Solution:
yum install mailx
service postfix start
chkconfig postfix on or
yum install mail
Fixed
and now test
mail -v youremail@gmail.com -- -r "test@gmail.com"
Friday, November 28, 2014
mail: command not found on cPanel server
Doing file transfer in linux by rsync
Make sure ssh and rsync is installed both server.
Then start moving..
You have to put the ssh port if ssh port is different on remote server..
First login to your native server then ..
Use this code :
rsync -av -e ssh root@remote_ip:/home/remoteuser/public_html/test.txt /home/you/public_html
if port is different ..
rsync -av -e ’ssh -p 65200′ root@remote_ip:/home/remoteuser/public_html/test.txt /home/you/public_html
Then enter your password.
Data will be transferred successfully .
After moving you have to remove the entry key from known_hosts file in your server, how you can do that :
> cd /.ssh/
> vi known_hosts
use ctrl+w to find the ip and key and remove it. Now you are totally secured from another server...
Then start moving..
You have to put the ssh port if ssh port is different on remote server..
First login to your native server then ..
Use this code :
rsync -av -e ssh root@remote_ip:/home/remoteuser/public_html/test.txt /home/you/public_html
if port is different ..
rsync -av -e ’ssh -p 65200′ root@remote_ip:/home/remoteuser/public_html/test.txt /home/you/public_html
Then enter your password.
Data will be transferred successfully .
After moving you have to remove the entry key from known_hosts file in your server, how you can do that :
> cd /.ssh/
> vi known_hosts
use ctrl+w to find the ip and key and remove it. Now you are totally secured from another server...
Mail Test
mail -s "some subject" test@gmail.com
or
Piping:
Typing:
or
Piping:
diarguet@rtp-lds-035:~$ cat mymessage | sendmail -i -t
Typing:
diarguet@rtp-lds-035:~$ sendmail -t
From: "Me" <me@codecall.net>
To: "Bob" <bob@yahoo.com>
Subject: First Email
MIME-Version: 1.0
Content-Type: text/plain
Hello, World!
.
diarguet@rtp-lds-035:~$ _
Thursday, November 27, 2014
SMTP Error (-1): Connection to server failed
This error is typically seen due to a setting in the CSF firewall or another firewall. It might be caused by having the following set:
You would need to change SMTP_ALLOWLOCAL to 1 to enable webmail to function.
If that does not end up being the issue, try disabling the firewall to see the results. If it works, I would then suggest going to CSF forum to ask about what might be the cause.
SMTP_BLOCK = 1
SMTP_ALLOWLOCAL = 0
SMTP_ALLOWLOCAL = 0
If that does not end up being the issue, try disabling the firewall to see the results. If it works, I would then suggest going to CSF forum to ask about what might be the cause.
spamming on server
How to check spamming on server..
exim -bpc
If this is change very fast then it seems spamming is on server also you can check using
tail -f /var/log/exim_mainlog
exim -bpc
If this is change very fast then it seems spamming is on server also you can check using
tail -f /var/log/exim_mainlog
How to Stop Spam Attacks on cPanel Hosting Server
open source widely spread community. There are millions of Linux users and intruders as well, their job is to make malicious activities on different servers to leak information or change the things as it works. It is really important to stop malicious activities and SPAM attacks on cPanel Hosting Server. There are number of steps but you must enable/disable some Tweaks on cPanel server.
Setting in “Exim Configuration Manager” can help you with that,
1. Login to WHM control panel by using root login details
2. Go to Mainà Service Configuration à Exim Configuration Manager
3. Enable RBL filtering by Basic Editor àRBLs àswitch to “On” and if you like you may additional RBL from manage option.
4. Please turn ON Sender Verification Callouts
5. Please turn ON Sender Verification
5. Please turn ON Reject SPF failures
6. Then save the entire configuration this will stop most of spams in the server.
Now let’s make some changes in Tweak Setting,
1. Login to WHM control panel by using root user
2. Goto Mainà Server Configuration àTweak Settings
3. Set “Initial default/catch-all forwarder destination = Fail”
4. Max hourly emails per domain = 200
5. Please turn ON Count mailman deliveries towards a domain’s Max hourly emails
6. The maximum percentage of failed or deferred messages a domain may send per hour = 60%
7. Then save the entire configuration this will stop most of spams in the server.
Sunday, November 23, 2014
Disable localhost relay Mail - Prevent Spamming
We can disable the local relay message by set following:
(1) Make sure the AntiRelay is Enable(Un-tick) >> Go to WHM >> Service Manager >> AntiRelay >> (make sure its Un-tick)
(2) Navigate to WHM >> Main >> Tweak Settings >> Initial default/catch-all forwarder destination.
