Archive for the ‘Plesk’ category

« Older Entries

How to change your FTP port in Cpanel

April 10th, 2010

While Cpanel comes with 2 different FTP programs; PureFTP and Proftp, there isn’t any way in Cpanel to change the default FTP ports. This leaves the server open to a possible brute force attack at the default port of 21. However by changing just one line in your FTP server configuration files, you can change up the FTP port and securing your server.

To do so, you must be logged into your server via SSH/Shell and you must use a text editior such as Nano, Pico, Vi / Vim.

Changing the port for Pure-FTP

1) Edit /etc/pure-ftpd.conf and look for the following line:

#Bind 127.0.0.1,21

The default example, 127.0.0.1, will cause the socket to bind locally but then this connection won’t serve externally. You’ll need to uncomment the line and change that to 0.0.0.0 so all IP’s will listen on that range and change the port of 40 to your desired ftp port.

2) If needed, add the new FTP port to your server’s firewall

3) Edit /etc/chkserv.d/ftpd and change the port, which is the first comma-separated entry to the right of ‘=’ on the line in the file, to match the port you put the service on.

Finally:

/etc/init.d/pure-ftpd restart
/etc/init.d/cpanel restart (restarts tailwatchd/chkservd)

Changing the port for ProFTP

Edit /etc/proftpd.conf and change:

Port 21

No comments »

Posted in Cpanel, Plesk, Technology Related

Tags:

Don’t Upgrade OpenSSL If You’re Using Plesk (= Broken Controlpanel)

April 1st, 2010

UPDATED as of April 1st, 2010

*It seems Parallel’s has released a fix for this. Fix was just released / revised as of April 1st, 2010*

http://kb.parallels.com/en/8338

Resolution

It is necessary to update Parallels Panel web-engine:

1. Download the appropriate package using the wget utility. Example for CentOS 5 x86:

#wget -c http://kb.parallels.com/Attachments/12669/Attachments/sw-cp-server-1.0-6.201004011105.centos5.i386.rpm

A list of fixed packages:

CentOS 5 x86
CentOS 5 x86_64
CentOS 4 x86
CentOS 4 x86_64
RHEL 4 x86
RHEL 4 x86_64

2. Install the downloaded package. Example for CentOS 5 x86:

#rpm -Uhv sw-cp-server-1.0-6.201004011105.centos5.i386.rpm
The fix is listed above.
</br>

Taken from “http://mattiasgeniar.be/2010/03/29/dont-upgrade-openssl-if-youre-using-plesk-broken-controlpanel/” -

If you’re using Plesk 9.x on a CentOS system, don’t upgrade the openssl package from version 0:0.9.8e-12.el5_4.1 to 0:0.9.8e-12.el5_4.6. It will break your Plesk Controlpanel, causing it to no longer start up. You’ll see a message similar to this.

[root@srv~]# /etc/init.d/psa start
Starting xinetd service…               done
Starting named service…             done
Starting mysqld service…           done
Plesk: Starting Mail Server… already started
Starting mail handlers tmpfs storage
Starting Plesk…                       failed

There won’t be an obvious error message in any log file location (/var/log/*, /usr/local/psa/var/log/*, /usr/local/psa/admin/logs/*), but it will most likely be caused by your recent openssl upgrade. Solution is this.

1) Downgrade method

If this works, it’s the easiest solution. Just make sure that due to dependencies, nothing of Parallels or Plesk is removed along.
[root@srv~]# yum downgrade openssl openssl-devel

2) Using RPM packages

Download the OpenSSL version 0.9.8e-12 5_4.6 for your architecture (these apply to CentOS).

You have to download these first! After completing the next steps, you’ll be without openssl – and downloading through wget or curl won’t  work because of missing libraries. Please take note: the following is at your own risk (and if you lose your SSH connection in the meanwhile, you’re screwed).

Find your current OpenSSL version, it should read version “el5_4.6″.

[root@srv~]# rpm -qa | grep -i openssl
openssl-0.9.8e-12.el5_4.6

Remove the package (if you haven’t downloaded the openssl package yet, do so first !!). (due to the font of this blog, it’s confusing, but the parameter = ‘ – – nodeps’).

[root@srv ~]# rpm -e –nodeps openssl-0.9.8e-12.el5_4.6

And re-install the correct version (replace the RPM with the one for your achitecture).

[root@srv  ~]# rpm -ivh openssl-0.9.8e-12.el5_4.1.x86_64.rpm
warning: openssl-0.9.8e-12.el5_4.1.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID e8562897
Preparing…                ########################################### [100%]
1:openssl                ########################################### [100%]

Afterwards, you’ll be able to start Plesk again.

[root@srv~]# /etc/init.d/psa start
Starting xinetd service…               done
Starting named service…             done
Starting mysqld service…           done
Plesk: Starting Mail Server… already started
Starting mail handlers tmpfs storage
Starting Plesk…                       done
Since there’s no update on Plesk yet, this is something to look out for!
Update: An official message from Parallels

For now the only workaround is to downgrade openssl, either with yum or with rpm (if yum is not configured):

# wget -c http://mirrors.kernel.org/centos/5/updates/x86_64/RPMS/{openssl-0.9.8e-12.el5_4.1.x86_64.rpm,mod_ssl-2.2.3-31.el5.centos.2.x86_64.rpm,httpd-2.2.3-31.el5.centos.2.x86_64.rpm}

# rpm -Uvh –oldpackage {openssl-0.9.8e-12.el5_4.1.x86_64.rpm,mod_ssl-2.2.3-31.el5.centos.2.x86_64.rpm,httpd-2.2.3-31.el5.centos.2.x86_64.rpm}

# /etc/init.d/sw-cp-server start

Good luck!

