Category: Uncategorized

How to stop all services on a cpanel server

To stop all services on a cPanel server, you can follow commands in the command line interface.

systemctl stop tailwatchd.service
systemctl stop dnsadmin.service
systemctl stop sw-engine.service
systemctl stop dovecot
systemctl stop exim
systemctl stop named
systemctl stop pure-ftpd
systemctl stop cpdavd
systemctl stop cpanel
systemctl stop spamd
systemctl stop jetmongod.service
systemctl stop cphulkd.service
systemctl stop mysqld.service
systemctl stop cpanel_php_fpm.service
systemctl stop ea-php83-php-fpm.service
systemctl stop ea-php82-php-fpm.service
systemctl stop ea-php80-php-fpm.service
systemctl stop ea-php74-php-fpm.service
systemctl stop ea-php73-php-fpm.service
systemctl stop crond
systemctl stop chronyd.service
systemctl stop cpanellogd.service
systemctl stop wp-toolkit-background-tasks.service
systemctl stop wp-toolkit-scheduled-tasks.service
systemctl stop rngd.service

Back to Cpanel Server

November 13, 2024

Upgrade MariaDB 10.3 to 10.5 on Ubuntu 20.04

Before upgrading, take a backup all databases.

mysqldump  --routines --triggers --all-databases | gzip -9 > "$(date +%F-%H%m%S)"-mysql-backup.sql.gz

run these commands

sudo apt-get install apt-transport-https curl
sudo mkdir -p /etc/apt/keyrings
sudo curl -o /etc/apt/keyrings/mariadb-keyring.pgp 'https://mariadb.org/mariadb_release_signing_key.pgp'

Create file

vi /etc/apt/sources.list.d/mariadb.sources

and add the following content. If you need repo config for another version of MariaDB or download server from another country, you can do so at

https://mariadb.org/download/?t=repo-config&d=20.04+%22focal%22&v=10.5&r_m=rackspace

# MariaDB 10.5 repository list - created 2024-10-10 04:35 UTC
# https://mariadb.org/download/
X-Repolib-Name: MariaDB
Types: deb
# deb.mariadb.org is a dynamic mirror if your preferred mirror goes offline. See https://mariadb.org/mirrorbits/ for details.
# URIs: https://deb.mariadb.org/10.5/ubuntu
URIs: https://mirror.rackspace.com/mariadb/repo/10.5/ubuntu
Suites: focal
Components: main main/debug
Signed-By: /etc/apt/keyrings/mariadb-keyring.pgp

To update MariaDB to version 10.5, run

sudo apt-get update
sudo apt-get install mariadb-server

Back to MySQL

October 10, 2024

How to extract wpress file
The .wpress file format is generated by the “All-in-One WP Migration” plugin, which is widely used for migrating WordPress sites.

If you cannot restore a “wpress” file for any reason, you can manually extract the file and restore it manually.

To extract, we will use wpress-extract package available at

https://github.com/ofhouse/wpress-extract

To use it, you need node.js installed on your computer.

To extract a .wpress file, run
```
npx wpress-extract your-site.wpress
```
Once extracted, you will get the content of the “wp-content” directory and MySQL backup file. To manually restore, do a fresh WordPress installation, and replace “wp-content” folder with the extracted files.

Before restoring the database, you need to correct the table prefix. Open the database backup SQL file in a text editor and replace the table prefix with the string you need.

Delete existing database tables, restore the new SQL file, and update wp-config.php as needed, you may need to update the table prefix in wp-config.php

Back to WordPress
August 25, 2024
How to change pure-ftpd port
pure-ftpd by default listens on port 21. We will change the FTP port from 21 to some other port. This instruction work for RHEL, CentOS, AlmaLinux, Oracle Linux, and RockeyLinux.

To change FTP port to some other port, edit file
```
vi /etc/pure-ftpd/pure-ftpd.conf
```
Find
```
# Bind                         127.0.0.1,21
```
Add below
```
Bind                        FTP_PORT_HERE
```
Example
```
[root@backendz ~]# cat /etc/pure-ftpd/pure-ftpd.conf  | grep -i bind
# Bind                         127.0.0.1,21
Bind                        2121 
[root@backendz ~]# 
```
This will change FTP port to 2121.

