Plesk Migration Manager is unable to connect to Plesk Agent installed on a remote server.

Source server has Plesk Migration agent installed. Plesk Migration Manager is installed on Plesk server. Plesk keeps displaying

Unable to upload scout: Unable to run migrmng: Unable to connect to remote host xxx.xxx.xxx.xxx. Please check if the remote server is available for connection and if the correct login and password are specified.

To successfully utilize Plesk Migration Manager it’s important to have the network setting configured correctly:

1. The following ports need to be open for PMM (add the required exceptions for firewall):

For PMM:tcp 6489 (by default or other custom)

For data transferring on Windows source servers:tcp 135tcp 139tcp 445udp 137udp 138

For data transferring on Linux source server:tcp: 22

2. Server’s network settings. “Client for Microsoft Networks” and “File and Printer Sharing for Microsoft Networks” must be present.

Start, Settings, Network Connections, Local Area Connection click Properties button. “Client for Microsoft Networks” and “File and Printer Sharing for Microsoft Networks” should be present. If they are not, they need to be installed.

You can test connection to server with PMM Agent using

Start, Run, type \\хxх.хxх.хxх.ххх\c$ and hit Enter

where xхх.xхх.хxх.ххх is the IP address of the source server.

And if “Network sharing” ports are opened you can access windows administrator’s share folders.

PVA troubleshooting.

Linux/Unix, Management Node:
PVA status: # pvamn status
PVA restart: # pvamn restart
PVA (Control Center) status: # pvacc status
PVA (Control Center) restart: # pvacc restart
Special config file: /opt/pva/mn/bin/pva.conf
[log_folder] – Location of log files, default: /var/log/pva
[etc_folder] – Location of config files, default: /var/opt/pva/mn/etc
To change log level, find vzagent.conf location in pva.conf and change , then restart pvamn
3 – INFO level
4 – DEBUG level
Installation logs: /var/log/pva/setup/
To collect PVA Report run: # /opt/pva/mn/bin/pvareport.sh
Linux/Unix, Slave node:
PVA status: # pvaagent status
PVA restart: # pvaagent restart
PVA (Power Panel) status: # pvapp status
PVA (Power Panel) restart: # pvapp restart
Special config file: /opt/pva/agent/bin/pva.conf
[log_folder] – Location of log files, default: /var/log/pva
[etc_folder] – Location of config files, default: /vz/pva/agent/etc
To change log level, find vzagent.conf location in pva.conf and change , then restart pvaagent
3 – INFO level
4 – DEBUG level
Installation logs: /var/log/pva/setup/
To collect PVA Report run: # /opt/pva/agent/bin/pvareport.sh

PhpMyAdmin Stuck at Login screen with no errors !

This is a possible issue when the path to save php_session is not correctly set :

The directory for storing session does not exists or php do not have sufficient rights to write to it.

To define the php_session directory simply add the following line to the php.ini :

session.save_path=”/tmp/php_session/”

And give write rights to the http server.

usually, the http server run as user daemon in group daemon. If it is the case, the following commands will make it :

chown -R :daemon /tmp/php_session

chmod -R g+wr /tmp/php_session

restart http server.

WHM locked out – cphulkd

cPHulk Brute Force Protection prevents malicious forces from trying to access your server’s services by guessing the login password for that service. BUT sometimes it becomes troublesome when you are accessing the cPanel with incorrect password and cPanel assuming you as attacker blocks you with below message :

—————————————————————————————
This account is currently locked out because a brute force attempt was detected. Please wait 10 minutes and try again. Attempting to login again will only increase this delay. If you frequently experience this problem, we recommend having your username changed to something less generic.
—————————————————————————————

To get out of such situation you can disable cphulkd protection :

login via ssh and disable cphulkd using the command below.

# /usr/local/cpanel/bin/cphulk_pam_ctl –disable

This should allow you to login to WHM and double check your cphulk settings.

