How to install Fantastico on cPanel/WHM

How to install Fantastico on cPanel/WHM

How to install Fantastico on cPanel/WHM

SSH to the server and enter following commands.

cd /usr/local/cpanel/whostmgr/docroot/cgi
wget -N http://files.betaservant.com/files/free/fantastico_whm_admin.tgz
tar -xzpf fantastico_whm_admin.tgz
rm -rf fantastico_whm_admin.tgz

Now go to your whm -> Add-Ons (Plugins on v11.x or higher) -> Fantastico De Luxe WHM Admin (scroll down the left menu).

Follow the on screen instructions.

If you get a Source Guardian error when you go to Fantastico for the first time, just run this command:

chmod -R 0755 /usr/local/cpanel/3rdparty/etc/ixed

After the installation is complete, click on “Settings” and go through the settings.

While some settings are not important, some other (marked below with an *) are essential for a proper functioning of Fantastico installations.
Language: Select the language for the admin backend AND default language for users without a language selected.
Email notifications: Enter an email address in order to receive notifications when users perform installations using Fantastico.
Master files settings (*): If you are not an advanced user who modifies the master files, leave this to “Remove”. Change this only if you know what you are doing
PHPsuexec (*): VERY ESSENTIAL!!! Changing this value will not install or de-install phpsuexec for you. It will only tell Fantastico that you have phpsuexec installed or not installed on your server. Change to “installed” if you perform installations which produce an “Internal Server Error”. Notice: Changes will not apply to existing installations! You have to re-install in order to have working installations.
Path to netPBM: Enter the full path to the netPBM binaries in order to enable Gallery installations. As long as this field has no value, your users will not be able to install Gallery.
Select Fantastico licensing and files server: If the Fantastico pages take long to load switch to the server that works best for you. Fantastico will auto-switch if connections time out.
Update preference: Select latest version (sometimes experimental) or stable version (best working).

If your users don’t see a Fantastico link in their CPanel: Go to WHM and edit the “default” Features List. Activate Fantastico.

MySQL Optimizations

MySQL Optimizations

Find max connection using the formula:- memory = keybuffer + (readbuffer + sort buffer ) max connections

Open /etc/my.cnf file in your favorite editor (eg: vi, pico etc)

max_connections=400
max_user_connections=30
key_buffer=256M (128MB for every 1GB of RAM)
myisam_sort_buffer_size=64M
join_buffer_size=1M
read_buffer_size=1M (1MB for every 1GB of RAM)
sort_buffer_size=1M (1MB for every 1GB of RAM)
table_cache=1500
thread_concurrency=2 (Number of CPUs x 2)
thread_cache_size=128M
wait_timeout=10
connect_timeout=5
max_allowed_packet=16M
max_connect_errors=1082.165.248.54190.212.44.109
query_cache_limit=1M
query_cache_size=32M (32MB for every 1GB of RAM)
query_cache_type=1

and restart mysql service by /etc/init.d/mysqld restart

Below are notes on some of the important variables in the my.cnf file , that is to be changed inorder to tweak mysql performance

1. query_cache_size:
*********************

*MySQL 4 provides one feature that can prove very handy – a query cache. In a situation where the database has to repeatedly run the same queries on the same data set, returning the same results each time, MySQL can cache the result set, avoiding the overhead of running through the data over and over and is extremely helpful on busy servers.

2. key_buffer_size:
*******************

* The value of key_buffer_size is the size of the buffer used with indexes. The larger the buffer, the faster the SQL command will finish and a result will be returned. The rule-of-thumb is to set the key_buffer_size to at least a quarter, but no more than half, of the total amount of memory on the server. Ideally, it will be large enough to contain all the indexes (the total size of all .MYI files on the server).

* A simple way to check the actual performance of the buffer is to examine four additional variables: key_read_requests, key_reads, key_write_requests, and key_writes.
* If you divide the value of key_read by the value of key_reads_requests, the result should be less than 0.01. Also, if you divide the value of key_write by the value of key_writes_requests, the result should be less than 1.

