Eximstats too large

If the size of your eximstats database is too large, you can do the following steps to empty it.

Login to mysql server from root.

[root@srv1 ~]# mysql

mysql> use eximstats;
Database changed
mysql> show tables;
+---------------------+
| Tables_in_eximstats |
+---------------------+
| defers |
| failures |
| sends |
| smtp |
+---------------------+
4 rows in set (0.00 sec)

mysql> delete from defers;
Query OK, 0 rows affected (0.52 sec)

mysql> delete from failures;
Query OK, 0 rows affected (0.35 sec)

mysql> delete from sends;
Query OK, 17310 rows affected (0.23 sec)

mysql> delete from smtp;
Query OK, 4678 rows affected (0.06 sec)

mysql> exit
Bye
[root@srv1 ~]#

You can also do this by deleting the above .MYD files from the location /var/lib/mysql/eximstats and restart exim service afterwards.

Disable ETags

To alleviate security risks arising from disclosure of information about files and their properties by Apache Web server, disable FileETag directive. For PCI Compliance it is required to disable ETags

Create a file at /etc/httpd/conf.d/no-etags.conf with the following:

Header unset ETag
FileETag None

Then of course restart Apache.

http://httpd.apache.org/docs/2.2/mod/core.html#FileETag

How to verify matching private key with a certificate

The private key contains a series of numbers. Two of those numbers form the “public key”, the others are part of your “private key”. The “public key” bits are also embedded in your Certificate (we get them from your CSR). To check that the public key in your cert matches the public portion of your private key, you need to view the cert and the key and compare the numbers. To view the Certificate and the key run the commands:

$ openssl x509 -noout -text -in server.crt
$ openssl rsa -noout -text -in server.key

The `modulus’ and the `public exponent’ portions in the key and the Certificate must match. But since the public exponent is usually 65537 and it’s bothering comparing long modulus you can use the following approach:

$ openssl x509 -noout -modulus -in server.crt | openssl md5
$ openssl rsa -noout -modulus -in server.key | openssl md5

And then compare these really shorter numbers. With overwhelming probability they will differ if the keys are different. As a “one-liner”:

$ openssl x509 -noout -modulus -in server.pem | openssl md5 ;\
openssl rsa -noout -modulus -in server.key | openssl md5

And with auto-magic comparison (If more than one hash is displayed, they don’t match):

$ (openssl x509 -noout -modulus -in server.pem | openssl md5 ;\
openssl rsa -noout -modulus -in server.key | openssl md5) | uniq

BTW, if I want to check to which key or certificate a particular CSR belongs you can compute

$ openssl req -noout -modulus -in server.csr | openssl md5

WHMCS Security Advisory

A potential security issue has been discovered whereby it may be possible for a malicious user to inject a specially crafted combination of variables leading to unexpected results. The issue revolves around the Smarty templating system and template related processing.

> Patch Download Link: http://www.whmcs.com/go/21/download

Patch will work for all versions of WHMCS 4.x.

Buy WHMCS cheap at Licensepal.com

Plesk 10.X fails to start after upgrade !

Service of the sw-cp-server cannot be started after the Parallels Plesk Panel upgrade. The sw-cp-server fails to start with the following error:
/etc/init.d/sw-cp-server start
Starting SWsoft control panels server…Duplicate config variable in conditional 0 global: var.sso_username
2011-04-14 05:48:16: (configfile.c.838) source: /usr/share/sw-cp-server/applications-conf.sh line: 72 pos: 11 parser failed somehow near here: (EOL)
2011-04-14 05:48:16: (configfile.c.838) source: /etc/sw-cp-server/config line: 13 pos: 1 parser failed somehow near here: (EOL)
Things to try
1. Check the number of the sw-sso packages installed on the server:
# rpm -qa |grep sw-sso

2. If this command shows 2 packages, the oldest version of the sw-sso package should be removed from the server.
# rpm -qa |grep sw-sso
sw-sso-2.2-r3488
sw-sso-2.7-11062309

If only one sw-sso package is installed do not remove it.
# rpm -e sw-sso-2.2-r3488

3. After removing the extra package, you should be able to start service on the sw-cp-server and access the control panel.

Repairing MySQL tables that will not open.

This should be handled on a case by case basis, but if you are using the default MySQL table type of MyISAM (which is the default storage engine unless changed or specified differently) here are a few options:

  1. The myisamchk utility can be run from a command line to checks, repairs, or optimizes tables. It is normally run while the database is not running. For more information about myisamchk visit the MySQL website.
  2. mysqlcheck is similar in function to myisamchk, but can be run while the database is running. For more information about
    mysqlcheck visit the MySQL website.
  3. If you login to the database, you can also run sql commands that might fix your problem.
    Examples:
    mysql> optimize table your-tablename;
    mysql> analyze table your-tablename;
    mysql> repair table your-tablename;

    For more information about
    table maintenance SQL visit the MySQL website.
  4. If you are getting MySQL error numbers and are not sure what they are. From a command line you can use the perror utility to lookup errors. For more info on perror visit the MySQL website.
    Examples:
    shell> perror 13 64
    Error code 13: Permission denied
    Error code 64: Machine is not on the network

How to change the default port for Plesk

It is not recommended to change the default Plesk port because it can break Plesk integration with other programs (like Plesk Expand or DrWeb).

Linux

To change the port Plesk listens on you will need to edit /usr/local/psa/admin/conf/httpsd.conf file and change the following directives to list the port you want Plesk to listen on:

Listen 8443
Port 8443
<VirtualHost *:8443>

You will need to restart Plesk afterwards and update the hardware object in the SoftLayer portal with the new port (Hardware > Click on Server name > Password Update / History)
Plesk cannot listen on any of the ports used for common services (21, 22, 23, 25, 53, 80, 110, 443 etc..).

Windows

Most Plesk installs will be using Apache by default. You will want to edit the Apache configuration file C:\Program Files\SWsoft\Plesk\admin\conf\httpd.conf

1.) Change the following line to list the port number you want Plesk to listen on
Listen 8443

2.) Restart Plesk Control Panel
You will need to restart Plesk afterwards and update the hardware object in the SoftLayer portal with the new port (Hardware > Click on Server name > Password Update / History)

Restarting Mail Enable through Plesk (Windows)

In order to restart the Mail server [Mail Enable], please use these steps. 

1) Login To Remote Desktop >> “Plesk Services Monitor” [ Right side in the task bar] >> Check the box “Mail Server” >> Click on Restart.

OR

2) Login To Remote Desktop >> Start >> Run >> type ” services.msc ”

From here, you have restart the Mail Enable [ Mail Server] services such as:
Mail Enable List Connector
Mail Enable Mail Transfer Agent
Mail Enable POP service
Mail Enable PostOffice Connector
Mail Enable SMTP Connector

Right Click on it and press Restart.

Cannot install binary packages using pkg_addCannot install binary packages using pkg_add

Failure to install binary packages in older FreeBSD versions using “pkg_add -r”.


Solution:

Add these lines to /etc/csh.cshrc (/etc/profile if you are using bash or sh):

[FreeBSD 4.x]
setenv PACKAGESITE ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/
setenv PACKAGELIST

[FreeBSD 5.x]
setenv PACKAGESITE ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-5-stable/Latest/
setenv PACKAGELIST