cPanel Account transfer

cPanel Account transfer

You should able to transfer accounts from your old server to this via WHM as follows. To work this properly you should able to SSH from this sever to the old server without any issue.

WHM login >> Main >> Transfers >> Copy multiple accounts/packages from another server

Here you need to provide the old server IP, SSH port, and root password.

If the above method fails you can transfer accounts manually as follows.

1. Take backup of the accounts using the following script:    ( in source server)

# /scripts/pkgacct <account username>

This will create a backup file under /home with name cpmove-<username>.tar.gz

2. Copy(use scp) this file into the target server: (say 99..99.99.99)

# scp cpmove-<username>.tar.gz root@99..99.99.99:/home

3. Restore accounts using the following script:

# /scripts/restorepkg <account username

Published in: on January 20, 2011 at 6:59 pm  Comments Off on cPanel Account transfer  

Database Useful links

Published in: on January 5, 2011 at 7:45 pm  Comments Off on Database Useful links  

Prevent and Stop DoS or DDoS Attacks on Web Server (D)DOS-Deflate

All web servers been connected to the Internet subjected to DoS (Denial of Service) or DDoS (Distrubuted Denial of Service) attacks in some kind or another, where hackers or attackers launch large amount connections consistently and persistently to the server, and in advanced stage, distributed from multiple IP addresses or sources, in the hope to bring down the server or use up all network bandwidth and system resources to deny web pages serving or website not responding to legitimate visitors.

There are plenty of ways to prevent, stop, fight and kill off DDoS attack, such as using firewall. A low cost, and probably free method is by using software based firewall or filtering service. (D)DoS-Deflate is a free open source

Unix/Linux script by MediaLayer that automatically mitigate (D)DoS attacks. It claims to be the best, free, open source solution

to protect servers against some of the most excruciating DDoS attacks.

(D)DoS-Deflate script basically monitors and tracks the IP addresses are sending and establishing large amount of TCP network connections such as mass emailing, DoS pings, HTTP requests) by using “netstat” command, which is the symptom of a denial of service attack. When it detects number of connections from a single node that exceeds certain preset limit, the script will automatically uses APF or IPTABLES to ban and block the IPs. Depending on the configuration, the banned IP addresses would be unbanned using APF or IPTABLES (only works on APF v 0.96 or better).

Installation and setup of (D)DOS-Deflate on the server is extremely easy. Simply login as root by open SSH secure shell access to the server, and run the the following commands one by one:

chmod 0700

To uninstall the (D)DOS-Deflate, run the following commands one by one instead:

chmod 0700 uninstall.ddos

The configuration file for (D)DOS-Deflate is ddos.conf, and by default it will have the following values:


Users can change any of these settings to suit the different need or usage pattern of different servers. It’s also possible to whitelist and permanently unblock (never ban) IP addresses by listing them in /usr/local/ddos/ignore.ip.list file. If you plan to execute and run the script interactively, users can set KILL=0 so that any bad IPs detected are not banned.

Published in: on January 5, 2011 at 2:07 pm  Comments Off on Prevent and Stop DoS or DDoS Attacks on Web Server (D)DOS-Deflate  

Prevent HTTP DoS or DDoS (Denial of Service) attack or brute force attack at the web server

mod_evasive, formerly known as mod_dosevasive is a Apache module that provides evasive maneuvers action in the event of an HTTP DoS or DDoS (Denial of Service) attack or brute force attack at the web server. When possible attacks are detected, mod_evasive will block the traffic from the source for a specific duration of time, while reports abuses via email and syslog facilities. Or administrators can configure mod_evasive to talk to iptables, ipchains, firewalls, routers, and etc. to build a comprehensive DDOS prevention system for the high traffic busy web server.

Although mod_evasive is not a foolproof and complete DOS prevention system, but installing mod_evasive module for Apache will likely to reduce and stop certain DDOS attacks, minimizing the risks of web hosts and web sites been completely brought down inaccessible by malicious denial of service attack attempts.

