Archive for the Category »VPS «

Horde Failed to connect to localhost:25 error message

By Gunjan · August 6, 2010

On Shared server as well  as on Dedicated server some time we are facing large connection issue to SMTP port 25 at that time mostly we disable SMTP port 25 and enable any other port for SMTP but after changing SMTP port mostly we receive following error message in Horde webmail.

There was an error sending your message: Failed to connect to localhost:25 [SMTP: Invalid response code received from server (code: 421, response: Too many concurrent SMTP connections; please try again later.)]

To resolve above error simply change SMTP port from 25 to new SMTP port  in following file.

root@server [/usr/local/cpanel/base/horde/imp/config]# Pico servers.php

And change following line

From

‘smtpport’ => 25,

To

‘smtpport’ => 26,

We have taken new port as 26 for example you can use any port as per your requirement.

Similar problem with “Squirrelmail” then refer following steps.

root@server [/usr/local/cpanel/base/3rdparty/squirrelmail/config]#pico config_default.php

Change following line

From

$smtpPort = 25;

To

$smtpPort = 26;

Save file and exit and now open the webmail.


Category: Common errors, E-mails issue, Linux Administrator Interview Questions, Server Security, VPS  Tags: , , , , , , , , , , , , , , , , , , , , , , , , ,  One Comment

“unauthenticated user” problem in mysql logs?

By Gunjan · June 30, 2010

While running following command.

mysqladmin -i3 pr

We are getting result.

056 | unauthenticated user | localhost |    | Connect |      | Reading from net |

To avoid such problem add following lines in /etc/my.cnf file to avoid access for unauthenticated user.

root@server [~]# pico /etc/my.cnf

skip-networking
skip-name-resolve
skip-host-cache
skip-locking

Now restart the mysql service and check mysql process logs again.

Category: Linux Administrator Interview Questions, Mysql + phpmyadmin, Server Security, VPS  Tags: , , , , ,  One Comment

SERVICE CURRENTLY NOT AVAILABLE Error No. [0x01F4] – RoundCube

By Gunjan · June 19, 2010

Mostly we received following error aftre browsing RoundCube

SERVICE CURRENTLY NOT AVAILABLE Error No. [0x01F4] – RoundCube

As well as RoundCube error logs showing following logs

[06-Oct-2008 08:34:56 -0400] DB Error: _doQuery: [Error message: Could not execute statement]
[Last executed query: PREPARE MDB2_STATEMENT_mysql_8c77e0752a8db2da365c3c7a19fe8842c84663aa7 FROM 'INSERT INTO messages\n         (user_id, del, cache_key, created, idx, uid, subject, `from`, `to`, cc, date, size, headers, structure)\n         VALUES (?, 0, ?, now(), ?, ?, ?, ?, ?, ?, FROM_UNIXTIME(), ?, ?, ?)']
[Native code: 1064]
[Native message: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '), ?, ?, ?)' at line 3]
in /usr/local/cpanel/base/3rdparty/roundcube/program/include/rcube_mdb2.inc on line 265
[06-Oct-2008 08:35:20 -0400] DB Error: _doQuery: [Error message: Could not execute statement]
[Last executed query: PREPARE MDB2_STATEMENT_mysql_d6ee872839dbf41a18e11e2f09d1f4d9790e462d7 FROM 'INSERT INTO messages\n         (user_id, del, cache_key, created, idx, uid, subject, `from`, `to`, cc, date, size, headers, structure)\n         VALUES (?, 0, ?, now(), ?, ?, ?, ?, ?, ?, FROM_UNIXTIME(), ?, ?, ?)']
[Native code: 1064]
[Native message: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '), ?, ?, ?)' at line 3]
in /usr/local/cpanel/base/3rdparty/roundcube/program/include/rcube_mdb2.inc on line 265

The error is occur becasue Mysql could not insert the values from UNIXTIME. To avoid this error simply open file

/usr/local/cpanel/base/3rdparty/roundcube/program/include/rcube_mdb2.php and replace following code

From

return “FROM_UNIXTIME($timestamp)”;

To

return sprintf(“FROM_UNIXTIME(%d)”, $timestamp);

Now clear cache from your local machine refresh RoundCube error page.

