BLOG

EasyApache 4 and you!

EasyApache 4 and you!

For all cPanel administrators, EasyApache is a commonly used tool for setting up and configuring all your Apache needs. It lets us use an easy to navigate web GUI to configure and compile Apache and PHP modules.

Well the cPanel DEV’s have come up with a new version of EasyApache that now provides us with faster build times and several new options that were once only available with third-party applications.

With those third-party apps we were still limited on what versions of Apache and PHP we could use. These third-party apps do the job, but still limit us.

Now, with EasyApache 4 we can achieve these things natively without the use of any third-party apps. cPanel has provided us better integrations with RedHat and CentOS operating systems, automatic updates for Apache and as well as complete support for Multi-PHP versioning.

That’s just a few of the new features available in EasyApache 4. There are several more that I think are really a step in the right direction.

You can find more information about EasyApache 4 here.

https://documentation.cpanel.net/display/EA4/Introduction+to+EasyApache+4

At this point EasyApache 4 is still in Beta but is available for testing and is considered to be a final version for release.

The official release date is not yet posted, however we have tested it and it works great.

For help with upgrading to the new version or questions, just shoot us an email or create a ticket.

Transferring Email

Transferring email can be done many different ways and can be quite difficult without the right tools. The tool imapsync, included in the EPEL repository, allows for the easy transfer of emails from one server to another. All that is required is the hostname/IP of the source and destination server, along with the credentials to both email accounts.

This program uses IMAP to transfer all of the emails, folders, and statuses of each email with very little effort. This can be run on any server and can be done on a third party server, separate from any of the email servers. This tutorial is for servers running CentOS and no other requirements are needed.

This page is for transferring an email account from one IMAP account to the other using imapsync in the EPEL repository. All that is needed is the credentials for both servers and hostnames. If you wish to transfer the email, follow the steps below to get started.

-Install the EPEL repository by following the steps below

-Go to http://dl.fedoraproject.org/pub/epel/

-Copy the download link for your particular release of Centos

-Perform the command and change the download link as necessary
wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm

-Run the command to install EPEL:
rpm –ivh epel-release*

-Retrieve the credentials and hostnames for both servers

-Edit/create the password file /root/password and insert the password of the source server’s email

-Edit/create the password file /root/password2 and insert the password of the destination server’s email

-Start forming the command by typing imapsync

-Insert the hostname or IP address after the –host1 of the source server (ex. imapsync –host1 hostname.or-ip.com)

-Insert the user after the –user1 option of the source server

-Insert the location of the sources server email password file after the –passfile1 option

-Insert the hostname or IP address after the –host2 of the destination server

-Insert the user after the –user2 option of the destination server

-Insert the location of the destination server email password file after the –passfile2 option

-Run the command

Example:

imapsync –host1 hostname.or-ip.com –user1 user@user.com –passfile1 /root/password –host2 hostname.or-ip.com –user2 user@user.com –passfile2 /root/password2

 

Hint:

You can use imapsync –help to view the options of the command or specify particular ports/encryption/authentication.

Update All cPanel Passwords

Upon request of changing all the passwords on a server, we created a script to change all the passwords on a cPanel server. This script enables passwords to be changed from the command line, sends a list of users to a text file, generates a random 10 character password, saves the new passwords to a file, and updates all FTP/MySQL/cPanel passwords for the users. Although passwords should be changed through WHM, this allows you to change hundreds of passwords within a few seconds.

#!/bin/bash
#Changes every cPanel password on the server and stores the credentials in ~/newCredentials
#$newPassword is a randomly generated password with 10 characters
export ALLOW_PASSWORD_CHANGE=1
ls -la /home | awk ‘{print $3}’ | grep -v root | grep -v wheel | grep -v cpanel | grep -v apache | grep -v csf | grep -v ‘^$’ > /tmp/usersforchpass
for i in `more /tmp/usersforchpass `
do
newPassword=$(</dev/urandom tr -dc ‘A-Za-z0-9’ | head -c10)
echo “Username: $i” >> ~/newCredentials
echo “Password: $newPassword” >> ~/newCredentials
echo “” >> ~/newCredentials
/scripts/chpass $i $newPassword
/scripts/mysqlpasswd $i $newPassword
done
/scripts/ftpupdate
rm -f /tmp/usersforchpass

Pastebin:
http://pastebin.com/raw.php?i=XfMEet9y

cPanel 11.46

Last week, cPanel released version 11.46 to its Release tree which is what most servers run on.  Many servers have already gotten the latest version or will in the next couple of days.  There are, however, a couple of requirements that will prevent the new version from getting installe.d  More on that in a bit.

The big new features are:

– Single Sign On for default email account-Login to your email account through cPanel
– ModSecurity™ Tools and Configuration – Added interface that allows you to manage mod security
– Paper Lantern – cPanel’s modern theme allows you to add custom content to the cPanel interface
– MySQL backups include triggers and events
– Added record types for the Advanced DNS Zone Editor – Now supports AAAA and SRV record types
– Apache SpamAssassin upgrade
– Mass edit for TTL

There are a few things that will prevent the installation of 11.46.

– MySQL 5.0 or earlier
– FrontPage Extensions
– Less than 2.8 GB free on /usr

MySQL 5.1 was requires for the last major release of cPanel so most of you already have this.  5.1 and above will allow the latest version to install, but if you do have 5.1, your end users will be seeing a messages that tells them to ask you to upgrade.  MySQL 5.5 is really the standard for cPanel at this point and you should consider having us upgrade it if we have not already.