3. table_cache:
*****************
* The default is 64. Each time MySQL accesses a table, it places it in the cache. If the system accesses many tables, it is faster to have these in the cache. MySQL, being multi-threaded, may be running many queries on the table at one time, and each of these will open a table. Examine the value of open_tables at peak times. If you find it stays at the same value as your table_cache value, and then the number of opened_tables starts rapidly increasing, you should increase the table_cache if you have enough memory.

4. sort_buffer:
***************

* The sort_buffer is very useful for speeding up myisamchk operations (which is why it is set much higher for that purpose in the default configuration files), but it can also be useful everyday when performing large numbers of sorts.

5. read_rnd_buffer_size:
**************************

* The read_rnd_buffer_size is used after a sort, when reading rows in sorted order. If you use many queries with ORDER BY, upping this can improve performance. Remember that, unlike key_buffer_size and table_cache, this buffer is allocated for each thread. This variable was renamed from record_rnd_buffer in MySQL 4.0.3. It defaults to the same size as the read_buffer_size. A rule-of-thumb is to allocate 1KB for each 1MB of memory on the server, for example 1MB on a machine with 1GB memory.

6. thread_cache:
******************

* If you have a busy server that’s getting a lot of quick connections, set your thread cache high enough that the Threads_created value in SHOW STATUS stops increasing. This should take some of the load off of the CPU.

7. tmp_table_size:
*******************

* “Created_tmp_disk_tables” are the number of implicit temporary tables on disk created while executing statements and “created_tmp_tables” are memory-based. Obviously it is bad if you have to go to disk instead of memory all the time.

8. query_cache_size
********************

Query caching has been introduced from MySQL 4 onwards. If your application executes a particular query again and again, MySQL can cache the result set, thereby avoiding the overhead of running through the data over and over and thereby increase the execution time.

You can enable query caching by setting the server variable query_cache_type=1 and setting the cache size in the variable query_cache_size. If either of the above is set to 0, query caching will not be enabled.

 

There are three status for query caching;

1. Disabled – query_cache_type = 0
2. Enabled – query_cache_type = 1
3. On Demand – query_cache_type = 2

How to change PHP handler from command line – cPanel server

How to change PHP handler from command line – cPanel server

How to change PHP handler from command line – cPanel server

In a cPanel server, we have command-line options to list and change PHP handlers.

To list current handler

# /usr/local/cpanel/bin/rebuild_phpconf --current

Example

# /usr/local/cpanel/bin/rebuild_phpconf --current
Available handlers: suphp dso cgi none
DEFAULT PHP: 5
PHP4 SAPI: none
PHP5 SAPI: suphp
SUEXEC: enabled
RUID2: not installed

Above command lists the current PHP handler and all other available handlers in the server.

To list all available PHP handlers on server

# /usr/local/cpanel/bin/rebuild_phpconf --available

To change the current PHP handler to “DSO”

Before executing this command please make sure that the web server Apache is compiled with DSO.

# /usr/local/cpanel/bin/rebuild_phpconf 4 dso none 1

To change the current PHP handler to “SuPHP”

# /usr/local/cpanel/bin/rebuild_phpconf 5 none suphp 1

Example

root@test [~]# /usr/local/cpanel/bin/rebuild_phpconf 5 none suphp 1
[/usr/local/cpanel/scripts/set_mailman_archive_perms] Setting I/O priority to reduce system load: best-effort: prio 6
[/usr/local/cpanel/scripts/set_mailman_archive_perms] Setting mailman archive permissions
[/usr/local/cpanel/scripts/set_mailman_archive_perms] Continuing in the background
php.conf updated to:

# This file was automatically generated by the Cpanel PHP Configuration system
# If you wish to change the way PHP is being handled by Apache on your system,
# use the /usr/local/cpanel/bin/rebuild_phpconf script or the WHM interface.
#
# Manual edits of this file will be lost when Apache is updated.

