Tuesday, August 21, 2012

Alternative of "ls" command

It might happen that you will not be able to access "ls" command. It might not even be accessible from miniroot.

Using echo displays a clean list of files within a given directory.

Hard system crashes or drives dying can bring systems down to the point where filesystems are so corrupted that they are unable to mount. When this occurs, at times the only way to see the system files is to use echo for displaying the files and directories.

#cd /usr

#ls *
bin  etc  games  include  java  kerberos  lib  libexec  local  man  nsh  openv

- An output of ls can be a single or multiple column listing

#echo *
bin etc games include libexec local man nsh openv sbin share src tmp X11R6

- When echo is used, the files will all be spaced one right after the other.

Thursday, August 16, 2012

cPanel - mysqltuner script

At times, situation comes where we need to tune mysql on cPanel server's. cPanel server has built in script now a days named - mysqltuner.pl

Location - /usr/local/cpanel/3rdparty/mysqltuner/mysqltuner.pl

We can make use of it in need onto the server.


root@[/usr/local/cpanel/3rdparty/mysqltuner]# ./mysqltuner.pl
 >> MySQLTuner 1.1.2 - Major Hayden <major@mhtx.net>
 >> Bug reports, feature requests, and downloads at http://mysqltuner.com/
 >> Run with '--help' for additional options and output filtering
-------- General Statistics --------------------------------------------------
[--] Skipped version check for MySQLTuner script
[OK] Currently running supported MySQL version 5.1.63-cll
[OK] Operating on 64-bit architecture
-------- Storage Engine Statistics -------------------------------------------
[--] Status: -Archive -BDB -Federated +InnoDB -ISAM -NDBCluster
[--] Data in MyISAM tables: 2G (Tables: 23107)
[--] Data in InnoDB tables: 598M (Tables: 5883)
[--] Data in MEMORY tables: 0B (Tables: 205)
[!!] Total fragmented tables: 6835
-------- Performance Metrics -------------------------------------------------
[--] Up for: 44m 31s (95K q [35.748 qps], 2K conn, TX: 263M, RX: 15M)
[--] Reads / Writes: 81% / 19%
[--] Total buffers: 442.0M global + 12.4M per thread (500 max threads)
[OK] Maximum possible memory usage: 6.5G (80% of installed RAM)
[OK] Slow queries: 0% (134/95K)
[OK] Highest usage of available connections: 2% (11/500)
[OK] Key buffer size / total MyISAM indexes: 384.0M/1.7G
[OK] Key buffer hit rate: 99.8% (9M cached / 19K reads)
[OK] Query cache efficiency: 73.0% (53K cached / 73K selects)
[!!] Query cache prunes per day: 21284
[OK] Sorts requiring temporary tables: 0% (0 temp sorts / 3K sorts)
[!!] Joins performed without indexes: 372
[!!] Temporary tables created on disk: 29% (2K on disk / 10K total)
[OK] Thread cache hit rate: 99% (11 created / 2K connections)
[!!] Table cache hit rate: 12% (512 open / 4K opened)
[OK] Open file limit used: 21% (876/4K)
[OK] Table locks acquired immediately: 99% (33K immediate / 33K locks)
[!!] InnoDB data size / buffer pool: 598.5M/8.0M
-------- Recommendations -----------------------------------------------------
General recommendations:
 Run OPTIMIZE TABLE to defragment tables for better performance
 MySQL started within last 24 hours - recommendations may be inaccurate
 Adjust your join queries to always utilize indexes
 When making adjustments, make tmp_table_size/max_heap_table_size equal
 Reduce your SELECT DISTINCT queries without LIMIT clauses
 Increase table_cache gradually to avoid file descriptor limits
Variables to adjust:
 query_cache_size (> 32M)
 join_buffer_size (> 128.0K, or always use indexes with joins)
 tmp_table_size (> 16M)
 max_heap_table_size (> 16M)
 table_cache (> 512)
 innodb_buffer_pool_size (>= 598M)
root@ [/usr/local/cpanel/3rdparty/mysqltuner]#

Tuesday, July 31, 2012

dmidecode: DMI type numbers

Dmidecode reports information about your system's hardware as described in your system BIOS according to the SMBIOS/DMI standard (see a sample output). 

