"The mind of a Mad Tech!"

Apparently there is a bug that affects Plesk versions 9.x to 9.3, however it was addressed in Plesk 9.5. You can identify this bug if you are unable to start or restart your plesk instance. if this happens you will need to view the error log for Plesk, located at “/var/log/sw-cp-server/error_log”.

If you see the following then you are affected by the bug.

2011-11-01 05:03:38: (network.c.336) SSL: error:00000000:lib(0):func(0):reason(0)
2011-11-01 05:03:38: (log.c.75) server started
2011-11-01 05:03:38: (network.c.336) SSL: error:00000000:lib(0):func(0):reason(0)
2011-11-01 05:03:48: (log.c.75) server started
2011-11-01 05:03:48: (network.c.336) SSL: error:00000000:lib(0):func(0):reason(0)
2011-11-01 05:03:48: (log.c.75) server started
2011-11-01 05:03:48: (network.c.336) SSL: error:00000000:lib(0):func(0):reason(0)
2011-11-08 05:00:49: (log.c.75) server started
2011-11-08 05:00:49: (network.c.336) SSL: error:00000000:lib(0):func(0):reason(0)
2011-11-08 05:00:49: (log.c.75) server started
2011-11-08 05:00:49: (network.c.336) SSL: error:00000000:lib(0):func(0):reason(0)
2011-11-08 05:00:58: (log.c.75) server started
2011-11-08 05:00:58: (network.c.336) SSL: error:00000000:lib(0):func(0):reason(0)
2011-11-08 05:00:58: (log.c.75) server started
2011-11-08 05:00:58: (network.c.336) SSL: error:00000000:lib(0):func(0):reason(0)

To correct this you will need to download and install a file that is provided by Parallel’s. To do this enter the following on the server that your Plesk instance is located;

wget -c http://kb.parallels.com/Attachments/12669/Attachments/sw-cp-server-1.0-6.201004011105.centos5.i386.rpm

Then you will need to execute the file by running the following command;

rpm -Uhv sw-cp-server-1.0-6.201004011105.centos5.i386.rpm

This will apply the updated files and will allow Plesk to start up again. Please note that the link above is for a 32-bit CentOS 5 OS. If you have different then please refer to the links below to download the correct file for your server.
Once applied you will be able to start Plesk again.

CentOS 5 x86
CentOS 5 x86_64
CentOS 4 x86
CentOS 4 x86_64
RHEL 4 x86
RHEL 4 x86_64
RHEL 5 x86
RHEL 5 x86_64
Fedora 11 x86
Fedora 11 x86_64

Once applied Plesk will be able to be started again.

If you have ever encountered the issue with Plesk 9, where you run a backup and the domain is suspended and you are not able to bring the account back by telling it to unsuspend the account in the domain settings, there is a way to do so via SSH.

To do this, you simply need to do the following;

1. Log into the server via SSH.

2. Type the following at your shell promp;

” /usr/local/psa/bin/domain -u domainname.com -status enabled”

Make sure you replace “domainname.com” with your domain name.

3. Once you do this, Plesk will bring the domain out of suspension.

“SUCCESS: Update of domain ‘domainname.com’ complete.

Now your domain is no longer suspended.

While Cpanel comes with 2 different FTP programs; PureFTP and Proftp, there isn’t any way in Cpanel to change the default FTP ports. This leaves the server open to a possible brute force attack at the default port of 21. However by changing just one line in your FTP server configuration files, you can change up the FTP port and securing your server.

To do so, you must be logged into your server via SSH/Shell and you must use a text editior such as Nano, Pico, Vi / Vim.

Changing the port for Pure-FTP

1) Edit /etc/pure-ftpd.conf and look for the following line:

#Bind 127.0.0.1,21

The default example, 127.0.0.1, will cause the socket to bind locally but then this connection won’t serve externally. You’ll need to uncomment the line and change that to 0.0.0.0 so all IP’s will listen on that range and change the port of 40 to your desired ftp port.

2) If needed, add the new FTP port to your server’s firewall

3) Edit /etc/chkserv.d/ftpd and change the port, which is the first comma-separated entry to the right of ‘=’ on the line in the file, to match the port you put the service on.

