To change the root password for your Dedicated Server:

Log into WHM.
Click the Server Configuration icon on the home screen.
From the Server Configuration menu, click Change Root Password.
In the New Password field, enter the desired new password.
In the Confirm New Password field, retype the new password.

Home »Service Configuration »Apache Configuration »Global Configuration

Minimum Spare Servers 8
Maximum Spare Servers 32
Max Clients 1500
Max Requests Per Child 0
Start Servers 8
Server Limit 2000
Keep-Alive Timeout 15
Max Keep-Alive Requests 256

Other options:

–addition of memcache
–recompiling Apache to run as PreFork opposed to MPM Worker Event

Check for Prefork or Worker

# [root@austin ~]# /usr/sbin/httpd -V | grep MPM
# Server MPM:     Prefork
# -D APACHE_MPM_DIR="server/mpm/prefork"

Links:
http://kb.sp.parallels.com/en/113007
http://codebucket.co.in/apache-prefork-or-worker/
–Reduced some of the limits in the apache config. Many things that should be in the hundreds were set in the thousands.
–KeepAlive on was simply adding too large of a load to the server.


Timeout
Timeout 300

Usually this value doesn’t require editing and a default of 300 is sufficient. Lowering the ‘Timeout’ value will cause a long running script to terminate earlier than expected.

On virtualized servers like VPS servers, lowering this value to 100 can help improve performance.


KeepAlive
KeepAlive On

This setting should be “On” unless the server is getting requests from hundreds of IPs at once.

High volume and/or load balanced servers should have this setting disabled (Off) to increase connection throughput.


MaxKeepAliveRequests
MaxKeepAliveRequests 100

This setting limits the number of requests allowed per persistent connection when KeepAlive is on. If it is set to 0, unlimited requests will be allowed.

It is recommended to keep this value at 100 for virtualized accounts like VPS accounts. On dedicated servers it is recommended that this value be modified to 150.


KeepAliveTimeout
KeepAliveTimeout 15

The number of seconds Apache will wait for another request before closing the connection. Setting this to a high value may cause performance problems in heavily loaded servers. The higher the timeout, the more server processes will be kept occupied waiting on connections with idle clients.

It is recommended that this value be lowered to 5 on all servers.


MinSpareServers
MinSpareServers 5

This directive sets the desired minimum number of idle child server processes. An idle process is one which is not handling a request. If there are fewer spareservers idle then specified by this value, then the parent process creates new children at a maximum rate of 1 per second. Setting this parameter to a large number is almost always a bad idea.

Others Suggestions:


Virtualized server, ie VPS 5
Dedicated server with 1-2GB RAM 10
Dedicated server with 2-4GB RAM 20
Dedicated server with 4+ GB RAM 25
MaxSpareServers
MaxSpareServers 10

The MaxSpareServers directive sets the desired maximum number of idle child server processes. An idle process is one which is not handling a request. If there are more than MaxSpareServers idle, then the parent process will kill off the excess processes.

The MaxSpareServers value should be set as double the value that is set in MinSpareServers.


StartServers
StartServers 5

This directivesets the number of child server processes created on startup. This value should mirror what is set in MinSpareServers.


MaxClients
MaxClients 150

This directive sets the limit on the number of simultaneous requests that will be served. Any connection attempts over the specified limit will be queued. Once a process is freed at the end of a different request, the queued connection will then be served.

For virtualized servers such as VPS accounts, it is recommended to keep this value at 150. For all dedicated servers the recommended value for this setting is 250.


MaxRequestsPerChild
MaxRequestsPerChild 0

This directive sets the limit on the number of requests that an individual child server process will handle. After the number of requests reaches the value specified, the child process will die. When this value is set at 0, then the process will never expire.

Other adjustments:


Virtualized server, ie VPS 300
Dedicated server with 1-4GB RAM 500
Dedicated server with 4+GB RAM 1000

Other resources:
http://httpd.apache.org/docs/2.2/misc/perf-tuning.html
https://www.howtoforge.com/configuring_apache_for_maximum_performance
http://stackoverflow.com/questions/8902103/is-there-an-apache-tuner-script-like-mysqltuner-pl

Login as the root user to SSH and run the following commands to install CSF:

wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

If you would like to disable APF+BFD (which you will need to do to avoid conflicts):

sh disable_apf_bfd.sh

Now, you can then configure csf and lfd in WHM, or edit the files directly in /etc/csf/*

To Configure the CSF Firewall

Go to the Home of your WHM dashboard and select the Plugins option from the navigation menu.