This information typically includes system manufacturer, model name, serial number, BIOS version, asset tag as well as a lot of other details of varying level of interest and reliability depending on the manufacturer. This will often include usage status for the CPU sockets, expansion slots (e.g. AGP, PCI, ISA) and memory module slots, and the list of I/O ports (e.g. serial, parallel, USB).

The DMI type numbers, shown below, used individually or in a comma separated list provide you with targeted information.

Type Information
1 System
2 Base Board
3 Chassis
4 Processor
5 Memory Controller
6 Memory Module
7 Cache
8 Port Connector
9 System Slots
10 On Board Devices
11 OEM Strings
12 System Configuration Options
13 BIOS Language
14 Group Associations
15 System Event Log
16 Physical Memory Array
17 Memory Device
18 32-bit Memory Error
19 Memory Array Mapped Address
20 Memory Device Mapped Address
21 Built-in Pointing Device
22 Portable Battery
23 System Reset
24 Hardware Security
25 System Power Controls
26 Voltage Probe
27 Cooling Device
28 Temperature Probe
29 Electrical Current Probe
30 Out-of-band Remote Access
31 Boot Integrity Services
32 System Boot
33 64-bit Memory Error
34 Management Device
35 Management Device Component
36 Management Device Threshold Data
37 Memory Channel
38 IPMI Device
39 Power Supply


#dmidecode -t 1
#dmidecode -t 1,19

Saturday, July 28, 2012

Configure multiple User RDP Session on Windows 2008 Running In Remote Administration Mode

On the Windows 2008 Server go to

Start -> Run -> in run windows type "tsconfig.msc" OR go into into Administrative tools terminal server Configuration

In middle pan Should see "Edit Setting Box" in the box we should see option to "Restrict each user to single session"

double click and uncheck that option this should allow you mutliple sessions.

You should see the prompts like below

Thanks to one my collegue whos name is the same -

Thursday, June 21, 2012

Test if suPHP works with your apache installation

echo ‘Current script owner: ‘ . get_current_user(). ‘

echo ‘UID:’ . getmyuid() . ‘

echo ‘GID:’ . getmygid() . ‘

echo ‘PID:’ . getmypid() . ‘

echo ‘

echo “PHP runs under the user: [" . system('whoami') . "]


How to detect CPU architecture/bitmode (32-bit or 64-bit)

#cat /proc/cpuinfo | grep flags

You will find one of them with name "tm(transparent mode)" or "rm(real mode)" or "lm(long mode)"

1. rm tells ,it is a 16 bit processor

2. tm tells, it is a 32 bit processor

3. lm tells, it is a 64 bit processor

Saturday, June 2, 2012

How to install SSL with PFX file?

If you wish to install exported SSL with .pfx file to your cPanel server. You may refer to the following step.

Assume, you have a file named domain.pfx.

1) Export key file,

#openssl pkcs12 -in domain.pfx -nocerts -out domain.key

2) Export decrypted key file,

#openssl rsa -in domain.key -out domain.decrypted.key

3) Export Certificate, crt file,

#openssl pkcs12 -in domain.pfx -clcerts -nokeys -out domain.crt

4) Export cabundle file,

#openssl pkcs12 -in domain.pfx -cacerts -nokeys -out cabundle.pem

5) You should now able install your SSL through WHM.

What is an express transfer?

An express transfer, in addition to transferring the requested cPanel account(s), performs the following actions on the source server:

1) Updates the account's A record to point to the destination server.
2) Whenever appropriate, changes the domain's nameserver entry to point to the destination server.
3) Updates the mail databases to point to the destination server.
4) Adds a redirect for the Account Moved page (cgi-sys/movingpage.cgi)
5) Blocks SSH and FTP logins to the source server for accounts that were transferred.

