file systemfor most new linux installs(ext3), does not lend itself to easily undeleting files.
This is what one of the developers of ext3, Andreas Dilger, said about it:
In order to ensure that ext3 can safely resume an unlink after a crash, it actuallyzeros out the block pointers in the inode, whereas ext2 just marks these blocks asunused in the block bitmaps and marks the inode as "deleted" and leaves the block pointers alone.
Your only hope is to "grep" for parts of your files that have been deleted and hope for the best.
This is what one of the developers of ext3, Andreas Dilger, said about it:
In order to ensure that ext3 can safely resume an unlink after a crash, it actuallyzeros out the block pointers in the inode, whereas ext2 just marks these blocks asunused in the block bitmaps and marks the inode as "deleted" and leaves the block pointers alone.
Your only hope is to "grep" for parts of your files that have been deleted and hope for the best.
How can I limit the number of times a user can check a pop3 mailbox per hour?
Click on the "Tweak Settings" link under "Server Setup". Within the "Mail" section is a text box with the heading:
"The number of times users are allowed to check their mail using pop3 per hour:"
Change the value and apply the changes by clicking on the "Save" button at the bottom of the page.
"The number of times users are allowed to check their mail using pop3 per hour:"
Change the value and apply the changes by clicking on the "Save" button at the bottom of the page.
How can I prevent users from bypassing the mail server to send mail?
Click the "Tweak Security" link under "Security". Click on the configure link under "SMTP Tweak" Check the box next to "Allow connections to localhost on port 25." and click apply. This will only allow the MTA (mail transport agent), mailman, and root to connect to remote SMTP servers.
How can I manually move a cPanel account to a new server?
When an account is too large to feasibly move using the web browser, I do the following to move the account :
The setup :
Domain : domain.com
Username : dom
make a temp directory on /home (i'll call it /home/cptemp/) where you can store the accounts files while copying.
#mkdir /home/cptemp
Almost all space for an account is in their public_html directory, so we'll want to tar and gzip it and move that over using scp.
#cd /home/dom/
#tar czvf public_html_dom.tgz public_html
#mv public_html_dom.tgz /home/cptemp/
#mv public_html /home/cptemp/
Also often times large sites have large weblogs, which are packaged and transfered, so we take care of those as well :
#cd /usr/local/apache/domlogs/
#gzip domain.com
#mv domain.com.gz /home/cptemp/
Now with these files in /home/cptemp/ , try moving the account over in WHM, hopefully it will succeed and set up the new account on the new server. Now we go back to /home/cptemp/ and scp the files to their new home.
#scp public_html_dom.tgz root@newserver.com:/home/dom/
(enter the root pass for the new server and let it copy the file over)
#scp domain.com.gz root@newserver.com:/usr/local/apache/domlogs/
(do the same as above)
Now go to the new server and unpack the two large files you just moved.
#cd /home/dom/
#tar xzvf public_html_dom.tgz
#cd /usr/local/apache/domlogs/
#gzip -d domain.com.gz
That's it ....
The setup :
Domain : domain.com
Username : dom
make a temp directory on /home (i'll call it /home/cptemp/) where you can store the accounts files while copying.
#mkdir /home/cptemp
Almost all space for an account is in their public_html directory, so we'll want to tar and gzip it and move that over using scp.
#cd /home/dom/
#tar czvf public_html_dom.tgz public_html
#mv public_html_dom.tgz /home/cptemp/
#mv public_html /home/cptemp/
Also often times large sites have large weblogs, which are packaged and transfered, so we take care of those as well :
#cd /usr/local/apache/domlogs/
#gzip domain.com
#mv domain.com.gz /home/cptemp/
Now with these files in /home/cptemp/ , try moving the account over in WHM, hopefully it will succeed and set up the new account on the new server. Now we go back to /home/cptemp/ and scp the files to their new home.
#scp public_html_dom.tgz root@newserver.com:/home/dom/
(enter the root pass for the new server and let it copy the file over)
#scp domain.com.gz root@newserver.com:/usr/local/apache/domlogs/
(do the same as above)
Now go to the new server and unpack the two large files you just moved.
#cd /home/dom/
#tar xzvf public_html_dom.tgz
#cd /usr/local/apache/domlogs/
#gzip -d domain.com.gz
That's it ....
How can I mitigate pop3 connection floods?
Click on the "Tweak Settings" link under "Server Setup". Within the "Mail" section is a check box with the heading:
"Attempt to prevent pop3 connection floods"
Tick the check box and apply the changes by clicking on the "Save" button at the bottom of the page.
How can I monitor what my MySQL server is doing?