# SuPHP configuration for PHP5
LoadModule suphp_module modules/mod_suphp.so
suPHP_Engine on
AddType application/x-httpd-php5 .php5 .php4 .php .php3 .php2 .phtml

    suPHP_AddHandler application/x-httpd-php5

# End of autogenerated PHP configuration.

Updating user configurable PHP settings.
[info] recursion depth is set to: 2
Restarting Apache

It will change the default PHP handler to SuPHP

To change the current PHP handler to CGI

# /usr/local/cpanel/bin/rebuild_phpconf 5 none cgi 1

To change the current php handler to FastCGI

# /usr/local/cpanel/bin/rebuild_phpconf 5 none fcgi 1

That’s it!!

Finding the largest files and directories in the server

Finding the largest files and directories in the server

Finding the largest files and directories in the server

This nifty command allows you to built up a list of the largest files and directories:

FS='/';clear;date;df -h $FS; echo "Largest Directories:"; du -hcx –max-depth=2 $FS 2>/dev/null | grep [0-9]G | sort -grk 1 | head -15 ;echo "Largest Files:"; nice -n 19 find $FS -mount -type f -print0 2>/dev/null| xargs -0 du -k | sort -rnk1| head -n20 |awk '{printf "%8d MB\t%s\n",($1/1024),$NF}'

Please be patient, it will take time to show the result.

You’ll need to adjust it, depending on which directory you wish to look within. For example, if you’re looking for a list of the largest files and folders in the /home directory, you’d use:

FS='/home';clear;date;df -h $FS; echo "Largest Directories:"; du -hcx –max-depth=2 $FS 2>/dev/null | grep [0-9]G | sort -grk 1 | head -15 ;echo "Largest Files:"; nice -n 19 find $FS -mount -type f -print0 2>/dev/null| xargs -0 du -k | sort -rnk1| head -n20 |awk '{printf "%8d MB\t%s\n",($1/1024),$NF}'
Linux – Find where a process is running from

Linux – Find where a process is running from

Linux – Find where a process is running from

You may see a process running and wonder exactly where its running from. Fortunately, there’s a way to find out!

Let's say, for instance, the process is as follows:
# ps aux | grep perl | tail -1
user 852679  0.0  0.0  30920  2472 ?        S    Feb17   0:00 perl main.css

To find out where 'perl main.css' started from:
# ls -l /proc/852679/cwd
lrwxrwxrwx 1 user user 0 Feb 22 16:16 /proc/852679/cwd -> /home/user/public_html/domain.com/
As you can see, process 852679 originated from the directory /home/user/public_html/domain.com/

This can be helpful when tracking down processes that you’ve not seen before, malware, etc.

Find highest CPU, Memory & MySQL Usage for cPanel accounts

Find highest CPU, Memory & MySQL Usage for cPanel accounts

Find highest CPU, Memory & MySQL Usage for cPanel accounts

You may have come across a time where there’s higher than normal resource usage, and you’re trying to pin-point the cause. Sometimes that can be tricky, though with the below command, you can quickly and easily build up a list of the top 5 users that are consuming your CPU, Memory and MySQL resources.

Note that this command does not make any changes to your server. The expected output of the command can also be seen below.

Just copy all the commands from the below box and paste it in the server terminal. You will see the magic !!!

COMMAND :

OUT=$(/usr/local/cpanel/bin/dcpumonview | grep -v Top | sed -e 's#<[^>]*># #g' | while read i ; do NF=`echo $i | awk {'print NF'}` ; if [[ "$NF" == "5" ]] ; then USER=`echo $i | awk {'print $1'}`; OWNER=`grep -e "^OWNER=" /var/cpanel/users/$USER | cut -d= -f2` ; echo "$OWNER $i"; fi ; done) ; (echo "USER CPU" ; echo "$OUT" | sort -nrk4 | awk '{printf "%s %s%\n",$2,$4}' | head -5) | column -t ;echo;(echo -e "USER MEMORY" ; echo "$OUT" | sort -nrk5 | awk '{printf "%s %s%\n",$2,$5}' | head -5) | column -t ;echo;(echo -e "USER MYSQL" ; echo "$OUT" | sort -nrk6 | awk '{printf "%s %s%\n",$2,$6}' | head -5) | column -t ;

SAMPLE OUTPUT :

USER       CPU
user1        2.51%
user2        1.48%
user3        1.04%
user4        0.77%
user5        0.61%

