cPanel

DNS Cache Poisoning Test

by


Q. How do I verify that my ISP or my own recursive resolvers are free from DNS cache poisoning bug that is promised full disclosure of the flaw by Dan on August 7 at the Black Hat conference? How do I test my dns server for DNS cache pollution or DNS Cache Poisoning bug?

A. DNS cache poisoning (also known as DNS cache pollution) is a maliciously created or unintended situation that provides data to a Domain Name Server that did not originate from authoritative DNS sources. It occur if DNS “spoofing attack” has been encountered. An attacker will send malicious data / non-secure data in response to a DNS query. For example dns query for www.linuxbabu.net can be redirected to www.redhat.com.

how do I find out if my DNS server is open to such attack or not?

Visit Dan Kaminsky java script page to check your DNS

You can also use following command dig command, enter:
$ dig +short @{name-server-ip} porttest.dns-oarc.net txt
$ dig +short @ns1.example.com porttest.dns-oarc.net txt
$ dig +short @208.67.222.222 porttest.dns-oarc.net txtSample output:

z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"208.67.222.222 is GOOD: 26 queries in 0.1 seconds from 26 ports with std dev 17746.18"

Another test,
$ dig +short @125.22.47.125 porttest.dns-oarc.net txtOutput:

z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"125.22.47.139 is POOR: 42 queries in 8.4 seconds from 1 ports with std dev 0.00"


FIX :

Run yum update
yum updateOpen named.conf file and comment out following two lines:
query-source port 53;
query-source-v6 port 53;Make sure recursion is limited to your LAN only. Set ACL. Restart bind to take effect:
rndc reload 

service named restart


Problems with LWP and access to https URL’s : 500 read failed: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

by
If you’re using perl scripts on your server that use LWP and suddenly find them failing with connections to https resources with the following type error:


500 read failed: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

then you’ve probably got LWP v5.811 installed which breaks SSL connections! The author fixed the problem he created after about two days with v5.812 but the damage was done on many servers. cPanel have put a hold back on cpan module updates for LWP to v5.810 but if your servers already upgraded LWP then you’ll need to either upgrade it manually from the cpan source to v5.812 or downgrade to v5.810.

Downgrading LWP:

wget http://search.cpan.org/CPAN/authors/id/G/GA/GAAS/libwww-perl-5.810.tar.gz
tar -xzf libwww-perl-5.810.tar.gz
cd libwww-perl-5.810
perl Makefile.PL
make
(take the default options unless you want to additional binaries installed)
make install

OR

Easier Way is to upgrade using cpan

Upgrading LWP:

# cpan
CPAN: File::HomeDir loaded ok (v0.80)
Exiting subroutine via last at /usr/lib/perl5/5.8.8/CPAN.pm line 1450.
cpan>upgrade LWP
This should fix the error 🙂

HowTo :: make scripts available to all clients on your server

by


If you have Perl /cgi or Php scripts and you want to make them available to all clients on your server , add an Alias in



/etc/httpd/conf/httpd.conf

file pointing to a shared directory owned by root:wheel. This is how the cPanel achieves this with their cgi-sys shared scripts in /usr/local/cpanel/cgi-sys/



cPanel : WARNING: RVSiteBuilder recommend PHP maximum execution

by

RVSiteBuilder warning messages under WHM :

WARNING !!
WARNING: RVSiteBuilder recommend PHP maximum execution time of each script , in 180 seconds or above.
HELP: Edit /usr/local/cpanel/3rdparty/etc/php.ini and change “max_execution_time=180” or above, and restart cPanel service (/usr/local/cpanel/startup).

WARNING: RVSiteBuilder recommend maximum size of POST data 105M or above.
HELP: Edit /usr/local/cpanel/3rdparty/etc/php.ini and change “post_max_size=105M” or above, and restart cPanel service (/usr/local/cpanel/startup).

WARNING: RVSiteBuilder recommend maximum allowed size for uploaded files that PHP will accept 100M or above.
HELP: Edit /usr/local/cpanel/3rdparty/etc/php.ini and change “upload_max_filesize=100M” or above, and restart cPanel service (/usr/local/cpanel/startup).

Solution :

Execute using root logins :

perl /var/cpanel/rvglobalsoft/rvsitebuilder/panelmenus/cpanel/scripts/autofixphpini.pl

Restart cPanel :

/usr/local/cpanel/startup

If again you see the warnings after cPanel restart, manually change the values for PHP under WHM >> Tweak Settings.