//Set this setting to Bounce / Fail.
//Set this setting to Bounce / Fail.
(3) Force all mailbox's or email's users in the servers use SMTP Authentication.
Go to SSH and run following Command.
>> /usr/local/cpanel/bin/tailwatchd --disable=Cpanel::TailWatch::Antirelayd
Commands to check spamming in POSTFIX mail server
1. To see the mail queue:
# mailq
2. To flush the mail queue:
# postfix flush OR
# postfix -f
3. To remove all mails from the queue:
# postsuper -d ALL
4. To remove all mails in the deferred queue:
# postsuper -d ALL deferred
5. To delete all queued messages from or to the domain called spamdomain.com:
# ./postfix-delete.pl spamdomain.com
6. To delete all queued messages that contain the word "abc" in the e-mail address:
# ./postfix-delete.pl abc
7. To know the number of messages sitting in the deferred queue:
# find /var/spool/postfix/deferred -type f | wc -l
8. To get a sorted list of the accounts that have the most mail in the queue. This usually means a maximum of 2 or 3 spammers at the end of the list:
# mailq|grep ^[A-F0-9]|cut -c 42-80|sort |uniq -c|sort -n|tail
# mailq
2. To flush the mail queue:
# postfix flush OR
# postfix -f
3. To remove all mails from the queue:
# postsuper -d ALL
4. To remove all mails in the deferred queue:
# postsuper -d ALL deferred
5. To delete all queued messages from or to the domain called spamdomain.com:
# ./postfix-delete.pl spamdomain.com
6. To delete all queued messages that contain the word "abc" in the e-mail address:
# ./postfix-delete.pl abc
7. To know the number of messages sitting in the deferred queue:
# find /var/spool/postfix/deferred -type f | wc -l
8. To get a sorted list of the accounts that have the most mail in the queue. This usually means a maximum of 2 or 3 spammers at the end of the list:
# mailq|grep ^[A-F0-9]|cut -c 42-80|sort |uniq -c|sort -n|tail
Disabling open relay on cPanel server
Sometimes your server might face mail problems as the server is configured for open relay.
Open Relay allows SMTP server to be configured in such a way that it allows anyone on the Internet to send e-mail through it. This can blacklist the server's IP address.To disable Open Relay on the cpanel server you can follow following simple steps:
1. Login to WHM.
2. Navigate to WHM >> Main >> Tweak Settings >> Initial default/catch-all forwarder destination.
3. Set this setting to "Bounce/Fail". This should turn off the open relay on the server.
Enabling "Bounce”/"Fail" module is usually the best choice if you are getting mail attacks.
Thank you.
Scripts to check spamming in Exim mail server
1. To check the number of emails present in the queue:
# exim -bpc
2. To check the emails present in the queue with the mail id and sender ID:
# exim -bp
# exim -bp | less
3. To view the header of a particular email using mail ID:
# exim -MvH mail_id
4. To view the body of a particular email using mail ID:
# exim -Mvb mail_id
5. To view a message's logs:
# exim -Mvl mail_id
6. To trace path:
# exim -d -bt user@domain.com
7. To get sorted list of email sender in exim queue:
# exim -bpr | grep "<" | awk {'print $4'} |cut -d "<" -f 2 | cut -d ">" -f 1 | sort -n | uniq -c| sort -n
8. To check the script that will originate spam mails:
# grep "cwd=" /var/log/exim_mainlog|awk '{for(i=1;i<=10;i++){print $i}}'|sort| uniq -c|grep cwd|sort -n
9. If we need to find out exact spamming script. To do this, run following command:
# ps auxwwwe | grep user | grep --color=always "/home/user/public_html/templates/" | head
10. To delete the emails of a specific user:
# grep -lr 'user@domain.com' /var/spool/exim/input/ | sed -e 's/^.*\/\([a-zA-Z0-9-]*\)-[DH]$/\1/g' | xargs exim -Mrm
# exim -bp | grep "user_email-account" | awk '{print $3}' | xargs exim -Mrm
11. To delete Frozen emails from the email queue:
# grep -R -l '*** Frozen' /var/spool/exim/msglog/*|cut -b26-|xargs exim -Mrm
# exim -bp| grep frozen | awk '{print $3}'| xargs exim -Mrm
# exiqgrep -z -i | xargs exim -Mrm
12. To delete Spam emails from the email queue:
# grep -R -l [SPAM] /var/spool/exim/msglog/*|cut -b26-|xargs exim -Mrm
13. To check the no. of frozen mails:
# exiqgrep -z -c
14. To check exim logs:
# tail -f /var/log/exim_mainlog
15. Force delivery of one message:
# exim -M mail_id
16. Force another queue run:
# exim -qf
17. Force another queue run and attempt to flush frozen messages:
# exim -qff
18. To check if there are frozen emails:
# exim -bp |awk '/fr[o]zen/ {print}'
19. To clear just one email:
# exim -Mrm mail_id
20. Check the subjects of the emails:
# exiqgrep -i |awk '{ print "exim -Mvh "$1 }' |sh |grep -i Subject
Thank you.