You will see the option ConfigServer Security & Firewall. Click on it.

Here, you will find a variety of options to configure the ConfigServer Security & Firewall application.

Click on the csf tab.

Scroll down a little to the csf – ConfigServer Firewall section and click on the Firewall Configuration button.

Configure as needed.

Disable Testing
Currently, your CSF application is running in the Test Mode. You have to deactivate the mode.

Reaccess the csf – ConfigServer Firewall section and click the Firewall Configuration button.
Locate the TESTING option in the Initial Settings section.
Click on the Off switch.

Email Settings Auto Discovery

Enable: This will allow email clients to automatically locate and configure themselves based on the server’s configurations.

No, thank you: This will prevent the auto setup features on email clients from automatically locating and configuring themselves.

Email Archiving

Enable: This will allow users to configure the retention period for incoming, outgoing and mailing list emails. You can enable the archiving feature through the cPanel interface on a per-domain basis. Messages can be retrieved through the following methods:
IMAP connection
Downloading the messages directly
WebMail
Mail Delivery Reports feature in WHM

No, thank you: This will prevent the server from retaining messages being sent. Additionally, these options to control the archive type and retention period per domain will be removed from cPanel.

Query Apache for “Nobody” Senders

Enable: This will allow you to query the Apache servers status to determine the true sender of the email. By looking at the process table to determine who really sent the message, cPanel can accurately report the sender of the message. While this requires more process time, it is more reliable and cannot be forged.

No, thank you: This will prevent mail delivery process from querying the Apache server to determine the true sender of a message when the user who sent the message is ‘nobody’.

Security Tokens

Enable: This will allow cPanel and WHM to secure their URLs from being affected by Cross-Site Request Forgery (XSRF) attacks by adding unique tokens to the URL upon login.

No, thank you: This will prevent the use of unique security tokens that would otherwise be displayed in the URL upon login. This is not recommended and will leave you vulnerable to XSRF attacks.

SMTP Restrictions

Enable: This will prevent users from sending mail openly without any restrictions. This feature configures your server so that the mail transport agent (MTA), Mailman mailing list software and root user are the only accounts able to connect to remote SMTP servers.

No, thank you: This will allow users to send mail openly without any restrictions. This is not recommended if you want to keep your users’ mailing restricted.

Trust X-PHP-Script for ‘nobody’ senders

Enable: This will allow the server to trust the X-PHP-Script headers to determine the sender of email sent from processes running as “nobody.” The server will trust messages which contain X-PHP-Script headers (this requires the Easy Apache option MailHeaders to be compiled in Apache) and use them to determine the true sender.

A sophisticated, malicious user can forge email headers. Although it may be more CPU intensive, the Apache query method is recommended if you do not trust your users.

No, thank you: This will prevent the server from checking the mail headers for X-PHP-Script headers to determine whether or not the email can be trusted and identified as a true user.

What is a multi-domain or UC/SAN SSL certificate?

Multi-domain certificates are SSL certificates that allow you to secure multiple, potentially unrelated domains with a single certificate. This includes UCC/SAN certificates and wildcard certificates. Unified Communications/Subject Alternate Name (UC/SAN) Certificates are SSL certificates that allow you to specify a list of hostnames that the same certificate protects.

Note:

Icon

You must reissue these certificates each time that you add a new hostname.

What is a wildcard SSL certificate?

A wildcard certificate allows you to install the same certificate on any number of subdomains if they share an IP address. You can apply a wildcard certificate to services in WHM’s Manage Service SSL Certificates interface (Home >> Service Configuration >> Manage Service SSL Certificates).

  • For example, if you have a wildcard certificate for 
    *.example.com

    , you can use it to securely connect to 

    mail.example.com

     and

    www.example.com

    , but not to 

    example.com

    .

  • The 
    root

     user may install a wildcard certificate on a collection of subdomains that are associated with a single root domain on multiple IP addresses. If multiple IP addresses are used, a user on the server must not own the 

    root

    domain.

What is the difference between a wildcard and a webserver certificate?

Webserver certificates only allow you to secure a single domain. Wildcard certificates allow you to secure a domain and an unlimited number of subdomains. For example, if you wish to secure 

store.example.com

 and 

blog.example.com

, you can use a single wildcard certificate to do so. However, each subdomain will require its own dedicated IP address.

You go to create a subdomain and get the following errors.