USER       MEMORY
user1        5.67%
user2        0.38%
user3        0.38%
user4        0.13%
user5        0.12%

USER       MYSQL
user1        0.3%
user2        0.0%
user3        0.0%
user4        0.0%
user5        0.0%
How to install Malware Detect (Maldet) for CentOS 6 / Linux

How to install Malware Detect (Maldet) for CentOS 6 / Linux

How to install Malware Detect (Maldet) for CentOS 6 / Linux

Malware Detect is very easy to install on CentOS, regardless of the control panel you utilize (cPanel/WHM, Directadmin, etc). Maldet also known as Linux Malware Detect virus scanner for Linux.

There is nothing complicated in installation process, but root access to your server is required.
Installation via SSH

cd /usr/local/src/
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xzf maldetect-current.tar.gz
cd maldetect-*
sh ./install.sh 
maldet --update-ver

To scan a folder, for example /home you should type

maldet -a /home

That’s it !!!

Script to Change cPanel password of all users in the server

Script to Change cPanel password of all users in the server

Script to Change cPanel password of all users in the server

1. Create a file named chpass.sh with the following contents in it.

#!/bin/sh
cat /etc/trueuserdomains | awk '{print $2}' | while read user; do
pass=`> passwords.txt
/scripts/realchpass $user $pass
done
/scripts/ftpupdate

2. Give executable permission to the script.

chmod +x chpass.sh

3. Run the script and you will get a file named passwords.txt with all cpanel users with their new passwords.

sh chpass.sh

You can use random string generate scripts like the following generate passwords.

pass=`date | md5sum | head -c16 | xargs`
pass=`openssl rand -base64 128 | head -c16 | xargs`
pass=`strings /dev/urandom | tr -dc .~?_A-Z-a-z-0-9 | head -c16 | xargs`

Note : In some cases when executing /scripts/realchpass script will showing the following error.

ERROR: /usr/local/cpanel/scripts/realchpass
Invocation changes only the system password and does not have any effect on other services associated with your cPanel account, including FTP, SSH, WebDAV, and FrontPage. It is strongly encouraged for you to change the password via the WHM & cPanel interface. You can force a password change through this script by setting the environment variable ‘ALLOW_PASSWORD_CHANGE=1’

You can fix the above error by running the following command. After that execute the script again.

export ALLOW_PASSWORD_CHANGE=1

Thant’s it !!!

 

clamAV installed in cPanel server – But not working on the command line

clamAV installed in cPanel server – But not working on the command line

clamAV installed in cPanel server – But not working on the command line

You may try to install ClamAV and then see it have problems when trying to run on your server.

root@host [~]# clamscan -ri /home/*/public_html/
-bash: clamscan: command not found

If you are having this problem, and have already installed ClamAV through WHM, check to make sure that your executables are here:

ls -lah /usr/local/cpanel/3rdparty/bin/*clam*

If they are, make sure that there are no current ClamAV files in /usr/local/bin:

ls -l /usr/local/bin/*clam*

If both of those check out, you can create symlinks in /usr/local/bin to make scanning your server easier.

ln -s /usr/local/cpanel/3rdparty/bin/freshclam /usr/local/bin/freshclam
ln -s /usr/local/cpanel/3rdparty/bin/clamscan /usr/local/bin/clamscan
ln -s /usr/local/cpanel/3rdparty/bin/clamd /usr/local/bin/clamd
ln -s /usr/local/cpanel/3rdparty/bin/clamav-config /usr/local/bin/clamav-config

Double check your work with this command:

ls -l /usr/local/bin/*clam*

Then you can scan your server’s public_html folders with this command:

clamscan -ri /home/*/public_html/
Exim – Scripts to find the Origin of Spam mails in cPanel Server

Exim – Scripts to find the Origin of Spam mails in cPanel Server

Exim cPanel Server : Scripts to find the Origin of Spam mails

1. Bellow command will show the email address which is sending maximum number of outbound emails from exim queue.

exim -bpr | grep "<" | awk {'print $4'} | cut -d "<" -f 2 | cut -d ">" -f 1 | sort -n | uniq -c | sort -n

You will get a result like below.