You can view IP addresses that have been blocked via the WHM interface: WHM -> Security -> Security Center -> cPHulk Brute Force Protection in the Brutes table. On that screen, you can also customize brute force protection settings.

Flush DB will remove all blocked IPs:

WHM >>  Security Center >> cPHulk Brute Force Protection >> Click on Flush DB

Well the other way to this is to remove the IP’s blocked by cPHulk from its database .

ssh to the server login as root and type the following at the prompt

[root@server:] mysql

mysql> use cphulkd;

mysql>BACKUP TABLE  brutes TO ‘/path/to/backup/directory’;

mysql> SELECT * FROM brutes WHERE `IP`=’xxx.xxx.xxx.xxx’;

mysql> DELETE FROM brutes WHERE `IP`=’xxx.xxx.xxx.xxx’;

mysql>quit

🙂

How to access Plesk database

APPLIES TO:

  • Plesk for Windows

Answer

Plesk Database can be accessed by following steps below depending on the database provider are configured in current Plesk installation.

For MSSQL provider:

Database can be accessed using the following CLI command:

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\osql –E

Or Microsoft SQL Server Management Studio Express utility can be used.

For MySQL DB provider:

Execute the following commands in command prompt:

cd %plesk_dir%\Databases\MySQL\bin


mysql -P8306 -uadmin -p psa

For MS Access DB provider (JET):

You can find and use any utility for viewing MS Access(.mdb) database files:

E.g.

http://www.alexnolan.net/software/mdb_viewer_plus.htm


http://www.softpedia.com/get/Internet/Servers/Database-Utils/MDB-View.shtml

Plesk Database file is located in %plesk_dir%\admin\db\psa.mdb

Named rndc.key error when starting

When trying to restart named process after making modifications may end up in a corrupt rndc.key key and the error will show like this:

Sep 12 03:30:54 server named[23683]: /etc/rndc.key:1: configuring key ‘rndc-key’: bad base64 encoding
Sep 12 03:30:54 server named[23683]: loading configuration: bad base64 encoding
Sep 12 03:30:54 server named[23683]: exiting (due to fatal error)

A simple explanation to this is that the key got modified somehow might me some bug.
What to do about this? Well it is simple just check the /etc/rndc.conf file and copy the key from there(you will see the key in the first lines of the file) and replace the key that it is in /etc/rndc.key file and restart named process.


# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]

Windows integration notes

Make program default editor for a file type

Shift-right-click on a file of a type; this forces the ‘open with’. Click ‘Choose program’, find it, and select the checkbox that tells windows to always open files of this type.

Change IE ‘view source’ program

Folder:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\View Source Editor\Editor Name

has a default key that is the path to a program, e.g.

C:\Program Files\Notepad2\Notepad2.exe

Add to context menu for all files

Run regedit. Create the key:

HKEY_CLASSES_ROOT\*\shell\

…if it doesn’t exist. Choose a name that doesn’t exist under it, e.g. Notepad2, and create that as key, and a key under it called ‘command’:

HKEY_CLASSES_ROOT\*\shell\Notepad2
HKEY_CLASSES_ROOT\*\shell\Notepad2\command

Make the default value under the first what you want to appear in the menu and the second what you want it to run, e.g.

“Edit with Notepad2”
and
“C:\Program Files\Notepad2\Notepad2.exe” “%1”

…respectively.

DNS Cache Poisoning Test


Q. How do I verify that my ISP or my own recursive resolvers are free from DNS cache poisoning bug that is promised full disclosure of the flaw by Dan on August 7 at the Black Hat conference? How do I test my dns server for DNS cache pollution or DNS Cache Poisoning bug?

A. DNS cache poisoning (also known as DNS cache pollution) is a maliciously created or unintended situation that provides data to a Domain Name Server that did not originate from authoritative DNS sources. It occur if DNS “spoofing attack” has been encountered. An attacker will send malicious data / non-secure data in response to a DNS query. For example dns query for www.linuxbabu.net can be redirected to www.redhat.com.

how do I find out if my DNS server is open to such attack or not?