A handy little Linux application called mytop fits this just perfectly. This is a near-time monitor just like the UNIX utility 'top' but specifically looking at what the MySQL server is doing. It updates every few seconds so you can get a reasonable look at what your SQL server is doing. It's capable of displaying a huge amount of information so be sure to read the documetnation. It also assumes that you're connecting to the MySQL server on localhost with the root user and no password. These can be changed either in the script itself or on the command line.
How can I prevent users from parking common internet domains such as google.com, hotmail.com, etc ?
Click on the "Tweak Settings" link under "Server Setup". Within the "Domains" section is a check box with the heading:
"Prevent users from parking/adding on common internet domains. (ie hotmail.com, aol.com)"
Tick the check box and apply the changes by clicking on the "Save" button at the bottom of the page.
"Prevent users from parking/adding on common internet domains. (ie hotmail.com, aol.com)"
Tick the check box and apply the changes by clicking on the "Save" button at the bottom of the page.
How can I limit the number of emails a domain can send out per hour?
Click on the "Tweak Settings" link under "Server Setup". Within the "Mail" section is a text box with the heading:
"The maximum each domain can send out per hour (0 is unlimited):"
Change the value and apply the changes by clicking on the "Save" button at the bottom of the page.
How can I install a Perl Module ?
On a server with CPanel, you can log into the WHM and install it there. If that for some reason doesn't work for you, you can log into the shell as root and install it via the command line. Once logged in, from any directory, type: echo "HTML::Template" /usr/local/cpanel/whostmgr/bin/perlmod -i (in this case, the module we want to install is HTML::Template).
On a RedHat server, you can install it with up2date if you know the name of the RPM. If you don't know it you can run 'up2date --showall grep -i perl'. Then select the RPM you want and install it via up2date.
If the module you want still isn't present you can install it manually via CPAN. Note that these modules are completely unsupported. If you wish to procede with the installation you can run 'perl -MCPAN -e shell' and interactively install the module. For example if you wanted to install Time::HiRes you would type 'install Time::HiRes' on the CPAN prompt.
How can I change the number of domains displayed per page in WHM?
Click on the "Tweak Settings" link under "Server Setup". Within the "Display" section is a text box with the heading:
"Number (or all) of accounts to display per page in list accounts (30 is used if nothing is specified).:"
Change the value and apply the changes by clicking on the "Save" button at the bottom of the page.
"Number (or all) of accounts to display per page in list accounts (30 is used if nothing is specified).:"
Change the value and apply the changes by clicking on the "Save" button at the bottom of the page.
How can I install cpanel within a VPS?
How can I install cpanel within a VPS?
1 The yum package MUST be installed before installing, the installer will not run without it. (centos/rhel/fedora/RH)
2 Add the line: "exclude=dev* udev* spamassassin* httpd* mod_ssl* perl* mysql* php* kernel*"
to /etc/yum.conf
3 Run rpm -qa and look for any entries beginning with "httpd" "mod_ssl" "mysql" "openldap" (if you wish to install openldap, you can install it later, installing it at this time, will cause problems with exim) & "php" and then use rpm -e to remove them (and all their dependencies).
4 RPMs that conflict with the cpanel services can be set to not install by editing /vz/template/distroname/distroversion/config/ostemplate.list
5 It is of extreme usefulness to add sshd to ON_SERVICES in /vz/template/centos/4/config/install-post
6 Make sure you are logged in as root and type:
# cd /home
# wget http://layer1.cpanel.net/latest
Note: For FreeBSD, you need to download and untar the latest installer package from http://www.cpanel.net/.
# sh latest
1 The yum package MUST be installed before installing, the installer will not run without it. (centos/rhel/fedora/RH)
2 Add the line: "exclude=dev* udev* spamassassin* httpd* mod_ssl* perl* mysql* php* kernel*"
to /etc/yum.conf
3 Run rpm -qa and look for any entries beginning with "httpd" "mod_ssl" "mysql" "openldap" (if you wish to install openldap, you can install it later, installing it at this time, will cause problems with exim) & "php" and then use rpm -e to remove them (and all their dependencies).
4 RPMs that conflict with the cpanel services can be set to not install by editing /vz/template/distroname/distroversion/config/ostemplate.list
5 It is of extreme usefulness to add sshd to ON_SERVICES in /vz/template/centos/4/config/install-post
6 Make sure you are logged in as root and type:
# cd /home
# wget http://layer1.cpanel.net/latest
Note: For FreeBSD, you need to download and untar the latest installer package from http://www.cpanel.net/.
# sh latest
Apache status is not showing up in WHM
This is usually due to the server-status directive being commented out.
