How to add SPF and DomainKey DKIM to all domains

There’s 3 ways to add an SPF record and DomainKey (DKIM) record

Method 1: Users can do it themselves inside cPanel. Login to cPanel, click the Email Authentication icon, and on this page you can click the Enable button below DKIM and below SPF. This will generate the DKIM key and also will add a generic SPF record.

dkimspf

You can also fill out the form below in the ‘Advanced Settings’ section if you would like to customize your SPF record. Be careful, if you do not know what you are doing, leave these alone. Wrong settings can cause your mail to get rejected.

Method 2: If you want to do this for your customers, it’s easier to do it in SSH at the command line. Simply type the following commands to automatically generate and install them.

/usr/local/cpanel/bin/dkim_keys_install username
/usr/local/cpanel/bin/spf_installer username

(Replace username with the actual account’s username)

Method 3: If you want to add an SPF and DKIM record for all existings domains on the server, simply copy and paste the following line and it will automatically add SPF records and DKIM records to all domains on the server

for username in `ls -A /var/cpanel/users` ; do /usr/local/cpanel/bin/dkim_keys_install $username && /usr/local/cpanel/bin/spf_installer $username ; done

cPanel vulnerabilities TSR-2016-0001

cPanel recently released a notice that all of the following versions of cPanel are vulnerable to a new issue found

11.54.0.4 & Greater
11.52.2.4 & Greater
11.50.4.3 & Greater
11.48.5.2 & Greater

You should update cPanel to the latest version to ensure you are protected from this. You can update cPanel via SSH or WHM.

How to redirect from main site to subfolder

If you are trying to redirect from www.yourdomain.com to www.yourdomain.com/subdirectory/ this requires a special .htaccess config to avoid creating a loop. You can use the following in the .htaccess of the main site. Replace yourdomain.com with your own website, and replace newfolder with the name of the folder you want to redirect to.

RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www.)?yourdomain.com$
RewriteCond %{REQUEST_URI} !^/newfolder/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /newfolder/$1
RewriteCond %{HTTP_HOST} ^(www.)?yourdomain.com$
RewriteRule ^(/)?$ newfolder/index.php [L]

Courier mail software deprecated, Dovecot mail now required

cPanel has offered 2 options for pop/imap mail software for several years. But now Courier is being deprecated and cPanel is now requiring all servers to be upgraded to Dovecot.

You may have received the following notice:

The cPanel & WHM update cannot proceed because the following service has been deprecated: Courier 

 You have 27 day(s) and 23 hour(s) until we remove Courier and replace it with Dovecot. 

 To continue using Courier, you must change your Update Preferences in WHM to Long Term Support (LTS). By switching to LTS, you will not receive new features and eventually will stop receiving security updates. 

 cPanel & WHM version 11.52 will be the last LTS version to support Courier. 

 For more information about Long Term Support: https://go.cpanel.net/longtermsupport

 

To be able to continue receiving updates and stay current with the latest features of cPanel, it’s best to switch now to Dovecot.

This can easily be done in WHM, go to the link ‘Mailserver Selection’, then on that page click the button next to Dovecot, and click Save at the bottom.

It will automatically switch and convert the entire server. There should be no downtime and no lost mail. Users should not notice any difference and should be completely seamless.

 

another glibc vulnerability CVE-2015-7547

Yet another glibc vulnerability has been detected on Feb 17, 2016 which effects:

Red Hat Enterprise Linux 6 & 7
CentOS 6 & 7
CloudLinux 6 & 7
(It also effects non-cpanel operating systems Debian Squeeze, Wheezy, Jessie, Ubuntu 12.04 & 14.04)

To patch your server, type:

yum clean all
yum -y update glibc

 

For more technical information on this vulnerability, please see:
http://www.kb.cert.org/vuls/id/457759
https://googleonlinesecurity.blogspot.be/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
https://access.redhat.com/errata/RHSA-2016:0176

[check_cpanel_rpms] There are altered RPMs on ….

After the recent cPanel updates you probably received a notice like this

[check_cpanel_rpms] There are altered RPMs on ….