How to Install mod_evasive

  1. Login to web server via SSH.
  2. For Apache 2.0.x, execute the following command:up2date -i httpd-devel
  3. Continue with the following commands one by one for all version of Apache HTTPD server. wget command will download the current stable version 1.10.1 source /usr/local/src
    tar -zxvf mod_evasive_1.10.1.tar.gz
    cd mod_evasive
  4. For Apache 2.0.x , execute the following command:/usr/sbin/apxs -cia mod_evasive20.c

    Else, for Apache 1.3.x,

    /usr/local/apache/bin/apxs -cia mod_evasive.c

    Above commands will compile mod_evasive to .so and subsequently add corrensponding AddModule and LoadModule lines into httpd.conf.

  5. mod_evasive comes with default configuration value preset, however, if webmasters want to configure and set the value themselves, the following parameters have to be added into httpd.conf Apache configuration file below the AddModule section.For Apache 2.0.x, add the following text to httpd.conf below AddModule section:

    <IfModule mod_evasive20.c>
    DOSHashTableSize 3097
    DOSPageCount 5
    DOSSiteCount 100
    DOSPageInterval 1
    DOSSiteInterval 1
    DOSBlockingPeriod 600

    For apache 1.3.x, add the following text to httpd.conf below AddModule section:

    <IfModule mod_evasive.c>
    DOSHashTableSize 3097
    DOSPageCount 5
    DOSSiteCount 100
    DOSPageInterval 1
    DOSSiteInterval 1
    DOSBlockingPeriod 600

    Save and exit the httpd.conf Apache configuration file.

  6. Restart the Apache server with the following command:/etc/init.d/httpd restart

Note: If apxs is not found, it can be installed via “yum install httpd-devel” command.

Installation is completed. Note that mod_evasive has known issues with FrontPage Server Extensions. Administrator can configure the variables such as enlarging the DOSHashTableSize especially for busy server. But note that whenever when a sournce of attack is blocked, the blocking duration is automatically extended whenever the source attempts to connect again, thus the DOSBlockingPeriod needs not to be too long. Beside, the blocking is based on each sessions of Apache child process, thus the blocking has the lifespan of that particular session only. If webmaster set the maximum clients per process to a very low value, the blocking may not be very effective. All definitions of mod_evasive directives can be found on README file comes with the source codes.

Other than above common configuration parameters, mod_evasive also supports the following three advanced directives:

DOSSystemCommand “su – someuser -c ‘/sbin/… %s …’”
DOSLogDir “/var/lock/mod_evasive”

The DOSEmailNotify is particular useful, where you can set mod_evasive to send a notification email whenever a possible DOS attack is detected and blocked. For example, “DOSEmailNotify root” will send the email to root user. But note that mailer configuration (by default is “/bin/mail -t %s”) in mod_evasive.c or mod_evasive20.c is correct. You can create a symbolic link if needed to or modify the source code file.

Published in: on January 5, 2011 at 2:03 pm  Comments Off on Prevent HTTP DoS or DDoS (Denial of Service) attack or brute force attack at the web server  

Linux Tuning Parameters

  • Using all the resources available to you?
  • Many default settings in Linux suck
  • Font server for X Windows is running as a daemon by default, but do you need it?
  • Check out these tunings that can give you lots of computing juice…

Kernel Network Disk I/O Others



To successfully run enterprise applications, such as a database server, on your Linux distribution, you may be required to update some of the default kernel parameter settings. For example, the 2.4.x series kernel message queue parameter msgmni has a default value (for example, shared memory, or shmmax is only 33,554,432 bytes on Red Hat Linux by default) that allows only a limited number of simultaneous connections to a database.  Here are some recommended values (by the IBM DB2 Support Web site) for database servers to run optimally:

- kernel.shmmax=268435456 for 32-bit
- kernel.shmmax=1073741824 for 64-bit
- kernel.msgmni=1024
- fs.file-max=8192
- kernel.sem="250 32000 32 1024"

Shared Memory

To view current settings, run command:
# more /proc/sys/kernel/shmmax
To set it to a new value for this running session, which takes effect immediately, run command:
# echo 268435456 > /proc/sys/kernel/shmmax
To set it to a new value permanently (so it survives reboots), modify the sysctl.conf file:
kernel.shmmax = 268435456