1. Back up your current httpd.conf
root@cpanel [~]# cd /usr/local/apache/conf
root@cpanel [/usr/local/apache/conf]
# cp httpd.conf httpd.conf.save.`date +%s`
root@cpanel [/usr/local/apache/conf]# ls -la httpd.conf*
-rw------- 1 root root 45279 Oct 28 18:44 httpd.conf
-rw------- 1 root root 45279 Nov 10 01:27 httpd.conf.save.1131607650
root@cpanel [/usr/local/apache/conf]#
The date +%s above outputs the current date in the "seconds since `00:00:00 1970-01-01 UTC'" format.
2. Open httpd.conf with your favorite editor and uncomment the following directive and allow localhost to browse it.
SetHandler server-status
Order deny,allow
Deny from all
Allow from 127.0.0.1
3. Test the apache configuration and gracefully restart it.
root@cpanel [~]# /etc/init.d/httpd configtest
Syntax OK
root@cpanel [~]# /etc/init.d/httpd graceful
/etc/init.d/httpd graceful: httpd gracefully restarted
root@cpanel [~]#
4. Verfiy that you can not get apache status from the localhost.
root@cpanel [~]# /etc/init.d/httpd status
Apache Server Status for cpanel
Server Version: Apache/1.3.33
Server Built: May 2 2005 08:23:17
_________________________________________________________________
Current Time: Thursday, 10-Nov-2005 01:35:06 CST
Restart Time: Friday, 28-Oct-2005 18:44:17 CDT
Parent Server Generation: 1
Server uptime: 12 days 7 hours 50 minutes 49 seconds
Total accesses: 2467 - Total Traffic: 98.3 MB
CPU Usage: u2.74 s2.97 cu.37 cs.3 - .000599% CPU load
.00232 requests/sec - 96 B/second - 40.8 kB/request
1 requests currently being processed, 4 idle servers
W____...........................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
Scoreboard Key:
"_" Waiting for Connection, "S" Starting up, "R" Reading Request,
"W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup,
"L" Logging, "G" Gracefully finishing, "." Open slot with no current
process
root@cpanel [~]#
1. Back up your current httpd.conf
root@cpanel [~]# cd /usr/local/apache/conf
root@cpanel [/usr/local/apache/conf]
# cp httpd.conf httpd.conf.save.`date +%s`
root@cpanel [/usr/local/apache/conf]# ls -la httpd.conf*
-rw------- 1 root root 45279 Oct 28 18:44 httpd.conf
-rw------- 1 root root 45279 Nov 10 01:27 httpd.conf.save.1131607650
root@cpanel [/usr/local/apache/conf]#
The date +%s above outputs the current date in the "seconds since `00:00:00 1970-01-01 UTC'" format.
2. Open httpd.conf with your favorite editor and uncomment the following directive and allow localhost to browse it.
SetHandler server-status
Order deny,allow
Deny from all
Allow from 127.0.0.1
3. Test the apache configuration and gracefully restart it.
root@cpanel [~]# /etc/init.d/httpd configtest
Syntax OK
root@cpanel [~]# /etc/init.d/httpd graceful
/etc/init.d/httpd graceful: httpd gracefully restarted
root@cpanel [~]#
4. Verfiy that you can not get apache status from the localhost.
root@cpanel [~]# /etc/init.d/httpd status
Apache Server Status for cpanel
Server Version: Apache/1.3.33
Server Built: May 2 2005 08:23:17
_________________________________________________________________
Current Time: Thursday, 10-Nov-2005 01:35:06 CST
Restart Time: Friday, 28-Oct-2005 18:44:17 CDT
Parent Server Generation: 1
Server uptime: 12 days 7 hours 50 minutes 49 seconds
Total accesses: 2467 - Total Traffic: 98.3 MB
CPU Usage: u2.74 s2.97 cu.37 cs.3 - .000599% CPU load
.00232 requests/sec - 96 B/second - 40.8 kB/request
1 requests currently being processed, 4 idle servers
W____...........................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
Scoreboard Key:
"_" Waiting for Connection, "S" Starting up, "R" Reading Request,
"W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup,
"L" Logging, "G" Gracefully finishing, "." Open slot with no current
process
root@cpanel [~]#
How can I enable the query cache in mysql?
Add two lines to your my.cnf (usually /etc/my.cnf)
query_cache_size = 16M ( a reasonable size to start with, you can increase it later if needed)
query_cache_type=1
Then restart MySQL
query_cache_size = 16M ( a reasonable size to start with, you can increase it later if needed)
query_cache_type=1
Then restart MySQL
How can I enable SSL support for my websites?