# exim -bpc
2. To check the emails present in the queue with the mail id and sender ID:
# exim -bp
# exim -bp | less
3. To view the header of a particular email using mail ID:
# exim -MvH mail_id
4. To view the body of a particular email using mail ID:
# exim -Mvb mail_id
5. To view a message's logs:
# exim -Mvl mail_id
6. To trace path:
# exim -d -bt user@domain.com
7. To get sorted list of email sender in exim queue:
# exim -bpr | grep "<" | awk {'print $4'} |cut -d "<" -f 2 | cut -d ">" -f 1 | sort -n | uniq -c| sort -n
8. To check the script that will originate spam mails:
# grep "cwd=" /var/log/exim_mainlog|awk '{for(i=1;i<=10;i++){print $i}}'|sort| uniq -c|grep cwd|sort -n
9. If we need to find out exact spamming script. To do this, run following command:
# ps auxwwwe | grep user | grep --color=always "/home/user/public_html/templates/" | head
10. To delete the emails of a specific user:
# grep -lr 'user@domain.com' /var/spool/exim/input/ | sed -e 's/^.*\/\([a-zA-Z0-9-]*\)-[DH]$/\1/g' | xargs exim -Mrm
# exim -bp | grep "user_email-account" | awk '{print $3}' | xargs exim -Mrm
11. To delete Frozen emails from the email queue:
# grep -R -l '*** Frozen' /var/spool/exim/msglog/*|cut -b26-|xargs exim -Mrm
# exim -bp| grep frozen | awk '{print $3}'| xargs exim -Mrm
# exiqgrep -z -i | xargs exim -Mrm
12. To delete Spam emails from the email queue:
# grep -R -l [SPAM] /var/spool/exim/msglog/*|cut -b26-|xargs exim -Mrm
13. To check the no. of frozen mails:
# exiqgrep -z -c
14. To check exim logs:
# tail -f /var/log/exim_mainlog
15. Force delivery of one message:
# exim -M mail_id
16. Force another queue run:
# exim -qf
17. Force another queue run and attempt to flush frozen messages:
# exim -qff
18. To check if there are frozen emails:
# exim -bp |awk '/fr[o]zen/ {print}'
19. To clear just one email:
# exim -Mrm mail_id
20. Check the subjects of the emails:
# exiqgrep -i |awk '{ print "exim -Mvh "$1 }' |sh |grep -i Subject
Thank you.
How to stop Open relay in a cPanel server – /scripts/fixrelayd
An Open relay is SMTP server which is configured in such a way, which allows a third party to send/receive emails that are neither from nor for local users. For that reason, such servers are usually targets for spam senders.
You can test whether your server is an Open relay by checking in the following link:
mailradar.com/openrelay/
If the server supports Open relay, then you can stop it in cPanel server by following the steps given below:
> /scripts/fixrelayd
You can test whether your server is an Open relay by checking in the following link:
mailradar.com/openrelay/
If the server supports Open relay, then you can stop it in cPanel server by following the steps given below:
> /scripts/fixrelayd
> /etc/init.d/exim restart or We can disable the local relay message by set following:
(1) Make sure the AntiRelay is Enable(Un-tick) >> Go to WHM >> Service Manager >> AntiRelay >> (make sure its Un-tick)
(2) Navigate to WHM >> Main >> Tweak Settings >> Initial default/catch-all forwarder destination.
//Set this setting to Bounce / Fail.
//Set this setting to Bounce / Fail.
(3) Force all mailbox's or email's users in the servers use SMTP Authentication.
Go to SSH and run following Command.
Go to SSH and run following Command.
>> /usr/local/cpanel/bin/tailwatchd --disable=Cpanel::TailWatch::Antirelayd
Wednesday, November 19, 2014
Email is not sending or receiving in server
Suppose you have done all tries , like exim reset , make sure 25 port open and csf port block off. Still your email sending is off in your server.