[stextbox id=”warning”]There was a problem creating the sub-domain: You do not have permission to create subdomains of the server’s hostname[/stextbox]

Or
[stextbox id=”warning”]The system experienced a problem during the creation of the “example” subdomain.[/stextbox]

This was fixed by changing settings in WHM: WHM Home -> Server Configuration -> Tweak Settings

Allow users to park subdomains of the server’s hostname: ON

To install mysqli using EachApache:

1. Login to WHM as ‘root’ user.

2. Either search for “EasyApache” or go to Software > EasyApache

3. Scroll down and select a build option (Default)

4. Click Start “Start customizing based on profile”

5. Select the version of Apache and click “Next Step”.

6. Select the version of PHP and click “Next Step”.

7. Chose additional options within the “Short Options List”

8. Select “Exhaustive Options List” and look for “MySQL Improved extension”

9. Click “Save and Build”

To check mysqli was installed:

Run the following command as ‘root’ in SSH:

php -i|grep -i mysqli


Startup Log:
     Starting proftpd: 2014-11-10 17:08:26,390 server4.atwaretech.com proftpd[24369]: mod_auth_file/1.0: unable to use world-readable AuthUserFile '/etc/proftpd/passwd.vhosts' (perms 0644): Operation not permitted
     2014-11-10 17:08:26,390 server4.atwaretech.com proftpd[24369]: fatal: AuthUserFile: unable to use /etc/proftpd/passwd.vhosts: Operation not permitted on line 7 of '/etc/proftpd.conf'
     [FAILED]

Check permissions

root@server4 [~]# cd /etc/proftpd/
root@server4 [/etc/proftpd]# ls -la
total 32
drwxr-x--x   2 root proftpd  4096 Nov 10 17:08 ./
drwxr-xr-x. 89 root root    12288 Nov 10 17:19 ../
-rw-r-----   1 root proftpd   180 Nov 10 17:08 atware
-rw-r-----   1 root proftpd   180 Nov 10 17:08 lennys
-rw-r--r--   1 root root     1180 Nov 10 17:08 passwd.vhosts
-rw-------   1 root root     1501 Nov 10 17:08 passwd.vhosts.cache

Change to owner read writable

root@server4 # chmod o-rwx /etc/proftpd/passwd.vhosts
root@server4 # service proftpd restart

Info: http://ubuntuforums.org/showthread.php?t=2238794

Adding an SSL cert in WHM throws an error.
It gives me this error at top. “The system failed to find an owner for the domain “domain.com”.”

Resolution

The domain was added in accounts in WHM as www.domain.com. Chabge to domain.com

fixallcartswithsuexec – Fixes permissions on carts when using suexec.
fixallinterchangeperm – Fixes permissions on all users’ Interchange Shopping Carts.
fixbinpath – Makes sure all bin file paths are correct.
fixbuggynamed – Updates bind to solve any problems with bugs.
fixcommonproblems – Attempt to fix the most common problems.
fixetchosts – Fixes problems with /etc/hosts
fixeverything – Fix common problems and quotas.
fixfpwml – Fix for .wml errors with frontpage.
fixheaders – Run if nothing compiles errors with .h files on compile.
fixinterchange – Reinstall interchange Perl modules.
fixinterchangeperm – fix permissions on a user’s interchange cart.
fixipsnm – Same as addnetmask ips, but Perl though.
fixlibnet – Reinstall Bundle::libnet (Perl).
fixlocalhostwithphp – Change /etc/hosts to work better with PHP 4.2.0 + MySQL.
fixmailman – Updates and restarts mailman.
fixmailmanwithsuexec –
fixmuse – Reinstalls muse.
fixmysql – Fixes problems with mySQL.
fixmysqlbsd – Fixes problesm with mySQL on FreeBSD.
fixnamed – Updates bind to handle many DNS zones (more than 512).
fixndc – Repair redhat’s broken named.conf on 7.2.
fixoldlistswithsuexec – Run after enabling suexec on the server to change the URLs that Mailman gives out to ones that don’t give a 500 internal server error.
fixperl – Symlink /usr/local/bin/perl /usr/bin/perl.
fixperlscript – Makes sure a perlscript includes all corresponding modules.
fixpop – Fix a POP account and reset password.
fixproftpdconf – Fixes problems with /usr/local/etc/proftpd.conf
fixproftpddupes – Updates proftpd.
fixquotas – Fix quotas.
fixrndc – Fixes named.conf to prevent rndc staus failed.
fixspamassassinfailedupdate – Reinstalls a failed spamassassin update.
fixsubdomainlogs – Run if subdomain logs don’t show up in cPanel.
fixsuexeccgiscripts – Fix CGI scripts that are broken after suexec installed.
fixvaliases – Fix permisions on valiases.
fixwebalizer – Repair a Webalizer that has stopped updating.