To install an SSL certificate:
1. Click on the Install an SSL Certificate and Setup the Domain link in the SSL/TLS menu.
2. Enter the domain, user name, and IP address for the certificate in the Domain, User, and IP Address fields.
3. Click on the Fetch button to paste the .key and .crt files for the domain into the available display spaces, if they are currently on your server. Otherwise, copy and paste the .key and .crt files into the available display areas.
4. Paste the ca bundle for the certificate in the bottom display area, if required.
5. Click on the Do it button.
1. Click on the Install an SSL Certificate and Setup the Domain link in the SSL/TLS menu.
2. Enter the domain, user name, and IP address for the certificate in the Domain, User, and IP Address fields.
3. Click on the Fetch button to paste the .key and .crt files for the domain into the available display spaces, if they are currently on your server. Otherwise, copy and paste the .key and .crt files into the available display areas.
4. Paste the ca bundle for the certificate in the bottom display area, if required.
5. Click on the Do it button.
How can I install Zend Optimizer on my Cpanel server?
Login into the server via ssh and run the following command:
root@cpdemo [~]# /scripts/installzendopt
This will start an ncurses based installer. The defaults should all be correct and you will only have to acknowledge each question.
root@cpdemo [~]# /scripts/installzendopt
This will start an ncurses based installer. The defaults should all be correct and you will only have to acknowledge each question.
How can I check how my query cache is working
From inside the MySQL CLI:
show status like 'qc%';
It will produce output like this:
mysql> show status like 'qc%';
mysql> show status like 'qc%';
+-------------------------+----------+
Variable_name Value
+-------------------------+----------+
Qcache_queries_in_cache 9741
Qcache_inserts 49905222
Qcache_hits 60496383
Qcache_lowmem_prunes 137163
Qcache_not_cached 181538
Qcache_free_memory 56155320
Qcache_free_blocks 4623
Qcache_total_blocks 24533
+-------------------------+----------+
8 rows in set (0.00 sec)
show status like 'qc%';
It will produce output like this:
mysql> show status like 'qc%';
mysql> show status like 'qc%';
+-------------------------+----------+
Variable_name Value
+-------------------------+----------+
Qcache_queries_in_cache 9741
Qcache_inserts 49905222
Qcache_hits 60496383
Qcache_lowmem_prunes 137163
Qcache_not_cached 181538
Qcache_free_memory 56155320
Qcache_free_blocks 4623
Qcache_total_blocks 24533
+-------------------------+----------+
8 rows in set (0.00 sec)
How can I block certain domains from relaying via exim?
To disallow certain local domains from relaying through your server, you will want to ssh into the server and create the file /etc/norelay. In that file, you may can put a list of domains that you do not wish to relay through. This should be one domain per line without any spaces. After that, log into WHM, click on the Exim Configuration Editor, and then select the advanced configuration button. In the first check box, put the following:
domainlist relay_domains = !lsearch;/etc/norelay : lsearch;/etc/localdomains : \ lsearch;/etc/secondarymx
Click on Save.
domainlist relay_domains = !lsearch;/etc/norelay : lsearch;/etc/localdomains : \ lsearch;/etc/secondarymx
Click on Save.
Can I move an SSL cert from one server to another?
SSL
Yes, you are able to move certs to different servers and different IP addresses. Theonly restriction on this rule, would be that Windows servers will not function, if thecertificate requires a password to start the webserver. Other than this, you will needto have a copy of both the certificate, as well as the key.
How can I backup a MySQL database?
/path/to/bin/mysqldump -u $mysqlusername -p$mysqlpassword $mysqldatabasename > backup.sql OR: mysqldump -u user -p --opt database > backup_file
Not that there is no space after the -p . If the password was "pass" you would use -ppass
Not that there is no space after the -p . If the password was "pass" you would use -ppass
How can I activate or deactivate webmail clients?
Click on the "Tweak Settings" link under "Server Setup". Within the "Mail" section is a list of check box with the following headings:
"Horde Webmail"
"Neomail Webmail"
"SquirrelMail Webmail"
Chose the webmail client you would like to use apply the changes by clicking on the "Save" button at the bottom of the page.
How can I add PHP support to my cPanel server?
As root on the shell, via SSH, you should type
`/scripts/easyapache` and press return.
Select an option with PHP support from the easy to use menu and let it build the new apache with the php module.
Can logs be automatically deleted after stats runs?
Click on the "Tweak Settings" link under "Server Setup". Within the "Stats and Logs" section is a check box with the heading:"
Delete each domain's access logs after stats run"
Tick the check box and apply the changes by clicking on the "Save" button at the bottom of the page. Apache log files will now be deleted after stats have run.
Delete each domain's access logs after stats run"
Tick the check box and apply the changes by clicking on the "Save" button at the bottom of the page. Apache log files will now be deleted after stats have run.