FrontPage extensions lost support a while ago as we have informed you previously.  cPanel has taken this to the next step though and that is that FrontPage extensions to to be completely removed before it will allow 11.46 to be installed.  You can find an option in WHM called uninstall FrontPage Extensions.  This option will remove the extensions from any sites that have them installed and then remove the system files.  We will be happy to assist you with this.

We are also seeing updates fail on systems that do not have at least 2.8 GB free on the /usr partition.  This could pose a real problem for servers with a lot of domains.  Several datacenters have been provisioning /usr as a 10 GB partition and that is simply too small with the way cPanel has grown.  We have some things we can move around, but I know a few of you have endemic issues in this regard and this will be a show stopper for updates.  Feel free to contact us and we can discuss options.

Shellshock

One of the most commonly installed utilities on a Linux system, Bourne Again Shell(Bash), was vulnerable to a serious Remote Code Execution vulnerability. These vulnerabilities were documented as CVE-2014-6271 and CVE-2014-7169. This allowed an attacker with the ability to execute code on a remote server giving them an ability to possibly compromise the entire server. Unlike the Heartbleed vulnerability, the attacker does leave traces of performing the exploit in the apache logs.

Although this vulnerability is very wide spread, it mainly affects web servers that have CGI scripts setup. This also affects bash scripts that call environment variables, network dispatcher scripts, and git hooks. If you do not have any of these then there is nothing to be concerned about as the vulnerability does not affect you. If you have CGI scripts and would like to check if the vulnerability has been exploited on your server, feel free to contact us to check your apache logs. As soon as this vulnerability was disclosed, we were already in the process of patching the servers and currently all servers have the latest patch regarding the shellshock vulnerability.

Check Apache logs:

grep ‘() { :;};’ /var/log/httpd/name_of_access_log

Read More:

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

XMLRPC

Recently we have noticed a large amount of hits to the xmlrpc.php files within WordPress installations and have been causing server loads to rise. This is due to functionality in WordPress called pingbacks that is being used to perform DDOS attacks on other websites using WordPress installations. The xmlrpc.php file allows for API calls for other applications and also pingback requests. If you do not use this I would recommend removing this file, as it decreases the possibility of vulnerabilities on your WordPress installation, or disable the pingback functionality using the following plugin below.

Not only will this prevent high loads on your server, but it will also prevent denial of service traffic stemming from your website. Also removing this file as well greatly reduces the attack surface of a WordPress installation. I will provide links below explaining what pingbacks are, how to disable pingbacks with a plugin, and the vulnerability information for this type of attack. Although this vulnerability does not allow for compromise of your website, it allows others to use your site to perform a denial of service attack on others. Please feel free to contact us if you have any questions.

 

http://en.support.wordpress.com/comments/pingbacks/

https://wordpress.org/plugins/disable-xml-rpc-pingback/

http://www.cvedetails.com/cve/CVE-2014-5266/

WordPress Brute Force

WordPress is one of the largest content management systems around and is often a target to a plethora of attacks. Recently WordPress brute force attacks have become more and more common. These brute force attacks are using a large amount of automated attempts to guess your username/password. Although there is no one method to prevent these attacks, there are things you can do to protect your website.

-Be sure to have a strong password with at least eight characters in total, upper and lower case characters, numbers, and special characters.
-Change your default WordPress admin username
-Ensure WordPress installation is up to date
-Secure WordPress dashboard
-Setup security plugin(iThemes Security)

These steps should help prevent brute force attacks and keep your site secure. It is important to ensure the security of your website and availability when you have a web presence and taking these small steps will increase that ability to do so. Also for apache servers you can secure your dashboard manually using your .htaccess file. Please replace 127.0.0.1 with your IP address(fetchip.com) if you wish to block access to your dashboard by IP address. As for the referrer method, which is non-intrusive and only prevents bots, you can just change the domain(example.com) with your own. Be sure to keep the back slash before the period.

Block access to dashboard by IP:
<Files wp-login.php>
order deny,allow
Deny from all
allow from 127.0.0.1
</Files>

Block WordPress logins without referrer:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{HTTP_REFERER} !^http://(.*)?example\.com [NC]
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteRule ^(.*)$ – [F]
</IfModule>

iThemes Security Plugin:
https://wordpress.org/plugins/better-wp-security/

Harden WordPress:
http://codex.wordpress.org/Hardening_WordPress

New Server Tech

I’d like to take a quick moment to introduce our new Server Technician, Michael Harris.  In addition to being a server administrator, Michael has a lot of experience in php application development, so we are looking forward to expanding into offering some services we have frequently been asked for but been unable to supply.

Welcome aboard Mike, and I am thrilled to have you on the team!

Rocking New Tech

We here at GOT have been quiet, but we have been developing some new strategies to mitigate DDoS attacks and also provide a platform for VERY high bandwidth applications.  The technology is similar but with different approaches.

We are hosting sites that are cranking out over 200 MBit sustained traffic with our new high volume solution.  We are using www.dnsmadeeasy.com for DNS resolution with fail-over and web-servers with www.litespeedtech.com to handle the volume.

We’ve been able to agilely fend off DDoS attacks of over 8 GBPs.  Its pretty awesome and if you have a high volume or high value target, you should contact us right away!