In all, if you transfer one account abc.com (from previous IP or server xx.xx.xx.1), the zone file for abc.com on server xx.xx.xx.1 will be altered automatically using IP where the account is being transferred i.e. xx.xx.xx.3

Note:- in this case nameservers are like,

for server xx.xx.xx.1,
ns1.server1.com (xx.xx.xx.1)
ns2.server1.com (xx.xx.xx.2)

for server xx.xx.xx.3
ns3.server1.com (xx.xx.xx.3)
ns4.server1.com (xx.xx.xx.2)

Thus, the domain will start resolving to new IP address - xx.xx.xx.3 using nameservers (ns2.server1.com & ns4.server1.com)

Express transfer option can be seen from option WHM >> Copy multiple account from another server

http://docs.cpanel.net/twiki/bin/view/AllDocumentation/AllFAQ/WHMsFAQ#What is an express transfer?

What is the WHM Autofixer?

The Autofixer is a collection of scripts that can be run from WHM to fix some common issues not otherwise fixable or accessible from command line. i.e. SSH access is not available by some reason.

Few common autofixers:-

- test — Test autofixer on your system, nothing gets changed.
- bsdbindfix — Resolve port issue with BIND 9.
- compresszlibfix — Fix for compress zlib error.
- dbdmysql — DBD::mysql fix for older version of Red Hat (i.e. 7.3).
- fpindexfile — Fix for FrontPage index.
- iptablesflush — Flush iptables rules from WHM if you are firewalled from SSH access.
- libxml64fix — Fix for libXML on 64-bit systems.
- resellerresourceacctounts — Fix for reseller resource accounts.
- vfilterfix — Restores /etc/vfilters files.
- yumduprpmfix — This script will attempt to locate and resolve any duplicate RPMs.

- safesshrestart — Restores SSH Config and restarts SSH, should you be locked out.
>> This is one of the best fixer I have dealt with :) It just re-configures SSHD service on port 22

How to make use of it?



xx.xx.xx.xx - replace with your server IP address

Autofixer scripts can always be found at http://httpupdate.cpanel.net/autofixer/

Ref - 
http://docs.cpanel.net/twiki/bin/view/AllDocumentation/AllFAQ/WHMsFAQ#What is the WHM Autofixer?

Monday, May 28, 2012

Prune disk space on the drive of MSSQL Server

When the disk space is full on the Windows Server, there are many ways to free some disk space on the server.

One of the way is that if you have Microsoft SQL Server 2005 installed on the server, then you can delete the Error logs which consumes disk space on the server.

Please refer to the steps to delete the MSSQL Error Log file:

1. Login to the Microsoft SQL Server Management studio.
2. Login with the Windows Authentication.
3. Click on Databases.
4. Click on New Query.
5. Make sure that you have "master" database selected in the drop down box of "Available Databases".
6. You have to execute the following query on the master database:

EXEC sp_cycle_errorlog ;

7. Once you execute the query, the current error log is renamed to ERRORLOG.1 which you can see in the specific path for the log file.
For Example: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG

8. You can delete ERRORLOG.1 to free some disk space on the server.
9. sp_cycle_errorlog enables you to cycle the error log files without stopping and starting the SQL service.

There is no need to restart the SQL service.

Ref - http://msdn.microsoft.com/en-us/library/ms182512.aspx

Thursday, May 17, 2012

FSCK - how much % fsck is completed

Note : Make sure that partition is not mounted while running fsck.

Many time due to big partition size ,we have to wait for the long time at that time we think fsck process is stuck at that time we can use the following fsck command because its showing the % for the fsck process, so that we are able to see how much % fsck is completed and remaining.

#fsck -y -C0 -v /dev/sdb1

-C [ "fd" ]Display completion/progress bars for those filesystem checkers (currently only for ext2 and ext3) which support them. Fsck will manage the filesystem checkers so that only one of them will display a progress bar at a time. GUI front-ends may specify a file descriptor fd, in which case the progress bar information will be sent to that file descriptor.

YUM plug-ins to control package versions

1) versionlock

- How to install it?

#yum install yum-plugin-versionlock

- The next step is to use the versionlock plug-in to create its file of package versions.

#yum versionlock \*

- Now, if you try to install updates they will be rejected. So how do you update?