MySQL will not start, "MySQL File '/usr/share/mysql/charsets/?.conf' not found" in error log.
The most common cause for this error, is a failed downgrade of MySQL from 4.1 to 4.0. Many changes were made between MySQL 3.x, 4.0.x, and 4.1.
The actual cause of the error itself, is missing character sets from the 4.1.x series. The best wayto recover, would be to use a backup of your database made before the upgrade to 4.1. This wayyou can be sure there are no changes that would adversly affect the db.
As a last restort, you will need to upgrade to 4.1 again. Once your server is running MySQL 4.1,you can dump the databases to a 4.0 format, and facilitate a downgrade to 4.0.
To do this, open an ssh shell, and dump the database with the following command:
mysqldump --create-options --compatible=mysql40 db_name > dump_file
Just substitue your database name for db_name, and your file for dump_file. After this has beencompleted for all databases, you can completely uninstall MySQL 4.1, and reinstall MySQL 4.0. Afterthat it is just a matter of importing all of your databases to your newly installed MySQL 4.0 instance.
What do I do if when I try to connect to mysql from php I get this error: "Call to unsupported or undefined function mysql_connect();"?
The php-mysql RPM is not installed. This can be installed either through WHM or if you're running a dedicated web server with "up2date php-mysql".
How can I access MySQL from the command line?
mysql -u -p -h
By default you would use the root user with no password if connecting to localhost only. While it does simplify administration it is also a security risk if your server ever gets violated as anyone with a shell can have full access to your MySQL server.
What do I do if my MySql.sock file is missing?
1. THIS IS THE MOST IMPORTANT! Back up the /var/lib/mysql directory!!!!!!!
# cp -fr /var/lib/mysql /var/lib/mysql.old
2. Check /var/lib/mysql and /tmp for the .sock file (is it in both places?)
3. Recreate the symbolic link to the .sock file:# ln -s /var/lib/mysql/mysql.sock /tmp/mysql.sock
4. Now check the permissions of the /var/lib/mysql. It should be 0755 and mysql:root. If not:
# chmod 0755 /var/lib/mysql
# chown mysql:root /var/lib/mysql
5. cat /etc/passwd to make sure that the mysql user is there.
6. Does /var/lib/mysql/mysql/host.MYI exist? If not then:
# chmod -R 0660 /var/lib/mysql/mysql
# chown -R mysql:mysql /var/lib/mysql/mysql
# /usr/bin/mysql_install_db
7. Now try to force an update:
# /scripts/mysqlup --force
8. If all else fails, then you may have a corrupted table. No before you do this, TRIPLE CHECK that you have backed up the /var/lib/mysql directory. It fact, check it 4 times!
# rm -fr /var/lib/mysql
# rm -f /usr/sbin/mysqld
Then force another update:
# /scripts/mysqlup --force
Now if all if this did not help, then try:
# /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --pid-file=/var/lib/mysql/Server_HostName.pid --skip-locking &
Thats it....
# cp -fr /var/lib/mysql /var/lib/mysql.old
2. Check /var/lib/mysql and /tmp for the .sock file (is it in both places?)
3. Recreate the symbolic link to the .sock file:# ln -s /var/lib/mysql/mysql.sock /tmp/mysql.sock
4. Now check the permissions of the /var/lib/mysql. It should be 0755 and mysql:root. If not:
# chmod 0755 /var/lib/mysql
# chown mysql:root /var/lib/mysql
5. cat /etc/passwd to make sure that the mysql user is there.
6. Does /var/lib/mysql/mysql/host.MYI exist? If not then:
# chmod -R 0660 /var/lib/mysql/mysql
# chown -R mysql:mysql /var/lib/mysql/mysql
# /usr/bin/mysql_install_db
7. Now try to force an update:
# /scripts/mysqlup --force
8. If all else fails, then you may have a corrupted table. No before you do this, TRIPLE CHECK that you have backed up the /var/lib/mysql directory. It fact, check it 4 times!
# rm -fr /var/lib/mysql
# rm -f /usr/sbin/mysqld
Then force another update:
# /scripts/mysqlup --force
Now if all if this did not help, then try:
# /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --pid-file=/var/lib/mysql/Server_HostName.pid --skip-locking &
Thats it....
When adding a MySQL database to a domain it fails and I get 'Access denied for user: 'root@[ServerName]' (Using password: YES) ' in the logs
Go to the MySQL Service in Helm here:
Home > System Settings > Servers > Your Server > MySQL Service
Make sure the user you have set is root, and enter the correct password for the MySQL root account into the appropriate field and click Save.