PHP
PHP max execution time for cPanel PHP execution in seconds (default 90)
PHP Max Post Size for cPanel PHP in Megabytes (default 55M)
cPanel PHP Register Globals (Off [unchecked] is recommended for security reasons)
PHP Max Upload Size for cPanel PHP in Megabytes (default 50M)
Loader to use for internal cPanel PHP (Use oldsourceguardian for version 1.x and 2.x)
none


ioncube


sourceguardian


oldsourceguardian

This fixes your issue.

rvsitebuilder – 404 Not Found

by

If you get the next problem on rvsitebuilder running on a cpanel server:

Not Found

The server was not able to find the document
(./3rdparty/rvsitebuilder/index.php/sitebuilder/sitebuilderhome) you
requested.
Please check the url and try again. You might also want to report this
error to your webhost.

It should fix the problem to you:

Log in as root on your cpanel server and run these commands:

# rm -f /var/cpanel/rvglobalsoft/rvsitebuilder/var/INSTALL_COMPLETE.php
# rm -f /var/cpanel/rvglobalsoft/rvsitebuilder/rvsitebuilderversion.txt
# perl /usr/local/cpanel/whostmgr/docroot/cgi/rvsitebuilderinstaller/autoinstaller.cgi

OR

Simply run

perl /usr/local/cpanel/whostmgr/docroot/cgi/rvsitebuilderinstaller/autoinstaller.cgi

Open your WHM on a web browser, https://serverip:2087

And go to root WHM -> Plugins -> RVSiteBuilder

Assigning Name server IPs manually via SSH – cPanel

by

Currently cPanel will start with eth0 and work through eth1 when you assign nameservers to your IPs via WHM. Unfortunately, this will automatically choose your management IP range first, which of course are non-routable. There are two work-arounds for this:

1: Create a fake nameserver record on your private IPs, and add an A record for that nameserver to your DNS. This is the fastest option, but not the best.

2: SSH to your server and edit /etc/nameserverips manually. An example file is blelow:

10.x.x.x=0
128.177.x.x1=ns1.my_cpanel_nameserver.com
128.177.x.x2=ns2.my_cpanel_nameserver.com
128.177.x.x3=0
128.177.x.x4=0
128.177.x.x5=0

Just replace the ‘0’ after the ‘=’ with your nameserver name. In this example, the first IP (10.x.x.x) is the management IP, and not used for nameservers. The next two IPs are public and assigned to two nameservers. The last three are public and not in use.

How can I compress my CPanel domlogs log files?

by

Before setting up compression of your logs you will want to have cpanel run the stats as often as possible. This is so you do not miss any stats that would have been included were your logs not compressed before stats run.

To do this, login to WHM, and click on Tweak Settings under Server Configuration in the left menu. Scroll down to Stats and Logs, and then in the field next to “Number of days between processing log files and bandwidth usage (default 1, decimal values are ok):” enter ‘.5’.

This will cause your logs to be run twice a day, and should allow you to have up to date stats.

After doing this, we can begin to setup your domlogs compression. You will need to open an ssh shell to your server to complete this.

Change directories to /etc/logrotate.d/ and find the file named httpd. You will need to copy this file to a new file in the same directory:

root@cpdemo [/etc/logrotate.d]# cp httpd domlogs
root@cpdemo [/etc/logrotate.d]# ls -la domlogs
-rw-r–r– 1 root root 390 Nov 8 21:26 domlogs
root@cpdemo [/etc/logrotate.d]#

Now you will want to edit your new file to contain the following:

/usr/local/apache/logs/*.com /usr/local/apache/logs/*.org /usr/local/apache/logs/*.net {
missingok
notifempty
size=200M
rotate 2
compress
sharedscripts
postrotate
/bin/kill -HUP `cat /usr/local/apache/logs/httpd.pid 2>/dev/null` 2> /dev/null || true
endscript
}

Just save your new file and you are done. Most linux distributions come default with a logrotate cronjob running nightly that will work with this configuration.

WHM shows all accounts as 0/unlimited quotas

by

There are many possible causes of this issue, however most relate to quotas being enabled on the filesystem itself.
Some ways to check the most common errors are:

Quotas enabled in the filesysem

By default, quoatas are enabled in the kernel on all SoftLayer Linux and FreeBSD kernels. If you’ve compiled/installed your own kernel, you’ll need to verify that quotas are enabled.

— FreeBSD systems will need to add “options QUOTA” to their kernel configuration and recompile. They will then need to add “enable_quotas=”YES”” to their /etc/rc.conf file.

— To enable quotas on a certain partition, one will need to modify the /etc/fstab file by adding usrquota (or grpquota if one desires the quota to pertain to an entire group rather than an individual user) to the options column (e.g. “LABEL=/home /home ext3 defaults,usrquota 0 0”).