Common cPanel /Scripts

Install Zend Optimizer /scripts/installzendopt
Hostname A Entry Missing! /scripts/fixndc then restart bind and apache
Install Cron on New Server /scripts/installrpm anacron vixie-cron ; /etc/rc.d/init.d/crond start
Bandwidth issues /scripts/cleanbw
/scripts/fixwebalizer (To fix problem in webalizer that stop updating stats)
/scripts/fixcommonproblems
/scripts/fixeverything
Fixing Mail List MailMan /usr/local/cpanel/bin/convertmailman2
Reinstall MailMan /scripts/reinstallmailman
Fix Permissions on accounts: /scripts/fixhome
Edit mySQL conf file: pico /etc/my.cnf
Edit php.ini: pico /usr/local/lib/php.ini
Edit Apache Conf: pico /etc/httpd/conf/httpd.conf
Checking Real Time Top Processes Login to SSH and run: top
Run cpanel backup /scripts/cpbackup
To try and fix domain controller: /scripts/fixndc

Quotas /scripts/initquotas – takes a while to run
/scripts/resetquotas
/scripts/fixquotas – takes a while to run

/scripts/adddns Add a Dns Entry
/scripts/addfpmail Install Frontpage Mail Exts
/scripts/addservlets Add JavaServlets to an account (jsp plugin required)
/scripts/adduser Add a User
/scripts/admin Run WHM Lite
/scripts/apachelimits Add Rlimits (cpu and mem limits) to apache.
/scripts/dnstransfer Resync with a master DNS Server
/scripts/editquota Edit A Users Quota
/scripts/finddev Search For Trojans in /dev
/scripts/findtrojans Locate Trojan Horses
Suggest Usage
/scripts/findtrojans > /var/log/trojans
/scripts/fixtrojans /var/log/trojans
/scripts/fixcartwithsuexec Make Interchange work with suexec
/scripts/fixinterchange Fix Most Problems with Interchange
/scripts/fixtrojans Run on a trojans horse file created by findtrojans to remove them
/scripts/fixwebalizer Run this if a users stats stop working
/scripts/fixvaliases Fix a broken valias file
/scripts/hdparamify Turn on DMA and 32bit IDE hard drive access (once per boot)
/scripts/initquotas Re-scan quotas. Usually fixes Disk space display problems
/scripts/initsuexec Turn on SUEXEC (probably a bad idea)
/scripts/installzendopt Fetch + Install Zend Optimizer
/scripts/ipusage Display Ipusage Report
/scripts/killacct Terminate an Account
/scripts/killbadrpms Delete Security Problem Infested RPMS
/scripts/mailperm Fix Various Mail Permission Problems
/scripts/mailtroubleshoot Attempt to Troubleshoot a Mail Problem
/scripts/mysqlpasswd Change a Mysql Password
/scripts/quicksecure Kill Potential Security Problem Services
/scripts/rebuildippool Rebuild Ip Address Pool
/scripts/remdefssl Delete Nasty SSL entry in apache default httpd.conf
/scripts/restartsrv Restart a Service (valid services: httpd,proftpd,exim,sshd,cppop,bind,mysql)
/scripts/rpmup Syncup Security Updates from RedHat/Mandrake
/scripts/runlogsnow Force a webalizer/analog update.
/scripts/secureit Remove non-important suid binaries
/scripts/setupfp4 Install Frontpage 4+ on an account.
/scripts/simpleps Return a Simple process list. Useful for finding where cgi scripts are running from.
/scripts/suspendacct Suspend an account
/scripts/sysup Syncup Cpanel RPM Updates
/scripts/unblockip Unblock an IP
/scripts/unsuspendacct UnSuspend an account
/scripts/upcp Update Cpanel
/scripts/updatenow Update /scripts
/scripts/wwwacct Create a New Account

/scripts/runweblogs account username for awstats to run manually

Sometimes such behavior of apache/httpd (taking more and more memory until it dies or crashes the server) can be caused by corrupted MySQL database. Try to do the following:
1) Kill the mysql server
/etc/rc.d/init.d/mysql stop

2) Repair all SQL databases:
myisamchk -r /var/lib/mysql/*/*.MYI

3) Start mysql again:
/etc/rc.d/init.d/mysql start