*This needs to be correct, so check it by trying to log into MySQL with it. To test in the command prompt, cd into the directory where the MySQL binaries are installed, this is usualyy in c:mysqlbin and run the following command to attempt to login with the root password you set:
mysql -uroot -p
You should now be able to add MySQL databases through Helm if you are able to login successfully from the command prompt.
What is a Certification Authority (CA)?
Certificate authority or certification authority (CA) is an entity which issues digital certificates for use by other parties. It is an example of a trusted third party. CA's are characteristic of many public key infrastructure (PKI) schemes.
What is SSL?
Short for Secure Sockets Layer, a protocol developed by Netscape for transmitting private documents via the Internet. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers.By convention, URLs that require an SSL connection start with https: instead of http:.
Another protocol for transmitting data securely over the World Wide Web is Secure HTTP (S-HTTP). Whereas SSL creates a secure connection between a client and a server, over which any amount of data can be sent securely, S-HTTP is designed to transmit individual messages securely. SSL and S-HTTP, therefore, can be seen as complementary rather than competing technologies. Both protocols have been approved by the Internet Engineering Task Force (IETF) as a standard.
What is a Certificate Signing Request (CSR)?
In PKI systems, a certificate signing request (also CSR or certification request) is a message sent from an applicant to a certificate authority in order to apply for a digital identity certificate. Before creating a CSR, the applicant first generates a key pair, keeping the private key secret. The CSR contains information identifying the applicant (such as a directory name in the case of an X.509 certificate), and the public key chosen by the applicant. The corresponding private key is not included in the CSR, but the entire request is digitally signed with the private key. The CSR may be accompanied by other credentials or proofs of identity required by the certificate authority, and the certificate authority may contact the applicant for further information.
If the request is successful, the certificate authority will send back a digitally signed identity certificate.
How does SSL work?
1. Browser checks the certificate to make sure that the site you are connecting to is the real site and not someone intercepting.
2. Determine encryption types that the browser and web site server can both use to understand each other.
3. Browser and Server send each other unique codes to use when scrambling (or encrypting) the information that will be sent.
4. The browser and Server start talking using the encryption, the web browser shows the encrypting icon, and web pages are processed secured.
What's the difference between a Single root and a Chained root SSL cert?
Some Certification Authorities, like Comodo, do not have a Trusted Root CA certificate present in browsers, therefore they need a "chained root" in order for their certificates to be trusted - essentially a CA with a Trusted Root CA certificate issues a "chained" certificate which "inherits" the browser recognition of the Trusted Root CA. These SSL certificates are known as "chained root" SSL certificates.
Installation of chained root certificates are more complex and some web servers are not compatible with chained root certificates.
Installation of chained root certificates are more complex and some web servers are not compatible with chained root certificates.
What is Public Key Infrastructure (PKI)?
public key infrastructure (PKI) is an arrangement which provides for third-party vetting of, and vouching for, user identities. It also allows binding of public keys to users. This is usually carried out by software at a central location together with other coordinated software at distributed locations. The public keys are typically in certificates.
How can I use my secure certificate for my email server?
This will entirely depend on your operating system, and mail server. Some general guidlines are listed here:
Your cert will usually need to be in 'pem' fashion. That is, both key and cert in one file. Your mail server must support SSL/TLS. For example, if you have a CPanel server, you can use your cert by editing the following files to contain your cert/key:
/etc/exim.key
/etc/exim.crt
/usr/local/cpanel/etc/cpanel.pem
After your certificate has been installed, you will need to restart CPanel, which should automatically restart Exim.
How do I put a password on my web pages?
You will need to create two files, .htpasswd and .htaccess. The .htaccess file defines what is permitted. The .htpasswd file contains the usernames and encrypted passwords for those users. For example, if I have a server that is www.example.com and it's DocumentRoot is /home/vhost/example.com/html and I have a directory inside that called /protected I will need to set up .htaccess like this:
AuthUserFile /home/vhost/example.com/html/protected/.htpasswd
AuthType Basic
AuthName "Whatever I want to call this text descriptor"
require valid-user
This now defines what the password file is called, what kind of authentication I'm doing (Basic) and what I'm restricting (GET and POST operations). Now to create the .htpasswd file all you have to do is log into the server via ssh and run this command:
htpasswd -c /home/vhost/example.com/html/protected/.htpasswd
This will create the file. You only want to do this once. If you do it again it will delete the file and create a new one with only the entry you're creating. All the previous entries will have been deleted. For subsequent new users you will run the command without the -c switch:
htpasswd /home/vhost/example.com/html/protected/.htpasswd
AuthUserFile /home/vhost/example.com/html/protected/.htpasswd
AuthType Basic
AuthName "Whatever I want to call this text descriptor"
require valid-user
This now defines what the password file is called, what kind of authentication I'm doing (Basic) and what I'm restricting (GET and POST operations). Now to create the .htpasswd file all you have to do is log into the server via ssh and run this command:
htpasswd -c /home/vhost/example.com/html/protected/.htpasswd
This will create the file. You only want to do this once. If you do it again it will delete the file and create a new one with only the entry you're creating. All the previous entries will have been deleted. For subsequent new users you will run the command without the -c switch:
htpasswd /home/vhost/example.com/html/protected/.htpasswd
How can I rotate my log files?