To view current settings, run command:
# more /proc/sys/kernel/sem 
250 32000 32 1024
To set it to a new value for this running session, which takes effect immediately, run command:
# echo 500 512000 64 2048 > /proc/sys/kernel/sem
Parameters meaning:
SEMMSL - semaphores per ID
SEMMNS - (SEMMNI*SEMMSL) max semaphores in system
SEMOPM - max operations per semop call
SEMMNI - max semaphore identifiers


To view current settings, run command:
# ulimit -a
To set it to a new value for this running session, which takes effect immediately, run command:
# ulimit -n 8800
# ulimit -n -1 // for unlimited; recommended if server isn't shared

Alternatively, if you want the changes to survive reboot, do the following:

- Exit all shell sessions for the user you want to change limits on.
- As root, edit the file /etc/security/limits.conf and add these two lines toward the end:
	user1        soft    nofile          16000
	user1        hard    nofile          20000
  ** the two lines above changes the max number of file handles - nofile - to new settings.
- Save the file.
- Login as the user1 again. The new changes will be in effect.

Message queues

To view current settings, run command:
# more /proc/sys/kernel/msgmni
# more /proc/sys/kernel/msgmax
To set it to a new value for this running session, which takes effect immediately, run command:
# echo 2048 > /proc/sys/kernel/msgmni
# echo 64000 > /proc/sys/kernel/msgmax



Gigabit-based network interfaces have many performance-related parameters inside of their device driver such as CPU affinity.  Also, the TCP protocol can be tuned to increase network throughput for connection-hungry applications.

Tune TCP

To view current TCP settings, run command:
# sysctl net.ipv4.tcp_keepalive_time
net.ipv4.tcp_keepalive_time = 7200 // 2 hours
where net.ipv4.tcp_keepalive_time is a TCP tuning parameter.
To set a TCP parameter to a value, run command:
# sysctl -w net.ipv4.tcp_keepalive_time=1800
A list of recommended TCP parameters, values, and their meanings:
Tuning Parameter 	Tuning Value 			Description of impact 
net.ipv4.tcp_tw_recycle 	1 			Reuse sockets in the time-wait state 
net.core.wmem_max 		8388608 		Increase the maximum write buffer queue size 
net.core.rmem_max 		8388608 		Increase the maximum read buffer queue size 
net.ipv4.tcp_rmem 		4096 87380 8388608 	Set the minimum, initial, and maximum sizes for the 
							read buffer. Note that this maximum should be less 
							than or equal to the value set in net.core.rmem_max. 
net.ipv4.tcp_wmem 		4096 87380 8388608 	Set the minimum, initial, and maximum sizes for the 
							write buffer. Note that this maximum should be less 
							than or equal to the value set in net.core.wmem_max. 
timeout_timewait 		echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout Determines the time that must elapse before 
							TCP/IP can release a closed connection and reuse its resources. 
							This interval between closure and release is known as the TIME_WAIT 
							state or twice the maximum segment lifetime (2MSL) state. 
							During this time, reopening the connection to the client and 
							server cost less than establishing a new connection. By reducing the 
							value of this entry, TCP/IP can release closed connections faster, providing 
							more resources for new connections. Adjust this parameter if the running application 
							requires rapid release, the creation of new connections, and a low throughput 
							due to many connections sitting in the TIME_WAIT state.


Disk I/O

Choose the Right File System

Use ‘ext3’ file system in Linux.
– It is enhanced version of ext2
– With journaling capability – high level of data integrity (in event of unclean shutdown)
– It does not need to check disks on unclean shutdown and reboot (time consuming)
– Faster write – ext3 journaling optimizes hard drive head motion

# mke2fs -j -b 2048 -i 4096 /dev/sda
mke2fs 1.32 (09-Nov-2002)
/dev/sda is entire device, not just one partition!
Proceed anyway? (y,n) y
Filesystem label=
OS type: Linux
Block size=2048 (log=1)
Fragment size=2048 (log=1)
13107200 inodes, 26214400 blocks
1310720 blocks (5.00%) reserved for the super user
First data block=0
1600 block groups
16384 blocks per group, 16384 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
        16384, 49152, 81920, 114688, 147456, 409600, 442368, 802816, 1327104,
        2048000, 3981312, 5619712, 10240000, 11943936

Writing inode tables: done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 28 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.