Then surely you have to look at your iptables and make sure reload and restart it and hope that will solve your problems.
Easiest way is to reboot (also if below does not work, reboot, check if that made the change).
Second easiest is to restart the daemons using iptables configurations (google: restart daemon ubuntu).
examples (depends your configuration):
/etc/init.d/iptables restart
/etc/init.d/networking restart
/etc/init.d/firewall restart
sudo /etc/init.d/firewall restart
You can "disable" (or stop) the firewall by setting the default policies on all standard chains to "ACCEPT", and flushing the rules.
Then surely you have to look at your iptables and make sure reload and restart it and hope that will solve your problems.
Easiest way is to reboot (also if below does not work, reboot, check if that made the change).
Second easiest is to restart the daemons using iptables configurations (google: restart daemon ubuntu).
examples (depends your configuration):
/etc/init.d/iptables restart
/etc/init.d/networking restart
/etc/init.d/firewall restart
sudo /etc/init.d/firewall restart
You can "disable" (or stop) the firewall by setting the default policies on all standard chains to "ACCEPT", and flushing the rules.
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F Tuesday, November 18, 2014
Local or TCP issue in Clam AV
a) whereis clamd.conf
b) vi clamd.conf
c) TCPscoket 3310
d):x
e)clamd restart
b) vi clamd.conf
c) TCPscoket 3310
d):x
e)clamd restart
Public Key Denied on SSH
1) Login to WHM
2) Type SSH to left sidebar
3) Then create a SSH key with root and password same as WHM login
4) Then authorize it
5) Again authorize it
You just rock ;)
2) Type SSH to left sidebar
3) Then create a SSH key with root and password same as WHM login
4) Then authorize it
5) Again authorize it
You just rock ;)
Monday, November 17, 2014
550 file upload error in filezilla or proftpd
1) sudo nano /etc/proftpd/proftpd.conf
Then make sure off to UseIPv6 to off
2) Make sure
DefaultRoot /var/www
user nobody
usergroup nogroup
<Directory ~/*>
AllowOverwrite on
</Directory>
Then give a restart
sudo /etc/init.d/proftpd restart
Then fix the file permission issue with ftp
sudo chown -R user:group directory
sudo chmod -R g+rw directory
That's all ... Rocking :)
Then make sure off to UseIPv6 to off
2) Make sure
DefaultRoot /var/www
user nobody
usergroup nogroup
<Directory ~/*>
AllowOverwrite on
</Directory>
Then give a restart
sudo /etc/init.d/proftpd restart
Then fix the file permission issue with ftp
sudo chown -R user:group directory
sudo chmod -R g+rw directory
That's all ... Rocking :)
Sunday, November 16, 2014
How to install wpscan in Windows 7
ruby install
the development kit extract on ruby folder
then install this gems
gem install bundler
gem install typhoeus
gem install rspec-its
gem install ruby-progressbar
gem install nokogiri
gem install terminal-table
gem install webmock
gem install simplecov
gem install rspec
gem install xml-simple
Then download curl
then show the path
C:\>path
PATH=C:\Ruby\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\curl-7.34.0-devel-mingw32\bin;
All done
http://wpscan.org/
the development kit extract on ruby folder
then install this gems
gem install bundler
gem install typhoeus
gem install rspec-its
gem install ruby-progressbar
gem install nokogiri
gem install terminal-table
gem install webmock
gem install simplecov
gem install rspec
gem install xml-simple
Then download curl
then show the path
C:\>path
PATH=C:\Ruby\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\curl-7.34.0-devel-mingw32\bin;
All done
http://wpscan.org/
Saturday, November 15, 2014
How to uninstall proftpd
Uninstall just proftpd-basic
sudo apt-get remove proftpd-basicThis will remove just the proftpd-basic package itself.
Uninstall proftpd-basic and it's dependencies
sudo apt-get remove --auto-remove proftpd-basicThis will remove the proftpd-basic package and any other dependant packages which are no longer needed.
Purging your config/data too
If you also want to delete your local/config files for proftpd-basic then this will work. Caution! Purged config/data can not be restored by reinstalling the package.
sudo apt-get purge proftpd-basicOr similarly, like this
sudo apt-get purge --auto-remove proftpd-basic
Installing PHP5 and Apache on Ubuntu
sudo apt-get install apache2
sudo apt-get install php5
sudo apt-get install libapache2-mod-php5
sudo /etc/init.d/apache2 restart
Friday, November 14, 2014
How to import a MySQL Database using phpMyAdmin
How can I import a database?
- Log into your Bluehost Control Panel.