The system detected problems with the following cPanel-provided files
that the RPM controls:

RPM Status Additional Information
cpanel-cgiemail-1.6-5.cp1136 Missing
cpanel-wwwcount-2.5-5.cp1136 Missing
…..

If you did not make these changes intentionally, execute the following
command as the root user to correct them:

/usr/local/cpanel/scripts/check_cpanel_rpms –fix
This notice is the result of a request from rpmcheck.

This notice was generated ….

Altered RPMs Check notifications are currently configured to have
an importance of High. You can change the importance or disable
this type of notification in WHMs Contact Manager at:
https:// …. :2087/scripts2/editcontact?event=Check::CpanelRPMs

This notice is most likely harmless, it is just letting you know that the update/check process encountered something that was unexpected. Just look at  the RPM’s listed to see what it found. If it is something that you intentionally removed or disabled, you can disregard this notice. Otherwise, you can run the following command to repair the errors found:

/usr/local/cpanel/scripts/check_cpanel_rpms –fix

 

How to migrate email from an old non-cPanel server to a new cPanel server

When migrating from one cPanel server to another cPanel server it’s easy and automatic, but if you need to migrate your email from an old host without cPanel it’s not automatic, but there’s still an easy way to do it with this tutorial.

First, download and install Thunderbird on your computer if you do not already have it. Thunderbird is a common popular desktop email program.

Second, you will have to add 2 email accounts in Thunderbird, the old email account and the new email account. When adding the old email account, set the mail server to the old server’s ip address, and in the Description field type something to indicate it is the old account. Similarly, when adding the new email account, set the mail server to the new server’s ip address. I recommend using the IMAP protocol for both the old and new account.

Lastly, now with both accounts loaded into Thunderbird, click on the old account from the left panel, and on the right side where all the emails are listed, just drag & drop the emails into the new account’s folder on the left panel.

There’s no limit to how many you can move at once, but from my own experience in doing this, you should only move small amounts of emails at a time.

How to migrate some sites or an entire server without downtime

cPanel makes it very easy to migrate between servers. If done properly, most likely there won’t be any downtime.

In this tutorial, we’ll break it down into 3 parts

A) Preparing the new server

  1. Setup the hostname. You can either use the same hostname as the old server or choose a new hostname
  2. Setup the nameservers. To make the transition seamless, it’s best to use the same nameservers as the old server.
  3. Install the same software, versions, modules, etc., that you have on the old server. Most importantly, the mysql & php version and modules should be the same as the old server.

B) Migrating the accounts

  1. Using the Transfer Tool link in WHM on the new server, enter the old server’s ip, ssh port, root password, then click Fetch Account List.
  2. On the next page, it will show all of the accounts. You can select all of the accounts you want to transfer. All of the options can be left as the defaults. Then click Copy

C) Once the transfer is complete

  1. Verify all of the accounts by checking the contents via FTP and testing them at the temporary url (http://SERVERIP/~username/). Please note that some sites will not display properly at the temporary url and will only work once the domain resolves to the new server.
  2. If everything is working properly on the new server, you can change the nameserver’s ip addresses at the domain registrar. For example, if all domains are using ns1.yourdomain.com and ns2.yourdomain.com, then change the ip addresses they point at to the new server’s ip addresses.
  3. Within about 24 hours all of the domains should be resolving to the new server. Over the next few days, test the sites again to make sure everything is working.

Since propagation & caching can take up to several days around the world for various reasons, keep testing the sites for a few more days. If no problems are detected, then you can temporarily power down the old server.

Continue to keep checking the sites over the next few more days. If you do not see any problems, then you can cancel the old server. Please remember that once the old server is cancelled, it is gone forever. So it’s important that you thoroughly check everything before cancelling the old server.

 

Easiest way to reset your wordpress admin password

Did you forget your wordpress admin password? Don’t panic! Here’s the easiest way to reset your password.

We realize that there’s plenty of tutorials online to reset your admin password but they are all complicated and require a lot of command line ssh experience. In just a few steps you can reset your admin password right through cPanel in less than 2 minutes.

  1. Go into PhpMyAdmin (either through WHM or cPanel)
  2. Select the database of your WordPress (if you are unsure which database to select please read the bottom of the post)
  3. Select the ‘wp_users’ table
  4. Click Edit (pencil icon) next to the line that says ‘admin’
  5. On the line that says ‘user_pass’ change the dropdown to MD5 and in the text field right next to it enter your new password
  6. Click Go at the bottom to save it and you’re done!