Use ‘noatime’ File System Mount Option

Use ‘noatime’ option in the file system boot-up configuration file ‘fstab’.  Edit the fstab file under /etc.  This option works the best if external storage is used, for example, SAN:

# more /etc/fstab
LABEL=/                 /                       ext3    defaults        1 1
none                    /dev/pts                devpts  gid=5,mode=620  0 0
none                    /proc                   proc    defaults        0 0
none                    /dev/shm                tmpfs   defaults        0 0
/dev/sdc2               swap                    swap    defaults        0 0
/dev/cdrom              /mnt/cdrom              udf,iso9660 noauto,owner,kudzu,ro 0 0
/dev/fd0                /mnt/floppy             auto    noauto,owner,kudzu 0 0
/dev/sda                /database               ext3    defaults,noatime 1 2
/dev/sdb                /logs                   ext3    defaults,noatime 1 2
/dev/sdc                /multimediafiles        ext3    defaults,noatime 1 2

Tune the Elevator Algorithm in Linux Kernel for Disk I/O

After choosing the file system, there are several kernel and mounting options that can affect it. One such kernel setting is the elevator algorithm. Tuning the elevator algorithm helps the system balance the need for low latency with the need to collect enough data to efficiently organize batches of read and write requests to the disk. The elevator algorithm can be adjusted with the following command:

# elvtune -r 1024 -w 2048 /dev/sda
/dev/sda elevator ID 2 
read_latency: 1024 
write_latency: 2048 
max_bomb_segments: 6
The parameters are: read latency (-r), write latency (-w) and the device affected. 
Red Hat recommends using a read latency half the size of the write latency (as shown). 
As usual, to make this setting permanent, add the 'elvtune' command to the 
/etc/rc.d/rc.local script.



Disable Unnecessary Daemons (They Take up Memory and CPU)

There are daemons (background services) running on every server that are probably not needed. Disabling these daemons frees memory, decreases startup time, and decreases the number of processes that the CPU has to handle. A side benefit to this is increased security of the server because fewer daemons mean fewer exploitable processes.

Some example Linux daemons running by default (and should be disabled).  Use command:
#/sbin/chkconfig --levels 2345 sendmail off 
#/sbin/chkconfig sendmail off
Daemon Description
apmd Advanced power management daemon
autofs Automatically mounts file systems on demand (i.e.: mounts a CD-ROM automatically)
cups Common UNIX� Printing System
hpoj HP OfficeJet support
isdn ISDN modem support
netfs Used in support of exporting NFS shares
nfslock Used for file locking with NFS
pcmcia PCMCIA support on a server
rhnsd Red Hat Network update service for checking for updates and security errata
sendmail Mail Transport Agent
xfs Font server for X Windows

Shutdown GUI

Normally, there is no need for a GUI on a Linux server. All administration tasks can be achieved by the command line, redirecting the X display or through a Web browser interface.  Modify the ‘inittab’ file to set boot level as 3:

To set the initial runlevel (3 instead of 5) of a machine at boot, 
modify the /etc/inittab file as shown:

Published in: on January 5, 2011 at 12:52 pm  Comments Off on Linux Tuning Parameters  

Installing Free mod_GeoIP for Apache 2.x / Cpanel / CentOS


Posted on : 09-09-2010 | By : admin | In : Web Server



Installing Free mod_GeoIP for Apache 2.x / Cpanel / CentOS


Mod_GeoIP looks up the IP address of the client end user. If you need to input the IP address instead of simply using the client IP address. For the country database, mod_geoip sets two environment variables, GEOIP_COUNTRY_CODE and GEOIP_COUNTRY_NAME. For other databases, see the README file included with the mod_geoip API.

Installing mod_geoip on cpanel

The easyway of installing mod_geoip is by using the cpanel’s Easyapache custom modules installation method:
Download mod_geoip

Use the Easyapache in the WHM and on the list of modules under apache you will see the mod_Geoip listed there, recompile apache by selecting the modules. After finishing the recompile follow the configuration part below to configure the settings.

