1. 1. Go to your home path

cd /home

1. 1. Find your log files

find ./ -type f -size +1k -name "php-mail.log"

After this find operation, you can see your log files. It means, users that have this log file are could be the potential spammer.

1. 1. Tailf your log file.

tailf /home/user/.php/php-mail.log

1. 1. You can see spammer scripts.!!

mail() on [/home/user/domains/domain.com.tr/public_html/modules/mod_users_latest/files.php(1947) : eval()'d code:775]: To: user@hotmail.com -- Headers: Date: Sat, 28 Jan 2017 15:51:47 +0300 From: Flora <user@domain.com.tr> Message-ID: <3f796c9fb6de893f060882897f360bea@domain.com.tr> X-Priority: 3 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="b1_3f796c9fb6de893f060882897f360bea" Content-Transfer-Encoding: 8bit

1. 1. Remove this peace of shit.

rm /home/user/domains/domain.com.tr/public_html/modules/mod_users_latest/files.php

You can easiliy get rid of these spammer scripts using this method. Don’t forget to clear your mail queue after this operation.

The post Finding spammer php script in DirectAdmin appeared first on VeriTeknik.

cd /root
wget ftp://ftp.astron.com/pub/freetds/current/freetds-current.tgz
tar -xvzf freetds-current.tgz
cd freetds-dev.0.92.377
./configure --prefix=/usr/local/freetds
make
make install

Now we should tell Direct Admin’s custom build that we want the MS Sql libraries installed using freetds.Edit the file :/usr/local/directadmin/custombuild/configure/ap2/configure.php5 add

--with-mssql=/usr/local/freetds \

to anywhere in the file. If you’re adding it the to end of the file, don’t add the \ at the end, instead add to the end of the line “before” the last line. Now go to custombuild and build the new PHP.

cd /usr/local/directadmin/custombuild
./build clean
./build php d

Check if MS Sql is intalled.

php -m|grep mssql
mssql

The post Installing MS SQL Module to PHP on DirectAdmin appeared first on VeriTeknik.

The same goes for the PHP-SOAP too. Yet don’t freak out, it’s very simple.

Go to your Direct Admin custom build directory

cd /usr/local/directadmin/custombuild

Now let’s see our custom build configuration files.

./build used_configs

One of the outputs is the PHP configuration file, edit that file,

/usr/local/directadmin/custombuild/configure/suphp/configure.php5

Now append –enable-soap to the end of the file. Don’t forget to add a “\” to the end of the last line.

After this, save the file and exit. Now we’re ready to recompile php.

./build php all

That’s it!

The post PHP-SOAP Installation on DirectAdmin appeared first on VeriTeknik.

This happens with exim especially when moving from one server to another via Directadmin.

To verify this solution, first check your paniclog:

tail /var/log/exim/paniclog

If you get something like this:

2012-06-08 18:53:01 1SczTF-0002Cj-B8 Failed to find user “” from expanded string “${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}” for the domain_filter router

then you probably have an issue with your domainowners file. as you can see, the perl script can’t parse the username, hence the error “unknown user” when receiving email.

The solution is to rebuild the /etc/virtual directory

Get a backup

cd /etc
cp -Rp virtual virtual.backup

Verify its existance

mkdir -p /etc/virtual
chmod 755 /etc/virtual
chown mail:mail /etc/virtual

Create this script and save it somewhere, let’s say /root/fix_virtual.sh

#!/bin/sh

echo -n '' > /etc/virtual/domains
echo -n '' > /etc/virtual/domainowners

mkdir -p /etc/virtual/`hostname`
chown mail:mail /etc/virtual/`hostname`
chmod 711 /etc/virtual/`hostname`
echo `hostname` >> /etc/virtual/domains

for u in `ls /usr/local/directadmin/data/users`; do
{
       for d in `cat /usr/local/directadmin/data/users/$u/domains.list`; do
       {
               echo "$d: $u" >> /etc/virtual/domainowners
               echo "$d" >> /etc/virtual/domains