Restart pure-ftpd with command.
```
systemctl start pure-ftpd
```
October 17, 2021

MySQL see all charsets

To see all charsets available on your MySQL installation, run the command

select * from information_schema.character_sets;

maxlen column specifies how many bytes are required to store one character.

MariaDB [(none)]> select maxlen, character_set_name from information_schema.character_sets where character_set_name in('latin1', 'utf8', 'utf8mb4'); 
+--------+--------------------+
| maxlen | character_set_name |
+--------+--------------------+
|      1 | latin1             |
|      3 | utf8               |
|      4 | utf8mb4            |
+--------+--------------------+
3 rows in set (0.000 sec)

MariaDB [(none)]>

latin1 charset uses 1 byte to store a character. uff8mb4 uses 4 bytes to store a character.

See MySQL

August 12, 2021

WordPress HyperDB
HyperDB is a WordPress plugin that allows you to use multiple MySQL database servers with large MySQL installations. It is used to WordPress.com to distribute MySQL server load amount multiple MYSQL database servers hosted in different data centers.

HyperDB supports
- Read and write servers (replication)
- Configurable priority for reading and writing
- Local and remote datacenters
- Private and public networks
- Different tables on different databases/hosts
- Smart post-write master reads
- Failover for downed host
- Advanced statistics for profiling
- WordPress Multisite
You can find more about the HyperDB plugin at

https://wordpress.org/plugins/hyperdb/

How it works

HyperDB replaces WordPress wpdb class so it can read from multiple MySQL database servers.

On a default WordPress installation, when a website grows, you need to upgrade the server to a more powerful server, but there is a limit on this as at some point upgrading server becomes costly. What you can do is move MySQL into its own dedicate server. For larger WordPress sites, a single dedicated MySQL server is not enough. In such a case, you can set up MySQL replication. When you set up MySQL replication with read-only nodes, you can only write to “main” MySQL server, all Database reads can be distributed across multiple MySQL read-only replicas. HyperDB checks each MySQL query, detect if it is a read or write/update query. If read, it is sent to one of the read-only MySQL replica servers.

See WordPress
July 8, 2021
Warning: Use of undefined constant OAUTH_REQENGINE_CURL
On an Ubuntu server (Ubuntu 20.04.2 LTS) when running a PHP script, I get the following error.
```
Warning: Use of undefined constant OAUTH_REQENGINE_CURL - assumed 'OAUTH_REQENGINE_CURL' (this will throw an Error in a future version of PHP
```
On checking phpinfo, I get
```
Request engine support	php_streams
```
curl is missing in “Request engine support”.

This is because the default php-oauth package does not support curl. To fix, uninstall php-oauth and install oauth package using pecl.

Uninstall pcel
```
apt install php-oauth -y
```
install curl dev package
```
apt install libcurl4-gnutls-dev
ln -s /usr/include/x86_64-linux-gnu/curl /usr/include/curl
```
Install PHP PECL
```
apt install php-pear
```
Install oAuth
```
pecl install oauth
```
Edit php.ini file
```
vi /etc/php/7.4/cli/php.ini
```
Add at end of the file
```
extension=oauth.so
```
You need to do the same for Apache and php-fpm php.ini files located at
```
/etc/php/7.4/apache2/php.ini
/etc/php/7.4/fpm/php.ini
```
7.4 is for PHP version 7.4. Change this to whatever PHP version you have on your server. After making the change, phpinfo() page shows curl

See php
June 26, 2021
SaaS

https://www.paddle.com – Payment processing for SaaS.