Category: E-mails issue, FTP / Frontpage / Dreamweaver, VPS  Tags: , , , , , , ,  One Comment

Secure server from WHM?

By Gunjan · June 3, 2010

We can secure Server from WHM by making following changes from WHM.

Tweak Settings :
Number (or all) of accounts to display per page in list accounts == 30
Disable : Allow users to park subdomains of the server’s hostname main domain
Disable : Allow users to Park/Addon Domains on top of domains owned by other users.
Disable : Allow users to Park/Addon Domains on top of domains owned by other users.
Disable : Allow resellers to create accounts with subdomains of the server’s hostname main domain
Disable : Allow Creation of Parked/Addon Domains that are not registered
Disable : When adding a new domain, automatically create A entries for the registered nameservers if they would be contained in the zone
Enable : Prevent users from parking/adding on common internet domain

Enable : Silently Discard all FormMail-clone requests with a bcc: header in the subject line
Set Default Mail to FAIL.
Disable : Track the origin of messages sent though the mail server by adding the X-Source headers.
The maximum each domain can send out per hour = 300

Prevent the user “nobody” from sending out mail to remote addresses : Disable should enabled on server with phpsuexec.
Disable : BoxTrapper Spam Trap
Disable : Add the mail. prefix for mailman urls

Disable : Send passwords in plaintext over email when creating a new acccount

Disable : Awstats Reverse Dns Resolution
Disable : Analog
Disable : Allow users to update Awstats from cPanel
Number of days between processing log files and bandwidth usage = 1
Enable : Delete each domain’s access logs after stats run
The load average above the number of cpus at which logs file processing should be suspended = 10
Enable : Keep Stats Log between cPanel restarts

Disable : Allow Perl updates from RPM based linux vendors
Enable : Use jailshell as the default shell for all new accounts and modified accounts
Disable : Allow cPanel users to reset their password via email
Enable : Spamassasssin

Tweak Security :
Enable PHP open_basedir Protection.
Enable mod_userdir Protection.
Enable SMTP Tweak
Disable Compilers for unprivileged users.

Category: Linux Administrator Interview Questions, Server Security, VPS  Tags: , , , , , , ,  One Comment

Install clamAV?

By Gunjan · May 13, 2010



We can install clamAV by using following three options.

First Download ClamAV from www.clamav.net in default locations under /usr/local/[bin,man,share]
Run following from shell.

root@server[]perl -MCPAN -e shell
root@server[]install Parse::RecDescent
root@server[]install Inline
root@server[]install Mail::ClamAV

Second option run /scripts/perlinstaller from shell

root@server[]/scripts/perlinstaller Net::CIDR Archive::Zip Compress::Zlib Convert::BinHex Inline::C
or

root@server[]/scripts/perlinstaller Mail::ClamAV

Third you can install ClamAV from WHM

Select Main >> Software >> Install a Perl Module from WHM .

install perl module:-
search for Mail::clamAV
install it

We can also enabled virus scanner feature to cPanel user from WHM >> Main >> cPanel >> Manage Plugins

Select  “Name: clamavconnector” from list and install it.

Category: Install server side software / script, Server Security, VPS  Tags: , , ,  One Comment

Basic of SuExec server?

By Gunjan · May 12, 2010



What is SuExec?

Apache SuExec is a feature of the Apache Web server. It allows users to run CGI and SSI applications as a different user. Normally, all web server processes run as the default web server user (often apache or nobody)

Presently, suExec does not allow ‘root’ user as well as ‘root’ group to execute CGI/SSI programs because SuExec is basically developed to run CGI and SSI based programs under the specific user ids other then common user name like nobody.