- Update the package version in the version list file, /etc/yum/pluginconf.d/versionlock.list, and then run

#yum upgrade

- To add files that you want version locked, use the following yum command:

#yum versionlock [package-name]

Versionlock allows you specify what version of a package should be installed. You can find out more about it in the baseurl.org yum wiki - http://yum.baseurl.org/wiki/Faq

2) allow-downgrade

if you've already installed a newer version of the package, you'll have to downgrade it. In that case, make sure you've got yum's downgrade plugin installed:

- If you're downgrading, you may need to throw in the --allow-downgrade flag.

# yum --allow-downgrade install php-gd-5.2.6

Monday, December 5, 2011

Thursday, October 20, 2011

Why do the CPU stats vary with ps and top?

The commands ps and top express CPU time differently. While ps calculates it by “total CPU time” divided by “time task is running”, top shows the value as a percentage of overall CPU time.

For ps, this means that the longer a process is running without a high CPU utilization the smaller the value of%cpugets (it converges to zero).

For top, this means that it displays this value as share of the CPU time since last screen update and is therefore more accurate in terms of “current CPU utilization”.

One CD disk, multiple Linux distributions: Netboot CD

I have nothing to say.....below URL itself shouting a lot

Friday, September 16, 2011

How to restrict linux users logging from shell except root?

Sometimes you have to disable the login to all users,except root
e.g. when you have to do a backup, you have to use pam_nologin.so

1) Edit the pam file for the service you want to control, in this example i modify ssh pam control file, located in /etc/pam.d/sshd

Add this line
account required pam_nologin.so

2) touch /etc/nologin

This should disable the login from ssh. If you want to disable the login from terminal, modify the /etc/pam.d/login file.

3) To re-enable the login just remove /etc/nologin

Tuesday, September 6, 2011

Clean up buffer and cached memory by defrag_mem

This command is very useful to free buffers when you face lack of memory issue. Free memory can be seen from the output of common linux command “free”:

[root]# free
total       used       free     shared    buffers     cached
Mem:       1033972     987192      46780          0     159204     309176
-/+ buffers/cache:     518812     515160
Swap:      4192956         68    4192888
Here we can see that free memory calculation formula is:

Real free memory = free + buffers + cached
To clean up buffers and cached memory, use defrag_mem:

[root]# gcc -o defrag_mem
[root]# ./defrag_mem 500M

[root]# free
total       used       free     shared    buffers     cached
Mem:       1033972     482504     551468          0        612       7760
-/+ buffers/cache:     474132     559840
Swap:      4192956     112964    4079992

Sunday, August 21, 2011

How to add user in DRAC 6 ?

Ref - http://support.dell.com/support/edocs/software/smdrac3/idrac/idrac15mono/en/ug/pdf/ug.pdf

- Login to linux shell using the DRAC's main IP

- To verify if a user exists, type the following command at the command prompt:
racadm getconfig -u USER


NOTE - (please take this step seriously and ensure the users configured on indexes, if not then you can configure user on the index except the preconfigured user on that index)

- Type the following command once for each index of 1–16:
racadm getconfig -g cfgUserAdmin -i 3

- To add user
racadm config -g cfgUserAdmin -o cfgUserAdminUserName -i 3 USER

- To set password for configured user
racadm config -g cfgUserAdmin -o cfgUserAdminPassword -i 3 PASSWORD

- To set read only privileges to user
racadm config -g cfgUserAdmin -i 3 -o cfgUserAdminPrivilege 0x00000001

- To enable the user
racadm config -g cfgUserAdmin -i 3 -o cfgUserAdminEnable 1

- Login to DRAC Web interface with the user you created. 

Note:- Each Dell DRAC comes with a default password; user: “root” password: “calvin”. But, we should change that for security purposes.

Monday, May 30, 2011

Some PHP commandline options

#php --ri date
date/time support => enabled
"Olson" Timezone Database Version => 2009.20
Timezone Database => internal
Default timezone => Europe/Oslo
Directive => Local Value => Master Value
date.timezone => Europe/Oslo => Europe/Oslo
date.default_latitude => 59.930972 => 59.930972
date.default_longitude => 10.776699 => 10.776699
date.sunset_zenith => 90.583333 => 90.583333
date.sunrise_zenith => 90.583333 => 90.583333

Some other php-cli options,

--rf Show information about function .
--rc Show information about class .
--re Show information about extension .