- Navigate to the "Databases" section, and select "phpMyAdmin."
- Log in with your cPanel username and your MySQL password
Note: The Master MySQL Password can be set from the "Reset MySQL Password" tool in the same "Databases" category. - In phpMyAdmin you will see a list of your databases on the left side. Select the database you would like to import to.
- Once the database is selected, click the "Import" tab at the top.
- In this sub-section, a "browse" button will appear. Select this, and choose the desired .sql file on your PC.
- After you have selected the file, click "Go" at the bottom right; it will import your .sql file for you.
Common Issues
Your import file is too large!You will know this is the case when phpMyAdmin times out. (It will timeout after 30 seconds of attempting to import.)
If you experience this timeout, please upload the database backup file to your Bluehost account and Create a Ticket with the details. Our administrators will perform the import for you.
For security reasons, it's best to upload your database to the
/home/USERNAME section of your account. (Replace USERNAME with your cPanel username.)#1044 - Access denied for user 'username1'@'localhost' to database 'user2_wrdp9'The problem here is your import file contains an SQL query that attempts to create a database for the wrong username. Notice the user2 in 'user2_wrdp9' does not match the username1 in 'username1'@'localhost'. Someone must edit the import file and change the old user2 to your new username1. Here is an example of what it looks like (notice 3 places where the username is outdated):
Database: `user2_wrdp9`CREATE DATABASE `user2_wrdp9` DEFAULT CHARACTER SET latin1 COLLATE latin1_swedish_ci;USE `user2_wrdp9`;#1044 - Access denied for user 'username1'@'localhost' to database 'wrdp9'Same as the previous issue; the correct username is missing. On a shared sever, your database names must always look like exampleuser_exampledatabase.
#1049 - Unknown database 'username1_wrdp9'The problem is your import file does not have a query to create the database before importing the data. Simply go to cPanel > MySQL Databases and create a database with that name (in my example, "wrdp9"). Then re-attempt your import.
#1007 - Can't create database 'username1_wrdp9'; database existsThe problem here is your import file contains an SQL query that attempts to create a database that already exists. If the database is empty, simply go to cPanel > MySQL Databases and remove that empty database; then re-attempt your import. If the database is not empty, someone must edit the import file and remove the CREATE DATABASE query. Here is an example of what it looks like:
CREATE DATABASE `username1_wrdp9` DEFAULT CHARACTER SET latin1 COLLATE latin1_swedish_ci;#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near...The file does not contain backup data for a database, or the file has been changed or corrupted.
Less Common Issues
ERROR 1044 (42000): Access denied for user 'username1'@'localhost' to database 'username1_wrdp9'If you get this error, you do not have privileges on user_* to use Create. Bluehost will need to correct this issue for you.
However, if you need to import now, and can't wait, here is a work-around.
The problem here is your import file contains at least one SQL query that attempts to create a database, and you do not have the privilege to do so. Someone must edit the import file and remove the CREATE DATABASE query. (If you do not feel comfortable editing your import file, we will be glad to help you do that.) Here is an example of what it looks like:
CREATE DATABASE `username1_wrdp9` DEFAULT CHARACTER SET latin1 COLLATE latin1_swedish_ci;Exporting MySQL Data
This example shows you how to export a database. It is a good idea to export your data often as a backup.
To export a single table from your database you would use the following command:
- Using SSH, execute the following command:
mysqldump -p -u username database_name > dbname.sql
- You will be prompted for a password, type in the password for the username and press Enter. Replace username, password and database_name with your MySQL username, password and database name.
To export a single table from your database you would use the following command:
mysqldump -p --user=username database_name tableName > tableName.sqlAgain you would need to replace the username, database and tableName with the correct information. Once done the table specified would then be saved to your account as tableName.sql
Using SSH to import your MySQL database
The file must be in .sql format. It can not be compressed in a .zip or .tar.gz file.
- Upload the SQL file to the server.
- If the database does not exist please create one with an user. Note the username and password.
- Log into the server through SSH
- Navigate to the directory where your .sql file is.
- Type this this command:
mysql -p -u username database_name < file.sql Note: Bluehost recomends using the database user with the database users password not the cPanel main user and password. The -p will cause mysql to prompt for your account's password. Do not put passwords in command line in plain text, but let the system prompt for a password. This is for your own security.
Make sure your database name has your Bluehost username prefix with the _ (underscore) after it and the database name.