*It seems Parallel’s has released a fix for this. Fix was just released / revised as of April 1st, 2010*

http://kb.parallels.com/en/8338

Resolution

It is necessary to update Parallels Panel web-engine:

1. Download the appropriate package using the wget utility. Example for CentOS 5 x86:

#wget -c http://kb.parallels.com/Attachments/12669/Attachments/sw-cp-server-1.0-6.201004011105.centos5.i386.rpm

A list of fixed packages:

CentOS 5 x86
CentOS 5 x86_64
CentOS 4 x86
CentOS 4 x86_64
RHEL 4 x86
RHEL 4 x86_64

2. Install the downloaded package. Example for CentOS 5 x86:

#rpm -Uhv sw-cp-server-1.0-6.201004011105.centos5.i386.rpm

1 comment »

Posted in Plesk, Qmail, Windows Vista

Tags:

How to disable reverse lookups with Qmail in Plesk

March 9th, 2010

To disable reverse lookups in qmail with Plesk,  you can  add -Rt0 to the server_args line in /etc/xinetd.d/smtp_psa


service smtp
{
socket_type = stream
protocol = tcp
wait = no
disable = no
user = root
instances = UNLIMITED
server = /var/qmail/bin/tcp-env
server_args = -Rt0 /usr/sbin/rblsmtpd -r sbl-xbl.spamhaus.org /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
}

Once you have made the change, you will need to restart the Xinetd service;

# /etc/init.d/xinetd restart

*DNS reverse lookups will no longer be called. Please note if you make any changes in Plesk regarding mail it will overwrite the change that you just made.*

No comments »

Posted in Linux, Plesk, Qmail

Creating additional FTP Users In Plesk (Linux)

February 12th, 2010

Plesk for Linux, by default only allows one ftp users (While it does let you add multiple web users, they are locked to the same directory as the main ftp user). However you can get around this limitation by creating additional FTP users by creating them outside of Plesk, using SSH / Shell. The process is fairly simple as well and you can setup any directory structure that you want the new user to connect to, even for adding ftp access behind the root of a web directory if you like.

To do this, we simply need to do the following;

*Prior to doing this, make sure you already have an existing ftp user in place, as you will need their ID#

1. Log into your Linux server (Only applies to a dedicated server, colo server or virtual server – VPS).

2. Once you have logged in, you need to find an ID of an existing FTP user. To do this, simply type the following:

$id user     (user is the name of the existing ftp user)

3. If you have the user, you will be given an output that looks like this;

# uid=10002(user) gid=2524(psacln) groups=2524(psacln)

4. Take the uid number as you will need this to setup the new user.

5. Now, create the new user by using this command. Also with this command, you can set the directory you want them to have access to.;

/usr/sbin/useradd -u 10002 -o -d /var/www/vhosts/example.com/custom_folder -g psacln -s /bin/false newuser    (newuser is the name if the new account)

6. The new user has been created. Now you have to assign a password to it. To do this, type the following *make sure the password is not the same as the main Plesk ftp account*;

$passwd newuser password (Change password to the password you want to assign to the user)

7. It will then ask for you to confirm the password, type the password again. If done correctly, you will get the following message;

passwd: all authentication tokens updated successfully.

That’s it, the ftp user has been created. If you ever want to remove the user, you have to do it via command line as Plesk will not sure the user. To do this, simply type the following;

$/usr/sbin/userdel username

No comments »

Posted in FTP, Linux, Plesk

Tags:

Setting Up Spam Protection Based on DomainKeys in Plesk

December 11th, 2009

*Please note that Plesk only supports the use of Domainkeys as of 8.6 and up*.

To switch on spam protection based on DomainKeys:

  1. Click the Server shortcut in the navigation pane.
  2. Click the Mail icon in the Services group.
  3. Under the DomainKeys spam protection group, select the following options:
    • Allow signing outgoing mail. Selecting this option allows you and your customers to switch on support for DomainKeys e-mail signing on a per-domain basis through the domain administration screens of the control panel (Domains > domain name > Mail > Preferences > Use DomainKeys spam protection system to sign outgoing e-mail messages option). It does not automatically switch on signing of outgoing e-mail messages.
    • Verify incoming mail. Selecting this option will configure the DomainKeys system to check all e-mail messages coming to e-mail users under all domains hosted on the server.
  4. Click OK.

Now your mail server will check all incoming e-mail messages to ensure that they come from the claimed senders. All messages, sent from the domains that use DomainKeys to sign e-mail, which fail verification will be discarded. All messages, sent from the domains that do not participate in the DomainKeys program and do not sign e-mail, will be accepted without verifying.

To switch on signing outgoing e-mail messages for a single domain:

  1. Go to Domains > domain name > Mail > Preferences.
  2. Select the Use DomainKeys spam protection system to sign outgoing e-mail messages check box.
  3. Click OK.

To switch on signing outgoing e-mail messages for a number of domains at once:

  1. Click Domains.
  2. Select the check boxes to the left of the domain names you need. To select all domains in the list, select the upper left check box in the column heading.
  3. Click Group Operations.
  4. Under Preferences, select the Switch on option next to the Use DomainKeys spam protection system to sign outgoing e-mail messages field.
  5. Click OK.

Now, the following will happen for the selected domains:

  • Private keys are generated and placed in the server’s database.
  • Public keys are generated and placed in the TXT resource records created in the domains’ DNS zones.
  • The sender’s policy advertised in the DNS TXT resource records is set to “all e-mail messages sent from this domain must be cryptographically signed; if someone receives an e-mail message claiming to originate from this domain, which is not signed, then this e-mail must be discarded.”
  • Outgoing e-mail messages are digitally signed: the “DomainKeys-Signature” header containing a signature based on a private key is added to the message headers.

No comments »

Posted in Linux, Plesk

Tags: