HolHost.com Blog Server administrators blog

12Feb/13Off

How to install CSF

Hello,

We'll guide you thru putting in and configuring CSF - Config Server Firewall, a preferred different to APF. CSF comes with LFD and works with or while not cPanel.

CSF Install Guide and the way To

CSF - Config Server Firewall could be a stateful packet scrutiny firewall, login/intrusion detection and security application for UNIX operating system servers. What will that mean in English? straightforward - it is a program that may greatly improve your dedicated server or VPS's security.

It's a firewall - therefore it will block/restrict ports you do not wish open, and prevents somebody from exploitation any port they require if they did break in.
It has intrusion detection - therefore it'll scan the log files and monitor failing login tries, like FTP word shot and block the science.
Those area unit the two massive things i favor concerning CSF - and it's a pleasant interface for the non tekki person, on cPanel servers.

http://www.configserver.com/cp/csf.html

If you've got another firewall put in, like APF, CSF will assist you mechanically take away the present firewall and install theirs instead. detain mind it will not migrate over your configuration.

Installation
============
Installation is kind of straightforward:

Login because the root user to SSH and run the subsequent commands.

rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

If you'd wish to disable APF+BFD (which you may ought to do if you've got
them put in otherwise they'll conflict horribly):

sh disable_apf_bfd.sh

That's it. you'll then tack csf and lfd in WHM, or edit the files
directly in /etc/csf/*

Installation Completed

Don't forget to:

1. tack the TCP_IN, TCP_OUT, UDP_IN and UDP_OUT choices within the csf configuration to suite your server

2. Restart csf and lfd

3. Set TESTING to zero once you are pleased with the firewall

csf is preconfigured to figure on a cPanel server with all the quality cPanel
ports open. It conjointly auto-configures your SSH port if it's non-standard on
installation.

You should make sure that kernel work daemon (klogd) is enabled. Typically, VPS
servers have this disabled and you ought to check /etc/init.d/syslog and build
sure that any klogd lines aren't commented out. If you alter the file,
remember to restart syslog.

Now - login to your cPanel server's WHM as root and attend the lowest left menu. If already logged in then reload the page. In Plugins - you may see:  ConfigServer Security&Firewall

The firewall is STOPPED by default - it's not running. we want to designed it, so take it out of check Mode.

Click on Firewall Configuration

ETH_DEVICE =: Set this to eth+

TCP_IN/TCP_OUT/UDP_IN/UDP_OUT = : These area unit the ports you would like to go away open for your server to work. If you alter the default SSH port confirm to feature it here. conjointly add the other services you would possibly have running like Shoutcast or game servers. By default most of the ports used ought to already be designed.

MONOLITHIC_KERNEL = : zero solely amendment this to one if your firewall won't begin - otherwise leave it because it.

LF_DSHIELD = 0: amendment this selection to 86400. this is often associate automatic updated list of acknowledged offensive IPs. sanctioning this can stop them from having the ability to attach to your server.

Spam Protection Alerts
If you would like to feature some spam protection, CSF will facilitate. Look within the configuraiton for the following:

LF_SCRIPT_ALERT = zero amendment this to one. this can send associate email aware of the supervisor once the limit designed below is reached among associate hour.

LF_SCRIPT_LIMIT = one hundred amendment this to 250. this can warn you once associatey scripts sends out 250 email messages in an hour.

Configuration Complete - nearly
Scroll right down to the lowest and click on on amendment to save lots of the settings. Then click Restart csf+lfd

You should see an enormous page of settle for and close to the lowest you ought to see:

csf: TESTING mode is enabled - remember to disable it within the configuration
Starting lfd:[  OK  ]

Click on come back

Now check all of your services to create positive everything is functioning - SSH, FTP, http. once you are doing a couple of fast tests return into the Firewall Configuration page.

TESTING = one amendment this to zero and click on amendment at the lowest. Then Restart csf+lfd

That's it, the firewall is with success put in and running!!
Firewall Status: Running - you ought to see this on the most CSF page in WHM.

Uninstallation
==============
Removing csf and lfd is even a lot of simple:

cd /etc/csf
sh uninstall.sh

17Feb/12Off

Ways to free up cPanel server space

Most of the time, we are advise to keep our server disk space clean. To ensure it is clean, you may follow the following step,

1) Clean yum cache file

yum clean all

2) Delete fantastico backup file

rm -rfv /home/*/fantastico_backups

3) Delete cPanel backup file

rm -rfv /home/*/backup*.tar.gz

4) Delete cPanel file manager temp file

rm -fv /home/*/tmp/Cpanel_*

5) Terminate unwanted account

To show which account is suspended:

ls /var/cpanel/suspended

Terminate them (y/n is depend on if you wish to remain the DNS or not)

/scripts/killacct user y/n

 

 

Tagged as: , , , Comments Off
10May/11Off

Default Bandwidth Exceeded Page

In this tutorial you will learn how to modify the Cpanel bandwidth exceeded page. This page is shown for clients automatically when they run out of bandwidth. Bandwidth counts are reset every month.