This option is only available if PHP was compiled with Reflection support.


#php --rf var_dump
Function [ public function var_dump ] {
Parameters [2] {
Parameter #0 [ $var ]
Parameter #1 [ $... ]


#php --rc Directory
Class [ class Directory ] {
Constants [0] {
- Static properties [0] {
- Static methods [0] {
- Properties [0] {
- Methods [3] {
Method [ public method close ] {
Method [ public method rewind ] {
Method [ public method read ] {


#php --re json
Extension [ extension #19 json version 1.2.1 ] {
Functions {
Function [ function json_encode ] {
Function [ function json_decode ] {

4) Using a different php.ini file

The following option can be useful when you need to test various ini configurations, or you need to check if all the modules in a particular ini are loading correctly.

#php –c PATH/to/PHP.INI example.php

5) Check to see for any syntax errors in a php file

Need to quickly check for php syntax errors if you do not have access to an IDE, then this option can be quite helpful. Combine it with some shell code and you can easily check for syntax errors for multiple files in a directory.

#php –l example.php

6) Display php built-in and loaded modules with debug

Combine it with php –c to debug any module loading errors for different php.ini files

#php –c PATH/to/PHP.INI -m

7) Syntax Highlighting

The following option will display syntax highlighted text using php’s internal mechanism.

#php –s example.php

You can then write the output to another file using a redirect.

#php –s example.php > syntax.html

8) Strip the source code of comments and whitespace

Can be useful if you need to reduce the file size.

#php –w example.php

Sunday, May 15, 2011

Flush DNS cache in Linux

If you register a new domain name and you can’t access it, it may be your DNS cache that holds the problem. You can flush DNS cache in Linux:
#/etc/rc.d/init.d/nscd restart

Wednesday, May 4, 2011

RHEL / CentOS Support 4GB or more RAM ( memory ) using PAE Kernel

If you have 4 GB or more RAM use the Linux kernel compiled for PAE capable machines. Your machine may not show up total 4GB ram with 32 bit architecture servers. All you have to do is install PAE kernel package.

This package includes a version of the Linux kernel with support for up to 64GB of high memory. It requires a CPU with Physical Address Extensions (PAE). The non-PAE kernel can only address up to 4GB of memory. Install the kernel-PAE package if your machine has more than 4GB of memory (>=4GB).

How Do I Install PAE kernel?

To install PAE kernel, use yum command:
# yum install kernel-PAE
# grub
grub> savedefault --default=0 --once
grub> quit
# reboot

If the kernel boots successfully edit /etc/grub.conf again to set the new kernel as the new default for the future reboots.

Thursday, April 7, 2011

Logging into cPanel's Enkompass FTP account

When entering the login information to your FTP client, remember to enter the username as


Your domain name,
the "pipe" character (|), and
the FTP account's username.

Requiring that the login information be entered in this way allows your server to have multiple FTP accounts across multiple websites.

General OpenSSL Commands

These commands allow you to generate CSRs, Certificates, Private Keys and do other miscellaneous tasks.

1) Generate a new private key and Certificate Signing Request
#openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key

2)Generate a self-signed certificate (see How to Create and Install an Apache Self Signed Certificate for more info)
#openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt

3) Generate a certificate signing request (CSR) for an existing private key

#openssl req -out CSR.csr -key privateKey.key -new

4) Generate a certificate signing request based on an existing certificate
#openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key

5) Remove a passphrase from a private key
#openssl rsa -in privateKey.pem -out newPrivateKey.pem

Checking Using OpenSSL

If you need to check the information within a Certificate, CSR or Private Key, use these commands. You can also check CSRs and check certificates using our online tools.

