Don’t know the admin password for your plesk panel?
Linux
#ssh root@123.22.33.22 /usr/local/psa/bin/admin --show-password 34GGb$sger
Windows
Connect to the server via RDC
Run the following in a command prompt
# cd %plesk_bin% # plesksrvclient -get
Author: The Geek Decoder
My Server time Zone was +00:00 GMT and today I found the time showing +1:00 GMT . Would you please tell how it has been changed ? Is that because of Daylight Saving issue ?
The server currently is set to British Summer Time, which is UTC +1 currently, you can change the time zone to UTC/GMT which does not adjust for Daylight Saving Time, you can run the following commands to set the time zone to UTC:
mv /etc/localtime /etc/localtime.bak ln -s /usr/share/zoneinfo/UTC /etc/localtime
You can prevent this from being changed by updates by running:
chattr +i /etc/localtime
Highr Ping or Network Connection times.
Windows Server 2012 doesn’t really give you much options in the way of tuning as most of it is done automatically:
Dedicated IP Transfer
If you select Dedicated IP for the account while transferring it, it should transfer with a working SSL certificate from cPanel to cPanel transfers. If you do not select Dedicated IP during the account transfer, it will transfer the certificate, but it will not install the SSL due to the dedicated IP missing.
If Transfered with a Shared IP
You should be able to re install the SSL using WHM > SSL/TLS > Install a SSL Certificate and Setup the Domain area by clicking the “Browse” button to find the domain.
If the domain isn’t listed, then that would mean the certificate didn’t get transferred. At that point, then you’d simply have to check /usr/local/apache/conf/httpd.conf on the old machine for the domain’s VirtualHost entry to find the path to the certificate, RSA key and cabundle files (normally, those are in /etc/ssl/certs and /etc/ssl/private locations).
Moving your SSL Certificate to a new host in WHM
Retrieve Data from WHMFind the SSL/TLS section in WHM
- Click “ssl manager” in WHM
- Click the disk icon for domain.com.crt (where domain.com is the domain you want to copy)
- Copy that cert to notepad and save the file (this is the .crt information)
- Click the disk icon for domain.com.key (where domain.com is the domain you want to copy)
- Copy that information to notepad and save the file (this is the .key information)
WHM (Web Hosting Manager)
WebHost Manager is the control center of the CPanel / WebHost Manager package. It is used to set up and manage accounts. Use WHM to install your issued certificate.
You need both the certificate and key files to install the certificate.
To install an SSL certificate:
Click on the “Install an SSL Certificate and Setup the Domain link” in the SSL/TLS menu.
Paste the information from the .crt file in the top box (The .crt file starts with
—–BEGIN CERTIFICATE—–)
Enter the domain that the certificate is issued for, the user name for the users account, and Dedicated IP address assigned for the certificate in the Domain, User, and IP Address fields.
Paste the information from the .key file in the second box (The .key file starts with
—–BEGIN RSA PRIVATE KEY—–)
Check to make sure that the IP address and domain name and username is all correct then
Click on the button to install the certificate.
The last section for the “ca bundle” is not required as this is a single certificate install.
Invald SSL
Rename or delete the file cert8.db in the Profile Folder to remove all intermediate certificates that Firefox has stored by visiting secure websites.
The build-in root certificates show as “Builtin Object Token” and the stored intermediate certificates as “Software Security device”
Rename or delete the file cert_override.txt (cert_override.txt.old) in the Firefox Profile Folder to remove all permanent exceptions that you have saved.
Not receiving emails from a site form:
This issue was caused by the hostname of the server, which was dsw33.managed.domain.com, Update this to a vaild hostname like mail.thedomain.com and add the matching PTR (reverse DNS) record to match. You will need to add an A record at your DNS provider that points mail.thedomain.com to the IP if the server.
Check if the script is attempting to send with the From header as the user’s submitted e-mail address. This can cause issues as most major e-mail providers employ an e-mail feature known as DMARC to help reduce forging of their domains:
Getting a White Page in a Plesk server with php. Check the error log for the domain:
[root@server logs]# tail -f /var/www/vhosts/system/domain.com/logs/error_log Fri Sep 26 15:27:25 2014] [error] [client 72.644.444.xxx] PHP Warning: Unknown: open_basedir restriction in effect. File(/usr/local/bin/env.php) is not within the allowed path(s): (/var/www/vhosts/domain.com/httpdocs:.:/php:/tmp) in Unknown on line 0 [Fri Sep 26 15:27:25 2014] [error] [client 72.644.444.xxx] PHP Warning: Unknown: failed to open stream: Operation not permitted in Unknown on line 0
Check php settings in plesk
Change the value to “none”
Click Okay. In this instance, I got an error:
Error: No secure shell available
Ran bootstrapper:
[root@server logs]# /usr/local/psa/bootstrapper/pp11.5.30-bootstrapper/bootstrapper.sh
If you see issues with HTML e-mail sending from PHP, the problem is likely due to the headers being terminated like “rn”. the r causes MailEnable webmail to corrupt the message. The bug in MailEnable.