June 21, 2021

Enable SSL in Haproxy Docker Container

I have a haproxy container running on port 80. This container is started with command

docker run -d -p 80:80 --name haproxy1 -v /home/ubuntu/haproxy:/usr/local/etc/haproxy:ro haproxy:1.7

This haproxy used following configuration file /home/ubuntu/haproxy/haproxy.cfg

global

defaults

frontend sok-front-end
    bind *:80
    mode http
    default_backend sok-front-end

backend sok-front-end
    mode http
    balance roundrobin
    server srv3 172.17.0.2:8000

To make this haproxy work with SSL, first create a ssl.pem file with your SSL certificate contents in following order

1) Your Private Key
2) Your SSL CRT
4) CA-BUNDLE

copy and paste all those certs into ssl.pem file inside /home/ubuntu/haproxy/ssl.pem

Now modify your /home/ubuntu/haproxy/haproxy.cfg file as follows

global

defaults

frontend sok-front-end
    bind *:80
    bind :::443 ssl crt /usr/local/etc/haproxy/ssl.pem
    acl https ssl_fc
    http-request set-header X-Forwarded-Proto http  if !https
    http-request set-header X-Forwarded-Proto https if https
    mode http
    default_backend sok-front-end

backend sok-front-end
    mode http
    balance roundrobin
    server srv3 172.17.0.2:8000

Now we need to stop current docker container as it only allow port 80 to be shared.

docker container stop haproxy1

Lets create a new haproxy container with port 443 forwaded.

docker run -d -p 80:80 -p 443:443 --name haproxy2 -v /home/ubuntu/haproxy:/usr/local/etc/haproxy:ro haproxy:1.7

See Haproxy

June 27, 2020

PHP script to monitor exim mail queue
When you run exim mail server, it is good to keep an eye on number of emails in mail queue. here is a PHP script that will check number of emails in queue, if it exceed pre-set number, it will email you.

Create file
```
mkdir /usr/serverok/
vi /usr/serverok/mail_q_monitor.php
```
Add following content.
```
 $alertOn) {
    $hostname = exec('/bin/hostname');
    $subject = 'Mail queue alert on ' . $hostname;
    $mail_text = 'Mail queue on server ' . $hostname . ' have ' . $num_mails . ' mails';
    mail($adminEmail, $subject, $mail_text);
}
```
In this case, if mails in queue exceeded 100, you get email.
```
$alertOn = 100;
```
You can change 100 to whatever number you need.
```
$adminEmail = "[email protected]";
```
Replace [email protected] with your email address.

Set script to run every 10 minutes using cronjob
```
*/10 * * * * /usr/local/bin/php /usr/serverok/mail_q_monitor.php >/dev/null 2>&1
```
August 26, 2019

Install SSL on Centova Cast

Edit file

vi /usr/local/centovacast/etc/cc-panel.conf

Find

listen 2199 default ssl;

Add below

listen 443 ssl;
listen 80;

Restart Centova Cast

/usr/local/centovacast/centovacast restart

At this point, you will be able to access Centova Cast on port 80 at

http://YOUR_SERVER_IP/login/index.php

To install LetsEncrypt Free SSL certificate, run

/usr/local/centovacast/sbin/setssl letsencrypt YOUR-DOMAIN.EXTN

Restart Centova Cast

/usr/local/centovacast/centovacast restart

Now you will be able to access Centova Cast using HTTPS.

November 22, 2018

VestaCP Installer Compromised

VestaCP Free Hosting control panel compromised again. Hackers where able to get access to VestaCP infrastcuture server, allowing them to modify installation script, so it sent root password of servers to hacker.

Here is post from VestaCP on their forum

I’m sorry about inactivity in this post from our side. It was a complex issue and we were not sure we understand the whole picture. Leak in the installer is just one piece of the puzzle. All pieces together lead to cumulative effect.

The issue number one

Our infrastructure server was hacked. Presumably using API bug in the release 0.9.8-20. The hackers then changed all installation scripts to log admin password and ip as addition to the distro name we used to collect stats.

Please check if your server IP here

http://vestacp.com/test/?ip=127.0.0.1

If it’s there you should change admin passwords as soon as possible. Also please make sure there is no /usr/bin/dhcprenew binary installed on your server. This binary is some sort of trojan that is able to launch remote DDoS attack or open shell to your server

For more information, see

https://forum.vestacp.com/viewtopic.php?f=10&t=17641&start=180#p73907

October 21, 2018

Category: Uncategorized

How it works