 1  arun@testdomain.com
 2  sales@test1domain.com
 3  sandy@test123.com
 4  root@testdomain.co.in
 29  admin@testdomain.in
 124  arun@test123domain.com

2. Below command will show location of the malicious script/codes in the server from which possible spam emails originate.

grep "cwd=/home" /var/log/exim_mainlog | awk '{for(i=1;i<=10;i++){print $i}}' | sort | uniq -c | grep cwd | sort -n
awk '{ if ($0 ~ "cwd" && $0 ~ "home") {print $3} }' /var/log/exim_mainlog | sort | uniq -c | sort -nk 1
grep 'cwd=/home' /var/log/exim_mainlog | awk '{print $3}' | cut -d / -f 3 | sort -bg | uniq -c | sort -bg

You will get a result like below. Note that the third command above is just a sub command of the first two commands.

 9      cwd=/home/test1/public_html
 10     cwd=/home/test2/public_html/a1/www
 15     cwd=/home/test3/public_html
 91     cwd=/home/test4/public_html
 178    cwd=/home/test5/public_html/web
 770    cwd=/home/test6/public_html/foro
 803    cwd=/home/test7/public_html/web
 124348 cwd=/home/test8/public_html/wp/wp-content/themes/twentyeleven

3. Below command will show exact malicious script/codes which is sending out spam mails from the server. Note that the following command show ongoing current spam codes.

ps auxwwwe | grep <user> | grep --color=always "<location of script or code>" | head

Please make sure to replace <location of script or code> before executing the above command. As an example, the usage of above script is shown below.

ps auxwwwe | grep test8 | grep --color=always "/home/test8/public_html/wp/wp-content/themes/twentyeleven" | head

Once you find the exact script, the below command will help you to find the IP address which is responsible for spamming. You will get a list of IPs from the following script. The IPs address which has high number of access is most probably causing spamming. You may block the IP address in csf firewall.

grep "<script_name>" /home/user/access-logs/testdomain.com | awk '{print $1}' | sort -n | uniq -c | sort -n

4. Below command that will show you the script which is using php scripts/codes to send the email. If it is from php then use below command.

 egrep -R "X-PHP-Script"  /var/spool/exim/input/*

5. Below command will show various use full data of top 50 websites in your exim mail server. Try it out !!!

eximstats -ne -nr /var/log/exim_mainlog

6. It shows from which user’s home the mail is going, so that you can easily trace it and block it if needed.it shows the mails going from the server.

ps -C exim -fH ewww | grep home

7. It shows the IPs which are connected to server through port number 25. It one particular Ip is using more than 10 connection you can block it in the server firewall.

netstat -plan | grep :25 | awk {'print $5'} | cut -d: -f 1 | sort | uniq -c | sort -nk 1

8. Execute the below command to find “nobody” spamming.

ps -C exim -fH ewww | awk '{for(i=1;i<=40;i++){print $i}}' | sort | uniq -c | grep PWD | sort -n
It will give almost similar result as provided below.
 
6 PWD=/
347 PWD=/home/sample/public_html/test
 
Please count the PWD and if it's a large value then you need to check the files in the directory
listed in PWD. You can ignore if it's '/' or '/var/spool/mail' or '/var/spool/exim'

The above command is only valid if there is ongoing spamming in the server. However, if the spam issue orrured some hours before the use the below command.

grep "cwd=" /var/log/exim_mainlog | awk '{for(i=1;i<=10;i++){print $i}}' | sort | uniq -c | grep cwd | sort -n

9. The following command will give the summary of mails in the mail queue.

exim -bpr | exiqsumm -c | head 

You will get a result similar to the one provided below. Try it out !!!

Count       Volume      Oldest     Newest       Domain
 -----      ------      ------     ------       ------
 114        171KB       24h        28m          testdomain.com
 15         28KB        36h        7m           gmail.com
 5          10KB        34h        10h          test2domain.com
 4          8192        27h        4h           yourdomain.com
 4          75KB        7m         7m           server.domain.com
 3          6041        23h        42m          test123.com