Installing mod_geoip on centos and fedora :


Installation of mod_geoip module requires two rpm (GeoIP which holds the ip database and mod_geoip for apache), i guess you have already installed httpd 2.x version sucessfully in your server.

The rpm installation will include and configure the mod_geoip modules on apache. You will then find the GeoIP database (GeoIP.dat) in the /usr/share/GeoIP directory. YOu can get the latest ip db from and upload the new database inside the /usr/share/GeoIP/ .

To make sure the mod_geoip is working properly, create the following php file in the default html doc root and try access it in your web browser, for example :

file name : geotest.php

  • <?php
  • print_r($_SERVER);
  • ?>


And you should be able to see a list of geoip stats about your location and isp. Follow the instruction on the official site to configure the country based block/allow.

External links :

Mod_GeoIP official website :

Installing Mod_Geoip on Freebsd/lighttpd :

Published in: on January 5, 2011 at 12:32 pm  Comments Off on Installing Free mod_GeoIP for Apache 2.x / Cpanel / CentOS  

C-Panel Security Settings



Server Configuration -> Tweak Settings -> PHP -> PHP max execution time = 120

Server Configuration -> Tweak Settings -> PHP -> cPanel PHP Register Globals = On

cPanel -> Manage Plugins -> modsecurity -> click on ‘save’ to install the module.

Server Configuration -> Tweak Settings -> Redirection -> Always redirect users to the ssl/tls ports when visiting /cpanel, /webmail, etc. -> Enable

Server Configuration -> Tweak Settings -> Only permit cpanel/whm/webmail to execute functions = Enable

Security -> Security Center -> PHP open_basedir Tweak -> Enable php open_basedir Protection = Enable

Security -> Security Center -> Tweak mod_userdir Security -> mod_userdir Protection -> Enable mod_userdir Protection = Enable


cPanel -> Manage Plugins -> spamdconf -> click on ‘save’ to install the module.

Server Configuration -> Tweak Settings -> Mail -> Default catch-all/default address – > Fail

Server Configuration -> Tweak Settings -> Mail -> The maximum each domain can send out per hour (0 is unlimited) = 600

Server Configuration -> Tweak Settings -> Mail -> Prevent the user “nobody” from sending out mail to remote addresses = Enable

Service Configuration -> Exim Configuration Editor -> SpamAssassinTM: Reject mail with a spam score is greater then 17.5 at SMTP time = Enable

Service Configuration -> Exim Configuration Editor -> Attempt to block dictionary attacks = Enable

Service Configuration -> Exim Configuration Editor -> Blacklist: SPF Checking = Enable

Service Configuration -> Exim Configuration Editor -> Blacklist: Drop connections from defined IP Blocks upon SMTP connection = Enable

Service Configuration -> Exim Configuration Editor -> Attachments: Filter dangerous attachments = Enable

Service Configuration -> Exim Configuration Editor -> Sender Verification Callouts = Enable

Service Configuration -> Exim Configuration Editor -> Sender Verification = Enable

Service Configuration -> Exim Configuration Editor -> RBL: = Enable

Service Configuration -> Exim Configuration Editor -> RBL: = Enable

Service Configuration -> Exim Configuration Editor -> SpamAssassinTM: Enable for all users without the option for users to shut off per account = On

Service Configuration -> Exim Configuration Editor -> SpamAssassinTM: Maximum size a message can be before it will not be scanned by SpamAssassin = On


1. ssh to your server as root.

2. Wget and run the script as :

sh named.patch

3. It will provide you with an output like :

allow-recursion {;;;

4. Copy and paste this code in the Options section of your named.conf. Something like :

options {
options {
directory “/var/named”;
allow-recursion {;;
…. ….
…. ….