Thursday, November 13, 2014
How to stop Suspicious process alert emails from CSF ( Configserver ) firewall
cpanel server owners gets following alert emails from lfd "Subject: Suspicious process running under user" .Its because of csf regularly scans the processes of server, if any process unknown to csf to considers this as suspicious. in such case you can check process on server and if it is genuine process then you can add this process under ignore list of csf.
you can add the precess in /etc/csf/csf.pignore file and restart csf and lfd service.
Also you can stop getting process alert emails from lfd by disabling below parameter in csf.conf file.
PT_LIMIT = 0
you can add the precess in /etc/csf/csf.pignore file and restart csf and lfd service.
Also you can stop getting process alert emails from lfd by disabling below parameter in csf.conf file.
PT_LIMIT = 0
LFD Excessive Resource Usage Alerts
The LFD service sometimes send excessive resource usage alerts as below:
The changes in the memory value can be made by updating PT_USERMEM value in the CSF configuration file. To turn of these tracking, set value of PT_USERMEM to 0 in the CSF configuration file.
1) Login in the server as root user.
2) Open the CSF configuration file
4) Restart CSF
Time: Tue Nov 19 09:41:10 2013 +0530The above alerts are received when a process utilizes more than the memory defined in the CSF configuration file under PT_USERMEM variable.
Account: xxxxxx
Resource: Virtual Memory Size
Exceeded: 205 > 200 (MB)
Executable: /usr/bin/php
Command Line: /usr/bin/php /home/xxxxxx/public_html/index.php
PID: 24933 (Parent PID:22578)
Killed: No
The changes in the memory value can be made by updating PT_USERMEM value in the CSF configuration file. To turn of these tracking, set value of PT_USERMEM to 0 in the CSF configuration file.
1) Login in the server as root user.
2) Open the CSF configuration file
vi /etc/csf/csf.conf3) Locate PT_USERMEM in the file and set the desire value.
4) Restart CSF
csf -r
My View:
Such alerts are useful to track the processes/accounts consuming high resources. Increasing the PT_USERMEM value and monitoring the processes should provide clear picture of resource usage.Wednesday, November 12, 2014
How to disable Lfd excessive resource usage alert
If you are having own VPS or Dedicated server you will get this kind of alert messages often because you have installed CSF on your server and LFD will notify to you every time when the service or process take more time or memory which is assigned in your CSF configuration.
You can disable this kind of alert from below three methods but method-1 is standard one.
I will suggest you, don’t use method-2 & method-3 because this kind of alert is useful for you to monitor the server status.
If any service or user take too much of time & memory you have a look into that particular activity whether is there anything abnormal. So that you can run the server smooth condition.
You can disable this kind of alert from below three methods but method-1 is standard one.
I will suggest you, don’t use method-2 & method-3 because this kind of alert is useful for you to monitor the server status.
If any service or user take too much of time & memory you have a look into that particular activity whether is there anything abnormal. So that you can run the server smooth condition.
I got below two LFD alert in my server.
- Virtual Memory Size excessive resource usage alert
Time: Tue Jul 15 06:23:10 2014 +0100
Account: cloudana
Resource: Virtual Memory Size
Exceeded: 280 > 200 (MB)
Executable: /usr/bin/php
Command Line: /usr/bin/php /home/cloud2day/public_html/owncloud/remote.php
PID: 20571 (Parent PID:20435)
Killed: No
- Process Time excessive resource usage alert
Time: Tue Jul 15 10:01:22 2014 +0530
Account: rec247
Resource: Process Time
Exceeded: 129399 > 1800 (seconds)
Executable: /usr/bin/php
Command Line: /usr/bin/php /home/daygeek/public_html/news/rewrite.php
PID: 28929 (Parent PID:26541)
Killed: No
Method-1
This one is standard method to disable the LFD alert. Use your favorite text editor to open the file csf.pignore and add the command line path except executable path, the common location in cpanel server /etc/csf/csf.pignore. Make sure you should not add only executable path, If you done it wont notify anything. Like in above alert its shows /usr/bin/php as a executable path. If you added it wont alert any of the php process on your server. So you need to add only the particular things. Process time also the same steps.root@server [/etc/csf]# nano csf.pignore