When PHP runs as an Apache module, PHP files work under the Apache user/group known as “nobody”. When a PHP script creates or uploads a new file under your account, the new file will be owned by the user “nobody”. If you FTP or cPanel into your account, all files owned by “nobody” will not be available for you to move, rename or delete. In this case the only way to remove the “nobody” owned files would be through a file on the shell by using root user.

When PHP runs as a CGI with Suexec, PHP files work under your user/group. PHP files no longer require loose permissions to function; now they will require strict permissions. Setting your directories or PHP files to 777 will cause them to produce a “500 Internal Server Error”, this happens to protect your PHP files from being abused by outside sources.

How to check SuExec configured value?

You can run suexec -V on server by using root login details. It will give you following result.

-D AP_DOC_ROOT=”/var/www”
-D AP_GID_MIN=100
-D AP_HTTPD_USER=”apache”
-D AP_LOG_EXEC=”/var/log/httpd/suexec.log”
-D AP_SAFE_PATH=”/usr/local/bin:/usr/bin:/bin”
-D AP_UID_MIN=500
-D AP_USERDIR_SUFFIX=”public_html”

By default following values are used while configuring SuExec.

–enable-suexec
This option enables the suEXEC feature which is never installed or activated by default. At least one –suexec-xxxxx option has to be provided together with the –enable-suexec option to let APACI accept your request for using the suEXEC feature.

–with-suexec-docroot=DIR
Define as the DocumentRoot set for Apache. This will be the only directory aside from UserDirs that can be used for SuExec behavior. The default directory is the –datadir value with the suffix “/htdocs”, e.g. if you configure with “–datadir=/var/www” the directory “/var/www/” is used as document root for the SuExec wrapper.

–with-suexec-caller=UID
The username under which Apache normally runs. This is the only user allowed to execute this program.

SuExec-gidmin value?

–with-suexec-gidmin=GID

Define this as the lowest GID allowed to be a target group for SuExec. For most servers 100 are common and therefore used as default value. The numerical equivalent of the primary group name which is referenced by the system and applications when determining access privileges. When ever new user accounts are added, the new user accounts are assigned the first available UID and GID starting at 100. The next new user account is assigned UID/GID 101, followed by UID/GID 102, and so on. Because UIDs and GIDs below 100 are reserved for system uses Unlike UID/GID zero (0), UIDs and GIDs below 100 are not treated specially by Server. However, these UIDs/GIDs are never to be assigned to a user, as it is likely that some system component either currently uses or will use these UIDs/GIDs at some point in the future.

SuExec-userdir and SuExec-bin?

–with-suexec-userdir=DIR

Define to be the subdirectory under users’ home directories where SuExec access should be allowed. All executables under this directory will be executable by SuExec as the user so they should be “safe” programs. If you are using a “simple” UserDir directive this should be set to the same value. SuExec will not work properly in cases where the UserDir directive points to a location that is not the same as the user’s home directory as referenced in the passwd file. Default value is “public_html”. If you have virtual hosts with a different UserDir for each, you will need to define them to all reside in one parent directory; then name that parent directory here. If this is not defined properly, “~userdir” cgi requests will not work!

Advantages of SuExec?

This allows processes to run as your own user, rather than the global web server user like nobody.
The advantages are that any files created by your script are owned by your own user, and not a different (web server) user, allowing you to control, remove, add, and edit them via FTP, the control panel, File Manager, web page editor, SSH/shell,
If any abuses, spam, attacks, illicit processes, etc. are easier and more immediately tracked and controlled by using SuExec log files.

Disadvantage of SuExec server?

Security risks involved with allowing users to develop and run private CGI or SSI programs. However, if SuExec is improperly configured, it can cause any number of problems and possibly create new holes in your server’s security
Presently, suExec does not allow root or root group to execute CGI/SSI programs

Category: Linux Administrator Interview Questions, Server Security, VPS  Tags: , , ,  Comments off

How to upgrade kernel version?