1) Check a Certificate Signing Request (CSR)
#openssl req -text -noout -verify -in CSR.csr

2) Check a private key
#openssl rsa -in privateKey.key -check

3) Check a certificate
#openssl x509 -in certificate.crt -text -noout

4) Check a PKCS#12 file (.pfx or .p12)
#openssl pkcs12 -info -in keyStore.p12

No space left on device

Some times apache just fails or stops, fails to restart with an error message like

[emerg] (28)No space left on device: mod_fcgid: Can't create global mutex
[crit] (28)No space left on device: mod_rewrite: could not create rewrite_log_lock
[emerg] (28)No space left on device: Couldn't create accept lock

The following command can be used to get this problem resolved:-

#ipcs -s | grep $apacheuser | awk '{print "ipcrm sem " $2}' | sh


#ipcs -s | grep nobody | perl -e 'while () {@a=split(/\s+/); print `ipcrm sem $a[1]`}'  ipcrm $(ipcs -s |awk '$3=="nobody"{print "-s",$2}')

mtr: Linux Network Diagnostic Tool

MTR combines the functionality of the traceroute and ping programs in a single net-work diagnostic tool. MTR is networking tools available on Linux. As mtr starts, it investigates the network connection between the host mtr runs on and a user-specified destination host.

MTR probes routers on the route path by limiting the number of hops individual packets may traverse, and listening to responses of their expiry. It will regularly repeat this process, usually once per second, and keep track of the response times of the hops along the path.

It investigates the network connection between the host mtr runs on and certain HOSTNAME by sending packets with purposly low TTLs. It continues to send packets with low TTL, noting the response time of the intervening routers. This allows mtr to print the response percentage and response times of the internet route to HOSTNAME. A sudden increase in packetloss or response time is often an indication of a bad (or simply overloaded) link.

#mtr google.com

Monday, February 28, 2011

Protecting Files with a Sticky Bit

Unix directory access permissions say that if a user has write permission on a directory, one can rename or remove files there, even files that don't belong to that individual. Many newer versions of Unix have a way to stop that. The owner of a directory can set its sticky bit. The only people who can rename or remove any file in that directory are the file's owner, the directory's owner, and the superuser.

Here's an example: the user tom makes a world-writable directory and sets the sticky bit (shown as t here):

tom% mkdir share
tom% chmod 1777 share
tom% ls -ld share
drwxrwxrwt 2 tom ra 32 Nov 19 10:31 share

Other people create files in it. When ann tries to remove a file that belongs to nelly, she can't:

ann% ls -l
total 2
-rw-r--r-- 1 nelly ra 120 Nov 19 11:32 data.nelly
-rw-r--r-- 1 ann ra 3421 Nov 19 15:34 data.ann
-rw-r--r-- 1 pete ra 728 Nov 20 12:29 data.pete
ann% rm data.nelly
data.nelly: 644 mode ? y
rm: data.nelly not removed.
Permission denied

Monday, February 14, 2011

spamd on server.testserver.com failed

cPanel Version - 11.28.64
root@server [~]# /usr/local/cpanel/cpanel -V
root@server [~]#
Spam Assassin Version - 3.003001
root@server [~]# perl -MMail::SpamAssassin -e 'print $Mail::SpamAssassin::VERSION."\n";'
root@server [~]#

Noticed below kind a spamd failure alert on the server though spamd runs in the background
spamd failed @ Mon Feb 14 07:31:49 2011. A restart was attempted automagically.
Service Check Method: [check command]

Cmd Service Check Raw Output: Spamd is not running
Raw Output: Subject: Test spam mail (GTUBE)
Message-ID: GTUBE1.1010101@example.net
Date: Wed, 23 Jul 2003 23:30:00 +0200
From: Sender sender@example.net
To: Recipient recipient@example.net
Precedence: junk
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is the GTUBE, the
Test for

If your spam filter supports it, the GTUBE provides a test by which you
can verify that the filter is installed correctly and is detecting incoming
spam. You can send yourself a test mail containing the following string of
characters (in upper case and with no white spaces and line breaks):


You should send this test mail from an account outside of your network.
How to fix?
#/scripts/restartsrv spamd
#service exim stop
#service exim start 


sa-learn -D --force-expire 
sa-update -D 
/scripts/autorepair spamd_dbm_fix
/etc/init.d/exim restart