               DMN=/etc/virtual/$d

               mkdir -p $DMN
               chmod 711 $DMN
               chown mail:mail $DMN

               touch $DMN/aliases
               if [ ! -s $DMN/aliases ]; then
                       echo "$u: $u" > $DMN/aliases
               fi
               touch $DMN/autoresponder.conf
               touch $DMN/filter
               touch $DMN/filter.conf
               touch $DMN/passwd
               touch $DMN/quota
               touch $DMN/vacation.conf
               chown mail:mail $DMN/*

               mkdir -p $DMN/majordomo
               chmod 751 $DMN/majordomo
               chown majordomo:daemon $DMN/majordomo

               mkdir -p $DMN/reply
               chmod 700 $DMN/reply
               chown mail:mail $DMN/reply

               for p in `cat /usr/local/directadmin/data/users/$u/domains/$d.pointers 2>/dev/null`; do
               {
                       echo "$p: $u"  >> /etc/virtual/domainowners
                       echo "$p" >> /etc/virtual/domains
                       ln -s $d /etc/virtual/$p
               };
               done;
       }
       done;
}
done;

chown mail:mail /etc/virtual/domains
chown mail:mail /etc/virtual/domainowners
chmod 644 /etc/virtual/domainowners
chmod 644 /etc/virtual/domains

Make it exacutable and run.

chmod 755 /root/fix_virtual.sh
/root/fix_virtual.sh

Restart exim services

service exim restart

Your problem should be fixed.

The post Directadmin : Problem Receiving Emails – The “Unknown User” Issue appeared first on VeriTeknik.

Update your server as necessary

As its nature, Linux is a multi-developer operating system and you might see an update on any package everyday, an updater like YUM if you don’t change it’s default behavior hosts the most recent stable versions of each package that you install on your server.

Compared to other operating systems, updating Linux is easy as writing a command to terminal, the rest will be automated by YUM. Yum can be extended by independent software repositories like Repoforge. RPMforge is a collaboration of Dag and other packagers. They provide over 5000 packages for CentOS, including wine, vlc, mplayer, xmms-mp3, and other popular media tools. It is not part of Red Hat or CentOS but is designed to work with those distributions.

To install Rpmforge, run;

 rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.rf.src.rpm

If you get an error with the command, check the web site for a recent version. If you are using a control panel like Directadmin you better exclude the packages below from yum as they are maintained by the control panel updater;

exclude=apache* httpd* mod_* mysql* MySQL* da_* *ftp* exim* sendmail* php* bind-chroot*

and the last thing you should do is to type

yum upgrade

We suggest you to run the update at least every once a month.

Disable Telnet

Nowadays, Telnet is mostly given its role to SSH; more secure remote shell client, because Telnet is sending the passwords in readable clear text. Also SSH have many abilities that you can use such as private-keys that you can use to log in to the server without writing down a password. Public key is mostly used when you need root access even you don’t know the root password (root password might be changed by the system administrator or by your client which you install the system for).

Connect to the server and edit /etc/xinetd.d/telnet by typing;

vi /etc/xinetd.d/telnet

if exists disable = no change to disable = yes

save & exit (SHIFT + ZZ)

Restrict Access to applications that can directly connect to the Internet

Even an attacker leak into your server, it is better to give him no chance to download his applications to the server, don’t give run permission to following applications except root user by typing;

chmod 700 /usr/bin/wget
chmod 700 /usr/bin/telnet
chmod 700 /usr/local/bin/lynx
chmod 700 /usr/bin/links
chmod 700 /usr/bin/bcc
chmod 700 /usr/bin/byacc
chmod 700 /usr/bin/cc
chmod 700 /usr/bin/gcc
chmod 700 /usr/bin/perlcc
chmod 700 /usr/bin/yacc
chmod 0700 /usr/bin/curl
chmod 700 /usr/bin/lwp-*
chmod 700 /usr/bin/*ncftp*

Also please note that, if you are taking backups of your domains/dbs to the same server, be aware that a directory created without explicit permission will be readable by all users, to make the directory readable only by root, type;

chmod 600 /backups

Restrict OS level function calling to PHP

In a shared hosting environment, even a customer of yours may try to explore your server. If you don’t have any reason to call the functions below, restrict them;

edit /etc/php.ini (or whereever it is, for directadmin you can check /usr/local/lib/php.ini) and find the line disable_functions and replace with the below line:

disable_functions = apache_get_modules,apache_get_version,apache_getenv,apache_note, apache_setenv,disk_free_space,diskfreespace,dl, highlight_file,ini_alter,ini_restore,openlog,passthru,phpinfo, proc_nice,shell_exec,show_source,symlink,system, exec,popen,escapeshellarg,escapeshellcmd,myshellexec,c99_buff_prepare,c99_sess_ put,fpassthru

 Block executing commands on the /tmp Partition

Several script languages like PHP, holds temporary files like session,upload and cache on the /tmp partition on Linux systems. İf the attacker has an access to this folder then those scripts can be run from this point so with this way, all system files can be reached or accessed by root. To block running of files which are in the /tmp partition, it must not be given run permission while mounting /tmp partition.