Products Affected:
| Product/Channel | Fixed in package | Remediation details |
|---|---|---|
| Red Hat Enterprise Linux 7 | bash-4.2.45-5.el7_0.2 | Red Hat Enterprise Linux |
| Red Hat Enterprise Linux 6 | bash-4.1.2-15.el6_5.1 | Red Hat Enterprise Linux |
| bash-4.1.2-15.el6_5.1.sjis.1 | Red Hat Enterprise Linux | |
| bash-4.1.2-9.el6_2.1 | Red Hat Enterprise Linux 6.2 AUS | |
| bash-4.1.2-15.el6_4.1 | Red Hat Enterprise Linux 6.4 EUS | |
| Red Hat Enterprise Linux 5 | bash-3.2-33.el5.1 | Red Hat Enterprise Linux |
| bash-3.2-33.el5_11.1.sjis.1 | Red Hat Enterprise Linux | |
| bash-3.2-24.el5_6.1 | Red Hat Enterprise Linux 5.6 LL | |
| bash-3.2-32.el5_9.2 | Red Hat Enterprise Linux 5.9 EUS | |
| Red Hat Enterprise Linux 4 | bash-3.0-27.el4.2 | Red Hat Enterprise Linux 4 ELS |
Check the version:
[root@server]# rpm -qa | grep bash bash-completion-1.3-7.el6.noarch bash-4.1.2-15.el6_4.x86_64
Diagnostic Steps:
Exploit 1 (CVE-2014-6271)
There are a few different ways to test if your system is vulnerable to shellshock. Try running the following command in a shell.
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If you see “vulnerable” you need to update bash. Otherwise, you should be good to go.
Exploit 2 (CVE-2014-7169)
Even after upgrading bash you may still be vulnerable to this exploit. Try running the following code.
env X='() { (shellshocker.net)=>' bash -c "echo date"; cat echo ; rm -f echo
If the above command outputs the current date (it may also show errors), you are still vulnerable.
Exploit 3 (???)
Here is another variation of the exploit. Please leave a comment below if you know the CVE of this exploit.
env -i X=' () { }; echo hello' bash -c 'date'
If the above command outputs “hello”, you are vulnerable.
Exploit 4 (CVE-2014-7186)
bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' || echo "CVE-2014-7186 vulnerable, redir_stack"
A vulnerable system will echo the text “CVE-2014-7186 vulnerable, redir_stack”.
Exploit 5 (CVE-2014-7187)
(for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in {1..200} ; do echo done ; done) | bash ||
echo "CVE-2014-7187 vulnerable, word_lineno"
A vulnerable system will echo the text “CVE-2014-7187 vulnerable, word_lineno”.
Run update:
[root@server ~]# yum update bash Loaded plugins: downloadonly, fastestmirror, priorities Loading mirror speeds from cached hostfile epel/metalink | 16 kB 00:00 * base: mirror.hmc.edu * epel: mirrors.solfo.com * extras: centos.sonn.com * updates: linux.mirrors.es.net base | 3.7 kB 00:00 extras | 3.3 kB 00:00 updates | 3.4 kB 00:00 updates/primary_db | 5.3 MB 00:00 81 packages excluded due to repository priority protections Setting up Update Process Resolving Dependencies --> Running transaction check ---> Package bash.x86_64 0:4.1.2-15.el6_4 will be updated ---> Package bash.x86_64 0:4.1.2-15.el6_5.1 will be an update --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Updating: bash x86_64 4.1.2-15.el6_5.1 updates 905 k Transaction Summary ================================================================================ Upgrade 1 Package(s) Total download size: 905 k Is this ok [y/N]: y Downloading Packages: bash-4.1.2-15.el6_5.1.x86_64.rpm | 905 kB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Updating : bash-4.1.2-15.el6_5.1.x86_64 1/2 Cleanup : bash-4.1.2-15.el6_4.x86_64 2/2 Verifying : bash-4.1.2-15.el6_5.1.x86_64 1/2 Verifying : bash-4.1.2-15.el6_4.x86_64 2/2 Updated: bash.x86_64 0:4.1.2-15.el6_5.1 Complete!
[root@server ~]# rpm -qa | grep bash bash-4.1.2-15.el6_5.1.x86_64 bash-completion-1.3-7.el6.noarch
Test after update:
[root@server ~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
For Ubuntu Systems:
apt-get update; apt-get install --only-upgrade bash
For Arch Linux:
pacman -Sy bash
A reboot is not required after the update.
Resources:
https://access.redhat.com/articles/1200223
http://www.reuters.com/article/2014/09/24/us-cybersecurity-bash-idUSKCN0HJ2FQ20140924
How do I find out running processes were associated with each open port?
#sudo netstat -lpn |grep :8080
You will get an output similar to this one
tcp6 0 0 :::8080 :::* LISTEN 6782/java
The process i, which is 6782, now this is the process that is using port 8080.
Kill the process, type: kill 6782
# kill -9 6782
and now port 8080 is free.
http://www.cyberciti.biz/faq/what-process-has-open-linux-port/