By Gunjan · May 11, 2010



First you need to download the latest stable kernel.
You can check it at http://kernel.org/.
Download it :
root@server [~]# cd /usr/local/src/

root@server [~]# wget http://www.kernel.org/pub/linux/kernel/v2.6/
Select latest Kernel and download it

root@server [~]# tar –zxvf linux-2.6.28.tar.gz
root@server [~]#cd linux-2.6.28
root@server [~]# make clean
root@server [~]# make mrproper
root@server [~]# uname -r
root@server [~] # cp /boot/config-’uname -r’ .config
root@server [~] # make oldconfig
root@server [~] # make menuconfig
root@server [~] # make
root@server [~] # make modules_install
root@server [~] # make install
root@server [~] # grubby –bootloader-probe
root@server [~] # pico /etc/grub.conf

Change the default as per the entry for your new kernel.
root@server [~]# reboot

Some time after reboot server it won’t up and running with the new kennel due to that before rebooting server, make following

changes.

root@server [~]#grub

Above command will give you grub prompt.

grub > savedefault –default=0 –once

grub>quit

root@server [~]#reboot

If server is up and running after reboot you can set new kernel as default server in grub.conf file.

root@server [~]#pico /boot/grub/grub.conf

Set

default=1

to

default=0

Category: Few good queries and suggestions, Install server side software / script, Linux Administrator Interview Questions, Server Security, VPS  Tags: , , ,  One Comment

Horde session issue?

By Gunjan · January 27, 2010



There is a very common  issue where Horde prevents access to webmail by repeatedly redirecting viewers to Language Selection screen. The following commands, executed as root, will solve these issues:

root@server[~]#/usr/local/cpanel/bin/checkperlmodules
root@server[~]#/scripts/fullhordereset
root@server[~]#myisamchk -r /var/lib/mysql/horde/horde_sessionhandler.MYI

If still you have problem then check the ownership for session directory present in /var/cpanel/userhomes/cpanelhorde directory.

root@server[~]#ll /var/cpanel/userhomes/cpanelhorde

drwx–x–x 4 cpanelhorde cpanelhorde 4096 Jun  5  2009 ./
drwx–x–x 7 root        root        4096 Dec 17 01:48 ../
drwxr-x— 2 cpanelhorde cpanelhorde 4096 Jun  5  2009 mail/
drwx—— 2 cpanelhorde cpanelhorde 4096 Jan 27 14:01 sessions/
Session directory should be cpanelhorde.cpanelhorde ownership recursively


Category: E-mails issue, Linux Permissions, VPS  Tags: , , , , ,  Comments off

How to define iptables rules save option?

By Gunjan ·



iptables creating rules after restarting the iptables. When iptables service is restarted settings from /etc/sysconfig/iptables file are applied and used with the iptables.

You can either set up iptables rule so that current stat is saved the rule upon restart or stop/start:

You need to make changes in following file as per your requirement for values received in following GREP result.

root@server[~]# grep IPTABLES_SAVE /etc/sysconfig/iptables-config
IPTABLES_SAVE_ON_STOP=”no”
IPTABLES_SAVE_ON_RESTART=”no”
IPTABLES_SAVE_COUNTER=”no”

Or overwrite current settings with iptables-save to /etc/sysconfig/iptables file:

root@server[~]# iptables-save > /etc/sysconfig/iptables

Note : Its always good if we use NO option for following options because some time due to wrong rule we face major problem to access server.

IPTABLES_SAVE_ON_STOP=”no”
IPTABLES_SAVE_ON_RESTART=”no”
IPTABLES_SAVE_COUNTER=”no”


Category: Basic Linux, Linux Administrator Interview Questions, Server Security, VPS  Tags: , , , , , , ,  Comments off
« Previous Entries