To do this process, you have to choose /tmp partition as seperate partition while installaing the system. Enter this command in the command line to check this setting:

df -h # or
mount

Enter this command:

[root@xxx ~]# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00 2.9G  820M  1.9G  30% /
/dev/mapper/VolGroup00-LogVol02 2.9G  288M  2.4G  11% /tmp
/dev/mapper/VolGroup00-LogVol04 7.8G  3.8G  3.7G  51% /var
/dev/mapper/VolGroup00-LogVol05 44G   35G  6.6G  85% /hsphere
/dev/mapper/VolGroup00-LogVol03 4.8G  908M  3.6G  20% /usr
/dev/sda1              99M   36M   58M  39% /boot
tmpfs                 2.0G     0  2.0G   0% /dev/shm

If you can not see a seperate  /tmp partition like in the example, create a new 3 GB /tmp partition by applying steps below. If there is a /tmp partition then follow with the step 2:

Step 1:

cd /dev/
dd if=/dev/zero of=Tmp bs=1024 count=3000000
mkfs -t ext3 /dev/Tmp
cd /
cp -aR  /tmp  /tmp_backup
mount  -o  loop,noexec,nosuid,rw  /dev/Tmp  /tmp
cp -aR /tmp_backup/* /tmp/
chmod 0777 /tmp
chmod +t  /tmp

Add information of the newly created partition into the /etc/fstab in order to make it available after next boot.

/dev/Tmp          /tmp          ext3          loop,rw,nosuid,noexec     0 0

If you already have  /tmp partition, please apply the below steps.

Step 2:

change “defaults” in the line starting with /tmp in /etc/fstab to restrict running applications such as

/dev/VolGroup00/LogVol02 /tmp                    ext3    defaults 1 2

to

/dev/VolGroup00/LogVol02 /tmp                    ext3     rw,nosuid,noexec 1 2

Change defaults region as rw,nosuid,noexec then save and exit. Remount /tmp partition in order to make changes available immediately by typing;

mount -oremount loop,rw,nosuid,noexec /tmp

..

note: Some parts of this document inspired from the documentation of dynamicnet.net

The post Web Hosting Security premier appeared first on VeriTeknik.

less /usr/local/directadmin/scripts/setup.txt

adminpass= you can find admin password here, and if you didn’t change it after installing you should be able to log in to your admin interface

to change admin password by ssh or console, write:

passwd admin

and enter your new password.

The post How to Reset DirectAdmin “admin” Password appeared first on VeriTeknik.

If you didn’t change this password you can find the default one in the setup.txt, use the command below to see the contents of /usr/local/directadmin/scripts/setup.txt:

your password is stored in the line starting with “mysql=”

To see the contents of this file from a terminal, type:

less /usr/local/directadmin/scripts/setup.txt

If you want to access mysql from ssh or console directly without typing password, create a file in /root/ dir called .my.cnf:

touch /root/.my.cnf

and edit this file with the vi editor:

vi /root/.my.cnf

Add the lines below:

[client]
 user=root
 password=XXXXXX

Fill the password with the pass you got from setup.txt, save the file with SHIFT+ZZ or :wq and exit. After this step just write mysql to enter MySQL console directly without password.

[root@test ~]# mysql
 Welcome to the MySQL monitor.  Commands end with ; or \g.
 Your MySQL connection id is 169833
 Server version: 5.0.77-log MySQL Community Edition (GPL)
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql>

..

The post MySQL root password recovery in DirectAdmin appeared first on VeriTeknik.

1. Add an additional IP for the second DNS Server, to do so, click to the “IP Management” link in the “Admin Level”. While adding IP address, pay attention to SUBNET value and be sure to assign the same subnet as the IP address or you network may hang, after adding process is complete, choose 2 IP adresses and click to the “Assign to admin” button.
2. In the second step, Click “user level” link located at the right-top side of the page. Click “Domain Setup” link and click “add new domain”. enter the main site name without www.
3. Switch to reseller level, below the title “Extra Features” click “nameservers” link. Use the IP addresses just added to create the name servers of the default domain. Select both IP addresses and click “Create” button. With this step finished you set-up basic operation of DirectAdmin. Further, you can create your reseller plans and you can edit your main site’s settings through “User Level” menu.
4. You can update your system any time using “yum upgrade -y” via ssh or terminal and your control panel through a terminal using “custombuild”
5. http://www.directadmin.com/forum/ includes various information about your control panel.

