Press "Enter" to skip to content

Tag: cpanel

Techy: cPanel DNS Cleardown script

Do you have many “old” cPanel servers? Perhaps you have the cpanel servers configured in a DNS cluster for redudancy? If so, you may encounter the same problem as I did where you have “stale” (or old) DNS zones cluttering up the server. Here’s a script to get rid of any unused zone files (use at your own risk yadda yadda yadda – you will have to rebuild /etc/named.conf afterwards):

Techy: Handy Security Tips

If you have a new box you want to use for web hosting etc, then here are just a few of the things you can do to help make the box secure. This list is not comprehensive, nor do I take any responsibility for any harm that may come to your server if you use any of these commands. These are mainly “quick reference” commands in case I need them in a rush (for example: we’ve put a box online and need it at least “semi-secured” – we’ll spend a bit more time securing a box then just these commands, but they’re a good starting point)

Run commands as root/su:

Disable telnet
Modify /etc/xinetd.d/telnet (could also be /etc/xinetd.d/telnet and change disable=no to disable=yes

Disable code compilation
Add compiler group: /usr/sbin/groupadd compiler
Move to correct directory: cd /usr/bin
Make most common compilers part of the compiler group chgrp compiler *cc*
chgrp compiler *++*
chgrp compiler ld
chgrp compiler as

Set access on mysqlaccess chgrp root mysqlaccess
Set permissions chmod 750 *cc*
chmod 750 *++*
chmod 750 ld
chmod 750 as
chmod 755 mysqlaccess

To add users to the group, modify /etc/group and change compiler:x:123: to compiler:x:123:username1,username2 (‘123’ will be different on your installation)

Techy: New Cpanel Server

Cpanel ScreenshotAt work, we’ve got a combination of Cpanel and Ensim Pro control panel based webservers (plus a proprietary system on our very old datacentre). My “personal” dedicated server just has plain Linux (Debian) on it and hosts around a dozen sites – but I’ve decided to go for a more easy to manage solution and I’ve chosen to purchase a brand new Red Hat Linux (I actually would have preferred Debian) server – complete with a whopping 700Gb bandwidth per month (I’m currently on just 40Gb) with Cpanel.

Why Cpanel? Well, Ensim tries to “control” your server a bit too much for my liking: you’ve got to be especially careful what you upgrade/install and if you make any changes to the Apache configuration by hand – then it can really screw things up (and the next restart of Ensim will mean it’ll try and “correct” your amendments). Cpanel, on the other hand, seems to act as a control panel should – it’ll allow me to go right in and forcible change settings without having to worry too much about it overriding my settings.

Plus, the whole system seems lot more “open” then Ensim’s compiled Python mess: which means if I feel like writing an extension to Cpanel, then I’m free to do so. And, it comes with some nifty “one click install” style items – I’ve disabled most of them, but at least if I ever want to have a quick play with – say OsCommerce – I won’t even have to bother loading an FTP client to upload the files! Oh – and it’s support of anti-spam systems looks perfect (my current real email/spam ratio is around 1:500 – yes, I get around 500 spams for every proper email! I deleted 3,500 of them so far today)

On the slightly negative side: I’m having real difficulties disabling FrontPage on the server. I absolutely detest that b–ardised system: it’s a little bit of a web design package, a little bit of “PHP/Perl scripting” and a strange FTP client all muddled together and pulled out incorrectly. FrontPage would have been so much better if it used standard FTP uploads and server admins didn’t have to worry about getting the darn FrontPage extensions to work correctly. 75%+ of our technical support calls are about FrontPage (but, to be fair, some of our customers are such numbskulls that I have to talk them through how to start FrontPage’s inbuilt help system: I wish I was joking 🙁 ).

Anyway, once I’ve got the new server stabilised and ready, I’m going to be moving everything to it – it’ll take me a while though as my current server has a few “exotic” settings made to it which I’ll need to take into account.