Step 1: Login to the server as root in SSH.

Step 2: This will make a backup copy of the original file incase you need to revert back
cp /usr/local/cpanel/apache/mod_bwlimited.c /usr/local/cpanel/apache/mod_bwlimited.c.bak

Step 3: Then type:
pico -w /usr/local/cpanel/apache/mod_bwlimited.c

Scroll down until you reach the section where you'll see the HTML code for the bandwidth page or do a search for it in Pico #: Ctrl+W then paste this in: <HTML><HEAD>n<TITLE>509 Bandwidth Limit Exceeded</TITLE>

Change it to whatever you like... carefully.

Step 4: Save the file while still in pico #:
Crtl+X then Y

хостинг

10May/11Off

Setting up Nameservers in WHM

We'll show you  how to setup cpanel nameservers and configure them properly so you can run ns1 and ns2.yoursite.com

This guide will show you the ropes in how to setup cpanel nameservers and configure them properly so you can run ns1 and ns2.yoursite.com. Once your nameservers are setup clients can then use your own private nameservers for their domains.

1. Regiser your domain
Register the domain name you would like to use, you can register a domain here if you need one.This domain will be used as your nameservers - eg ns1.yourdomain.com and ns2.yourdomain.com

2. Additional IPs
Have 2 available IP addresses for your server that aren't in use.You will need to contact you provider to obtain these IP addreses.

3. Registering the Nameservers
Now login to your domain management page for the domain you registered and  register ns1.newdomain.com and ns2.newdomain.com as nameservers (registries normally have a special facility for doing that). The registry may also have a facility to propogate these nameservers around the foreign registries - if so, you should use this facility.

These registrations may take a few days to propagate (often as many as 3 days).

4. Reverse DNS
You may also need to get your data centre to enter a reverse DNS pointer for your nameservers. You'll need to let them know each nameserver and its IP address. Sometimes you can suffer non-delivery of mail if you don't so this. Reverse DNS pointers can take a while to propagate.
Setup a reverse on the IP address for your domain

5. Broken NDC/BIND
My version of WHM/CPanel came with a broken NDC. To fix this:

SSH into your box as root.

(a) Type: cd /scripts
(b) Type: ./updatenow
(c) Type: ./fixndc

Go back into WHM, go to the Restart Services section in the left menu and click DNS/Nameserver (BIND).

You will need to do this if you start getting 'ndc' errors when you are doing anything DNS related in WHM.

6. Setup Nameservers In WHM
Go into WHM (Web Host Manager) and select Edit Setup from the Server Setup menu on the left. Enter ns1.newdomain.com in the Primary Nameserver field. Hit 'Assign IP Address', then hit 'Add an A Entry for this nameserver'.
Repeat this process for the Secondary Nameserver field.

7. Tidy Up Junk Nameservers
Go into WHM (Web Host Manager) and select Manage Nameserver IPs from the Server Setup menu on the left. Remove any nameservers you don't recognise. This is just a tidy up exercise in case anyone's set anything up on the box before you.

8. Initial Nameserver Setup
Go into WHM (Web Host Manager) and select Initial NameServer Setup from the Server Setup menu on the left. Run this.

9. Restart BIND
Restart BIND (step 7 restarts BIND, but we've known it to need a proper stop and start for it to work) from SSH with:

service named stop
service named start

10. Manual Checks
I don't know what it is about this process, but it doesn't always work, so there are some things you can check manually via SSH.

/etc/wwwacct.conf
Check that the nameservers are correctly specified on NS, NS2 etc.
EG: scroll to the name servers section.....
NS ns1.yournameserver.com
NS2 ns2.yournameserver.com

/etc/resolv.conf
Check that there are nameserver entries for each IP. There may also be one for 127.0.0.1 - this is okay. I'm led to believe (by the 'man' entry for resolv.conf) that this isn't a particularly important file, but I changed mine to read:

domain mybox.com
search mybox.com
nameserver 127.0.0.1
nameserver 111.111.111.111
nameserver 222.222.222.222

Where 'mybox.com' is the main domain of my server, and '111.111.111.111' and '222.222.222.222' are the IP addresses of my primary and secondary nameservers.

resolv.conf is used to lookup names that are not in FQDN format.

/etc/nameserverips
Check that there are entries for each IP acting as a nameserver.
EG:
IPHERE=ns1.yournameserver.com
IPHERE=ns2.yournameserver.com