Finally:

/etc/init.d/pure-ftpd restart
/etc/init.d/cpanel restart (restarts tailwatchd/chkservd)

Changing the port for ProFTP

Edit /etc/proftpd.conf and change:

Port 21

UPDATED as of April 1st, 2010

*It seems Parallel’s has released a fix for this. Fix was just released / revised as of April 1st, 2010*

http://kb.parallels.com/en/8338

Resolution

It is necessary to update Parallels Panel web-engine:

1. Download the appropriate package using the wget utility. Example for CentOS 5 x86:

A list of fixed packages:

CentOS 5 x86
CentOS 5 x86_64
CentOS 4 x86
CentOS 4 x86_64
RHEL 4 x86
RHEL 4 x86_64

2. Install the downloaded package. Example for CentOS 5 x86:

Taken from “http://mattiasgeniar.be/2010/03/29/dont-upgrade-openssl-if-youre-using-plesk-broken-controlpanel/” -

If you’re using Plesk 9.x on a CentOS system, don’t upgrade the openssl package from version 0:0.9.8e-12.el5_4.1 to 0:0.9.8e-12.el5_4.6. It will break your Plesk Controlpanel, causing it to no longer start up. You’ll see a message similar to this.

[root@srv~]# /etc/init.d/psa start

Starting xinetd service…               done

Starting named service…             done

Starting mysqld service…           done

Plesk: Starting Mail Server… already started

Starting mail handlers tmpfs storage

Starting Plesk…                       failed

There won’t be an obvious error message in any log file location (/var/log/*, /usr/local/psa/var/log/*, /usr/local/psa/admin/logs/*), but it will most likely be caused by your recent openssl upgrade. Solution is this.

1) Downgrade method

[root@srv~]# yum downgrade openssl openssl-devel

2) Using RPM packages

You have to download these first! After completing the next steps, you’ll be without openssl – and downloading through wget or curl won’t  work because of missing libraries. Please take note: the following is at your own risk (and if you lose your SSH connection in the meanwhile, you’re screwed).

Find your current OpenSSL version, it should read version “el5_4.6″.

[root@srv~]# rpm -qa | grep -i openssl
openssl-0.9.8e-12.el5_4.6

Remove the package (if you haven’t downloaded the openssl package yet, do so first !!). (due to the font of this blog, it’s confusing, but the parameter = ‘ – – nodeps’).

[root@srv ~]# rpm -e –nodeps openssl-0.9.8e-12.el5_4.6

And re-install the correct version (replace the RPM with the one for your achitecture).

[root@srv  ~]# rpm -ivh openssl-0.9.8e-12.el5_4.1.x86_64.rpm
warning: openssl-0.9.8e-12.el5_4.1.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID e8562897
Preparing…                ########################################### [100%]
1:openssl                ########################################### [100%]

Afterwards, you’ll be able to start Plesk again.

[root@srv~]# /etc/init.d/psa start

Starting xinetd service…               done

Starting named service…             done

Starting mysqld service…           done

Plesk: Starting Mail Server… already started

Starting mail handlers tmpfs storage

Starting Plesk…                       done

For now the only workaround is to downgrade openssl, either with yum or with rpm (if yum is not configured):

# wget -c http://mirrors.kernel.org/centos/5/updates/x86_64/RPMS/{openssl-0.9.8e-12.el5_4.1.x86_64.rpm,mod_ssl-2.2.3-31.el5.centos.2.x86_64.rpm,httpd-2.2.3-31.el5.centos.2.x86_64.rpm}

# rpm -Uvh –oldpackage {openssl-0.9.8e-12.el5_4.1.x86_64.rpm,mod_ssl-2.2.3-31.el5.centos.2.x86_64.rpm,httpd-2.2.3-31.el5.centos.2.x86_64.rpm}

# /etc/init.d/sw-cp-server start

To disable reverse lookups in qmail with Plesk,  you can  add -Rt0 to the server_args line in /etc/xinetd.d/smtp_psa


service smtp
{
socket_type = stream
protocol = tcp
wait = no
disable = no
user = root
instances = UNLIMITED
server = /var/qmail/bin/tcp-env
server_args = -Rt0 /usr/sbin/rblsmtpd -r sbl-xbl.spamhaus.org /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
}


Once you have made the change, you will need to restart the Xinetd service;

# /etc/init.d/xinetd restart

*DNS reverse lookups will no longer be called. Please note if you make any changes in Plesk regarding mail it will overwrite the change that you just made.*