GNU nano 2.0.9 File: csf.pignore
exe:/usr/libexec/dovecot/pop3
exe:/usr/sbin/nsd
exe:/usr/libexec/dovecot/pop3-login
exe:/usr/libexec/dovecot/imap-login
exe:/var/cpanel/3rdparty/bin/php
exe:/usr/bin/postgres
exe:/usr/sbin/ntpd
exe:/sbin/ntpd
exe:/usr/local/cpanel/3rdparty/sbin/mydns
exe:/usr/local/cpanel/3rdparty/bin/webalizer_lang/english
exe:/usr/local/cpanel/3rdparty/perl/514/bin/spamd
exe:/usr/local/cpanel/bin/cpuwatch
exe:/u01/app/oracle/product/11.2.0/xe/bin/oracle
#exe:/usr/bin/php - This will exclude all the php process
#exe:/usr/bin/php /home/cloud2day/public_html/owncloud/index.php - This will not work
exe:/home/cloud2day/public_html/owncloud/index.php
Method-2
This will permanently disable to LFD alert. So its security issue. Use your favorite text editor to open the file csf.conf and set PT_USERMEM=0. Process time also the same and you need to changed PT_USERTIME value instead of changing PT_USERMEM values.root@server [/etc/csf]# nano csf.pignore
GNU nano 2.0.9 File: csf.conf
# This User Process Tracking option sends an alert if any cPanel user process
# exceeds the memory usage set (MB). To ignore specific processes or users use
# csf.pignore
#
# Set to 0 to disable this feature
PT_USERMEM = "0"
# This User Process Tracking option sends an alert if any cPanel user process
# exceeds the time usage set (seconds). To ignore specific processes or users
# use csf.pignore
#
# Set to 0 to disable this feature
PT_USERTIME = "1800"
Method-3
Increase the PT_USERMEM=200 value more than 200. By default they are assigned 200. Use your favourite text editio to open the file csf.conf and set PT_USERMEM=500. . Process time also the same and you need to changed PT_USERTIME value instead of changing PT_USERMEM values.root@server [/etc/csf]# nano csf.pignore
GNU nano 2.0.9 File: csf.conf
# This User Process Tracking option sends an alert if any cPanel user process
# exceeds the memory usage set (MB). To ignore specific processes or users use
# csf.pignore
#
# Set to 0 to disable this feature
PT_USERMEM = "500"
# This User Process Tracking option sends an alert if any cPanel user process
# exceeds the time usage set (seconds). To ignore specific processes or users
# use csf.pignore
#
# Set to 0 to disable this feature
PT_USERTIME = "1800"
Finally restart the CSF using below command.root@server [/etc/csf]# csf -r
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `ALLOWIN'
Flushing chain `ALLOWOUT'
.
.
.
Restarting bandmin acctboth chains for cPanel
acctboth all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0
acctboth all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0
acctboth all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0
acctboth all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0
LOCALOUTPUT all opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0
LOCALINPUT all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
LOCALOUTPUT all opt in * out !lo ::/0 -> ::/0
LOCALINPUT all opt in !lo out * ::/0 -> ::/0
We are preparing all articles in-depth to understand by all level/stage
Linux administrators. If the article is useful for you, then please
spend less than a minute to share your valuable comments in our
commenting section.
csf Memory Limiter
Problem :
-----Original Message-----
From: root@server.kobirwebhosting.com
[mailto:root@server.kobirwebhosting.com]
Sent: Tuesday, November 11, 2014 10:24 PM
To: root@server.kobirwebhosting.com
Subject: lfd on server.kobirwebhosting.com: Excessive resource usage:
kobir (26558 (Parent PID:26544))
Time: Tue Nov 11 22:24:24 2014 -0500
Account: kobir
Resource: Virtual Memory Size
Exceeded: 330 > 200 (MB)
Executable: /usr/bin/php
Command Line: /usr/bin/php /home/kobir/public_html/index.php
PID: 26558 (Parent PID:26544)
Killed: No
Hosting এর এই সব মেসেজ বন্ধ করার উপায় কি ? কারন আমি চাচ্ছি শুধু যেসব Account theke excessive ইমেইল যাবে শুধু তাদের warning message jante .
এক কথায়, আমি কিভাবে warning messages manage korte parbo .
Solution:
CSF সেটিংয়ে Memory বাড়াইয়া দেন। এই মেমরি usages সমস্যা না।
এবং csf.pignore এ
exe:/usr/bin/freshclam
exe:/usr/sbin/clamd
exe:/usr/bin/spamd
cmd:spamd child
এগুলো exclude করে দেন।
********************************************
Do you have CSF/LFD installed on your system ? If yes you can disable the notifications from the process section.