Tuesday, November 2, 2010

Bandmin acctboth error while starting CSF

Restarting bandmin acctboth chains for cPanel
open3: exec of /usr/local/bandmin/bandminstart failed at /usr/sbin/csf line 1638
iptables v1.4.0: Couldn't load target `acctboth':/lib/iptables/libipt_acctboth.so: cannot open shared object file: No such file or directory


1) Check if directory bandmin is present at /usr/local/ if not install bandmin on server
#/scripts/bandminup --force
#csf -x
#csf -e

You should not see bandmin acctboth error

If it still gives the error go for step - 2

2) That suggests that you installed the cPanel version or that you've incorrectly set GENERIC = "0". If the former, uninstall and re-install csf. If the latter, set GENERIC = "1" in csf.conf and then restart csf and lfd.
(Thanks to Chirpy)

Wednesday, October 27, 2010

Tighten up your Exim (mail server)

For WHM versions 11.27/11.28

You may want to prevent users from bypassing your mail server to send mail. This feature allows you to configure your server so that the mail transport agent (MTA), Mailman mailing list software, and root user are the only accounts able to connect to remote SMTP servers.

To enable or disable users from bypassing your mail server:
Click Enable or Disable.

Please make sure that SMTP Tweak is turned on:

/scripts/smtpmailgidonly on

It’s also a good idea to require sender verification, which can be enabled in WHM >> Exim Configuration Editor

Troubleshooting Using dmesg Command in Unix and Linux

Troubleshooting Using dmesg Command in Unix and Linux

Thursday, October 21, 2010

Understanding DNS Lookups

understanding DNS lookups

Created by RackAid

Mongrel doesn't work with rails 2.3.8 - BUG

Mongrel (It is an open-source HTTP library and web server written in Ruby) apps stopped working with "mongrel_rails" when upgraded from 2.3.5 to 2.3.8, but script/server still works with mongrel.
To reproduce, create a new rails application with simple "render :text => 'Ok'" action and run "mongrel_rails start".

$ mongrel_rails start
** Starting Mongrel listening at
** Starting Rails with development environment...
** Rails loaded.
** Loading any Rails specific GemPlugins
** Signals ready.  TERM => stop.  USR2 => restart.  INT => stop (no restart).
** Rails signals registered.  HUP => reload (without restart).  It might not work well.
** Mongrel 1.1.5 available at
** Use CTRL-C to stop.
Tue May 25 20:24:52 +0300 2010: Error calling Dispatcher.dispatch #
You might have expected an instance of Array.
The error occurred while evaluating nil.split>
/Users/be/.gem/ruby/1.8/gems/actionpack-2.3.8/lib/action_controller/cgi_process.rb:54:in `dispatch_cgi'
/Users/be/.gem/ruby/1.8/gems/actionpack-2.3.8/lib/action_controller/dispatcher.rb:101:in `dispatch_cgi'
/Users/be/.gem/ruby/1.8/gems/actionpack-2.3.8/lib/action_controller/dispatcher.rb:27:in `dispatch'
/Users/be/.gem/ruby/1.8/gems/mongrel-1.1.5/bin/../lib/mongrel/rails.rb:76:in `process'
/Users/be/.gem/ruby/1.8/gems/mongrel-1.1.5/bin/../lib/mongrel/rails.rb:74:in `synchronize'

This actually looks like a bug in Mongrel, specifically their handling off cookies when @head['cookies'] is a string

In lib/mongrel/cgi.rb, there is a bug in send_cookies. When @head['cookies'] is an array or a hash, it iterates over the values and to_s's them, but when it's something else and tries to to_s the value of options['cookie'].

The simple change of modifying line 110 of cgi.rb

to['Set-Cookie] = options['cookie'].to_s

to['Set-Cookie] = cookie.to_s

You should not be facing any problems for send cookies then :)

Friday, September 24, 2010

Overview of php handlers

4 PHP handlers,currently available via EasyApache

Thanks to Cpanel Forum :)

Tuesday, September 21, 2010

How to send mails to domains having MX record as IP using Exim?

In this example, domain.com has MX record as IP and not FQDN, see below
domain.com. 3600 IN MX 10 XX.XX.XX.XX.