5. Save named.conf and restart the named service. All all zones to load and check dns report now.


Security -> Security Center -> Tweak Compilers -> Disable Compilers

Security -> Security Center -> SMTP Tweak -> Enable

Security -> Security Center -> Shell Fork Bomb Protection -> Enable

Tags : cpanel security , opendns , open dns , how to seccure cpanel , whm security

Published in: on January 4, 2011 at 12:10 pm  Comments Off on C-Panel Security Settings  

cPanel useful scripts

cPanel useful scripts

Some of the important scripts function of cPanel at /scripts:

To create new email account use
# ./addpop
And follow the steps

# ./checkbadconf
Checks /usr/local/apache/conf/httpd.conf for bad users.

# ./fixcommonproblems
– Attempt to fix the most common problems.

# ./fixeverything
– Fix common problems and quotas.

# ./fixmysql
– Fixes problems with mySQL.

Nameserver, DNS related scripts to troubleshoot:

# ./fixnamed – Updates bind to handle many DNS zones (more than 512).
# ./fixrndc

securetmp – Adds securetmp to system startup.


listsubdomains – List subdomains.
park – Parks a domain.

checkfpkey – Checks for the FrontPage suid key
setupfp5 – Install FrontPage 5 (2002) installer on an account.
updatefrontpage – Updates FrontPage
fixfrontpageperm – Fix the frontpage permission issues


checkgd – Checks to see if GD is built.
cleangd – Cleans up old GD installs and reinstalls GD
installgd – Builds GD.


installzendopt – Install zend optimzer.




fixperl – Symlink /usr/local/bin/perl /usr/bin/perl.
fixperlscript – Makes sure a perlscript includes all corresponding modules.
fixsuexeccgiscripts – Fix CGI scripts that are broken after suexec


fixpop – Fix a POP account and reset password.
fixspamassassinfailedupdate – Reinstalls a failed spamassassin update.
listcheck – Checks mailing lists for issues.
mailperm – Fix almost any mail permission problem.
mailscannerupdate – Updates MailScanner
mailtroubleshoot – Guided mail fix.
patcheximconf – Fixes exim.conf
reseteximtodefaults – Resets exim’s default settings.
resetimappasswds – Resets all imap passwords.

fixquotas – Fix quotas.

ftpquaotacheck – Runs quota checking for all ftp users.

fixwebalizer – Repair a Webalizer that has stopped updating.


runstatsonce – Runs statistics (should be used from the crontab).
runweblogs – Run analog/webalizer/etc. for a user.


gencrt – Generate a .crt and .csr file.


installpostgres – Installs PostrgeSQL.
mysqladduserdb – Create a MySQL databse and user.
mysqlconnectioncheck – Attempts to connect to MySQL, restarts SQL if necessary.
mysqldeluserdb – Delete a MySQL databse and user.
mysqlpasswd – Change MySQL password.
mysqlrpmpingtest – Checks your connection speed for downloading

Service restart:

restartsrv – Restart a service.
restartsrv_apache – Restart apache.
restartsrv_bind – Restart bind.
restartsrv_clamd – Restart clamd.
restartsrv_courier – Restart courier imap.
restartsrv_cppop – Restart cppop.
restartsrv_entropychat – Restart entropy chat.
restartsrv_exim – Restart exim.
restartsrv_eximstats – Restart exim statistics.
restartsrv_ftpserver – Restart your ftp server.
restartsrv_ftpserver~ – (INTERNAL)
restartsrv_httpd – Restart httpd.
restartsrv_imap – Restart impad.
restartsrv_inetd – Restart inetd.
restartsrv_interchange – Restart Interchange Shopping Cart.
restartsrv_melange – Restart melange chat.
restartsrv_mysql – Restart mysqld.
restartsrv_named – Restart named.
restartsrv_postgres – Restart postgresql.
restartsrv_postgresql – Restart postgresql.
restartsrv_proftpd – Restart proftpd.
restartsrv_pureftpd – Restart pure-ftpd.
restartsrv_spamd – Restart spamd.
restartsrv_sshd – Restart sshd.
restartsrv_syslogd – Restart syslogd.
restartsrv_tomcat – Restart tomcat.
restartsrv_xinetd – Restart xinetd.

To upgrade the cPanel(WHM) kindly use the script:

# ./upcp –force


Published in: on January 3, 2011 at 6:01 pm  Comments Off on cPanel useful scripts