Now try to login to your WordPress with the new password.

If you are unsure which database to select or have multiple WordPress installations, you can open the wp-config.php file in the File Manager and look at the line that says DB_NAME and it will show you the database to use.

Important security update for cPanel TSR-2016-0001

cPanel announced the following security notice which applies to almost all versions.

Last week, on Jan 18, 2016 cPanel released TSR-2016-0001 with important security updates for cPanel & WHM. Our records indicate the
following cPanel & WHM installations need updated:

0.0.0.0

We urge you to update to the latest build as soon as possible. The following cPanel & WHM versions address all known vulnerabilities:

11.54.0.4 & Greater
11.52.2.4 & Greater
11.50.4.3 & Greater
11.48.5.2 & Greater

 

To patch this, simply update cPanel via WHM or SSH.
In WHM, you can click the “Upgrade to Latest Version” link.
In SSH, you can type:
/scripts/upcp –force

 

How to install Linux Malware Detect LMD maldet

Installing LMD is very easy and can be done in just a few steps

wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xvf maldetect-current.tar.gz
cd maldet*
./install.sh

That downloads the file, extracts it, goes into the folder it created, and installs it, and that’s all!

You can use it the way it is right out of the box, but if you want to configure the email notification option, quarantine option, etc., this can be done by editing the maldet config file at /usr/local/maldetect/conf.maldet

The options are pretty self explanatory and the conf file is well documented with comments above each option.

The quarantine option should only be used if you are sure you want to automatically quarantine files it detects. This can be dangerous as sometimes that are false positives that can be detected and it can wind up quarantining an important file which results in breaking a site.

Now on to using Maldet, first update it before running any scans by typing:

maldet -d && maldet -u

Then you can either scan an individual account or the entire server. To scan an individual account you can type:

maldet -a /home/user

To scan the entire server you can type:

maldet -b –scan-all /home?/?/public_?

To see all reports available you can type:

maldet –report list

Then to show the details of a specific report type:

maldet –report THE_SCAN_ID

By default, the quarantine option is disabled, unless you enabled it in the conf file. If you want to quarantine the files found in a report, you can type:

maldet -q THE_SCAN_ID

 

/var space full

In the old days when hard drives were smaller, the /var partition was usually set to about 10gig. That was fine a long time ago, but now as space requirements/consumption increases, small /var partitions are starting to fill up much faster

For future reference if you get a new server, the /var partition should be at least 50gig or should be on the / partition with sufficient space.

In the meantime, here’s a few ways to clean up /var

  1. Clear old logs from /var/log/
    There’s usually several log rotations kept here. You can safely remove the old rotated backups here.
  2. Empty the mail queue
    This can be done from WHM in the Mail Queue Manager or in ssh by emptying /var/spool/exim/ folders
  3. The cpanel bandwidth folder can grow pretty large
    If you are not concerned with bandwidth tracking, you can clear out /var/cpanel/bandwidth/
  4. Other non-vital areas that often consume a lot of space that can be removed are the eximstats db, logwatch cache folder, etc.

Since the /var partition holds a lot of logs, databases, mail queue, etc., it is completely normal to fill up over time. Depending on how many sites you have and how much activity you have, you may have to clean it up every few weeks. The average usage on a /var partition that is 10gig is about 50% used.

If the /var usage is still too high, you can type
du -sh /var/*
to find out which folder is using the most and dig deeper into the folders.

As a last resort if /var is still too full, MySQL can safely be moved to another partition but this should only be done if you are fully experienced with ssh.

Standby, we will cover cleaning up other partitions and moving MySQL is an upcoming post 🙂

The last attempt to update cPanel & WHM was blocked

If you are seeing this error it can mean one of many possible reasons, most likely it is nothing to worry about

First, login to WHM and click ‘Details’ next to “The last attempt to update cPanel & WHM was blocked”. A small popup window will explain what the issue is.