Visit Dan Kaminsky java script page to check your DNS

You can also use following command dig command, enter:
$ dig +short @{name-server-ip} porttest.dns-oarc.net txt
$ dig +short @ns1.example.com porttest.dns-oarc.net txt
$ dig +short @208.67.222.222 porttest.dns-oarc.net txt
Sample output:

z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"208.67.222.222 is GOOD: 26 queries in 0.1 seconds from 26 ports with std dev 17746.18"

Another test,
$ dig +short @125.22.47.125 porttest.dns-oarc.net txtOutput:

z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"125.22.47.139 is POOR: 42 queries in 8.4 seconds from 1 ports with std dev 0.00"


FIX :

Run yum update
yum updateOpen named.conf file and comment out following two lines:
query-source port 53;
query-source-v6 port 53;
Make sure recursion is limited to your LAN only. Set ACL. Restart bind to take effect:
rndc reload 

service named restart


error: stat of /var/log/cron failed: No such file or directory

Hi guys… Today I faced a issue with a new VPS installed with EZ template Centos 5.2. I was preparing the VPS with logwatch, apf and other security and got cron error under roots mail.

Cron errors shows log errors :

/etc/cron.daily/logrotate:

error: stat of /var/log/boot.log failed: No such file or directory
error: stat of /var/log/cron failed: No such file or directory

OR

You do not find log files updating

This was due to the syslog daemon not running. Check if the service is running and restart. Your server may have syslogd daemon on rsyslogd depending on your OS.

I had rsyslogd on Centos 5.2

# /etc/init.d/rsyslog status
rsyslogd is stopped
rklogd is stopped

# /etc/init.d/rsyslog start
Starting system logger: [ OK ]
Starting kernel logger: [ OK ]

Check if the service is being started at the starup :

 

# chkconfig –list | grep rsyslog
rsyslog 0:off 1:off 2:off 3:off 4:off 5:off 6:off

Use Command to enable the daemon at startup

# chkconfig rsyslog on

The log files were not being created due to the daemons stopped, after restart all started generating.

Cheers!

🙂

cPanel / APF – Passive FTP issue

The following web site will redirect you to a very well written article, which will cover the basics of “Passive vs Active” mode functions.

Active FTP vs. Passive FTP, a Definitive Explanation

After FTP connection has been made, The FTP server will generally choose a random port within a certain range to use and tell the client to connect to, but when the firewall is setup to block this port, the connection can not be made and the client times out. Error example below :

[14:55:16] PASV
[14:55:16] 227 Entering Passive Mode (74,86,43,171,13,209)
[14:55:16] Opening data connection to 74.86.43.171 Port: 3537
[14:55:16] LIST -aL
[14:55:37] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

Opening the ports on APF

The first step was to tell APF to have a range of ports open for passive FTP connections. You can put in any range you want as long as it doesn’t conflict with another service. For this we’re going to use the range of 35000-35500.

Will be using vi in this How-To. Please see the Basic Guide to Vim

cd /etc/apf; vi conf.apf

Find IG_UDP_CPORTS   and add passive ports 35000-35500 to look like :

IG_TCP_CPORTS=”20,21,22,25,26,53,80,110,143,161,443,465,623,993,995,2082,2083,2086

,2087,2095,2096,3306,3389,6666,35000_35500

Save the file and restart APF with

/etc/init.d/apf restart

Setting up the FTP Server (Pure-FTPD):

Now you need to tell PureFTPd to use those ports for passive connections. Open up the file /etc/pure-ftpd.conf in your editor and look for the following.

# PassivePortRange 30000 50000

Two things to note. One, the setting is commented out and two the range doesn’t match what we opened in APF. So change it to the following.

PassivePortRange 35000 35500

Restart the PureFTP server with

/etc/init.d/pure-ftpd restart

Test the connections and your are done !