Security & performance Guidelines

1. Change SSHD port to something you know or only allow certain IP addresses to access SSH
2. edit php.ini and set your date.timezone, restrict calling of system functions
3. Optimize MySQL by setting /etc/my.cnf

The post Step III: DirectAdmin post installation tasks appeared first on VeriTeknik.

You must download the setup file from DirectAdmin site:

Download DirectAdmin setup file & run:

mkdir /root/DA
cd /root/DA
wget http://www.directadmin.com/setup.sh
sh setup.sh

Steps to follow:

DirectAdmin setup will ask you your account number & your license number, if you mistype accidentally just press CTRL+C to quit and restart setup. You need to wait ten seconds after restarting setup.

After that step the setup will ask you your domain name (hostname) bare in mind that wirte your hostname as subdomain + domain + tld as we offer the subdomain part should better be “mail”. Such that your domain name is myserver.com then write your hostname as “mail.myserver.com”, this way your mail server inside DirectAdmin should work better.

After that step, follow the directives, (we offer apache 2, php5 installation and “yes” to all questions) and finish the installation. Always consider selecting the second option,

You should better restart the server but restarting DirectAdmin is enough with the command:

service directadmin restart

After the installation you can enter to your admin site by typing http://SERVERIP:2222 to your favorite browser. Don’t panic if some of the services is not responding after setup, this is because you need to make some DNS configurations and you need to enter your master domain name to the control panel(cp).

DirectAdmin setup creates a log file called setup.txt where all your passwords for your server is present:

less /usr/local/directadmin/scripts/setup.txt

Go to Step three for making post installation tasks.

The post Step II: DirectAdmin Setup appeared first on VeriTeknik.

• Easy to install, can be installed on a VPS or VDS also
• Less overhead, minimal code
• Easy to maintain & upgrade
• Easy to modify wtihout breking the continuity
• Huge fans and great forum that you can find your solutions

Operating System Setup (RedHat Enterprise Linux, CentOS or CloudLinux is recomended)

In order to make your system more secure to attacks, trojans and backdoors you should make a seprate partition for /tmp and restrict execute rights for all users. size between 4 to 6 GB is enough for the /tmp partition. Follow our directives on howto make tmp partition more secure in Linux Security Documents and disable execute permissions in /etc/fstab.

For more secure installation do not blindly install default packages or any Desktop environment. You should remove all selected groups and belonging packages from the installation, be aware that CentOS could be installed with the first CD, if the setup asks for additional CDs, you most probably forgot to uncheck some packages. With this method you should only need the first CD of CentOS distro.

We recommend using YUM as an updater/package installer for Linux.

Close firewall with CHKCONFIG

You might enable it after installing DirectAdmin or you should better install csf

chkconfig  iptables off
chkconfig ip6tables off

service iptables stop
service ip6tables stop

Disable SELINUX

SELINUX is enabled default in LINUX and if you don’t disable or modify you cannot access some of the services from the outside such as httpd (apache). Open the config file with the following command:

sed -i ‘s/SELINUX=.*/SELINUX=disabled/’ /etc/sysconfig/selinux
/usr/sbin/setenforce 0

 Install Prerequisities & Updates:

DirectAdmin requires some additional packages before entering the setup. Use YUM to upgrade your system:

yum upgrade -y

Install additional packages required by DirectAdmin:

CentOS 5.x #yum install gcc gcc-c++ make vixie-cron flex wget quota perl gd
CentOS 6.x #yum install gcc gcc-c++ flex bison make bind bind-libs bind-utils openssl openssl-devel perl quota libaio libcom_err-devel libcurl-dev which bc wget gd

If you get a conflict error with perl, perl was already installed before, please remove it from the above code and re-try.

Set hostname to “mail.yourservername.tld” before starting setup, using mail. saves you from confusions & mail transmission problems:

hostname mail.yourserver.tld

Go to step two: DirectAdmin Setup

The post Things you should know before installing DirectAdmin appeared first on VeriTeknik.