[root@linux-test-server ~]# cat /etc/fstab
# This file is edited by fstab-sync – see ‘man fstab-sync’ for details
LABEL=/                 /                       ext3    defaults,usrquota        1 1
LABEL=/boot             /boot                   ext3    defaults        1 2
none                    /dev/pts                devpts  gid=5,mode=620  0 0
none                    /dev/shm                tmpfs   defaults        0 0
none                    /proc                   proc    defaults        0 0
none                    /sys                    sysfs   defaults        0 0
LABEL=SWAP-sda2         swap                    swap    pri=0,defaults        0 0
/usr/tmpDSK             /tmp                    ext3    defaults,noauto        0 0
/tmp             /var/tmp                    ext3    defaults,bind,noauto        0 0
[root@linux-test-server ~]#

— Once those entries are added, a reboot of the server should resolve the issue.

Run /scripts/fixquotas

Cpanel has it’s own tools to repair the quotas for it’s accounts. the command
#/scripts/fixquotas
run through ssh may resolve the issue.

Repquota

The command
#repquota -ua
will tell you if quotas are being reported for OS users at all.

Quotacheck

The command
#quotacheck -fv /home
will display the quotas for that filesystem, however the partition has to be unmounted first. It’s best to do this from Single User mode.

“IMPORTANT: do not ignore this email: The hostname resolves to . It should resolve to X.X.X.X”

by

A newly setup cPanel system may have a message such as the following show the first time that you login to WHM.

IMPORTANT: Do not ignore this email.
The hostname (hostname.server.com) resolves to . It should resolve to xx.xx.xx.xx. Please be sure to correct /etc/hosts as well as the 'A' entry in zone file for the domain.

Some are all of these problems can be caused by
/etc/resolv.conf being setup incorrectly. Please check this file if you
believe everything else is correct.


You may be able to automaticly correct this problem by using the 
'Add an A entry for your hostname' under 'Dns Functions' 
in your Web Host Manager

Here are the steps that you should work through to solve this issue.

  1. Follow the instructions that cPanel has provided by checking to see if you can solve this issue using WHM provided tools. Login to your server’s WHM (not cPanel) by going to https://[YOUR SERVER IP]:2087 in your web browser.
  2. You probably see the error now, go ahead and close it for now and scroll down the left hand Functions Menu until you find the heading ‘DNS Functions’. Click on ‘Add an A entry for your hostname’. WHM will try to analyze your hostname and then present you with a button to click that says Add the entry, go ahead and click on that. WHM should automatically try to add the relevant A record for your hostname to the DNS zone present on your system.
  3. Go ahead and logout and then log back in to WHM to see if the message returns. Look to the top of WHM to see the “Logout(root)” link. Optional Tip: If you don’t like logging into and then out of WHM while testing the fixes you can instead login to your server via SSH and whenever you are ready to test simply run the following command:
    root@myserver [~]# /scripts/ipcheck

    This command will send you an email immediately if your settings are still incorrect.

  4. Hopefully that worked, but if not, we should go ahead and edit your /etc/hosts file just in case. Login to your system via SSH. Use your favorite text editor to make sure that your /etc/hosts file looks something like this.
    root@myserver [~]# cat /etc/hosts
127.0.0.1              localhost
xx.xx.xx.xx            myserver.mydomain.com myserver

    If you would like more information on the structure of the hosts file type ‘man hosts’ as the structure of this file is outside of the scope of this document.

  5. Use your preferred method of checking for the message again. Has it returned? Are you sure that your server is using the proper resolvers? Make sure that your /etc/resolv.conf has the correct resolvers. Contact your server provider for the correct resolvers. People who are on Softlayers network can use :
    nameserver 10.0.80.11
nameserver 10.0.80.12
  6. If you are using SoftLayer’s name servers then login to our Portal and go to Public Network > dns and click to edit the domain in question. Simpy add an A record with your server’s main IP Address into the fields.If you are using some other name servers, you will need to contact the Administrator of that system to ask how you may add additional DNS Records.

Error 550 – “The recipient cannot be verified” – cPanel

by

On servers running cPanel, you may find that mail sent to valid users it bounced back by your mail server. The bounce back messages will be similar to the following.

PERM_FAILURE: SMTP Error (state 9): 550-"The recipient cannot be verified. 
Please check all recipients of this550 message to verify they are valid.
If this is occurring, you will need to check your exim_mainlog file for entries 
similar to the following.
H=(nf-out-0910.google.com) [IP] F=<[email protected]> rejected RCPT 
<emailAccount@domainName>: No Such User Here
If you are sure that email account does indeed exist, you will need to run the 
following commands to correct the issue.
/scripts/updateuserdomains
/scripts/mailperm 
You will then also need to check your /etc/localdomains file and verify that the 
domain name is present. Also verify that the DNS line in your 
/var/cpanel/user/username contains the domain as well.