The default installations of Apache will set this up using the logrotate script. If you don't have this configured automatically or if you're using a non-standard installation (cPanel, Plesk, etc.) you can configure this in logrotate.
/etc/logrotate.d/httpd:
/path/to/httpd/logs/*log {
missingok
notifempty
sharedscripts
postrotate
/bin/kill -HUP `cat /path/to/httpd.pid 2>/dev/null` 2> /dev/null true endscript
}
Of course, update paths correctly and test appropriately.
/etc/logrotate.d/httpd:
/path/to/httpd/logs/*log {
missingok
notifempty
sharedscripts
postrotate
/bin/kill -HUP `cat /path/to/httpd.pid 2>/dev/null` 2> /dev/null true endscript
}
Of course, update paths correctly and test appropriately.
How do I comment blocks of ASP code?
Comments are notations that you can make on your web pages within an ASP script block that will not be interpreted or output on the displayed web page(s). For all intents and purposes, they are hidden from your site visitors since they cannot view the ASP source code for your web pages. This allows you to make comments inside your code that will help explain exactly what your code is doing.
Active Server Pages use the quote character (') to define comments. This comment is a "line comment", meaning that it will comment out everything following it up until the end of the line. There is no multiline comment in ASP. In order to comment multiple lines, each line must be preceded by a quote (').
Besides not having any support for multi-line comments, your ASP comments will not work if you place them within a string. This is because the interpreter will think that your apostrophe is a part of the string and not a comment. Below is an example of this happening. Again, the following is an example of what not to do!
What do I do if when I try to connect to mysql from php I get this error: "Call to unsupported or undefined function mysql_connect();"?
The php-mysql RPM is not installed. This can be installed either through WHM or if you're running a dedicated web server with "up2date php-mysql".
How can I do error handling in php?
PHP has this functionality built in. There are several excellent tutorials and of course the online documentation at
www.php.net
http://www.phpbuilder.com/columns/mattias20000519.php3
http://www.informit.com/articles/article.asp?p=170279&rl=1
http://www.webkreator.com/php/configuration/foolproof-php-handling-2.html
http://www.php.net/errorfunc
www.php.net
http://www.phpbuilder.com/columns/mattias20000519.php3
http://www.informit.com/articles/article.asp?p=170279&rl=1
http://www.webkreator.com/php/configuration/foolproof-php-handling-2.html
http://www.php.net/errorfunc
Is there a way to encrypt text from php?
Text can be encrypted inside PHP with the mcrypt functions.
Latency Issues, Lagg, Packet Loss Reporting
For us to assist our clients with issues like this we require some information.
1: Dos or Shell based 300 ping count. Showing ONLY the end results not all 300 pings.
2: Dos or Shell based traceroute to your server from your remote location. Text file format only please. Our upstreams will not accept images. Please do NOT mask your IP address
3: Dos or Shell based traceroute from your server to your remote location. Text file format only please. Our upstreams will not accept images. Please do NOT mask your IP address
4: 'root' or administrator logins to your host so we can confirm the network configuration on your host and perform additional tests if needed.
5: Information about any firewalls or packet filters you might be running
6: Information about the application you are experiencing the latency in.
7: Information on how to possibly replicate the problem.
Please include these as text files in your existing ticket or open a new one and we will pass the details upto backbone neteng teams who will look into any issues on the upstream links.
Sorry, the nameserver ip X.X.X.X cannot be removed since it is still registered with an ICANN register.
If you are seeing the following message in your CPanel/WHM
Sorry, the nameserver ip X.X.X.X cannot be removed since it is still registered with an ICANN register.
This is a bug in CPanel/WHM and you will need to disable the 'ICANN WHOIS CHECK' via the 'Tweaks' menu in your WHM. Once this is disabled it will allow you to bypass the check and use any IP address for your DNS server(s).
Please login to your WHM and on the top left navigation menu you will see a link for 'Tweaks'. Near the bottom of that list you will see a checkbox option for 'Disable whois lookups for the nameserver ip manager.' or similar text. Check that box off and save any settings. Once that is done you should be able to modify the settings with no problems.