Here’s one of the possible reasons:

“Please correct these issues and rerun updates.
info: Upgrade to the next LTS is blocked until Monday Jun 22, 2015 in order to distribute upgrades over a five day period. If you wish to upgrade now, you can do so now with the force option.”

When cPanel releases major updates, it spreads out the distribution over a period of time to avoid everyone from updating at the same time which would result in overloading their servers. So don’t worry, just wait until the date shown for it to automatically complete the update. If for any reason you want to upgrade right now, you can simply login to ssh and type the following to force it to update now:

/scripts/upcp –force

 

cPanel fatal: Cannot upgrade due to insufficient disk space.

 

If you are getting any of the following errors that cpanel won’t update because /usr is full or does not have enough space

—–
The last attempt to update cPanel & WHM was blocked.
Please correct these issues and rerun updates.
fatal: Cannot upgrade due to insufficient disk space. Detected ?GB. You will need at least 3GB to install/update to a new version of cpanel.
—–

cPanel & WHM cannot update due to insufficient disk space in the staging
directory, “/usr/local/cpanel”. The system requires 3 GB to update; this
directory only has ? GB available.
—-
W NOTE: A system upgrade was not possible due to the following blockers:
W [FATAL] – Cannot upgrade due to insufficient disk space. Detected ?G. You will need at least ?G to install a new
version of cPanel
—-

Here’s a few fixes you can try:

Fix #1: Clear up unnecessary logs in

/usr/local/cpanel/logs/
/usr/local/apache/logs/
/usr/local/apache/domlogs/

Fix #2: Remove unnecessary old or duplicate folders such as
/usr/local/apache.*
/usr/local/maldet.*

Fix #3: CAUTION: This should only be done as an absolute last resort. This fix is dangerous and if done incorrectly can break your server. You should only do this if you are an experienced system admin. If not, ask someone experienced to do this for you. This method is not recommended by cpanel. This is just a workaround to resolving this where there are no other options rather than reloading your entire server

1) Stop crond, exim, cpanel, apache, mysql, leechprotect
2) Verify none are running by typing: lsof | grep /usr/local/cpanel
3) Make an empty folder at: /home/usr/local
4) Move /usr/local/cpanel to /home/usr/local/cpanel
5) Make an empty folder at: /usr/local/cpanel
6) Set the permissions: chmod 711 /usr/local/cpanel
7) Add the following line to the /etc/fstab file (save a copy of the file first before editing it):
/home/usr/local/cpanel /usr/local/cpanel none rw,bind 0 0
8) Mount the folder: mount /usr/local/cpanel
9) Now restart all of the services that were stopped
10) Update cpanel: /scripts/upcp –force

GLibc GHOST Vulnerability CVE-2015-0235

On 27 January 2015, a vulnerability in all versions of the GNU C library (glibc) was announced by Qualys. The issue was a buffer overflow during DNS hostname resolution. Disclosure of this issue was coordinated with the various operating system vendors and patches were made available by RedHat soon after the initial announcement went out.

According to Qualys, this vulnerability allows unauthenticated remote code execution in any daemons or services that perform hostname lookups using the vulnerable functions in the GNU C library. This library is at the core of most services and software that runs on Linux systems.

Qualys developed working attacks for the EXIM mail transport agent that all cPanel & WHM systems use. Qualys also created a Metasploit module to make testing or exploitation of the vulnerability straightforward for an attacker. At present, Qualys has not released any attack code, only detailed analysis of the flaw and its impact.

To patch this, you can type:
yum clean all
yum update glibc

To verify that it has been patched, you can type the following to check for the changelog entry:
rpm -q –changelog glibc | grep CVE-2015-0235

bash Vulnerability bug ShellShock CVE-2014-6271

Related CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187

On Sep 24, 2014 an advisory for a vulnerability with bash has been issued and can be seen at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

To test if your server is vulnerable or not, you can type the following in ssh:

env x='() { :;}; echo vulnerable’ bash -c “echo testing”

If the output says “vulnerable” then it is vulnerable to this exploit.

To patch this vulnerability, in ssh type the following:

  1. yum clean all
  1. yum update

 

cPanel Server Management blog has been born!

I’d like to thank everyone for visiting and looking forward to a great blog that people can rely on for helpful tools and techniques related to managing a cPanel server!