You can also remove the Apache memory & CPU limiters by commenting the following entries from the httpd.conf file :
From: root@server.kobirwebhosting.com
[mailto:root@server.kobirwebhosting.com]
Sent: Tuesday, November 11, 2014 10:24 PM
To: root@server.kobirwebhosting.com
Subject: lfd on server.kobirwebhosting.com: Excessive resource usage:
kobir (26558 (Parent PID:26544))
Time: Tue Nov 11 22:24:24 2014 -0500
Account: kobir
Resource: Virtual Memory Size
Exceeded: 330 > 200 (MB)
Executable: /usr/bin/php
Command Line: /usr/bin/php /home/kobir/public_html/index.php
PID: 26558 (Parent PID:26544)
Killed: No
Hosting এর এই সব মেসেজ বন্ধ করার উপায় কি ? কারন আমি চাচ্ছি শুধু যেসব Account theke excessive ইমেইল যাবে শুধু তাদের warning message jante .
এক কথায়, আমি কিভাবে warning messages manage korte parbo .
Solution:
CSF সেটিংয়ে Memory বাড়াইয়া দেন। এই মেমরি usages সমস্যা না।
এবং csf.pignore এ
exe:/usr/bin/freshclam
exe:/usr/sbin/clamd
exe:/usr/bin/spamd
cmd:spamd child
এগুলো exclude করে দেন।
********************************************
Do you have CSF/LFD installed on your system ? If yes you can disable the notifications from the process section.
You can also remove the Apache memory & CPU limiters by commenting the following entries from the httpd.conf file :
RLimitMEM
RLimitCPU
RLimitCPU
**************************************************
Modify Apache Memory Usage under the Security section of WHM left menu. Might want to click that link and have it set for you.
****************************************
Just add:
exe:/usr/local/cpanel/cpanel
to /etc/csf/csf.pignore and then restart lfd:
service lfd restart
Or increase the memory limit in csf.conf
exe:/usr/local/cpanel/cpanel
to /etc/csf/csf.pignore and then restart lfd:
service lfd restart
Or increase the memory limit in csf.conf
Tuesday, November 11, 2014
cPanel’s Manually Updated Hostname Alert
If you have recently updated your cPanel servers to 11.46, you may have received something that looks like the following alert.
If you did, then that means that your hostname was updated outside of WHM after cPanel was installed on that server. The fix is simple.
If your server is a WHM webserver, you need only navigate to WHM >> Change Hostname
Once that’s done, you can test that your server will no longer send an alert by running the hostname validation script manually:
———-
If your server is running cPanel’s DNSOnly version of WHM, you have to manually change the cPanel-configured hostname by editing the HOST definition in /etc/wwwacct.conf:
Once that’s done, you can test that your server will no longer send an alert by running the hostname validation script manually:
WHM has detected a manual hostname change.
To fix this problem, we recommend that you perform the following action:
Update your hostname in WHM’s (http://new.hostname.com:2087/scripts2/changehostname) interface (Home » Networking Setup » Change Hostname).If you did, then that means that your hostname was updated outside of WHM after cPanel was installed on that server. The fix is simple.
If your server is a WHM webserver, you need only navigate to WHM >> Change Hostname
WHM Change Hostname
/usr/local/cpanel/scripts/check_valid_server_hostname———-
If your server is running cPanel’s DNSOnly version of WHM, you have to manually change the cPanel-configured hostname by editing the HOST definition in /etc/wwwacct.conf:
-bash-4.1# hostname
new.hostname.com
-bash-4.1# grep HOST /etc/wwwacct.conf
HOST old.hostname.com
-bash-4.1# Once that’s done, you can test that your server will no longer send an alert by running the hostname validation script manually:
/usr/local/cpanel/scripts/check_valid_server_hostnameThe steps to change your cPanel password
The steps to change your cPanel password are as follows:
1.Login to the cPanel
2.Click Change Password
3.In the box to the right of Old Password, provide your old password.
4.In the box to right of New Password, provide the new password. This password should contain uppercase and lowercase letters, as well as numbers and non-numeric symbols. (example. aB3#$f^&G*1)
5.In the box to the right of New Password (again), provide the password once again for verification.
6.Do NOT uncheck the box for "Allow MySQL password change". (This does not reset any passwords for your database users; rather, it keeps you able to login to phpMyAdmin and Fantastico De Luxe via cPanel.)
7.Click the Change your password button
1.Login to the cPanel
2.Click Change Password
3.In the box to the right of Old Password, provide your old password.
4.In the box to right of New Password, provide the new password. This password should contain uppercase and lowercase letters, as well as numbers and non-numeric symbols. (example. aB3#$f^&G*1)
5.In the box to the right of New Password (again), provide the password once again for verification.
6.Do NOT uncheck the box for "Allow MySQL password change". (This does not reset any passwords for your database users; rather, it keeps you able to login to phpMyAdmin and Fantastico De Luxe via cPanel.)
7.Click the Change your password button
Subscribe to:
Posts (Atom)