By default, Exim configured on Cpanel does not allows to send mails to domains having MX records as IP


You will need to add entry "allow_mx_to_ip = yes" into the exim.conf as shown below,

# If you want Exim to support the "percent hack" for all your local domains,
# uncomment the following line. This is the feature by which mail addressed
# to x%y@z (where z is one of your local domains) is locally rerouted to
# x@y and sent on. Otherwise x%y is treated as an ordinary local part.
# percent_hack_domains = *
allow_mx_to_ip = yes
#sender_host_accept = +include_unknown:*
#sender_host_reject = +include_unknown:lsearch*;/etc/spammers

then fire command

#service exim restart

Tuesday, August 24, 2010

How to prevent HTTP flood attack for your dedicated server?

If any hacker is trying to attack your server using HTTP flood tactic then there is only single way using which you can prevent your server from such attack and is know as “tarpitting” In HTTP flood attack hacker usually sends randomized HTYP request to your server making it unstable or can even can crash it. HTTP flood attacks are very difficult to handle as there is almost no way to identify legitimate packets from the ones which are sent by the hacker thus it’s difficult to tackle such situation. The main target of HTTP flood ddos attack is not just the servers TCP/IP stack but the web server running on it thus it results in more serious attack which is not easy to handle and your server may crash down making it inaccessible.

There is a solution for handling such HTTP flood ddos attack.

You can use advance technique called “tarpitting”using which you can fight such attack more efficiently. If you are on Linux based server then you can enable tarpitting using following command:

iptables -A INPUT -s x.x.x.x -p tcp -j TARPIT

Now tarpitting will automatically sets connections window size to few bytes once it is established successfully. According to TCP/IP protocol design, the connecting device will initially only send as much data to target as it takes to fill the window until the server responds. If in case the connecting device does not receive out response it will start sending the packets again and again over longer period of time.

Thus here comes the role of “tarpitting” which will not to respond again to the packets, that didn’t respond at first time and hence thereby spoofed protecting your server from getting unwanted HTTP requests.

More Ref
1) http://www.symantec.com/connect/articles/slow-down-internet-worms-tarpits 
2) http://www.linuxjournal.com/article/7180

3) http://terrarum.net/administration/surviving-an-http-ddos-attack.html

Thursday, August 19, 2010

Port Knocking

Port knocking is a method of establishing a connection to a networked computer that has no open ports. Before a connection is established, ports are opened using a port knock sequence, which is a series of connection attempts to closed ports. A remote host generates and sends an authentic knock sequence in order to manipulate the server's firewall rules to open one or more specific ports. These manipulations are mediated by a port knock daemon, running on the server, which monitors the firewall log file for connection attempts which can be translated into authentic knock sequences. Once the desired ports are opened, the remote host can establish a connection and begin a session. Another knock sequence may used to trigger the closing of the port.

Ref -

Screen Command

Screen has two main functionalities:

- Run multiple terminal session within a single terminal.
- A started program is decoupled from the real terminal and can thus run in the background. The real terminal can be closed and reattached later.

How to install?
#yum install screen

start screen with:
# screen

Within the screen session we can start a long lasting program (like top). Detach the terminal and reattach the same terminal from an other machine (over ssh for example).
# top
Now detach with Ctrl-a Ctrl-d. Reattach the terminal with

# screen -r
or better:
# screen -R -D

Attach here and now. In detail this means: If a session is running, then reattach. If necessary detach and logout remotely first. If it was not running create it and notify the user.
Screen commands (within screen)

All screen commands start with Ctrl-a.
* Ctrl-a ? help and summary of functions
* Ctrl-a c create an new window (terminal)
* Ctrl-a Ctrl-n and Ctrl-a Ctrl-p to switch to the next or previous window in the list, by number.
* Ctrl-a Ctrl-N where N is a number from 0 to 9, to switch to the corresponding window.
* Ctrl-a " to get a navigable list of running windows
* Ctrl-a a to clear a missed Ctrl-a
* Ctrl-a Ctrl-d to disconnect and leave the session running in the background
* Ctrl-a x lock the screen terminal with a password

The screen session is terminated when the program within the running terminal is closed and you logout from the terminal.