Sorry, the nameserver ip X.X.X.X cannot be removed since it is still registered with an ICANN register.
This is a bug in CPanel/WHM and you will need to disable the 'ICANN WHOIS CHECK' via the 'Tweaks' menu in your WHM. Once this is disabled it will allow you to bypass the check and use any IP address for your DNS server(s).
Please login to your WHM and on the top left navigation menu you will see a link for 'Tweaks'. Near the bottom of that list you will see a checkbox option for 'Disable whois lookups for the nameserver ip manager.' or similar text. Check that box off and save any settings. Once that is done you should be able to modify the settings with no problems.
How to bind IPs on a Windows Server
1. Start -> Settings -> Control Panel -> Network Connections
2. Right click and go to properties of the enabled/active NIC
3. Highlight on TCP/IP and click on properties
4. Select " Use the following IP address "
5. Enter your IP information for the server.
6. Click on Advanced
7. Click Add on the IP Settings tab.
8. Enter the usable IP range along with the netmask. ( ie 255.255.255.0 )
9. Click OK.
How to bind a range of IP's on BSD based hosts ( FreeBSD, OpenBSD )
First login to your FreeBSD host as a 'non-root' user. You should have an account in the 'wheel' group that you can do this with. Once you have logged in run the following commands to switch users to 'root'
su -
Password:
server#
The prompt should have a # in it now meaning you are the 'root' user.
Now run these commands.
ee /etc/rc.conf
Using 192.168.1.3 - 192.168.1.6 as an example
ifconfig_fxp0="inet 192.168.1.2 netmask 255.255.255.248"
ifconfig_fxp0_alias0="inet 192.168.1.3 netmask 255.255.255.255"
ifconfig_fxp0_alias1="inet 192.168.1.4 netmask 255.255.255.255"
ifconfig_fxp0_alias2="inet 192.168.1.5 netmask 255.255.255.255"
ifconfig_fxp0_alias3="inet 192.168.1.6 netmask 255.255.255.255"
Note that changes to the '_aliasNN' and also the 'netmask' changes to '255.255.255.255' from '255.255.255.248'. The IP's will not work unless you use a '255.255.255.255' netmask for the alias IP's.
Once you have added the enteries to your file you need to press 'ESC' and then select the 'Save File' option. You can then reboot the server and the IP's will be bound and ready to use.
You can also use 'ifconfig' on the command line to add them without a reboot.
Please see the following man pages for more information.
man ifconfig
man rc.conf
man netstat
How to bind a range of IP's in Debian based linux
Just define a new interface in /etc/network interfaces:
## Start
auto eth0
auto eth0:0
auto eth0:1
auto eth0:2
auto eth0:3
iface eth0 inet static
address 192.168.1.2
netmask 255.255.255.248
gateway 192.168.1.1
iface eth0:0 inet static
address 192.168.1.3
netmask 255.255.255.248
gateway 192.168.1.1
iface eth0:1 inet static
address 192.168.1.4
netmask 255.255.255.248
iface eth0:2 inet static
address 192.168.1.5
netmask 255.255.255.248
iface eth0:3 inet static
address 192.168.1.6
netmask 255.255.255.248
## End
Then you can reboot or use the commands below to bring the interfaces up without a reboot.
ifup eth0:0
ifup eth0:1
ifup eth0:2
ifup eth0:3
ifup eth0:4
On the next reboot they should automatically bind to the NIC.
How to bind a range of IP's in Redhat based linux
How to bind a range of IP's in Linux.
This method is used by Redhat Linux based servers
(Centos/RedhatEnterprise/FedoraCore).
Create a file called /etc/sysconfig/network-scripts/ifcfg-eth0-range0
And in the file place these 3 lines but change the IP's to match YOUR assigned range.
##Start
IPADDR_START=67.18.xxx.xxx
IPADDR_END=67.18.xxx.xxx
CLONENUM_START=0
# Example IPADDR_START=67.18.333.440
# Example IPADDR_END=67.18.333.444
# Example CLONENUM_START=0
## END
The CLONENUM_START should be the number at which the alias interfaces should start. If you add your 5 IP's to this server and then want to bind a second set of IP's you create a second file named 'ifcfg-eth0-range1' and change the CLONENUM_START to match the last interface alias. IE 'eth0:5' = CLONENUM_START=5
After you have created the above file execute the command 'service network restart' and your IP's will be all setup.
*CPANEL NOTE*Please do not use this method of binding additional IPs if you are using Cpanel. Bind the IPs through the Cpanel interface.
Subscribe to:
Posts (Atom)
